Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Redirect


  • This topic is locked This topic is locked
20 replies to this topic

#1 kclo89

kclo89

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 05 May 2010 - 11:31 PM

Hi, I have an issue with my browser being redirected to a handful of seemingly random sites. When the infection started, I believe, two days ago, a Fake Antivirus popped up and disabled Task Manager, my antiviruses, etc. Afterwards, the only problem has been browser redirecting, though I feel like the two problems are related. This only seems to happen when I click on a link after performing a Google search, but sometimes new tabs open up randomly as well.

Also, I'm unable to perform a GMER scan, because my computer freezes about 2 seconds into the scan, and just never gets anywhere.
So, I was wondering if there's a way around the GMER scan?


Thanks!!


Here's the other logs:



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/9/2010 11:52:22 PM
System Uptime: 5/6/2010 7:23:11 AM (4 hours ago)

Motherboard: ASUSTeK Computer Inc. | | A8JR
Processor: Intel® Core™ Duo CPU T2350 @ 1.86GHz | CPU 1 | 782/532mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 63 GiB total, 45.735 GiB free.
D: is FIXED (NTFS) - 49 GiB total, 12.878 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID:
Description: Modem Device on High Definition Audio Bus
Device ID: HDAUDIO\FUNC_02&VEN_1057&DEV_3055&SUBSYS_10431316&REV_1007\4&241E9611&0&0101
Manufacturer:
Name: Modem Device on High Definition Audio Bus
PNP Device ID: HDAUDIO\FUNC_02&VEN_1057&DEV_3055&SUBSYS_10431316&REV_1007\4&241E9611&0&0101
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: USB Device
Device ID: USB\VID_0B05&PID_1712\0194E8-5B-0002
Manufacturer:
Name: USB Device
PNP Device ID: USB\VID_0B05&PID_1712\0194E8-5B-0002
Service:

==== System Restore Points ===================

RP1: 4/9/2010 11:55:50 PM - System Checkpoint
RP2: 4/10/2010 4:49:21 AM - Installed WG111v2 Configuration Utility
RP3: 4/10/2010 4:54:06 AM - Unsigned driver install
RP4: 4/10/2010 5:22:12 AM - Software Distribution Service 3.0
RP5: 4/10/2010 5:22:17 AM - Installed Windows XP KB842773.
RP6: 4/10/2010 5:22:40 AM - Installed Windows XP KB892130.
RP7: 4/10/2010 5:36:58 AM - Software Distribution Service 3.0
RP8: 4/10/2010 5:39:22 AM - Installed Windows XP Service Pack 2.
RP9: 4/10/2010 5:56:42 AM - Software Distribution Service 3.0
RP10: 4/10/2010 6:28:49 AM - Software Distribution Service 3.0
RP11: 4/10/2010 1:47:50 PM - Software Distribution Service 3.0
RP12: 4/10/2010 2:23:50 PM - Software Distribution Service 3.0
RP13: 4/10/2010 2:34:06 PM - Software Distribution Service 3.0
RP14: 4/10/2010 2:42:25 PM - Installed SoundMAX
RP15: 4/10/2010 2:42:31 PM - Installed SoundMAX
RP16: 4/10/2010 2:46:41 PM - Software Distribution Service 3.0
RP17: 4/9/2010 11:59:12 PM - Software Distribution Service 3.0
RP18: 4/10/2010 12:06:22 AM - Installed Adobe Reader 9.3.
RP19: 4/10/2010 12:07:37 AM - Installed REALTEK PCIE NIC Driver
RP20: 4/10/2010 12:11:16 AM - Installed Windows XP WgaNotify.
RP21: 4/10/2010 12:26:26 AM - Installed Vimicro 321 Camera
RP22: 4/10/2010 12:32:54 AM - Installed ASUS Live Update
RP23: 4/10/2010 12:39:49 AM - Removed WG111v2 Configuration Utility
RP24: 4/10/2010 12:46:09 AM - Installed AVG Free 9.0
RP25: 4/10/2010 1:41:31 AM - Installed Driver Detective.
RP26: 4/10/2010 2:10:06 AM - Installed ATI Catalyst Control Center
RP27: 4/10/2010 2:11:17 AM - Installed ATI Parental Control & Encoder
RP28: 4/10/2010 2:40:01 AM - Installed RICOH R5C832/843 Flash Media Driver Ver.1.01.08
RP29: 4/10/2010 2:52:56 AM - Removed Driver Detective.
RP30: 4/10/2010 8:01:35 AM - Installed Power4 Gear
RP31: 4/10/2010 8:06:56 AM - Avg Update
RP32: 4/10/2010 8:12:52 AM - Installed iTunes
RP33: 4/10/2010 5:24:55 PM - Removed Skype Toolbars
RP34: 4/11/2010 1:33:15 PM - Installed Microsoft Office Enterprise 2007
RP35: 4/11/2010 1:35:42 PM - Installed Microsoft Office Enterprise 2007
RP36: 4/11/2010 2:29:18 PM - Software Distribution Service 3.0
RP37: 4/11/2010 4:17:33 PM - Software Distribution Service 3.0
RP38: 4/11/2010 4:43:43 PM - Installed Windows Internet Explorer 8.
RP39: 4/12/2010 12:43:28 PM - Software Distribution Service 3.0
RP40: 4/12/2010 12:55:14 PM - Installed Java™ 6 Update 19
RP41: 4/13/2010 1:20:35 PM - System Checkpoint
RP42: 4/14/2010 5:14:50 PM - System Checkpoint
RP43: 4/15/2010 1:19:37 AM - Software Distribution Service 3.0
RP44: 4/15/2010 9:37:54 AM - Avg Update
RP45: 4/15/2010 9:39:05 AM - Avg Update
RP46: 4/15/2010 4:59:46 PM - Software Distribution Service 3.0
RP47: 4/17/2010 12:50:19 PM - System Checkpoint
RP48: 4/18/2010 1:20:24 PM - System Checkpoint
RP49: 4/19/2010 2:21:55 AM - Installed Windows Media Player 11
RP50: 4/19/2010 2:23:36 AM - Software Distribution Service 3.0
RP51: 4/19/2010 3:00:15 AM - Software Distribution Service 3.0
RP52: 4/20/2010 2:06:26 AM - Software Distribution Service 3.0
RP53: 4/21/2010 12:31:06 AM - Avg Update
RP54: 4/21/2010 12:33:10 AM - Avg Update
RP55: 4/22/2010 5:03:14 AM - System Checkpoint
RP56: 4/23/2010 9:41:46 AM - System Checkpoint
RP57: 4/24/2010 10:33:45 AM - System Checkpoint
RP58: 4/25/2010 12:25:45 PM - System Checkpoint
RP59: 4/26/2010 12:53:37 PM - System Checkpoint
RP60: 4/28/2010 11:51:04 AM - System Checkpoint
RP61: 4/29/2010 12:03:15 PM - System Checkpoint
RP62: 4/30/2010 12:13:40 PM - System Checkpoint
RP63: 5/1/2010 3:18:30 PM - System Checkpoint
RP64: 5/3/2010 6:32:36 AM - System Checkpoint
RP65: 5/4/2010 1:07:49 PM - System Checkpoint
RP66: 5/4/2010 11:59:26 PM - Restore Operation
RP67: 5/5/2010 1:34:07 PM - Cleaned registry with Windows Live OneCare safety scanner
RP68: 5/6/2010 8:36:56 AM - Avg Update

==== Installed Programs ======================

Ad-Aware
Ad-Aware Email Scanner for Outlook
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASUS Live Update
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
ATI Parental Control & Encoder
ATK0100 ACPI UTILITY
AVG Free 9.0
Bonjour
DivX Setup
DivX Web Player
FlashGet 3.3
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB979306)
Intel® PROSet/Wireless Software
iTunes
Java Auto Updater
Java™ 6 Update 19
Malwarebytes' Anti-Malware
mCore
mDriver
mDrWiFi
mHelp
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
mIWA
mLogView
mMHouse
Mozilla Firefox (3.6.3)
mPfMgr
mPfWiz
mProSafe
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
mWlsSafe
mXML
mZConfig
OGA Notifier 2.0.0048.0
Power4 Gear
QuickTime
REALTEK PCIE NIC Driver
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB980470)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
Segoe UI
Skype™ 4.2
SoundMAX
Synaptics Pointing Device Driver
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB981715)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Outlook 2007 Junk Email Filter (kb981433)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB980182)
VC80CRTRedist - 8.0.50727.4053
Vimicro 321 Camera
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.0.5
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver

==== Event Viewer Messages From Past Week ========

5/6/2010 5:21:33 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
5/5/2010 9:27:34 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
5/5/2010 6:54:22 AM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
5/5/2010 6:06:58 AM, error: Dhcp [1002] - The IP address lease 0.0.0.0 for the Network Card with network address 001B776442E6 has been denied by the DHCP server 128.120.104.250 (The DHCP Server sent a DHCPNACK message).
5/5/2010 12:04:24 AM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
5/5/2010 12:04:24 AM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
5/4/2010 6:24:54 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
5/4/2010 6:21:44 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
5/4/2010 6:21:40 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/4/2010 6:21:25 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 AvgTdiX Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
5/4/2010 6:21:25 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
5/4/2010 6:21:25 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/4/2010 6:21:25 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/4/2010 6:21:25 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
5/4/2010 6:21:25 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/4/2010 6:21:25 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/30/2010 7:46:32 AM, error: SMCIRDA [64] - During hardware self-test, this driver could not find a 550A UART device at the first set of hardware I/O ports. If any new hardware has been added to the system recently, then it is likely that the new hardware is conflicting with this device. Otherwise, it is possible that this device has been set incorrectly in the Device Manager.
4/30/2010 6:10:53 AM, error: Dhcp [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 001B776442E6 has been denied by the DHCP server 128.120.104.250 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================







DDS (Ver_10-03-17.01) - NTFSx86
Run by admin at 11:34:15.71 on Thu 05/06/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_19
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.852 [GMT 8:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\admin\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - c:\documents and settings\admin\application data\flashgetbho\FlashGetBHO3.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [HControl] c:\windows\atk0100\HControl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Power_Gear] c:\program files\asus\power4 gear\BatteryLife.exe 1
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\

BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:06:02 PM

Posted 08 May 2010 - 08:43 AM

Hello and welcome to Bleeping Computer

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.

Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    activex
    drivers32
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT

  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new OTL log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


In your reply, please post both OTL logs and the GMER log. Now, I know that GMER didn't work, but it's critical...so....

Please try GMER first in safe mode. If that doesn't work, try in safe mode but UNcheck 'devices'. If all else fails, try in safe mode with ONLY 'files' and 'sections' checked.

Please also ensure the full logs get posted...the DDS log above was cut off.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 kclo89

kclo89
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 10 May 2010 - 01:16 PM

Sorry for the late notice! Here's all the logs:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/9/2010 11:52:22 PM
System Uptime: 5/10/2010 4:22:34 AM (6 hours ago)

Motherboard: ASUSTeK Computer Inc. | | A8JR
Processor: Intel® Core™ Duo CPU T2350 @ 1.86GHz | CPU 1 | 1843/532mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 63 GiB total, 45.439 GiB free.
D: is FIXED (NTFS) - 49 GiB total, 12.874 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID:
Description: Modem Device on High Definition Audio Bus
Device ID: HDAUDIO\FUNC_02&VEN_1057&DEV_3055&SUBSYS_10431316&REV_1007\4&241E9611&0&0101
Manufacturer:
Name: Modem Device on High Definition Audio Bus
PNP Device ID: HDAUDIO\FUNC_02&VEN_1057&DEV_3055&SUBSYS_10431316&REV_1007\4&241E9611&0&0101
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: USB Device
Device ID: USB\VID_0B05&PID_1712\0194E8-5B-0002
Manufacturer:
Name: USB Device
PNP Device ID: USB\VID_0B05&PID_1712\0194E8-5B-0002
Service:

==== System Restore Points ===================

RP1: 4/9/2010 11:55:50 PM - System Checkpoint
RP2: 4/10/2010 4:49:21 AM - Installed WG111v2 Configuration Utility
RP3: 4/10/2010 4:54:06 AM - Unsigned driver install
RP4: 4/10/2010 5:22:12 AM - Software Distribution Service 3.0
RP5: 4/10/2010 5:22:17 AM - Installed Windows XP KB842773.
RP6: 4/10/2010 5:22:40 AM - Installed Windows XP KB892130.
RP7: 4/10/2010 5:36:58 AM - Software Distribution Service 3.0
RP8: 4/10/2010 5:39:22 AM - Installed Windows XP Service Pack 2.
RP9: 4/10/2010 5:56:42 AM - Software Distribution Service 3.0
RP10: 4/10/2010 6:28:49 AM - Software Distribution Service 3.0
RP11: 4/10/2010 1:47:50 PM - Software Distribution Service 3.0
RP12: 4/10/2010 2:23:50 PM - Software Distribution Service 3.0
RP13: 4/10/2010 2:34:06 PM - Software Distribution Service 3.0
RP14: 4/10/2010 2:42:25 PM - Installed SoundMAX
RP15: 4/10/2010 2:42:31 PM - Installed SoundMAX
RP16: 4/10/2010 2:46:41 PM - Software Distribution Service 3.0
RP17: 4/9/2010 11:59:12 PM - Software Distribution Service 3.0
RP18: 4/10/2010 12:06:22 AM - Installed Adobe Reader 9.3.
RP19: 4/10/2010 12:07:37 AM - Installed REALTEK PCIE NIC Driver
RP20: 4/10/2010 12:11:16 AM - Installed Windows XP WgaNotify.
RP21: 4/10/2010 12:26:26 AM - Installed Vimicro 321 Camera
RP22: 4/10/2010 12:32:54 AM - Installed ASUS Live Update
RP23: 4/10/2010 12:39:49 AM - Removed WG111v2 Configuration Utility
RP24: 4/10/2010 12:46:09 AM - Installed AVG Free 9.0
RP25: 4/10/2010 1:41:31 AM - Installed Driver Detective.
RP26: 4/10/2010 2:10:06 AM - Installed ATI Catalyst Control Center
RP27: 4/10/2010 2:11:17 AM - Installed ATI Parental Control & Encoder
RP28: 4/10/2010 2:40:01 AM - Installed RICOH R5C832/843 Flash Media Driver Ver.1.01.08
RP29: 4/10/2010 2:52:56 AM - Removed Driver Detective.
RP30: 4/10/2010 8:01:35 AM - Installed Power4 Gear
RP31: 4/10/2010 8:06:56 AM - Avg Update
RP32: 4/10/2010 8:12:52 AM - Installed iTunes
RP33: 4/10/2010 5:24:55 PM - Removed Skype Toolbars
RP34: 4/11/2010 1:33:15 PM - Installed Microsoft Office Enterprise 2007
RP35: 4/11/2010 1:35:42 PM - Installed Microsoft Office Enterprise 2007
RP36: 4/11/2010 2:29:18 PM - Software Distribution Service 3.0
RP37: 4/11/2010 4:17:33 PM - Software Distribution Service 3.0
RP38: 4/11/2010 4:43:43 PM - Installed Windows Internet Explorer 8.
RP39: 4/12/2010 12:43:28 PM - Software Distribution Service 3.0
RP40: 4/12/2010 12:55:14 PM - Installed Java™ 6 Update 19
RP41: 4/13/2010 1:20:35 PM - System Checkpoint
RP42: 4/14/2010 5:14:50 PM - System Checkpoint
RP43: 4/15/2010 1:19:37 AM - Software Distribution Service 3.0
RP44: 4/15/2010 9:37:54 AM - Avg Update
RP45: 4/15/2010 9:39:05 AM - Avg Update
RP46: 4/15/2010 4:59:46 PM - Software Distribution Service 3.0
RP47: 4/17/2010 12:50:19 PM - System Checkpoint
RP48: 4/18/2010 1:20:24 PM - System Checkpoint
RP49: 4/19/2010 2:21:55 AM - Installed Windows Media Player 11
RP50: 4/19/2010 2:23:36 AM - Software Distribution Service 3.0
RP51: 4/19/2010 3:00:15 AM - Software Distribution Service 3.0
RP52: 4/20/2010 2:06:26 AM - Software Distribution Service 3.0
RP53: 4/21/2010 12:31:06 AM - Avg Update
RP54: 4/21/2010 12:33:10 AM - Avg Update
RP55: 4/22/2010 5:03:14 AM - System Checkpoint
RP56: 4/23/2010 9:41:46 AM - System Checkpoint
RP57: 4/24/2010 10:33:45 AM - System Checkpoint
RP58: 4/25/2010 12:25:45 PM - System Checkpoint
RP59: 4/26/2010 12:53:37 PM - System Checkpoint
RP60: 4/28/2010 11:51:04 AM - System Checkpoint
RP61: 4/29/2010 12:03:15 PM - System Checkpoint
RP62: 4/30/2010 12:13:40 PM - System Checkpoint
RP63: 5/1/2010 3:18:30 PM - System Checkpoint
RP64: 5/3/2010 6:32:36 AM - System Checkpoint
RP65: 5/4/2010 1:07:49 PM - System Checkpoint
RP66: 5/4/2010 11:59:26 PM - Restore Operation
RP67: 5/5/2010 1:34:07 PM - Cleaned registry with Windows Live OneCare safety scanner
RP68: 5/6/2010 8:36:56 AM - Avg Update
RP69: 5/6/2010 2:15:35 PM - Installed SUPERAntiSpyware Free Edition
RP70: 5/8/2010 8:13:30 AM - System Checkpoint
RP71: 5/9/2010 5:27:21 PM - System Checkpoint
RP72: 5/9/2010 8:00:00 PM - OTL Restore Point

==== Installed Programs ======================

Ad-Aware
Ad-Aware Email Scanner for Outlook
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASUS Live Update
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
ATI Parental Control & Encoder
ATK0100 ACPI UTILITY
AVG Free 9.0
Bonjour
DivX Setup
DivX Web Player
FlashGet 3.3
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB979306)
Intel® PROSet/Wireless Software
iTunes
Java Auto Updater
Java™ 6 Update 19
Malwarebytes' Anti-Malware
mCore
mDriver
mDrWiFi
mHelp
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
mIWA
mLogView
mMHouse
Mozilla Firefox (3.6.3)
mPfMgr
mPfWiz
mProSafe
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
mWlsSafe
mXML
mZConfig
OGA Notifier 2.0.0048.0
Power4 Gear
QuickTime
REALTEK PCIE NIC Driver
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB980470)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
Segoe UI
Skype™ 4.2
SoundMAX
SUPERAntiSpyware Free Edition
Synaptics Pointing Device Driver
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB981715)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Outlook 2007 Junk Email Filter (kb981433)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB980182)
VC80CRTRedist - 8.0.50727.4053
Vimicro 321 Camera
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.0.5
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver

==== Event Viewer Messages From Past Week ========

5/9/2010 9:09:36 AM, error: Dhcp [1002] - The IP address lease 192.168.1.102 for the Network Card with network address 001B776442E6 has been denied by the DHCP server 128.120.104.250 (The DHCP Server sent a DHCPNACK message).
5/8/2010 3:26:34 AM, error: Dhcp [1002] - The IP address lease 192.168.1.102 for the Network Card with network address 001B776442E6 has been denied by the DHCP server 169.237.160.3 (The DHCP Server sent a DHCPNACK message).
5/8/2010 11:09:07 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 Fips intelppm SASDIFSV SASKUTIL
5/7/2010 6:04:07 AM, error: Dhcp [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 001B776442E6 has been denied by the DHCP server 169.237.160.3 (The DHCP Server sent a DHCPNACK message).
5/6/2010 7:23:58 AM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
5/6/2010 7:23:58 AM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
5/6/2010 5:21:33 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
5/6/2010 12:05:39 PM, error: Service Control Manager [7031] - The AVG Free WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
5/6/2010 12:05:34 PM, error: Service Control Manager [7034] - The AVG Free E-mail Scanner service terminated unexpectedly. It has done this 1 time(s).
5/5/2010 9:27:34 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
5/5/2010 6:54:22 AM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
5/5/2010 6:06:58 AM, error: Dhcp [1002] - The IP address lease 0.0.0.0 for the Network Card with network address 001B776442E6 has been denied by the DHCP server 128.120.104.250 (The DHCP Server sent a DHCPNACK message).
5/5/2010 6:06:56 AM, error: Dhcp [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 001B776442E6 has been denied by the DHCP server 128.120.104.250 (The DHCP Server sent a DHCPNACK message).
5/5/2010 5:35:22 AM, error: SMCIRDA [64] - During hardware self-test, this driver could not find a 550A UART device at the first set of hardware I/O ports. If any new hardware has been added to the system recently, then it is likely that the new hardware is conflicting with this device. Otherwise, it is possible that this device has been set incorrectly in the Device Manager.
5/4/2010 6:24:54 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
5/4/2010 6:21:52 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
5/4/2010 6:21:25 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 AvgTdiX Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
5/4/2010 6:21:25 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
5/4/2010 6:21:25 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/4/2010 6:21:25 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/4/2010 6:21:25 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
5/4/2010 6:21:25 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/4/2010 6:21:25 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/4/2010 11:59:35 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

==== End Of File ===========================







DDS (Ver_10-03-17.01) - NTFSx86
Run by admin at 10:06:00.20 on Mon 05/10/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_19
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1333 [GMT 8:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Documents and Settings\admin\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - c:\documents and settings\admin\application data\flashgetbho\FlashGetBHO3.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [HControl] c:\windows\atk0100\HControl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Power_Gear] c:\program files\asus\power4 gear\BatteryLife.exe 1
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
IE: Download All By FlashGet3 - c:\documents and settings\admin\application data\flashgetbho\GetAllUrl.htm
IE: Download By FlashGet3 - c:\documents and settings\admin\application data\flashgetbho\GetUrl.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: kuaiche.com\software
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1270847312998
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admin\applic~1\mozilla\firefox\profiles\w511j2ll.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-4-10 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-4-10 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-4-10 29512]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-4-10 242896]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-4-27 61440]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-4-10 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-4-10 308064]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1285864]
S3 cpuz132;cpuz132;\??\c:\docume~1\admin\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\admin\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys --> c:\windows\system32\drivers\wg111v2.sys [?]

=============== Created Last 30 ================

2010-05-08 03:50:42 0 d-----w- c:\windows\system32\MpEngineStore
2010-05-08 02:52:48 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-06 09:41:20 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-05-06 06:15:52 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-05-06 06:15:38 0 d-----w- c:\program files\SUPERAntiSpyware
2010-05-06 06:15:38 0 d-----w- c:\docume~1\admin\applic~1\SUPERAntiSpyware.com
2010-05-06 06:14:58 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-05-06 03:32:22 0 ----a-w- c:\documents and settings\admin\defogger_reenable
2010-05-04 16:01:22 0 d-----w- c:\windows\system32\wbem\Repository
2010-05-04 10:04:27 0 d-----w- c:\docume~1\alluse~1\applic~1\DivX
2010-04-26 22:04:42 353592 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2010-04-25 11:49:22 0 d--h--w- C:\$AVG
2010-04-18 18:25:29 0 d-----w- c:\program files\Windows Media Connect 2
2010-04-18 18:24:57 0 d-----w- C:\cf836867ad0ba1c31a689d18c5586426
2010-04-18 18:24:06 0 d-----w- c:\windows\system32\LogFiles
2010-04-18 18:23:42 0 d-----w- C:\c790cb70683f31a8e63f007677f251b9
2010-04-15 09:03:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-04-15 02:43:12 3255 ----a-w- c:\windows\system32\wbem\Outlook_01cadc45645310e0.mof
2010-04-12 04:55:40 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-04-12 04:55:40 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-12 04:47:13 0 d-----w- c:\program files\common files\DivX Shared
2010-04-12 04:47:12 0 d-----w- c:\program files\DivX
2010-04-12 04:44:53 0 d-----w- c:\windows\ie8updates
2010-04-12 02:54:45 1089593 -c----w- c:\windows\system32\dllcache\ntprint.cat
2010-04-12 02:53:15 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-04-12 02:53:15 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-04-11 17:01:21 0 d-sh--w- c:\documents and settings\admin\IECompatCache
2010-04-11 17:01:05 0 d-sh--w- c:\documents and settings\admin\PrivacIE
2010-04-11 08:59:50 0 d-sh--w- c:\documents and settings\admin\IETldCache
2010-04-11 08:48:38 0 d-----w- c:\program files\VideoLAN
2010-04-11 08:42:10 0 dc-h--w- c:\windows\ie8
2010-04-11 08:21:24 0 d-----w- c:\windows\system32\XPSViewer
2010-04-11 08:20:49 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-04-11 08:20:49 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-04-11 08:20:49 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-04-11 08:20:49 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-04-11 08:20:49 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-04-11 08:20:49 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-04-11 08:20:49 117760 ------w- c:\windows\system32\prntvpt.dll
2010-04-11 08:20:49 0 d-----w- C:\1bfdfa66a60035860c795648
2010-04-11 06:43:09 0 d-----w- c:\docume~1\admin\applic~1\Office Genuine Advantage
2010-04-11 06:29:40 0 d-----w- c:\program files\MSXML 4.0
2010-04-11 05:47:37 292 ----a-w- c:\windows\system32\secustat.dat
2010-04-11 05:37:16 0 d-----w- c:\windows\SHELLNEW
2010-04-11 00:32:49 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-04-11 00:32:49 215920 ----a-w- c:\windows\system32\muweb.dll
2010-04-11 00:32:49 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2010-04-10 23:03:07 891 ----a-w- c:\windows\system32\secushr.dat
2010-04-10 23:02:45 25 ----a-w- c:\windows\libem.INI
2010-04-10 23:02:40 0 d-----w- c:\docume~1\admin\applic~1\BITS
2010-04-10 23:02:38 0 d-----w- c:\docume~1\admin\applic~1\FlashGet
2010-04-10 23:02:35 0 d-----w- c:\docume~1\admin\applic~1\FlashGetBHO
2010-04-10 23:02:32 0 d-----w- c:\program files\FlashGet Network
2010-04-10 21:16:58 59904 -c--a-w- c:\windows\system32\dllcache\imkrinst.exe
2010-04-10 06:45:56 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2010-04-10 06:42:59 5376 -c--a-w- c:\windows\system32\dllcache\mspclock.sys
2010-04-10 06:42:59 5376 ----a-w- c:\windows\system32\drivers\MSPCLOCK.sys
2010-04-10 06:42:37 142848 ----a-r- c:\windows\system32\drivers\ADIHdAud.sys
2010-04-10 06:42:36 4096 -c--a-w- c:\windows\system32\dllcache\ksuser.dll
2010-04-10 06:42:36 4096 ----a-w- c:\windows\system32\ksuser.dll
2010-04-10 06:42:36 146048 -c--a-w- c:\windows\system32\dllcache\portcls.sys
2010-04-10 06:42:36 146048 ----a-w- c:\windows\system32\drivers\portcls.sys
2010-04-10 06:42:36 129536 -c--a-w- c:\windows\system32\dllcache\ksproxy.ax
2010-04-10 06:42:36 129536 ----a-w- c:\windows\system32\ksproxy.ax
2010-04-10 06:42:35 60160 -c--a-w- c:\windows\system32\dllcache\drmk.sys
2010-04-10 06:42:35 60160 ----a-w- c:\windows\system32\drivers\drmk.sys
2010-04-10 06:42:31 49152 ----a-w- c:\windows\system32\DSndUp.exe
2010-04-10 06:42:31 45056 ------w- c:\windows\system32\CleanUp.exe
2010-04-10 06:42:31 0 d-----w- c:\program files\Analog Devices
2010-04-10 05:58:12 0 d-----w- c:\windows\system32\scripting
2010-04-10 05:58:11 0 d-----w- c:\windows\l2schemas
2010-04-10 05:58:10 0 d-----w- c:\windows\system32\en
2010-04-10 05:53:48 0 d-----w- c:\windows\network diagnostic
2010-04-10 05:46:59 315455 -c--a-w- c:\windows\system32\dllcache\imskf.dll
2010-04-10 05:34:33 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-04-10 05:34:22 353792 -c----w- c:\windows\system32\dllcache\srv.sys
2010-04-10 05:34:15 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-04-10 05:32:26 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-04-10 05:32:25 128512 -c----w- c:\windows\system32\dllcache\dhtmled.ocx
2010-04-10 05:30:33 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-04-10 05:30:24 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2010-04-10 05:30:22 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2010-04-10 05:30:11 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll

==================== Find3M ====================

2010-04-29 07:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 07:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-20 16:32:59 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-10 00:04:37 319488 ----a-w- c:\windows\system32\AegisI5Installer.exe
2010-04-10 00:04:37 21425 ----a-w- c:\windows\system32\drivers\AegisP.sys
2010-04-09 16:49:22 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-04-09 16:49:13 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-04-09 16:17:36 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-04-09 15:48:08 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-08 17:59:18 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-02-25 06:24:37 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-19 19:27:36 720384 ----a-w- c:\windows\system32\DivX.dll
2010-02-19 19:27:16 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2010-02-19 19:27:16 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2010-02-19 19:27:16 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2010-02-19 19:27:16 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2010-02-19 19:27:16 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2010-02-16 14:08:49 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25:04 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 18:46:14 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 18:46:14 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-02-12 04:33:11 100864 ----a-w- c:\windows\system32\6to4svc.dll

============= FINISH: 10:07:24.14 ===============







OTL logfile created on: 5/9/2010 7:59:36 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\admin\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 65.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 62.73 Gb Total Space | 45.47 Gb Free Space | 72.48% Space Free | Partition Type: NTFS
Drive D: | 49.06 Gb Total Space | 12.87 Gb Free Space | 26.24% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ADMIN-QDCKQM0FV
Current User Name: admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/05/09 19:59:02 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\admin\My Documents\Downloads\OTL.exe
PRC - [2010/04/30 09:17:41 | 000,834,248 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/04/30 09:17:37 | 001,285,864 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/04/21 00:33:03 | 002,064,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/04/21 00:32:58 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/04/15 09:38:18 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/04/10 00:48:37 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/04/10 00:48:17 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/04/10 00:47:56 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/04/10 00:47:52 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/04/02 01:58:04 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/20 01:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2008/04/14 08:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/10/19 09:05:18 | 000,434,176 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2006/10/19 09:04:28 | 000,802,816 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2006/10/19 08:58:16 | 000,696,320 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2006/10/19 08:56:52 | 000,946,176 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2006/10/19 08:53:24 | 000,479,232 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2006/10/19 08:49:52 | 000,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2006/10/14 17:37:40 | 000,110,592 | ---- | M] () -- C:\WINDOWS\ATK0100\HControl.exe
PRC - [2006/08/10 22:08:04 | 002,379,776 | ---- | M] () -- C:\WINDOWS\ATK0100\ATKOSD.exe
PRC - [2006/03/15 08:46:00 | 000,090,112 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
PRC - [2006/01/03 07:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe


========== Modules (SafeList) ==========

MOD - [2010/05/09 19:59:02 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\admin\My Documents\Downloads\OTL.exe
MOD - [2008/04/14 08:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/04/30 09:17:37 | 001,285,864 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/04/10 00:47:56 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/04/10 00:47:52 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/20 01:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2006/10/19 09:05:18 | 000,434,176 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2006/10/19 08:56:52 | 000,946,176 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2006/10/19 08:49:52 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®


========== Driver Services (SafeList) ==========

DRV - [2010/04/27 17:30:10 | 000,061,440 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/04/21 00:32:59 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/04/10 00:49:13 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/04/10 00:49:12 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/04 23:53:02 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2008/04/14 02:31:32 | 000,036,352 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\intelppm.sys -- (intelppm)
DRV - [2008/04/14 00:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2006/10/25 12:28:46 | 001,777,664 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/10/20 00:29:22 | 000,012,544 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/10/17 11:55:28 | 001,711,104 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw3x32.sys -- (NETw3x32) Intel®
DRV - [2006/06/22 02:16:42 | 000,142,848 | R--- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2005/12/05 15:55:00 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2005/11/17 07:08:16 | 000,078,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTL8023xp)
DRV - [2005/10/22 08:16:16 | 000,227,840 | R--- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbvm321.sys -- (usbvm321) Vimicro USB PC Camera (VC0321)
DRV - [2005/10/21 14:13:08 | 000,191,936 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005/10/01 01:34:10 | 000,310,016 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/09/18 02:01:50 | 000,028,672 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/09/15 03:45:24 | 000,050,560 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/05/21 06:48:12 | 000,010,752 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\ASUS\ASUS Live Update\SYS64\lvupdtio.sys -- (lvupdtio)
DRV - [2005/02/17 23:07:48 | 000,005,632 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2001/08/17 20:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-725345543-343818398-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-725345543-343818398-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-725345543-343818398-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/11 06:54:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/12 12:55:40 | 000,000,000 | ---D | M]

[2010/04/11 06:54:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Mozilla\Extensions
[2010/05/09 09:19:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\w511j2ll.default\extensions
[2010/04/12 12:52:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\w511j2ll.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/09 09:19:51 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2001/08/23 20:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Documents and Settings\admin\Application Data\FlashGetBHO\FlashGetBHO3.dll (Trend Media Group)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe ()
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe (ASUSTeK Computer Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-725345543-343818398-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Download All By FlashGet3 - C:\Documents and Settings\admin\Application Data\FlashGetBHO\GetAllUrl.htm ()
O8 - Extra context menu item: Download By FlashGet3 - C:\Documents and Settings\admin\Application Data\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-725345543-343818398-839522115-1003\..Trusted Domains: kuaiche.com ([software] http in Trusted sites)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase6087.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1270847312998 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.76.182 68.87.78.134 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/09 23:50:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{ea0e55dd-482f-11df-9f7c-001d60023dc0}\Shell - "" = AutoRun
O33 - MountPoints2\{ea0e55dd-482f-11df-9f7c-001d60023dc0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ea0e55dd-482f-11df-9f7c-001d60023dc0}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2010/04/09 16:37:34 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: ASUS Live Update - hkey= - key= - C:\Program Files\ASUS\ASUS Live Update\ALU.exe ()
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: gbbirvys - hkey= - key= - C:\Documents and Settings\admin\Local Settings\Application Data\amfaqkqff\rydlommtssd.exe File not found
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: qygfjrcs - hkey= - key= - C:\Documents and Settings\admin\Local Settings\Application Data\qyhaptbup\dasaobutssd.exe File not found
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: SUPERAntiSpyware - hkey= - key= - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (69537929998893056)

========== Files/Folders - Created Within 90 Days ==========

[2010/05/08 11:50:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[2010/05/08 11:08:46 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/05/08 10:53:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Local Settings\Application Data\amfaqkqff
[2010/05/08 10:52:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/05/07 02:39:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Local Settings\Application Data\qyhaptbup
[2010/05/06 14:15:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/05/06 14:15:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\SUPERAntiSpyware.com
[2010/05/06 14:15:38 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/05/06 14:14:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/05/05 11:51:58 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/05/05 01:24:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\DivX
[2010/05/05 00:10:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/05/05 00:10:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/05/04 18:04:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2010/04/27 06:04:42 | 000,353,592 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\DivXControlPanelApplet.cpl
[2010/04/25 19:49:22 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/04/19 02:25:29 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2010/04/19 02:24:57 | 000,000,000 | ---D | C] -- C:\cf836867ad0ba1c31a689d18c5586426
[2010/04/19 02:24:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2010/04/19 02:24:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2010/04/19 02:23:42 | 000,000,000 | ---D | C] -- C:\c790cb70683f31a8e63f007677f251b9
[2010/04/15 10:18:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\U3
[2010/04/12 12:56:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010/04/12 12:56:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/04/12 12:56:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/04/12 12:55:19 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/04/12 12:54:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Sun
[2010/04/12 12:47:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2010/04/12 12:47:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\admin\My Documents\My Videos
[2010/04/12 12:47:12 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2010/04/12 12:44:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/04/12 01:01:21 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\admin\IECompatCache
[2010/04/12 01:01:05 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\admin\PrivacIE
[2010/04/11 17:09:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/04/11 16:59:50 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\admin\IETldCache
[2010/04/11 16:50:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\vlc
[2010/04/11 16:48:38 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010/04/11 16:42:10 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/04/11 16:37:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MSN6
[2010/04/11 16:37:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\MSN6
[2010/04/11 16:21:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2010/04/11 16:21:20 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2010/04/11 16:21:13 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2010/04/11 16:20:49 | 000,000,000 | ---D | C] -- C:\1bfdfa66a60035860c795648
[2010/04/11 14:43:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2010/04/11 14:43:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Office Genuine Advantage
[2010/04/11 14:35:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-TW
[2010/04/11 14:35:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-HK
[2010/04/11 14:35:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\tr-TR
[2010/04/11 14:35:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\sv-SE
[2010/04/11 14:35:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\pt-BR
[2010/04/11 14:35:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nl-NL
[2010/04/11 14:35:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nb-NO
[2010/04/11 14:35:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ko-KR
[2010/04/11 14:35:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\it-IT
[2010/04/11 14:35:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\he-IL
[2010/04/11 14:35:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fr-FR
[2010/04/11 14:35:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fi-FI
[2010/04/11 14:35:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\es-ES
[2010/04/11 14:35:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\el-GR
[2010/04/11 14:35:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de-DE
[2010/04/11 14:35:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\da-DK
[2010/04/11 14:35:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ar-SA
[2010/04/11 14:29:40 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/04/11 13:52:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Local Settings\Application Data\Adobe
[2010/04/11 13:40:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/04/11 13:39:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/04/11 13:37:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2010/04/11 13:36:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Local Settings\Application Data\Microsoft Help
[2010/04/11 13:36:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/04/11 13:36:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2010/04/11 13:35:43 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010/04/11 07:02:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\BITS
[2010/04/11 07:02:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\FlashGet
[2010/04/11 07:02:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\FlashGetBHO
[2010/04/11 07:02:32 | 000,000,000 | ---D | C] -- C:\Program Files\FlashGet Network
[2010/04/11 06:54:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Mozilla
[2010/04/10 14:50:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010/04/10 14:49:23 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[2010/04/10 14:49:14 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[2010/04/10 14:49:02 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
[2010/04/10 14:42:31 | 000,049,152 | ---- | C] (Analog Devices Inc.) -- C:\WINDOWS\System32\DSndUp.exe
[2010/04/10 14:42:31 | 000,045,056 | ---- | C] (adi) -- C:\WINDOWS\System32\CleanUp.exe
[2010/04/10 14:42:31 | 000,000,000 | ---D | C] -- C:\Program Files\Analog Devices
[2010/04/10 14:32:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/04/10 14:23:22 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/04/10 13:58:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/04/10 13:58:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2010/04/10 13:58:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010/04/10 13:58:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/04/10 13:53:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2010/04/10 13:45:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Macromedia
[2010/04/10 13:45:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Adobe
[2010/04/10 09:39:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\skypePM
[2010/04/10 09:38:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Skype
[2010/04/10 09:38:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/04/10 09:38:08 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010/04/10 09:38:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2010/04/10 09:21:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\My Documents\My Received Files
[2010/04/10 09:19:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Tracing
[2010/04/10 09:18:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/04/10 09:18:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2010/04/10 09:18:09 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2010/04/10 09:17:43 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/04/10 09:15:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2010/04/10 08:31:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Malwarebytes
[2010/04/10 08:31:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/10 08:31:11 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/10 08:31:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/10 08:31:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/04/10 08:29:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\WinRAR
[2010/04/10 08:29:07 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/04/10 08:13:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Apple Computer
[2010/04/10 08:13:03 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/04/10 08:12:58 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/04/10 08:12:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/04/10 08:12:13 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/04/10 08:12:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010/04/10 08:12:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Local Settings\Application Data\Apple
[2010/04/10 08:11:59 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/04/10 08:11:33 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/04/10 08:11:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/04/10 08:11:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2010/04/10 08:11:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Local Settings\Application Data\Apple Computer
[2010/04/10 08:04:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Intel
[2010/04/10 08:04:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Intel
[2010/04/10 08:04:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Intel
[2010/04/10 08:04:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Intel
[2010/04/10 07:56:13 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2010/04/10 07:50:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\ATK0100
[2010/04/10 07:46:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/04/10 07:42:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Local Settings\Application Data\Mozilla
[2010/04/10 07:41:57 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/04/10 06:29:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2010/04/10 06:29:11 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2010/04/10 06:28:58 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[2010/04/10 05:52:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2010/04/10 05:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\peernet
[2010/04/10 05:42:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\provisioning
[2010/04/10 05:41:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2010/04/10 05:39:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2010/04/10 05:37:40 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010/04/10 05:37:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2010/04/10 05:29:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010/04/10 05:22:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2010/04/10 05:08:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2010/04/10 05:07:49 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\admin\UserData
[2010/04/10 04:54:35 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2010/04/10 04:49:21 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2010/04/10 04:49:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\OPTIONS
[2010/04/10 04:48:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010/04/10 02:53:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010/04/10 02:40:02 | 000,310,016 | ---- | C] (REDC) -- C:\WINDOWS\System32\drivers\rixdptsk.sys
[2010/04/10 02:40:02 | 000,028,672 | ---- | C] (REDC) -- C:\WINDOWS\System32\drivers\rimmptsk.sys
[2010/04/10 02:40:01 | 000,050,560 | ---- | C] (REDC) -- C:\WINDOWS\System32\drivers\rimsptsk.sys
[2010/04/10 02:19:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Local Settings\Application Data\ATI
[2010/04/10 02:19:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\ATI
[2010/04/10 02:07:30 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2010/04/10 01:53:16 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\WINDOWS\System32\CSVer.dll
[2010/04/10 01:53:15 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2010/04/10 01:53:06 | 000,000,000 | ---D | C] -- C:\Intel
[2010/04/10 01:43:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\My Documents\Downloads
[2010/04/10 01:42:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/04/10 01:38:55 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2010/04/10 01:38:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2010/04/10 00:49:20 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/04/10 00:49:18 | 000,242,896 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/04/10 00:49:12 | 000,216,200 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/04/10 00:49:11 | 000,029,512 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/04/10 00:49:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010/04/10 00:46:27 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/04/10 00:46:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/04/10 00:34:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\My Documents\Drivers
[2010/04/10 00:32:54 | 000,000,000 | ---D | C] -- C:\Program Files\ASUS
[2010/04/10 00:26:27 | 000,245,760 | R--- | C] (vimicro) -- C:\WINDOWS\System32\Vmprp321.ax
[2010/04/10 00:26:27 | 000,227,840 | R--- | C] (Vimicro Corporation) -- C:\WINDOWS\System32\drivers\usbvm321.sys
[2010/04/10 00:26:27 | 000,032,768 | R--- | C] (Vimicro Corporation) -- C:\WINDOWS\System32\VMCtrl321.ax
[2010/04/10 00:26:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\EffectResources
[2010/04/10 00:26:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\CatRoot
[2010/04/10 00:17:41 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/04/10 00:17:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2010/04/10 00:17:38 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/04/10 00:12:07 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/04/10 00:11:51 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/04/10 00:11:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/04/10 00:07:37 | 000,078,976 | ---- | C] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\drivers\Rtenicxp.sys
[2010/04/10 00:06:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2010/04/10 00:06:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/04/10 00:06:28 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/04/09 23:59:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie7updates
[2010/04/09 23:55:39 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2010/04/09 23:55:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Identities
[2010/04/09 23:55:33 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2010/04/09 23:55:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\admin\My Documents\My Pictures
[2010/04/09 23:55:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\admin\My Documents\My Music
[2010/04/09 23:55:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Local Settings\Application Data\Microsoft
[2010/04/09 23:55:29 | 000,000,000 | --SD | C] -- C:\Documents and Settings\admin\Application Data\Microsoft
[2010/04/09 23:55:29 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\admin\SendTo
[2010/04/09 23:55:29 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\admin\Recent
[2010/04/09 23:55:29 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\admin\Application Data
[2010/04/09 23:55:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\admin\Start Menu
[2010/04/09 23:55:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\admin\My Documents
[2010/04/09 23:55:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\admin\Favorites
[2010/04/09 23:55:29 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\admin\Cookies
[2010/04/09 23:55:29 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\admin\Templates
[2010/04/09 23:55:29 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\admin\PrintHood
[2010/04/09 23:55:29 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\admin\NetHood
[2010/04/09 23:55:29 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\admin\Local Settings
[2010/04/09 23:55:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Desktop
[2010/04/09 23:54:30 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010/04/09 23:54:26 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/04/09 23:54:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/04/09 23:54:25 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/04/09 23:54:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/04/09 23:52:07 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2010/04/09 23:52:07 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2010/04/09 23:51:14 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2010/04/09 23:50:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2010/04/09 23:50:54 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2010/04/09 23:50:54 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2010/04/09 23:50:04 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2010/04/09 23:49:58 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2010/04/09 23:49:58 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2010/04/09 23:49:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2010/04/09 23:49:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2010/04/09 23:49:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2010/04/09 23:49:17 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2010/04/09 23:48:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2010/04/09 23:48:49 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2010/04/09 23:48:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\PCHEALTH
[2010/04/09 23:48:44 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2010/04/09 23:48:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2010/04/09 23:48:37 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2010/04/09 23:48:37 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2010/04/09 23:48:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2010/04/09 23:48:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2010/04/09 23:48:24 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2010/04/09 23:48:23 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2010/04/09 23:48:23 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2010/04/09 23:47:53 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2010/04/09 23:47:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2010/04/09 23:47:42 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2010/04/09 23:47:42 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2010/04/09 23:47:37 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger
[2010/04/09 23:47:30 | 000,000,000 | ---D | C] -- C:\Program Files\MSN
[2010/04/09 23:47:26 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2010/04/09 23:47:17 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2010/04/09 23:47:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2010/04/09 23:47:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2010/04/09 16:42:42 | 000,035,913 | ---- | C] (SMC) -- C:\WINDOWS\System32\drivers\smcirda.sys
[2010/04/09 16:41:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2010/04/09 16:41:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2010/04/09 16:41:29 | 000,000,000 | R--D | C] -- C:\Program Files
[2010/04/09 16:41:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2010/04/09 16:41:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2010/04/09 16:41:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2010/04/09 16:41:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2010/04/09 16:41:08 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates
[2010/04/09 16:41:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2010/04/09 16:41:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop
[2010/04/09 16:40:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2010/04/09 16:40:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2010/04/09 16:40:53 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2010/04/09 16:40:53 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2010/04/09 16:40:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings
[2010/04/09 16:35:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2010/04/09 16:35:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2010/04/09 16:35:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2010/04/09 16:35:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2010/04/09 16:35:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2010/04/09 16:35:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
[2010/04/09 16:35:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2010/04/09 16:35:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2010/04/09 16:35:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2010/04/09 16:35:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2010/04/09 16:35:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2010/04/09 16:35:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2010/04/09 16:35:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2010/04/09 16:35:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2010/04/09 16:35:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2010/04/09 16:35:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2010/04/09 16:35:11 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2010/04/09 16:35:11 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2010/04/09 16:35:11 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
[2010/04/09 16:35:11 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2010/04/09 16:35:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2010/04/09 16:35:11 | 000,000,000 | ---D | C] -- C:\WINDOWS
[2010/04/09 16:35:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2010/04/09 16:35:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2010/04/09 16:35:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2010/04/09 16:35:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
[2010/04/09 16:35:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
[2010/04/09 16:35:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2010/04/09 16:35:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2010/04/09 16:35:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2010/04/09 16:35:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
[2010/04/09 16:35:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2010/04/09 16:35:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
[2010/04/09 16:35:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2010/04/09 16:35:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2010/04/09 16:35:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2010/04/09 16:35:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2010/04/09 16:35:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2010/04/09 16:35:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2010/04/09 16:35:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
[2010/04/09 16:35:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
[2010/04/09 16:35:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2010/04/09 16:35:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2010/04/09 16:35:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
[2010/04/09 16:35:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2010/04/09 16:35:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2010/04/09 16:35:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2010/04/09 16:35:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2010/04/09 16:35:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2010/04/09 16:35:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2010/04/09 16:35:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2010/04/09 16:35:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2010/04/09 16:35:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2010/04/09 16:35:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2010/04/09 16:35:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2010/04/09 16:35:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2010/04/09 16:35:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2010/04/09 16:35:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[2010/03/09 01:59:18 | 000,094,208 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\dpl100.dll
[2010/02/20 03:27:36 | 000,720,384 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\DivX.dll
[2010/02/20 03:27:16 | 000,856,064 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx0c.dll
[2010/02/20 03:27:16 | 000,856,064 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx07.dll
[2010/02/20 03:27:16 | 000,847,872 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx0a.dll
[2010/02/20 03:27:16 | 000,843,776 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx16.dll
[2010/02/20 03:27:16 | 000,839,680 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx11.dll
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\admin\Desktop\*.tmp files -> C:\Documents and Settings\admin\Desktop\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/05/09 20:00:41 | 000,030,208 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\Hello and welcome to Bleeping Computer.doc
[2010/05/09 17:17:51 | 059,766,168 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/05/09 09:11:34 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/05/09 09:09:24 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/05/09 08:29:25 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/09 08:29:22 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/05/09 08:29:13 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/09 08:29:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/09 03:54:16 | 003,870,720 | ---- | M] () -- C:\Documents and Settings\admin\ntuser.dat
[2010/05/09 03:54:16 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\admin\ntuser.ini
[2010/05/09 03:54:14 | 003,184,656 | -H-- | M] () -- C:\Documents and Settings\admin\Local Settings\Application Data\IconCache.db
[2010/05/08 11:10:11 | 000,000,608 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/08 11:10:11 | 000,000,304 | RHS- | M] () -- C:\boot.ini
[2010/05/08 11:10:11 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/08 10:53:28 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/08 09:11:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/05/07 05:02:06 | 000,372,343 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\Transcript Notation.pdf
[2010/05/06 18:34:19 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/06 14:15:46 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/05/06 11:32:22 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\admin\defogger_reenable
[2010/05/06 01:14:50 | 000,000,292 | ---- | M] () -- C:\WINDOWS\System32\secustat.dat
[2010/05/06 01:12:43 | 000,000,891 | ---- | M] () -- C:\WINDOWS\System32\secushr.dat
[2010/05/05 15:27:39 | 000,087,190 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\Virus.JPG
[2010/05/05 05:58:37 | 000,045,056 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\WHY JOIN STATE FARM.doc
[2010/05/04 03:20:22 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\State Street Interview.doc
[2010/05/04 03:08:57 | 000,002,471 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\Microsoft Office Access 2007.lnk
[2010/05/03 14:33:37 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\admin\Desktop\~$ate Street Interview.doc
[2010/05/03 10:13:09 | 000,038,841 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\Jacket.JPG
[2010/04/30 09:20:19 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/04/30 02:56:36 | 000,034,816 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\case brief 4.doc
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/28 04:15:47 | 000,033,378 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\Pat.jpg
[2010/04/27 06:04:42 | 000,353,592 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\DivXControlPanelApplet.cpl
[2010/04/23 05:46:04 | 000,109,056 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\movie review 2.doc
[2010/04/21 06:08:37 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\Microsoft Office Word 2007.lnk
[2010/04/21 00:32:59 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/04/20 07:36:46 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\Thank You Western Asset.doc
[2010/04/20 07:14:39 | 000,010,856 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\Extra Notes.docx
[2010/04/20 02:07:18 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/20 01:27:07 | 000,051,492 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\beginners_report.pdf
[2010/04/19 02:28:00 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/04/19 02:28:00 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/04/19 02:24:50 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/04/19 02:24:09 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010/04/18 16:49:19 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\Microsoft Office Excel 2007.lnk
[2010/04/18 11:54:04 | 000,473,600 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\Recommendation.doc
[2010/04/18 11:44:16 | 000,606,392 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\IMG_0001.jpg
[2010/04/15 10:43:12 | 000,510,584 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/15 10:43:12 | 000,435,828 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/15 10:43:12 | 000,068,558 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/12 12:52:36 | 000,001,469 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\DivX Movies.lnk
[2010/04/11 16:38:55 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/04/11 16:33:22 | 000,030,656 | ---- | M] () -- C:\Documents and Settings\admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/11 16:28:15 | 000,142,832 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/11 15:38:04 | 000,002,495 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\Microsoft Office PowerPoint 2007.lnk
[2010/04/11 07:02:45 | 000,000,025 | ---- | M] () -- C:\WINDOWS\libem.INI
[2010/04/11 07:02:41 | 000,000,866 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\FlashGet 3.3.lnk
[2010/04/11 06:54:35 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/04/10 13:53:34 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/04/10 09:39:00 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/04/10 09:18:48 | 000,001,839 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\Windows Live Messenger .lnk
[2010/04/10 08:31:15 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/10 08:04:37 | 000,319,488 | ---- | M] () -- C:\WINDOWS\System32\AegisI5Installer.exe
[2010/04/10 07:44:58 | 000,000,279 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\D Drive.lnk
[2010/04/10 07:44:56 | 000,000,293 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\C Drive.lnk
[2010/04/10 07:42:11 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/04/10 05:39:52 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/04/10 00:49:22 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/04/10 00:49:22 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/04/10 00:49:13 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/04/10 00:49:12 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/04/10 00:49:11 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/04/10 00:17:36 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/04/10 00:12:05 | 000,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/04/09 23:55:37 | 000,025,065 | ---- | M] () -- C:\WINDOWS\System32\wmpscheme.xml
[2010/04/09 23:54:15 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2010/04/09 23:52:26 | 000,000,261 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/04/09 23:50:42 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/04/09 23:50:42 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/04/09 23:50:42 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/04/09 23:50:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\control.ini
[2010/04/09 23:50:42 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/04/09 23:50:42 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/04/09 23:50:39 | 000,299,552 | ---- | M] () -- C:\WINDOWS\WMSysPrx.prx
[2010/04/09 23:50:33 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010/04/09 23:49:58 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2010/04/09 23:49:58 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/04/09 23:49:54 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/04/09 23:49:54 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/04/09 23:49:54 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/04/09 23:49:54 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/04/09 23:49:54 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/04/09 23:49:54 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010/04/09 23:48:08 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/04/09 23:47:52 | 000,000,037 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2010/04/09 23:47:52 | 000,000,036 | ---- | M] () -- C:\WINDOWS\vb.ini
[2010/03/09 01:59:18 | 000,094,208 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\dpl100.dll
[2010/02/20 03:27:36 | 000,720,384 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\DivX.dll
[2010/02/20 03:27:16 | 000,856,064 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx0c.dll
[2010/02/20 03:27:16 | 000,856,064 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx07.dll
[2010/02/20 03:27:16 | 000,847,872 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx0a.dll
[2010/02/20 03:27:16 | 000,843,776 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx16.dll
[2010/02/20 03:27:16 | 000,839,680 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx11.dll
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\admin\Desktop\*.tmp files -> C:\Documents and Settings\admin\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/09 20:00:40 | 000,030,208 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\Hello and welcome to Bleeping Computer.doc
[2010/05/08 10:52:48 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/07 05:02:06 | 000,372,343 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\Transcript Notation.pdf
[2010/05/06 18:34:19 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/06 17:41:20 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/05/06 14:15:46 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/05/06 11:32:22 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\admin\defogger_reenable
[2010/05/05 15:27:39 | 000,087,190 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\Virus.JPG
[2010/05/05 03:56:24 | 000,045,056 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\WHY JOIN STATE FARM.doc
[2010/05/04 13:07:46 | 003,870,720 | ---- | C] () -- C:\Documents and Settings\admin\ntuser.dat
[2010/05/03 14:33:37 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\admin\Desktop\~$ate Street Interview.doc
[2010/05/03 10:13:09 | 000,038,841 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\Jacket.JPG
[2010/05/03 04:52:45 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\State Street Interview.doc
[2010/04/28 15:16:45 | 000,034,816 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\case brief 4.doc
[2010/04/28 04:15:46 | 000,033,378 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\Pat.jpg
[2010/04/23 04:36:27 | 000,109,056 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\movie review 2.doc
[2010/04/20 07:15:02 | 000,027,648 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\Thank You Western Asset.doc
[2010/04/20 07:14:38 | 000,010,856 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\Extra Notes.docx
[2010/04/20 01:27:07 | 000,051,492 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\beginners_report.pdf
[2010/04/19 02:24:09 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010/04/18 11:51:59 | 000,473,600 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\Recommendation.doc
[2010/04/18 11:44:16 | 000,606,392 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\IMG_0001.jpg
[2010/04/12 12:47:13 | 000,001,469 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\DivX Movies.lnk
[2010/04/11 15:38:13 | 000,002,473 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\Microsoft Office Excel 2007.lnk
[2010/04/11 15:38:04 | 000,002,495 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\Microsoft Office PowerPoint 2007.lnk
[2010/04/11 15:37:56 | 000,002,471 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\Microsoft Office Access 2007.lnk
[2010/04/11 14:43:01 | 000,002,515 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\Microsoft Office Word 2007.lnk
[2010/04/11 14:35:38 | 000,000,236 | ---- | C] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/04/11 13:47:37 | 000,000,292 | ---- | C] () -- C:\WINDOWS\System32\secustat.dat
[2010/04/11 07:03:07 | 000,000,891 | ---- | C] () -- C:\WINDOWS\System32\secushr.dat
[2010/04/11 07:02:45 | 000,000,025 | ---- | C] () -- C:\WINDOWS\libem.INI
[2010/04/11 07:02:41 | 000,000,866 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\FlashGet 3.3.lnk
[2010/04/11 06:54:35 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/04/11 05:40:58 | 000,000,734 | ---- | C] () -- C:\WINDOWS\System32\drivers\etc\hosts.msn
[2010/04/11 05:17:18 | 000,001,486 | ---- | C] () -- C:\WINDOWS\System32\noise.kor
[2010/04/11 05:17:17 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\korwbrkr.lex
[2010/04/11 05:17:17 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2010/04/11 05:17:17 | 000,002,060 | ---- | C] () -- C:\WINDOWS\System32\noise.jpn
[2010/04/11 05:17:06 | 000,211,938 | ---- | C] () -- C:\WINDOWS\System32\lcphrase.tbl
[2010/04/11 05:17:06 | 000,146,126 | ---- | C] () -- C:\WINDOWS\System32\array30.tab
[2010/04/11 05:17:06 | 000,116,285 | ---- | C] () -- C:\WINDOWS\System32\msdayi.tbl
[2010/04/11 05:17:06 | 000,110,566 | ---- | C] () -- C:\WINDOWS\System32\arphr.tbl
[2010/04/11 05:17:06 | 000,043,242 | ---- | C] () -- C:\WINDOWS\System32\phoncode.tbl
[2010/04/11 05:17:06 | 000,024,114 | ---- | C] () -- C:\WINDOWS\System32\lcptr.tbl
[2010/04/11 05:17:06 | 000,018,600 | ---- | C] () -- C:\WINDOWS\System32\arrayhw.tab
[2010/04/11 05:17:06 | 000,016,312 | ---- | C] () -- C:\WINDOWS\System32\arptr.tbl
[2010/04/11 05:17:06 | 000,004,071 | ---- | C] () -- C:\WINDOWS\System32\phon.tbl
[2010/04/11 05:17:06 | 000,002,714 | ---- | C] () -- C:\WINDOWS\System32\phonptr.tbl
[2010/04/11 05:17:06 | 000,000,700 | ---- | C] () -- C:\WINDOWS\System32\dayiptr.tbl
[2010/04/11 05:17:06 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\dayiphr.tbl
[2010/04/11 05:17:05 | 000,195,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls
[2010/04/11 05:17:05 | 000,195,618 | ---- | C] () -- C:\WINDOWS\System32\c_10002.nls
[2010/04/11 05:17:05 | 000,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls
[2010/04/11 05:17:05 | 000,082,172 | ---- | C] () -- C:\WINDOWS\System32\bopomofo.nls
[2010/04/11 05:17:05 | 000,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls
[2010/04/11 05:17:05 | 000,066,728 | ---- | C] () -- C:\WINDOWS\System32\big5.nls
[2010/04/11 05:17:05 | 000,044,370 | ---- | C] () -- C:\WINDOWS\System32\acode.tbl
[2010/04/11 05:17:05 | 000,044,370 | ---- | C] () -- C:\WINDOWS\System32\a234.tbl
[2010/04/11 05:17:05 | 000,016,254 | ---- | C] () -- C:\WINDOWS\System32\PINTLPAE.HLP
[2010/04/11 05:17:05 | 000,014,821 | ---- | C] () -- C:\WINDOWS\System32\PINTLPAD.HLP
[2010/04/11 05:17:05 | 000,001,460 | ---- | C] () -- C:\WINDOWS\System32\a15.tbl
[2010/04/11 05:17:02 | 001,783,864 | ---- | C] () -- C:\WINDOWS\System32\WINPY.MB
[2010/04/11 05:17:02 | 001,564,868 | ---- | C] () -- C:\WINDOWS\System32\WINSP.MB
[2010/04/11 05:17:02 | 001,223,500 | ---- | C] () -- C:\WINDOWS\System32\WINZM.MB
[2010/04/11 05:17:01 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls
[2010/04/11 05:17:01 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\c_10008.nls
[2010/04/11 05:17:01 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\prcp.nls
[2010/04/11 05:17:01 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls
[2010/04/11 05:17:01 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\prc.nls
[2010/04/11 05:17:01 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls
[2010/04/11 05:16:58 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2010/04/11 05:16:58 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2010/04/11 05:16:53 | 000,189,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls
[2010/04/11 05:16:53 | 000,189,986 | ---- | C] () -- C:\WINDOWS\System32\c_1361.nls
[2010/04/11 05:16:53 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls
[2010/04/11 05:16:53 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\c_10003.nls
[2010/04/11 05:16:53 | 000,047,066 | ---- | C] () -- C:\WINDOWS\System32\ksc.nls
[2010/04/11 05:16:53 | 000,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls
[2010/04/11 05:16:33 | 000,180,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls
[2010/04/11 05:16:33 | 000,180,770 | ---- | C] () -- C:\WINDOWS\System32\c_20932.nls
[2010/04/11 05:16:33 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls
[2010/04/11 05:16:33 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\c_20000.nls
[2010/04/11 05:16:33 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls
[2010/04/11 05:16:33 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\c_20949.nls
[2010/04/11 05:16:33 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls
[2010/04/11 05:16:33 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\c_20936.nls
[2010/04/11 05:16:33 | 000,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls
[2010/04/11 05:16:33 | 000,162,850 | ---- | C] () -- C:\WINDOWS\System32\c_10001.nls
[2010/04/11 05:16:33 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls
[2010/04/11 05:16:33 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_21027.nls
[2010/04/11 05:16:33 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls
[2010/04/11 05:16:33 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20290.nls
[2010/04/11 05:16:33 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\xjis.nls
[2010/04/11 05:16:33 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls
[2010/04/10 13:47:21 | 000,613,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2010/04/10 13:47:21 | 000,069,612 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm
[2010/04/10 13:47:21 | 000,023,195 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm
[2010/04/10 13:47:21 | 000,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
[2010/04/10 13:47:21 | 000,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2010/04/10 13:47:21 | 000,000,855 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2010/04/10 13:47:21 | 000,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
[2010/04/10 13:47:20 | 000,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2010/04/10 13:47:20 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2010/04/10 13:47:20 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2010/04/10 13:47:20 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2010/04/10 13:47:20 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2010/04/10 13:47:20 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2010/04/10 13:47:20 | 000,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2010/04/10 13:47:20 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2010/04/10 13:47:20 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2010/04/10 13:47:20 | 000,029,070 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmp.inf
[2010/04/10 13:47:19 | 000,017,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2010/04/10 13:47:19 | 000,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2010/04/10 13:47:19 | 000,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2010/04/10 13:47:19 | 000,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2010/04/10 13:47:19 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2010/04/10 13:47:19 | 000,006,769 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2010/04/10 13:47:19 | 000,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2010/04/10 13:47:19 | 000,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2010/04/10 13:47:19 | 000,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2010/04/10 13:47:19 | 000,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2010/04/10 13:47:19 | 000,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2010/04/10 13:47:18 | 000,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
[2010/04/10 13:47:18 | 000,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2010/04/10 13:47:18 | 000,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2010/04/10 13:47:17 | 000,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2010/04/10 13:47:17 | 000,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2010/04/10 13:47:17 | 000,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2010/04/10 13:47:17 | 000,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2010/04/10 13:47:16 | 000,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2010/04/10 13:47:16 | 000,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2010/04/10 13:47:16 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2010/04/10 13:47:16 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2010/04/10 13:47:16 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2010/04/10 13:47:16 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2010/04/10 13:47:14 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2010/04/10 13:47:13 | 000,000,908 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
[2010/04/10 13:47:12 | 000,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
[2010/04/10 13:47:11 | 000,066,725 | ---- | C] () -- C:\WINDOWS\System32\dllcache\revert.wmz
[2010/04/10 13:47:10 | 000,077,307 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2010/04/10 13:47:10 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst6.wpl
[2010/04/10 13:47:10 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst5.wpl
[2010/04/10 13:47:10 | 000,001,474 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst3.wpl
[2010/04/10 13:47:10 | 000,001,451 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst12.wpl
[2010/04/10 13:47:10 | 000,001,448 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst4.wpl
[2010/04/10 13:47:10 | 000,001,250 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst1.wpl
[2010/04/10 13:47:10 | 000,001,049 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst2.wpl
[2010/04/10 13:47:10 | 000,001,046 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst7.wpl
[2010/04/10 13:47:10 | 000,001,036 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst8.wpl
[2010/04/10 13:47:10 | 000,000,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst11.wpl
[2010/04/10 13:47:10 | 000,000,787 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst10.wpl
[2010/04/10 13:47:10 | 000,000,784 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst9.wpl
[2010/04/10 13:47:10 | 000,000,783 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst13.wpl
[2010/04/10 13:47:10 | 000,000,775 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst14.wpl
[2010/04/10 13:47:10 | 000,000,733 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst15.wpl
[2010/04/10 13:47:09 | 000,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
[2010/04/10 13:47:08 | 000,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
[2010/04/10 13:47:08 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2010/04/10 13:47:03 | 000,844,314 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdxm.ocx
[2010/04/10 13:47:03 | 000,004,126 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdxmlc.dll
[2010/04/10 13:47:02 | 000,097,117 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.hlp
[2010/04/10 13:47:02 | 000,018,286 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2010/04/10 13:47:02 | 000,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2010/04/10 13:47:02 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2010/04/10 13:47:02 | 000,001,885 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.cnt
[2010/04/10 13:47:01 | 000,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
[2010/04/10 13:46:58 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2010/04/10 13:46:54 | 000,000,974 | ---- | C] () -- C:\WINDOWS\System32\pid.inf
[2010/04/10 13:46:50 | 000,498,742 | ---- | C] () -- C:\WINDOWS\System32\dllcache\dxmasf.dll
[2010/04/10 13:46:50 | 000,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2010/04/10 13:46:47 | 000,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
[2010/04/10 13:46:47 | 000,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2010/04/10 13:46:47 | 000,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
[2010/04/10 13:46:47 | 000,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
[2010/04/10 13:46:46 | 000,184,959 | ---- | C] () -- C:\WINDOWS\System32\dllcache\compact.wmz
[2010/04/10 13:46:46 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2010/04/10 13:46:46 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2010/04/10 13:46:46 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2010/04/10 13:46:46 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2010/04/10 13:46:46 | 000,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2010/04/10 13:46:45 | 000,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2010/04/10 09:39:00 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/04/10 09:38:11 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/04/10 09:19:39 | 000,001,839 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\Windows Live Messenger .lnk
[2010/04/10 08:31:15 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/10 08:13:53 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/04/10 08:12:02 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/10 08:04:37 | 000,319,488 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe
[2010/04/10 07:44:58 | 000,000,279 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\D Drive.lnk
[2010/04/10 07:44:56 | 000,000,293 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\C Drive.lnk
[2010/04/10 07:42:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/04/10 05:43:05 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2010/04/10 05:34:12 | 000,007,208 | ---- | C] () -- C:\WINDOWS\System32\secupd.sig
[2010/04/10 05:34:12 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2010/04/10 02:40:02 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2010/04/10 02:07:41 | 000,006,126 | R--- | C] () -- C:\WINDOWS\System32\atifglpf.xml
[2010/04/10 02:07:40 | 003,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2010/04/10 02:07:40 | 000,136,650 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/04/10 02:07:39 | 000,655,842 | R--- | C] () -- C:\WINDOWS\System32\drivers\ativcaxx.cpa
[2010/04/10 02:07:39 | 000,036,272 | R--- | C] () -- C:\WINDOWS\System32\drivers\ativvpxx.vp
[2010/04/10 02:07:39 | 000,002,096 | R--- | C] () -- C:\WINDOWS\System32\drivers\ativdkxx.vp
[2010/04/10 02:07:39 | 000,002,096 | R--- | C] () -- C:\WINDOWS\System32\drivers\ativckxx.vp
[2010/04/10 02:07:39 | 000,000,929 | R--- | C] () -- C:\WINDOWS\System32\drivers\ativcaxx.vp
[2010/04/10 00:49:22 | 000,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/04/10 00:49:11 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/04/10 00:49:08 | 059,766,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/04/10 00:26:27 | 000,921,656 | R--- | C] () -- C:\WINDOWS\System32\VGA.RAW
[2010/04/10 00:26:27 | 000,921,656 | ---- | C] () -- C:\WINDOWS\System32\CustomBk.raw
[2010/04/10 00:26:27 | 000,032,768 | ---- | C] () -- C:\WINDOWS\VMUninstNT.exe
[2010/04/10 00:26:27 | 000,032,768 | ---- | C] () -- C:\WINDOWS\VMInstNT.exe
[2010/04/10 00:18:22 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/04/10 00:12:05 | 000,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/04/09 23:55:30 | 000,102,400 | -H-- | C] () -- C:\Documents and Settings\admin\ntuser.dat.LOG
[2010/04/09 23:55:30 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\admin\ntuser.ini
[2010/04/09 23:54:15 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2010/04/09 23:52:26 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/04/09 23:50:42 | 000,002,577 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/04/09 23:50:42 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010/04/09 23:50:42 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010/04/09 23:50:42 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2010/04/09 23:50:42 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2010/04/09 23:50:41 | 000,025,065 | ---- | C] () -- C:\WINDOWS\System32\wmpscheme.xml
[2010/04/09 23:50:40 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/04/09 23:50:40 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/04/09 23:50:39 | 000,299,552 | ---- | C] () -- C:\WINDOWS\WMSysPrx.prx
[2010/04/09 23:49:58 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2010/04/09 23:49:58 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/04/09 23:49:54 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/04/09 23:49:54 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/04/09 23:49:54 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/04/09 23:49:54 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/04/09 23:49:54 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/04/09 23:49:54 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010/04/09 23:49:40 | 004,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2010/04/09 23:48:56 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2010/04/09 23:48:56 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2010/04/09 23:48:50 | 000,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2010/04/09 23:48:08 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/04/09 23:47:13 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2010/04/09 23:47:13 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2010/04/09 23:47:13 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2010/04/09 23:47:13 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2010/04/09 23:47:13 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2010/04/09 23:47:13 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2010/04/09 23:47:13 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2010/04/09 23:47:13 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2010/04/09 23:47:13 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2010/04/09 23:47:13 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2010/04/09 23:47:13 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2010/04/09 23:47:12 | 000,093,702 | ---- | C] () -- C:\WINDOWS\System32\subrange.uce
[2010/04/09 23:47:12 | 000,060,458 | ---- | C] () -- C:\WINDOWS\System32\ideograf.uce
[2010/04/09 23:47:12 | 000,024,006 | ---- | C] () -- C:\WINDOWS\System32\gb2312.uce
[2010/04/09 23:47:12 | 000,016,740 | ---- | C] () -- C:\WINDOWS\System32\shiftjis.uce
[2010/04/09 23:47:12 | 000,012,876 | ---- | C] () -- C:\WINDOWS\System32\korean.uce
[2010/04/09 23:47:12 | 000,008,484 | ---- | C] () -- C:\WINDOWS\System32\kanji_2.uce
[2010/04/09 23:47:12 | 000,006,948 | ---- | C] () -- C:\WINDOWS\System32\kanji_1.uce
[2010/04/09 23:47:11 | 000,022,984 | ---- | C] () -- C:\WINDOWS\System32\bopomofo.uce
[2010/04/09 23:47:08 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2010/04/09 23:47:08 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2010/04/09 23:47:06 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2010/04/09 23:46:52 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2010/04/09 16:41:37 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/04/09 16:41:31 | 001,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd
[2010/04/09 16:41:31 | 000,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf
[2010/04/09 16:41:30 | 000,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa
[2010/04/09 16:41:30 | 000,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa
[2010/04/09 16:41:27 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_857.nls
[2010/04/09 16:41:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28599.nls
[2010/04/09 16:41:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10081.nls
[2010/04/09 16:41:25 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28595.NLS
[2010/04/09 16:41:25 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10017.nls
[2010/04/09 16:41:25 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10007.nls
[2010/04/09 16:41:23 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_869.nls
[2010/04/09 16:41:23 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_737.nls
[2010/04/09 16:41:23 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_875.nls
[2010/04/09 16:41:23 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28597.NLS
[2010/04/09 16:41:23 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10006.nls
[2010/04/09 16:41:22 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_866.nls
[2010/04/09 16:41:22 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_855.nls
[2010/04/09 16:41:22 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28594.NLS
[2010/04/09 16:41:20 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_852.nls
[2010/04/09 16:41:20 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10082.nls
[2010/04/09 16:41:20 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10029.nls
[2010/04/09 16:41:20 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10010.nls
[2010/04/09 16:41:19 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20127.nls
[2010/04/09 16:41:15 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2010/04/09 16:41:08 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2010/04/09 16:41:08 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2010/04/09 16:41:08 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2010/04/09 16:41:08 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2010/04/09 16:41:08 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2010/04/09 16:41:08 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2010/04/09 16:40:37 | 000,142,832 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/09 16:39:19 | 000,000,304 | RHS- | C] () -- C:\boot.ini
[2010/04/09 16:39:16 | 000,000,261 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2005/02/17 23:07:48 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATKACPI.sys
[2004/08/04 13:59:19 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\intelppm.sys

========== LOP Check ==========

[2010/05/06 01:14:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\BITS
[2010/04/11 07:02:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\FlashGet
[2010/04/11 07:02:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\FlashGetBHO
[2010/04/10 00:46:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/04/10 01:42:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/04/10 08:13:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/04/10 00:12:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/05/09 09:09:24 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/05/09 08:29:22 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job

========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2006/10/25 11:20:16 | 000,303,104 | ---- | M] (ATI Technologies Inc.) Unable to obtain MD5 -- C:\WINDOWS\system32\ATIDEMGR.dll
[7 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2010/04/10 05:37:37 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010/04/10 13:50:09 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2010/04/10 05:37:37 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2010/04/10 13:50:09 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/14 02:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/14 02:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 14:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2010/04/10 05:37:37 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010/04/10 13:50:09 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2010/04/10 05:37:37 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2010/04/10 13:50:09 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/14 02:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/14 02:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/14 02:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008/04/14 02:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\i386\atapi.sys
[2004/08/04 13:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 08:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 08:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 15:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 08:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 08:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 15:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 15:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 08:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 08:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >
< End of report >














OTL Extras logfile created on: 5/9/2010 7:59:36 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\admin\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 65.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 62.73 Gb Total Space | 45.47 Gb Free Space | 72.48% Space Free | Partition Type: NTFS
Drive D: | 49.06 Gb Total Space | 12.87 Gb Free Space | 26.24% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ADMIN-QDCKQM0FV
Current User Name: admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-725345543-343818398-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3 -- (Trend Media Corporation Limited)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{17E2F183-BAC4-4D01-BD7A-59F781E17EFA}" = REALTEK PCIE NIC Driver
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java™ 6 Update 19
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{4462AD13-F2AA-4CBD-9F95-293C38EED870}" = Power4 Gear
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51B2C211-71AD-46A4-83B8-7D15015212E8}" = ATI Catalyst Control Center
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{61F1704D-38E4-45D3-B1A0-6DF3CDA05F07}" = Vimicro 321 Camera
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{90CC4231-94AC-45CD-991A-0253BFAC0650}" = mDrWiFi
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"AVG9Uninstall" = AVG Free 9.0
"DivX Setup.divx.com" = DivX Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FlashGet 3.3" = FlashGet 3.3
"HControl" = ATK0100 ACPI UTILITY
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"ProInst" = Intel® PROSet/Wireless Software
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 1.0.5
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/8/2010 8:06:21 PM | Computer Name = ADMIN-QDCKQM0FV | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 156250

Error - 5/8/2010 8:06:36 PM | Computer Name = ADMIN-QDCKQM0FV | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 5/8/2010 8:06:36 PM | Computer Name = ADMIN-QDCKQM0FV | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 171875

Error - 5/8/2010 8:06:36 PM | Computer Name = ADMIN-QDCKQM0FV | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 171875

Error - 5/8/2010 8:06:52 PM | Computer Name = ADMIN-QDCKQM0FV | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 5/8/2010 8:06:52 PM | Computer Name = ADMIN-QDCKQM0FV | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 187500

Error - 5/8/2010 8:06:52 PM | Computer Name = ADMIN-QDCKQM0FV | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 187500

Error - 5/8/2010 8:07:08 PM | Computer Name = ADMIN-QDCKQM0FV | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 5/8/2010 8:07:08 PM | Computer Name = ADMIN-QDCKQM0FV | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 203125

Error - 5/8/2010 8:07:08 PM | Computer Name = ADMIN-QDCKQM0FV | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 203125

[ System Events ]
Error - 4/17/2010 1:16:54 PM | Computer Name = ADMIN-QDCKQM0FV | Source = DCOM | ID = 10010
Description = The server {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} did not register
with DCOM within the required timeout.

Error - 4/18/2010 11:30:09 PM | Computer Name = ADMIN-QDCKQM0FV | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 128.120.104.73
on the Network Card with network address 001B776442E6.

Error - 4/19/2010 4:21:28 PM | Computer Name = ADMIN-QDCKQM0FV | Source = Dhcp | ID = 1002
Description = The IP address lease 0.0.0.0 for the Network Card with network address
001B776442E6 has been denied by the DHCP server 128.120.104.250 (The DHCP Server
sent a DHCPNACK message).

Error - 4/19/2010 6:50:10 PM | Computer Name = ADMIN-QDCKQM0FV | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 128.120.104.58
with the system having network hardware address 00:13:02:BD:E7:8F. Network operations
on this system may be disrupted as a result.

Error - 4/20/2010 3:40:53 AM | Computer Name = ADMIN-QDCKQM0FV | Source = DCOM | ID = 10010
Description = The server {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} did not register
with DCOM within the required timeout.

Error - 4/20/2010 8:49:29 PM | Computer Name = ADMIN-QDCKQM0FV | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 128.120.104.235
on the Network Card with network address 001B776442E6.


< End of report >

Edited by kclo89, 10 May 2010 - 04:40 PM.


#4 kclo89

kclo89
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 10 May 2010 - 01:20 PM

Sorry, There seems to be a problem posting the logs. I'll try again on another computer

Edit: OK, I finally managed to post the logs (except GMER, the log was deleted and I'm rerunning the scan right now)


New symptoms:
- Browser redirect occuring more frequently
- New tabs opening automatically to unknown sites
- Computer slowdown
- Windows Live Messenger no longer works
- AVG Free consistently picks up Trojan warnings
- Programs with strange file names in the Startup section when open msconfig
- Can't post on forums & Can't email --> Whenever I attempt to do this, Firefox goes into a "Connection time out" page

I'll provide the GMER log as soon as I can. Thanks for the help!

Update:
GMER in Safe Mode failed. Went to blue screen after about 10 minutes (Said something about a memory dump).
Also, "dumprep 0-k" appeared in msconfig under Startup

Edited by kclo89, 10 May 2010 - 05:01 PM.


#5 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:06:02 PM

Posted 10 May 2010 - 06:15 PM

Hello, kclo89.
ok, the dumprep is the startup item to create the dump report after the blue screen. the GMER log would be very helpful, but let's push on first.



Next, please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop as kclo89CF.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on kclo89CF.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs.

etavares

Edited by etavares, 10 May 2010 - 06:16 PM.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#6 kclo89

kclo89
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 10 May 2010 - 10:06 PM

Thanks for the quick response!

I ran ComboFix like you asked. I disabled Ad-Aware, but near the end, when ComboFix was generating the log, since the computer had restarted, Ad-Aware was started up automatically. Not sure if that would have messed with ComboFix, but just letting you know.

I'm wondering: Do you still need the GMER log?

Changes/Symptoms Remaining after ComboFix:
- Still can't log in on Windows Live Messenger (I'm guessing the virus changed some connection settings?)
- Tried clicking some search links, and no popups/redirects at the moment



ComboFix Log:


ComboFix 10-05-10.02 - admin 05/11/2010 10:48:54.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1549 [GMT 8:00]
Running from: c:\documents and settings\admin\Desktop\kclo89CF.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\admin\Application Data\BITS
c:\documents and settings\admin\Application Data\BITS\BITS.ini
c:\documents and settings\admin\Application Data\BITS\DHTTable.dat
c:\documents and settings\admin\Application Data\BITS\ProxyList.ini
c:\documents and settings\admin\Application Data\BITS\Torrent\20100411070347.torrent
c:\documents and settings\admin\Application Data\BITS\Torrent\20100411070347.torrent.filelist
c:\documents and settings\admin\Application Data\BITS\Torrent\20100411070419.torrent
c:\documents and settings\admin\Application Data\BITS\Torrent\20100411070419.torrent.filelist
c:\documents and settings\admin\Application Data\BITS\Torrent\20100411070420.torrent
c:\documents and settings\admin\Application Data\BITS\Torrent\20100411070420.torrent.~tmp
c:\documents and settings\admin\Application Data\BITS\Torrent\20100411070420.torrent.bits
c:\documents and settings\admin\Application Data\BITS\Torrent\20100411070420.torrent.filelist
c:\documents and settings\admin\Application Data\BITS\Torrent\20100411070420.torrent.hybridlist
c:\documents and settings\admin\Application Data\BITS\Torrent\20100411070420.torrent.seeds
c:\documents and settings\admin\Application Data\BITS\Torrent\20100411070420.torrent.statistic
c:\documents and settings\admin\Application Data\BITS\Torrent\20100411164041.torrent
c:\documents and settings\admin\Application Data\BITS\Torrent\20100411164041.torrent.filelist
c:\documents and settings\admin\Application Data\BITS\Torrent\20100412125722.torrent
c:\documents and settings\admin\Application Data\BITS\Torrent\20100412125722.torrent.filelist
c:\documents and settings\admin\Application Data\BITS\Torrent\20100506011201.torrent
c:\documents and settings\admin\Application Data\BITS\Torrent\20100506011201.torrent.filelist
c:\documents and settings\admin\Application Data\BITS\Torrent\20100506011236.torrent
c:\documents and settings\admin\Application Data\BITS\Torrent\20100506011236.torrent.filelist
c:\documents and settings\admin\Application Data\BITS\Torrent\20100506011425.torrent
c:\documents and settings\admin\Application Data\BITS\Torrent\20100506011425.torrent.filelist
c:\documents and settings\admin\Application Data\BITS\UPnP.ini
c:\documents and settings\admin\Application Data\FlashGetBHO
c:\documents and settings\admin\Application Data\FlashGetBHO\FlashGetBHO3.dll
c:\documents and settings\admin\Application Data\FlashGetBHO\FlashGetHook.dll
c:\documents and settings\admin\Application Data\FlashGetBHO\GetAllUrl.htm
c:\documents and settings\admin\Application Data\FlashGetBHO\GetUrl.htm
c:\program files\FlashGet Network
c:\program files\FlashGet Network\FlashGet 3\20100411163812.torrent
c:\program files\FlashGet Network\FlashGet 3\20100411163812.torrent.filelist
c:\program files\FlashGet Network\FlashGet 3\adns.dll
c:\program files\FlashGet Network\FlashGet 3\btcoreu.dll
c:\program files\FlashGet Network\FlashGet 3\BugReport.dll
c:\program files\FlashGet Network\FlashGet 3\BugReport.exe
c:\program files\FlashGet Network\FlashGet 3\cd1.ico
c:\program files\FlashGet Network\FlashGet 3\ckcore.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\14_43260.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\28_83260.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\atrc.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\Codecs.zip
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\cook.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\ddnt3260.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\dnet3260.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\drv1.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\drv2.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\drvc.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\hxltcolor.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\raac.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\ralf.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\rv10.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\rv20.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\rv30.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\rv40.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\sipr.dll
c:\program files\FlashGet Network\FlashGet 3\commonlib.dll
c:\program files\FlashGet Network\FlashGet 3\componentskrnl.dll
c:\program files\FlashGet Network\FlashGet 3\config\clients.met
c:\program files\FlashGet Network\FlashGet 3\config\clients.met.bak
c:\program files\FlashGet Network\FlashGet 3\config\cryptkey.dat
c:\program files\FlashGet Network\FlashGet 3\config\emfriends.met
c:\program files\FlashGet Network\FlashGet 3\config\known.met
c:\program files\FlashGet Network\FlashGet 3\config\known2_64.met
c:\program files\FlashGet Network\FlashGet 3\config\preferences.dat
c:\program files\FlashGet Network\FlashGet 3\config\preferences.ini
c:\program files\FlashGet Network\FlashGet 3\config\server.met
c:\program files\FlashGet Network\FlashGet 3\config\server_met.old
c:\program files\FlashGet Network\FlashGet 3\config\upload.met
c:\program files\FlashGet Network\FlashGet 3\corestat.dll
c:\program files\FlashGet Network\FlashGet 3\dat\Appsetting.cfg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_33665566.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_5-04400194A.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_5_4504_1.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_icon01.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_icon03.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_icon04.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_logo.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_Nona4me.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_Noname111.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_Noname3.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_qingrenjie1241.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_tianyuzhi1211.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\dian.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\directui_new_1273054514.zip
c:\program files\FlashGet Network\FlashGet 3\dat\directui\gameall.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\gametop.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\newgame.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\newmovie.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\p1.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\p2.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\p3.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\p4.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\p5.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\p6.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\p7.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\p8.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\reom.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\rescenter.txt
c:\program files\FlashGet Network\FlashGet 3\dat\directui\soft.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\tab.gif
c:\program files\FlashGet Network\FlashGet 3\dat\FlashGet3db.bak
c:\program files\FlashGet Network\FlashGet 3\dat\FlashGet3db.db
c:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\domain_url_list_en.zip
c:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\port.ini
c:\program files\FlashGet Network\FlashGet 3\dat\stat\skinpreview\preview_blue.png
c:\program files\FlashGet Network\FlashGet 3\dat\stat\skinpreview\preview_classic.png
c:\program files\FlashGet Network\FlashGet 3\dat\stat\skinpreview\preview_white.png
c:\program files\FlashGet Network\FlashGet 3\dat\stat\statdata\statinfo.dat
c:\program files\FlashGet Network\FlashGet 3\dat\torrent\718468_Microsoft office 2007.torrent
c:\program files\FlashGet Network\FlashGet 3\dbghelp.dll
c:\program files\FlashGet Network\FlashGet 3\fg.ico
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\default.htm
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\FGResDetector.conf
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\banner.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\bullet.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\close.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\closelabel.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\download-icon.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\explorer.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\ftp.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\image.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\introTextBg.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\loading.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\nextlabel.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\prevlabel.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\software.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\vod.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\FGResDetector.exe
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\about.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\ftplist_tree_icon.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\option_icon.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\quickop_hide.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\quickop_show.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\statusbar_bk.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\tasktab_close.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_back.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_bk.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_close.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_forward.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_refresh.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\lang\l.eng.xml
c:\program files\FlashGet Network\FlashGet 3\FGSoftware.exe
c:\program files\FlashGet Network\FlashGet 3\Flashget3.exe
c:\program files\FlashGet Network\FlashGet 3\FlashGet3.xpi
c:\program files\FlashGet Network\FlashGet 3\FlashGetBHO3.dll
c:\program files\FlashGet Network\FlashGet 3\FlashGetHook.dll
c:\program files\FlashGet Network\FlashGet 3\fnsArchive.dll
c:\program files\FlashGet Network\FlashGet 3\fnsDirectuix.dll
c:\program files\FlashGet Network\FlashGet 3\fnsLanguage.dll
c:\program files\FlashGet Network\FlashGet 3\fnslanguage_en.dll
c:\program files\FlashGet Network\FlashGet 3\fnsScheduler.dll
c:\program files\FlashGet Network\FlashGet 3\fnsSecurity.dll
c:\program files\FlashGet Network\FlashGet 3\fnsSkinX.dll
c:\program files\FlashGet Network\FlashGet 3\fnsStatistics.dll
c:\program files\FlashGet Network\FlashGet 3\game.ico
c:\program files\FlashGet Network\FlashGet 3\gb2312-unicode.dic
c:\program files\FlashGet Network\FlashGet 3\gdiplus.dll
c:\program files\FlashGet Network\FlashGet 3\GetAllUrl.htm
c:\program files\FlashGet Network\FlashGet 3\GetUrl.htm
c:\program files\FlashGet Network\FlashGet 3\GoogleToolbarInstaller_download_signed.exe
c:\program files\FlashGet Network\FlashGet 3\libem.dll
c:\program files\FlashGet Network\FlashGet 3\license.txt
c:\program files\FlashGet Network\FlashGet 3\lst_tz.bin
c:\program files\FlashGet Network\FlashGet 3\P2PCfg.ini
c:\program files\FlashGet Network\FlashGet 3\p2pcore.dll
c:\program files\FlashGet Network\FlashGet 3\p2score.dll
c:\program files\FlashGet Network\FlashGet 3\perf.ini
c:\program files\FlashGet Network\FlashGet 3\pncrt.dll
c:\program files\FlashGet Network\FlashGet 3\pstat.dat
c:\program files\FlashGet Network\FlashGet 3\pup.dat
c:\program files\FlashGet Network\FlashGet 3\RdOldDb.dll
c:\program files\FlashGet Network\FlashGet 3\RealMediaSplitter.ax
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\BarSet.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\btn_check.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\btn_normal.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\btn_radio.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\desktoplink.ico
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\login_line.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\menu_icon.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\option_line.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\option_page_line.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\skin.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\SuspendLogo.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\SuspendNoLogo.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_backgrand.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_cancle.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_catgroy.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_group.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_new.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_open.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_option.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_pause.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_recly.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_start.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbarbutton_left.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbarbutton_middle.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbarbutton_right.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\top_logotitle.gif
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\torrent.ico
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\userinfo_head.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\VistaStyleListItems.bmp
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\preview.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\skin.xml
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\sound\loginfailed.wav
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\sound\loginsucc.wav
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\sound\msgnotify.wav
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\sound\notify.wav
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\topmain.png
c:\program files\FlashGet Network\FlashGet 3\SnapShot.dll
c:\program files\FlashGet Network\FlashGet 3\storage.dll
c:\program files\FlashGet Network\FlashGet 3\SysOptimize.exe
c:\program files\FlashGet Network\FlashGet 3\uninst.exe
c:\program files\FlashGet Network\FlashGet 3\VodCore.dll
c:\program files\FlashGet Network\FlashGet 3\zlib.dll
c:\windows\system32\secustat.dat

Infected copy of c:\windows\system32\DRIVERS\intelppm.sys was found and disinfected
Restored copy from - Kitty had a snack tongue.gif
.
((((((((((((((((((((((((( Files Created from 2010-04-11 to 2010-05-11 )))))))))))))))))))))))))))))))
.

2010-05-11 02:42 . 2008-04-13 18:31 36352 -c--a-w- c:\windows\system32\dllcache\intelppm.sys
2010-05-11 02:42 . 2008-04-13 18:31 36352 ----a-w- c:\windows\system32\drivers\intelppm.sys
2010-05-08 03:50 . 2010-05-08 11:28 -------- d-----w- c:\windows\system32\MpEngineStore
2010-05-08 02:53 . 2010-05-08 03:41 -------- d-----w- c:\documents and settings\admin\Local Settings\Application Data\amfaqkqff
2010-05-08 02:52 . 2010-05-08 02:53 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-06 18:39 . 2010-05-08 01:20 -------- d-----w- c:\documents and settings\admin\Local Settings\Application Data\qyhaptbup
2010-05-06 09:41 . 2010-04-30 01:20 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-05-06 06:16 . 2010-05-08 04:12 63488 ----a-w- c:\documents and settings\admin\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-05-06 06:16 . 2010-05-06 06:16 52224 ----a-w- c:\documents and settings\admin\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-05-06 06:16 . 2010-05-08 04:12 117760 ----a-w- c:\documents and settings\admin\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-05-06 06:15 . 2010-05-06 06:15 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-05-06 06:15 . 2010-05-06 06:15 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-05-06 06:15 . 2010-05-06 06:15 -------- d-----w- c:\documents and settings\admin\Application Data\SUPERAntiSpyware.com
2010-05-06 06:14 . 2010-05-06 06:14 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-05 03:51 . 2010-05-05 07:28 -------- d-----w- c:\program files\Windows Live Safety Center
2010-05-04 17:24 . 2010-05-04 17:24 -------- d-----w- c:\documents and settings\admin\Application Data\DivX
2010-05-04 17:23 . 2010-05-04 17:23 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-05-04 17:23 . 2010-05-04 17:21 754984 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-05-04 17:23 . 2010-05-04 17:21 1180952 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-05-04 17:23 . 2010-04-12 04:52 500400 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivX7\DivX Web Player\DivXWebPlayerUninstall.exe
2010-05-04 17:23 . 2010-05-04 17:23 56766 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-05-04 17:23 . 2010-05-04 17:23 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-05-04 17:23 . 2010-05-04 17:23 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
2010-05-04 17:23 . 2010-05-04 17:23 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
2010-05-04 17:22 . 2010-05-04 17:23 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
2010-05-04 17:22 . 2010-05-04 17:22 56458 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-05-04 17:22 . 2010-05-04 17:22 54174 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe
2010-05-04 17:22 . 2010-05-04 17:22 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-05-04 17:22 . 2010-05-04 17:22 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-05-04 17:22 . 2010-05-04 17:22 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-05-04 17:22 . 2010-05-04 17:22 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-05-04 17:21 . 2010-05-04 17:21 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-05-04 16:57 . 2010-05-04 16:57 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-05-04 16:01 . 2010-05-04 16:01 -------- d-----w- c:\windows\system32\wbem\Repository
2010-05-04 10:04 . 2010-05-04 17:23 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-04-25 11:49 . 2010-04-25 11:49 -------- d-----w- C:\$AVG
2010-04-20 16:33 . 2010-04-20 16:33 242696 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-04-20 16:31 . 2010-04-20 16:31 1689952 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-04-18 18:45 . 2008-04-14 00:12 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2010-04-18 18:25 . 2010-04-18 18:25 -------- d-----w- c:\program files\Windows Media Connect 2
2010-04-18 18:24 . 2010-04-18 18:25 -------- d-----w- C:\cf836867ad0ba1c31a689d18c5586426
2010-04-18 18:24 . 2010-04-18 18:24 -------- d-----w- c:\windows\system32\drivers\UMDF
2010-04-18 18:24 . 2010-04-18 18:24 -------- d-----w- c:\windows\system32\LogFiles
2010-04-18 18:23 . 2010-04-18 18:24 -------- d-----w- C:\c790cb70683f31a8e63f007677f251b9
2010-04-15 09:03 . 2008-04-14 00:12 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-04-15 02:18 . 2010-05-08 19:51 -------- d-----w- c:\documents and settings\admin\Application Data\U3
2010-04-15 01:39 . 2010-04-15 01:39 4076824 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
2010-04-15 01:39 . 2010-04-15 01:39 2059544 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtray.exe
2010-04-15 01:39 . 2010-04-15 01:39 598296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgsrmx.dll
2010-04-15 01:39 . 2010-04-15 01:39 4250976 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-04-15 01:39 . 2010-04-15 01:39 313112 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avglogx.dll
2010-04-15 01:39 . 2010-04-15 01:39 1598744 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll
2010-04-15 01:39 . 2010-04-15 01:39 1515224 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgwd.dll
2010-04-15 01:39 . 2010-04-15 01:39 1274136 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
2010-04-15 01:39 . 2010-04-15 01:39 556824 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchjwx.dll
2010-04-15 01:39 . 2010-04-15 01:39 459544 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcclix.dll
2010-04-15 01:39 . 2010-04-15 01:39 301336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchclx.dll
2010-04-15 01:39 . 2010-04-15 01:39 1086744 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchsvx.exe
2010-04-15 01:37 . 2010-04-15 01:37 1035032 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-04-12 04:56 . 2010-04-12 04:56 -------- d-----w- c:\windows\Sun
2010-04-12 04:56 . 2010-04-12 04:56 503808 ----a-w- c:\documents and settings\admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-363ee268-n\msvcp71.dll
2010-04-12 04:56 . 2010-04-12 04:56 499712 ----a-w- c:\documents and settings\admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-363ee268-n\jmc.dll
2010-04-12 04:56 . 2010-04-12 04:56 348160 ----a-w- c:\documents and settings\admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-363ee268-n\msvcr71.dll
2010-04-12 04:56 . 2010-04-12 04:56 61440 ----a-w- c:\documents and settings\admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-16eeca2e-n\decora-sse.dll
2010-04-12 04:56 . 2010-04-12 04:56 12800 ----a-w- c:\documents and settings\admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-16eeca2e-n\decora-d3d.dll
2010-04-12 04:56 . 2010-04-12 04:56 -------- d-----w- c:\program files\Common Files\Java
2010-04-12 04:55 . 2010-04-12 04:55 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-12 04:55 . 2010-04-12 04:55 -------- d-----w- c:\program files\Java
2010-04-12 04:47 . 2010-05-04 17:22 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-04-12 04:47 . 2010-05-04 17:23 -------- d-----w- c:\program files\DivX
2010-04-12 04:44 . 2010-04-12 04:50 -------- d-----w- c:\windows\ie8updates
2010-04-12 02:53 . 2010-02-25 06:24 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-04-12 02:53 . 2010-02-25 06:24 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-04-11 17:01 . 2010-04-11 17:01 -------- d-sh--w- c:\documents and settings\admin\IECompatCache
2010-04-11 17:01 . 2010-04-11 17:01 -------- d-sh--w- c:\documents and settings\admin\PrivacIE
2010-04-11 09:28 . 2010-04-11 09:28 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-04-11 09:09 . 2010-04-11 09:09 -------- d-----w- c:\program files\Microsoft Silverlight
2010-04-11 08:59 . 2010-04-11 08:59 -------- d-sh--w- c:\documents and settings\admin\IETldCache
2010-04-11 08:50 . 2010-05-06 10:39 -------- d-----w- c:\documents and settings\admin\Application Data\vlc
2010-04-11 08:48 . 2010-04-11 08:48 -------- d-----w- c:\program files\VideoLAN
2010-04-11 08:42 . 2010-04-11 08:43 -------- dc-h--w- c:\windows\ie8
2010-04-11 08:37 . 2010-04-11 08:37 -------- d-----w- c:\documents and settings\admin\Application Data\MSN6
2010-04-11 08:37 . 2010-04-11 08:37 -------- d-----w- c:\documents and settings\All Users\Application Data\MSN6
2010-04-11 08:21 . 2010-04-11 08:21 -------- d-----w- c:\windows\system32\XPSViewer
2010-04-11 08:21 . 2010-04-11 08:21 -------- d-----w- c:\program files\MSBuild
2010-04-11 08:21 . 2010-04-11 08:21 -------- d-----w- c:\program files\Reference Assemblies
2010-04-11 08:21 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-04-11 08:20 . 2010-04-11 08:21 -------- d-----w- C:\1bfdfa66a60035860c795648
2010-04-11 08:20 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-04-11 08:20 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-04-11 08:20 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-04-11 08:20 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-04-11 08:20 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-04-11 08:20 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-04-11 08:20 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-04-11 08:20 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-04-11 06:43 . 2010-04-11 06:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-04-11 06:43 . 2010-04-11 06:43 -------- d-----w- c:\documents and settings\admin\Application Data\Office Genuine Advantage
2010-04-11 06:29 . 2010-04-11 06:29 -------- d-----w- c:\program files\MSXML 4.0
2010-04-11 05:52 . 2010-04-25 03:23 -------- d-----w- c:\documents and settings\admin\Local Settings\Application Data\Adobe
2010-04-11 05:39 . 2010-04-11 05:39 -------- d-----w- c:\program files\Microsoft.NET
2010-04-11 05:37 . 2010-04-11 05:37 -------- d-----w- c:\windows\SHELLNEW
2010-04-11 05:36 . 2010-04-11 05:36 -------- d-----w- c:\documents and settings\admin\Local Settings\Application Data\Microsoft Help
2010-04-11 05:36 . 2010-04-19 20:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-04-11 05:35 . 2010-04-11 05:35 -------- d-----r- C:\MSOCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-10 08:47 . 2010-04-10 01:38 -------- d-----w- c:\documents and settings\admin\Application Data\Skype
2010-05-10 08:32 . 2010-04-10 01:39 -------- d-----w- c:\documents and settings\admin\Application Data\skypePM
2010-05-05 17:12 . 2010-04-10 23:03 891 ----a-w- c:\windows\system32\secushr.dat
2010-05-04 16:28 . 2010-04-10 00:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-29 07:39 . 2010-04-10 00:31 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 07:39 . 2010-04-10 00:31 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-20 16:32 . 2010-04-09 16:49 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-11 08:33 . 2010-04-09 21:52 30656 ----a-w- c:\documents and settings\admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-10 23:02 . 2010-04-10 23:02 -------- d-----w- c:\documents and settings\admin\Application Data\FlashGet
2010-04-10 22:58 . 2010-04-10 00:13 -------- d-----w- c:\documents and settings\admin\Application Data\Apple Computer
2010-04-10 09:24 . 2010-04-10 01:38 -------- d-----r- c:\program files\Skype
2010-04-10 06:42 . 2010-04-10 06:42 -------- d-----w- c:\program files\Analog Devices
2010-04-10 06:01 . 2010-04-09 15:50 86327 ----a-w- c:\windows\PCHEALTH\HELPCTR\OfflineCache\index.dat
2010-04-10 01:39 . 2010-04-10 01:39 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-04-10 01:38 . 2010-04-10 01:38 -------- d-----w- c:\program files\Common Files\Skype
2010-04-10 01:38 . 2010-04-10 01:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-04-10 01:18 . 2010-04-10 01:18 -------- d-----w- c:\program files\Microsoft
2010-04-10 01:18 . 2010-04-10 01:17 -------- d-----w- c:\program files\Windows Live
2010-04-10 01:18 . 2010-04-10 01:18 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-04-10 01:15 . 2010-04-10 01:15 -------- d-----w- c:\program files\Common Files\Windows Live
2010-04-10 00:31 . 2010-04-10 00:31 -------- d-----w- c:\documents and settings\admin\Application Data\Malwarebytes
2010-04-10 00:31 . 2010-04-10 00:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-10 00:13 . 2010-04-10 00:12 -------- d-----w- c:\program files\iTunes
2010-04-10 00:13 . 2010-04-10 00:12 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-10 00:13 . 2010-04-10 00:13 -------- d-----w- c:\program files\iPod
2010-04-10 00:12 . 2010-04-10 00:12 -------- d-----w- c:\program files\QuickTime
2010-04-10 00:12 . 2010-04-10 00:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-04-10 00:12 . 2010-04-10 00:11 -------- d-----w- c:\program files\Apple Software Update
2010-04-10 00:11 . 2010-04-10 00:11 -------- d-----w- c:\program files\Bonjour
2010-04-10 00:11 . 2010-04-10 00:11 -------- d-----w- c:\program files\Common Files\Apple
2010-04-10 00:11 . 2010-04-10 00:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-04-10 00:04 . 2010-04-10 00:04 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Intel
2010-04-10 00:04 . 2010-04-10 00:04 -------- d-----w- c:\documents and settings\LocalService\Application Data\Intel
2010-04-10 00:04 . 2010-04-10 00:04 -------- d-----w- c:\documents and settings\admin\Application Data\Intel
2010-04-10 00:04 . 2010-04-10 00:04 319488 ----a-w- c:\windows\system32\AegisI5Installer.exe
2010-04-10 00:04 . 2010-04-10 00:04 21425 ----a-w- c:\windows\system32\drivers\AegisP.sys
2010-04-10 00:04 . 2010-04-10 00:04 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Intel
2010-04-10 00:04 . 2010-04-10 00:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Intel
2010-04-10 00:03 . 2010-04-09 17:53 -------- d-----w- c:\program files\Intel
2010-04-10 00:01 . 2010-04-09 20:49 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-10 00:01 . 2010-04-09 16:32 -------- d-----w- c:\program files\ASUS
2010-04-09 23:56 . 2010-04-09 23:56 -------- d-----w- c:\program files\Synaptics
2010-04-09 23:42 . 2010-04-09 23:42 0 ----a-w- c:\windows\nsreg.dat
2010-04-09 18:19 . 2010-04-09 18:19 -------- d-----w- c:\documents and settings\admin\Application Data\ATI
2010-04-09 18:10 . 2010-04-09 18:07 -------- d-----w- c:\program files\ATI Technologies
2010-04-09 18:09 . 2010-04-09 20:48 -------- d-----w- c:\program files\Common Files\InstallShield
2010-04-09 17:42 . 2010-04-09 17:42 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2010-04-09 16:49 . 2010-04-09 16:49 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-04-09 16:49 . 2010-04-09 16:49 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-04-09 16:49 . 2010-04-09 16:49 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-04-09 16:46 . 2010-04-09 16:46 -------- d-----w- c:\program files\AVG
2010-04-09 16:46 . 2010-04-09 16:46 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-04-09 16:17 . 2010-04-09 16:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-04-09 16:17 . 2010-04-09 16:17 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-04-09 16:12 . 2010-04-09 16:11 -------- d-----w- c:\program files\Lavasoft
2010-04-09 16:12 . 2010-04-09 16:12 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-04-09 16:06 . 2010-04-09 16:06 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-09 15:50 . 2010-04-09 15:50 -------- d-----w- c:\program files\microsoft frontpage
2010-04-09 15:48 . 2010-04-09 15:48 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-03-26 08:48 . 2010-03-26 08:48 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
2010-03-10 06:15 . 2001-08-23 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-02-25 06:24 . 2001-08-23 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2001-08-23 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-19 19:27 . 2010-02-19 19:27 720384 ----a-w- c:\windows\system32\DivX.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2010-02-19 19:27 . 2010-02-19 19:27 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2010-02-19 19:27 . 2010-02-19 19:27 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2010-02-19 19:27 . 2010-02-19 19:27 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2010-02-16 14:08 . 2001-08-23 12:00 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2001-08-17 13:48 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 18:46 . 2010-02-12 18:46 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 18:46 . 2010-02-12 18:46 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-02-12 04:33 . 2001-08-23 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2001-08-23 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-10-14 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-10-21 761945]
"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-15 90112]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-19 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-19 696320]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 07:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-04-09 16:49 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 08:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Live Update]
2006-02-21 22:20 180224 ----a-w- c:\program files\ASUS\ASUS Live Update\ALU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-04-12 22:46 1135912 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-03-26 08:10 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 04:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-04-06 09:27 26102056 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-04-27 09:27 2020592 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [4/10/2010 12:17 AM 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/10/2010 12:49 AM 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/10/2010 12:49 AM 242896]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [4/27/2010 5:30 PM 61440]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [4/10/2010 12:47 AM 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [4/10/2010 12:47 AM 308064]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 11:52 PM 1285864]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\DRIVERS\wg111v2.sys --> c:\windows\system32\DRIVERS\wg111v2.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-05-11 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 01:17]

2010-05-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 18:50]

2010-05-11 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 07:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Download All By FlashGet3 - c:\documents and settings\admin\Application Data\FlashGetBHO\GetAllUrl.htm
IE: Download By FlashGet3 - c:\documents and settings\admin\Application Data\FlashGetBHO\GetUrl.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: kuaiche.com\software
FF - ProfilePath - c:\documents and settings\admin\Application Data\Mozilla\Firefox\Profiles\w511j2ll.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-gbbirvys - c:\documents and settings\admin\Local Settings\Application Data\amfaqkqff\rydlommtssd.exe
MSConfigStartUp-qygfjrcs - c:\documents and settings\admin\Local Settings\Application Data\qyhaptbup\dasaobutssd.exe
AddRemove-FlashGet 3.3 - c:\program files\FlashGet Network\FlashGet 3\uninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-11 10:58
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(952)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(728)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.EXE
c:\windows\ATK0100\ATKOSD.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\ATI Technologies\ATI.ACE\cli.exe
c:\program files\ATI Technologies\ATI.ACE\cli.exe
.
**************************************************************************
.
Completion time: 2010-05-11 11:00:50 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-11 03:00

Pre-Run: 49,350,660,096 bytes free
Post-Run: 50,238,222,336 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect

- - End Of File - - 3A8DE77221D79BAA8FE5B69A5BD770A1

Edited by kclo89, 10 May 2010 - 10:11 PM.


#7 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:06:02 PM

Posted 11 May 2010 - 05:53 PM

Hello, kclo89.

OK, Combofix found the rootkit, so we don't need GMER. However, it was a backdoor rootkit, so please see the warning below. There's still some leftovers we need to deal with.

Was FlashGet3 a legit program? That looks like a false positive to me.

Backdoor Warning
One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you do decide to proceed, please continue with the fix below.









1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

QUOTE
Folder::
c:\documents and settings\admin\Local Settings\Application Data\amfaqkqff
c:\documents and settings\admin\Local Settings\Application Data\qyhaptbup
C:\cf836867ad0ba1c31a689d18c5586426
C:\c790cb70683f31a8e63f007677f251b9
C:\1bfdfa66a60035860c795648
File::
c:\windows\system32\ezsidmv.dat


Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#8 kclo89

kclo89
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 12 May 2010 - 05:26 PM

Hi! Sorry for the delay; Here's the ComboFix Log

Also: Yes, FlashGet3 is a legit program (At least I hope so)



ComboFix 10-05-10.02 - admin 05/13/2010 6:19.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1321 [GMT 8:00]
Running from: c:\documents and settings\admin\Desktop\kclo89CF.exe
Command switches used :: c:\documents and settings\admin\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"c:\windows\system32\ezsidmv.dat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\1bfdfa66a60035860c795648
c:\1bfdfa66a60035860c795648\amd64\filterpipelineprintproc.dll
c:\1bfdfa66a60035860c795648\amd64\msxpsdrv.cat
c:\1bfdfa66a60035860c795648\amd64\msxpsdrv.inf
c:\1bfdfa66a60035860c795648\amd64\msxpsinc.gpd
c:\1bfdfa66a60035860c795648\amd64\msxpsinc.ppd
c:\1bfdfa66a60035860c795648\amd64\mxdwdrv.dll
c:\1bfdfa66a60035860c795648\amd64\xpssvcs.dll
c:\1bfdfa66a60035860c795648\i386\filterpipelineprintproc.dll
c:\1bfdfa66a60035860c795648\i386\msxpsdrv.cat
c:\1bfdfa66a60035860c795648\i386\msxpsdrv.inf
c:\1bfdfa66a60035860c795648\i386\msxpsinc.gpd
c:\1bfdfa66a60035860c795648\i386\msxpsinc.ppd
c:\1bfdfa66a60035860c795648\i386\mxdwdrv.dll
c:\1bfdfa66a60035860c795648\i386\xpssvcs.dll
C:\c790cb70683f31a8e63f007677f251b9
c:\c790cb70683f31a8e63f007677f251b9\update\update.exe
c:\c790cb70683f31a8e63f007677f251b9\update\wudfcustom.dll
C:\cf836867ad0ba1c31a689d18c5586426
c:\cf836867ad0ba1c31a689d18c5586426\update\update.exe
c:\cf836867ad0ba1c31a689d18c5586426\update\updspapi.dll
c:\documents and settings\admin\Local Settings\Application Data\amfaqkqff
c:\documents and settings\admin\Local Settings\Application Data\qyhaptbup
c:\windows\system32\ezsidmv.dat

.
((((((((((((((((((((((((( Files Created from 2010-04-12 to 2010-05-12 )))))))))))))))))))))))))))))))
.

2010-05-12 11:02 . 2010-05-12 11:02 -------- d-----w- c:\windows\LastGood
2010-05-11 02:42 . 2008-04-13 18:31 36352 -c--a-w- c:\windows\system32\dllcache\intelppm.sys
2010-05-11 02:42 . 2008-04-13 18:31 36352 ----a-w- c:\windows\system32\drivers\intelppm.sys
2010-05-08 02:52 . 2010-05-08 02:53 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-06 09:41 . 2010-04-30 01:20 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-05-06 06:16 . 2010-05-08 04:12 63488 ----a-w- c:\documents and settings\admin\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-05-06 06:16 . 2010-05-06 06:16 52224 ----a-w- c:\documents and settings\admin\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-05-06 06:16 . 2010-05-08 04:12 117760 ----a-w- c:\documents and settings\admin\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-05-06 06:15 . 2010-05-06 06:15 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-05-06 06:15 . 2010-05-06 06:15 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-05-06 06:15 . 2010-05-06 06:15 -------- d-----w- c:\documents and settings\admin\Application Data\SUPERAntiSpyware.com
2010-05-06 06:14 . 2010-05-06 06:14 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-05 03:51 . 2010-05-05 07:28 -------- d-----w- c:\program files\Windows Live Safety Center
2010-05-04 17:24 . 2010-05-04 17:24 -------- d-----w- c:\documents and settings\admin\Application Data\DivX
2010-05-04 17:23 . 2010-05-04 17:23 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-05-04 17:23 . 2010-05-04 17:21 754984 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-05-04 17:23 . 2010-05-04 17:21 1180952 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-05-04 17:23 . 2010-04-12 04:52 500400 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivX7\DivX Web Player\DivXWebPlayerUninstall.exe
2010-05-04 17:23 . 2010-05-04 17:23 56766 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-05-04 17:23 . 2010-05-04 17:23 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-05-04 17:23 . 2010-05-04 17:23 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
2010-05-04 17:23 . 2010-05-04 17:23 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
2010-05-04 17:22 . 2010-05-04 17:23 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
2010-05-04 17:22 . 2010-05-04 17:22 56458 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-05-04 17:22 . 2010-05-04 17:22 54174 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe
2010-05-04 17:22 . 2010-05-04 17:22 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-05-04 17:22 . 2010-05-04 17:22 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-05-04 17:22 . 2010-05-04 17:22 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-05-04 17:22 . 2010-05-04 17:22 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-05-04 17:21 . 2010-05-04 17:21 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-05-04 16:57 . 2010-05-04 16:57 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-05-04 16:01 . 2010-05-04 16:01 -------- d-----w- c:\windows\system32\wbem\Repository
2010-05-04 10:04 . 2010-05-04 17:23 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-04-25 11:49 . 2010-04-25 11:49 -------- d-----w- C:\$AVG
2010-04-20 16:33 . 2010-04-20 16:33 242696 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-04-20 16:31 . 2010-04-20 16:31 1689952 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-04-18 18:45 . 2008-04-14 00:12 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2010-04-18 18:25 . 2010-04-18 18:25 -------- d-----w- c:\program files\Windows Media Connect 2
2010-04-18 18:24 . 2010-04-18 18:24 -------- d-----w- c:\windows\system32\drivers\UMDF
2010-04-18 18:24 . 2010-04-18 18:24 -------- d-----w- c:\windows\system32\LogFiles
2010-04-15 09:03 . 2008-04-14 00:12 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-04-15 02:18 . 2010-05-08 19:51 -------- d-----w- c:\documents and settings\admin\Application Data\U3
2010-04-15 01:39 . 2010-04-15 01:39 4076824 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
2010-04-15 01:39 . 2010-04-15 01:39 2059544 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtray.exe
2010-04-15 01:39 . 2010-04-15 01:39 598296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgsrmx.dll
2010-04-15 01:39 . 2010-04-15 01:39 4250976 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-04-15 01:39 . 2010-04-15 01:39 313112 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avglogx.dll
2010-04-15 01:39 . 2010-04-15 01:39 1598744 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll
2010-04-15 01:39 . 2010-04-15 01:39 1515224 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgwd.dll
2010-04-15 01:39 . 2010-04-15 01:39 1274136 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
2010-04-15 01:39 . 2010-04-15 01:39 556824 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchjwx.dll
2010-04-15 01:39 . 2010-04-15 01:39 459544 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcclix.dll
2010-04-15 01:39 . 2010-04-15 01:39 301336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchclx.dll
2010-04-15 01:39 . 2010-04-15 01:39 1086744 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchsvx.exe
2010-04-15 01:37 . 2010-04-15 01:37 1035032 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-12 11:15 . 2010-04-11 05:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-05-10 08:47 . 2010-04-10 01:38 -------- d-----w- c:\documents and settings\admin\Application Data\Skype
2010-05-10 08:32 . 2010-04-10 01:39 -------- d-----w- c:\documents and settings\admin\Application Data\skypePM
2010-05-06 10:39 . 2010-04-11 08:50 -------- d-----w- c:\documents and settings\admin\Application Data\vlc
2010-05-05 17:12 . 2010-04-10 23:03 891 ----a-w- c:\windows\system32\secushr.dat
2010-05-04 17:23 . 2010-04-12 04:47 -------- d-----w- c:\program files\DivX
2010-05-04 17:22 . 2010-04-12 04:47 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-05-04 16:28 . 2010-04-10 00:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-29 07:39 . 2010-04-10 00:31 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 07:39 . 2010-04-10 00:31 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-20 16:32 . 2010-04-09 16:49 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-12 04:56 . 2010-04-12 04:56 503808 ----a-w- c:\documents and settings\admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-363ee268-n\msvcp71.dll
2010-04-12 04:56 . 2010-04-12 04:56 499712 ----a-w- c:\documents and settings\admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-363ee268-n\jmc.dll
2010-04-12 04:56 . 2010-04-12 04:56 348160 ----a-w- c:\documents and settings\admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-363ee268-n\msvcr71.dll
2010-04-12 04:56 . 2010-04-12 04:56 61440 ----a-w- c:\documents and settings\admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-16eeca2e-n\decora-sse.dll
2010-04-12 04:56 . 2010-04-12 04:56 12800 ----a-w- c:\documents and settings\admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-16eeca2e-n\decora-d3d.dll
2010-04-12 04:56 . 2010-04-12 04:56 -------- d-----w- c:\program files\Common Files\Java
2010-04-12 04:55 . 2010-04-12 04:55 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-12 04:55 . 2010-04-12 04:55 -------- d-----w- c:\program files\Java
2010-04-11 09:09 . 2010-04-11 09:09 -------- d-----w- c:\program files\Microsoft Silverlight
2010-04-11 08:48 . 2010-04-11 08:48 -------- d-----w- c:\program files\VideoLAN
2010-04-11 08:37 . 2010-04-11 08:37 -------- d-----w- c:\documents and settings\admin\Application Data\MSN6
2010-04-11 08:37 . 2010-04-11 08:37 -------- d-----w- c:\documents and settings\All Users\Application Data\MSN6
2010-04-11 08:33 . 2010-04-09 21:52 30656 ----a-w- c:\documents and settings\admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-11 08:21 . 2010-04-11 08:21 -------- d-----w- c:\program files\MSBuild
2010-04-11 08:21 . 2010-04-11 08:21 -------- d-----w- c:\program files\Reference Assemblies
2010-04-11 06:43 . 2010-04-11 06:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-04-11 06:43 . 2010-04-11 06:43 -------- d-----w- c:\documents and settings\admin\Application Data\Office Genuine Advantage
2010-04-11 06:29 . 2010-04-11 06:29 -------- d-----w- c:\program files\MSXML 4.0
2010-04-11 05:39 . 2010-04-11 05:39 -------- d-----w- c:\program files\Microsoft.NET
2010-04-10 23:02 . 2010-04-10 23:02 -------- d-----w- c:\documents and settings\admin\Application Data\FlashGet
2010-04-10 22:58 . 2010-04-10 00:13 -------- d-----w- c:\documents and settings\admin\Application Data\Apple Computer
2010-04-10 09:24 . 2010-04-10 01:38 -------- d-----r- c:\program files\Skype
2010-04-10 06:42 . 2010-04-10 06:42 -------- d-----w- c:\program files\Analog Devices
2010-04-10 06:01 . 2010-04-09 15:50 86327 ----a-w- c:\windows\PCHEALTH\HELPCTR\OfflineCache\index.dat
2010-04-10 01:38 . 2010-04-10 01:38 -------- d-----w- c:\program files\Common Files\Skype
2010-04-10 01:38 . 2010-04-10 01:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-04-10 01:18 . 2010-04-10 01:18 -------- d-----w- c:\program files\Microsoft
2010-04-10 01:18 . 2010-04-10 01:17 -------- d-----w- c:\program files\Windows Live
2010-04-10 01:18 . 2010-04-10 01:18 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-04-10 01:15 . 2010-04-10 01:15 -------- d-----w- c:\program files\Common Files\Windows Live
2010-04-10 00:31 . 2010-04-10 00:31 -------- d-----w- c:\documents and settings\admin\Application Data\Malwarebytes
2010-04-10 00:31 . 2010-04-10 00:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-10 00:13 . 2010-04-10 00:12 -------- d-----w- c:\program files\iTunes
2010-04-10 00:13 . 2010-04-10 00:12 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-10 00:13 . 2010-04-10 00:13 -------- d-----w- c:\program files\iPod
2010-04-10 00:12 . 2010-04-10 00:12 -------- d-----w- c:\program files\QuickTime
2010-04-10 00:12 . 2010-04-10 00:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-04-10 00:12 . 2010-04-10 00:11 -------- d-----w- c:\program files\Apple Software Update
2010-04-10 00:11 . 2010-04-10 00:11 -------- d-----w- c:\program files\Bonjour
2010-04-10 00:11 . 2010-04-10 00:11 -------- d-----w- c:\program files\Common Files\Apple
2010-04-10 00:11 . 2010-04-10 00:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-04-10 00:04 . 2010-04-10 00:04 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Intel
2010-04-10 00:04 . 2010-04-10 00:04 -------- d-----w- c:\documents and settings\LocalService\Application Data\Intel
2010-04-10 00:04 . 2010-04-10 00:04 -------- d-----w- c:\documents and settings\admin\Application Data\Intel
2010-04-10 00:04 . 2010-04-10 00:04 319488 ----a-w- c:\windows\system32\AegisI5Installer.exe
2010-04-10 00:04 . 2010-04-10 00:04 21425 ----a-w- c:\windows\system32\drivers\AegisP.sys
2010-04-10 00:04 . 2010-04-10 00:04 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Intel
2010-04-10 00:04 . 2010-04-10 00:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Intel
2010-04-10 00:03 . 2010-04-09 17:53 -------- d-----w- c:\program files\Intel
2010-04-10 00:01 . 2010-04-09 20:49 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-10 00:01 . 2010-04-09 16:32 -------- d-----w- c:\program files\ASUS
2010-04-09 23:56 . 2010-04-09 23:56 -------- d-----w- c:\program files\Synaptics
2010-04-09 23:42 . 2010-04-09 23:42 0 ----a-w- c:\windows\nsreg.dat
2010-04-09 18:19 . 2010-04-09 18:19 -------- d-----w- c:\documents and settings\admin\Application Data\ATI
2010-04-09 18:10 . 2010-04-09 18:07 -------- d-----w- c:\program files\ATI Technologies
2010-04-09 18:09 . 2010-04-09 20:48 -------- d-----w- c:\program files\Common Files\InstallShield
2010-04-09 17:42 . 2010-04-09 17:42 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2010-04-09 16:49 . 2010-04-09 16:49 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-04-09 16:49 . 2010-04-09 16:49 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-04-09 16:49 . 2010-04-09 16:49 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-04-09 16:46 . 2010-04-09 16:46 -------- d-----w- c:\program files\AVG
2010-04-09 16:46 . 2010-04-09 16:46 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-04-09 16:17 . 2010-04-09 16:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-04-09 16:17 . 2010-04-09 16:17 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-04-09 16:12 . 2010-04-09 16:11 -------- d-----w- c:\program files\Lavasoft
2010-04-09 16:12 . 2010-04-09 16:12 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-04-09 16:06 . 2010-04-09 16:06 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-09 15:50 . 2010-04-09 15:50 -------- d-----w- c:\program files\microsoft frontpage
2010-04-09 15:48 . 2010-04-09 15:48 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-03-26 08:48 . 2010-03-26 08:48 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
2010-03-10 06:15 . 2001-08-23 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-02-25 06:24 . 2001-08-23 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2001-08-23 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-19 19:27 . 2010-02-19 19:27 720384 ----a-w- c:\windows\system32\DivX.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2010-02-19 19:27 . 2010-02-19 19:27 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2010-02-19 19:27 . 2010-02-19 19:27 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2010-02-19 19:27 . 2010-02-19 19:27 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2010-02-16 14:08 . 2001-08-23 12:00 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2001-08-17 13:48 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 18:46 . 2010-02-12 18:46 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 18:46 . 2010-02-12 18:46 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-02-12 04:33 . 2001-08-23 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-05-11_02.58.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-11 08:16 . 2010-05-11 08:16 16384 c:\windows\Temp\Perflib_Perfdata_3a0.dat
+ 2010-04-18 18:25 . 2009-05-26 11:40 17272 c:\windows\system32\spmsg.dll
- 2010-04-11 05:40 . 2010-04-15 09:03 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2010-04-11 05:40 . 2010-05-12 11:15 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2010-04-11 05:40 . 2010-04-15 09:03 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2010-04-11 05:40 . 2010-05-12 11:15 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2010-04-11 05:40 . 2010-05-12 11:15 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2010-04-11 05:40 . 2010-04-15 09:03 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2010-04-09 15:48 . 2010-01-29 15:01 691712 c:\windows\system32\inetcomm.dll
- 2010-04-09 15:48 . 2008-04-11 19:04 691712 c:\windows\system32\inetcomm.dll
+ 2010-04-10 05:30 . 2010-01-29 15:01 691712 c:\windows\system32\dllcache\inetcomm.dll
- 2010-04-10 05:30 . 2008-04-11 19:04 691712 c:\windows\system32\dllcache\inetcomm.dll
- 2010-04-11 05:40 . 2010-04-15 09:03 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2010-04-11 05:40 . 2010-05-12 11:15 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2010-04-11 05:40 . 2010-04-15 09:03 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2010-04-11 05:40 . 2010-05-12 11:15 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2010-04-11 05:40 . 2010-05-12 11:15 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2010-04-11 05:40 . 2010-04-15 09:03 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2010-04-11 05:40 . 2010-04-15 09:03 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2010-04-11 05:40 . 2010-05-12 11:15 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2010-04-11 05:40 . 2010-04-15 09:03 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2010-04-11 05:40 . 2010-05-12 11:15 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2010-04-11 05:40 . 2010-04-15 09:03 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2010-04-11 05:40 . 2010-05-12 11:15 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2010-04-11 05:40 . 2010-04-15 09:03 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2010-04-11 05:40 . 2010-05-12 11:15 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2010-04-10 05:30 . 2010-01-29 15:01 1315328 c:\windows\system32\dllcache\msoe.dll
- 2010-04-10 05:30 . 2009-07-10 13:27 1315328 c:\windows\system32\dllcache\msoe.dll
+ 2009-10-15 23:08 . 2009-10-15 23:08 2237952 c:\windows\Installer\5c9e4eb.msp
+ 2010-04-09 07:21 . 2010-04-09 07:21 5025792 c:\windows\Installer\5c9e4d4.msp
- 2010-04-11 05:40 . 2010-04-15 09:03 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2010-04-11 05:40 . 2010-05-12 11:15 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2010-04-11 05:40 . 2010-05-12 11:15 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2010-04-11 05:40 . 2010-04-15 09:03 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-08-25 14:50 . 2008-08-25 14:50 2585592 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\VBE6.DLL
+ 2010-04-09 21:56 . 2010-04-30 18:51 32058312 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-10-14 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-10-21 761945]
"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-15 90112]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-19 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-19 696320]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 07:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-04-09 16:49 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 08:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Live Update]
2006-02-21 22:20 180224 ----a-w- c:\program files\ASUS\ASUS Live Update\ALU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-04-12 22:46 1135912 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-03-26 08:10 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 04:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-04-06 09:27 26102056 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-04-27 09:27 2020592 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [4/10/2010 12:17 AM 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/10/2010 12:49 AM 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/10/2010 12:49 AM 242896]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [4/27/2010 5:30 PM 61440]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [4/10/2010 12:47 AM 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [4/10/2010 12:47 AM 308064]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 11:52 PM 1285864]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\DRIVERS\wg111v2.sys --> c:\windows\system32\DRIVERS\wg111v2.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-05-11 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 01:17]

2010-05-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 18:50]

2010-05-11 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 07:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Download All By FlashGet3 - c:\documents and settings\admin\Application Data\FlashGetBHO\GetAllUrl.htm
IE: Download By FlashGet3 - c:\documents and settings\admin\Application Data\FlashGetBHO\GetUrl.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: kuaiche.com\software
FF - ProfilePath - c:\documents and settings\admin\Application Data\Mozilla\Firefox\Profiles\w511j2ll.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-13 06:23
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(956)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-05-13 06:24:31
ComboFix-quarantined-files.txt 2010-05-12 22:24
ComboFix2.txt 2010-05-11 03:00

Pre-Run: 50,127,077,376 bytes free
Post-Run: 50,082,357,248 bytes free

- - End Of File - - 3AE264B9D11836D424892B427D97917F


#9 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:06:02 PM

Posted 12 May 2010 - 05:54 PM

Hello, kclo89.

OK, we can restore FlashGet3, or you can reinstall yourself. Please attach c:\Qoobox\ComboFix-quarantined-files.txt if you want me to restore it. I need some information to restore.



Step 1

Your Adobe Reader software is out of date and has known security holes. Please launch it, go to Help --> Check for Updates and let it update the main program if needed. Updates the languages and/or dictionaries is optional.



Step 2

I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#10 kclo89

kclo89
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 15 May 2010 - 07:03 PM

Sorry for the Late response!

I'm having difficulties updating Adobe. Each time I try to update it, it just says that the updater's already running, yet it never updates.

Here's the ESET scan log:

C:\Documents and Settings\admin\Application Data\Sun\Java\Deployment\cache\6.0\12\1dd6a40c-19555917 a variant of Java/TrojanDownloader.Agent.NAN trojan
C:\Documents and Settings\admin\Application Data\Sun\Java\Deployment\cache\6.0\29\7adbb65d-4c48bbec a variant of Java/TrojanDownloader.Agent.NAN trojan
C:\Documents and Settings\admin\Application Data\Sun\Java\Deployment\cache\6.0\33\30feb821-51bed6c2 a variant of Java/TrojanDownloader.Agent.NAN trojan
C:\Documents and Settings\admin\Application Data\Sun\Java\Deployment\cache\6.0\48\1b17d530-3f8a335f multiple threats
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\29\7adbb65d-1926314f a variant of Java/TrojanDownloader.Agent.NAN trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\intelppm.sys.vir_ Win32/Olmarik.ZC trojan


#11 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:06:02 PM

Posted 16 May 2010 - 07:20 AM

Hello, kclo89.

Ok, you can uninstall it, download the latest version from Adobe then reinstall it to update it.

Let's clean those Java exploits that ESET found.

How's your computer running?



Step 1

We need run an OTL Script
  1. Please download OTL from one of the following mirrors if you do not still have it.
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Paste the following code under the Custom Scans/Fixes box at the bottom. Do not include the word "Code".
    CODE
    :files
    C:\Documents and Settings\admin\Application Data\Sun\Java\Deployment\cache\6.0\12\1dd6a40c-19555917
    C:\Documents and Settings\admin\Application Data\Sun\Java\Deployment\cache\6.0\29\7adbb65d-4c48bbec
    C:\Documents and Settings\admin\Application Data\Sun\Java\Deployment\cache\6.0\33\30feb821-51bed6c2
    C:\Documents and Settings\admin\Application Data\Sun\Java\Deployment\cache\6.0\48\1b17d530-3f8a335f
    C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\29\7adbb65d-1926314f
  5. Click the Run Fix button at the top.
  6. let the program run unhindered and reboot when it is done.
  7. You will get a log when it is done, please post that in your reply.
  8. Please then create a new OTL report....
  9. Click the "Scan All Users" checkbox.
  10. Push the button.
  11. A report will open, copy and paste it in a reply here.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#12 kclo89

kclo89
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 17 May 2010 - 01:08 PM

Hi etavares!

Actually, my computer's been running a little slow/laggy for the past day and a half. No redirect problems or anything, but it's probably still infected with something.

Here are the logs:

========== FILES ==========
C:\Documents and Settings\admin\Application Data\Sun\Java\Deployment\cache\6.0\12\1dd6a40c-19555917 moved successfully.
C:\Documents and Settings\admin\Application Data\Sun\Java\Deployment\cache\6.0\29\7adbb65d-4c48bbec moved successfully.
C:\Documents and Settings\admin\Application Data\Sun\Java\Deployment\cache\6.0\33\30feb821-51bed6c2 moved successfully.
C:\Documents and Settings\admin\Application Data\Sun\Java\Deployment\cache\6.0\48\1b17d530-3f8a335f moved successfully.
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\29\7adbb65d-1926314f moved successfully.

OTL by OldTimer - Version 3.2.4.1 log created on 05172010_064049
















OTL logfile created on: 5/18/2010 2:01:32 AM - Run 2
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\admin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 64.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 62.73 Gb Total Space | 46.08 Gb Free Space | 73.46% Space Free | Partition Type: NTFS
Drive D: | 49.06 Gb Total Space | 12.87 Gb Free Space | 26.24% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ADMIN-QDCKQM0FV
Current User Name: admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/14 09:17:34 | 001,291,544 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/05/14 09:17:34 | 000,840,416 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/05/09 19:59:02 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\admin\Desktop\OTL.exe
PRC - [2010/04/21 00:32:58 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/04/15 09:38:18 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/04/10 00:48:37 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/04/10 00:48:17 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/04/10 00:47:56 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/04/10 00:47:52 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/04/02 01:58:04 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/20 01:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2008/04/14 08:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/10/19 09:05:18 | 000,434,176 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2006/10/19 09:04:28 | 000,802,816 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2006/10/19 08:58:16 | 000,696,320 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2006/10/19 08:56:52 | 000,946,176 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2006/10/19 08:53:24 | 000,479,232 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2006/10/19 08:49:52 | 000,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2006/10/14 17:37:40 | 000,110,592 | ---- | M] () -- C:\WINDOWS\ATK0100\HControl.exe
PRC - [2006/08/10 22:08:04 | 002,379,776 | ---- | M] () -- C:\WINDOWS\ATK0100\ATKOSD.exe
PRC - [2006/03/15 08:46:00 | 000,090,112 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
PRC - [2006/01/03 07:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe


========== Modules (SafeList) ==========

MOD - [2010/05/09 19:59:02 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\admin\Desktop\OTL.exe
MOD - [2008/04/14 08:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/05/14 09:17:34 | 001,291,544 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/04/10 00:47:56 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/04/10 00:47:52 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/20 01:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2006/10/19 09:05:18 | 000,434,176 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2006/10/19 08:56:52 | 000,946,176 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2006/10/19 08:49:52 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®


========== Driver Services (SafeList) ==========

DRV - [2010/04/27 17:30:10 | 000,061,440 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/04/21 00:32:59 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/04/10 00:49:13 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/04/10 00:49:12 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/04 23:53:02 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2008/04/14 00:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2006/10/25 12:28:46 | 001,777,664 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/10/20 00:29:22 | 000,012,544 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/10/17 11:55:28 | 001,711,104 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw3x32.sys -- (NETw3x32) Intel®
DRV - [2006/06/22 02:16:42 | 000,142,848 | R--- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2005/12/05 15:55:00 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2005/11/17 07:08:16 | 000,078,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTL8023xp)
DRV - [2005/10/22 08:16:16 | 000,227,840 | R--- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbvm321.sys -- (usbvm321) Vimicro USB PC Camera (VC0321)
DRV - [2005/10/21 14:13:08 | 000,191,936 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005/10/01 01:34:10 | 000,310,016 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/09/18 02:01:50 | 000,028,672 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/09/15 03:45:24 | 000,050,560 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/05/21 06:48:12 | 000,010,752 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\ASUS\ASUS Live Update\SYS64\lvupdtio.sys -- (lvupdtio)
DRV - [2005/02/17 23:07:48 | 000,005,632 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2001/08/17 20:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-725345543-343818398-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-725345543-343818398-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-725345543-343818398-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/11 06:54:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/17 06:52:24 | 000,000,000 | ---D | M]

[2010/04/11 06:54:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Mozilla\Extensions
[2010/05/17 06:53:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\w511j2ll.default\extensions
[2010/04/12 12:52:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\w511j2ll.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/16 04:33:10 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/05/11 10:57:50 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Documents and Settings\admin\Application Data\FlashGetBHO\FlashGetBHO3.dll File not found
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe ()
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe (ASUSTeK Computer Inc.)
O4 - HKU\S-1-5-21-725345543-343818398-839522115-1003..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-725345543-343818398-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-725345543-343818398-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-725345543-343818398-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-725345543-343818398-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-725345543-343818398-839522115-1003\..Trusted Domains: kuaiche.com ([software] http in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1270847312998 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.76.182 68.87.78.134 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/09 23:50:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/17 06:40:49 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/05/17 06:39:45 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/05/16 04:32:52 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/05/16 04:27:30 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/05/13 06:18:42 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/05/11 10:42:45 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\intelppm.sys
[2010/05/11 10:41:23 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/05/11 10:39:08 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/05/11 10:39:08 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/05/11 10:39:08 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/05/11 10:38:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/05/11 10:38:24 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/05/11 05:57:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/05/09 19:59:01 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\admin\Desktop\OTL.exe
[2010/05/08 11:08:46 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/05/08 10:52:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/05/06 14:15:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/05/06 14:15:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\SUPERAntiSpyware.com
[2010/05/06 14:15:38 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/05/06 14:14:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/05/06 01:16:34 | 011,862,896 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\admin\Desktop\mssefullinstall-x86fre-en-us-xp.exe
[2010/05/05 15:27:10 | 010,043,336 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\admin\Desktop\windows-kb890830-v3.6.exe
[2010/05/05 11:51:58 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/05/05 01:24:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\DivX
[2010/05/05 00:10:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/05/05 00:10:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/05/04 18:04:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2010/04/27 06:04:42 | 000,353,592 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\DivXControlPanelApplet.cpl
[2010/04/25 19:49:22 | 000,000,000 | ---D | C] -- C:\$AVG
[2010/04/19 02:25:44 | 000,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2010/04/19 02:25:29 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2010/04/19 02:24:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2010/04/19 02:24:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\admin\Desktop\*.tmp files -> C:\Documents and Settings\admin\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/17 17:25:14 | 060,075,572 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/05/17 17:24:37 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/05/17 17:22:04 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/05/17 17:22:01 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/17 17:21:54 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/17 17:21:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/17 09:58:19 | 004,980,736 | ---- | M] () -- C:\Documents and Settings\admin\ntuser.dat
[2010/05/17 09:58:19 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\admin\ntuser.ini
[2010/05/17 09:58:12 | 004,836,844 | -H-- | M] () -- C:\Documents and Settings\admin\Local Settings\Application Data\IconCache.db
[2010/05/17 06:52:24 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/05/16 09:26:53 | 002,228,224 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\Assets.accdb
[2010/05/13 23:00:30 | 000,041,121 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\Part II Textbook Exercise Solutions.docx
[2010/05/13 23:00:18 | 000,076,987 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\Practice Exam II.pdf
[2010/05/13 23:00:13 | 000,065,975 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\Exam 2 Prep Qs.pdf
[2010/05/13 14:45:16 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/05/13 06:23:22 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/11 16:43:17 | 000,006,144 | ---- | M] () -- C:\Documents and Settings\admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/11 10:57:50 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/05/11 10:41:31 | 000,000,374 | RHS- | M] () -- C:\boot.ini
[2010/05/11 10:32:43 | 003,686,568 | R--- | M] () -- C:\Documents and Settings\admin\Desktop\kclo89CF.exe
[2010/05/09 20:00:41 | 000,030,208 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\Hello and welcome to Bleeping Computer.doc
[2010/05/09 19:59:02 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\admin\Desktop\OTL.exe
[2010/05/09 09:11:34 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/05/08 11:10:11 | 000,000,608 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/08 11:10:11 | 000,000,304 | ---- | M] () -- C:\Boot.bak
[2010/05/08 10:53:28 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/08 09:11:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/05/07 05:02:06 | 000,372,343 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\Transcript Notation.pdf
[2010/05/06 14:15:46 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/05/06 11:32:22 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\admin\defogger_reenable
[2010/05/06 01:16:34 | 011,862,896 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\admin\Desktop\mssefullinstall-x86fre-en-us-xp.exe
[2010/05/06 01:12:43 | 000,000,891 | ---- | M] () -- C:\WINDOWS\System32\secushr.dat
[2010/05/05 15:27:10 | 010,043,336 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\admin\Desktop\windows-kb890830-v3.6.exe
[2010/05/05 05:58:37 | 000,045,056 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\WHY JOIN STATE FARM.doc
[2010/05/04 03:20:22 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\State Street Interview.doc
[2010/05/04 03:08:57 | 000,002,471 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\Microsoft Office Access 2007.lnk
[2010/05/03 14:33:37 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\admin\Desktop\~$ate Street Interview.doc
[2010/05/03 10:13:09 | 000,038,841 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\Jacket.JPG
[2010/04/30 09:20:19 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/04/30 02:56:36 | 000,034,816 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\case brief 4.doc
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/28 04:15:47 | 000,033,378 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\Pat.jpg
[2010/04/27 06:04:42 | 000,353,592 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\DivXControlPanelApplet.cpl
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/04/23 05:46:04 | 000,109,056 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\movie review 2.doc
[2010/04/21 06:08:37 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\Microsoft Office Word 2007.lnk
[2010/04/21 00:32:59 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/04/20 07:36:46 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\Thank You Western Asset.doc
[2010/04/20 07:14:39 | 000,010,856 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\Extra Notes.docx
[2010/04/20 02:07:35 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/20 01:27:07 | 000,051,492 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\beginners_report.pdf
[2010/04/19 02:28:00 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/04/19 02:28:00 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/04/19 02:24:50 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/04/19 02:24:09 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010/04/18 16:49:19 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\Microsoft Office Excel 2007.lnk
[2010/04/18 11:54:04 | 000,473,600 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\Recommendation.doc
[2010/04/18 11:44:16 | 000,606,392 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\IMG_0001.jpg
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\admin\Desktop\*.tmp files -> C:\Documents and Settings\admin\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/17 06:50:08 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/05/16 04:37:58 | 002,228,224 | ---- | C] () -- C:\Documents and Settings\admin\My Documents\Assets.accdb
[2010/05/13 23:00:30 | 000,041,121 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\Part II Textbook Exercise Solutions.docx
[2010/05/13 23:00:18 | 000,076,987 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\Practice Exam II.pdf
[2010/05/13 23:00:13 | 000,065,975 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\Exam 2 Prep Qs.pdf
[2010/05/13 14:45:16 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/05/11 10:41:30 | 000,000,304 | ---- | C] () -- C:\Boot.bak
[2010/05/11 10:41:25 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/05/11 10:39:08 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/05/11 10:39:08 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/05/11 10:39:08 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/05/11 10:39:08 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/05/11 10:39:08 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/05/11 10:32:19 | 003,686,568 | R--- | C] () -- C:\Documents and Settings\admin\Desktop\kclo89CF.exe
[2010/05/09 20:00:40 | 000,030,208 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\Hello and welcome to Bleeping Computer.doc
[2010/05/08 10:52:48 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/07 05:02:06 | 000,372,343 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\Transcript Notation.pdf
[2010/05/06 18:34:19 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/06 17:41:20 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/05/06 14:15:46 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/05/06 11:32:22 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\admin\defogger_reenable
[2010/05/05 03:56:24 | 000,045,056 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\WHY JOIN STATE FARM.doc
[2010/05/04 13:07:46 | 004,980,736 | ---- | C] () -- C:\Documents and Settings\admin\ntuser.dat
[2010/05/03 14:33:37 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\admin\Desktop\~$ate Street Interview.doc
[2010/05/03 10:13:09 | 000,038,841 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\Jacket.JPG
[2010/05/03 04:52:45 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\State Street Interview.doc
[2010/04/28 15:16:45 | 000,034,816 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\case brief 4.doc
[2010/04/28 04:15:46 | 000,033,378 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\Pat.jpg
[2010/04/23 04:36:27 | 000,109,056 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\movie review 2.doc
[2010/04/20 07:15:02 | 000,027,648 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\Thank You Western Asset.doc
[2010/04/20 07:14:38 | 000,010,856 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\Extra Notes.docx
[2010/04/20 01:27:07 | 000,051,492 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\beginners_report.pdf
[2010/04/19 02:24:09 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010/04/18 11:51:59 | 000,473,600 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\Recommendation.doc
[2010/04/18 11:44:16 | 000,606,392 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\IMG_0001.jpg
[2010/04/11 07:02:45 | 000,000,025 | ---- | C] () -- C:\WINDOWS\libem.INI
[2010/04/10 02:40:02 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2005/02/17 23:07:48 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATKACPI.sys
< End of report >


#13 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:06:02 PM

Posted 17 May 2010 - 06:04 PM

Hello, kclo89.

Nothing looks odd to me. Any symptoms besides the system running a bit slower? redirects when doing Google searches, etc?

Let's get an MBAM scan and update Adobe Reader while we're at it.



Step 1

Your Adobe Reader software is out of date and has known security holes. Please launch it, go to Help --> Check for Updates and let it update the main program if needed. Updates the languages and/or dictionaries is optional.



Step 2

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#14 kclo89

kclo89
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 19 May 2010 - 01:13 AM

etavares,

I updated Adobe Reader and ran Malwarebytes (found nothing), but whenever I run my antivirus (AVG Free), I constantly still find "Trojan horse Java/Downloader" infections, and my computer is still running somewhat slower than I expected for a clean computer.

What do you suggest?

#15 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:06:02 PM

Posted 19 May 2010 - 06:03 AM

Hello, kclo89.
Ok, let's take a look at your java cache so we can wipe it. If you can also find the AVG log and attach that here, it will help a ton.





Step 1
  1. Please open Notepad.
  2. Copy and paste the text in the box below into Notepad, excluding the word code.
    CODE
    dir "C:\Documents and Settings\admin\Application Data\Sun\Java\Deployment\cache\6.0\" > c:\log.txt
    start c:\log.txt

    This fix is custom made for this user's computer.
  3. Select File-->Save As
  4. Select File as Type: All Types (*.*)
  5. Save it to your desktop as fixme.bat
  6. Double-click fixme.bat on your desktop to run the fix.
  7. A window will briefly pop up then close.
  8. A log will open, please copy and paste it into your response.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users