Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search engine results hijack and possible zombie infection


  • This topic is locked This topic is locked
18 replies to this topic

#1 maryba

maryba

  • Members
  • 120 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 02 July 2010 - 03:31 PM

I have several problems with my Windows XP Pro installation. The first one seemed to have opened the door for additional to follow. Just a guess.

1. Google and Yahoo search results are hijacked. Usually links to commercial directories. Initially, I could rightclick and open in a new window and get correct link but after a time that wouldn't work in IE 6 although it still works in Safari.

2. Within 3-4 days of Number 1 (above), there started to be a svchost session that would run the CPU at 99. Its number of I/O Writes were large and continously increasing. If I killed that svchost (in Task manager) it would also affect other Windows functions, typically networking functions.

After a svchost kill, sometimes a second one will start up running the CPU at 99 - but with no incrementing I/O reads or writes.

3. In another 2-3 days, new browser windows would open with random sites. This would always happen while an initial, intended browser window was open and in use.

4. After 7-10 days, my Avira installation has just started frequently detecting problem files in Windows folders Temp and system32.

5. About the same time as Number 4, I'm getting an occasional apparent Windows dialog box saying that Winserv32 has either "failed" or that "there was a problem" and asking if I wanted to send a report to Microsoft. (Sorry for the ambiguity, haven't paid enough attention to get all the text exact.) I then kill the dialog without saying Send or Don't Send. No apparent subsequent effect on Windows or networking operations.

This computer is networked with another PC running Windows Home. Both Windows versions are SP3. Probably unrelated to the above problems (was happening before) is a difficuulty I have with the network. The Home PC can't access files on the Pro PC unless Pro's firewall is turned off. With or without its firewall, Pro can access a firewalled Home. The Pro/firewall condition occurs with either Windows' or ZoneAlarm's firewalls.

DDS and GMER (ark.txt) analysis logs are included and attached. They were both run immediately after a warm Windows restart.

A note about the GMER session and resulting log: while GMER was running, I mistakenly thought it was finished and clicked on Save. I then got a dialog box stating that GMER wasn't finished and asking for confirmation that I wanted to stop. Iclicked whatever button allowed it to continue, which it did. Since it was still slogging through what appeared to be a further 30 GB, I left the PC for GMER to finish. About an hour later, I discovered a blue screen saying there had been an interruption of some (unnamed) application and a shutdown and restart was necessary.

Rather than rerun GMER, I'm submitting the saved log from the then-still-running GMER session. FWIW, the last line item in the log is the last I was seeing on the running console display before I walked away. Be glad to rerun if necessary.

Thanks in advance for any help or guidance.

Mike


--------- end of Mike message ---------



DDS (Ver_10-03-17.01) - NTFSx86
Run by ADMIN at 11:43:49.90 on Fri 07/02/2010
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.110 [GMT -5:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\xampp\apache\bin\httpd.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\INTELLINET\Common\INTELLINET_UI.exe
C:\xampp\mysql\bin\mysqld.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\INTELLINET\Common\RalinkRegistryWriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\xampp\apache\bin\httpd.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\ADMIN\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = http=127.0.0.1:1081
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ZoneAlarm Toolbar Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: ZoneAlarm Toolbar: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\Wcescomm.exe"
uRun: [1&1 EasyLogin] c:\program files\1&1\1&1 easylogin\EasyLogin.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\intell~1.lnk - c:\program files\intellinet\common\INTELLINET_UI.exe
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: igfxcui - igfxdev.dll
Hosts: 192.168.2.101 dell

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-1-6 11608]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2010-6-25 486280]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-1-6 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-1-6 185089]
R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2010-4-22 29416]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-1-6 56816]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2009-10-14 25208]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2009-10-14 476528]
R2 RalinkRegistryWriter;Ralink Registry Writer;c:\program files\intellinet\common\RalinkRegistryWriter.exe [2010-2-25 69632]
R3 A193_ADS;VideoXpress V2 Analog Capture;c:\windows\system32\drivers\A193_ADS.sys [2010-5-23 277888]
R3 rt2870;INTELLINET 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2010-2-25 619136]
S0 cerc6;cerc6; [x]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]
S3 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]

=============== Created Last 30 ================

2010-06-25 20:04:33 0 d-----w- c:\docume~1\admin\applic~1\CheckPoint
2010-06-25 20:04:18 0 d-----w- c:\program files\CheckPoint
2010-06-25 20:04:17 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-06-25 20:04:07 1238408 ----a-w- c:\windows\system32\zpeng25.dll
2010-06-25 20:04:07 0 d-----w- c:\windows\system32\ZoneLabs
2010-06-25 20:04:06 422437 ----a-w- c:\windows\system32\vsconfig.xml
2010-06-25 20:04:05 0 d-----w- c:\program files\Zone Labs
2010-06-25 20:02:53 0 d-----w- c:\windows\Internet Logs
2010-06-25 05:56:38 0 d-----w- c:\program files\NCH Swift Sound
2010-06-21 23:29:35 0 d--h--w- c:\windows\system32\GroupPolicy
2010-06-21 23:27:37 0 d-----w- C:\IPSEC
2010-06-21 23:27:17 110592 ----a-w- C:\ipsechome.ipsec
2010-06-21 23:20:23 22397 ----a-w- C:\FIREWALL - IO - FREEqmqm - FROM auditmypc.comipsec-policy.asp - ipsechome.zip
2010-06-20 06:19:28 0 d-----w- c:\program files\CamStudio
2010-06-19 07:40:04 0 d-----w- c:\docume~1\admin\applic~1\NCH Software
2010-06-19 07:00:50 91136 -c--a-w- c:\windows\system32\dllcache\kswdmcap.ax
2010-06-19 06:53:58 0 d-----w- c:\program files\ADS Tech

==================== Find3M ====================

2010-05-04 17:02:01 2014 ----a-w- c:\windows\fonts\chinese characters - how-to.txt
2010-03-18 19:15:28 5288059 ----a-w- c:\program files\appgini 4.50-4.51 75eb1a5cf1a1.zip

============= FINISH: 11:44:27.31 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:02:37 AM

Posted 06 July 2010 - 02:56 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE



Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#3 maryba

maryba
  • Topic Starter

  • Members
  • 120 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 06 July 2010 - 09:59 PM

Following is a pasted copy of my original problem description. The last log pastes and attachment of DDS and GMER are from more recent (7-6-10) runs of those programs. All conditions described in following problem description still exist but with two further developments:
1. I had and intervening occurance of the scareware SysInternals virus. Resolved with a run of Malwarebytes.
2. After resolution of #1 above, the svchost problem described below seemed to not be happening any longer. Not sure my observation is conclusive though.


------ Copy of original problem description ------


I have several problems with my Windows XP Pro installation. The first one seemed to have opened the door for additional to follow. Just a guess.

1. Google and Yahoo search results are hijacked. Usually links to commercial directories. Initially, I could rightclick and open in a new window and get correct link but after a time that wouldn't work in IE 6 although it still works in Safari.

2. Within 3-4 days of Number 1 (above), there started to be a svchost session that would run the CPU at 99. Its number of I/O Writes were large and continously increasing. If I killed that svchost (in Task manager) it would also affect other Windows functions, typically networking functions.

After a svchost kill, sometimes a second one will start up running the CPU at 99 - but with no incrementing I/O reads or writes.

3. In another 2-3 days, new browser windows would open with random sites. This would always happen while an initial, intended browser window was open and in use.

4. After 7-10 days, my Avira installation has just started frequently detecting problem files in Windows folders Temp and system32.

5. About the same time as Number 4, I'm getting an occasional apparent Windows dialog box saying that Winserv32 has either "failed" or that "there was a problem" and asking if I wanted to send a report to Microsoft. (Sorry for the ambiguity, haven't paid enough attention to get all the text exact.) I then kill the dialog without saying Send or Don't Send. No apparent subsequent effect on Windows or networking operations.

This computer is networked with another PC running Windows Home. Both Windows versions are SP3. Probably unrelated to the above problems (was happening before) is a difficuulty I have with the network. The Home PC can't access files on the Pro PC unless Pro's firewall is turned off. With or without its firewall, Pro can access a firewalled Home. The Pro/firewall condition occurs with either Windows' or ZoneAlarm's firewalls.

DDS and GMER (ark.txt) analysis logs are included and attached. They were both run immediately after a warm Windows restart.

A note about the GMER session and resulting log: while GMER was running, I mistakenly thought it was finished and clicked on Save. I then got a dialog box stating that GMER wasn't finished and asking for confirmation that I wanted to stop. Iclicked whatever button allowed it to continue, which it did. Since it was still slogging through what appeared to be a further 30 GB, I left the PC for GMER to finish. About an hour later, I discovered a blue screen saying there had been an interruption of some (unnamed) application and a shutdown and restart was necessary.

Rather than rerun GMER, I'm submitting the saved log from the then-still-running GMER session. FWIW, the last line item in the log is the last I was seeing on the running console display before I walked away. Be glad to rerun if necessary.

Thanks in advance for any help or guidance.

Mike


--------- end of Mike message ---------
------ End of copy of original problem description ------


Continuing with this 7-6-10 posting:

The exact same crash while running GMER occurred this re-run also with my same recovery.

Following are the DDS log and the GMER log with the DDS' ATTACH log attached as a zipped file, per DDS' runtime instructions.

Mike
--------- end of 7-6-10 Mike message ---------




DDS (Ver_10-03-17.01) - NTFSx86
Run by ADMIN at 19:47:10.67 on Tue 07/06/2010
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.178 [GMT -5:00]

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\xampp\apache\bin\httpd.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\xampp\mysql\bin\mysqld.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\INTELLINET\Common\RalinkRegistryWriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\xampp\apache\bin\httpd.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\INTELLINET\Common\INTELLINET_UI.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\ADMIN\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = http=127.0.0.1:1081
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ZoneAlarm Toolbar Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: ZoneAlarm Toolbar: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\Wcescomm.exe"
uRun: [1&1 EasyLogin] c:\program files\1&1\1&1 easylogin\EasyLogin.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\intell~1.lnk - c:\program files\intellinet\common\INTELLINET_UI.exe
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: igfxcui - igfxdev.dll
Hosts: 192.168.2.101 dell

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-1-6 11608]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2010-6-25 486280]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-1-6 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-1-6 185089]
R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2010-4-22 29416]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-1-6 56816]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2009-10-14 25208]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2009-10-14 476528]
R2 RalinkRegistryWriter;Ralink Registry Writer;c:\program files\intellinet\common\RalinkRegistryWriter.exe [2010-2-25 69632]
R3 A193_ADS;VideoXpress V2 Analog Capture;c:\windows\system32\drivers\A193_ADS.sys [2010-5-23 277888]
R3 rt2870;INTELLINET 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2010-2-25 619136]
S0 cerc6;cerc6; [x]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]
S2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]

=============== Created Last 30 ================

2010-07-06 00:56:08 0 d-----w- c:\program files\NCH Software
2010-07-05 17:55:31 0 ----a-w- c:\program files\extra3.dat
2010-06-25 20:04:33 0 d-----w- c:\docume~1\admin\applic~1\CheckPoint
2010-06-25 20:04:18 0 d-----w- c:\program files\CheckPoint
2010-06-25 20:04:17 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-06-25 20:04:07 1238408 ----a-w- c:\windows\system32\zpeng25.dll
2010-06-25 20:04:07 0 d-----w- c:\windows\system32\ZoneLabs
2010-06-25 20:04:06 422437 ----a-w- c:\windows\system32\vsconfig.xml
2010-06-25 20:04:05 0 d-----w- c:\program files\Zone Labs
2010-06-25 20:02:53 0 d-----w- c:\windows\Internet Logs
2010-06-25 05:56:38 0 d-----w- c:\program files\NCH Swift Sound
2010-06-21 23:29:35 0 d--h--w- c:\windows\system32\GroupPolicy
2010-06-21 23:27:37 0 d-----w- C:\IPSEC
2010-06-21 23:27:17 110592 ----a-w- C:\ipsechome.ipsec
2010-06-21 23:20:23 22397 ----a-w- C:\FIREWALL - IO - FREEqmqm - FROM auditmypc.comipsec-policy.asp - ipsechome.zip
2010-06-20 06:19:28 0 d-----w- c:\program files\CamStudio
2010-06-19 07:40:04 0 d-----w- c:\docume~1\admin\applic~1\NCH Software
2010-06-19 07:00:50 91136 -c--a-w- c:\windows\system32\dllcache\kswdmcap.ax
2010-06-19 06:53:58 0 d-----w- c:\program files\ADS Tech

==================== Find3M ====================

2010-05-04 17:02:01 2014 ----a-w- c:\windows\fonts\chinese characters - how-to.txt
2010-03-18 19:15:28 5288059 ----a-w- c:\program files\appgini 4.50-4.51 75eb1a5cf1a1.zip

============= FINISH: 19:47:41.75 ===============











GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-06 21:29:31
Windows 5.1.2600 Service Pack 3
Running: q5p6sxij.exe; Driver: C:\DOCUME~1\ADMIN\LOCALS~1\Temp\kwkiapow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwConnectPort [0xAADC2630]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateFile [0xAADBBD80]
SSDT F8A5BB2E ZwCreateKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreatePort [0xAADC2E40]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcess [0xAADD9D30]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0xAADDA150]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateSection [0xAADE4240]
SSDT F8A5BB24 ZwCreateThread
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xAADC2FB0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xAADBCC60]
SSDT F8A5BB33 ZwDeleteKey
SSDT F8A5BB3D ZwDeleteValueKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0xAADD8E70]
SSDT F8A5BB42 ZwLoadKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xAADE22B0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenFile [0xAADBC750]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenProcess [0xAADDC450]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenThread [0xAADDC020]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRenameKey [0xAADE3430]
SSDT F8A5BB4C ZwReplaceKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xAADC2180]
SSDT F8A5BB47 ZwRestoreKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0xAADC2910]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xAADBD080]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetSecurityObject [0xAADE38E0]
SSDT F8A5BB38 ZwSetValueKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0xAADDAD20]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwTerminateProcess [0xAADDAA50]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 241C 80501C44 12 Bytes [40, 2E, DC, AA, 30, 9D, DD, ...]
init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xF7F53F80]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[1224] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 007B000A
.text C:\WINDOWS\System32\svchost.exe[1224] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 007C000A
.text C:\WINDOWS\System32\svchost.exe[1224] ntdll.dll!KiUserExceptionDispatcher 7C90E45C 5 Bytes JMP 007A000C
.text C:\WINDOWS\System32\svchost.exe[1224] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 0080000A
.text C:\WINDOWS\Explorer.EXE[1560] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 00A2000A
.text C:\WINDOWS\Explorer.EXE[1560] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 00A8000A
.text C:\WINDOWS\Explorer.EXE[1560] ntdll.dll!KiUserExceptionDispatcher 7C90E45C 5 Bytes JMP 00A1000C
.text C:\WINDOWS\system32\wuauclt.exe[3100] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 0103000A
.text C:\WINDOWS\system32\wuauclt.exe[3100] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 0104000A
.text C:\WINDOWS\system32\wuauclt.exe[3100] ntdll.dll!KiUserExceptionDispatcher 7C90E45C 5 Bytes JMP 0102000C

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [AADC8080] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [AADC7E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [AADC87C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [AADC63D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [AADC63D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [AADC8080] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [AADC7E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [AADC87C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [AADC8080] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [AADC63D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [AADC87C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [AADC7E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [AADC87C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [AADC7E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [AADC8080] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [AADC63D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [AADC8080] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [AADC7E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [AADC87C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

---- Devices - GMER 1.0.15 ----

Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----






Attached Files



#4 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:02:37 AM

Posted 10 July 2010 - 06:12 AM

Hello, maryba
Welcome to the Bleeping Computer Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.

If you do not make a reply in 4-5 days, we will have to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
  • Please set your system to show all files.
    Click Start, open My Computer, select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
    Uncheck: Hide file extensions for known file types
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.





  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.






Please go here and have a look how you can disable your security software.

Download Combofix from any of the links below but rename it to before saving it to your desktop.

Link 1
Link 2



--------------------------------------------------------------------

Double click on the renamed Combofix.exe & follow the prompts.
    When finished, it will produce a report for you.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#5 maryba

maryba
  • Topic Starter

  • Members
  • 120 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 10 July 2010 - 06:14 PM

Hi Tom,

Included below are run logs:
- TDSSKiller.txt
- ComboFix.txt

Search engine results hijack seems to have been cleared up - but browser (Safari for Windows) is very slow. Could just be time of day or current traffic. Will observe and note over next few houras.

And the svchost that runs full tilt seems to be gone - at the moment. But its running had always been random although very frequent. Will watch for that also.

Now anxious to see if the AntiVir detections will drop from the 5 or so per day.

Combofix run note: immediately after its start, a dialog box popped saying "Microsoft Outlook" in the title bar and the message box saying "Do you want to cancel the send/receive operation?" with Yes, No, and Cancel buttons. The box was accompanied with an audible "ding". Since I took no action, the box stayed during the entire ComboFix operation. Coincidentally (or not), I had been noticing an OUTLOOK running in taskManager ever since this series of problems started.

Looking forward to your logs analysis. And thanks in advance.

Mike



Logs:
============


16:42:54:843 1196 TDSS rootkit removing tool 2.3.2.2 Jun 30 2010 17:23:49
16:42:54:843 1196 ================================================================================
16:42:54:843 1196 SystemInfo:

16:42:54:843 1196 OS Version: 5.1.2600 ServicePack: 3.0
16:42:54:843 1196 Product type: Workstation
16:42:54:843 1196 ComputerName: DELL-010610-DHX
16:42:54:843 1196 UserName: ADMIN
16:42:54:843 1196 Windows directory: C:\WINDOWS
16:42:54:843 1196 System windows directory: C:\WINDOWS
16:42:54:843 1196 Processor architecture: Intel x86
16:42:54:843 1196 Number of processors: 1
16:42:54:843 1196 Page size: 0x1000
16:42:54:843 1196 Boot type: Normal boot
16:42:54:843 1196 ================================================================================
16:42:55:484 1196 Initialize success
16:42:55:484 1196
16:42:55:484 1196 Scanning Services ...
16:42:56:015 1196 Raw services enum returned 329 services
16:42:56:015 1196
16:42:56:015 1196 Scanning Drivers ...
16:42:57:859 1196 A193_ADS (03231c268ec438378e7d425dd41d1089) C:\WINDOWS\system32\DRIVERS\A193_ADS.sys
16:42:57:953 1196 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:42:57:984 1196 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
16:42:58:031 1196 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
16:42:58:062 1196 AegisP (023867b6606fbabcdd52e089c4a507da) C:\WINDOWS\system32\DRIVERS\AegisP.sys
16:42:58:093 1196 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\WINDOWS\system32\drivers\Afc.sys
16:42:58:140 1196 AFD (322d0e36693d6e24a2398bee62a268cd) C:\WINDOWS\System32\drivers\afd.sys
16:42:58:218 1196 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:42:58:250 1196 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
16:42:58:296 1196 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:42:58:312 1196 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
16:42:58:390 1196 avgio (6a646c46b9415e13095aa9b352040a7a) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
16:42:58:437 1196 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
16:42:58:468 1196 avipbb (452e382340bb0c5e694ed9d3625356d0) C:\WINDOWS\system32\DRIVERS\avipbb.sys
16:42:58:515 1196 b57w2k (3a3a82ffd268bcfb7ae6a48cecf00ad9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
16:42:58:531 1196 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
16:42:58:562 1196 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
16:42:58:625 1196 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
16:42:58:718 1196 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
16:42:58:718 1196 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
16:42:58:765 1196 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:42:58:796 1196 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
16:42:58:812 1196 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
16:42:58:843 1196 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
16:42:58:921 1196 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
16:42:58:984 1196 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
16:42:59:015 1196 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
16:42:59:046 1196 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
16:42:59:078 1196 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
16:42:59:109 1196 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
16:42:59:140 1196 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
16:42:59:171 1196 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
16:42:59:187 1196 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
16:42:59:203 1196 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
16:42:59:203 1196 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:42:59:250 1196 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:42:59:328 1196 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:42:59:343 1196 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
16:42:59:375 1196 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:42:59:437 1196 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
16:42:59:468 1196 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
16:42:59:593 1196 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
16:42:59:640 1196 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
16:42:59:671 1196 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:42:59:750 1196 ialm (0f0194c4b635c10c3f785e4fee52d641) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
16:42:59:796 1196 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
16:42:59:875 1196 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:42:59:921 1196 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
16:42:59:921 1196 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:42:59:937 1196 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:42:59:968 1196 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:42:59:984 1196 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:43:00:031 1196 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
16:43:00:062 1196 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:43:00:125 1196 ISWKL (6c614b6fd20194835c77346f6c34156e) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
16:43:00:140 1196 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:43:00:187 1196 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:43:00:343 1196 klmd23 (316353165feba3d0538eaa9c2f60c5b7) C:\WINDOWS\system32\drivers\klmd.sys
16:43:00:562 1196 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
16:43:00:687 1196 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
16:43:00:718 1196 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
16:43:00:750 1196 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
16:43:00:781 1196 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:43:00:812 1196 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:43:00:828 1196 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
16:43:00:906 1196 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
16:43:01:000 1196 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:43:01:062 1196 MRxSmb (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:43:01:109 1196 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
16:43:01:140 1196 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:43:01:171 1196 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:43:01:187 1196 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
16:43:01:203 1196 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:43:01:250 1196 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
16:43:01:250 1196 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
16:43:01:312 1196 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
16:43:01:328 1196 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
16:43:01:375 1196 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
16:43:01:390 1196 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:43:01:453 1196 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:43:01:453 1196 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:43:01:468 1196 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
16:43:01:484 1196 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
16:43:01:500 1196 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
16:43:01:531 1196 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
16:43:01:546 1196 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
16:43:01:562 1196 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
16:43:01:593 1196 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:43:01:625 1196 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:43:01:671 1196 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
16:43:01:687 1196 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
16:43:01:718 1196 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
16:43:01:718 1196 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
16:43:01:750 1196 PCIIde (aa886260b18ed37b7afb9b604df9175e) C:\WINDOWS\system32\DRIVERS\pciide.sys
16:43:01:750 1196 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\pciide.sys. Real md5: aa886260b18ed37b7afb9b604df9175e, Fake md5: ccf5f451bb1a5a2a522a76e670000ff0
16:43:01:750 1196 File "C:\WINDOWS\system32\DRIVERS\pciide.sys" infected by TDSS rootkit ... 16:43:02:343 1196 Backup copy found, using it..
16:43:02:375 1196 will be cured on next reboot
16:43:02:515 1196 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
16:43:02:625 1196 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:43:02:656 1196 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
16:43:02:671 1196 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:43:02:734 1196 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:43:02:750 1196 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:43:02:765 1196 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:43:02:765 1196 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
16:43:02:781 1196 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:43:02:796 1196 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:43:02:812 1196 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:43:02:859 1196 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
16:43:02:890 1196 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
16:43:02:968 1196 rt2870 (5532f69d0a845ffe9d70b9e0392fe50a) C:\WINDOWS\system32\DRIVERS\rt2870.sys
16:43:03:015 1196 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:43:03:078 1196 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
16:43:03:140 1196 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
16:43:03:171 1196 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
16:43:03:187 1196 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
16:43:03:234 1196 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
16:43:03:250 1196 smwdm (0066ff77aeb4ae70066f7e94d5a6d866) C:\WINDOWS\system32\drivers\smwdm.sys
16:43:03:296 1196 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
16:43:03:343 1196 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
16:43:03:453 1196 Srv (5252605079810904e31c332e241cd59b) C:\WINDOWS\system32\DRIVERS\srv.sys
16:43:03:500 1196 ssmdrv (654dfea96bc82b4acda4f37e5e4a3bbf) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
16:43:03:515 1196 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
16:43:03:546 1196 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
16:43:03:562 1196 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
16:43:03:578 1196 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
16:43:03:656 1196 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
16:43:03:687 1196 Tcpip (93ea8d04ec73a85db02eb8805988f733) C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:43:03:734 1196 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
16:43:03:750 1196 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
16:43:03:781 1196 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
16:43:03:812 1196 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
16:43:03:843 1196 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
16:43:03:890 1196 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:43:03:921 1196 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:43:03:937 1196 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:43:03:968 1196 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:43:04:000 1196 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:43:04:015 1196 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:43:04:031 1196 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:43:04:046 1196 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
16:43:04:093 1196 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
16:43:04:156 1196 vsdatant (765d208d688075d2b01d5a2e9eaa6ddc) C:\WINDOWS\system32\vsdatant.sys
16:43:04:250 1196 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:43:04:312 1196 wceusbsh (46a247f6617526afe38b6f12f5512120) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
16:43:04:343 1196 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
16:43:04:406 1196 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
16:43:04:453 1196 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
16:43:04:453 1196 Reboot required for cure complete..
16:43:05:171 1196 Cure on reboot scheduled successfully
16:43:05:171 1196
16:43:05:171 1196 Completed
16:43:05:171 1196
16:43:05:171 1196 Results:
16:43:05:171 1196 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
16:43:05:171 1196 File objects infected / cured / cured on reboot: 1 / 0 / 1
16:43:05:171 1196
16:43:05:187 1196 KLMD(ARK) unloaded successfully

















ComboFix 10-07-10.01 - ADMIN 07/10/2010 17:05:32.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.231 [GMT -5:00]
Running from: c:\documents and settings\ADMIN\Desktop\schrauber.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\NetworkService\Local Settings\Application Data\Windows Server
c:\program files\extra3.dat
C:\Thumbs.db

.
((((((((((((((((((((((((( Files Created from 2010-06-10 to 2010-07-10 )))))))))))))))))))))))))))))))
.

2010-07-06 00:56 . 2010-07-06 14:54 -------- d-----w- c:\program files\NCH Software
2010-06-25 20:02 . 2010-07-10 22:09 -------- d-----w- c:\windows\Internet Logs
2010-06-25 05:59 . 2010-06-25 05:59 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2010-06-25 05:56 . 2010-06-25 05:56 -------- d-----w- c:\program files\NCH Swift Sound
2010-06-21 23:29 . 2010-06-21 23:29 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-06-21 23:27 . 2010-06-21 23:28 -------- d-----w- C:\IPSEC
2010-06-21 23:20 . 2010-04-13 17:53 22397 ----a-w- C:\FIREWALL - IO - FREEqmqm - FROM auditmypc.comipsec-policy.asp - ipsechome.zip
2010-06-20 06:19 . 2010-06-20 06:32 -------- d-----w- c:\program files\CamStudio
2010-06-19 07:48 . 2010-06-20 06:52 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Software
2010-06-19 07:40 . 2010-06-20 06:53 -------- d-----w- c:\documents and settings\ADMIN\Application Data\NCH Software
2010-06-19 07:00 . 2008-04-14 10:42 363520 -c--a-w- c:\windows\system32\dllcache\psisdecd.dll
2010-06-19 07:00 . 2008-04-14 10:42 363520 ----a-w- c:\windows\system32\PsisDecd.dll
2010-06-19 07:00 . 2008-04-14 10:42 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2010-06-19 07:00 . 2008-04-14 10:42 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2010-06-19 07:00 . 2008-04-14 05:16 11776 -c--a-w- c:\windows\system32\dllcache\bdasup.sys
2010-06-19 07:00 . 2008-04-14 05:16 11776 ----a-w- c:\windows\system32\drivers\BdaSup.sys
2010-06-19 06:53 . 2010-06-19 06:53 -------- d-----w- c:\program files\ADS Tech
2010-06-14 06:37 . 2010-06-14 06:38 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-06-14 04:52 . 2010-06-14 04:52 -------- d-s---w- c:\documents and settings\LocalService\UserData
2010-06-14 04:23 . 2010-06-14 04:27 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-06-12 03:50 . 2010-07-01 00:45 -------- d-----w- c:\documents and settings\ADMIN\Local Settings\Application Data\xoccvhti
2010-06-11 19:47 . 2010-06-11 19:47 -------- d-s---w- c:\documents and settings\NetworkService\UserData
2010-06-10 23:24 . 2010-06-10 23:24 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-10 21:44 . 2008-04-14 12:00 3328 ----a-w- c:\windows\system32\drivers\pciide.sys
2010-07-10 21:21 . 2010-06-25 21:59 1783195 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2010-07-09 18:54 . 2010-01-06 19:34 -------- d-----w- c:\program files\Google
2010-07-06 07:34 . 2010-07-06 13:26 802816 ----a-w- c:\windows\Internet Logs\xDB53.tmp
2010-06-26 21:58 . 2010-01-29 00:38 1 ----a-w- c:\documents and settings\ADMIN\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-06-25 20:04 . 2010-06-25 20:04 -------- d-----w- c:\documents and settings\ADMIN\Application Data\CheckPoint
2010-06-25 20:04 . 2010-06-25 20:04 -------- d-----w- c:\program files\CheckPoint
2010-06-25 20:04 . 2010-06-25 20:04 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-06-25 20:04 . 2010-06-25 20:04 -------- d-----w- c:\program files\Zone Labs
2010-06-23 15:44 . 2010-06-23 15:44 501936 ----a-w- c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtb78.tmp.exe
2010-06-19 06:53 . 2010-01-18 21:47 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-11 20:35 . 2009-09-01 17:02 -------- d-----w- c:\documents and settings\ADMIN\Application Data\Bowaw
2010-06-10 16:24 . 2009-07-30 23:45 -------- d-----w- c:\documents and settings\ADMIN\Application Data\Utela
2010-05-30 04:07 . 2010-01-14 19:17 -------- d-----w- c:\program files\Paint Shop Pro 5
2010-05-20 01:46 . 2010-05-20 01:34 -------- d-----w- c:\program files\VDownloader
2010-05-16 22:16 . 2010-01-23 17:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-16 05:23 . 2010-05-16 05:19 -------- d-----w- c:\documents and settings\ADMIN\Application Data\ArcSoft
2010-05-16 05:19 . 2010-05-16 05:19 -------- d-----w- c:\program files\Common Files\ArcSoft
2010-05-15 21:09 . 2010-05-15 21:06 -------- d-----w- c:\program files\AppGini 4.53
2010-04-29 20:39 . 2010-01-23 17:23 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 20:39 . 2010-01-23 17:23 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-18 19:15 . 2010-03-18 19:15 5288059 ----a-w- c:\program files\appgini 4.50-4.51 75eb1a5cf1a1.zip
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"1&1 EasyLogin"="c:\program files\1&1\1&1 EasyLogin\EasyLogin.exe" [2009-08-18 2200576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-11-22 1037192]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
INTELLINET Wireless Utility.lnk - c:\program files\INTELLINET\Common\INTELLINET_UI.exe [2010-2-25 1638400]

[HKLM\~\startupfolder\C:^Documents and Settings^ADMIN^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\documents and settings\ADMIN\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MediaTV Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\MediaTV Monitor.lnk
backup=c:\windows\pss\MediaTV Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2008-09-26 17:02 2356088 ----a-r- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-11-21 02:11 3289088 ----a-w- c:\program files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2006-03-23 21:17 94208 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISW]
2009-10-14 13:30 730480 ----a-w- c:\program files\CheckPoint\ZAForceField\ForceField.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 10:42 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 02:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2004-10-14 21:42 1404928 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-01-06 19:34 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3 (0x3)
"gupdate"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Documents and Settings\\ADMIN\\Desktop\\programs - no install needed\\ws_ftp95.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"\\\\Dell-010610-dhx\\admin\\Desktop\\programs - no install needed\\ws_ftp95.exe"=
"c:\\xampp\\apache\\bin\\ApacheMonitor.exe"=
"c:\\xampp\\xampp-control.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [1/6/2010 9:06 PM 108289]
R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [4/22/2010 12:40 AM 29416]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [10/14/2009 8:30 AM 25208]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [10/14/2009 8:30 AM 476528]
S0 cerc6;cerc6; [x]
S3 A193_ADS;VideoXpress V2 Analog Capture;c:\windows\system32\drivers\A193_ADS.sys [5/23/2010 1:49 AM 277888]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/6/2010 2:34 PM 135664]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - KLMDB
*Deregistered* - klmdb

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-06-26 c:\windows\Tasks\Debut bt.job
- c:\docume~1\ALLUSE~1\DOCUME~1\NCHSOF~1\Debut\debut.exe [2010-06-19 07:41]

2010-06-29 c:\windows\Tasks\Debut mid.job
- c:\docume~1\ALLUSE~1\DOCUME~1\NCHSOF~1\Debut\debut.exe [2010-06-19 07:41]

2010-06-26 c:\windows\Tasks\Debut tst.job
- c:\docume~1\ALLUSE~1\DOCUME~1\NCHSOF~1\Debut\debut.exe [2010-06-19 07:41]

2010-06-26 c:\windows\Tasks\Debut Video Capture Software.job
- c:\docume~1\ALLUSE~1\DOCUME~1\NCHSOF~1\Debut\debut.exe [2010-06-19 07:41]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyServer = http=127.0.0.1:1081
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
SafeBoot-klmdb.sys
MSConfigStartUp-kpdhfthdqo - c:\documents and settings\admin\local settings\application data\xoccvhti\wjbdqd.exe
MSConfigStartUp-{A2CE3864-C164-C637-4358-3008FE8B7D38} - c:\documents and settings\ADMIN\Application Data\Bowaw\egava.exe
AddRemove-Debut - c:\program files\NCH Software\Debut\uninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-10 17:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-07-10 17:29:23
ComboFix-quarantined-files.txt 2010-07-10 22:29

Pre-Run: 9,958,178,816 bytes free
Post-Run: 11,593,371,648 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 01B3D41572E8FD02231BC5C3DD688C5D






======== end of logs ==========


Thanks again, Tom.

Mike


#6 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:02:37 AM

Posted 12 July 2010 - 10:48 PM

Hi,


1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

QUOTE
DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:1081
Folder::
c:\documents and settings\admin\local settings\application data\xoccvhti
c:\documents and settings\ADMIN\Application Data\Bowaw


Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.






Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.






I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check
  • Click the button.
  • Accept any security warnings from your browser.
  • Check
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push
  • Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the button.
  • Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt





  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemdrive%\*.sys /90 /md5
  5. Push the Quick Scan button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#7 maryba

maryba
  • Topic Starter

  • Members
  • 120 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 15 July 2010 - 02:39 AM

Logs per your last directions:



ComboFix 10-07-13.08 - ADMIN 07/14/2010 11:21:07.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.159 [GMT -5:00]
Running from: c:\documents and settings\ADMIN\Desktop\1bleeping computer posting 070210\repost 071410\schrauber.exe
Command switches used :: c:\documents and settings\ADMIN\Desktop\1bleeping computer posting 070210\repost 071410\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\ADMIN\Application Data\Bowaw
c:\documents and settings\admin\local settings\application data\xoccvhti

.
((((((((((((((((((((((((( Files Created from 2010-06-14 to 2010-07-14 )))))))))))))))))))))))))))))))
.

2010-07-14 05:50 . 2010-07-14 05:50 -------- d-----w- c:\windows\system32\LogFiles
2010-07-06 00:56 . 2010-07-06 14:54 -------- d-----w- c:\program files\NCH Software
2010-06-25 20:02 . 2010-07-14 16:28 -------- d-----w- c:\windows\Internet Logs
2010-06-25 05:59 . 2010-06-25 05:59 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2010-06-25 05:56 . 2010-06-25 05:56 -------- d-----w- c:\program files\NCH Swift Sound
2010-06-21 23:29 . 2010-06-21 23:29 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-06-21 23:27 . 2010-06-21 23:28 -------- d-----w- C:\IPSEC
2010-06-21 23:20 . 2010-04-13 17:53 22397 ----a-w- C:\FIREWALL - IO - FREEqmqm - FROM auditmypc.comipsec-policy.asp - ipsechome.zip
2010-06-20 06:19 . 2010-06-20 06:32 -------- d-----w- c:\program files\CamStudio
2010-06-19 07:48 . 2010-06-20 06:52 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Software
2010-06-19 07:40 . 2010-06-20 06:53 -------- d-----w- c:\documents and settings\ADMIN\Application Data\NCH Software
2010-06-19 07:00 . 2008-04-14 10:42 363520 -c--a-w- c:\windows\system32\dllcache\psisdecd.dll
2010-06-19 07:00 . 2008-04-14 10:42 363520 ----a-w- c:\windows\system32\PsisDecd.dll
2010-06-19 07:00 . 2008-04-14 10:42 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2010-06-19 07:00 . 2008-04-14 10:42 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2010-06-19 07:00 . 2008-04-14 05:16 11776 -c--a-w- c:\windows\system32\dllcache\bdasup.sys
2010-06-19 07:00 . 2008-04-14 05:16 11776 ----a-w- c:\windows\system32\drivers\BdaSup.sys
2010-06-19 06:53 . 2010-06-19 06:53 -------- d-----w- c:\program files\ADS Tech

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-14 14:00 . 2010-06-25 21:59 4221306 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2010-07-10 21:44 . 2008-04-14 12:00 3328 ----a-w- c:\windows\system32\drivers\pciide.sys
2010-07-09 18:54 . 2010-01-06 19:34 -------- d-----w- c:\program files\Google
2010-07-06 07:34 . 2010-07-06 13:26 802816 ----a-w- c:\windows\Internet Logs\xDB53.tmp
2010-06-25 20:04 . 2010-06-25 20:04 -------- d-----w- c:\documents and settings\ADMIN\Application Data\CheckPoint
2010-06-25 20:04 . 2010-06-25 20:04 -------- d-----w- c:\program files\CheckPoint
2010-06-25 20:04 . 2010-06-25 20:04 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-06-25 20:04 . 2010-06-25 20:04 -------- d-----w- c:\program files\Zone Labs
2010-06-19 06:53 . 2010-01-18 21:47 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-10 16:24 . 2009-07-30 23:45 -------- d-----w- c:\documents and settings\ADMIN\Application Data\Utela
2010-05-30 04:07 . 2010-01-14 19:17 -------- d-----w- c:\program files\Paint Shop Pro 5
2010-05-20 01:46 . 2010-05-20 01:34 -------- d-----w- c:\program files\VDownloader
2010-05-16 22:16 . 2010-01-23 17:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-16 05:23 . 2010-05-16 05:19 -------- d-----w- c:\documents and settings\ADMIN\Application Data\ArcSoft
2010-05-16 05:19 . 2010-05-16 05:19 -------- d-----w- c:\program files\Common Files\ArcSoft
2010-05-15 21:09 . 2010-05-15 21:06 -------- d-----w- c:\program files\AppGini 4.53
2010-04-29 20:39 . 2010-01-23 17:23 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 20:39 . 2010-01-23 17:23 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-18 19:15 . 2010-03-18 19:15 5288059 ----a-w- c:\program files\appgini 4.50-4.51 75eb1a5cf1a1.zip
.

((((((((((((((((((((((((((((( SnapShot@2010-07-10_22.23.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-14 14:01 . 2010-07-14 14:01 16384 c:\windows\Temp\Perflib_Perfdata_2dc.dat
+ 2009-08-07 00:24 . 2009-08-07 00:24 44768 c:\windows\system32\wups2.dll
+ 2009-04-29 18:44 . 2009-08-07 00:24 35552 c:\windows\system32\wups.dll
+ 2009-04-29 18:44 . 2009-08-07 00:24 53472 c:\windows\system32\wuauclt.exe
+ 2010-07-11 02:23 . 2009-08-07 00:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
+ 2009-04-29 18:44 . 2009-08-07 00:24 35552 c:\windows\system32\dllcache\wups.dll
+ 2009-04-29 18:44 . 2009-08-07 00:24 53472 c:\windows\system32\dllcache\wuauclt.exe
+ 2008-04-14 12:00 . 2009-08-07 00:24 96480 c:\windows\system32\dllcache\cdm.dll
+ 2008-04-14 12:00 . 2009-08-07 00:24 96480 c:\windows\system32\cdm.dll
+ 2009-04-29 18:44 . 2009-08-07 00:24 209632 c:\windows\system32\wuweb.dll
+ 2009-04-29 18:44 . 2009-08-07 00:24 327896 c:\windows\system32\wucltui.dll
+ 2009-04-29 18:44 . 2009-08-07 00:23 575704 c:\windows\system32\wuapi.dll
+ 2009-04-29 18:44 . 2009-08-07 00:24 209632 c:\windows\system32\dllcache\wuweb.dll
+ 2009-04-29 18:44 . 2009-08-07 00:24 327896 c:\windows\system32\dllcache\wucltui.dll
+ 2009-04-29 18:44 . 2009-08-07 00:23 575704 c:\windows\system32\dllcache\wuapi.dll
+ 2009-04-29 18:44 . 2009-08-07 00:23 1929952 c:\windows\system32\wuaueng.dll
+ 2009-04-29 18:44 . 2009-08-07 00:23 1929952 c:\windows\system32\dllcache\wuaueng.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"1&1 EasyLogin"="c:\program files\1&1\1&1 EasyLogin\EasyLogin.exe" [2009-08-18 2200576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-11-22 1037192]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
INTELLINET Wireless Utility.lnk - c:\program files\INTELLINET\Common\INTELLINET_UI.exe [2010-2-25 1638400]

[HKLM\~\startupfolder\C:^Documents and Settings^ADMIN^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\documents and settings\ADMIN\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MediaTV Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\MediaTV Monitor.lnk
backup=c:\windows\pss\MediaTV Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2008-09-26 17:02 2356088 ----a-r- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-11-21 02:11 3289088 ----a-w- c:\program files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2006-03-23 21:17 94208 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISW]
2009-10-14 13:30 730480 ----a-w- c:\program files\CheckPoint\ZAForceField\ForceField.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 10:42 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 02:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2004-10-14 21:42 1404928 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-01-06 19:34 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3 (0x3)
"gupdate"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Documents and Settings\\ADMIN\\Desktop\\programs - no install needed\\ws_ftp95.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"\\\\Dell-010610-dhx\\admin\\Desktop\\programs - no install needed\\ws_ftp95.exe"=
"c:\\xampp\\apache\\bin\\ApacheMonitor.exe"=
"c:\\xampp\\xampp-control.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [1/6/2010 9:06 PM 108289]
R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [4/22/2010 12:40 AM 29416]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [10/14/2009 8:30 AM 25208]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [10/14/2009 8:30 AM 476528]
S0 cerc6;cerc6; [x]
S3 A193_ADS;VideoXpress V2 Analog Capture;c:\windows\system32\drivers\A193_ADS.sys [5/23/2010 1:49 AM 277888]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/6/2010 2:34 PM 135664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-06-26 c:\windows\Tasks\Debut bt.job
- c:\docume~1\ALLUSE~1\DOCUME~1\NCHSOF~1\Debut\debut.exe [2010-06-19 07:41]

2010-06-29 c:\windows\Tasks\Debut mid.job
- c:\docume~1\ALLUSE~1\DOCUME~1\NCHSOF~1\Debut\debut.exe [2010-06-19 07:41]

2010-06-26 c:\windows\Tasks\Debut tst.job
- c:\docume~1\ALLUSE~1\DOCUME~1\NCHSOF~1\Debut\debut.exe [2010-06-19 07:41]

2010-06-26 c:\windows\Tasks\Debut Video Capture Software.job
- c:\docume~1\ALLUSE~1\DOCUME~1\NCHSOF~1\Debut\debut.exe [2010-06-19 07:41]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-14 11:32
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-07-14 11:39:05
ComboFix-quarantined-files.txt 2010-07-14 16:39

Pre-Run: 9,615,450,112 bytes free
Post-Run: 9,738,342,400 bytes free

- - End Of File - - AB521EA75C632B1BF230C8B897857DBA

















Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4313

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

7/14/2010 12:09:21 PM
mbam-log-2010-07-14 (12-09-21).txt

Scan type: Quick scan
Objects scanned: 120197
Time elapsed: 5 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)












-------------------------------------- esetscan log.txt --------------------------------------


C:\Documents and Settings\ADMIN\Application Data\Sun\Java\Deployment\cache\6.0\49\4c4c3231-675a1e44 multiple threats deleted - quarantined
C:\Documents and Settings\ADMIN\Application Data\Sun\Java\Deployment\cache\6.0\6\5b3d5486-35aef69b a variant of Java/TrojanDownloader.Agent.NAN trojan deleted - quarantined
C:\Documents and Settings\ADMIN\Desktop\programs - no install needed\xnews\datax\[news.giganews.com] alt.binaries.pictures.skye.mbx Win32/TrojanDropper.Agent.OKO trojan contained infected files
C:\Documents and Settings\ADMIN\Local Settings\Application Data\Identities\{FEE946EB-15AC-493E-AB99-7DF556000261}\Microsoft\Outlook Express\eBay.dbx HTML/Phishing.gen trojan unable to clean
C:\Documents and Settings\ADMIN\Local Settings\Application Data\Identities\{FEE946EB-15AC-493E-AB99-7DF556000261}\Microsoft\Outlook Express\fieldston.dbx Win32/Mytob.KX worm unable to clean
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\11\51bd4ccb-784dccd1 Java/TrojanDownloader.Agent.NBJ trojan deleted - quarantined
C:\ServicesGroup\SPC\site uploaded to sbc on 012004\root\stats\mail\jcornwell HTML/Phishing.gen trojan contained infected files
C:\ServicesGroup\SPC\_site download from sbc 012705\stats\mail\awood Win32/Bagle.AU worm contained infected files
C:\ServicesGroup\SPC\_site download from sbc 012705\stats\mail\china Win32/Netsky.B worm contained infected files
C:\ServicesGroup\SPC\_site download from sbc 012705\stats\mail\jcornwell multiple threats contained infected files
C:\ServicesGroup\SPC\_site download from sbc 012705\stats\mail\meidson-imap\Trash Win32/Bagle.AU worm contained infected files
C:\System Volume Information\_restore{A029713B-E857-4A3D-A355-5CD912F2C3D8}\RP13\A0007351.exe a variant of Win32/Kryptik.FHR trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{A029713B-E857-4A3D-A355-5CD912F2C3D8}\RP13\A0007357.exe a variant of Win32/Kryptik.FHR trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{A029713B-E857-4A3D-A355-5CD912F2C3D8}\RP13\A0007359.exe Win32/Adware.WinAntiVirus application deleted - quarantined
C:\System Volume Information\_restore{A029713B-E857-4A3D-A355-5CD912F2C3D8}\RP13\A0007362.exe a variant of Win32/Kryptik.FHR trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{A029713B-E857-4A3D-A355-5CD912F2C3D8}\RP13\A0007364.exe a variant of Win32/Kryptik.FHR trojan cleaned by deleting - quarantined

















OTL logfile created on: 7/15/2010 2:01:11 AM - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\ADMIN\Desktop\1bleeping computer posting 070210\repost 071410
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.00 Mb Total Physical Memory | 233.00 Mb Available Physical Memory | 46.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 59.00% Paging File free
Paging file location(s): C:\pagefile.sys 753 1004 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 10.14 Gb Free Space | 13.61% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DELL-010610-DHX
Current User Name: ADMIN
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/15 02:00:20 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ADMIN\Desktop\1bleeping computer posting 070210\repost 071410\OTL.exe
PRC - [2009/12/20 00:00:00 | 006,095,504 | ---- | M] (MySQL AB) -- C:\xampp\mysql\bin\mysqld.exe
PRC - [2009/12/20 00:00:00 | 000,029,416 | ---- | M] (Apache Software Foundation) -- C:\xampp\apache\bin\httpd.exe
PRC - [2009/11/22 15:44:16 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2009/11/22 15:42:50 | 001,037,192 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2009/10/14 08:30:26 | 000,476,528 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2009/08/18 05:30:12 | 002,200,576 | ---- | M] (1&1 Internet Inc) -- C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe
PRC - [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/02 13:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/09/16 04:36:44 | 001,638,400 | ---- | M] (INTELLINET NETWORK SOLUTIONS) -- C:\Program Files\INTELLINET\Common\INTELLINET_UI.exe
PRC - [2008/05/13 01:12:54 | 000,069,632 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\INTELLINET\Common\RalinkRegistryWriter.exe
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/14 07:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Outlook Express\msimn.exe
PRC - [2006/11/13 14:39:52 | 001,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2006/11/13 14:39:34 | 000,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2006/10/23 00:29:48 | 000,014,456 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe


========== Modules (SafeList) ==========

MOD - [2010/07/15 02:00:20 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ADMIN\Desktop\1bleeping computer posting 070210\repost 071410\OTL.exe
MOD - [2008/04/14 07:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2009/12/20 00:00:00 | 006,095,504 | ---- | M] (MySQL AB) [Auto | Running] -- C:\xampp\mysql\bin\mysqld.exe -- (MySQL)
SRV - [2009/12/20 00:00:00 | 000,029,416 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\xampp\apache\bin\httpd.exe -- (Apache2.2)
SRV - [2009/11/22 15:44:16 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2009/10/14 08:30:26 | 000,476,528 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/05/13 01:12:54 | 000,069,632 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files\INTELLINET\Common\RalinkRegistryWriter.exe -- (RalinkRegistryWriter)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ADMIN\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/01/07 21:06:46 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/11/22 15:42:54 | 000,486,280 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2009/10/14 08:30:02 | 000,025,208 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2009/05/11 10:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 10:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/07/30 01:44:44 | 000,619,136 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2008/05/08 16:58:58 | 000,277,888 | ---- | M] (Trident Multimedia Technologies Co.,Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\A193_ADS.sys -- (A193_ADS)
DRV - [2008/04/14 07:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/14 00:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2006/07/14 12:45:20 | 000,156,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/09/17 11:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

FF - HKLM\software\mozilla\Firefox\extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2010/06/25 15:24:40 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/07/10 17:22:38 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ZoneAlarm Toolbar Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [1&1 EasyLogin] C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe (1&1 Internet Inc)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\Wcescomm.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\INTELLINET Wireless Utility.lnk = C:\Program Files\INTELLINET\Common\INTELLINET_UI.exe (INTELLINET NETWORK SOLUTIONS)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\ADMIN\Application Data\IrfanView\IrfanView_Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\ADMIN\Application Data\IrfanView\IrfanView_Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/29 13:46:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 90 Days ==========

[2010/07/14 23:43:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Desktop\bert papers
[2010/07/14 12:19:00 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/07/14 00:50:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2010/07/10 21:23:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2010/07/10 16:58:30 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/07/10 16:54:09 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/07/10 16:54:09 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/07/10 16:54:09 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/07/10 16:54:09 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/07/10 16:54:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/07/10 16:53:02 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/07/05 19:56:08 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Software
[2010/07/02 15:50:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Desktop\1bleeping computer posting 070210
[2010/06/30 00:11:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Desktop\Using Web Analytics to Uncover Problem Pages on Your Site_files
[2010/06/30 00:10:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Desktop\5 Design Elements that Can Boost Sales_files
[2010/06/30 00:09:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Desktop\Checklist for customer service excellence_files
[2010/06/25 15:07:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\My Documents\ForceField Shared Files
[2010/06/25 15:04:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Application Data\CheckPoint
[2010/06/25 15:04:18 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2010/06/25 15:04:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs
[2010/06/25 15:04:05 | 000,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2010/06/25 15:02:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2010/06/25 00:59:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010/06/25 00:56:38 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Swift Sound
[2010/06/21 18:29:35 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2010/06/21 18:27:37 | 000,000,000 | ---D | C] -- C:\IPSEC
[2010/06/20 01:19:28 | 000,000,000 | ---D | C] -- C:\Program Files\CamStudio
[2010/06/19 21:18:41 | 000,157,184 | ---- | C] (VirusSecureLab) -- C:\Documents and Settings\ADMIN\My Documents\pid kill - free from sourceforge - Ultimate_Process_Killer_2.0.2.exe
[2010/06/19 02:48:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NCH Software
[2010/06/19 02:40:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\NCH Software
[2010/06/19 02:40:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Application Data\NCH Software
[2010/06/19 02:39:39 | 000,445,632 | ---- | C] (NCH Software) -- C:\Documents and Settings\ADMIN\Desktop\video capture software - freeQMQM - requires ie toolbar - debutsetup.exe
[2010/06/19 01:53:58 | 000,000,000 | ---D | C] -- C:\Program Files\ADS Tech
[2010/06/16 00:48:50 | 018,155,000 | ---- | C] (Visan / RocketLife) -- C:\Documents and Settings\ADMIN\My Documents\hp photo creations - hppc_0100_enu.exe
[2010/06/14 01:37:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/06/14 01:37:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2010/06/13 23:23:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/06/13 09:00:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/06/13 00:03:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/06/10 18:24:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2010/06/10 10:13:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/06/10 10:13:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/06/02 10:01:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Temp
[2010/05/29 13:49:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Desktop\attic
[2010/05/29 12:14:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Desktop\medarc
[2010/05/23 01:49:42 | 000,073,728 | ---- | C] (Trident Multimedia Technologies Corporation) -- C:\WINDOWS\System32\acpinfo.ax
[2010/05/23 01:49:41 | 000,277,888 | ---- | C] (Trident Multimedia Technologies Co.,Ltd) -- C:\WINDOWS\System32\drivers\A193_ADS.sys
[2010/05/23 01:49:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Desktop\1video xpress install
[2010/05/22 23:40:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\My Documents\My Received Files
[2010/05/19 20:47:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010/05/19 20:34:39 | 000,000,000 | ---D | C] -- C:\Program Files\VDownloader
[2010/05/19 20:25:25 | 006,943,707 | ---- | C] (Vitzo Limited ) -- C:\Documents and Settings\ADMIN\My Documents\VDownloaderSetup2.7.exe
[2010/05/16 00:24:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\My Documents\ArcSoft ToGo
[2010/05/16 00:19:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Application Data\ArcSoft
[2010/05/16 00:19:38 | 000,018,688 | ---- | C] (Arcsoft, Inc.) -- C:\WINDOWS\System32\drivers\afc.sys
[2010/05/16 00:19:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ArcSoft
[2010/05/16 00:17:42 | 000,212,480 | ---- | C] (Eastman Kodak) -- C:\WINDOWS\PCDLIB32.DLL
[2010/05/15 17:11:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Desktop\framework and code generator
[2010/05/15 16:06:57 | 000,000,000 | ---D | C] -- C:\Program Files\AppGini 4.53
[2010/05/14 00:56:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\RegisteredPackages
[2010/05/14 00:56:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Desktop\gom codec install
[2010/04/29 15:52:21 | 000,226,728 | R--- | C] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2010/04/29 15:52:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cache
[2010/04/29 15:52:15 | 000,000,000 | ---D | C] -- C:\Program Files\Coupons
[2010/04/25 01:30:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Desktop\test nicedit
[2010/04/22 15:22:49 | 001,982,228 | ---- | C] (Echo Software (Simon Steele) ) -- C:\Documents and Settings\ADMIN\My Documents\editor - programmers notepad - from pnotepad.org - freeQMQM - pn20101010.exe
[2010/04/22 12:14:04 | 001,571,436 | ---- | C] (Igor Pavlov) -- C:\Documents and Settings\ADMIN\My Documents\editor - codeQMQM - free - gsnote.exe
[2010/04/22 00:39:58 | 000,000,000 | ---D | C] -- C:\xampp
[2010/04/20 23:16:28 | 053,670,736 | ---- | C] (Apache Friends) -- C:\Documents and Settings\ADMIN\My Documents\xampp-win32-1.7.3.exe
[2010/04/18 03:10:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Desktop\My Medical Archives_files
[2010/04/16 17:50:45 | 108,490,194 | ---- | C] (OutSystems) -- C:\Documents and Settings\ADMIN\My Documents\OutSystems-AgilePlatform-Setup.exe
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\ADMIN\Desktop\*.tmp files -> C:\Documents and Settings\ADMIN\Desktop\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/07/14 23:06:08 | 000,000,374 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2010/07/14 23:05:11 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/14 23:04:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/14 16:59:53 | 007,077,888 | -H-- | M] () -- C:\Documents and Settings\ADMIN\NTUSER.DAT
[2010/07/14 16:59:53 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\ADMIN\ntuser.ini
[2010/07/14 16:59:38 | 004,841,222 | -H-- | M] () -- C:\Documents and Settings\ADMIN\Local Settings\Application Data\IconCache.db
[2010/07/14 11:32:16 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/14 08:17:57 | 000,198,656 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\menu.xls
[2010/07/13 11:33:43 | 000,001,874 | ---- | M] () -- C:\WINDOWS\winzip32.ini
[2010/07/13 11:33:43 | 000,000,710 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/12 22:32:46 | 000,014,848 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\cm shld.xls
[2010/07/11 19:29:09 | 000,000,945 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\IndianBluff pics.lnk
[2010/07/11 01:32:03 | 000,037,888 | ---- | M] () -- C:\Documents and Settings\ADMIN\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/10 17:22:38 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/07/10 16:58:35 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/07/08 11:14:21 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\ADMIN\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/07/07 14:11:15 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/07/05 21:03:33 | 002,461,792 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\Untitled.wmv
[2010/07/05 20:52:25 | 002,254,044 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\Untitled_0001.wmv
[2010/07/05 19:56:11 | 000,000,811 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Prism Video Converter.lnk
[2010/07/05 13:53:16 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\sysinternals virus stopper - from bleepingcomputer - rkill.com
[2010/07/05 09:39:16 | 000,001,710 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\HoF acceptance speech.rtf
[2010/07/03 10:49:27 | 001,400,398 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\Beau's cell phone manual - 20080311055609531_generic_cdma_a870_ug.pdf
[2010/07/03 10:03:21 | 000,045,056 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\verizon ao 070310 VoiceDetails.action.xls
[2010/07/01 20:15:29 | 000,001,863 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/07/01 02:02:22 | 000,254,624 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\General Networking-Lan-Wan port blocking, tcp ip ports, network dialup.webarchive
[2010/07/01 01:47:22 | 000,427,694 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\Windows 2000 Firewall.webarchive
[2010/06/30 00:11:14 | 000,021,646 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\Using Web Analytics to Uncover Problem Pages on Your Site.htm
[2010/06/30 00:10:50 | 000,019,828 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\5 Design Elements that Can Boost Sales.htm
[2010/06/30 00:09:56 | 000,019,213 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\Checklist for customer service excellence.htm
[2010/06/29 07:17:05 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\Debut mid.job
[2010/06/26 17:26:15 | 001,497,585 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\Woodlake_update Jun 10 (Chinese) [Compatibility Mode].pdf
[2010/06/26 17:26:15 | 001,337,348 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\Woodlake_update Jun 10a [Compatibility Mode].pdf
[2010/06/26 17:11:00 | 000,015,363 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\Website Services Page (Chinese).docx
[2010/06/26 17:08:02 | 046,899,712 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\zonealarm update - zaSetup_92_057_000_en.exe
[2010/06/26 13:14:52 | 000,002,275 | ---- | M] () -- C:\WINDOWS\WS_FTP.INI
[2010/06/25 23:50:21 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\Debut Video Capture Software.job
[2010/06/25 23:50:14 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\Debut tst.job
[2010/06/25 23:49:57 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\Debut bt.job
[2010/06/25 15:05:59 | 000,422,437 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/06/25 15:04:17 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/06/25 15:04:16 | 000,000,781 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\ZoneAlarm Security.lnk
[2010/06/25 14:01:54 | 000,000,374 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.icsxxx
[2010/06/25 00:56:47 | 000,000,830 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\NCH Toolbox.lnk
[2010/06/21 01:34:05 | 000,088,493 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\bp lease - fnos206.pdf
[2010/06/20 01:19:42 | 000,000,739 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CamStudio.lnk
[2010/06/19 02:34:36 | 000,445,632 | ---- | M] (NCH Software) -- C:\Documents and Settings\ADMIN\Desktop\video capture software - freeQMQM - requires ie toolbar - debutsetup.exe
[2010/06/19 01:54:38 | 000,001,653 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MediaTV 3.lnk
[2010/06/18 00:47:23 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.datxxxx
[2010/06/16 00:48:50 | 018,155,000 | ---- | M] (Visan / RocketLife) -- C:\Documents and Settings\ADMIN\My Documents\hp photo creations - hppc_0100_enu.exe
[2010/06/13 08:20:37 | 000,000,231 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\BOCIANY INTEGRUJĄ - Ustroń - kamera bocianie gniazdo na ŻYWO.url
[2010/06/10 11:26:10 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\WOODLAKE CAPITAL PE 6-6-10.doc
[2010/06/10 11:26:09 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\ABOUT US 6-6-10.doc
[2010/06/08 15:41:54 | 001,729,668 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\pid manager - from microsoft.com - ProcessExplorer.zip
[2010/05/28 02:18:40 | 041,524,736 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\ZONE ALARM - FREE - zaSetup_92_044_000_en.exe
[2010/05/27 01:27:38 | 000,088,374 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\lil w ss.rtf
[2010/05/25 11:57:49 | 000,002,835 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\New Database1.odb
[2010/05/22 17:08:39 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\SS Bio (Fieldston) 5-21-10.doc
[2010/05/22 16:50:00 | 000,011,981 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\SS Bio (Fieldston) 5-21-10.docx
[2010/05/16 18:51:07 | 000,001,965 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/05/15 16:09:16 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\AppGini Professional.lnk
[2010/05/15 16:04:26 | 005,289,562 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\appgini 4.53 install - 0a46e09c7211.zip
[2010/05/14 00:57:43 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/05/13 17:21:43 | 000,504,832 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\scncap051310.xls
[2010/05/12 13:23:30 | 000,527,872 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\SCNCAP051210.xls
[2010/05/09 15:06:06 | 000,000,748 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\Shortcut to AppGini.exe.lnk
[2010/05/07 15:10:45 | 000,004,336 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\010110-043010GrAmTransactions.CSV
[2010/05/02 18:29:46 | 000,307,712 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\firewall exceptions - hp dark.xls
[2010/04/30 11:23:19 | 000,156,497 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\mike dl temp 2010.jpg
[2010/04/29 15:52:26 | 000,226,728 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/28 17:39:05 | 001,683,473 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\pskill - no install - run cmd - free from sysinternals.com - from PsTools.zip
[2010/04/28 07:46:45 | 000,062,860 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\mike dl 2010.jpg
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/04/26 11:24:14 | 000,100,602 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\Pict0066-cropped-color adjusted.jpg
[2010/04/26 11:24:13 | 000,104,714 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\Pict0065-cropped-color adjusted.jpg
[2010/04/25 22:58:34 | 000,097,280 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\dell ipconfig.xls
[2010/04/24 14:06:58 | 000,000,825 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\omg-spacer-1.0.0.gif
[2010/04/24 09:08:38 | 000,000,201 | ---- | M] () -- C:\Documents and Settings\ADMIN\Application Data\Microsoft\Internet Explorer\Quick Launch\Listen Live to KCUR.url
[2010/04/24 09:07:11 | 000,000,201 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\Listen Live to KCUR.url
[2010/04/24 03:30:10 | 000,006,459 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\Gander Sauce Stories.webarchive
[2010/04/24 00:19:09 | 000,000,590 | ---- | M] () -- C:\Documents and Settings\ADMIN\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to xampp-control.exe.lnk
[2010/04/22 20:29:21 | 000,000,892 | ---- | M] () -- C:\Documents and Settings\ADMIN\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to WINWORD.EXE.lnk
[2010/04/22 15:20:22 | 008,953,966 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\editor - codeQMQM - freeQMQM - gvim72.exe
[2010/04/22 00:42:57 | 000,001,454 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\XAMPP Control Panel.lnk
[2010/04/18 03:10:34 | 000,074,951 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\My Medical Archives.htm
[2010/04/16 10:11:49 | 108,490,194 | ---- | M] (OutSystems) -- C:\Documents and Settings\ADMIN\My Documents\OutSystems-AgilePlatform-Setup.exe
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\ADMIN\Desktop\*.tmp files -> C:\Documents and Settings\ADMIN\Desktop\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/12 22:19:30 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\cm shld.xls
[2010/07/11 19:29:09 | 000,000,945 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\IndianBluff pics.lnk
[2010/07/10 23:37:31 | 314,812,500 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\Tinymodel Princess - 04.avi
[2010/07/10 16:58:35 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/07/10 16:58:31 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/07/10 16:54:09 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/07/10 16:54:09 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/07/10 16:54:09 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/07/10 16:54:09 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/07/10 16:54:09 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/07/05 21:03:13 | 002,461,792 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\Untitled.wmv
[2010/07/05 20:51:48 | 002,254,044 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\Untitled_0001.wmv
[2010/07/05 14:10:14 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\sysinternals virus stopper - from bleepingcomputer - rkill.com
[2010/07/05 14:10:14 | 000,001,710 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\HoF acceptance speech.rtf
[2010/07/03 10:49:27 | 001,400,398 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\Beau's cell phone manual - 20080311055609531_generic_cdma_a870_ug.pdf
[2010/07/03 09:59:36 | 000,045,056 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\verizon ao 070310 VoiceDetails.action.xls
[2010/07/01 02:02:22 | 000,254,624 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\General Networking-Lan-Wan port blocking, tcp ip ports, network dialup.webarchive
[2010/07/01 01:47:22 | 000,427,694 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\Windows 2000 Firewall.webarchive
[2010/06/30 00:11:13 | 000,021,646 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\Using Web Analytics to Uncover Problem Pages on Your Site.htm
[2010/06/30 00:10:49 | 000,019,828 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\5 Design Elements that Can Boost Sales.htm
[2010/06/30 00:09:54 | 000,019,213 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\Checklist for customer service excellence.htm
[2010/06/26 17:26:15 | 001,497,585 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\Woodlake_update Jun 10 (Chinese) [Compatibility Mode].pdf
[2010/06/26 17:26:15 | 001,337,348 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\Woodlake_update Jun 10a [Compatibility Mode].pdf
[2010/06/26 17:11:00 | 000,015,363 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\Website Services Page (Chinese).docx
[2010/06/26 17:08:02 | 046,899,712 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\zonealarm update - zaSetup_92_057_000_en.exe
[2010/06/25 15:04:17 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/06/25 15:04:16 | 000,000,781 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\ZoneAlarm Security.lnk
[2010/06/25 15:04:06 | 000,422,437 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/06/25 00:56:47 | 000,000,830 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\NCH Toolbox.lnk
[2010/06/25 00:35:35 | 009,236,608 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\Loggins And Messina - Angry Eyes.mp3
[2010/06/24 00:21:46 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\Debut tst.job
[2010/06/24 00:20:27 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\Debut mid.job
[2010/06/24 00:19:34 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\Debut bt.job
[2010/06/23 01:14:47 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\Debut Video Capture Software.job
[2010/06/21 19:37:19 | 041,524,736 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\ZONE ALARM - FREE - zaSetup_92_044_000_en.exe
[2010/06/21 18:27:17 | 000,110,592 | ---- | C] () -- C:\ipsechome.ipsec
[2010/06/21 18:20:23 | 000,022,397 | ---- | C] () -- C:\FIREWALL - IO - FREEqmqm - FROM auditmypc.comipsec-policy.asp - ipsechome.zip
[2010/06/21 01:34:05 | 000,088,493 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\bp lease - fnos206.pdf
[2010/06/20 01:34:08 | 000,000,811 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Prism Video Converter.lnk
[2010/06/20 01:19:42 | 000,000,739 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CamStudio.lnk
[2010/06/19 21:57:14 | 001,729,668 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\pid manager - from microsoft.com - ProcessExplorer.zip
[2010/06/19 21:16:28 | 001,683,473 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\pskill - no install - run cmd - free from sysinternals.com - from PsTools.zip
[2010/06/19 02:50:16 | 000,034,510 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\CamStudioCodec14.zip
[2010/06/19 02:48:53 | 001,364,995 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\video capture software - free - CamStudio20.exe
[2010/06/19 02:00:50 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2010/06/19 02:00:50 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
[2010/06/19 02:00:47 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\MSDvbNP.ax
[2010/06/19 02:00:47 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
[2010/06/19 02:00:43 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\PsisRndr.ax
[2010/06/19 02:00:43 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
[2010/06/19 01:54:38 | 000,001,653 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MediaTV 3.lnk
[2010/06/13 08:20:20 | 000,000,231 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\BOCIANY INTEGRUJĄ - Ustroń - kamera bocianie gniazdo na ŻYWO.url
[2010/06/10 11:26:10 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\WOODLAKE CAPITAL PE 6-6-10.doc
[2010/06/10 11:26:09 | 000,027,648 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\ABOUT US 6-6-10.doc
[2010/05/27 00:56:21 | 000,088,374 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\lil w ss.rtf
[2010/05/25 11:30:22 | 000,002,835 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\New Database1.odb
[2010/05/23 01:49:42 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\VendorCmdRW.dll
[2010/05/22 17:08:39 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\SS Bio (Fieldston) 5-21-10.doc
[2010/05/22 16:50:00 | 000,011,981 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\SS Bio (Fieldston) 5-21-10.docx
[2010/05/16 18:51:07 | 000,001,965 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/05/15 16:04:26 | 005,289,562 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\appgini 4.53 install - 0a46e09c7211.zip
[2010/05/15 01:28:53 | 000,000,302 | ---- | C] () -- C:\Documents and Settings\ADMIN\frameworks and code generators - urls.txt
[2010/05/13 17:21:43 | 000,504,832 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\scncap051310.xls
[2010/05/12 13:23:30 | 000,527,872 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\SCNCAP051210.xls
[2010/05/09 15:06:06 | 000,000,748 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\Shortcut to AppGini.exe.lnk
[2010/05/07 15:11:18 | 000,004,336 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\010110-043010GrAmTransactions.CSV
[2010/05/02 13:11:43 | 000,307,712 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\firewall exceptions - hp dark.xls
[2010/04/30 11:23:19 | 000,156,497 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\mike dl temp 2010.jpg
[2010/04/28 07:46:43 | 000,062,860 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\mike dl 2010.jpg
[2010/04/26 11:24:14 | 000,100,602 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\Pict0066-cropped-color adjusted.jpg
[2010/04/26 11:24:13 | 000,104,714 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\Pict0065-cropped-color adjusted.jpg
[2010/04/25 22:58:34 | 000,097,280 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\dell ipconfig.xls
[2010/04/24 14:06:58 | 000,000,825 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\omg-spacer-1.0.0.gif
[2010/04/24 09:08:38 | 000,000,201 | ---- | C] () -- C:\Documents and Settings\ADMIN\Application Data\Microsoft\Internet Explorer\Quick Launch\Listen Live to KCUR.url
[2010/04/24 09:07:10 | 000,000,201 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\Listen Live to KCUR.url
[2010/04/24 03:30:09 | 000,006,459 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\Gander Sauce Stories.webarchive
[2010/04/24 00:19:09 | 000,000,590 | ---- | C] () -- C:\Documents and Settings\ADMIN\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to xampp-control.exe.lnk
[2010/04/22 20:29:21 | 000,000,892 | ---- | C] () -- C:\Documents and Settings\ADMIN\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to WINWORD.EXE.lnk
[2010/04/22 15:20:22 | 008,953,966 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\editor - codeQMQM - freeQMQM - gvim72.exe
[2010/04/22 12:30:05 | 001,683,341 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\editor - code - open source - cedt-286-setup.exe
[2010/04/22 12:11:17 | 001,158,523 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\editor - php code - opensource - scintilla211.zip
[2010/04/22 00:42:24 | 000,001,454 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\XAMPP Control Panel.lnk
[2010/04/18 03:10:32 | 000,074,951 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\My Medical Archives.htm
[2010/03/02 11:58:19 | 000,001,874 | ---- | C] () -- C:\WINDOWS\winzip32.ini
[2010/01/14 14:12:38 | 000,002,275 | ---- | C] () -- C:\WINDOWS\WS_FTP.INI
[2010/01/07 13:39:36 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/01/06 14:05:07 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[1999/01/22 07:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2010/01/08 17:43:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\1&1
[2010/01/29 22:40:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Canon
[2010/06/25 15:04:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\CheckPoint
[2010/01/10 21:48:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\IrfanView
[2010/01/28 19:37:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\OpenOffice.org
[2010/06/10 11:24:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Utela
[2010/06/25 00:59:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010/06/25 23:49:57 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\Debut bt.job
[2010/06/29 07:17:05 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\Debut mid.job
[2010/06/25 23:50:14 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\Debut tst.job
[2010/06/25 23:50:21 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\Debut Video Capture Software.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[1996/10/14 01:38:00 | 000,254,799 | ---- | M] () -- C:\QBASIC.EXE
[2010/03/02 22:52:11 | 001,768,411 | ---- | M] () -- C:\setupcpuspeedpro.exe


< MD5 for: AGP440.SYS >
[2008/04/14 07:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/04/14 07:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 07:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/14 07:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2009/12/20 00:00:00 | 000,037,520 | ---- | M] (perl.org) MD5=2852D57385C4709EAAE2F9DB01AD3672 -- C:\xampp\perl\site\lib\auto\Win32\EventLog\EventLog.dll
[2008/04/14 07:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/14 07:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/14 07:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: IASTOR.SYS >
[2008/07/21 00:44:44 | 000,324,120 | ---- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\WINDOWS\Dell\Intel\IaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/14 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/14 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/14 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: NVGTS.SYS >
[2008/01/21 13:15:22 | 000,102,400 | ---- | M] (NVIDIA Corporation) MD5=A0B3F3A5049931657164F0FFCF0B208E -- C:\WINDOWS\Dell\NVidia\nvgts.sys

< MD5 for: NVRD32.SYS >
[2008/01/21 13:15:22 | 000,128,000 | ---- | M] (NVIDIA Corporation) MD5=C9128FE14E5C1E55710781B5C276F2ED -- C:\WINDOWS\Dell\NVidia\nvrd32.sys

< MD5 for: SCECLI.DLL >
[2008/04/14 07:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/14 07:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/14 07:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SYMMPI.SYS >
[2007/02/10 01:06:00 | 000,100,096 | ---- | M] (LSI Logic) MD5=A42F863305943869BA00A613C8EE8C7E -- C:\WINDOWS\Dell\LSI\symmpi.sys

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009/04/29 08:34:50 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/04/29 08:34:50 | 001,089,536 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/04/29 08:34:50 | 000,909,312 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemdrive%\*.sys /90 /md5 >
[2010/07/14 23:04:45 | 789,577,728 | -HS- | M] () Unable to obtain MD5 -- C:\pagefile.sys

< >
< End of report >























OTL Extras logfile created on: 7/15/2010 2:01:11 AM - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\ADMIN\Desktop\1bleeping computer posting 070210\repost 071410
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.00 Mb Total Physical Memory | 233.00 Mb Available Physical Memory | 46.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 59.00% Paging File free
Paging file location(s): C:\pagefile.sys 753 1004 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 10.14 Gb Free Space | 13.61% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DELL-010610-DHX
Current User Name: ADMIN
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.jse [@ = JSEFile] -- C:\WINDOWS\System32\CScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\CScript.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
wsffile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Documents and Settings\ADMIN\Desktop\programs - no install needed\ws_ftp95.exe" = C:\Documents and Settings\ADMIN\Desktop\programs - no install needed\ws_ftp95.exe:*:Enabled:WS_FTP 95 -- (Ipswitch, Inc. 81 Hartwell Ave. Lexington, MA 02173)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:*:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard -- (Microsoft Corporation)
"\\Dell-010610-dhx\admin\Desktop\programs - no install needed\ws_ftp95.exe" = \\Dell-010610-dhx\admin\Desktop\programs - no install needed\ws_ftp95.exe:*:Enabled:WS_FTP 95
"C:\xampp\apache\bin\ApacheMonitor.exe" = C:\xampp\apache\bin\ApacheMonitor.exe:*:Enabled:ApacheMonitor.exe -- (Apache Software Foundation)
"C:\xampp\xampp-control.exe" = C:\xampp\xampp-control.exe:*:Disabled:XAMPP Control Panel -- (Apache Friends)
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Disabled:Google Talk -- (Google)
"C:\Program Files\ADS Tech\MediaTV 3\MediaTV.exe" = C:\Program Files\ADS Tech\MediaTV 3\MediaTV.exe:LocalSubNet:Disabled:ADS Tech MediaTV 3 -- (ADS Corp.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18A5DFF2-8A95-49F3-873F-743CB5549F3D}" = Canon ScanGear Starter
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216016F0}" = Java™ 6 Update 16
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 18
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = INTELLINET INTELLINET WLAN
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E8444C5-766E-4f4d-82F8-BB83E2FBB42A}" = HP Deskjet F2200 All-In-One Driver 10.0 Rel .3
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{B7F54262-AB66-44B3-88BF-9FC69941B643}" = Broadcom Gigabit Integrated Controller
"{c6922d7f-c698-4d9e-9671-8b3de04d1511}" = DJ_AIO_03_F2200_Software_Min
"{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}" = Canon CanoScan Toolbox 4.9
"{CACE3FCE-4906-47CC-9873-BFC4E5943C12}" = ADS Tech MediaTV 3
"{E56D39F8-2A9F-44B4-B068-A72E45A073E6}" = Safari
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"1&1 EasyLogin" = 1&1 EasyLogin
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AppGini Professional Edition_is1" = AppGini Professional Edition 4.53
"Arachnophilia 5.4_is1" = Arachnophilia 5.4
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CamStudio" = CamStudio
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"ESET Online Scanner" = ESET Online Scanner v3
"GOM Player" = GOM Player
"Google Chrome" = Google Chrome
"in2site 1.006" = in2site 1.006
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"MPEG2 Codec(libmpeg2/mad)" = MPEG2 Codec(libmpeg2/mad)
"Paint Shop Pro 5.0 Evaluation" = Paint Shop Pro 5.0 Evaluation
"Prism" = Prism Video Converter
"Recovery Toolbox for Excel_is1" = Recovery Toolbox for Excel 1.1
"ToolBox" = NCH Toolbox
"Windows Media Format Runtime" = Windows Media Format Runtime
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"ZoneAlarm" = ZoneAlarm
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/10/2010 10:21:17 AM | Computer Name = DELL-010610-DHX | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Professional -- Error 1706. No valid
source could be found for product Microsoft Office 2000 Professional. The Windows
installer cannot continue.

Error - 7/11/2010 2:47:55 AM | Computer Name = DELL-010610-DHX | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module asvid.ax, version 1.7.3.5, fault address 0x00010cad.

Error - 7/11/2010 2:48:36 AM | Computer Name = DELL-010610-DHX | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 7/11/2010 2:58:07 AM | Computer Name = DELL-010610-DHX | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module asvid.ax, version 1.7.3.5, fault address 0x00010cad.

Error - 7/11/2010 2:59:26 AM | Computer Name = DELL-010610-DHX | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/11/2010 9:26:13 AM | Computer Name = DELL-010610-DHX | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 7/11/2010 9:26:13 AM | Computer Name = DELL-010610-DHX | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 7/13/2010 12:36:18 PM | Computer Name = DELL-010610-DHX | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module asvid.ax, version 1.7.3.5, fault address 0x00010cad.

Error - 7/14/2010 1:17:36 PM | Computer Name = DELL-010610-DHX | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 7/14/2010 1:17:36 PM | Computer Name = DELL-010610-DHX | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

[ System Events ]
Error - 7/14/2010 5:38:09 PM | Computer Name = DELL-010610-DHX | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference
error message: The referenced assembly is not installed on your system. .

Error - 7/14/2010 5:38:09 PM | Computer Name = DELL-010610-DHX | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_decbdf0c\MFC80U.DLL.
Reference
error message: The operation completed successfully. .

Error - 7/14/2010 5:38:10 PM | Computer Name = DELL-010610-DHX | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 7/14/2010 5:38:10 PM | Computer Name = DELL-010610-DHX | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference
error message: The referenced assembly is not installed on your system. .

Error - 7/14/2010 5:38:10 PM | Computer Name = DELL-010610-DHX | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_decbdf0c\MFC80U.DLL.
Reference
error message: The operation completed successfully. .

Error - 7/14/2010 5:38:13 PM | Computer Name = DELL-010610-DHX | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 7/14/2010 5:38:13 PM | Computer Name = DELL-010610-DHX | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference
error message: The referenced assembly is not installed on your system. .

Error - 7/14/2010 5:38:13 PM | Computer Name = DELL-010610-DHX | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_decbdf0c\MFC80.DLL.
Reference
error message: The operation completed successfully. .

Error - 7/14/2010 5:51:10 PM | Computer Name = DELL-010610-DHX | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service gusvc with
arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}

Error - 7/14/2010 5:51:11 PM | Computer Name = DELL-010610-DHX | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service gupdate with
arguments "/comsvc" in order to run the server: {E225E692-4B47-4777-9BED-4FD7FE257F0E}


< End of report >




------------------------ End of logs per your last directions ------------------------

Mike
7-15-10
==========



#8 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:02:37 AM

Posted 16 July 2010 - 02:12 PM

Hi,



Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. NOT supported for use in 9x or ME

Upgrading Java:
  • Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 21.
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u21-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u21-windows-i586.exe and select "Run as an Administrator.")




How is it running now?
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#9 maryba

maryba
  • Topic Starter

  • Members
  • 120 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 16 July 2010 - 09:10 PM

Hi Tom,

Java update done.

Original problems & concerns have apparently been resolved. No svchost instances randomly continously running at 99, no further search engine results hijacked.

Still am seeing a taskmgr line item for OUTLOOK.EXE which worries me since I can't account for it starting up automatically, it didn't previously occur, and fact that the program title is showing as all caps.

Additionally, after our last action step (prior to this Java update), I noticed HelpSvc.exe running at 99 in taskmgr and had never seen it before. I did see in one or two Google'd sites that it is the name of a Windows application that starts when Windows Help has been invoked and that sometimes it does run at 99 even after help session has been closed. I think I had used Windows help the day before but am sure I had since restarted Windows.

Otherwise, computer seems in excellent shape - including continously successful access to it from the other computer on the network. If you'll remember, in my original writeup I had included that I was having only intermittant connectivity from the XP Home computer to this, the XP Professional computer. Any possibility that the stuff we've cleaned out may have had a part in the networking problem?

Would appreciate you thoughts on these three items.

Thanks so very much for your help and guidance. I'd like you to know in advance that I'll be making a modest donation on 7-28-2010.

Wiedersehen!

Mike


#10 maryba

maryba
  • Topic Starter

  • Members
  • 120 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 17 July 2010 - 09:52 AM

Tom,

Not sure but I think I may have somehow sent the last posted (Posted Yesterday, 09:10 PM) to myself so resending to you, or trying anyway, just in case.

Mike


#11 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:02:37 AM

Posted 19 July 2010 - 11:32 AM

Hi smile.gif

Please post back with a fresh OTL logfile, will have a look at the items smile.gif
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#12 maryba

maryba
  • Topic Starter

  • Members
  • 120 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 19 July 2010 - 09:27 PM

Tom,

OTL's log:
(Notes:
- did same Quick Scan with same parameters you had me do in first OTL scan. Guess you'll see that in the log.
- no Extra.txt log produced)

OTL logfile created on: 7/19/2010 5:06:01 PM - Run 2
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\ADMIN\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.00 Mb Total Physical Memory | 231.00 Mb Available Physical Memory | 46.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 60.00% Paging File free
Paging file location(s): C:\pagefile.sys 753 1004 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 7.80 Gb Free Space | 10.46% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DELL-010610-DHX
Current User Name: ADMIN
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/19 17:04:53 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ADMIN\Desktop\OTL.exe
PRC - [2009/12/20 00:00:00 | 006,095,504 | ---- | M] (MySQL AB) -- C:\xampp\mysql\bin\mysqld.exe
PRC - [2009/12/20 00:00:00 | 000,029,416 | ---- | M] (Apache Software Foundation) -- C:\xampp\apache\bin\httpd.exe
PRC - [2009/11/22 15:44:16 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2009/11/22 15:42:50 | 001,037,192 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2009/10/14 08:30:26 | 000,476,528 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2009/08/18 05:30:12 | 002,200,576 | ---- | M] (1&1 Internet Inc) -- C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe
PRC - [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/02 13:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/09/26 12:02:04 | 002,356,088 | R--- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
PRC - [2008/09/16 04:36:44 | 001,638,400 | ---- | M] (INTELLINET NETWORK SOLUTIONS) -- C:\Program Files\INTELLINET\Common\INTELLINET_UI.exe
PRC - [2008/05/13 01:12:54 | 000,069,632 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\INTELLINET\Common\RalinkRegistryWriter.exe
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/13 14:39:52 | 001,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2006/11/13 14:39:34 | 000,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe


========== Modules (SafeList) ==========

MOD - [2010/07/19 17:04:53 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ADMIN\Desktop\OTL.exe
MOD - [2008/04/14 07:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2009/12/20 00:00:00 | 006,095,504 | ---- | M] (MySQL AB) [Auto | Running] -- C:\xampp\mysql\bin\mysqld.exe -- (MySQL)
SRV - [2009/12/20 00:00:00 | 000,029,416 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\xampp\apache\bin\httpd.exe -- (Apache2.2)
SRV - [2009/11/22 15:44:16 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2009/10/14 08:30:26 | 000,476,528 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/05/13 01:12:54 | 000,069,632 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files\INTELLINET\Common\RalinkRegistryWriter.exe -- (RalinkRegistryWriter)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ADMIN\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/01/07 21:06:46 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/11/22 15:42:54 | 000,486,280 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2009/10/14 08:30:02 | 000,025,208 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2009/05/11 10:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 10:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/07/30 01:44:44 | 000,619,136 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2008/05/08 16:58:58 | 000,277,888 | ---- | M] (Trident Multimedia Technologies Co.,Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\A193_ADS.sys -- (A193_ADS)
DRV - [2008/04/14 07:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/14 00:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2006/07/14 12:45:20 | 000,156,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/09/17 11:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

FF - HKLM\software\mozilla\Firefox\extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2010/06/25 15:24:40 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/07/10 17:22:38 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ZoneAlarm Toolbar Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [1&1 EasyLogin] C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe (1&1 Internet Inc)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\Wcescomm.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\INTELLINET Wireless Utility.lnk = C:\Program Files\INTELLINET\Common\INTELLINET_UI.exe (INTELLINET NETWORK SOLUTIONS)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\ADMIN\Application Data\IrfanView\IrfanView_Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\ADMIN\Application Data\IrfanView\IrfanView_Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/29 13:46:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 90 Days ==========

[2010/07/19 17:04:50 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ADMIN\Desktop\OTL.exe
[2010/07/17 11:09:57 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/07/16 20:42:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/07/16 20:42:05 | 000,423,656 | ---- | C] (Oracle) -- C:\WINDOWS\System32\deployJava1.dll
[2010/07/16 20:42:05 | 000,153,376 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javaws.exe
[2010/07/16 20:42:05 | 000,145,184 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javaw.exe
[2010/07/16 20:42:05 | 000,145,184 | ---- | C] (Oracle) -- C:\WINDOWS\System32\java.exe
[2010/07/16 20:42:05 | 000,073,728 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javacpl.cpl
[2010/07/16 20:38:51 | 016,066,336 | ---- | C] (Oracle) -- C:\Documents and Settings\ADMIN\Desktop\jre-6u21-windows-i586.exe
[2010/07/16 20:28:23 | 000,000,000 | ---D | C] -- C:\glassfishv3
[2010/07/14 23:43:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Desktop\bert papers
[2010/07/14 12:19:00 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/07/14 00:50:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2010/07/10 21:23:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2010/07/10 16:58:30 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/07/10 16:54:09 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/07/10 16:54:09 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/07/10 16:54:09 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/07/10 16:54:09 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/07/10 16:54:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/07/10 16:53:02 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/07/05 19:56:08 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Software
[2010/07/02 15:50:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Desktop\1bleeping computer posting 070210
[2010/06/30 00:11:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Desktop\Using Web Analytics to Uncover Problem Pages on Your Site_files
[2010/06/30 00:10:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Desktop\5 Design Elements that Can Boost Sales_files
[2010/06/30 00:09:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Desktop\Checklist for customer service excellence_files
[2010/06/25 15:07:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\My Documents\ForceField Shared Files
[2010/06/25 15:04:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Application Data\CheckPoint
[2010/06/25 15:04:18 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2010/06/25 15:04:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs
[2010/06/25 15:04:05 | 000,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2010/06/25 15:02:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2010/06/25 00:59:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010/06/25 00:56:38 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Swift Sound
[2010/06/21 18:29:35 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2010/06/21 18:27:37 | 000,000,000 | ---D | C] -- C:\IPSEC
[2010/06/20 01:19:28 | 000,000,000 | ---D | C] -- C:\Program Files\CamStudio
[2010/06/19 21:18:41 | 000,157,184 | ---- | C] (VirusSecureLab) -- C:\Documents and Settings\ADMIN\My Documents\pid kill - free from sourceforge - Ultimate_Process_Killer_2.0.2.exe
[2010/06/19 02:48:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NCH Software
[2010/06/19 02:40:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\NCH Software
[2010/06/19 02:40:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Application Data\NCH Software
[2010/06/19 02:39:39 | 000,445,632 | ---- | C] (NCH Software) -- C:\Documents and Settings\ADMIN\Desktop\video capture software - freeQMQM - requires ie toolbar - debutsetup.exe
[2010/06/19 01:53:58 | 000,000,000 | ---D | C] -- C:\Program Files\ADS Tech
[2010/06/16 00:48:50 | 018,155,000 | ---- | C] (Visan / RocketLife) -- C:\Documents and Settings\ADMIN\My Documents\hp photo creations - hppc_0100_enu.exe
[2010/06/14 01:37:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/06/14 01:37:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2010/06/13 23:23:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/06/13 09:00:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/06/13 00:03:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/06/10 18:24:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2010/06/10 10:13:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/06/10 10:13:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/06/02 10:01:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Temp
[2010/05/29 13:49:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Desktop\attic
[2010/05/29 12:14:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Desktop\medarc
[2010/05/23 01:49:42 | 000,073,728 | ---- | C] (Trident Multimedia Technologies Corporation) -- C:\WINDOWS\System32\acpinfo.ax
[2010/05/23 01:49:41 | 000,277,888 | ---- | C] (Trident Multimedia Technologies Co.,Ltd) -- C:\WINDOWS\System32\drivers\A193_ADS.sys
[2010/05/23 01:49:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Desktop\1video xpress install
[2010/05/22 23:40:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\My Documents\My Received Files
[2010/05/19 20:47:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010/05/19 20:34:39 | 000,000,000 | ---D | C] -- C:\Program Files\VDownloader
[2010/05/19 20:25:25 | 006,943,707 | ---- | C] (Vitzo Limited ) -- C:\Documents and Settings\ADMIN\My Documents\VDownloaderSetup2.7.exe
[2010/05/16 00:24:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\My Documents\ArcSoft ToGo
[2010/05/16 00:19:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Application Data\ArcSoft
[2010/05/16 00:19:38 | 000,018,688 | ---- | C] (Arcsoft, Inc.) -- C:\WINDOWS\System32\drivers\afc.sys
[2010/05/16 00:19:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ArcSoft
[2010/05/16 00:17:42 | 000,212,480 | ---- | C] (Eastman Kodak) -- C:\WINDOWS\PCDLIB32.DLL
[2010/05/15 17:11:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Desktop\framework and code generator
[2010/05/15 16:06:57 | 000,000,000 | ---D | C] -- C:\Program Files\AppGini 4.53
[2010/05/14 00:56:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\RegisteredPackages
[2010/05/14 00:56:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Desktop\gom codec install
[2010/04/29 15:52:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cache
[2010/04/25 01:30:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Desktop\test nicedit
[2010/04/22 15:22:49 | 001,982,228 | ---- | C] (Echo Software (Simon Steele) ) -- C:\Documents and Settings\ADMIN\My Documents\editor - programmers notepad - from pnotepad.org - freeQMQM - pn20101010.exe
[2010/04/22 12:14:04 | 001,571,436 | ---- | C] (Igor Pavlov) -- C:\Documents and Settings\ADMIN\My Documents\editor - codeQMQM - free - gsnote.exe
[2010/04/22 00:39:58 | 000,000,000 | ---D | C] -- C:\xampp
[2010/04/20 23:16:28 | 053,670,736 | ---- | C] (Apache Friends) -- C:\Documents and Settings\ADMIN\My Documents\xampp-win32-1.7.3.exe
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\ADMIN\Desktop\*.tmp files -> C:\Documents and Settings\ADMIN\Desktop\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/07/19 17:04:53 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ADMIN\Desktop\OTL.exe
[2010/07/19 13:56:09 | 000,033,895 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\map - U.S.jpg
[2010/07/19 13:51:53 | 000,015,192 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\NEWReceipt_ID_Cards[1].pdf
[2010/07/18 11:24:44 | 000,000,268 | ---- | M] () -- C:\WINDOWS\tasks\debutShakeIcon.job
[2010/07/18 08:44:44 | 000,000,374 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2010/07/18 08:42:31 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/18 08:41:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/18 03:00:28 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\ADMIN\ntuser.ini
[2010/07/18 03:00:27 | 007,077,888 | -H-- | M] () -- C:\Documents and Settings\ADMIN\NTUSER.DAT
[2010/07/17 00:29:35 | 000,110,851 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127879676142.jpg
[2010/07/17 00:29:22 | 000,326,289 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127882752876.jpg
[2010/07/17 00:23:37 | 000,000,197 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\BOCIANY INTEGRUJĄ - Ustroń - kamera bocianie gniazdo na ŻYWO (2).url
[2010/07/16 23:58:14 | 000,328,654 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127882744327.jpg
[2010/07/16 23:57:42 | 000,206,819 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127886126285.jpg
[2010/07/16 23:56:25 | 000,240,748 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127918700132-1.jpg
[2010/07/16 23:54:32 | 000,183,671 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127862526893.jpg
[2010/07/16 23:54:02 | 000,441,536 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127874536690.jpg
[2010/07/16 23:53:49 | 000,138,630 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127928204051.jpg
[2010/07/16 23:53:37 | 000,078,608 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127874539118.jpg
[2010/07/16 23:53:08 | 000,062,289 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127932729983.jpg
[2010/07/16 23:52:42 | 000,042,683 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127931130914.jpg
[2010/07/16 23:51:48 | 000,045,065 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127112633567.jpg
[2010/07/16 23:51:35 | 000,031,620 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127112609956.jpg
[2010/07/16 23:51:34 | 000,056,535 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127041712625.jpg
[2010/07/16 23:51:18 | 000,417,503 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127041709778.jpg
[2010/07/16 23:51:17 | 000,364,067 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127041669944.jpg
[2010/07/16 23:51:02 | 000,247,558 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127041662976.jpg
[2010/07/16 23:51:00 | 000,094,201 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127041659335.jpg
[2010/07/16 23:50:49 | 000,537,806 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127041608959.jpg
[2010/07/16 23:50:07 | 000,286,976 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\126696510832.jpg
[2010/07/16 23:49:29 | 000,064,205 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127211984956.jpg
[2010/07/16 23:49:09 | 000,162,261 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127934105014.jpg
[2010/07/16 23:48:14 | 000,168,970 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127797182479.jpg
[2010/07/16 23:38:24 | 000,010,400 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127919534570.jpg
[2010/07/16 23:38:12 | 000,198,601 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127919071339.jpg
[2010/07/16 23:37:43 | 000,295,828 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127909914335.jpg
[2010/07/16 23:37:41 | 000,716,294 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127909850186.jpg
[2010/07/16 23:37:27 | 000,602,067 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127909842497.jpg
[2010/07/16 23:37:25 | 000,290,503 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\12790983564.jpg
[2010/07/16 23:37:05 | 000,348,313 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\12790983167.jpg
[2010/07/16 23:37:03 | 000,436,809 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127909820889.jpg
[2010/07/16 23:36:47 | 000,564,730 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127909009553.jpg
[2010/07/16 23:36:44 | 000,274,624 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\12790937518.jpg
[2010/07/16 23:36:27 | 000,211,449 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127908999316.jpg
[2010/07/16 23:36:25 | 000,267,247 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\12790899387.jpg
[2010/07/16 23:36:11 | 000,404,229 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127908969362.jpg
[2010/07/16 23:36:10 | 000,099,326 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127908915379.jpg
[2010/07/16 23:35:51 | 000,361,907 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127908909674.jpg
[2010/07/16 23:35:49 | 000,223,052 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127908611540.jpg
[2010/07/16 23:35:40 | 000,311,436 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\12790858289.jpg
[2010/07/16 23:35:38 | 000,128,639 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\12790827031.jpg
[2010/07/16 23:35:25 | 000,388,536 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127908266123.jpg
[2010/07/16 23:35:24 | 000,230,559 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127908261924.jpg
[2010/07/16 23:35:12 | 000,262,017 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127908258063.jpg
[2010/07/16 23:35:11 | 000,101,106 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127908253890.jpg
[2010/07/16 23:35:02 | 000,294,769 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127908245460.jpg
[2010/07/16 23:35:01 | 000,356,468 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\12790824021.jpg
[2010/07/16 23:34:47 | 000,244,531 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\12790823166.jpg
[2010/07/16 23:34:45 | 000,393,527 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\12790822677.jpg
[2010/07/16 23:34:34 | 000,279,430 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127908221731.jpg
[2010/07/16 23:34:32 | 000,273,389 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127908201257.jpg
[2010/07/16 23:34:22 | 000,227,681 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127908192180.jpg
[2010/07/16 23:34:21 | 000,273,054 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127908187677.jpg
[2010/07/16 23:34:08 | 000,274,935 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127908162111.jpg
[2010/07/16 23:34:06 | 000,255,621 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127908157273.jpg
[2010/07/16 23:33:56 | 000,309,207 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127908153815.jpg
[2010/07/16 23:33:54 | 000,228,727 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127908149861.jpg
[2010/07/16 23:32:22 | 000,099,779 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127932841990.jpg
[2010/07/16 23:32:07 | 000,104,153 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127932837811.jpg
[2010/07/16 23:31:59 | 000,344,856 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\12793252006.jpg
[2010/07/16 23:31:49 | 000,325,125 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127932516768.jpg
[2010/07/16 23:30:34 | 000,285,487 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127803452332.jpg
[2010/07/16 23:30:25 | 000,233,530 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127803543593.jpg
[2010/07/16 23:30:21 | 000,329,574 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127806100949.jpg
[2010/07/16 23:30:12 | 000,358,555 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\12780610766.jpg
[2010/07/16 23:30:00 | 000,306,370 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\12780741994.jpg
[2010/07/16 23:29:57 | 000,152,055 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127806239536.jpg
[2010/07/16 23:29:47 | 000,484,575 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127808006913.jpg
[2010/07/16 23:29:45 | 000,215,732 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127807677793.jpg
[2010/07/16 23:29:33 | 000,366,868 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127813515078.jpg
[2010/07/16 23:29:32 | 000,153,101 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127813995273.jpg
[2010/07/16 23:29:20 | 000,273,723 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127814001425.jpg
[2010/07/16 23:29:18 | 000,266,900 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127814007659.jpg
[2010/07/16 23:28:55 | 000,142,587 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\12782996383.jpg
[2010/07/16 23:28:53 | 000,322,850 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127830879516.jpg
[2010/07/16 23:28:44 | 000,291,298 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127830993369.jpg
[2010/07/16 23:28:42 | 000,334,499 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127830952870.jpg
[2010/07/16 23:28:28 | 000,302,124 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127866713191.jpg
[2010/07/16 23:28:26 | 000,284,112 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127831540085.jpg
[2010/07/16 23:28:13 | 000,397,961 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\12786835664.jpg
[2010/07/16 23:28:11 | 000,386,138 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127866718826.jpg
[2010/07/16 23:28:00 | 000,270,007 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127879577151.jpg
[2010/07/16 23:27:59 | 000,211,666 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127877718224.jpg
[2010/07/16 23:27:46 | 000,393,292 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127898680889.jpg
[2010/07/16 23:27:44 | 000,334,821 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127895908413.jpg
[2010/07/16 23:27:23 | 000,370,082 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127926756939.jpg
[2010/07/16 23:27:22 | 000,443,487 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\12792657224.jpg
[2010/07/16 23:27:02 | 000,422,703 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127933173715.jpg
[2010/07/16 23:27:01 | 000,332,683 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127928643086.jpg
[2010/07/16 23:26:42 | 000,164,181 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127803182131.jpg
[2010/07/16 23:26:17 | 000,192,367 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127798569945.jpg
[2010/07/16 23:26:15 | 000,461,360 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127797659936.jpg
[2010/07/16 23:21:33 | 000,205,765 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127931916262.jpg
[2010/07/16 23:21:28 | 000,170,361 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\12793188123.jpg
[2010/07/16 23:21:24 | 000,328,277 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127931860270.jpg
[2010/07/16 23:21:13 | 000,295,197 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127931850616.jpg
[2010/07/16 23:21:12 | 000,216,037 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127931823736.jpg
[2010/07/16 23:21:06 | 000,270,836 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127931811277.jpg
[2010/07/16 23:21:05 | 000,293,634 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\12793179378.jpg
[2010/07/16 23:20:58 | 000,161,075 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127931772154.jpg
[2010/07/16 23:20:45 | 000,311,827 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127931759070.jpg
[2010/07/16 23:20:36 | 000,063,526 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127905462551.jpg
[2010/07/16 23:20:19 | 000,130,233 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127902972016.jpg
[2010/07/16 23:19:38 | 000,623,354 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127933608227.jpg
[2010/07/16 23:19:36 | 000,970,112 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127933329141.jpg
[2010/07/16 23:19:25 | 000,356,031 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127932526933.jpg
[2010/07/16 23:19:23 | 000,782,308 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127932472354.jpg
[2010/07/16 23:19:10 | 001,013,930 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127930315518.jpg
[2010/07/16 23:19:08 | 000,205,863 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127930174353.jpg
[2010/07/16 23:18:56 | 000,579,777 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127924067650.jpg
[2010/07/16 23:18:23 | 001,016,911 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127922668125-1.jpg
[2010/07/16 23:18:07 | 000,913,861 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127920855995.jpg
[2010/07/16 23:18:05 | 000,762,994 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127918833227.jpg
[2010/07/16 23:17:48 | 000,878,596 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127914770740.jpg
[2010/07/16 23:17:46 | 000,205,811 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127914656899.jpg
[2010/07/16 23:17:40 | 000,883,248 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127914496152.jpg
[2010/07/16 23:17:31 | 000,206,191 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127914463664.jpg
[2010/07/16 23:17:21 | 000,201,699 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127898810496.jpg
[2010/07/16 23:17:15 | 001,000,750 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\12789653621.jpg
[2010/07/16 23:16:21 | 000,165,097 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127933734041.jpg
[2010/07/16 23:16:05 | 000,170,695 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127738734764.jpg
[2010/07/16 23:15:53 | 000,101,138 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127738740476.jpg
[2010/07/16 23:15:33 | 000,285,905 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127730313740.jpg
[2010/07/16 23:15:22 | 000,174,664 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127730307078.jpg
[2010/07/16 23:15:14 | 000,198,360 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127730319945.jpg
[2010/07/16 23:14:59 | 000,172,716 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127738743798.jpg
[2010/07/16 20:41:47 | 000,423,656 | ---- | M] (Oracle) -- C:\WINDOWS\System32\deployJava1.dll
[2010/07/16 20:41:47 | 000,153,376 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javaws.exe
[2010/07/16 20:41:47 | 000,145,184 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javaw.exe
[2010/07/16 20:41:47 | 000,145,184 | ---- | M] (Oracle) -- C:\WINDOWS\System32\java.exe
[2010/07/16 20:41:47 | 000,073,728 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javacpl.cpl
[2010/07/16 20:38:51 | 016,066,336 | ---- | M] (Oracle) -- C:\Documents and Settings\ADMIN\Desktop\jre-6u21-windows-i586.exe
[2010/07/16 20:07:08 | 142,330,768 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\java_ee_sdk-6u1-jdk-windows.exe
[2010/07/16 11:31:04 | 000,039,501 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\IL - all teams logos - stacked-150x.jpg
[2010/07/16 11:30:15 | 000,023,315 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\IL - all teams logos - stacked.jpg
[2010/07/16 01:23:56 | 004,786,196 | -H-- | M] () -- C:\Documents and Settings\ADMIN\Local Settings\Application Data\IconCache.db
[2010/07/16 01:22:33 | 000,029,553 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127913455367.jpg
[2010/07/16 01:22:26 | 000,150,554 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\12791533926.jpg
[2010/07/16 01:22:15 | 000,242,846 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\12791550371.jpg
[2010/07/16 01:22:04 | 000,260,698 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127917151149.jpg
[2010/07/16 01:21:53 | 000,128,963 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127907177510.jpg
[2010/07/16 01:21:14 | 000,240,748 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127918700132.jpg
[2010/07/16 01:20:54 | 000,150,475 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127918369825.jpg
[2010/07/16 01:20:43 | 000,203,275 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127918272463.jpg
[2010/07/16 01:20:30 | 000,194,072 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127918092016.jpg
[2010/07/16 01:20:06 | 000,243,313 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127921810432.jpg
[2010/07/16 01:19:56 | 000,013,390 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\12791798826.jpg
[2010/07/16 01:19:35 | 000,311,466 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127914740598.jpg
[2010/07/16 01:19:24 | 000,126,067 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\12785989595.jpg
[2010/07/16 01:19:10 | 000,447,560 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127925186672.jpg
[2010/07/16 01:18:23 | 000,060,000 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127918514797.jpg
[2010/07/16 01:18:12 | 000,252,633 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\12792235161.jpg
[2010/07/16 01:16:30 | 000,323,493 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127917439138.jpg
[2010/07/16 01:15:57 | 000,076,020 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127897202396.jpg
[2010/07/16 01:15:40 | 001,016,911 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127922668125.jpg
[2010/07/16 01:15:02 | 000,059,486 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127887490594.jpg
[2010/07/16 01:14:35 | 000,357,804 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127862390412.jpg
[2010/07/16 01:14:06 | 000,347,596 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\12775665394.jpg
[2010/07/16 01:13:52 | 000,361,606 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127756250036.jpg
[2010/07/16 01:13:39 | 000,412,856 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127751381192.jpg
[2010/07/16 01:12:44 | 000,299,375 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127917053571.jpg
[2010/07/16 01:12:39 | 000,254,193 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127917030611.jpg
[2010/07/16 01:12:33 | 000,295,037 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127916967643.jpg
[2010/07/16 01:12:31 | 000,299,578 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\127916964217.jpg
[2010/07/15 09:21:33 | 000,198,656 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\menu.xls
[2010/07/14 11:32:16 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/13 11:33:43 | 000,001,874 | ---- | M] () -- C:\WINDOWS\winzip32.ini
[2010/07/13 11:33:43 | 000,000,710 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/13 08:52:22 | 000,031,461 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\1818 CDT, a new containment cap, top, is lowered over the broken wellhead at the site of the Deepwater Horizon oil spill in the Gulf of Mexico, Monday, July 12, 2010.jpg
[2010/07/12 22:32:46 | 000,014,848 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\cm shld.xls
[2010/07/11 19:29:09 | 000,000,945 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\IndianBluff pics.lnk
[2010/07/11 01:32:03 | 000,037,888 | ---- | M] () -- C:\Documents and Settings\ADMIN\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/10 17:22:38 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/07/10 16:58:35 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/07/08 11:14:21 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\ADMIN\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/07/07 14:11:15 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/07/05 21:03:33 | 002,461,792 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\Untitled.wmv
[2010/07/05 20:52:25 | 002,254,044 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\Untitled_0001.wmv
[2010/07/05 19:56:11 | 000,000,811 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Prism Video Converter.lnk
[2010/07/05 13:53:16 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\sysinternals virus stopper - from bleepingcomputer - rkill.com
[2010/07/05 09:39:16 | 000,001,710 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\HoF acceptance speech.rtf
[2010/07/03 10:49:27 | 001,400,398 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\Beau's cell phone manual - 20080311055609531_generic_cdma_a870_ug.pdf
[2010/07/03 10:03:21 | 000,045,056 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\verizon ao 070310 VoiceDetails.action.xls
[2010/07/01 20:15:29 | 000,001,863 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/07/01 02:02:22 | 000,254,624 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\General Networking-Lan-Wan port blocking, tcp ip ports, network dialup.webarchive
[2010/07/01 01:47:22 | 000,427,694 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\Windows 2000 Firewall.webarchive
[2010/06/30 00:11:14 | 000,021,646 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\Using Web Analytics to Uncover Problem Pages on Your Site.htm
[2010/06/30 00:10:50 | 000,019,828 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\5 Design Elements that Can Boost Sales.htm
[2010/06/30 00:09:56 | 000,019,213 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\Checklist for customer service excellence.htm
[2010/06/29 07:17:05 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\Debut mid.job
[2010/06/26 17:26:15 | 001,497,585 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\Woodlake_update Jun 10 (Chinese) [Compatibility Mode].pdf
[2010/06/26 17:26:15 | 001,337,348 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\Woodlake_update Jun 10a [Compatibility Mode].pdf
[2010/06/26 17:11:00 | 000,015,363 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\Website Services Page (Chinese).docx
[2010/06/26 17:08:02 | 046,899,712 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\zonealarm update - zaSetup_92_057_000_en.exe
[2010/06/26 13:14:52 | 000,002,275 | ---- | M] () -- C:\WINDOWS\WS_FTP.INI
[2010/06/25 23:50:21 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\Debut Video Capture Software.job
[2010/06/25 23:50:14 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\Debut tst.job
[2010/06/25 23:49:57 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\Debut bt.job
[2010/06/25 15:05:59 | 000,422,437 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/06/25 15:04:17 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/06/25 15:04:16 | 000,000,781 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\ZoneAlarm Security.lnk
[2010/06/25 14:01:54 | 000,000,374 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.icsxxx
[2010/06/25 00:56:47 | 000,000,830 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\NCH Toolbox.lnk
[2010/06/21 01:34:05 | 000,088,493 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\bp lease - fnos206.pdf
[2010/06/20 01:19:42 | 000,000,739 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CamStudio.lnk
[2010/06/19 02:34:36 | 000,445,632 | ---- | M] (NCH Software) -- C:\Documents and Settings\ADMIN\Desktop\video capture software - freeQMQM - requires ie toolbar - debutsetup.exe
[2010/06/19 01:54:38 | 000,001,653 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MediaTV 3.lnk
[2010/06/18 00:47:23 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.datxxxx
[2010/06/16 00:48:50 | 018,155,000 | ---- | M] (Visan / RocketLife) -- C:\Documents and Settings\ADMIN\My Documents\hp photo creations - hppc_0100_enu.exe
[2010/06/13 08:20:37 | 000,000,231 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\BOCIANY INTEGRUJĄ - Ustroń - kamera bocianie gniazdo na ŻYWO.url
[2010/06/10 11:26:10 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\WOODLAKE CAPITAL PE 6-6-10.doc
[2010/06/10 11:26:09 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\ABOUT US 6-6-10.doc
[2010/06/08 15:41:54 | 001,729,668 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\pid manager - from microsoft.com - ProcessExplorer.zip
[2010/05/28 02:18:40 | 041,524,736 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\ZONE ALARM - FREE - zaSetup_92_044_000_en.exe
[2010/05/27 01:27:38 | 000,088,374 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\lil w ss.rtf
[2010/05/25 11:57:49 | 000,002,835 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\New Database1.odb
[2010/05/22 17:08:39 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\SS Bio (Fieldston) 5-21-10.doc
[2010/05/22 16:50:00 | 000,011,981 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\SS Bio (Fieldston) 5-21-10.docx
[2010/05/16 18:51:07 | 000,001,965 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/05/15 16:09:16 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\AppGini Professional.lnk
[2010/05/15 16:04:26 | 005,289,562 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\appgini 4.53 install - 0a46e09c7211.zip
[2010/05/14 00:57:43 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/05/13 17:21:43 | 000,504,832 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\scncap051310.xls
[2010/05/12 13:23:30 | 000,527,872 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\SCNCAP051210.xls
[2010/05/09 15:06:06 | 000,000,748 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\Shortcut to AppGini.exe.lnk
[2010/05/07 15:10:45 | 000,004,336 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\010110-043010GrAmTransactions.CSV
[2010/05/02 18:29:46 | 000,307,712 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\firewall exceptions - hp dark.xls
[2010/04/30 11:23:19 | 000,156,497 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\mike dl temp 2010.jpg
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/28 17:39:05 | 001,683,473 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\pskill - no install - run cmd - free from sysinternals.com - from PsTools.zip
[2010/04/28 07:46:45 | 000,062,860 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\mike dl 2010.jpg
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/04/26 11:24:14 | 000,100,602 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\Pict0066-cropped-color adjusted.jpg
[2010/04/26 11:24:13 | 000,104,714 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\Pict0065-cropped-color adjusted.jpg
[2010/04/25 22:58:34 | 000,097,280 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\dell ipconfig.xls
[2010/04/24 14:06:58 | 000,000,825 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\omg-spacer-1.0.0.gif
[2010/04/24 09:08:38 | 000,000,201 | ---- | M] () -- C:\Documents and Settings\ADMIN\Application Data\Microsoft\Internet Explorer\Quick Launch\Listen Live to KCUR.url
[2010/04/24 09:07:11 | 000,000,201 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\Listen Live to KCUR.url
[2010/04/24 03:30:10 | 000,006,459 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\Gander Sauce Stories.webarchive
[2010/04/24 00:19:09 | 000,000,590 | ---- | M] () -- C:\Documents and Settings\ADMIN\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to xampp-control.exe.lnk
[2010/04/22 20:29:21 | 000,000,892 | ---- | M] () -- C:\Documents and Settings\ADMIN\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to WINWORD.EXE.lnk
[2010/04/22 15:20:22 | 008,953,966 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\editor - codeQMQM - freeQMQM - gvim72.exe
[2010/04/22 00:42:57 | 000,001,454 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\XAMPP Control Panel.lnk
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\ADMIN\Desktop\*.tmp files -> C:\Documents and Settings\ADMIN\Desktop\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/19 13:56:09 | 000,033,895 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\map - U.S.jpg
[2010/07/19 13:51:53 | 000,015,192 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\NEWReceipt_ID_Cards[1].pdf
[2010/07/18 11:24:43 | 000,000,268 | ---- | C] () -- C:\WINDOWS\tasks\debutShakeIcon.job
[2010/07/17 00:29:35 | 000,110,851 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127879676142.jpg
[2010/07/17 00:29:22 | 000,326,289 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127882752876.jpg
[2010/07/17 00:23:37 | 000,000,197 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\BOCIANY INTEGRUJĄ - Ustroń - kamera bocianie gniazdo na ŻYWO (2).url
[2010/07/16 23:58:14 | 000,328,654 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127882744327.jpg
[2010/07/16 23:57:42 | 000,206,819 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127886126285.jpg
[2010/07/16 23:56:25 | 000,240,748 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127918700132-1.jpg
[2010/07/16 23:54:32 | 000,183,671 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127862526893.jpg
[2010/07/16 23:54:02 | 000,441,536 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127874536690.jpg
[2010/07/16 23:53:49 | 000,138,630 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127928204051.jpg
[2010/07/16 23:53:37 | 000,078,608 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127874539118.jpg
[2010/07/16 23:53:08 | 000,062,289 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127932729983.jpg
[2010/07/16 23:52:42 | 000,042,683 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127931130914.jpg
[2010/07/16 23:51:48 | 000,045,065 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127112633567.jpg
[2010/07/16 23:51:35 | 000,031,620 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127112609956.jpg
[2010/07/16 23:51:34 | 000,056,535 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127041712625.jpg
[2010/07/16 23:51:18 | 000,417,503 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127041709778.jpg
[2010/07/16 23:51:17 | 000,364,067 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127041669944.jpg
[2010/07/16 23:51:02 | 000,247,558 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127041662976.jpg
[2010/07/16 23:51:00 | 000,094,201 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127041659335.jpg
[2010/07/16 23:50:49 | 000,537,806 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127041608959.jpg
[2010/07/16 23:50:07 | 000,286,976 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\126696510832.jpg
[2010/07/16 23:49:29 | 000,064,205 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127211984956.jpg
[2010/07/16 23:49:09 | 000,162,261 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127934105014.jpg
[2010/07/16 23:48:14 | 000,168,970 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127797182479.jpg
[2010/07/16 23:38:24 | 000,010,400 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127919534570.jpg
[2010/07/16 23:38:12 | 000,198,601 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127919071339.jpg
[2010/07/16 23:37:43 | 000,295,828 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127909914335.jpg
[2010/07/16 23:37:41 | 000,716,294 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127909850186.jpg
[2010/07/16 23:37:26 | 000,602,067 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127909842497.jpg
[2010/07/16 23:37:25 | 000,290,503 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\12790983564.jpg
[2010/07/16 23:37:05 | 000,348,313 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\12790983167.jpg
[2010/07/16 23:37:03 | 000,436,809 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127909820889.jpg
[2010/07/16 23:36:47 | 000,564,730 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127909009553.jpg
[2010/07/16 23:36:44 | 000,274,624 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\12790937518.jpg
[2010/07/16 23:36:27 | 000,211,449 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127908999316.jpg
[2010/07/16 23:36:25 | 000,267,247 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\12790899387.jpg
[2010/07/16 23:36:11 | 000,404,229 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127908969362.jpg
[2010/07/16 23:36:10 | 000,099,326 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127908915379.jpg
[2010/07/16 23:35:51 | 000,361,907 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127908909674.jpg
[2010/07/16 23:35:49 | 000,223,052 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127908611540.jpg
[2010/07/16 23:35:40 | 000,311,436 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\12790858289.jpg
[2010/07/16 23:35:38 | 000,128,639 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\12790827031.jpg
[2010/07/16 23:35:25 | 000,388,536 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127908266123.jpg
[2010/07/16 23:35:24 | 000,230,559 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127908261924.jpg
[2010/07/16 23:35:12 | 000,262,017 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127908258063.jpg
[2010/07/16 23:35:11 | 000,101,106 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127908253890.jpg
[2010/07/16 23:35:02 | 000,294,769 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127908245460.jpg
[2010/07/16 23:35:01 | 000,356,468 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\12790824021.jpg
[2010/07/16 23:34:47 | 000,244,531 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\12790823166.jpg
[2010/07/16 23:34:45 | 000,393,527 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\12790822677.jpg
[2010/07/16 23:34:34 | 000,279,430 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127908221731.jpg
[2010/07/16 23:34:32 | 000,273,389 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127908201257.jpg
[2010/07/16 23:34:22 | 000,227,681 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127908192180.jpg
[2010/07/16 23:34:21 | 000,273,054 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127908187677.jpg
[2010/07/16 23:34:08 | 000,274,935 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127908162111.jpg
[2010/07/16 23:34:06 | 000,255,621 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127908157273.jpg
[2010/07/16 23:33:56 | 000,309,207 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127908153815.jpg
[2010/07/16 23:33:54 | 000,228,727 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127908149861.jpg
[2010/07/16 23:32:22 | 000,099,779 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127932841990.jpg
[2010/07/16 23:32:07 | 000,104,153 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127932837811.jpg
[2010/07/16 23:31:59 | 000,344,856 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\12793252006.jpg
[2010/07/16 23:31:49 | 000,325,125 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127932516768.jpg
[2010/07/16 23:30:34 | 000,285,487 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127803452332.jpg
[2010/07/16 23:30:25 | 000,233,530 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127803543593.jpg
[2010/07/16 23:30:21 | 000,329,574 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127806100949.jpg
[2010/07/16 23:30:12 | 000,358,555 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\12780610766.jpg
[2010/07/16 23:30:00 | 000,306,370 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\12780741994.jpg
[2010/07/16 23:29:57 | 000,152,055 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127806239536.jpg
[2010/07/16 23:29:47 | 000,484,575 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127808006913.jpg
[2010/07/16 23:29:45 | 000,215,732 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127807677793.jpg
[2010/07/16 23:29:33 | 000,366,868 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127813515078.jpg
[2010/07/16 23:29:32 | 000,153,101 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127813995273.jpg
[2010/07/16 23:29:20 | 000,273,723 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127814001425.jpg
[2010/07/16 23:29:18 | 000,266,900 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127814007659.jpg
[2010/07/16 23:28:55 | 000,142,587 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\12782996383.jpg
[2010/07/16 23:28:53 | 000,322,850 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127830879516.jpg
[2010/07/16 23:28:44 | 000,291,298 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127830993369.jpg
[2010/07/16 23:28:42 | 000,334,499 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127830952870.jpg
[2010/07/16 23:28:28 | 000,302,124 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127866713191.jpg
[2010/07/16 23:28:26 | 000,284,112 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127831540085.jpg
[2010/07/16 23:28:13 | 000,397,961 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\12786835664.jpg
[2010/07/16 23:28:11 | 000,386,138 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127866718826.jpg
[2010/07/16 23:28:00 | 000,270,007 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127879577151.jpg
[2010/07/16 23:27:59 | 000,211,666 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127877718224.jpg
[2010/07/16 23:27:46 | 000,393,292 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127898680889.jpg
[2010/07/16 23:27:44 | 000,334,821 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127895908413.jpg
[2010/07/16 23:27:23 | 000,370,082 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127926756939.jpg
[2010/07/16 23:27:22 | 000,443,487 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\12792657224.jpg
[2010/07/16 23:27:02 | 000,422,703 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127933173715.jpg
[2010/07/16 23:27:01 | 000,332,683 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127928643086.jpg
[2010/07/16 23:26:42 | 000,164,181 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127803182131.jpg
[2010/07/16 23:26:17 | 000,192,367 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127798569945.jpg
[2010/07/16 23:26:15 | 000,461,360 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127797659936.jpg
[2010/07/16 23:21:33 | 000,205,765 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127931916262.jpg
[2010/07/16 23:21:28 | 000,170,361 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\12793188123.jpg
[2010/07/16 23:21:24 | 000,328,277 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127931860270.jpg
[2010/07/16 23:21:13 | 000,295,197 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127931850616.jpg
[2010/07/16 23:21:12 | 000,216,037 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127931823736.jpg
[2010/07/16 23:21:06 | 000,270,836 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127931811277.jpg
[2010/07/16 23:21:05 | 000,293,634 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\12793179378.jpg
[2010/07/16 23:20:58 | 000,161,075 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127931772154.jpg
[2010/07/16 23:20:45 | 000,311,827 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127931759070.jpg
[2010/07/16 23:20:36 | 000,063,526 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127905462551.jpg
[2010/07/16 23:20:19 | 000,130,233 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127902972016.jpg
[2010/07/16 23:19:38 | 000,623,354 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127933608227.jpg
[2010/07/16 23:19:36 | 000,970,112 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127933329141.jpg
[2010/07/16 23:19:25 | 000,356,031 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127932526933.jpg
[2010/07/16 23:19:23 | 000,782,308 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127932472354.jpg
[2010/07/16 23:19:10 | 001,013,930 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127930315518.jpg
[2010/07/16 23:19:08 | 000,205,863 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127930174353.jpg
[2010/07/16 23:18:56 | 000,579,777 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127924067650.jpg
[2010/07/16 23:18:23 | 001,016,911 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127922668125-1.jpg
[2010/07/16 23:18:07 | 000,913,861 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127920855995.jpg
[2010/07/16 23:18:05 | 000,762,994 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127918833227.jpg
[2010/07/16 23:17:48 | 000,878,596 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127914770740.jpg
[2010/07/16 23:17:46 | 000,205,811 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127914656899.jpg
[2010/07/16 23:17:40 | 000,883,248 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127914496152.jpg
[2010/07/16 23:17:31 | 000,206,191 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127914463664.jpg
[2010/07/16 23:17:21 | 000,201,699 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127898810496.jpg
[2010/07/16 23:17:15 | 001,000,750 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\12789653621.jpg
[2010/07/16 23:16:21 | 000,165,097 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127933734041.jpg
[2010/07/16 23:16:05 | 000,170,695 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127738734764.jpg
[2010/07/16 23:15:53 | 000,101,138 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127738740476.jpg
[2010/07/16 23:15:33 | 000,285,905 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127730313740.jpg
[2010/07/16 23:15:22 | 000,174,664 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127730307078.jpg
[2010/07/16 23:15:14 | 000,198,360 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127730319945.jpg
[2010/07/16 23:14:59 | 000,172,716 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127738743798.jpg
[2010/07/16 20:07:08 | 142,330,768 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\java_ee_sdk-6u1-jdk-windows.exe
[2010/07/16 11:31:04 | 000,039,501 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\IL - all teams logos - stacked-150x.jpg
[2010/07/16 11:30:15 | 000,023,315 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\IL - all teams logos - stacked.jpg
[2010/07/16 11:22:29 | 000,031,461 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\1818 CDT, a new containment cap, top, is lowered over the broken wellhead at the site of the Deepwater Horizon oil spill in the Gulf of Mexico, Monday, July 12, 2010.jpg
[2010/07/16 01:22:33 | 000,029,553 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127913455367.jpg
[2010/07/16 01:22:26 | 000,150,554 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\12791533926.jpg
[2010/07/16 01:22:15 | 000,242,846 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\12791550371.jpg
[2010/07/16 01:22:04 | 000,260,698 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127917151149.jpg
[2010/07/16 01:21:53 | 000,128,963 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127907177510.jpg
[2010/07/16 01:21:14 | 000,240,748 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127918700132.jpg
[2010/07/16 01:20:54 | 000,150,475 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127918369825.jpg
[2010/07/16 01:20:43 | 000,203,275 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127918272463.jpg
[2010/07/16 01:20:30 | 000,194,072 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127918092016.jpg
[2010/07/16 01:20:06 | 000,243,313 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127921810432.jpg
[2010/07/16 01:19:56 | 000,013,390 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\12791798826.jpg
[2010/07/16 01:19:35 | 000,311,466 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127914740598.jpg
[2010/07/16 01:19:24 | 000,126,067 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\12785989595.jpg
[2010/07/16 01:19:10 | 000,447,560 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127925186672.jpg
[2010/07/16 01:18:23 | 000,060,000 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127918514797.jpg
[2010/07/16 01:18:12 | 000,252,633 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\12792235161.jpg
[2010/07/16 01:16:30 | 000,323,493 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127917439138.jpg
[2010/07/16 01:15:57 | 000,076,020 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127897202396.jpg
[2010/07/16 01:15:39 | 001,016,911 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127922668125.jpg
[2010/07/16 01:15:02 | 000,059,486 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127887490594.jpg
[2010/07/16 01:14:35 | 000,357,804 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127862390412.jpg
[2010/07/16 01:14:06 | 000,347,596 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\12775665394.jpg
[2010/07/16 01:13:52 | 000,361,606 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127756250036.jpg
[2010/07/16 01:13:39 | 000,412,856 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127751381192.jpg
[2010/07/16 01:12:44 | 000,299,375 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127917053571.jpg
[2010/07/16 01:12:39 | 000,254,193 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127917030611.jpg
[2010/07/16 01:12:33 | 000,295,037 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127916967643.jpg
[2010/07/16 01:12:31 | 000,299,578 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\127916964217.jpg
[2010/07/12 22:19:30 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\cm shld.xls
[2010/07/11 19:29:09 | 000,000,945 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\IndianBluff pics.lnk
[2010/07/10 23:37:31 | 314,812,500 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\Tinymodel Princess - 04.avi
[2010/07/10 16:58:35 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/07/10 16:58:31 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/07/10 16:54:09 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/07/10 16:54:09 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/07/10 16:54:09 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/07/10 16:54:09 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/07/10 16:54:09 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/07/05 21:03:13 | 002,461,792 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\Untitled.wmv
[2010/07/05 20:51:48 | 002,254,044 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\Untitled_0001.wmv
[2010/07/05 14:10:14 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\sysinternals virus stopper - from bleepingcomputer - rkill.com
[2010/07/05 14:10:14 | 000,001,710 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\HoF acceptance speech.rtf
[2010/07/03 10:49:27 | 001,400,398 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\Beau's cell phone manual - 20080311055609531_generic_cdma_a870_ug.pdf
[2010/07/03 09:59:36 | 000,045,056 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\verizon ao 070310 VoiceDetails.action.xls
[2010/07/01 02:02:22 | 000,254,624 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\General Networking-Lan-Wan port blocking, tcp ip ports, network dialup.webarchive
[2010/07/01 01:47:22 | 000,427,694 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\Windows 2000 Firewall.webarchive
[2010/06/30 00:11:13 | 000,021,646 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\Using Web Analytics to Uncover Problem Pages on Your Site.htm
[2010/06/30 00:10:49 | 000,019,828 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\5 Design Elements that Can Boost Sales.htm
[2010/06/30 00:09:54 | 000,019,213 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\Checklist for customer service excellence.htm
[2010/06/26 17:26:15 | 001,497,585 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\Woodlake_update Jun 10 (Chinese) [Compatibility Mode].pdf
[2010/06/26 17:26:15 | 001,337,348 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\Woodlake_update Jun 10a [Compatibility Mode].pdf
[2010/06/26 17:11:00 | 000,015,363 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\Website Services Page (Chinese).docx
[2010/06/26 17:08:02 | 046,899,712 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\zonealarm update - zaSetup_92_057_000_en.exe
[2010/06/25 15:04:17 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/06/25 15:04:16 | 000,000,781 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\ZoneAlarm Security.lnk
[2010/06/25 15:04:06 | 000,422,437 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/06/25 00:56:47 | 000,000,830 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\NCH Toolbox.lnk
[2010/06/25 00:35:35 | 009,236,608 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\Loggins And Messina - Angry Eyes.mp3
[2010/06/24 00:21:46 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\Debut tst.job
[2010/06/24 00:20:27 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\Debut mid.job
[2010/06/24 00:19:34 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\Debut bt.job
[2010/06/23 01:14:47 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\Debut Video Capture Software.job
[2010/06/21 19:37:19 | 041,524,736 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\ZONE ALARM - FREE - zaSetup_92_044_000_en.exe
[2010/06/21 18:27:17 | 000,110,592 | ---- | C] () -- C:\ipsechome.ipsec
[2010/06/21 18:20:23 | 000,022,397 | ---- | C] () -- C:\FIREWALL - IO - FREEqmqm - FROM auditmypc.comipsec-policy.asp - ipsechome.zip
[2010/06/21 01:34:05 | 000,088,493 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\bp lease - fnos206.pdf
[2010/06/20 01:34:08 | 000,000,811 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Prism Video Converter.lnk
[2010/06/20 01:19:42 | 000,000,739 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CamStudio.lnk
[2010/06/19 21:57:14 | 001,729,668 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\pid manager - from microsoft.com - ProcessExplorer.zip
[2010/06/19 21:16:28 | 001,683,473 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\pskill - no install - run cmd - free from sysinternals.com - from PsTools.zip
[2010/06/19 02:50:16 | 000,034,510 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\CamStudioCodec14.zip
[2010/06/19 02:48:53 | 001,364,995 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\video capture software - free - CamStudio20.exe
[2010/06/19 02:00:50 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2010/06/19 02:00:50 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
[2010/06/19 02:00:47 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\MSDvbNP.ax
[2010/06/19 02:00:47 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
[2010/06/19 02:00:43 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\PsisRndr.ax
[2010/06/19 02:00:43 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
[2010/06/19 01:54:38 | 000,001,653 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MediaTV 3.lnk
[2010/06/13 08:20:20 | 000,000,231 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\BOCIANY INTEGRUJĄ - Ustroń - kamera bocianie gniazdo na ŻYWO.url
[2010/06/10 11:26:10 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\WOODLAKE CAPITAL PE 6-6-10.doc
[2010/06/10 11:26:09 | 000,027,648 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\ABOUT US 6-6-10.doc
[2010/05/27 00:56:21 | 000,088,374 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\lil w ss.rtf
[2010/05/25 11:30:22 | 000,002,835 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\New Database1.odb
[2010/05/23 01:49:42 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\VendorCmdRW.dll
[2010/05/22 17:08:39 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\SS Bio (Fieldston) 5-21-10.doc
[2010/05/22 16:50:00 | 000,011,981 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\SS Bio (Fieldston) 5-21-10.docx
[2010/05/16 18:51:07 | 000,001,965 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/05/15 16:04:26 | 005,289,562 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\appgini 4.53 install - 0a46e09c7211.zip
[2010/05/15 01:28:53 | 000,000,302 | ---- | C] () -- C:\Documents and Settings\ADMIN\frameworks and code generators - urls.txt
[2010/05/13 17:21:43 | 000,504,832 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\scncap051310.xls
[2010/05/12 13:23:30 | 000,527,872 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\SCNCAP051210.xls
[2010/05/09 15:06:06 | 000,000,748 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\Shortcut to AppGini.exe.lnk
[2010/05/07 15:11:18 | 000,004,336 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\010110-043010GrAmTransactions.CSV
[2010/05/02 13:11:43 | 000,307,712 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\firewall exceptions - hp dark.xls
[2010/04/30 11:23:19 | 000,156,497 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\mike dl temp 2010.jpg
[2010/04/28 07:46:43 | 000,062,860 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\mike dl 2010.jpg
[2010/04/26 11:24:14 | 000,100,602 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\Pict0066-cropped-color adjusted.jpg
[2010/04/26 11:24:13 | 000,104,714 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\Pict0065-cropped-color adjusted.jpg
[2010/04/25 22:58:34 | 000,097,280 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\dell ipconfig.xls
[2010/04/24 14:06:58 | 000,000,825 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\omg-spacer-1.0.0.gif
[2010/04/24 09:08:38 | 000,000,201 | ---- | C] () -- C:\Documents and Settings\ADMIN\Application Data\Microsoft\Internet Explorer\Quick Launch\Listen Live to KCUR.url
[2010/04/24 09:07:10 | 000,000,201 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\Listen Live to KCUR.url
[2010/04/24 03:30:09 | 000,006,459 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\Gander Sauce Stories.webarchive
[2010/04/24 00:19:09 | 000,000,590 | ---- | C] () -- C:\Documents and Settings\ADMIN\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to xampp-control.exe.lnk
[2010/04/22 20:29:21 | 000,000,892 | ---- | C] () -- C:\Documents and Settings\ADMIN\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to WINWORD.EXE.lnk
[2010/04/22 15:20:22 | 008,953,966 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\editor - codeQMQM - freeQMQM - gvim72.exe
[2010/04/22 12:30:05 | 001,683,341 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\editor - code - open source - cedt-286-setup.exe
[2010/04/22 12:11:17 | 001,158,523 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\editor - php code - opensource - scintilla211.zip
[2010/04/22 00:42:24 | 000,001,454 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\XAMPP Control Panel.lnk
[2010/03/02 11:58:19 | 000,001,874 | ---- | C] () -- C:\WINDOWS\winzip32.ini
[2010/01/14 14:12:38 | 000,002,275 | ---- | C] () -- C:\WINDOWS\WS_FTP.INI
[2010/01/07 13:39:36 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/01/06 14:05:07 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[1999/01/22 07:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2010/01/08 17:43:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\1&1
[2010/01/29 22:40:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Canon
[2010/06/25 15:04:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\CheckPoint
[2010/01/10 21:48:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\IrfanView
[2010/01/28 19:37:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\OpenOffice.org
[2010/06/10 11:24:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Utela
[2010/06/25 00:59:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010/06/25 23:49:57 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\Debut bt.job
[2010/06/29 07:17:05 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\Debut mid.job
[2010/06/25 23:50:14 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\Debut tst.job
[2010/06/25 23:50:21 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\Debut Video Capture Software.job
[2010/07/18 11:24:44 | 000,000,268 | ---- | M] () -- C:\WINDOWS\Tasks\debutShakeIcon.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[1996/10/14 01:38:00 | 000,254,799 | ---- | M] () -- C:\QBASIC.EXE
[2010/03/02 22:52:11 | 001,768,411 | ---- | M] () -- C:\setupcpuspeedpro.exe


< MD5 for: AGP440.SYS >
[2008/04/14 07:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/04/14 07:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 07:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/14 07:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2009/12/20 00:00:00 | 000,037,520 | ---- | M] (perl.org) MD5=2852D57385C4709EAAE2F9DB01AD3672 -- C:\xampp\perl\site\lib\auto\Win32\EventLog\EventLog.dll
[2008/04/14 07:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/14 07:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/14 07:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: IASTOR.SYS >
[2008/07/21 00:44:44 | 000,324,120 | ---- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\WINDOWS\Dell\Intel\IaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/14 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/14 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/14 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: NVGTS.SYS >
[2008/01/21 13:15:22 | 000,102,400 | ---- | M] (NVIDIA Corporation) MD5=A0B3F3A5049931657164F0FFCF0B208E -- C:\WINDOWS\Dell\NVidia\nvgts.sys

< MD5 for: NVRD32.SYS >
[2008/01/21 13:15:22 | 000,128,000 | ---- | M] (NVIDIA Corporation) MD5=C9128FE14E5C1E55710781B5C276F2ED -- C:\WINDOWS\Dell\NVidia\nvrd32.sys

< MD5 for: SCECLI.DLL >
[2008/04/14 07:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/14 07:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/14 07:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SYMMPI.SYS >
[2007/02/10 01:06:00 | 000,100,096 | ---- | M] (LSI Logic) MD5=A42F863305943869BA00A613C8EE8C7E -- C:\WINDOWS\Dell\LSI\symmpi.sys

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009/04/29 08:34:50 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/04/29 08:34:50 | 001,089,536 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/04/29 08:34:50 | 000,909,312 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemdrive%\*.sys /90 /md5 >
[2010/07/18 08:41:45 | 789,577,728 | -HS- | M] () Unable to obtain MD5 -- C:\pagefile.sys

< >
< End of report >


Tom: My last set of queries were more of academic interest. Would certainly appreciate your responses to any or all but don't want you putting much time or effort into them.


Two additional questions (should I open up a new topic?):
1. I recently reinstalled WIndows XP Home on my other computer (HP rebuild with Gigabyte mainboard) and in process, lost USB port function. Not sure but think it may have happened after I installed a sound driver to deal with no sound since OS reinstall. Don't know if I had USB before the sound driver install or whether it was gone immediately after OS install. I added a PCI USB card and now have USB ports available but would sure like my mainboard USB back.
2. Can't find my HP 712C printer driver CD and have had no luck finding it on the internet. Suggestions?

Mike













#13 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:02:37 AM

Posted 21 July 2010 - 12:44 PM

Please tell me the complete brand and modell of the gigabyte board and the printer, will have a look. Nothing to see from the 3 items ander running items in the logfile.

How is it running?
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#14 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:02:37 AM

Posted 23 July 2010 - 01:58 PM

Still with me?
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#15 maryba

maryba
  • Topic Starter

  • Members
  • 120 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 23 July 2010 - 07:57 PM

Yep. Got distracted. Got a log produced by a system IDer to answer your question as to which mainboard the computer with USB troubles. It follows. (I see I was all wet on it being a Giga board - MSI instead.)

I had also found an Intel logo'd USB analyzer which pronounced that all my hardware and software was ok. I've attached some screen captured images of the program and its results screen.

The printer is HP 712C. Way old but one of those workhorses. Can't believe I misplaced the driver CD.

As reported before - infected system (XP Pro) running just fine. Glad to be rid of search engine results hijacker and whatever was running as svchost at 99 but I most pleased with side benefit of having 100% successful networking as opposed to the random, on-again/off-again performance I was having before.


------ start log -------

aida32 results:

Motherboard Properties
Motherboard ID 08/05/2004-i845G-W627-6A69VM4YC-00
Motherboard Name Unknown

Front Side Bus Properties
Bus Type Intel NetBurst
Bus Width 64-bit
Real Clock 133 MHz (QDR)
Effective Clock 533 MHz
Bandwidth 4266 MB/s

Memory Bus Properties
Bus Type DDR SDRAM
Bus Width 64-bit
Real Clock 100 MHz (DDR)
Effective Clock 200 MHz
Bandwidth 1600 MB/s

Chipset Bus Properties
Bus Type Intel Hub Interface
Bus Width 8-bit
Real Clock 67 MHz (QDR)
Effective Clock 267 MHz
Bandwidth 267 MB/s





Motherboard Properties
Manufacturer MICRO-STAR INTERNATIONAL CO., LTD
Product Gamila/Giovani/Neon series
Version 030





system drivers:
Abiosdsk Abiosdsk Kernel Driver Stopped
abp480n5 abp480n5 Kernel Driver Stopped
ACPI Microsoft ACPI Driver Kernel Driver Running
ACPIEC ACPIEC Kernel Driver Stopped
adpu160m adpu160m Kernel Driver Stopped
aec Microsoft Kernel Acoustic Echo Canceller Kernel Driver Stopped
AFD AFD Networking Support Environment Kernel Driver Running
AgereSoftModem Agere Systems Soft Modem Kernel Driver Running
Aha154x Aha154x Kernel Driver Stopped
aic78u2 aic78u2 Kernel Driver Stopped
aic78xx aic78xx Kernel Driver Stopped
AIDA32Driver AIDA32Driver Kernel Driver Running
ALCXWDM Service for Realtek AC97 Audio (WDM) Kernel Driver Running
AliIde AliIde Kernel Driver Stopped
amsint amsint Kernel Driver Stopped
asc asc Kernel Driver Stopped
asc3350p asc3350p Kernel Driver Stopped
asc3550 asc3550 Kernel Driver Stopped
AsyncMac RAS Asynchronous Media Driver Kernel Driver Stopped
atapi Standard IDE/ESDI Hard Disk Controller Kernel Driver Running
Atdisk Atdisk Kernel Driver Stopped
Atmarpc ATM ARP Client Protocol Kernel Driver Stopped
audstub Audio Stub Driver Kernel Driver Running
avgio avgio Kernel Driver Running
avgntflt avgntflt File System Driver Running
avipbb avipbb Kernel Driver Running
Beep Beep Kernel Driver Running
cbidf2k cbidf2k Kernel Driver Stopped
cd20xrnt cd20xrnt Kernel Driver Stopped
Cdaudio Cdaudio Kernel Driver Stopped
Cdfs Cdfs File System Driver Running
Cdrom CD-ROM Driver Kernel Driver Running
Changer Changer Kernel Driver Stopped
CmdIde CmdIde Kernel Driver Stopped
Cpqarray Cpqarray Kernel Driver Stopped
dac960nt dac960nt Kernel Driver Stopped
Disk Disk Driver Kernel Driver Running
dmboot dmboot Kernel Driver Stopped
dmio dmio Kernel Driver Stopped
dmload dmload Kernel Driver Stopped
DMusic Microsoft Kernel DLS Syntheiszer Kernel Driver Stopped
dpti2o dpti2o Kernel Driver Stopped
drmkaud Microsoft Kernel DRM Audio Descrambler Kernel Driver Stopped
Fastfat Fastfat File System Driver Running
Fdc Floppy Disk Controller Driver Kernel Driver Running
Fips Fips Kernel Driver Running
Flpydisk Floppy Disk Driver Kernel Driver Running
FltMgr FltMgr File System Driver Running
Ftdisk Volume Manager Driver Kernel Driver Running
Gpc Generic Packet Classifier Kernel Driver Running
hpn hpn Kernel Driver Stopped
hpt3xx hpt3xx Kernel Driver Stopped
HPZid412 IEEE-1284.4 Driver HPZid412 Kernel Driver Stopped
HPZipr12 Print Class Driver for IEEE-1284.4 HPZipr12 Kernel Driver Stopped
HPZius12 USB to IEEE-1284.4 Translation Driver HPZius12 Kernel Driver Stopped
HTTP HTTP Kernel Driver Running
i2omgmt i2omgmt Kernel Driver Stopped
i2omp i2omp Kernel Driver Stopped
i8042prt i8042 Keyboard and PS/2 Mouse Port Driver Kernel Driver Running
Imapi Imapi Kernel Driver Running
ini910u ini910u Kernel Driver Stopped
IntelIde IntelIde Kernel Driver Stopped
intelppm Intel Processor Driver Kernel Driver Running
ip6fw IPv6 Windows Firewall Driver Kernel Driver Stopped
IpFilterDriver IP Traffic Filter Driver Kernel Driver Stopped
IpInIp IP in IP Tunnel Driver Kernel Driver Stopped
IpNat IP Network Address Translator Kernel Driver Running
IPSec IPSEC driver Kernel Driver Running
IRENUM IR Enumerator Service Kernel Driver Stopped
isapnp PnP ISA/EISA Bus Driver Kernel Driver Running
Kbdclass Keyboard Class Driver Kernel Driver Running
kmixer Microsoft Kernel Wave Audio Mixer Kernel Driver Stopped
KSecDD KSecDD Kernel Driver Running
lbrtfdc lbrtfdc Kernel Driver Stopped
mnmdd mnmdd Kernel Driver Running
Modem Modem Kernel Driver Running
Mouclass Mouse Class Driver Kernel Driver Running
MountMgr Mount Point Manager Kernel Driver Running
mraid35x mraid35x Kernel Driver Stopped
MRxDAV WebDav Client Redirector File System Driver Running
MRxSmb MRxSmb File System Driver Running
Msfs Msfs File System Driver Running
MSKSSRV Microsoft Streaming Service Proxy Kernel Driver Stopped
MSPCLOCK Microsoft Streaming Clock Proxy Kernel Driver Stopped
MSPQM Microsoft Streaming Quality Manager Proxy Kernel Driver Stopped
mssmbios Microsoft System Management BIOS Driver Kernel Driver Running
Mup Mup File System Driver Running
NDIS NDIS System Driver Kernel Driver Running
NdisTapi Remote Access NDIS TAPI Driver Kernel Driver Running
Ndisuio NDIS Usermode I/O Protocol Kernel Driver Running
NdisWan Remote Access NDIS WAN Driver Kernel Driver Running
NDProxy NDIS Proxy Kernel Driver Running
NetBIOS NetBIOS Interface File System Driver Running
NetBT NetBios over Tcpip Kernel Driver Running
Npfs Npfs File System Driver Running
Ntfs Ntfs File System Driver Running
Null Null Kernel Driver Running
NwlnkFlt IPX Traffic Filter Driver Kernel Driver Stopped
NwlnkFwd IPX Traffic Forwarder Driver Kernel Driver Stopped
Parport Parallel port driver Kernel Driver Running
PartMgr Partition Manager Kernel Driver Running
ParVdm ParVdm Kernel Driver Running
PCI PCI Bus Driver Kernel Driver Running
PCIDump PCIDump Kernel Driver Stopped
PCIIde PCIIde Kernel Driver Running
Pcmcia Pcmcia Kernel Driver Stopped
PDCOMP PDCOMP Kernel Driver Stopped
PDFRAME PDFRAME Kernel Driver Stopped
PDRELI PDRELI Kernel Driver Stopped
PDRFRAME PDRFRAME Kernel Driver Stopped
perc2 perc2 Kernel Driver Stopped
perc2hib perc2hib Kernel Driver Stopped
PptpMiniport WAN Miniport (PPTP) Kernel Driver Running
Processor Processor Driver Kernel Driver Stopped
PSched QoS Packet Scheduler Kernel Driver Running
Ptilink Direct Parallel Link Driver Kernel Driver Running
ql1080 ql1080 Kernel Driver Stopped
Ql10wnt Ql10wnt Kernel Driver Stopped
ql12160 ql12160 Kernel Driver Stopped
ql1240 ql1240 Kernel Driver Stopped
ql1280 ql1280 Kernel Driver Stopped
RasAcd Remote Access Auto Connection Driver Kernel Driver Running
Rasl2tp WAN Miniport (L2TP) Kernel Driver Running
RasPppoe Remote Access PPPOE Driver Kernel Driver Running
Raspti Direct Parallel Kernel Driver Running
Rdbss Rdbss File System Driver Running
RDPCDD RDPCDD Kernel Driver Running
RDPWD RDPWD Kernel Driver Stopped
redbook Digital CD Audio Playback Filter Driver Kernel Driver Running
rtl8139 Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver Kernel Driver Running
Secdrv Secdrv Kernel Driver Stopped
serenum Serenum Filter Driver Kernel Driver Running
Serial Serial port driver Kernel Driver Running
Sfloppy Sfloppy Kernel Driver Stopped
Simbad Simbad Kernel Driver Stopped
Sparrow Sparrow Kernel Driver Stopped
splitter Microsoft Kernel Audio Splitter Kernel Driver Stopped
sr System Restore Filter Driver File System Driver Running
Srv Srv File System Driver Running
ssmdrv ssmdrv Kernel Driver Running
swenum Software Bus Driver Kernel Driver Running
swmidi Microsoft Kernel GS Wavetable Synthesizer Kernel Driver Stopped
sym_hi sym_hi Kernel Driver Stopped
sym_u3 sym_u3 Kernel Driver Stopped
symc810 symc810 Kernel Driver Stopped
symc8xx symc8xx Kernel Driver Stopped
sysaudio Microsoft Kernel System Audio Device Kernel Driver Running
Tcpip TCP/IP Protocol Driver Kernel Driver Running
TDPIPE TDPIPE Kernel Driver Stopped
TDTCP TDTCP Kernel Driver Stopped
TermDD Terminal Device Driver Kernel Driver Running
TosIde TosIde Kernel Driver Stopped
Udfs Udfs File System Driver Stopped
ultra ultra Kernel Driver Stopped
Update Microcode Update Driver Kernel Driver Running
usbccgp Microsoft USB Generic Parent Driver Kernel Driver Stopped
usbehci Microsoft USB 2.0 Enhanced Host Controller Miniport Driver Kernel Driver Running
usbhub USB2 Enabled Hub Kernel Driver Running
usbprint Microsoft USB PRINTER Class Kernel Driver Stopped
usbscan USB Scanner Driver Kernel Driver Stopped
USBSTOR USB Mass Storage Driver Kernel Driver Stopped
usbuhci Microsoft USB Universal Host Controller Miniport Driver Kernel Driver Running
VgaSave VGA Display Controller. Kernel Driver Running
ViaIde ViaIde Kernel Driver Stopped
VolSnap VolSnap Kernel Driver Running
Wanarp Remote Access IP ARP Driver Kernel Driver Running
wceusbsh Windows CE USB Serial Host Driver Kernel Driver Stopped
WDICA WDICA Kernel Driver Stopped
wdmaud Microsoft WINMM WDM Audio Compatibility Driver Kernel Driver Running
=====




example MSI motherboard config - note usb intel info at bottom

Version EVEREST v2.00.335
Homepage http://www.lavalys.com/
Report Type Report Wizard
Computer PEPSI
Generator nightcrawler
Operating System Microsoft Windows XP Professional 5.1.2600 (WinXP Retail)
Date 2007-06-09
Time 19:23


Summary

Computer:
Operating System Microsoft Windows XP Professional
OS Service Pack Service Pack 2
DirectX 4.09.00.0904 (DirectX 9.0c)
Computer Name PEPSI
User Name nightcrawler

Motherboard:
CPU Type Intel Pentium 4, 2800 MHz (28 x 100)
Motherboard Name MSI Gamila/Giovani/Neon Series
Motherboard Chipset Intel Brookdale-G i845GEV
System Memory 247 MB (PC3200 DDR SDRAM)
BIOS Type Award (08/05/04)
Communication Port Communications Port (COM1)
Communication Port ECP Printer Port (LPT1)

Display:
Video Adapter Intel Extreme Graphics
3D Accelerator Intel Extreme Graphics

Multimedia:
Audio Adapter Intel 82801DB(M) ICH4(-M) - AC'97 Audio Controller [B-0]

Storage:
IDE Controller Intel® 82801DB Ultra ATA Storage Controller - 24CB
Floppy Drive Floppy disk drive
Disk Drive ST340014A (40 GB, 7200 RPM, Ultra-ATA/100)
Optical Drive HL-DT-ST RW/DVD GCC-4481B (DVD:16x, CD:48x/32x/48x DVD-ROM/CD-RW)
Optical Drive SONY DVD RW AW-G170A
SMART Hard Disks Status OK

Partitions:
C: (NTFS) 8999 MB (5504 MB free)
D: (NTFS) 29154 MB (28168 MB free)
Total Size 37.3 GB (32.9 GB free)

Input:
Keyboard Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Mouse HID-compliant mouse

Network:
Network Adapter Realtek RTL8139 Family PCI Fast Ethernet NIC (192.168.1.2)

Peripherals:
USB1 Controller Intel 82801DB(M) ICH4(-M) - USB Controller [B-0]
USB1 Controller Intel 82801DB(M) ICH4(-M) - USB Controller [B-0]
USB1 Controller Intel 82801DB(M) ICH4(-M) - USB Controller [B-0]
USB2 Controller Intel 82801DB(M) ICH4(-M) - Enhanced USB2 Controller [B-0]
USB Device USB Human Interface Device
==========


example msi mboard config - cont.

DMI

[ BIOS ]

BIOS Properties:
Vendor Phoenix Technologies, LTD
Version 3.15
Release Date 08/05/2004
Size 512 KB
Boot Devices Floppy Disk, Hard Disk, CD-ROM, ATAPI ZIP, LS-120
Capabilities Flash BIOS, Shadow BIOS, Selectable Boot, EDD, BBS
Supported Standards DMI, APM, ACPI, PnP
Expansion Capabilities ISA, PCI, AGP, USB

[ System ]

System Properties:
Manufacturer Compaq Presario 061
Product PP018AA-ACJ SR1235IL FD440
Version 0000411LX101GIOVA10
Serial Number INI4440250
Universal Unique ID A09A99E4-3156BD11-A83ACAC1-C64620D4
Wake-Up Type Power Switch

[ Motherboard ]

Motherboard Properties:
Manufacturer MICRO-STAR INTERNATIONAL CO., LTD
Product Gamila/Giovani/Neon series
Version 030
Serial Number 4A10620454

[ Chassis ]

Chassis Properties:
Chassis Type Desktop Case

[ Memory Controller ]

Memory Controller Properties:
Error Detection Method 8-bit Parity
Error Correction None
Supported Memory Interleave 1-Way
Current Memory Interleave 1-Way
Supported Memory Voltages 5V
Maximum Memory Module Size 1024 MB
Memory Slots 2

[ Processors / Intel Pentium 4 Processor ]

Processor Properties:
Manufacturer Intel
Version Intel Pentium 4 Processor
External Clock 100 MHz
Current Clock 2800 MHz
Type Central Processor
Status Enabled
Upgrade ZIF
Socket Designation Socket 478

[ Caches / Internal Cache ]

Cache Properties:
Type Internal
Status Enabled
Operational Mode Write-Back
Maximum Size 20 KB
Installed Size 20 KB
Supported SRAM Type Synchronous
Current SRAM Type Synchronous
Socket Designation Internal Cache
====



------ end log --------

Mike



Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users