Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

possible win32 heur virus


  • This topic is locked This topic is locked
15 replies to this topic

#1 angicx

angicx

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:beaumont, tx
  • Local time:05:58 PM

Posted 05 March 2010 - 11:11 PM

computer freezing up, not sure if it's windows or the computer or what. i got a blue screen saying windows had detected a problem; error msg saying "driver irql not less or equal.".
initially, avg antivirus detected win32 heur virus. also, while uninstalling something called "driver whiz", i found some leftover files from it having to do with something called "legacy_catch me", which i think is a virus or malware....
my computer kept freezing and i had to do hard reboot several times, then finally, it wouldn't make it past the windows load screen before freezing over and over, so i had to do a sys restore. i haven't had a problem since, but i don't know if the original problem is fixed or not since the date of the restore was after my original problem started.

one more thing. i've been doing research on the blue screen msg, "driver irql not less or equal", with an address of ar5211.sys. there's alot of info on it... i just can't figure out if any of it would help me. apparently it's well known and i'm reading that other computers with the problem are acting just like mine.. the general advice being given is to update or uninstall a driver (i've discovered it's an atheros wireless driver) or an intel acceleration program known to cause issues, but i don't want to start fidling with things i don't understand without help. i searched for the intel acceleration program and didn't find it, but i do have an intel graphics media acceleration driver.. is that the same thing or related? i read somewhere else where it could be that my ram is bad. is it possible my virus program got rid of my virus and what i have now is just a driver or ram related problem? im just curious, but i'm not working with any other techs and i won't make any more changes to the system as of now.
i did finally get the atheros driver updated tho. not sure if it fixed my problem.
i re-ran the logs after all of this, so they should be accurate. smile.gif

thanks in advance!
angi c


DDS (Ver_09-12-01.01) - NTFSx86
Run by Owner at 21:02:44.82 on Sat 03/06/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.159 [GMT -6:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\RtkBtMnt.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [CoolSwitch] c:\windows\system32\taskswitch.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [AzMixerSel] c:\program files\realtek\installshield\AzMixerSel.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
mPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-explorer: MaxRecentDocs = 18 (0x12)
mPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
mPolicies-explorer: NoRecentDocsNetHood = 1 (0x1)
mPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [2010-2-24 25608]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-2-24 161800]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-2-24 333192]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-2-24 28424]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-2-24 360584]
R2 avg9emc;AVG E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-2-24 906520]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-2-24 285392]
R2 avgfws9;AVG Firewall;c:\program files\avg\avg9\avgfws9.exe [2010-2-24 2304192]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2010-2-24 5832712]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-2-24 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSDriver.sys [2010-2-24 122376]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSFilter.sys [2010-2-24 30216]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSShim.sys [2010-2-24 25736]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-2-24 30104]

=============== Created Last 30 ================

2010-03-06 23:38:33 0 d-----w- c:\windows\system32\wbem\Repository
2010-03-06 22:24:47 262144 ----a-w- c:\windows\system32\default_user_class.dat
2010-03-06 21:54:27 0 d-----w- c:\docume~1\alluse~1\applic~1\Atheros
2010-03-06 03:26:29 0 ----a-w- c:\documents and settings\owner\defogger_reenable
2010-03-06 01:50:50 2264 ----a-w- c:\windows\system\S20H0220.csr
2010-03-06 01:50:50 2264 ----a-w- c:\windows\system\S20F0220.csr
2010-03-06 01:50:49 0 d-----w- c:\windows\Options
2010-03-06 01:30:22 0 d-----w- c:\program files\common files\Acer
2010-03-06 01:29:38 0 d-----w- c:\program files\common files\Logitech
2010-03-06 01:29:36 0 d-----w- c:\program files\Acer
2010-03-05 21:16:48 0 d-----w- c:\windows\system32\xircom
2010-03-05 21:16:48 0 d-----w- c:\windows\system32\wbem\snmp
2010-03-05 21:16:48 0 d-----w- c:\windows\system32\oobe
2010-03-05 21:16:48 0 d-----w- c:\windows\system32\inetsrv
2010-03-05 21:16:48 0 d-----w- c:\program files\windows nt
2010-03-05 21:16:48 0 d-----w- c:\program files\msn gaming zone
2010-03-05 21:16:28 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-03-05 21:16:05 0 d-----w- c:\program files\Trend Micro
2010-03-05 21:16:02 0 d-----w- c:\windows\system32\appmgmt
2010-03-05 21:16:02 0 d-----w- c:\windows\SxsCaPendDel
2010-03-05 21:15:44 0 d-----w- c:\docume~1\alluse~1\applic~1\PopCap Games
2010-03-05 21:15:12 0 d-----w- c:\program files\uTorrent
2010-03-02 23:13:15 98816 ----a-w- c:\windows\sed.exe
2010-03-02 23:13:15 77312 ----a-w- c:\windows\MBR.exe
2010-03-02 23:13:15 261632 ----a-w- c:\windows\PEV.exe
2010-03-02 23:13:15 161792 ----a-w- c:\windows\SWREG.exe
2010-03-02 18:18:14 0 d-----w- c:\program files\SUPERAntiSpyware
2010-03-02 18:18:14 0 d-----w- c:\docume~1\owner\applic~1\SUPERAntiSpyware.com
2010-03-02 00:34:09 0 d-----w- c:\docume~1\alluse~1\applic~1\Turbine
2010-03-02 00:33:58 0 d-----w- c:\program files\Turbine
2010-03-01 22:44:25 0 d-----w- c:\program files\VS Revo Group
2010-02-28 17:44:40 0 d-----w- c:\program files\Darkeden
2010-02-28 05:29:49 0 d-----w- c:\docume~1\owner\applic~1\GetRightToGo
2010-02-28 05:17:19 0 ----a-w- c:\windows\popcreg.dat
2010-02-28 05:17:19 0 ----a-w- c:\windows\popcinfot.dat
2010-02-28 04:44:54 100 ----a-w- c:\windows\dinksmallwood.ini
2010-02-28 02:28:53 0 d-----w- c:\program files\PopCap Games
2010-02-27 18:51:45 0 d-----w- c:\program files\Knytt
2010-02-27 18:45:58 0 d-----w- c:\program files\Dink Smallwood
2010-02-27 00:49:51 719872 ----a-w- c:\windows\system32\bubbloids.scr
2010-02-27 00:49:51 35 ----a-w- c:\windows\brassi.dat
2010-02-26 23:45:43 90112 ----a-w- c:\windows\system32\Rain Screensaver.scr
2010-02-26 23:45:43 824 ----a-w- c:\windows\unins000.dat
2010-02-26 23:45:43 673546 ----a-w- c:\windows\unins000.exe
2010-02-26 23:07:17 0 d-----w- c:\docume~1\owner\applic~1\uTorrent
2010-02-26 22:34:49 163208 ----a-w- c:\windows\Ahriman's Prophecy Uninstaller.exe
2010-02-26 22:34:43 0 d-----w- c:\program files\Ahriman's Prophecy
2010-02-26 16:54:19 356352 ----a-w- c:\windows\EMCRI.dll
2010-02-26 16:48:16 74752 ----a-w- c:\windows\system32\drivers\ESM7SK.sys
2010-02-26 16:48:16 61056 ----a-w- c:\windows\system32\drivers\EMS7SK.sys
2010-02-26 16:48:16 40064 ----a-w- c:\windows\system32\drivers\ESD7SK.sys
2010-02-26 06:16:05 0 d-----w- c:\docume~1\owner\applic~1\Malwarebytes
2010-02-26 06:16:00 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-26 06:15:58 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-02-26 06:15:57 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-26 06:15:57 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-26 05:18:00 199776 ----a-w- c:\windows\system32\drivers\SynTP.sys
2010-02-26 05:18:00 196608 ----a-w- c:\windows\system32\SynCtrl.dll
2010-02-26 05:18:00 163840 ----a-w- c:\windows\system32\SynCOM.dll
2010-02-26 05:18:00 143360 ----a-w- c:\windows\system32\SynTPAPI.dll
2010-02-26 05:18:00 110592 ----a-w- c:\windows\system32\SynTPCo4.dll
2010-02-26 05:17:59 0 d-----w- c:\program files\Synaptics
2010-02-26 04:06:06 0 d-----w- c:\windows\pss
2010-02-26 03:30:47 75776 ------w- c:\windows\system32\dllcache\strmfilt.dll
2010-02-26 03:30:47 265728 ------w- c:\windows\system32\dllcache\http.sys
2010-02-26 03:30:47 25088 ------w- c:\windows\system32\dllcache\httpapi.dll
2010-02-26 03:30:29 354816 ------w- c:\windows\system32\dllcache\winhttp.dll
2010-02-26 00:40:20 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-02-25 17:18:24 58880 ------w- c:\windows\system32\dllcache\atl.dll
2010-02-25 17:10:14 0 d-----w- c:\windows\ie8updates
2010-02-25 17:09:44 0 d--h--w- c:\windows\$hf_mig$
2010-02-25 04:25:41 79872 ------w- c:\windows\system32\dllcache\raschap.dll
2010-02-25 04:25:34 1435648 ------w- c:\windows\system32\dllcache\query.dll
2010-02-25 04:25:21 33280 ------w- c:\windows\system32\dllcache\csrsrv.dll
2010-02-25 04:25:09 474112 ------w- c:\windows\system32\dllcache\shlwapi.dll
2010-02-25 04:24:25 134144 ------w- c:\windows\system32\dllcache\wkssvc.dll
2010-02-25 04:24:15 247326 ------w- c:\windows\system32\dllcache\strmdll.dll
2010-02-25 04:24:07 346112 ------w- c:\windows\system32\dllcache\localspl.dll
2010-02-25 04:24:04 0 d-----w- C:\$AVG
2010-02-25 04:23:47 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-02-25 04:23:47 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-02-25 04:23:47 12464 ----a-w- c:\windows\system32\avgrsstx(2)(2).dll
2010-02-25 04:23:45 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-02-25 04:23:40 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-02-25 04:23:20 0 d-----w- c:\windows\system32\drivers\Avg
2010-02-25 04:23:14 0 d-----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2010-02-25 04:23:02 25608 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2010-02-25 04:22:52 58880 ------w- c:\windows\system32\dllcache\msasn1.dll
2010-02-25 04:22:42 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2010-02-25 04:22:42 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2010-02-25 04:22:42 0 d-----w- c:\program files\AVG
2010-02-25 04:22:38 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2010-02-25 04:22:26 17920 ------w- c:\windows\system32\dllcache\msyuv.dll
2010-02-25 04:22:25 1291776 ------w- c:\windows\system32\dllcache\quartz.dll
2010-02-25 04:22:11 0 d-sh--w- c:\documents and settings\owner\IECompatCache
2010-02-25 04:21:30 270336 ------w- c:\windows\system32\dllcache\oakley.dll
2010-02-25 04:20:31 8704 ------w- c:\windows\system32\dllcache\tsbyuv.dll
2010-02-25 04:20:31 84992 ------w- c:\windows\system32\dllcache\avifil32.dll
2010-02-25 04:20:31 48128 ------w- c:\windows\system32\dllcache\iyuv_32.dll
2010-02-25 04:20:31 28672 ------w- c:\windows\system32\dllcache\msvidc32.dll
2010-02-25 04:20:31 11264 ------w- c:\windows\system32\dllcache\msrle32.dll
2010-02-25 04:20:13 585216 ------w- c:\windows\system32\dllcache\rpcrt4.dll
2010-02-25 04:19:42 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll
2010-02-25 04:10:19 353792 ------w- c:\windows\system32\dllcache\srv.sys
2010-02-25 03:59:43 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-02-25 03:59:43 1206508 ------w- c:\windows\system32\dllcache\sysmain.sdb
2010-02-25 03:59:20 92928 ------w- c:\windows\system32\dllcache\ksecdd.sys
2010-02-25 03:59:20 56832 ------w- c:\windows\system32\dllcache\secur32.dll
2010-02-25 03:59:20 54272 ------w- c:\windows\system32\dllcache\wdigest.dll
2010-02-25 03:59:20 147456 ------w- c:\windows\system32\dllcache\schannel.dll
2010-02-25 03:59:20 136704 ------w- c:\windows\system32\dllcache\msv1_0.dll
2010-02-25 03:59:19 301568 ------w- c:\windows\system32\dllcache\kerberos.dll
2010-02-25 03:56:23 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2010-02-25 03:56:23 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2010-02-25 03:56:18 2067968 ------w- c:\windows\system32\dllcache\mstscax.dll
2010-02-25 03:55:36 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2010-02-25 03:55:26 456832 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-02-25 03:55:15 128512 ------w- c:\windows\system32\dllcache\dhtmled.ocx
2010-02-25 03:54:28 1447424 ------w- c:\windows\system32\dllcache\msxml6.dll
2010-02-25 03:54:28 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll
2010-02-25 03:43:40 2189312 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-02-25 03:43:40 2145280 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-02-25 03:43:39 2023936 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-02-25 03:42:25 726528 ------w- c:\windows\system32\dllcache\jscript.dll
2010-02-25 03:39:22 268648 ----a-w- c:\windows\system32\mucltui.dll
2010-02-25 03:39:22 208744 ----a-w- c:\windows\system32\muweb.dll
2010-02-25 03:39:21 0 d-----w- c:\windows\system32\SoftwareDistribution
2010-02-25 03:39:20 213528 ----a-w- c:\windows\system32\wuaucpl.cpl
2010-02-24 16:03:22 139264 ----a-w- c:\windows\system32\igfxres.dll
2010-02-24 15:59:58 146650 ----a-w- c:\windows\system32\BuzzingBee.wav
2010-02-24 15:59:57 940794 ----a-w- c:\windows\system32\LoopyMusic.wav
2010-02-24 15:59:56 2944 ----a-w- c:\windows\system32\drivers\drmkaud.sys
2010-02-24 15:59:55 172416 ----a-w- c:\windows\system32\drivers\kmixer.sys
2010-02-24 15:59:53 52864 ----a-w- c:\windows\system32\drivers\DMusic.sys
2010-02-24 15:59:51 56576 ----a-w- c:\windows\system32\drivers\swmidi.sys
2010-02-24 15:59:50 142592 ------w- c:\windows\system32\drivers\aec.sys
2010-02-24 15:59:48 6272 ----a-w- c:\windows\system32\drivers\splitter.sys
2010-02-24 15:59:46 60800 ----a-w- c:\windows\system32\drivers\sysaudio.sys
2010-02-24 15:59:44 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys
2010-02-24 15:59:36 0 d-----w- c:\windows\system32\Lang
2010-02-24 15:58:17 40960 ----a-w- c:\windows\system32\ChCfg.exe
2010-02-24 15:58:17 135168 ----a-w- c:\windows\system32\RtlCPAPI.dll
2010-02-24 15:57:47 0 d-----w- c:\program files\Realtek
2010-02-24 15:56:20 0 d-----w- c:\program files\CONEXANT
2010-02-24 15:55:27 988800 ----a-w- c:\windows\system32\drivers\HSF_DPV.sys
2010-02-24 15:55:27 94208 ----a-w- c:\windows\system32\mdmxsdk.dll
2010-02-24 15:55:27 730112 ----a-w- c:\windows\system32\drivers\HSF_CNXT.sys
2010-02-24 15:55:27 209664 ----a-w- c:\windows\system32\drivers\HSFHWAZL.sys
2010-02-24 15:55:27 176128 ----a-w- c:\windows\system32\UCI32M16.dll
2010-02-24 15:55:27 144201 ----a-w- c:\windows\system32\drivers\HSFProf.cty
2010-02-24 15:55:27 12672 ----a-w- c:\windows\system32\drivers\mdmxsdk.sys
2010-02-24 15:53:15 0 d-----w- c:\windows\system32\ReinstallBackups
2010-02-24 14:15:17 0 d-sh--w- c:\documents and settings\owner\PrivacIE
2010-02-24 05:07:28 0 d-----w- c:\program files\MediaLooks
2010-02-24 05:07:21 0 d-----w- c:\program files\QuickTime Alternative
2010-02-24 05:07:01 0 d-----w- c:\program files\K-Lite Codec Pack
2010-02-24 05:06:56 0 d-----w- c:\program files\Foxit Software
2010-02-24 05:06:56 0 d-----w- c:\docume~1\owner\applic~1\Foxit
2010-02-24 05:06:51 0 d-----w- c:\program files\Unlocker
2010-02-24 05:06:32 0 d-----w- c:\windows\Downloaded Installations
2010-02-24 05:06:27 0 d-----w- c:\program files\UPHClean
2010-02-24 05:06:21 0 d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-02-24 05:06:11 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-02-24 05:06:11 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-24 05:02:33 0 d-----w- c:\windows\system32\XPSViewer
2010-02-24 05:00:19 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-02-24 05:00:19 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-02-24 05:00:19 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2010-02-24 05:00:14 117760 ------w- c:\windows\system32\prntvpt.dll
2010-02-24 05:00:11 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-02-24 05:00:10 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-02-24 04:54:33 0 d-sh--w- c:\documents and settings\all users\DRM
2010-02-24 04:54:12 0 d--h--w- c:\program files\WindowsUpdate
2010-02-24 04:53:52 0 d-----w- c:\program files\Windows Media Connect 2
2010-02-24 04:53:27 0 d-----w- c:\program files\common files\MSSoap
2010-02-24 04:50:52 0 d-----w- c:\program files\MSXML 4.0
2010-02-23 22:41:53 0 d-----w- c:\program files\common files\ODBC
2010-02-23 22:41:48 0 d-----w- c:\program files\common files\SpeechEngines
2010-02-23 22:39:01 0 d-----r- c:\documents and settings\all users\Documents

==================== Find3M ====================

2010-02-24 04:52:06 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-12-21 13:19:18 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-09 05:52:36 2189312 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-09 05:10:32 2066176 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-09 05:10:32 2066176 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe

============= FINISH: 21:03:28.60 ===============

Attached Files


Edited by angicx, 06 March 2010 - 10:38 PM.


BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,243 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:58 AM

Posted 09 March 2010 - 07:26 AM

Hello ,
And welcome.gif to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • GMER log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 angicx

angicx
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:beaumont, tx
  • Local time:05:58 PM

Posted 09 March 2010 - 02:44 PM

as of lately, my computer still freezes on occasion, and when it does, i can't move my mouse pointer. it still occasionaly freezes during a re-boot. i haven't seen the blue screen lately, but just today when i turned my computer on, when it got to my desktop, a window came up saying, "windows recovered from a serious error" and was followed by several numbers and letters, then it had a button labled tech info. there were two files there that started with c:\\docume~. i meant to write them down, but hit the darn button too soon. i'm sorry, i will write it down if it happens again.
my comp also takes forever to respond when i try and go from one task to another or hit the "turn of computer" button under the start menu, then it takes a long time to shut down. i even get the "wait" icon on my pointer right now between every letter as i'm trying to type. another thing, my avg usually shows up as running in my lower tool bar, but it doesn't anymore. if i open the program from the icon on my desktop, it shows everything as active, but i'm not sure why it's disappeared down below.sometimes my internet won't connect either and there shouldn't be any problem there becasue i'm using unlimited wifi. if i click on repair under the networks tab it usually fixes it, but i'm not sure why it's acting up to befin with.

here's my original problem, in case it's still pertinant since nothings been done to fix anything since it all started, except i did update my wifi driver to the current athero version.

"computer freezing up, not sure if it's windows or the computer or what. i got a blue screen saying windows had detected a problem; error msg saying "driver irql not less or equal.".
initially, avg antivirus detected win32 heur virus. also, while uninstalling something called "driver whiz", i found some leftover files from it having to do with something called "legacy_catch me", which i think is a virus or malware....
my computer kept freezing and i had to do hard reboot several times, then finally, it wouldn't make it past the windows load screen before freezing over and over, so i had to do a sys restore. i haven't had a problem since, but i don't know if the original problem is fixed or not since the date of the restore was after my original problem started.

one more thing. i've been doing research on the blue screen msg, "driver irql not less or equal", with an address of ar5211.sys. there's alot of info on it... i just can't figure out if any of it would help me. apparently it's well known and i'm reading that other computers with the problem are acting just like mine.. the general advice being given is to update or uninstall a driver (i've discovered it's an atheros wireless driver) or an intel acceleration program known to cause issues, but i don't want to start fidling with things i don't understand without help. i searched for the intel acceleration program and didn't find it, but i do have an intel graphics media acceleration driver.. is that the same thing or related? i read somewhere else where it could be that my ram is bad. is it possible my virus program got rid of my virus and what i have now is just a driver or ram related problem? im just curious, but i'm not working with any other techs and i won't make any more changes to the system as of now.
i did finally get the atheros driver updated tho. not sure if it fixed my problem."


thanks in advance!
angi c

here's the logs.

OTL logfile created on: 3/9/2010 11:44:39 AM - Run 1
OTL by OldTimer - Version 3.1.35.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.00 Mb Total Physical Memory | 212.00 Mb Available Physical Memory | 42.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 54.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 56.24 Gb Free Space | 75.47% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ANONYMOUS
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/09 11:43:47 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2010/03/05 20:02:43 | 000,507,904 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\Owner\Local Settings\temp\RtkBtMnt.exe
PRC - [2010/02/24 22:23:07 | 001,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/02/24 22:23:07 | 000,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/02/24 22:23:07 | 000,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/02/24 22:23:03 | 002,304,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgfws9.exe
PRC - [2010/02/24 22:23:02 | 000,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/02/24 22:23:00 | 000,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/02/24 22:23:00 | 000,827,160 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe
PRC - [2010/02/24 22:22:59 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/02/24 22:22:56 | 005,832,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2009/04/20 12:17:01 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/04/27 14:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe
PRC - [2002/03/19 17:30:00 | 000,045,632 | ---- | M] () -- C:\WINDOWS\system32\TaskSwitch.exe


========== Modules (SafeList) ==========

MOD - [2010/03/09 11:43:47 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2009/04/20 12:16:40 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5705_x-ww_36cfed49\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/02/24 22:23:03 | 002,304,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgfws9.exe -- (avgfws9)
SRV - [2010/02/24 22:23:00 | 000,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/02/24 22:22:59 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/02/24 22:22:56 | 005,832,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2005/04/27 14:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean)


========== Driver Services (SafeList) ==========

DRV - [2010/02/24 22:23:47 | 000,161,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2010/02/24 22:23:45 | 000,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/02/24 22:23:40 | 000,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/02/24 22:23:39 | 000,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/02/24 22:23:02 | 000,025,608 | ---- | M] (AVG Technologies ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\AVGIDSxx.sys -- (AVGIDSErHrxpx)
DRV - [2010/02/24 22:22:58 | 000,122,376 | ---- | M] (AVG Technologies ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys -- (AVGIDSDriverxpx)
DRV - [2010/02/24 22:22:57 | 000,030,216 | ---- | M] (AVG Technologies ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys -- (AVGIDSFilterxpx)
DRV - [2010/02/24 22:22:57 | 000,025,736 | ---- | M] (AVG Technologies ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys -- (AVGIDSShimxpx)
DRV - [2010/02/24 22:22:42 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)
DRV - [2010/02/24 22:22:42 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)
DRV - [2008/04/14 06:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/12/13 04:21:56 | 000,547,904 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2007/01/30 11:12:06 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/12/22 11:56:44 | 000,988,800 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/12/22 11:56:00 | 000,209,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006/12/22 11:55:56 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006/10/23 17:51:04 | 000,199,776 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/06/28 16:25:24 | 004,304,384 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/06/16 19:17:38 | 000,074,752 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ESM7SK.sys -- (ESMCR)
DRV - [2006/06/16 19:17:38 | 000,040,064 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2006/06/16 19:17:36 | 000,061,056 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EMS7SK.sys -- (EMSCR)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1085031214-823518204-1644491937-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1085031214-823518204-1644491937-1003\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1085031214-823518204-1644491937-1003\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-1085031214-823518204-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/05 15:15:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/05 15:15:07 | 000,000,000 | ---D | M]

[2010/02/26 16:22:27 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2008/04/14 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-1085031214-823518204-1644491937-1003\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [CoolSwitch] C:\WINDOWS\system32\TaskSwitch.exe ()
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MaxRecentDocs = 18
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: verbosestatus = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1085031214-823518204-1644491937-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1085031214-823518204-1644491937-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1085031214-823518204-1644491937-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1085031214-823518204-1644491937-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.55.5.10 209.55.5.11
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/02/23 22:56:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/09 11:43:43 | 000,554,496 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/03/06 15:54:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Atheros
[2010/03/05 19:50:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\Options
[2010/03/05 19:30:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Acer
[2010/03/05 19:29:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logitech
[2010/03/05 19:29:36 | 000,000,000 | ---D | C] -- C:\Program Files\Acer
[2010/03/05 15:16:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2010/03/05 15:16:48 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2010/03/05 15:16:48 | 000,000,000 | ---D | C] -- C:\Program Files\windows nt
[2010/03/05 15:16:48 | 000,000,000 | ---D | C] -- C:\Program Files\outlook express
[2010/03/05 15:16:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2010/03/05 15:16:48 | 000,000,000 | ---D | C] -- C:\Program Files\netmeeting
[2010/03/05 15:16:48 | 000,000,000 | ---D | C] -- C:\Program Files\msn gaming zone
[2010/03/05 15:16:48 | 000,000,000 | ---D | C] -- C:\Program Files\movie maker
[2010/03/05 15:16:48 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2010/03/05 15:16:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2010/03/05 15:16:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/03/05 15:16:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\ApplicationHistory
[2010/03/05 15:16:05 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/03/05 15:16:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2010/03/05 15:16:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010/03/05 15:15:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Turbine,_Inc
[2010/03/05 15:15:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/03/05 15:15:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2010/03/05 15:15:36 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Owner\Application Data\IFViewer
[2010/03/05 15:15:12 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2010/03/05 14:55:42 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/03/02 18:52:59 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/03/02 18:36:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2010/03/02 17:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/03/02 17:13:15 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/03/02 17:13:15 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/03/02 17:13:15 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/03/02 17:13:15 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/03/02 17:13:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/03/02 17:12:28 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/03/02 16:29:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010/03/02 12:18:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
[2010/03/02 12:18:14 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/03/02 10:23:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/03/01 21:31:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Mozilla
[2010/03/01 21:30:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Dungeons and Dragons Online
[2010/03/01 21:26:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Turbine
[2010/03/01 18:34:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Turbine
[2010/03/01 18:33:58 | 000,000,000 | ---D | C] -- C:\Program Files\Turbine
[2010/03/01 17:32:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Eraser 6
[2010/03/01 16:44:25 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2010/03/01 15:23:15 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/02/28 11:44:40 | 000,000,000 | ---D | C] -- C:\Program Files\Darkeden
[2010/02/27 23:29:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Downloads
[2010/02/27 23:29:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\GetRightToGo
[2010/02/27 20:28:53 | 000,000,000 | ---D | C] -- C:\Program Files\PopCap Games
[2010/02/27 12:51:45 | 000,000,000 | ---D | C] -- C:\Program Files\Knytt
[2010/02/27 12:45:58 | 000,000,000 | ---D | C] -- C:\Program Files\Dink Smallwood
[2010/02/26 17:45:43 | 000,090,112 | ---- | C] (FalsinSoft) -- C:\WINDOWS\System32\Rain Screensaver.scr
[2010/02/26 17:07:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\uTorrent
[2010/02/26 16:34:43 | 000,000,000 | ---D | C] -- C:\Program Files\Ahriman's Prophecy
[2010/02/26 16:22:25 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/02/26 10:48:16 | 000,074,752 | ---- | C] (ENE Technology Inc.) -- C:\WINDOWS\System32\drivers\ESM7SK.sys
[2010/02/26 10:48:16 | 000,061,056 | ---- | C] (ENE Technology Inc.) -- C:\WINDOWS\System32\drivers\EMS7SK.sys
[2010/02/26 10:48:16 | 000,040,064 | ---- | C] (ENE Technology Inc.) -- C:\WINDOWS\System32\drivers\ESD7SK.sys
[2010/02/26 00:16:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2010/02/26 00:16:00 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/02/26 00:15:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/02/26 00:15:57 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/02/26 00:15:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/25 23:18:00 | 000,199,776 | ---- | C] (Synaptics, Inc.) -- C:\WINDOWS\System32\drivers\SynTP.sys
[2010/02/25 23:18:00 | 000,196,608 | ---- | C] (Synaptics, Inc.) -- C:\WINDOWS\System32\SynCtrl.dll
[2010/02/25 23:18:00 | 000,163,840 | ---- | C] (Synaptics, Inc.) -- C:\WINDOWS\System32\SynCOM.dll
[2010/02/25 23:18:00 | 000,143,360 | ---- | C] (Synaptics, Inc.) -- C:\WINDOWS\System32\SynTPAPI.dll
[2010/02/25 23:18:00 | 000,110,592 | ---- | C] (Synaptics, Inc.) -- C:\WINDOWS\System32\SynTPCo4.dll
[2010/02/25 23:17:59 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2010/02/25 22:06:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/02/25 21:30:47 | 000,265,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\http.sys
[2010/02/25 21:30:47 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\strmfilt.dll
[2010/02/25 21:30:47 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpapi.dll
[2010/02/25 21:30:29 | 000,354,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winhttp.dll
[2010/02/25 11:23:45 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/02/25 11:23:45 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/02/25 11:23:45 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/02/25 11:19:59 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2010/02/25 11:19:59 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2010/02/25 11:19:58 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2010/02/25 11:19:58 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2010/02/25 11:19:58 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2010/02/25 11:19:56 | 001,985,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2010/02/25 11:19:56 | 000,916,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2010/02/25 11:19:56 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2010/02/25 11:19:56 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2010/02/25 11:19:55 | 005,942,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2010/02/25 11:19:55 | 001,208,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2010/02/25 11:19:54 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2010/02/25 11:19:53 | 011,070,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2010/02/25 11:19:03 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tlntsess.exe
[2010/02/25 11:19:03 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\telnet.exe
[2010/02/25 11:18:24 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atl.dll
[2010/02/25 11:10:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/02/25 11:09:44 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2010/02/24 22:25:41 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\raschap.dll
[2010/02/24 22:25:34 | 001,435,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.dll
[2010/02/24 22:25:21 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\csrsrv.dll
[2010/02/24 22:25:09 | 000,474,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shlwapi.dll
[2010/02/24 22:24:25 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wkssvc.dll
[2010/02/24 22:24:15 | 000,247,326 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\strmdll.dll
[2010/02/24 22:24:07 | 000,346,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\localspl.dll
[2010/02/24 22:24:04 | 000,000,000 | ---D | C] -- C:\$AVG
[2010/02/24 22:23:47 | 000,161,800 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2010/02/24 22:23:47 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/02/24 22:23:47 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx(2)(2).dll
[2010/02/24 22:23:45 | 000,360,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/02/24 22:23:40 | 000,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/02/24 22:23:39 | 000,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/02/24 22:23:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010/02/24 22:23:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/02/24 22:23:02 | 000,025,608 | ---- | C] (AVG Technologies ) -- C:\WINDOWS\System32\drivers\AVGIDSxx.sys
[2010/02/24 22:22:52 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msasn1.dll
[2010/02/24 22:22:42 | 000,050,968 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgfwdx.dll
[2010/02/24 22:22:42 | 000,030,104 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgfwdx.sys
[2010/02/24 22:22:42 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/02/24 22:22:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/02/24 22:22:26 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msyuv.dll
[2010/02/24 22:22:11 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\IECompatCache
[2010/02/24 22:21:30 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oakley.dll
[2010/02/24 22:20:50 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/02/24 22:20:31 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avifil32.dll
[2010/02/24 22:20:31 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iyuv_32.dll
[2010/02/24 22:20:31 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msvidc32.dll
[2010/02/24 22:20:31 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msrle32.dll
[2010/02/24 22:20:31 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsbyuv.dll
[2010/02/24 22:20:13 | 000,585,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcrt4.dll
[2010/02/24 22:19:42 | 000,204,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswebdvd.dll
[2010/02/24 22:10:19 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2010/02/24 21:59:43 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010/02/24 21:59:20 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\schannel.dll
[2010/02/24 21:59:20 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msv1_0.dll
[2010/02/24 21:59:20 | 000,092,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksecdd.sys
[2010/02/24 21:59:20 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\secur32.dll
[2010/02/24 21:59:20 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdigest.dll
[2010/02/24 21:59:19 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kerberos.dll
[2010/02/24 21:56:23 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2010/02/24 21:56:23 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2010/02/24 21:56:18 | 002,067,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstscax.dll
[2010/02/24 21:55:26 | 000,456,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2010/02/24 21:54:28 | 001,447,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2010/02/24 21:54:28 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2010/02/24 21:48:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Macromedia
[2010/02/24 21:43:40 | 002,189,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2010/02/24 21:43:40 | 002,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2010/02/24 21:43:39 | 002,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2010/02/24 21:42:25 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jscript.dll
[2010/02/24 21:39:22 | 000,268,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2010/02/24 21:39:21 | 000,323,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll
[2010/02/24 21:39:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2010/02/24 21:39:20 | 000,561,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll
[2010/02/24 21:39:20 | 000,092,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cdm.dll
[2010/02/24 10:04:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Hardware Drivers
[2010/02/24 10:03:22 | 000,139,264 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxres.dll
[2010/02/24 10:01:36 | 002,318,336 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\iglicd32.dll
[2010/02/24 10:01:36 | 001,503,232 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxress.dll
[2010/02/24 10:01:36 | 000,524,288 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igldev32.dll
[2010/02/24 10:01:36 | 000,155,648 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrita.lrc
[2010/02/24 10:01:36 | 000,155,648 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrell.lrc
[2010/02/24 10:01:36 | 000,155,648 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrdeu.lrc
[2010/02/24 10:01:36 | 000,151,552 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrnld.lrc
[2010/02/24 10:01:36 | 000,151,552 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrfra.lrc
[2010/02/24 10:01:36 | 000,151,552 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxresp.lrc
[2010/02/24 10:01:36 | 000,147,456 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrptg.lrc
[2010/02/24 10:01:36 | 000,147,456 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrhun.lrc
[2010/02/24 10:01:36 | 000,143,360 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrrus.lrc
[2010/02/24 10:01:36 | 000,143,360 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrptb.lrc
[2010/02/24 10:01:36 | 000,143,360 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrplk.lrc
[2010/02/24 10:01:36 | 000,143,360 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrfin.lrc
[2010/02/24 10:01:36 | 000,143,360 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrcsy.lrc
[2010/02/24 10:01:36 | 000,143,360 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxpph.dll
[2010/02/24 10:01:36 | 000,139,264 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrtrk.lrc
[2010/02/24 10:01:36 | 000,139,264 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrsve.lrc
[2010/02/24 10:01:36 | 000,139,264 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrnor.lrc
[2010/02/24 10:01:36 | 000,139,264 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrenu.lrc
[2010/02/24 10:01:36 | 000,139,264 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrdan.lrc
[2010/02/24 10:01:36 | 000,139,264 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxdev.dll
[2010/02/24 10:01:36 | 000,131,072 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrtha.lrc
[2010/02/24 10:01:36 | 000,126,976 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrara.lrc
[2010/02/24 10:01:36 | 000,122,880 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrheb.lrc
[2010/02/24 10:01:36 | 000,114,688 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxzoom.exe
[2010/02/24 10:01:36 | 000,098,304 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrkor.lrc
[2010/02/24 10:01:36 | 000,098,304 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrjpn.lrc
[2010/02/24 10:01:36 | 000,094,208 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxext.exe
[2010/02/24 10:01:36 | 000,086,016 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxdo.dll
[2010/02/24 10:01:36 | 000,081,920 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrcht.lrc
[2010/02/24 10:01:36 | 000,081,920 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrchs.lrc
[2010/02/24 10:01:36 | 000,081,920 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxcpl.cpl
[2010/02/24 10:01:36 | 000,061,440 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxsrvc.dll
[2010/02/24 10:01:36 | 000,040,960 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxexps.dll
[2010/02/24 10:01:35 | 000,450,560 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxcfg.exe
[2010/02/24 10:01:35 | 000,238,650 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\ialmdev5.dll
[2010/02/24 10:01:35 | 000,121,467 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\ialmdnt5.dll
[2010/02/24 10:01:35 | 000,049,152 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\ialmrem.dll
[2010/02/24 10:01:35 | 000,045,694 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\ialmrnt5.dll
[2010/02/24 10:01:34 | 000,956,026 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\ialmdd5.dll
[2010/02/24 10:01:34 | 000,073,728 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\hccutils.dll
[2010/02/24 10:01:34 | 000,061,440 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\iAlmCoIn_v4543.dll
[2010/02/24 10:01:13 | 000,208,896 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NVUNINST.EXE
[2010/02/24 09:59:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Lang
[2010/02/24 09:57:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\RTCOM
[2010/02/24 09:57:53 | 000,146,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\portcls.sys
[2010/02/24 09:57:53 | 000,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys
[2010/02/24 09:57:49 | 002,879,488 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SkyTel.exe
[2010/02/24 09:57:49 | 000,364,544 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RtlUpd.exe
[2010/02/24 09:57:49 | 000,266,240 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RTSndMgr.Cpl
[2010/02/24 09:57:49 | 000,086,016 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SoundMan.exe
[2010/02/24 09:57:48 | 009,709,568 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTLCPL.exe
[2010/02/24 09:57:48 | 004,304,384 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.Sys
[2010/02/24 09:57:47 | 002,808,832 | ---- | C] (RealTek Semicoductor Corp.) -- C:\WINDOWS\alcwzrd.exe
[2010/02/24 09:57:47 | 002,158,592 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\MicCal.exe
[2010/02/24 09:57:47 | 000,299,008 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\ALSndMgr.Cpl
[2010/02/24 09:57:47 | 000,069,632 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\Alcmtr.exe
[2010/02/24 09:57:47 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2010/02/24 09:57:47 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2010/02/24 09:57:43 | 000,487,424 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RtlExUpd.dll
[2010/02/24 09:57:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010/02/24 09:56:20 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2010/02/24 09:55:27 | 000,988,800 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\HSF_DPV.sys
[2010/02/24 09:55:27 | 000,730,112 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\HSF_CNXT.sys
[2010/02/24 09:55:27 | 000,209,664 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\HSFHWAZL.sys
[2010/02/24 09:55:27 | 000,176,128 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\UCI32M16.dll
[2010/02/24 09:55:27 | 000,094,208 | ---- | C] (Conexant) -- C:\WINDOWS\System32\mdmxsdk.dll
[2010/02/24 09:53:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2010/02/24 09:53:13 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2010/02/24 08:20:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Adobe
[2010/02/24 08:15:17 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\PrivacIE
[2010/02/23 23:07:45 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Owner\My Documents\My Videos
[2010/02/23 23:07:28 | 000,000,000 | ---D | C] -- C:\Program Files\MediaLooks
[2010/02/23 23:07:26 | 000,090,112 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2010/02/23 23:07:26 | 000,057,344 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2010/02/23 23:07:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010/02/23 23:07:21 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime Alternative
[2010/02/23 23:07:09 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2010/02/23 23:07:09 | 000,185,920 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2010/02/23 23:07:09 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2010/02/23 23:07:09 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2010/02/23 23:07:07 | 001,294,336 | ---- | C] (HMS http://hp.vector.co.jp/authors/VA012897/) -- C:\WINDOWS\System32\vorbis.acm
[2010/02/23 23:07:07 | 000,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\WINDOWS\System32\lameACM.acm
[2010/02/23 23:07:07 | 000,287,744 | ---- | C] (Kristal StudioDFileDescription) -- C:\WINDOWS\System32\divxa32.acm
[2010/02/23 23:07:07 | 000,232,448 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\WINDOWS\System32\mp3fhg.acm
[2010/02/23 23:07:07 | 000,217,088 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll
[2010/02/23 23:07:07 | 000,118,784 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm
[2010/02/23 23:07:07 | 000,039,936 | ---- | C] (Disappearing Inc.) -- C:\WINDOWS\System32\huffyuv.dll
[2010/02/23 23:07:06 | 000,630,784 | ---- | C] (On2.com) -- C:\WINDOWS\System32\vp7vfw.dll
[2010/02/23 23:07:06 | 000,438,272 | ---- | C] (On2.com) -- C:\WINDOWS\System32\vp6vfw.dll
[2010/02/23 23:07:06 | 000,391,680 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\I263_32.drv
[2010/02/23 23:07:05 | 000,086,016 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\dpl100.dll
[2010/02/23 23:07:04 | 000,684,032 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx.dll
[2010/02/23 23:07:02 | 000,060,273 | ---- | C] (Open Source Software community project) -- C:\WINDOWS\System32\pthreadGC2.dll
[2010/02/23 23:07:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Real
[2010/02/23 23:07:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Real
[2010/02/23 23:07:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
[2010/02/23 23:07:01 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2010/02/23 23:06:59 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2010/02/23 23:06:56 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2010/02/23 23:06:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Foxit
[2010/02/23 23:06:51 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2010/02/23 23:06:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2010/02/23 23:06:27 | 000,000,000 | ---D | C] -- C:\Program Files\UPHClean
[2010/02/23 23:06:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2010/02/23 23:06:11 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2010/02/23 23:06:11 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/02/23 23:05:59 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/02/23 23:05:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Sun
[2010/02/23 23:02:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2010/02/23 23:02:33 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2010/02/23 23:02:25 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2010/02/23 23:02:07 | 000,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2010/02/23 23:00:19 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2010/02/23 23:00:19 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2010/02/23 23:00:14 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2010/02/23 23:00:11 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2010/02/23 23:00:10 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2010/02/23 22:58:12 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msrating.dll.mui
[2010/02/23 22:58:12 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mshta.exe.mui
[2010/02/23 22:58:11 | 001,241,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll.mui
[2010/02/23 22:58:11 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sqmapi.dll
[2010/02/23 22:58:11 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll.mui
[2010/02/23 22:58:11 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe.mui
[2010/02/23 22:57:56 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\My Documents\My Pictures
[2010/02/23 22:57:56 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\My Documents\My Music
[2010/02/23 22:57:56 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2010/02/23 22:57:42 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft
[2010/02/23 22:57:42 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Owner\Application Data\Microsoft
[2010/02/23 22:57:42 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\SendTo
[2010/02/23 22:57:42 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2010/02/23 22:57:42 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Application Data
[2010/02/23 22:57:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Start Menu
[2010/02/23 22:57:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\My Documents
[2010/02/23 22:57:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Favorites
[2010/02/23 22:57:42 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\IETldCache
[2010/02/23 22:57:42 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\Cookies
[2010/02/23 22:57:42 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Owner\Templates
[2010/02/23 22:57:42 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Owner\PrintHood
[2010/02/23 22:57:42 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Owner\NetHood
[2010/02/23 22:57:42 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Owner\Local Settings
[2010/02/23 22:57:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop
[2010/02/23 22:57:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/02/23 22:57:33 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2010/02/23 22:55:53 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/02/23 22:55:53 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/02/23 22:55:44 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mapi32.dll
[2010/02/23 22:55:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dllcache
[2010/02/23 22:54:33 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2010/02/23 22:54:19 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2010/02/23 22:54:19 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2010/02/23 22:54:12 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2010/02/23 22:53:52 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2010/02/23 22:53:34 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\atrace.dll
[2010/02/23 22:53:28 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icfgnt5.dll
[2010/02/23 22:53:28 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2010/02/23 22:53:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2010/02/23 22:53:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2010/02/23 22:53:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2010/02/23 22:53:12 | 000,194,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng1.dll
[2010/02/23 22:53:12 | 000,172,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauclt1.exe
[2010/02/23 22:53:12 | 000,035,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups.dll
[2010/02/23 22:53:11 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qmgrprxy.dll
[2010/02/23 22:53:11 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx2.dll
[2010/02/23 22:53:11 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2010/02/23 22:53:11 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx3.dll
[2010/02/23 22:53:10 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrslv.dll
[2010/02/23 22:53:10 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrcdlg.dll
[2010/02/23 22:53:10 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\racpldlg.dll
[2010/02/23 22:53:10 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrdm.dll
[2010/02/23 22:53:05 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fltMc.exe
[2010/02/23 22:53:04 | 000,239,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srrstr.dll
[2010/02/23 22:53:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2010/02/23 22:53:03 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstinit.exe
[2010/02/23 22:53:02 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcfg.dll
[2010/02/23 22:53:02 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\isign32.dll
[2010/02/23 22:53:02 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwdial.dll
[2010/02/23 22:53:02 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwphbk.dll
[2010/02/23 22:52:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2010/02/23 22:52:21 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2010/02/23 22:52:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010/02/23 22:51:56 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2010/02/23 22:51:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2010/02/23 22:51:14 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2010/02/23 22:51:06 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2010/02/23 22:51:01 | 000,581,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winUsbCoinstaller.dll
[2010/02/23 22:51:00 | 001,112,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WdfCoInstaller01007.dll
[2010/02/23 22:50:59 | 001,302,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WUDFUpdate_01007.dll
[2010/02/23 22:50:58 | 000,922,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imapi2fs.dll
[2010/02/23 22:50:58 | 000,426,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imapi2.dll
[2010/02/23 22:50:58 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\UMDF\wudfusbcciddriver.dll
[2010/02/23 22:50:57 | 000,192,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\SecProc_ssp_isv.dll
[2010/02/23 22:50:57 | 000,192,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\SecProc_ssp.dll
[2010/02/23 22:50:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRM
[2010/02/23 22:50:56 | 000,531,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\RmActivate_isv.exe
[2010/02/23 22:50:56 | 000,358,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\RmActivate_ssp.exe
[2010/02/23 22:50:56 | 000,354,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\RmActivate_ssp_isv.exe
[2010/02/23 22:50:55 | 000,523,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\RmActivate.exe
[2010/02/23 22:50:55 | 000,519,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\SecProc_isv.dll
[2010/02/23 22:50:54 | 000,518,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\SecProc.dll
[2010/02/23 22:50:54 | 000,323,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdrm.dll
[2010/02/23 22:50:53 | 000,088,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml4r.dll
[2010/02/23 22:50:52 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/02/23 22:50:40 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_4.dll
[2010/02/23 22:50:40 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_3.dll
[2010/02/23 22:50:40 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_2.dll
[2010/02/23 22:50:40 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_1.dll
[2010/02/23 22:50:40 | 000,061,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput9_1_0.dll
[2010/02/23 22:50:39 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_3.dll
[2010/02/23 22:50:39 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_2.dll
[2010/02/23 22:50:39 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_1.dll
[2010/02/23 22:50:39 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_0.dll
[2010/02/23 22:50:39 | 000,069,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_3.dll
[2010/02/23 22:50:38 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_2.dll
[2010/02/23 22:50:38 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_1.dll
[2010/02/23 22:50:38 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_3.dll
[2010/02/23 22:50:38 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_4.dll
[2010/02/23 22:50:38 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_2.dll
[2010/02/23 22:50:38 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_1.dll
[2010/02/23 22:50:38 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_0.dll
[2010/02/23 22:50:37 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_9.dll
[2010/02/23 22:50:37 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_8.dll
[2010/02/23 22:50:37 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_7.dll
[2010/02/23 22:50:37 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_6.dll
[2010/02/23 22:50:37 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_5.dll
[2010/02/23 22:50:37 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_0.dll
[2010/02/23 22:50:36 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_10.dll
[2010/02/23 22:50:36 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_4.dll
[2010/02/23 22:50:36 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_3.dll
[2010/02/23 22:50:36 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_2.dll
[2010/02/23 22:50:36 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_1.dll
[2010/02/23 22:50:35 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_0.dll
[2010/02/23 22:50:35 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_4.dll
[2010/02/23 22:50:35 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_3.dll
[2010/02/23 22:50:35 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_5.dll
[2010/02/23 22:50:35 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_6.dll
[2010/02/23 22:50:35 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_2.dll
[2010/02/23 22:50:35 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_1.dll
[2010/02/23 22:50:35 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_0.dll
[2010/02/23 22:50:32 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_41.dll
[2010/02/23 22:50:30 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_40.dll
[2010/02/23 22:50:27 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_39.dll
[2010/02/23 22:50:09 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_38.dll
[2010/02/23 22:50:05 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_37.dll
[2010/02/23 22:50:03 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_36.dll
[2010/02/23 22:50:02 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_35.dll
[2010/02/23 22:50:01 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_34.dll
[2010/02/23 22:49:59 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_33.dll
[2010/02/23 22:49:58 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_32.dll
[2010/02/23 22:49:57 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_31.dll
[2010/02/23 22:49:56 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_30.dll
[2010/02/23 22:49:56 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_29.dll
[2010/02/23 22:49:55 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_28.dll
[2010/02/23 22:49:54 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_27.dll
[2010/02/23 22:49:53 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_26.dll
[2010/02/23 22:49:52 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_25.dll
[2010/02/23 22:49:51 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_24.dll
[2010/02/23 22:49:51 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_39.dll
[2010/02/23 22:49:51 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_41.dll
[2010/02/23 22:49:51 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_40.dll
[2010/02/23 22:49:50 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_38.dll
[2010/02/23 22:49:50 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_37.dll
[2010/02/23 22:49:50 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_36.dll
[2010/02/23 22:49:50 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_35.dll
[2010/02/23 22:49:50 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_34.dll
[2010/02/23 22:49:49 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_41.dll
[2010/02/23 22:49:49 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_33.dll
[2010/02/23 22:49:48 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_40.dll
[2010/02/23 22:49:47 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_39.dll
[2010/02/23 22:49:47 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_38.dll
[2010/02/23 22:49:46 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_37.dll
[2010/02/23 22:49:46 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_36.dll
[2010/02/23 22:49:45 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_35.dll
[2010/02/23 22:49:44 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_34.dll
[2010/02/23 22:49:44 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_33.dll
[2010/02/23 22:49:33 | 000,142,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MicrosoftUpdateCatalogWebControl.dll
[2010/02/23 22:49:33 | 000,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2010/02/23 22:49:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2010/02/23 22:49:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/02/23 22:49:32 | 000,934,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WgaTray.exe.bak
[2010/02/23 22:49:32 | 000,239,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WgaLogon.dll.bak
[2010/02/23 22:49:32 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WgaTray.exe
[2010/02/23 22:49:32 | 000,026,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe
[2010/02/23 22:49:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2010/02/23 22:49:18 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\netfxperf.dll
[2010/02/23 22:49:13 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2010/02/23 22:48:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2010/02/23 22:48:51 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndvol32.exe
[2010/02/23 22:48:45 | 000,605,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\getuname.dll
[2010/02/23 22:48:45 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\calc.exe
[2010/02/23 22:48:45 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\charmap.exe
[2010/02/23 22:48:45 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tskill.exe
[2010/02/23 22:48:45 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\reset.exe
[2010/02/23 22:48:44 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\regini.exe
[2010/02/23 22:48:44 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qwinsta.exe
[2010/02/23 22:48:44 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msg.exe
[2010/02/23 22:48:44 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsshutdn.exe
[2010/02/23 22:48:44 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qappsrv.exe
[2010/02/23 22:48:44 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwinsta.exe
[2010/02/23 22:48:44 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\logoff.exe
[2010/02/23 22:48:44 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsdiscon.exe
[2010/02/23 22:48:44 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscon.exe
[2010/02/23 22:48:44 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\shadow.exe
[2010/02/23 22:48:44 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpcfgex.dll
[2010/02/23 22:48:43 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cdmodem.dll
[2010/02/23 22:48:36 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\accwiz.exe
[2010/02/23 22:48:36 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mplay32.exe
[2010/02/23 22:48:36 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\access.cpl
[2010/02/23 22:48:35 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clipbrd.exe
[2010/02/23 22:48:34 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2010/02/23 22:48:34 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll
[2010/02/23 22:48:34 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscfgwmi.dll
[2010/02/23 22:48:34 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2010/02/23 22:48:33 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdshost.exe
[2010/02/23 22:48:33 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdsaddin.exe
[2010/02/23 22:48:32 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdchost.dll
[2010/02/23 22:48:32 | 000,087,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpwsx.dll
[2010/02/23 22:48:32 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpclip.exe
[2010/02/23 22:48:32 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpsnd.dll
[2010/02/23 22:48:32 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qprocess.exe
[2010/02/23 22:48:32 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icaapi.dll
[2010/02/23 22:48:31 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcprx.dll
[2010/02/23 22:48:31 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcuiu.dll
[2010/02/23 22:48:31 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxoci.dll
[2010/02/23 22:48:31 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cfgbkend.dll
[2010/02/23 22:48:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2010/02/23 22:48:30 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtctm.dll
[2010/02/23 22:48:30 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtclog.dll
[2010/02/23 22:48:30 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xolehlp.dll
[2010/02/23 22:48:29 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comrepl.dll
[2010/02/23 22:48:29 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\colbact.dll
[2010/02/23 22:48:29 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxlegih.dll
[2010/02/23 22:48:29 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxdm.dll
[2010/02/23 22:48:29 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comaddin.dll
[2010/02/23 22:48:29 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dcomcnfg.exe
[2010/02/23 22:48:29 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxex.dll
[2010/02/23 22:48:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2010/02/23 22:48:28 | 000,625,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrvut.dll
[2010/02/23 22:48:28 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrv.dll
[2010/02/23 22:48:28 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clbcatex.dll
[2010/02/23 22:48:28 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrvps.dll
[2010/02/23 22:48:28 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\stclient.dll
[2010/02/23 22:48:27 | 001,267,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsvcs.dll
[2010/02/23 22:48:27 | 000,539,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comuid.dll
[2010/02/23 22:48:27 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsnap.dll
[2010/02/23 22:48:20 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\servdeps.dll
[2010/02/23 22:48:20 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmfutil.dll
[2010/02/23 22:48:19 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmprops.dll
[2010/02/23 22:48:19 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\licwmi.dll
[2010/02/23 22:48:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2010/02/23 16:46:11 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipsink.ax
[2010/02/23 16:45:44 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vfwwdm32.dll
[2010/02/23 16:45:44 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vidcap.ax
[2010/02/23 16:45:43 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksproxy.ax
[2010/02/23 16:45:43 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kswdmcap.ax
[2010/02/23 16:45:43 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kstvtune.ax
[2010/02/23 16:45:43 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksxbar.ax
[2010/02/23 16:45:43 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dshowext.ax
[2010/02/23 16:45:43 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksuser.dll
[2010/02/23 16:44:52 | 000,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\battc.sys
[2010/02/23 16:44:14 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\usbui.dll
[2010/02/23 16:41:54 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2010/02/23 16:41:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2010/02/23 16:41:48 | 000,000,000 | R--D | C] -- C:\Program Files
[2010/02/23 16:41:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2010/02/23 16:41:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2010/02/23 16:41:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2010/02/23 16:41:41 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CINTLGNT.IME
[2010/02/23 16:41:39 | 000,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TINTLGNT.IME
[2010/02/23 16:41:39 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winar30.ime
[2010/02/23 16:41:39 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\quick.ime
[2010/02/23 16:41:39 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\uniime.dll
[2010/02/23 16:41:39 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winime.ime
[2010/02/23 16:41:39 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\unicdime.ime
[2010/02/23 16:41:39 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\miniime.tpl
[2010/02/23 16:41:38 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\phon.ime
[2010/02/23 16:41:38 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dayi.ime
[2010/02/23 16:41:38 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\chajei.ime
[2010/02/23 16:41:38 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\romanime.ime
[2010/02/23 16:41:28 | 000,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\PINTLGNT.IME
[2010/02/23 16:41:24 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WINZM.IME
[2010/02/23 16:41:24 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WINSP.IME
[2010/02/23 16:41:23 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\c_g18030.dll
[2010/02/23 16:41:23 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WINPY.IME
[2010/02/23 16:41:23 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WINGB.IME
[2010/02/23 16:41:21 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdibm02.dll
[2010/02/23 16:41:21 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\f3ahvoas.dll
[2010/02/23 16:41:21 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlk41a.dll
[2010/02/23 16:41:21 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlk41j.dll
[2010/02/23 16:41:21 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdax2.dll
[2010/02/23 16:41:21 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd106n.dll
[2010/02/23 16:41:21 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101.dll
[2010/02/23 16:41:20 | 000,811,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imjp81k.dll
[2010/02/23 16:41:20 | 000,340,023 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imjp81.ime
[2010/02/23 16:40:49 | 001,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\chsbrkr.dll
[2010/02/23 16:40:49 | 000,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\chtbrkr.dll
[2010/02/23 16:40:47 | 001,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msir3jp.lex
[2010/02/23 16:40:47 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\korwbrkr.dll
[2010/02/23 16:40:46 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msir3jp.dll
[2010/02/23 16:40:20 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101a.dll
[2010/02/23 16:40:05 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnecAT.dll
[2010/02/23 16:40:05 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnecNT.dll
[2010/02/23 16:40:05 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnec95.dll
[2010/02/23 16:39:32 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\c_is2022.dll
[2010/02/23 16:39:31 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdjpn.dll
[2010/02/23 16:39:31 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkor.dll
[2010/02/23 16:39:31 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd106.dll
[2010/02/23 16:39:31 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101c.dll
[2010/02/23 16:39:31 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101b.dll
[2010/02/23 16:39:31 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd103.dll
[2010/02/23 16:39:28 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtuq.dll
[2010/02/23 16:39:28 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtuf.dll
[2010/02/23 16:39:28 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdazel.dll
[2010/02/23 16:39:26 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbduzb.dll
[2010/02/23 16:39:26 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtat.dll
[2010/02/23 16:39:26 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdmon.dll
[2010/02/23 16:39:26 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkyr.dll
[2010/02/23 16:39:26 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkaz.dll
[2010/02/23 16:39:26 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdaze.dll
[2010/02/23 16:39:25 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdycc.dll
[2010/02/23 16:39:25 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdur.dll
[2010/02/23 16:39:25 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdru1.dll
[2010/02/23 16:39:25 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdru.dll
[2010/02/23 16:39:25 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbu.dll
[2010/02/23 16:39:25 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdblr.dll
[2010/02/23 16:39:24 | 000,008,192 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhept.dll
[2010/02/23 16:39:24 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhela3.dll
[2010/02/23 16:39:24 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhela2.dll
[2010/02/23 16:39:24 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdgkl.dll
[2010/02/23 16:39:24 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe319.dll
[2010/02/23 16:39:24 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe220.dll
[2010/02/23 16:39:23 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe.dll
[2010/02/23 16:39:22 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlv1.dll
[2010/02/23 16:39:22 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlv.dll
[2010/02/23 16:39:22 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdest.dll
[2010/02/23 16:39:22 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlt1.dll
[2010/02/23 16:39:22 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlt.dll
[2010/02/23 16:39:20 | 000,007,168 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz.dll
[2010/02/23 16:39:20 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdycl.dll
[2010/02/23 16:39:20 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsl1.dll
[2010/02/23 16:39:20 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsl.dll
[2010/02/23 16:39:20 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpl.dll
[2010/02/23 16:39:20 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhu.dll
[2010/02/23 16:39:20 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz2.dll
[2010/02/23 16:39:20 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz1.dll
[2010/02/23 16:39:20 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcr.dll
[2010/02/23 16:39:20 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\KBDAL.DLL
[2010/02/23 16:39:20 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdro.dll
[2010/02/23 16:39:20 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpl1.dll
[2010/02/23 16:39:20 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhu1.dll
[2010/02/23 16:39:14 | 000,176,157 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dgrpsetu.dll
[2010/02/23 16:39:14 | 000,103,424 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\EqnClass.Dll
[2010/02/23 16:39:14 | 000,085,020 | ---- | C] (Digi International) -- C:\WINDOWS\System32\dgsetup.dll
[2010/02/23 16:39:14 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2010/02/23 16:39:14 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2010/02/23 16:39:13 | 000,126,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MSVIDEO.DLL
[2010/02/23 16:39:13 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\OLECLI.DLL
[2010/02/23 16:39:13 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\OLESVR.DLL
[2010/02/23 16:39:13 | 000,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\TAPI.DLL
[2010/02/23 16:39:13 | 000,013,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\WFWNET.DRV
[2010/02/23 16:39:13 | 000,009,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VER.DLL
[2010/02/23 16:39:13 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SHELL.DLL
[2010/02/23 16:39:13 | 000,004,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\TIMER.DRV
[2010/02/23 16:39:13 | 000,003,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SYSTEM.DRV
[2010/02/23 16:39:13 | 000,002,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VGA.DRV
[2010/02/23 16:39:13 | 000,001,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SOUND.DRV
[2010/02/23 16:39:12 | 000,109,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\AVIFILE.DLL
[2010/02/23 16:39:12 | 000,073,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCIAVI.DRV
[2010/02/23 16:39:12 | 000,069,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\AVICAP.DLL
[2010/02/23 16:39:12 | 000,032,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\COMMDLG.DLL
[2010/02/23 16:39:12 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCIWAVE.DRV
[2010/02/23 16:39:12 | 000,025,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCISEQ.DRV
[2010/02/23 16:39:12 | 000,009,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\LZEXPAND.DLL
[2010/02/23 16:39:12 | 000,002,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MOUSE.DRV
[2010/02/23 16:39:12 | 000,002,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\KEYBOARD.DRV
[2010/02/23 16:39:12 | 000,001,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MMTASK.TSK
[2010/02/23 16:39:11 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\WINSPOOL.DRV
[2010/02/23 16:39:11 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\TASKMAN.EXE
[2010/02/23 16:39:11 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\batt.dll
[2010/02/23 16:39:10 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\storprop.dll
[2010/02/23 16:39:10 | 000,068,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MMSYSTEM.DLL
[2010/02/23 16:39:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2010/02/23 16:39:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2010/02/23 16:39:01 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates
[2010/02/23 16:39:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2010/02/23 16:39:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop
[2010/02/23 16:38:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2010/02/23 16:38:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2010/02/23 16:38:37 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2010/02/23 16:38:37 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2010/02/23 16:37:52 | 000,547,904 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\drivers\ar5211.sys
[2010/02/23 16:37:18 | 000,045,568 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\drivers\bcm4sbxp.sys
[2010/02/23 16:36:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings
[2010/02/23 16:36:56 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010/02/23 16:31:50 | 000,000,000 | --SD | C] -- C:\WINDOWS\Offline Web Pages
[2010/02/23 16:31:50 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2010/02/23 16:31:50 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2010/02/23 16:31:50 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
[2010/02/23 16:31:50 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2010/02/23 16:31:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2010/02/23 16:31:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2010/02/23 16:31:50 | 000,000,000 | ---D | C] -- C:\WINDOWS
[2010/02/23 16:31:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010/02/23 16:31:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2010/02/23 16:31:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2010/02/23 16:31:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2010/02/23 16:31:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2010/02/23 16:31:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
[2010/02/23 16:31:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
[2010/02/23 16:31:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2010/02/23 16:31:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2010/02/23 16:31:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2010/02/23 16:31:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
[2010/02/23 16:31:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/02/23 16:31:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2010/02/23 16:31:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
[2010/02/23 16:31:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2010/02/23 16:31:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2010/02/23 16:31:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2010/02/23 16:31:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\pchealth
[2010/02/23 16:31:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2010/02/23 16:31:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Network Diagnostic
[2010/02/23 16:31:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2010/02/23 16:31:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2010/02/23 16:31:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2010/02/23 16:31:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2010/02/23 16:31:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
[2010/02/23 16:31:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\L2Schemas
[2010/02/23 16:31:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
[2010/02/23 16:31:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2010/02/23 16:31:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
[2010/02/23 16:31:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2010/02/23 16:31:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2010/02/23 16:31:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
[2010/02/23 16:31:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2010/02/23 16:31:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2010/02/23 16:31:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2010/02/23 16:31:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/02/23 16:31:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\ehome
[2010/02/23 16:31:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2010/02/23 16:31:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2010/02/23 16:31:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2010/02/23 16:31:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2010/02/23 16:31:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2010/02/23 16:31:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2010/02/23 16:31:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2010/02/23 16:31:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2010/02/23 16:31:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2010/02/23 16:31:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2010/02/23 16:31:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2010/02/23 16:31:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2010/02/23 16:31:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2010/02/23 16:31:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2010/02/23 16:31:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2010/02/23 16:31:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2010/02/23 16:31:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2010/02/23 16:31:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2010/02/23 16:31:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2010/02/23 16:31:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2010/02/23 16:31:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2010/02/23 16:31:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/09 11:43:47 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/03/09 09:22:19 | 000,521,942 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/09 09:22:19 | 000,441,692 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/09 09:22:19 | 000,071,462 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/09 09:22:13 | 056,921,235 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/03/09 09:19:25 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{32624E8C-B517-4726-BD54-BE52B72C0ED9}.job
[2010/03/09 09:17:18 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/09 09:17:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/09 09:17:11 | 526,503,936 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/08 22:20:42 | 001,572,864 | ---- | M] () -- C:\Documents and Settings\Owner\ntuser.dat
[2010/03/08 22:20:42 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/03/08 22:20:31 | 005,889,078 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2010/03/06 21:00:15 | 000,524,288 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2010/03/06 20:58:05 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Defogger.exe
[2010/03/06 16:51:34 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/06 16:24:47 | 000,262,144 | ---- | M] () -- C:\WINDOWS\System32\default_user_class.dat
[2010/03/05 21:28:17 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2010/03/05 21:26:29 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\defogger_reenable
[2010/03/05 19:50:58 | 000,000,653 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/02 17:20:55 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/03/02 17:07:24 | 000,087,112 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/03/02 12:11:17 | 007,757,856 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SUPERAntiSpyware.exe
[2010/03/02 12:09:45 | 003,876,857 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2010/03/01 21:27:13 | 000,000,128 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2010/03/01 20:01:13 | 000,002,157 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Dungeons and Dragons Online™ - Eberron Unlimited™.lnk
[2010/03/01 18:34:00 | 000,001,912 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Launch Turbine Download Manager.lnk
[2010/03/01 15:04:48 | 000,009,240 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/02/27 23:17:19 | 000,000,000 | ---- | M] () -- C:\WINDOWS\popcreg.dat
[2010/02/27 23:17:19 | 000,000,000 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
[2010/02/27 22:50:59 | 000,000,100 | ---- | M] () -- C:\WINDOWS\dinksmallwood.ini
[2010/02/27 12:51:53 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Knytt.lnk
[2010/02/27 12:46:28 | 000,000,705 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Play Dink Smallwood.lnk
[2010/02/26 18:52:39 | 000,000,064 | ---- | M] () -- C:\WINDOWS\control.ini
[2010/02/26 18:49:51 | 000,719,872 | ---- | M] () -- C:\WINDOWS\System32\bubbloids.scr
[2010/02/26 18:49:51 | 000,000,035 | ---- | M] () -- C:\WINDOWS\brassi.dat
[2010/02/26 17:45:44 | 000,000,824 | ---- | M] () -- C:\WINDOWS\unins000.dat
[2010/02/26 17:45:01 | 000,673,546 | ---- | M] () -- C:\WINDOWS\unins000.exe
[2010/02/26 17:07:57 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2010/02/26 16:34:50 | 000,163,208 | ---- | M] () -- C:\WINDOWS\Ahriman's Prophecy Uninstaller.exe
[2010/02/26 16:34:49 | 000,000,740 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Ahriman's Prophecy.lnk
[2010/02/26 16:22:30 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/02/26 10:25:38 | 000,000,467 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\My Pictures.lnk
[2010/02/26 00:16:03 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/24 22:23:47 | 000,161,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2010/02/24 22:23:47 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/02/24 22:23:47 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx(2)(2).dll
[2010/02/24 22:23:47 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 9.0.lnk
[2010/02/24 22:23:45 | 000,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/02/24 22:23:40 | 000,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/02/24 22:23:39 | 000,568,347 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavifw.avm
[2010/02/24 22:23:39 | 000,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/02/24 22:23:38 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/02/24 22:23:23 | 006,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2010/02/24 22:23:23 | 000,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2010/02/24 22:23:23 | 000,142,495 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/02/24 22:23:02 | 000,025,608 | ---- | M] (AVG Technologies ) -- C:\WINDOWS\System32\drivers\AVGIDSxx.sys
[2010/02/24 22:22:42 | 000,050,968 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgfwdx.dll
[2010/02/24 22:22:42 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgfwdx.sys
[2010/02/24 09:59:58 | 000,940,794 | ---- | M] () -- C:\WINDOWS\System32\LoopyMusic.wav
[2010/02/24 09:59:58 | 000,146,650 | ---- | M] () -- C:\WINDOWS\System32\BuzzingBee.wav
[2010/02/23 23:07:44 | 000,000,834 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Windows Media Player.lnk
[2010/02/23 22:56:36 | 000,000,869 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/02/23 22:56:01 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/02/23 22:56:01 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/02/23 22:56:01 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/02/23 22:56:01 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/02/23 22:56:01 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/02/23 22:55:58 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/02/23 22:55:58 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/02/23 22:55:48 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/02/23 22:55:44 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010/02/23 22:54:22 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2010/02/23 22:54:22 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/02/23 22:54:19 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/02/23 22:54:19 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/02/23 22:54:19 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/02/23 22:54:19 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/02/23 22:54:19 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/02/23 22:54:19 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010/02/23 22:52:06 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/02/23 22:51:53 | 000,000,037 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2010/02/23 22:51:53 | 000,000,036 | ---- | M] () -- C:\WINDOWS\vb.ini
[2010/02/23 22:46:31 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/02/23 16:41:58 | 000,004,444 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/06 21:04:19 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gmer.exe
[2010/03/06 21:00:06 | 000,524,288 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2010/03/06 20:57:32 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Defogger.exe
[2010/03/06 16:24:47 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\default_user_class.dat
[2010/03/05 21:28:14 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2010/03/05 21:26:29 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\defogger_reenable
[2010/03/05 19:50:50 | 000,002,264 | ---- | C] () -- C:\WINDOWS\System\S20H0220.csr
[2010/03/05 19:50:50 | 000,002,264 | ---- | C] () -- C:\WINDOWS\System\S20F0220.csr
[2010/03/05 15:08:08 | 526,503,936 | -HS- | C] () -- C:\hiberfil.sys
[2010/03/02 18:53:33 | 001,572,864 | ---- | C] () -- C:\Documents and Settings\Owner\ntuser.dat
[2010/03/02 17:13:15 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/03/02 17:13:15 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/03/02 17:13:15 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/03/02 17:13:15 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/03/02 17:13:15 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/03/02 12:11:15 | 007,757,856 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SUPERAntiSpyware.exe
[2010/03/02 12:09:45 | 003,876,857 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2010/03/01 21:27:13 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2010/03/01 20:01:13 | 000,002,157 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Dungeons and Dragons Online™ - Eberron Unlimited™.lnk
[2010/03/01 18:34:00 | 000,001,912 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Launch Turbine Download Manager.lnk
[2010/02/27 23:17:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat
[2010/02/27 23:17:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2010/02/27 22:44:54 | 000,000,100 | ---- | C] () -- C:\WINDOWS\dinksmallwood.ini
[2010/02/27 12:51:53 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Knytt.lnk
[2010/02/27 12:46:28 | 000,000,705 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Play Dink Smallwood.lnk
[2010/02/26 18:49:51 | 000,719,872 | ---- | C] () -- C:\WINDOWS\System32\bubbloids.scr
[2010/02/26 18:49:51 | 000,000,035 | ---- | C] () -- C:\WINDOWS\brassi.dat
[2010/02/26 17:45:43 | 000,673,546 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2010/02/26 17:45:43 | 000,000,824 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2010/02/26 17:07:57 | 000,000,630 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2010/02/26 16:34:49 | 000,163,208 | ---- | C] () -- C:\WINDOWS\Ahriman's Prophecy Uninstaller.exe
[2010/02/26 16:34:49 | 000,000,740 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Ahriman's Prophecy.lnk
[2010/02/26 16:22:30 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/02/26 10:54:19 | 000,356,352 | ---- | C] () -- C:\WINDOWS\EMCRI.dll
[2010/02/26 10:25:36 | 000,000,467 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\My Pictures.lnk
[2010/02/26 00:16:03 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/24 22:23:47 | 000,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 9.0.lnk
[2010/02/24 22:23:38 | 000,568,347 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavifw.avm
[2010/02/24 22:23:38 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/02/24 22:23:23 | 056,921,235 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/02/24 22:23:23 | 000,492,629 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2010/02/24 22:23:23 | 000,142,495 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/02/24 22:23:20 | 006,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2010/02/24 22:22:25 | 001,291,776 | ---- | C] () -- C:\WINDOWS\System32\dllcache\quartz.dll
[2010/02/24 10:01:36 | 000,524,850 | ---- | C] () -- C:\WINDOWS\System32\igxpxa32.cpa
[2010/02/24 10:01:36 | 000,058,704 | ---- | C] () -- C:\WINDOWS\System32\igxpxk32.vp
[2010/02/24 10:01:36 | 000,023,216 | ---- | C] () -- C:\WINDOWS\System32\igxpxs32.vp
[2010/02/24 10:01:36 | 000,000,929 | ---- | C] () -- C:\WINDOWS\System32\igxpxa32.vp
[2010/02/24 09:59:58 | 000,146,650 | ---- | C] () -- C:\WINDOWS\System32\BuzzingBee.wav
[2010/02/24 09:59:57 | 000,940,794 | ---- | C] () -- C:\WINDOWS\System32\LoopyMusic.wav
[2010/02/24 09:58:17 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2010/02/24 09:58:17 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2010/02/24 09:55:27 | 000,144,201 | ---- | C] () -- C:\WINDOWS\System32\drivers\HSFProf.cty
[2010/02/24 08:15:18 | 000,000,422 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{32624E8C-B517-4726-BD54-BE52B72C0ED9}.job
[2010/02/23 23:07:44 | 000,000,834 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Windows Media Player.lnk
[2010/02/23 23:07:09 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/02/23 23:07:07 | 000,000,414 | ---- | C] () -- C:\WINDOWS\System32\lame_acm.xml
[2010/02/23 23:07:06 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2010/02/23 23:07:06 | 000,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/02/23 23:07:06 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/02/23 23:07:05 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2010/02/23 23:07:04 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2010/02/23 23:07:03 | 000,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/02/23 23:03:00 | 000,094,248 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/02/23 22:57:44 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/02/23 22:56:29 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/02/23 22:56:01 | 000,002,577 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/02/23 22:56:01 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010/02/23 22:56:01 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010/02/23 22:56:01 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2010/02/23 22:56:01 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2010/02/23 22:55:50 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/02/23 22:55:50 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/02/23 22:55:48 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2010/02/23 22:54:22 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2010/02/23 22:54:22 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/02/23 22:54:19 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/02/23 22:54:19 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/02/23 22:54:19 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/02/23 22:54:19 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/02/23 22:54:19 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/02/23 22:54:19 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010/02/23 22:52:06 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/02/23 22:48:46 | 000,093,702 | ---- | C] () -- C:\WINDOWS\System32\subrange.uce
[2010/02/23 22:48:46 | 000,060,458 | ---- | C] () -- C:\WINDOWS\System32\ideograf.uce
[2010/02/23 22:48:46 | 000,016,740 | ---- | C] () -- C:\WINDOWS\System32\shiftjis.uce
[2010/02/23 22:48:46 | 000,012,876 | ---- | C] () -- C:\WINDOWS\System32\korean.uce
[2010/02/23 22:48:46 | 000,008,484 | ---- | C] () -- C:\WINDOWS\System32\kanji_2.uce
[2010/02/23 22:48:46 | 000,006,948 | ---- | C] () -- C:\WINDOWS\System32\kanji_1.uce
[2010/02/23 22:48:45 | 000,024,006 | ---- | C] () -- C:\WINDOWS\System32\gb2312.uce
[2010/02/23 22:48:45 | 000,022,984 | ---- | C] () -- C:\WINDOWS\System32\bopomofo.uce
[2010/02/23 22:48:45 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2010/02/23 22:48:44 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2010/02/23 22:48:43 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2010/02/23 22:48:37 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2010/02/23 16:41:58 | 000,004,444 | ---- | C] () -- C:\WINDOWS\System32\pid.PNF
[2010/02/23 16:41:03 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_720.nls
[2010/02/23 16:40:59 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_862.nls
[2010/02/23 16:40:48 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\korwbrkr.lex
[2010/02/23 16:40:48 | 000,001,486 | ---- | C] () -- C:\WINDOWS\System32\noise.kor
[2010/02/23 16:40:47 | 000,002,060 | ---- | C] () -- C:\WINDOWS\System32\noise.jpn
[2010/02/23 16:40:31 | 000,146,126 | ---- | C] () -- C:\WINDOWS\System32\array30.tab
[2010/02/23 16:40:31 | 000,110,566 | ---- | C] () -- C:\WINDOWS\System32\arphr.tbl
[2010/02/23 16:40:31 | 000,018,600 | ---- | C] () -- C:\WINDOWS\System32\arrayhw.tab
[2010/02/23 16:40:31 | 000,016,312 | ---- | C] () -- C:\WINDOWS\System32\arptr.tbl
[2010/02/23 16:40:30 | 000,211,938 | ---- | C] () -- C:\WINDOWS\System32\lcphrase.tbl
[2010/02/23 16:40:30 | 000,043,242 | ---- | C] () -- C:\WINDOWS\System32\phoncode.tbl
[2010/02/23 16:40:30 | 000,024,114 | ---- | C] () -- C:\WINDOWS\System32\lcptr.tbl
[2010/02/23 16:40:30 | 000,004,071 | ---- | C] () -- C:\WINDOWS\System32\phon.tbl
[2010/02/23 16:40:30 | 000,002,714 | ---- | C] () -- C:\WINDOWS\System32\phonptr.tbl
[2010/02/23 16:40:30 | 000,000,700 | ---- | C] () -- C:\WINDOWS\System32\dayiptr.tbl
[2010/02/23 16:40:30 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\dayiphr.tbl
[2010/02/23 16:40:29 | 000,195,618 | ---- | C] () -- C:\WINDOWS\System32\c_10002.nls
[2010/02/23 16:40:29 | 000,116,285 | ---- | C] () -- C:\WINDOWS\System32\msdayi.tbl
[2010/02/23 16:40:29 | 000,082,172 | ---- | C] () -- C:\WINDOWS\System32\bopomofo.nls
[2010/02/23 16:40:29 | 000,066,728 | ---- | C] () -- C:\WINDOWS\System32\big5.nls
[2010/02/23 16:40:29 | 000,044,370 | ---- | C] () -- C:\WINDOWS\System32\acode.tbl
[2010/02/23 16:40:29 | 000,044,370 | ---- | C] () -- C:\WINDOWS\System32\a234.tbl
[2010/02/23 16:40:29 | 000,001,460 | ---- | C] () -- C:\WINDOWS\System32\a15.tbl
[2010/02/23 16:40:28 | 000,016,254 | ---- | C] () -- C:\WINDOWS\System32\PINTLPAE.HLP
[2010/02/23 16:40:28 | 000,014,821 | ---- | C] () -- C:\WINDOWS\System32\PINTLPAD.HLP
[2010/02/23 16:40:22 | 001,564,868 | ---- | C] () -- C:\WINDOWS\System32\WINSP.MB
[2010/02/23 16:40:22 | 001,223,500 | ---- | C] () -- C:\WINDOWS\System32\WINZM.MB
[2010/02/23 16:40:21 | 001,783,864 | ---- | C] () -- C:\WINDOWS\System32\WINPY.MB
[2010/02/23 16:40:21 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\c_10008.nls
[2010/02/23 16:40:21 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\prcp.nls
[2010/02/23 16:40:21 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\prc.nls
[2010/02/23 16:40:06 | 000,189,986 | ---- | C] () -- C:\WINDOWS\System32\c_1361.nls
[2010/02/23 16:40:06 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\c_10003.nls
[2010/02/23 16:40:06 | 000,047,066 | ---- | C] () -- C:\WINDOWS\System32\ksc.nls
[2010/02/23 16:39:32 | 000,180,770 | ---- | C] () -- C:\WINDOWS\System32\c_20932.nls
[2010/02/23 16:39:32 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\c_20000.nls
[2010/02/23 16:39:32 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\c_20949.nls
[2010/02/23 16:39:32 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\c_20936.nls
[2010/02/23 16:39:32 | 000,162,850 | ---- | C] () -- C:\WINDOWS\System32\c_10001.nls
[2010/02/23 16:39:32 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_21027.nls
[2010/02/23 16:39:32 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20290.nls
[2010/02/23 16:39:31 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\xjis.nls
[2010/02/23 16:39:30 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28603.nls
[2010/02/23 16:39:27 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_857.nls
[2010/02/23 16:39:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28599.nls
[2010/02/23 16:39:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10081.nls
[2010/02/23 16:39:25 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28595.NLS
[2010/02/23 16:39:25 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10017.nls
[2010/02/23 16:39:25 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10007.nls
[2010/02/23 16:39:23 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_869.nls
[2010/02/23 16:39:23 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_737.nls
[2010/02/23 16:39:23 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_875.nls
[2010/02/23 16:39:23 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28597.NLS
[2010/02/23 16:39:23 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10006.nls
[2010/02/23 16:39:22 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_866.nls
[2010/02/23 16:39:22 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_855.nls
[2010/02/23 16:39:22 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28594.NLS
[2010/02/23 16:39:20 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_852.nls
[2010/02/23 16:39:20 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10082.nls
[2010/02/23 16:39:20 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10029.nls
[2010/02/23 16:39:20 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10010.nls
[2010/02/23 16:39:16 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20127.nls
[2010/02/23 16:39:11 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2010/02/23 16:36:56 | 000,087,112 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/02/23 16:36:06 | 000,000,211 | -HS- | C] () -- C:\boot.ini
[2010/02/23 16:36:02 | 000,000,869 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2009/04/20 12:25:16 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\msvcrt10.dll
< End of report >

OTL Extras logfile created on: 3/9/2010 11:44:39 AM - Run 1
OTL by OldTimer - Version 3.1.35.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.00 Mb Total Physical Memory | 212.00 Mb Available Physical Memory | 42.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 54.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 56.24 Gb Free Space | 75.47% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ANONYMOUS
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AVG\AVG9\avgam.exe" = C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgdiagex.exe" = C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe" = C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe:*:Enabled:TurbineNetworkService -- (Turbine, Inc.)
"C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe" = C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe:*:Enabled:TurbineMessageService -- (Turbine, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00A2B469-49E1-444C-AC27-674FD2D575D8}_is1" = Rain Screensaver 1.0
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 17
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A7050037-F0EA-4BAB-BCD5-FC05507D6147}" = Alt-Tab Task Switcher Powertoy for Windows XP
"{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}" = Windows Rights Management Client with Service Pack 2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 Service Pack 1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}" = User Profile Hive Cleanup Service
"15b35190-c6f9-11d9-9669-0800200c9a66_is1" = Dungeons & Dragons Online - Eberron Unlimited™
"62289540-dc30-11dc-95ff-0800200c9a66_is1" = Turbine Download Manager
"7-Zip" = 7-Zip 4.65
"Ahriman's Prophecy" = Ahriman's Prophecy
"AVG9Uninstall" = AVG 9.0
"CmdOpen Shell Extension" = Open Command Prompt Shell Extension (x86-32)
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"Foxit Reader" = Foxit Reader
"HashCheck Shell Extension" = HashCheck Shell Extension (x86-32)
"HijackThis" = HijackThis 2.0.2
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.7.5
"Knytt_is1" = Knytt 1.0.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Silverlight" = Microsoft Silverlight
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"NVIDIA Drivers" = NVIDIA Drivers
"QuicktimeAlt_is1" = QuickTime Alternative 2.8.0
"Revo Uninstaller" = Revo Uninstaller 1.85
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Unlocker" = Unlocker 1.8.7
"uTorrent" = µTorrent

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1085031214-823518204-1644491937-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MLQTSource" = MediaLooks QuickTime Source 1.7.0.6 (DirectShow Filter)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/26/2010 12:36:15 AM | Computer Name = ANONYMOUS | Source = Application Error | ID = 1000
Description = Faulting application syntpenh.exe, version 8.2.19.0, faulting module
syntpenh.exe, version 8.2.19.0, fault address 0x00016d17.

Error - 3/5/2010 7:04:10 PM | Computer Name = ANONYMOUS | Source = ESENT | ID = 490
Description = svchost (1420) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 3/5/2010 7:04:10 PM | Computer Name = ANONYMOUS | Source = ESENT | ID = 470
Description = Catalog Database (1420) Database C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
is partially attached. Attachment stage: 3. Error: -1032.

Error - 3/5/2010 9:38:25 PM | Computer Name = ANONYMOUS | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

[ System Events ]
Error - 3/7/2010 11:41:41 PM | Computer Name = ANONYMOUS | Source = PSched | ID = 14103
Description = QoS [Adapter {3B2BA29A-1269-4359-B44E-0322C3BEFA84}]: The netcard driver
failed the query for OID_GEN_LINK_SPEED.

Error - 3/7/2010 11:56:43 PM | Computer Name = ANONYMOUS | Source = PSched | ID = 14103
Description = QoS [Adapter {3B2BA29A-1269-4359-B44E-0322C3BEFA84}]: The netcard driver
failed the query for OID_GEN_LINK_SPEED.

Error - 3/8/2010 12:44:13 AM | Computer Name = ANONYMOUS | Source = PSched | ID = 14103
Description = QoS [Adapter {3B2BA29A-1269-4359-B44E-0322C3BEFA84}]: The netcard driver
failed the query for OID_GEN_LINK_SPEED.

Error - 3/8/2010 12:45:55 AM | Computer Name = ANONYMOUS | Source = PSched | ID = 14103
Description = QoS [Adapter {3B2BA29A-1269-4359-B44E-0322C3BEFA84}]: The netcard driver
failed the query for OID_GEN_LINK_SPEED.

Error - 3/8/2010 1:57:01 AM | Computer Name = ANONYMOUS | Source = PSched | ID = 14103
Description = QoS [Adapter {3B2BA29A-1269-4359-B44E-0322C3BEFA84}]: The netcard driver
failed the query for OID_GEN_LINK_SPEED.

Error - 3/8/2010 11:39:20 AM | Computer Name = ANONYMOUS | Source = Service Control Manager | ID = 7000
Description = The wscsvc service failed to start due to the following error: %%1083

Error - 3/9/2010 12:13:59 AM | Computer Name = ANONYMOUS | Source = DCOM | ID = 10010
Description = The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register
with DCOM within the required timeout.

Error - 3/9/2010 12:22:44 AM | Computer Name = ANONYMOUS | Source = DCOM | ID = 10010
Description = The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register
with DCOM within the required timeout.

Error - 3/9/2010 11:18:16 AM | Computer Name = ANONYMOUS | Source = System Error | ID = 1003
Description = Error code 100000d1, parameter1 00000019, parameter2 00000002, parameter3
00000000, parameter4 f7980417.

Error - 3/9/2010 11:18:37 AM | Computer Name = ANONYMOUS | Source = Service Control Manager | ID = 7000
Description = The wscsvc service failed to start due to the following error: %%1083


< End of report >


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-09 12:45:01
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\fgrcypog.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies ) ZwOpenProcess [0xF88BE470]
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies ) ZwTerminateProcess [0xF88BE520]
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies ) ZwTerminateThread [0xF88BE5C0]
SSDT \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys ZwUnloadKey [0xA9BDF6D0]
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies ) ZwWriteVirtualMemory [0xF88BE660]

---- Kernel code sections - GMER 1.0.15 ----

? C:\WINDOWS\system32\Drivers\uphcleanhlp.sys The system cannot find the file specified. !

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----



#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,243 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:58 AM

Posted 09 March 2010 - 03:19 PM

Hello again smile.gif

Your logs shows you have been running combofix. Please post me the log you will find at c:\combofix.txt

Please note: ComboFix is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert." It is NOT for unsupervised use. Please read Combofix's Disclaimer.

Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 angicx

angicx
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:beaumont, tx
  • Local time:05:58 PM

Posted 09 March 2010 - 08:20 PM

I know and I'm sorry about that. I did it once and it was because my computer kept locking up. I was afraid I was going to have to reformat and reinstall Windows again and at the time, that wasn't an option for me, so I did it as a last resort effort to try and rectify my problem. I won't do it again. I may have done a sys restore since I ran it, I just don't remember because everything I've tried is running all together...

I forgot to mention before that my computer is also freezing up when it hibernates and won't come out of that without a hard re-boot. All of this was happening before I ran combofix on my own, so I don't think that's the problem... or the ENTIRE problem. I'm not saying I didn't screw things up worse with it sad.gif

Here's the log.

ComboFix 10-03-01.04 - Owner 03/02/2010 17:15:16.1.1 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.391 [GMT -6:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Custom Settings\TaskBarCmd v1.1.exe
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb

.
((((((((((((((((((((((((( Files Created from 2010-02-02 to 2010-03-02 )))))))))))))))))))))))))))))))
.

2010-03-02 22:56 . 2010-03-02 22:56 -------- d-----w- c:\windows\system32\wbem\Repository
2010-03-02 22:51 . 2010-03-02 22:51 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-03-02 22:51 . 2010-03-02 22:51 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\ApplicationHistory
2010-03-02 22:49 . 2010-03-02 22:49 -------- d-----w- c:\program files\Trend Micro
2010-03-02 22:49 . 2010-03-02 22:49 -------- d-----w- c:\windows\SxsCaPendDel
2010-03-02 22:49 . 2010-03-02 22:49 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Turbine,_Inc
2010-03-02 22:48 . 2010-03-02 22:48 -------- d-----w- c:\documents and settings\All Users\Application Data\PopCap Games
2010-03-02 22:48 . 2010-03-02 22:48 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-03-02 22:47 . 2010-03-02 22:48 -------- d--h--w- c:\documents and settings\Owner\Application Data\IFViewer
2010-03-02 22:45 . 2010-03-02 22:45 -------- d-----w- c:\program files\uTorrent
2010-03-02 22:29 . 2010-03-02 22:29 -------- d-----w- c:\windows\Sun
2010-03-02 22:17 . 2010-03-02 22:26 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft
2010-03-02 22:17 . 2010-02-24 04:56 -------- d-----w- c:\documents and settings\Administrator\IETldCache
2010-03-02 22:17 . 2010-03-02 22:26 -------- d-s---w- c:\documents and settings\Administrator
2010-03-02 18:18 . 2010-03-02 22:56 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-03-02 18:18 . 2010-03-02 18:18 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2010-03-02 03:27 . 2010-03-02 03:27 128 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\fusioncache.dat
2010-03-02 03:26 . 2010-03-02 03:26 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Turbine
2010-03-02 00:34 . 2010-03-02 00:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Turbine
2010-03-02 00:33 . 2010-03-02 22:49 -------- d-----w- c:\program files\Turbine
2010-03-01 23:32 . 2010-03-01 23:32 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Eraser 6
2010-03-01 22:44 . 2010-03-02 22:49 -------- d-----w- c:\program files\VS Revo Group
2010-03-01 21:04 . 2010-03-01 21:04 9240 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-28 17:44 . 2010-03-02 22:48 -------- d-----w- c:\program files\Darkeden
2010-02-28 05:29 . 2010-03-02 21:54 -------- d-----w- c:\documents and settings\Owner\Application Data\GetRightToGo
2010-02-28 05:17 . 2010-02-28 05:17 0 ----a-w- c:\windows\popcreg.dat
2010-02-28 05:17 . 2010-02-28 05:17 0 ----a-w- c:\windows\popcinfot.dat
2010-02-28 02:28 . 2010-03-02 22:47 -------- d-----w- c:\program files\PopCap Games
2010-02-27 18:51 . 2010-03-02 22:48 -------- d-----w- c:\program files\Knytt
2010-02-27 18:45 . 2010-03-02 22:46 -------- d-----w- c:\program files\Dink Smallwood
2010-02-27 00:49 . 2010-02-27 00:49 719872 ----a-w- c:\windows\system32\bubbloids.scr
2010-02-27 00:49 . 2010-02-27 00:49 35 ----a-w- c:\windows\brassi.dat
2010-02-26 23:45 . 2010-02-26 23:45 824 ----a-w- c:\windows\unins000.dat
2010-02-26 23:45 . 2010-02-26 23:45 673546 ----a-w- c:\windows\unins000.exe
2010-02-26 23:45 . 2006-04-17 19:02 90112 ----a-w- c:\windows\system32\Rain Screensaver.scr
2010-02-26 23:07 . 2010-03-02 22:49 -------- d-----w- c:\documents and settings\Owner\Application Data\uTorrent
2010-02-26 22:34 . 2010-02-26 22:34 163208 ----a-w- c:\windows\Ahriman's Prophecy Uninstaller.exe
2010-02-26 22:34 . 2010-03-02 22:45 -------- d-----w- c:\program files\Ahriman's Prophecy
2010-02-26 16:54 . 2006-06-17 01:17 356352 ----a-w- c:\windows\EMCRI.dll
2010-02-26 16:48 . 2006-06-17 01:17 74752 ----a-w- c:\windows\system32\drivers\ESM7SK.sys
2010-02-26 16:48 . 2006-06-17 01:17 40064 ----a-w- c:\windows\system32\drivers\ESD7SK.sys
2010-02-26 16:48 . 2006-06-17 01:17 61056 ----a-w- c:\windows\system32\drivers\EMS7SK.sys
2010-02-26 06:16 . 2010-02-26 06:16 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2010-02-26 06:16 . 2010-01-07 22:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-26 06:15 . 2010-02-26 06:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-26 06:15 . 2010-03-02 22:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-26 06:15 . 2010-01-07 22:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-26 05:18 . 2006-10-24 00:16 110592 ----a-w- c:\windows\system32\SynTPCo4.dll
2010-02-26 05:18 . 2006-10-23 23:55 143360 ----a-w- c:\windows\system32\SynTPAPI.dll
2010-02-26 05:18 . 2006-10-23 23:55 196608 ----a-w- c:\windows\system32\SynCtrl.dll
2010-02-26 05:18 . 2006-10-23 23:55 163840 ----a-w- c:\windows\system32\SynCOM.dll
2010-02-26 05:18 . 2006-10-23 23:51 199776 ----a-w- c:\windows\system32\drivers\SynTP.sys
2010-02-26 05:17 . 2010-02-26 05:17 -------- d-----w- c:\program files\Synaptics
2010-02-26 03:30 . 2009-10-21 05:38 75776 ------w- c:\windows\system32\dllcache\strmfilt.dll
2010-02-26 03:30 . 2009-10-21 05:38 25088 ------w- c:\windows\system32\dllcache\httpapi.dll
2010-02-26 03:30 . 2009-10-20 16:20 265728 ------w- c:\windows\system32\dllcache\http.sys
2010-02-26 03:30 . 2009-08-25 09:27 354816 ------w- c:\windows\system32\dllcache\winhttp.dll
2010-02-26 00:40 . 2008-04-14 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-02-25 17:22 . 2010-02-25 17:22 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-02-25 17:18 . 2009-07-17 19:01 58880 ------w- c:\windows\system32\dllcache\atl.dll
2010-02-25 17:17 . 2010-02-25 17:17 79488 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-02-25 17:10 . 2010-02-26 00:45 -------- d-----w- c:\windows\ie8updates
2010-02-25 17:09 . 2010-03-02 22:34 -------- d--h--w- c:\windows\$hf_mig$
2010-02-25 04:33 . 2009-11-25 19:02 1230080 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2010-02-25 04:25 . 2009-10-12 13:28 79872 ------w- c:\windows\system32\dllcache\raschap.dll
2010-02-25 04:25 . 2009-07-17 16:22 1435648 ------w- c:\windows\system32\dllcache\query.dll
2010-02-25 04:25 . 2009-12-14 07:08 33280 ------w- c:\windows\system32\dllcache\csrsrv.dll
2010-02-25 04:25 . 2009-12-08 09:01 474112 ------w- c:\windows\system32\dllcache\shlwapi.dll
2010-02-25 04:24 . 2009-06-10 06:17 134144 ------w- c:\windows\system32\dllcache\wkssvc.dll
2010-02-25 04:24 . 2009-08-26 08:03 247326 ------w- c:\windows\system32\dllcache\strmdll.dll
2010-02-25 04:24 . 2009-05-07 15:14 346112 ------w- c:\windows\system32\dllcache\localspl.dll
2010-02-25 04:24 . 2010-03-01 21:51 -------- d-----w- C:\$AVG
2010-02-25 04:23 . 2010-02-25 04:23 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-02-25 04:23 . 2010-02-25 04:23 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-02-25 04:23 . 2010-02-25 04:23 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-02-25 04:23 . 2010-02-25 04:23 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-02-25 04:23 . 2010-02-25 04:23 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-02-25 04:23 . 2010-03-02 16:29 -------- d-----w- c:\windows\system32\drivers\Avg
2010-02-25 04:23 . 2010-03-02 22:28 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-02-25 04:23 . 2010-02-25 04:23 25608 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2010-02-25 04:22 . 2009-09-04 21:03 58880 ------w- c:\windows\system32\dllcache\msasn1.dll
2010-02-25 04:22 . 2010-03-02 22:26 -------- d-----w- c:\program files\AVG
2010-02-25 04:22 . 2010-02-25 04:22 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2010-02-25 04:22 . 2010-02-25 04:22 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2010-02-25 04:22 . 2010-03-02 22:26 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-02-25 04:22 . 2009-11-27 17:23 17920 ------w- c:\windows\system32\dllcache\msyuv.dll
2010-02-25 04:22 . 2009-11-27 17:23 1291776 ------w- c:\windows\system32\dllcache\quartz.dll
2010-02-25 04:22 . 2010-02-25 04:22 -------- d-sh--w- c:\documents and settings\Owner\IECompatCache
2010-02-25 04:21 . 2009-10-13 10:38 270336 ------w- c:\windows\system32\dllcache\oakley.dll
2010-02-25 04:20 . 2009-11-27 16:07 8704 ------w- c:\windows\system32\dllcache\tsbyuv.dll
2010-02-25 04:20 . 2009-11-27 16:07 28672 ------w- c:\windows\system32\dllcache\msvidc32.dll
2010-02-25 04:20 . 2009-11-27 16:07 84992 ------w- c:\windows\system32\dllcache\avifil32.dll
2010-02-25 04:20 . 2009-11-27 16:07 48128 ------w- c:\windows\system32\dllcache\iyuv_32.dll
2010-02-25 04:20 . 2009-11-27 16:07 11264 ------w- c:\windows\system32\dllcache\msrle32.dll
2010-02-25 04:20 . 2009-04-15 15:24 585216 ------w- c:\windows\system32\dllcache\rpcrt4.dll
2010-02-25 04:19 . 2009-08-05 09:01 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll
2010-02-25 04:10 . 2010-01-01 07:58 353792 ------w- c:\windows\system32\dllcache\srv.sys
2010-02-25 03:59 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-02-25 03:59 . 2009-09-11 14:13 136704 ------w- c:\windows\system32\dllcache\msv1_0.dll
2010-02-25 03:59 . 2009-06-25 08:41 56832 ------w- c:\windows\system32\dllcache\secur32.dll
2010-02-25 03:59 . 2009-06-25 08:41 54272 ------w- c:\windows\system32\dllcache\wdigest.dll
2010-02-25 03:59 . 2009-06-25 08:41 147456 ------w- c:\windows\system32\dllcache\schannel.dll
2010-02-25 03:59 . 2009-06-24 10:28 92928 ------w- c:\windows\system32\dllcache\ksecdd.sys
2010-02-25 03:59 . 2009-06-25 08:41 301568 ------w- c:\windows\system32\dllcache\kerberos.dll
2010-02-25 03:56 . 2009-10-15 16:28 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2010-02-25 03:56 . 2009-10-15 16:28 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2010-02-25 03:56 . 2009-06-09 15:21 2067968 ------w- c:\windows\system32\dllcache\mstscax.dll
2010-02-25 03:55 . 2009-06-21 21:49 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2010-02-25 03:55 . 2009-12-04 17:25 456832 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-02-25 03:54 . 2009-07-31 04:24 1447424 ------w- c:\windows\system32\dllcache\msxml6.dll
2010-02-25 03:54 . 2009-07-31 04:24 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll
2010-02-25 03:43 . 2009-12-09 05:52 2189312 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-02-25 03:43 . 2009-12-08 18:20 2145280 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-02-25 03:43 . 2009-12-08 17:40 2023936 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-02-25 03:42 . 2009-12-09 05:53 726528 ------w- c:\windows\system32\dllcache\jscript.dll
2010-02-25 03:39 . 2009-04-20 18:22 268648 ----a-w- c:\windows\system32\mucltui.dll
2010-02-25 03:39 . 2009-04-20 18:22 208744 ----a-w- c:\windows\system32\muweb.dll
2010-02-25 03:39 . 2009-04-20 18:19 323608 ----a-w- c:\windows\system32\wucltui.dll
2010-02-25 03:39 . 2009-04-20 18:19 202776 ----a-w- c:\windows\system32\wuweb.dll
2010-02-25 03:39 . 2009-04-20 18:19 1809944 ----a-w- c:\windows\system32\wuaueng.dll
2010-02-25 03:39 . 2009-04-20 18:19 561688 ----a-w- c:\windows\system32\wuapi.dll
2010-02-25 03:39 . 2009-04-20 18:19 51224 ----a-w- c:\windows\system32\wuauclt.exe
2010-02-25 03:39 . 2009-04-20 18:16 92696 ----a-w- c:\windows\system32\cdm.dll
2010-02-24 16:03 . 2006-03-23 18:12 139264 ----a-w- c:\windows\system32\igfxres.dll
2010-02-24 15:59 . 2008-04-14 04:15 2944 ----a-w- c:\windows\system32\drivers\drmkaud.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-02 22:48 . 2010-02-24 15:57 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-02 22:43 . 2010-02-24 15:57 -------- d-----w- c:\program files\Common Files\InstallShield
2010-02-26 03:26 . 2010-02-24 04:49 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-25 04:23 . 2010-02-25 17:19 3777280 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe
2010-02-25 04:23 . 2010-02-25 17:19 1260800 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
2010-02-25 04:18 . 2010-02-24 04:54 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-02-24 15:57 . 2010-02-24 15:57 -------- d-----w- c:\program files\Realtek
2010-02-24 05:07 . 2010-02-24 05:07 -------- d-----w- c:\program files\MediaLooks
2010-02-24 05:07 . 2010-02-24 05:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-02-24 05:07 . 2010-02-24 05:07 -------- d-----w- c:\program files\QuickTime Alternative
2010-02-24 05:07 . 2010-02-24 05:07 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-02-24 04:53 . 2010-02-24 04:53 -------- d-----w- c:\program files\Windows Media Connect 2
2010-02-24 04:52 . 2010-02-24 04:52 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-02-24 04:50 . 2010-02-24 04:50 -------- d-----w- c:\program files\MSXML 4.0
2010-01-01 07:58 . 2009-04-20 18:18 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14 . 2009-04-20 18:19 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-14 07:08 . 2008-04-14 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-09 05:52 . 2009-04-20 18:18 2189312 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-09 05:10 . 2009-02-06 10:30 2066176 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 17:25 . 2009-04-20 18:17 456832 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.

------- Sigcheck -------

[-] 2009-04-20 . BA8C046D98345129723E6BCAA1E8AB99 . 361600 . . [5.1.2600.5649] . . c:\windows\system32\drivers\tcpip.sys


c:\windows\System32\wscntfy.exe ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 19:02 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"CoolSwitch"="c:\windows\system32\taskswitch.exe" [2002-03-19 45632]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 16248320]
"SkyTel"="SkyTel.EXE" [2006-05-17 2879488]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-12-21 53248]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-24 815104]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2009-04-20 128512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 18 (0x12)
"NoSMConfigurePrograms"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-02-25 04:23 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Turbine\\Turbine Download Manager\\TurbineNetworkService.exe"=
"c:\\Program Files\\Turbine\\Turbine Download Manager\\TurbineMessageService.exe"=

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [2/24/2010 10:23 PM 25608]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2/24/2010 10:23 PM 161800]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/24/2010 10:23 PM 333192]
S1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/24/2010 10:23 PM 360584]
S2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2/24/2010 10:23 PM 906520]
S2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2/24/2010 10:22 PM 285392]
S2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [2/24/2010 10:23 PM 2304192]
S2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2/24/2010 10:22 PM 5832712]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2/24/2010 10:22 PM 30104]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2/24/2010 10:22 PM 30104]
S3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [2/24/2010 10:22 PM 122376]
S3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [2/24/2010 10:22 PM 30216]
S3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [2/24/2010 10:22 PM 25736]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MDMXSDK
*NewlyCreated* - PARPORT
.
Contents of the 'Scheduled Tasks' folder

2010-03-02 c:\windows\Tasks\User_Feed_Synchronization-{32624E8C-B517-4726-BD54-BE52B72C0ED9}.job
- c:\windows\system32\msfeedssync.exe [2009-04-20 18:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-02 17:20
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-03-02 17:23:28
ComboFix-quarantined-files.txt 2010-03-02 23:23

Pre-Run: 62,337,601,536 bytes free
Post-Run: 62,297,419,776 bytes free

- - End Of File - - 0E5AE95862A3B26B9865DCF8854E9B1E

Edited by angicx, 09 March 2010 - 08:31 PM.


#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,243 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:58 AM

Posted 10 March 2010 - 02:32 PM

Hello angicx,

Well, there are a few things in the log that need taken care of, however, I want a fresh log first. Please make sure you delete any old copy of Combofix you might still have on your computer first.

COMBOFIX
---------------
Please download ComboFix from one of these locations:
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

In your next reply, please include the following:
  • Combofix.txt

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 angicx

angicx
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:beaumont, tx
  • Local time:05:58 PM

Posted 10 March 2010 - 05:08 PM

ComboFix 10-03-10.02 - Owner 03/10/2010 15:54:19.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.307 [GMT -6:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2010-02-10 to 2010-03-10 )))))))))))))))))))))))))))))))
.

2010-03-07 00:46 . 2010-02-25 04:23 800536 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll
2010-03-07 00:46 . 2010-02-25 04:23 613656 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
2010-03-07 00:46 . 2010-02-25 04:23 1658136 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-03-07 00:46 . 2010-02-25 04:23 1007896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-03-06 23:38 . 2010-03-06 23:38 -------- d-----w- c:\windows\system32\wbem\Repository
2010-03-06 22:24 . 2010-03-06 22:24 262144 ----a-w- c:\windows\system32\default_user_class.dat
2010-03-06 21:54 . 2010-03-06 21:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Atheros
2010-03-06 01:50 . 2010-03-06 23:37 -------- d-----w- c:\windows\Options
2010-03-06 01:30 . 2010-03-06 01:30 -------- d-----w- c:\program files\Common Files\Acer
2010-03-06 01:29 . 2010-03-06 23:38 -------- d-----w- c:\program files\Common Files\Logitech
2010-03-06 01:29 . 2010-03-06 01:29 -------- d-----w- c:\program files\Acer
2010-03-05 21:15 . 2010-03-05 21:15 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Turbine,_Inc
2010-03-05 21:15 . 2010-03-05 21:15 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-03-05 21:15 . 2010-03-05 21:15 -------- d-----w- c:\documents and settings\All Users\Application Data\PopCap Games
2010-03-05 21:15 . 2010-03-05 21:15 -------- d--h--w- c:\documents and settings\Owner\Application Data\IFViewer
2010-03-05 21:15 . 2010-03-05 21:15 -------- d-----w- c:\program files\uTorrent
2010-03-02 22:29 . 2010-03-02 22:29 -------- d-----w- c:\windows\Sun
2010-03-02 22:17 . 2010-03-02 22:26 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft
2010-03-02 22:17 . 2010-02-24 04:56 -------- d-----w- c:\documents and settings\Administrator\IETldCache
2010-03-02 22:17 . 2010-03-02 22:26 -------- d-s---w- c:\documents and settings\Administrator
2010-03-02 18:18 . 2010-03-06 23:39 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-03-02 18:18 . 2010-03-02 18:18 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2010-03-02 03:27 . 2010-03-02 03:27 128 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\fusioncache.dat
2010-03-02 03:26 . 2010-03-02 03:26 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Turbine
2010-03-02 00:34 . 2010-03-02 00:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Turbine
2010-03-02 00:33 . 2010-03-05 21:16 -------- d-----w- c:\program files\Turbine
2010-03-01 23:32 . 2010-03-01 23:32 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Eraser 6
2010-03-01 22:44 . 2010-03-05 21:16 -------- d-----w- c:\program files\VS Revo Group
2010-03-01 21:04 . 2010-03-01 21:04 9240 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-28 17:44 . 2010-03-05 21:15 -------- d-----w- c:\program files\Darkeden
2010-02-28 05:29 . 2010-03-02 21:54 -------- d-----w- c:\documents and settings\Owner\Application Data\GetRightToGo
2010-02-28 05:17 . 2010-02-28 05:17 0 ----a-w- c:\windows\popcreg.dat
2010-02-28 05:17 . 2010-02-28 05:17 0 ----a-w- c:\windows\popcinfot.dat
2010-02-28 02:28 . 2010-03-05 21:15 -------- d-----w- c:\program files\PopCap Games
2010-02-27 18:51 . 2010-03-05 21:15 -------- d-----w- c:\program files\Knytt
2010-02-27 18:45 . 2010-03-02 22:46 -------- d-----w- c:\program files\Dink Smallwood
2010-02-27 00:49 . 2010-02-27 00:49 719872 ----a-w- c:\windows\system32\bubbloids.scr
2010-02-27 00:49 . 2010-02-27 00:49 35 ----a-w- c:\windows\brassi.dat
2010-02-26 23:45 . 2010-02-26 23:45 824 ----a-w- c:\windows\unins000.dat
2010-02-26 23:45 . 2010-02-26 23:45 673546 ----a-w- c:\windows\unins000.exe
2010-02-26 23:45 . 2006-04-17 19:02 90112 ----a-w- c:\windows\system32\Rain Screensaver.scr
2010-02-26 23:07 . 2010-03-02 22:49 -------- d-----w- c:\documents and settings\Owner\Application Data\uTorrent
2010-02-26 22:34 . 2010-02-26 22:34 163208 ----a-w- c:\windows\Ahriman's Prophecy Uninstaller.exe
2010-02-26 22:34 . 2010-03-05 21:15 -------- d-----w- c:\program files\Ahriman's Prophecy
2010-02-26 16:54 . 2006-06-17 01:17 356352 ----a-w- c:\windows\EMCRI.dll
2010-02-26 16:48 . 2006-06-17 01:17 74752 ----a-w- c:\windows\system32\drivers\ESM7SK.sys
2010-02-26 16:48 . 2006-06-17 01:17 40064 ----a-w- c:\windows\system32\drivers\ESD7SK.sys
2010-02-26 16:48 . 2006-06-17 01:17 61056 ----a-w- c:\windows\system32\drivers\EMS7SK.sys
2010-02-26 06:16 . 2010-02-26 06:16 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2010-02-26 06:16 . 2010-01-07 22:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-26 06:15 . 2010-02-26 06:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-26 06:15 . 2010-03-02 22:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-26 06:15 . 2010-01-07 22:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-26 05:18 . 2006-10-24 00:16 110592 ----a-w- c:\windows\system32\SynTPCo4.dll
2010-02-26 05:18 . 2006-10-23 23:55 143360 ----a-w- c:\windows\system32\SynTPAPI.dll
2010-02-26 05:18 . 2006-10-23 23:55 196608 ----a-w- c:\windows\system32\SynCtrl.dll
2010-02-26 05:18 . 2006-10-23 23:55 163840 ----a-w- c:\windows\system32\SynCOM.dll
2010-02-26 05:18 . 2006-10-23 23:51 199776 ----a-w- c:\windows\system32\drivers\SynTP.sys
2010-02-26 05:17 . 2010-02-26 05:17 -------- d-----w- c:\program files\Synaptics
2010-02-26 03:30 . 2009-10-21 05:38 75776 ------w- c:\windows\system32\dllcache\strmfilt.dll
2010-02-26 03:30 . 2009-10-21 05:38 25088 ------w- c:\windows\system32\dllcache\httpapi.dll
2010-02-26 03:30 . 2009-10-20 16:20 265728 ------w- c:\windows\system32\dllcache\http.sys
2010-02-26 03:30 . 2009-08-25 09:27 354816 ------w- c:\windows\system32\dllcache\winhttp.dll
2010-02-26 00:40 . 2008-04-14 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-02-25 17:22 . 2010-02-25 17:22 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-02-25 17:18 . 2009-07-17 19:01 58880 ------w- c:\windows\system32\dllcache\atl.dll
2010-02-25 17:17 . 2010-02-25 17:17 79488 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-02-25 17:10 . 2010-02-26 00:45 -------- d-----w- c:\windows\ie8updates
2010-02-25 17:09 . 2010-03-02 22:34 -------- d--h--w- c:\windows\$hf_mig$
2010-02-25 04:33 . 2009-11-25 19:02 1230080 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2010-02-25 04:25 . 2009-10-12 13:28 79872 ------w- c:\windows\system32\dllcache\raschap.dll
2010-02-25 04:25 . 2009-07-17 16:22 1435648 ------w- c:\windows\system32\dllcache\query.dll
2010-02-25 04:25 . 2009-12-14 07:08 33280 ------w- c:\windows\system32\dllcache\csrsrv.dll
2010-02-25 04:25 . 2009-12-08 09:01 474112 ------w- c:\windows\system32\dllcache\shlwapi.dll
2010-02-25 04:24 . 2009-06-10 06:17 134144 ------w- c:\windows\system32\dllcache\wkssvc.dll
2010-02-25 04:24 . 2009-08-26 08:03 247326 ------w- c:\windows\system32\dllcache\strmdll.dll
2010-02-25 04:24 . 2009-05-07 15:14 346112 ------w- c:\windows\system32\dllcache\localspl.dll
2010-02-25 04:24 . 2010-03-01 21:51 -------- d-----w- C:\$AVG
2010-02-25 04:23 . 2010-02-25 04:23 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-02-25 04:23 . 2010-02-25 04:23 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-02-25 04:23 . 2010-02-25 04:23 12464 ----a-w- c:\windows\system32\avgrsstx(2)(2).dll
2010-02-25 04:23 . 2010-02-25 04:23 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-02-25 04:23 . 2010-02-25 04:23 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-02-25 04:23 . 2010-02-25 04:23 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-02-25 04:23 . 2010-03-10 21:48 -------- d-----w- c:\windows\system32\drivers\Avg
2010-02-25 04:23 . 2010-03-02 22:28 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-02-25 04:23 . 2010-02-25 04:23 25608 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2010-02-25 04:22 . 2009-09-04 21:03 58880 ------w- c:\windows\system32\dllcache\msasn1.dll
2010-02-25 04:22 . 2010-03-02 22:26 -------- d-----w- c:\program files\AVG
2010-02-25 04:22 . 2010-02-25 04:22 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2010-02-25 04:22 . 2010-02-25 04:22 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2010-02-25 04:22 . 2010-03-02 22:26 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-02-25 04:22 . 2009-11-27 17:23 17920 ------w- c:\windows\system32\dllcache\msyuv.dll
2010-02-25 04:22 . 2009-11-27 17:23 1291776 ------w- c:\windows\system32\dllcache\quartz.dll
2010-02-25 04:22 . 2010-02-25 04:22 -------- d-sh--w- c:\documents and settings\Owner\IECompatCache
2010-02-25 04:21 . 2009-10-13 10:38 270336 ------w- c:\windows\system32\dllcache\oakley.dll
2010-02-25 04:20 . 2009-11-27 16:07 8704 ------w- c:\windows\system32\dllcache\tsbyuv.dll
2010-02-25 04:20 . 2009-11-27 16:07 28672 ------w- c:\windows\system32\dllcache\msvidc32.dll
2010-02-25 04:20 . 2009-11-27 16:07 84992 ------w- c:\windows\system32\dllcache\avifil32.dll
2010-02-25 04:20 . 2009-11-27 16:07 48128 ------w- c:\windows\system32\dllcache\iyuv_32.dll
2010-02-25 04:20 . 2009-11-27 16:07 11264 ------w- c:\windows\system32\dllcache\msrle32.dll
2010-02-25 04:20 . 2009-04-15 15:24 585216 ------w- c:\windows\system32\dllcache\rpcrt4.dll
2010-02-25 04:19 . 2009-08-05 09:01 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll
2010-02-25 04:10 . 2010-01-01 07:58 353792 ------w- c:\windows\system32\dllcache\srv.sys
2010-02-25 03:59 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-02-25 03:59 . 2009-09-11 14:13 136704 ------w- c:\windows\system32\dllcache\msv1_0.dll
2010-02-25 03:59 . 2009-06-25 08:41 56832 ------w- c:\windows\system32\dllcache\secur32.dll
2010-02-25 03:59 . 2009-06-25 08:41 54272 ------w- c:\windows\system32\dllcache\wdigest.dll
2010-02-25 03:59 . 2009-06-25 08:41 147456 ------w- c:\windows\system32\dllcache\schannel.dll
2010-02-25 03:59 . 2009-06-24 10:28 92928 ------w- c:\windows\system32\dllcache\ksecdd.sys
2010-02-25 03:59 . 2009-06-25 08:41 301568 ------w- c:\windows\system32\dllcache\kerberos.dll
2010-02-25 03:56 . 2009-10-15 16:28 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2010-02-25 03:56 . 2009-10-15 16:28 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2010-02-25 03:56 . 2009-06-09 15:21 2067968 ------w- c:\windows\system32\dllcache\mstscax.dll
2010-02-25 03:55 . 2009-06-21 21:49 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2010-02-25 03:55 . 2009-12-04 17:25 456832 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-02-25 03:54 . 2009-07-31 04:24 1447424 ------w- c:\windows\system32\dllcache\msxml6.dll
2010-02-25 03:54 . 2009-07-31 04:24 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll
2010-02-25 03:43 . 2009-12-09 05:52 2189312 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-02-25 03:43 . 2009-12-08 18:20 2145280 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-02-25 03:43 . 2009-12-08 17:40 2023936 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-02-25 03:42 . 2009-12-09 05:53 726528 ------w- c:\windows\system32\dllcache\jscript.dll
2010-02-25 03:39 . 2009-04-20 18:22 268648 ----a-w- c:\windows\system32\mucltui.dll
2010-02-25 03:39 . 2009-04-20 18:22 208744 ----a-w- c:\windows\system32\muweb.dll
2010-02-25 03:39 . 2009-04-20 18:19 323608 ----a-w- c:\windows\system32\wucltui.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-06 23:37 . 2010-02-24 15:57 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-05 21:16 . 2010-03-05 21:16 -------- d-----w- c:\program files\microsoft frontpage
2010-03-05 21:16 . 2010-03-05 21:16 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-03-05 21:16 . 2010-03-05 21:16 -------- d-----w- c:\program files\Trend Micro
2010-03-05 21:14 . 2010-02-24 15:57 -------- d-----w- c:\program files\Common Files\InstallShield
2010-02-26 03:26 . 2010-02-24 04:49 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-25 04:23 . 2010-02-25 17:19 3777280 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe
2010-02-25 04:23 . 2010-02-25 17:19 1260800 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
2010-02-25 04:18 . 2010-02-24 04:54 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-02-24 15:57 . 2010-02-24 15:57 -------- d-----w- c:\program files\Realtek
2010-02-24 05:07 . 2010-02-24 05:07 -------- d-----w- c:\program files\MediaLooks
2010-02-24 05:07 . 2010-02-24 05:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-02-24 05:07 . 2010-02-24 05:07 -------- d-----w- c:\program files\QuickTime Alternative
2010-02-24 05:07 . 2010-02-24 05:07 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-02-24 04:53 . 2010-02-24 04:53 -------- d-----w- c:\program files\Windows Media Connect 2
2010-02-24 04:52 . 2010-02-24 04:52 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-02-24 04:50 . 2010-02-24 04:50 -------- d-----w- c:\program files\MSXML 4.0
2010-01-01 07:58 . 2009-04-20 18:18 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14 . 2009-04-20 18:19 916480 ------w- c:\windows\system32\wininet.dll
2009-12-14 07:08 . 2008-04-14 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
.

------- Sigcheck -------

[-] 2009-04-20 . BA8C046D98345129723E6BCAA1E8AB99 . 361600 . . [5.1.2600.5649] . . c:\windows\system32\drivers\tcpip.sys


c:\windows\System32\wscntfy.exe ... is missing !!
.
((((((((((((((((((((((((((((( SnapShot@2010-03-02_23.20.55 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-10 18:44 . 2010-03-10 18:44 16384 c:\windows\temp\Perflib_Perfdata_69c.dat
+ 2008-04-14 12:00 . 2010-03-10 18:49 71462 c:\windows\system32\perfc009.dat
+ 2010-03-06 01:50 . 2006-03-06 22:09 7647 c:\windows\twain_32\BisonCam\LG7.dat
+ 2010-03-06 01:50 . 2006-03-06 22:09 7581 c:\windows\twain_32\BisonCam\LG29.dat
+ 2010-03-06 01:50 . 2006-03-06 22:09 7745 c:\windows\twain_32\BisonCam\LG2070.dat
+ 2010-03-06 01:50 . 2006-03-06 22:09 6297 c:\windows\twain_32\BisonCam\LG2052.dat
+ 2010-03-06 01:50 . 2006-03-06 22:09 7779 c:\windows\twain_32\BisonCam\LG19.dat
+ 2010-03-06 01:50 . 2006-03-06 22:09 7322 c:\windows\twain_32\BisonCam\LG18.dat
+ 2010-03-06 01:50 . 2006-03-06 22:09 7609 c:\windows\twain_32\BisonCam\LG17.dat
+ 2010-03-06 01:50 . 2006-03-06 22:09 7755 c:\windows\twain_32\BisonCam\LG16.dat
+ 2010-03-06 01:50 . 2006-03-06 22:09 7903 c:\windows\twain_32\BisonCam\LG1036.dat
+ 2010-03-06 01:50 . 2006-03-06 22:09 7570 c:\windows\twain_32\BisonCam\LG1033.dat
+ 2010-03-06 01:50 . 2006-03-06 22:09 6456 c:\windows\twain_32\BisonCam\LG1028.dat
+ 2010-03-06 01:50 . 2006-03-06 22:09 7945 c:\windows\twain_32\BisonCam\LG10.dat
+ 2010-03-06 01:50 . 2006-03-06 22:09 6297 c:\windows\Options\Install\LG2052.dat
+ 2010-03-06 01:50 . 2006-03-06 22:09 7570 c:\windows\Options\Install\LG1033.dat
+ 2010-03-06 01:50 . 2006-03-06 22:09 6456 c:\windows\Options\Install\LG1028.dat
+ 2008-04-14 12:00 . 2010-03-10 18:49 441692 c:\windows\system32\perfh009.dat
+ 2010-03-02 21:47 . 2010-03-06 23:38 2564452 c:\windows\system32\Restore\rstrlog.dat
+ 2010-03-03 00:52 . 2010-03-03 00:52 7692800 c:\windows\Installer\32135.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 19:02 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"CoolSwitch"="c:\windows\system32\taskswitch.exe" [2002-03-19 45632]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 16248320]
"SkyTel"="SkyTel.EXE" [2006-05-17 2879488]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-12-21 53248]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-24 815104]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2009-04-20 128512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 18 (0x12)
"NoSMConfigurePrograms"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-02-25 04:23 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Turbine\\Turbine Download Manager\\TurbineNetworkService.exe"=
"c:\\Program Files\\Turbine\\Turbine Download Manager\\TurbineMessageService.exe"=

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [2/24/2010 10:23 PM 25608]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2/24/2010 10:23 PM 161800]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/24/2010 10:23 PM 333192]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/24/2010 10:23 PM 360584]
R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2/24/2010 10:23 PM 906520]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2/24/2010 10:22 PM 285392]
R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [2/24/2010 10:23 PM 2304192]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2/24/2010 10:22 PM 5832712]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2/24/2010 10:22 PM 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [2/24/2010 10:22 PM 122376]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [2/24/2010 10:22 PM 30216]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [2/24/2010 10:22 PM 25736]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2/24/2010 10:22 PM 30104]

--- Other Services/Drivers In Memory ---

*Deregistered* - uphcleanhlp
.
Contents of the 'Scheduled Tasks' folder

2010-03-10 c:\windows\Tasks\User_Feed_Synchronization-{32624E8C-B517-4726-BD54-BE52B72C0ED9}.job
- c:\windows\system32\msfeedssync.exe [2009-04-20 18:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-10 16:02
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2928)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-03-10 16:05:19
ComboFix-quarantined-files.txt 2010-03-10 22:05

Pre-Run: 60,207,980,544 bytes free
Post-Run: 60,245,176,320 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 842DD609516CE6F0DCA2D10911F73E6F


#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,243 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:58 AM

Posted 11 March 2010 - 03:24 AM

Hello,

For the next steps we need an XP CD. Please make sure its in yoour CD drive.

Click Start > Run, type sfc /scannow in the runbox and press enter.

Let the system file checker run unhindered. Afterwards, re-run Combofix and post me the new log.

If you do not have an XP CD at hand, maybe you can borrow one from a friend/family member.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 angicx

angicx
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:beaumont, tx
  • Local time:05:58 PM

Posted 11 March 2010 - 11:46 AM

After running that, I get a msg that says, "Files that are required for Windows to work properly have been replaced by unrecognized versions." and it wants me to restore the original files. The CD I have is supposed to be XP, but it's not factory and has obviously been burned and is not working... I keep getting a msg that says it's the wrong CD and I don't know anyone else at this time who has XP pro, I already asked around. I have a neighbor that has XP Home Edition, I don't suppose that will work? Is there anything else that can be done? If not, I guess I'll try again later if I find a CD. Since this thread will probably be closed by then, is there any way you can tell me the rest of the steps to fix my problem, should I find a CD later?
Thanks

#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,243 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:58 AM

Posted 11 March 2010 - 12:30 PM

The best thing would be to find an XP pro CD somewhere. Since we need to replace two files, we really need to do this before continuing the fix.

I can keep this open for a week, just let me know when you are ready to continue.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,243 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:58 AM

Posted 14 March 2010 - 01:49 PM

Hello, are you still there?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 angicx

angicx
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:beaumont, tx
  • Local time:05:58 PM

Posted 14 March 2010 - 10:50 PM

I'm sorry, my computer started acting up right after I was here the other day. After I ran that last thing you asked for, I got a message window (Windows File Protection) that said Windows needed to replace missing files... and it wouldn't go away. Then the computer froze up so I had to do a hard re-boot and then it wouldn't get past the Acer loading window after several attempts. I used that burned Windows XP Pro CD I had been lent to reload Windows because I couldn't get a factory copy. Now it's saying it's Windows XP Pirated Edition, and I'm still getting that error window saying that there are files that need to be replaced for Windows to run properly and I still can't get it to go away. I guess the virus problem might be gone but any advice on this other stuff? A friend of a friend (same one that lent this burned CD) was able to load my computer with XP Pro last time because he mass installs for a school, so he obviously thought the CD he sent would work again too I guess... but I don't understand how it was supposed to work like last time because it gave me no options .
Anyway, thanks either way for trying to help, I think you guys are great smile.gif
Angi C

Edited by angicx, 14 March 2010 - 11:12 PM.


#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,243 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:58 AM

Posted 15 March 2010 - 10:08 AM

Hi, if you used that XP CD to do a complete reinstall, after reformat, no virus should be there.

About the pirated version message... I only can advice you to purchase a legal copy or to switch to a freeware Operating System like Linux.

Conform BC's board rules...
QUOTE
No subject matter will be allowed whose purpose is to defeat existing copyright or security measures. If a user persists and/or the activity is obviously illegal the staff reserves the right to remove such content and/or ban the user. This would also mean encouraging the use or continued use of pirated software is not permitted, and subject to the same consequences.


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 angicx

angicx
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:beaumont, tx
  • Local time:05:58 PM

Posted 16 March 2010 - 10:39 AM

I just realised that I still have alot of my old stuff on my desktop (all of the stuff we downloaded too while you were helping me) so there's no way the computer did a complete re-format and clean re-install of Windows... I don't guess, I've never actually went thru a reload alone before, all I know is that the comp went thru a whole setup process where it loaded hardware, drivers and everything else from that CD. Just thought I'd ask tho since my malware problem may still be here as a result. Also, Windows froze while my comp was booting this morn.
If you cant help without a good CD, I understand killcomp.gif
Thanks.
Angi C

#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,243 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:58 AM

Posted 16 March 2010 - 03:01 PM

I can't give you any specific help regarding pirated version of windows, however, I can give a few general advices.

Most likely you did a repair install, this replaced windows, but left your personal data alone.

A good tutorial on how to do a complete reformat and reinstall is here

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users