Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Very talented malware! Not identified


  • This topic is locked This topic is locked
21 replies to this topic

#1 papilio01

papilio01

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 12 July 2010 - 11:10 PM

Hello,

I've been seeing quite a few, uhm, "anomalies" in my system increasingly for months, and have been using various tools to attempt to fix things myself -- have also done clean installs of Windows 7, after having zero-filled the HD, flushed the RAM, cleared the CMOS, and installed a freshly downloaded BIOS from Dell. It would usually help for a short time, then it all starts to build up all over again. I have taken no action on those programs which the security forums have advised to leave to the pros, such as Hijackthis and gmer.

Some of the symptoms -- a *lot* of logons and secondary logons, some as expected by Builtin security principals, others anonymous or unknown, and even papilio$ (this usually after 2 or 3 unsuccessful logon attempts) according to Events Viewer Security. (I frequently change my strong user password, though I hear that this isn't much help with today's password grinders.) According to Avast and TCPview many internet connections are loopbacks -- I understand that these are normal for some legit system programs, but often indicate malware trying to elevate its privileges. There's constant lowering of my initially high password-protected security settings of Avast Internet Security, plus having my advanced Internet Options all set to disabled (I use Firefox, always updated to latest build). The same with ZoneAlarm (used previously to Avast). These internet protection programs have sometimes been completely uninstalled, as well as has been Firefox, which also often crashes when I click links to malware help sites. Frequently, my clock is suddenly many hours off. My services configuration is constantly being modified, such as Remote assistance being changed from disabled to manual, same with the Bluetooth adapter service (what use are they able to make of *that* ??) I configure these through their Start keys in the registry, setting value to 4. I don't know what is normal, but Procmon.exe is berserk with activity, say a million entries within less than half an hour. A lot of my documents have been deleted, though of course all but the newest ones are backed up -- often these are still listed in Explorer, but as containing 0 bytes.

I run frequent scans with Avast and Malwarebytes, both of which inevitably show that I'm clean. Two days ago I also installed Sophos rootkit scanner, which so far appears to be much more effective than earlier scanners. My first scan with it revealed one hidden file, SPTD, in its correct filepath, though I don't believe that I've installed anything which generates virtual drives since I did my last clean install of Win 7. And it had these rather suspicious timestamps (I have disabled persistent timestamps in the registry) :

Created: Sun 27 Jun 2010 11:57:06 PM
Modified: Sun 27 Jun 2010 11:57:06 PM
Accessed: Sun 27 Jun 2010 11:57:06 PM

I contacted the vendor about this, they had me download the SPTD installation file and run it, but just up to the first window, where it should have said that an installation already exists unless it had been a silent install, which turned out to be the indication. I did un-install the file already on my system, I'll see whether that helps at all. Possibly it was detected simply due to the fact that its cfg registry key is locked while it's running (access denied when I tried to open the key in Regedit) -- but then again why should it be running? Another scan a few hours later also reporteded several Flash Player/#SHAREDOBJECTS in both my AppData and username Temp directories and other Adware tracking cookies. More of those just half an hour ago using my freshly download SuperAntispyware Pro (trial version). I don't do any of the things which violate "safe browsing", as far as I know of them. My connection on Avast is always set on "Public", which I understand to be the most secure, as I'm the sole user of my computer here at home and have not set up any network, and have filesharing disabled as a service as well as in my adapter properties. UAC is at max.

So ... this morning Avast had been largely disabled and TCPview showed over 200 connections -- I saved the file of that, but then I immediately disabled my connection, re-installed Avast, and now there are far fewer -- which is nice, except that I assume this will cause the reports to show fewer running processes. Almost nothing is shown in the "run" or "runonce" registry keys. There was an extremely high number of services running according to Task Manager, and even far more services listed in SysinternalsSuite Autorun.exe and Procexp.exe, most of which are clearly bogus, often not returning *any* results on google. Very many of these connections were running under [System Process]:0, which I understand represents System Idle. IPsec keeps reporting that it was not able to detect all network adapters, even after I use the suggested snap-in, and a lot of adapters and UPnP devices are under "hidden devices" in Device Manager, enumerated ROOT -- this last is not inherently suspicious I know, just makes them impossible to remove most of the time.

I use a wired Belkin router, which seems to be effective in keeping anything from getting in of its own initiative, but all of my problems seem to be originating from the inside out, presumably hijacked or bogus services connecting to malicious sites and downloading stuff -- I never know which services to allow out, having Avast set to ask me about everything. I need to find out which services absolutely must be allowed internet access merely in order for me to access the internet, and keep the rest in -- but the fact that even by displaying details in the Avast popup it usually only says it's that damn svchost. They are always getting out when I can't get access to the web myself with Firefox, nor even successfully ping my router running the Command Prompt as Administrator.

All of my directories are being scanned several times a day, sometimes being modified. I've read a lot about this sort of very invasive action on the part of Microsoft, searching for hacked Windows and other copyright infringement, so it may be that. I have no pirated software, and Windows 7 is legitimate and activated -- though according to my latest MS update logs I was about to have it de-activated by them as they've been unable to find my product key, but always checked to find that my system had been signed by MS. I called the Microsoft Store about this (where I had bought Windows 7), and they told me to download and run MGA Diagnostic and a couple of re-validation programs. This seems to have stopped the MS problem, according to logs they are *finally* uninstalling a lot of services and devices which I've long been suspicious of, apparently packing up and going home. MGA reported that my product key had been "tampered with". My latest logs mention "binding" the product key to my system -- not sure what this means but sounds like a good sign. These logs also record the creation (by them) of duplicate ownership of system files, directories and reg keys, as well as "side-by-side" ( ? ) configurations of much of my system. At the same time setting up many "shared" files and directories (I've set up no filesharing), all of this taken note of as well by the sfc /scannow which I ran yesterday. I'm hoping these things are just additional signs of Microsoft's gradual withdrawal, still wanting to keep some watch on me for a while -- I guess we'll see! Point being, not sure but some of what I've been noticing *may* be attributed to Microsoft's antics, though most of what I'm seeing is clearly more malicious.

One thing which might be helpful here, I've found that by using a LiveCD session of ubuntu, I seem to be able to have full access (copy, delete, read, write, modify) to *anything* in Windows.

Thanks for making your help available!
papilio


p.s. I hope I understood your instructions, as the posting form doesn't appear quite as described (ie. no "Enter" key) -- but you wanted the DDS.txt pasted here, with the attach.txt and ark.txt attached, yes?


>>>>>>>>>>>>>>>>>>>>>

Hold on ... 5am now, 6 hrs since posting this
Does this help at all? SuperAntiSpyware is still running 7 hrs after my last use of it, no window is
open but the tray icon is open and shows heavy activity, and Task Manager shows it running 50% of the
CPU.


PROCESS PROFILING (which is what exactly?)

It's written 95 megs and read 9.5 gigs !! (Time to kill process)

Since midnight, 275 megs in from the web, 1gig out



So, just what has ntkrnlpa.exe been up to??


Details in attachment Process.txt and Process string.txt
(And I apologize for the unusual appendage, thought it seemed significant.)

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>


DDS (Ver_10-03-17.01) - NTFSx86
Run by papilio at 21:22:48.09 on Mon 07/12/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3070.1756 [GMT -5:00]

SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalService
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\VistaSrv.exe
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WBVista.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\Alwil Software\Avast5\afwServ.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\alg.exe
C:\Windows\system32\dllhost.exe
C:\Windows\System32\svchost.exe -k NetworkServiceAndNoImpersonation
C:\Windows\System32\msdtc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\UI0Detect.exe
C:\Windows\system32\svchost.exe -k wcssvc
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Stardock\CursorFX\CursorFX.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\SHORTK~1\shklite.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\taskhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\papilio\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://radarsync.netvibes.com
mStart Page = hxxp://radarsync.netvibes.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [CursorFX] "c:\program files\stardock\cursorfx\CursorFX.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\shortk~1.lnk - c:\progra~1\shortk~1\shklite.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: WBSrv - c:\program files\stardock\object desktop\windowblinds\wbsrv.dll
AppInit_DLLs: wbsys.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\papilio\appdata\roaming\mozilla\firefox\profiles\7g5slwig.default\
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2010-7-12 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2010-7-12 190416]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2010-7-12 99280]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2010-7-12 307280]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-7-12 164048]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-7-12 19024]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-7-12 51792]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-12 40384]
R2 avast! Firewall;avast! Firewall;c:\program files\alwil software\avast5\afwServ.exe [2010-7-12 119200]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-6-7 240232]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-12 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-12 40384]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-6-26 14216]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-6-26 8456]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-27 1343400]

=============== Created Last 30 ================

2010-07-12 23:36:58 0 ----a-w- c:\users\papilio\defogger_reenable
2010-07-12 23:27:41 0 d-----w- c:\program files\CCleaner
2010-07-12 23:10:57 0 d-----w- c:\programdata\Sun
2010-07-12 23:10:04 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-12 22:34:57 307280 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2010-07-12 22:34:56 99280 ----a-w- c:\windows\system32\drivers\aswFW.sys
2010-07-12 22:34:45 190416 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2010-07-12 22:34:37 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-07-12 22:34:27 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2010-07-12 18:49:39 292864 ----a-w- c:\windows\system32\apphelp.dll
2010-07-12 03:09:22 0 d-----w- c:\program files\RocketDock
2010-07-10 18:32:12 0 d-----w- c:\program files\Sophos
2010-07-10 17:30:14 0 d-----w- c:\users\papilio\appdata\roaming\SUPERAntiSpyware.com
2010-07-10 17:30:14 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2010-07-10 17:30:06 0 d-----w- c:\program files\SUPERAntiSpyware
2010-07-10 14:30:54 0 d-----w- c:\programdata\Extensions
2010-07-10 00:41:44 0 d-----w- c:\program files\common files\Jasc Software Inc
2010-07-10 00:40:49 0 d-----w- c:\program files\Jasc Software Inc
2010-07-10 00:16:56 0 d-----w- C:\New folder
2010-07-09 05:57:49 0 d-----w- C:\.Trash-1000
2010-07-08 20:54:34 218 ----a-w- c:\users\papilio\.recently-used.xbel
2010-07-08 17:06:57 0 d-----w- c:\users\papilio\appdata\roaming\Wireshark
2010-07-08 16:46:45 0 d-----w- c:\program files\WinPcap
2010-07-08 16:46:27 0 d-----w- c:\program files\Wireshark
2010-07-08 01:28:52 0 d-sh--w- C:\found.000
2010-07-07 08:52:26 57904 ----a-w- c:\windows\system32\wbload.dll
2010-07-07 08:52:25 42672 ----a-w- c:\windows\system32\wbsys.dll
2010-07-07 01:17:20 86016 ----a-w- c:\windows\OPDIRDEL.exe
2010-07-06 17:01:07 572 ----a-w- c:\windows\maxlink.ini
2010-07-06 17:00:20 0 ----a-w- c:\windows\OP70.INI
2010-07-06 16:59:44 299520 ----a-w- c:\windows\uninst.exe
2010-07-06 16:59:17 8 ----a-w- c:\windows\phbase.ini
2010-07-06 16:58:10 24 ----a-w- c:\windows\pstudio.ini
2010-07-06 16:58:10 212480 ----a-w- c:\windows\PCDLIB32.DLL
2010-07-06 16:58:10 11 ----a-w- c:\windows\album.ini
2010-07-06 16:57:47 306688 ----a-w- c:\windows\IsUninst.exe
2010-07-06 16:10:21 339968 ----a-w- c:\windows\system32\N124UFW.dll
2010-07-06 16:10:21 28720 ----a-w- c:\windows\system32\SG62CPL.DLL
2010-07-06 16:10:21 114688 ----a-w- c:\windows\system32\SG62UUD.DLL
2010-07-06 14:47:48 0 d-----w- c:\temp\SGCSU622
2010-07-06 02:19:15 4967528 ----a-w- c:\windows\system32\nvwgf2um.dll
2010-07-06 02:19:15 10888168 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2010-07-06 02:19:13 9712744 ----a-w- c:\windows\system32\nvd3dum.dll
2010-07-06 02:19:13 4513384 ----a-w- c:\windows\system32\nvcuda.dll
2010-07-06 02:19:13 15764072 ----a-w- c:\windows\system32\nvoglv32.dll
2010-07-06 02:19:11 232040 ----a-w- c:\windows\system32\nvcod1921.dll
2010-07-06 02:19:11 232040 ----a-w- c:\windows\system32\nvcod.dll
2010-07-06 02:19:11 1592424 ----a-w- c:\windows\system32\nvapi.dll
2010-07-06 02:19:06 0 d-----w- C:\NVIDIA
2010-07-06 02:13:45 0 d-----w- c:\programdata\NVIDIA
2010-07-06 02:11:27 0 d-----w- c:\users\papilio\appdata\roaming\Registry Mechanic
2010-07-06 01:57:59 0 d-----w- c:\program files\Phyxion.net
2010-07-05 21:29:21 0 d---a-w- c:\programdata\TEMP
2010-07-05 19:52:21 9216 ----a-w- c:\windows\system32\ftlx0411.dll
2010-07-05 19:52:21 296960 ----a-w- c:\windows\winhlp32.exe
2010-07-05 19:52:21 195072 ----a-w- c:\windows\system32\ftsrch.dll
2010-07-05 19:52:21 10240 ----a-w- c:\windows\system32\ftlx041e.dll
2010-07-05 19:50:56 0 d-----w- c:\programdata\Windows Genuine Advantage
2010-07-05 15:13:00 0 d-----w- C:\MGADiagToolOutput
2010-07-05 15:12:25 0 d-----w- c:\programdata\Office Genuine Advantage
2010-07-05 07:18:39 0 d-----w- c:\program files\The Weather Channel FW
2010-07-05 07:14:28 0 d-----w- c:\program files\Conduit
2010-07-05 07:10:11 0 d-----w- c:\program files\RadarSync
2010-07-05 06:20:56 53248 ----a-w- c:\windows\system32\CSVer.dll
2010-07-05 06:20:44 0 d-----w- C:\Intel
2010-07-05 05:55:59 38848 ----a-w- c:\windows\avastSS.scr
2010-07-05 04:36:10 0 d-----w- c:\windows\system32\vmm32
2010-07-05 04:36:09 0 d-----w- c:\program files\Dell
2010-07-05 02:33:28 0 d-----w- c:\program files\MSN Toolbar Installer
2010-07-05 02:33:27 0 d-----w- c:\programdata\Driver Inspector
2010-07-03 19:32:54 0 d-----w- c:\programdata\PC Drivers HeadQuarters
2010-07-03 19:27:24 0 d-----w- c:\programdata\NVIDIA Corporation
2010-07-03 19:27:21 0 d-----w- c:\program files\NVIDIA Corporation
2010-07-03 19:26:55 9633 ----a-w- c:\windows\system32\nvinfo.pb
2010-07-03 19:26:55 795104 ----a-w- c:\windows\system32\dpinst.exe
2010-07-03 19:26:55 56936 ----a-w- c:\windows\system32\OpenCL.dll
2010-07-03 19:26:55 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2010-07-03 19:26:53 332392 ----a-w- c:\windows\system32\nvdecodemft.dll
2010-07-03 19:26:53 2890856 ----a-w- c:\windows\system32\nvencodemft.dll
2010-07-03 19:26:53 2632296 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-07-03 19:26:53 2145896 ----a-w- c:\windows\system32\nvcuvid.dll
2010-07-03 19:26:50 10263144 ----a-w- c:\windows\system32\nvcompiler.dll
2010-07-03 18:52:05 0 d-----w- c:\programdata\Driver Whiz
2010-07-03 06:56:57 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-07-02 17:24:26 389180 ----a-w- c:\windows\system32\UCS32P.DLL
2010-07-02 17:24:26 36864 ----a-w- c:\windows\system32\CNQU70.DLL
2010-06-30 20:48:08 0 d-----w- c:\users\papilio\Tracing
2010-06-30 20:41:36 0 d-----w- c:\program files\common files\Windows Live
2010-06-28 15:39:34 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2010-06-28 02:27:38 0 d-----w- c:\program files\VideoLAN
2010-06-27 14:39:54 0 d-----w- c:\program files\MSXML 4.0
2010-06-27 09:59:13 0 d-----w- c:\programdata\Adobe
2010-06-27 08:52:34 0 d-----w- c:\temp\_asw_aisI.tm~a00664
2010-06-27 08:50:12 0 d-----w- c:\windows\system32\Wat
2010-06-27 08:44:58 257024 ----a-w- c:\windows\system32\msv1_0.dll
2010-06-27 08:39:46 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-27 08:39:46 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-27 08:39:46 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-27 08:39:46 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-27 08:39:46 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-27 08:15:09 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-06-27 08:15:09 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-06-27 08:15:09 369152 ----a-w- c:\windows\system32\secproc.dll
2010-06-27 08:15:09 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2010-06-27 08:15:09 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-06-27 08:15:09 320512 ----a-w- c:\windows\system32\RMActivate.exe
2010-06-27 08:15:09 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-06-27 08:15:09 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-06-27 08:15:08 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-06-27 08:15:08 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-06-27 08:15:08 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-06-27 08:15:07 427520 ----a-w- c:\windows\system32\vbscript.dll
2010-06-27 08:14:58 2048 ----a-w- c:\windows\system32\tzres.dll
2010-06-27 08:14:54 70656 ----a-w- c:\windows\system32\fontsub.dll
2010-06-27 08:14:54 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-06-27 08:14:54 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-06-26 23:19:50 0 d-----r- C:\KB
2010-06-26 22:34:06 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
2010-06-26 22:34:06 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys
2010-06-26 22:34:06 1718912 ----a-w- c:\windows\system32\BootMan.exe
2010-06-26 22:34:06 14848 ----a-w- c:\windows\system32\EuEpmGdi.dll
2010-06-26 22:34:06 14216 ----a-w- c:\windows\system32\epmntdrv.sys
2010-06-26 22:34:01 0 d-----w- c:\program files\EASEUS
2010-06-26 19:55:31 0 d-----w- c:\windows\Panther
2010-06-26 19:50:44 0 d-----w- C:\Windows.old
2010-06-26 19:48:31 0 dc-h--w- c:\programdata\{E568B6A0-8E02-46C8-8954-00ECD7CD3554}
2010-06-26 19:48:30 0 d-----w- c:\program files\Stardock
2010-06-26 19:44:41 8876032 ----a-w- c:\windows\system32\FocusMag.dll
2010-06-26 19:44:40 0 d-----w- c:\program files\Focus Magic
2010-06-26 19:40:23 0 d-----w- c:\program files\WinRoll
2010-06-26 19:34:11 0 d-----w- c:\users\papilio\appdata\roaming\Malwarebytes
2010-06-26 19:34:03 0 d-----w- c:\programdata\Malwarebytes
2010-06-26 19:17:01 0 d-----w- c:\users\papilio\appdata\roaming\AVP 2009
2010-06-26 19:12:26 0 d-----w- c:\programdata\InstallShield
2010-06-26 18:57:40 0 d-----w- c:\program files\common files\Insight Software Solutions
2010-06-26 18:57:39 0 d-----w- c:\program files\ShortKeys2
2010-06-26 18:56:31 0 d-----w- c:\program files\IrfanView
2010-06-26 18:40:30 0 d-----w- c:\program files\common files\Nikon
2010-06-26 18:40:24 0 d-----w- c:\program files\Nikon
2010-06-26 18:39:54 20 ---h--w- c:\programdata\PKP_DLbx.DAT
2010-06-26 18:39:54 0 d-----w- c:\programdata\Ultima_T15
2010-06-26 18:39:54 0 d-----w- c:\programdata\EnterNHelp
2010-06-26 17:51:54 0 d-----w- C:\_SPC1
2010-06-26 17:46:05 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-06-26 17:24:31 0 d-sh--w- c:\windows\Installer
2010-06-26 17:24:26 0 d-----w- c:\programdata\Alwil Software
2010-06-26 17:07:50 726316 ----a-w- c:\windows\system32\PerfStringBackup.INI
2010-06-26 17:07:38 0 d-----w- c:\windows\system32\wbem\Performance
2010-06-26 17:06:12 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-06-26 17:06:07 132608 ----a-w- c:\windows\system32\cabview.dll
2010-06-26 16:49:05 8192 --sha-r- C:\BOOTSECT.BAK
2010-06-26 16:49:01 383562 --sha-r- C:\bootmgr
2010-06-26 16:49:01 0 d-sh--w- C:\Boot
2010-06-26 16:34:26 0 d-----w- c:\temp\_av_sfx.tm~a00456
2010-06-26 05:57:21 0 d-----w- C:\TEMP
2010-06-25 06:43:46 0 d-----w- C:\DELL

==================== Find3M ====================

2010-06-07 22:48:04 66664 ----a-w- c:\windows\system32\nvshext.dll
2010-06-07 22:48:04 13917800 ----a-w- c:\windows\system32\nvcpl.dll
2010-06-07 22:48:04 1331816 ----a-w- c:\windows\system32\nvsvc.dll
2010-06-07 22:48:04 129640 ----a-w- c:\windows\system32\nvvsvc.exe
2010-06-07 22:48:04 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-05-21 05:18:06 977920 ----a-w- c:\windows\system32\wininet.dll
2010-05-09 09:14:55 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-05-09 09:14:50 417792 ----a-w- c:\windows\system32\msdri.dll
2010-05-01 14:49:25 2326528 ----a-w- c:\windows\system32\win32k.sys
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 21:23:21.22 ===============

Attached Files


Edited by papilio01, 13 July 2010 - 05:24 AM.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:48 AM

Posted 18 July 2010 - 04:28 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#3 papilio01

papilio01
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 18 July 2010 - 06:06 PM

Thanks mOle, ready to go!

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:48 AM

Posted 18 July 2010 - 06:29 PM

You are painting a picture of an incredibly infected PC but the logs don't reflect this. Again though, some of the symptoms are malware related while others may be.

Please run OTL for a deeper scan than DDS.
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
The next tool I can't get a definite on whether it works on Windows 7 and can't test it right now. Let's see...

Go HERE and download FileLister.
  • Save it to your Desktop
  • Rt Click ->> Extract all ->> And extract it to your Desktop
  • Additional help on extracting zip files can be found HERE
  • Open the File Lister Folder.
  • Note: Leave the FileLister.vbe file in the folder and run it from there.
  • Rt Click FileLister.vbe ->>Select Open Then Open to confirm.
  • When the program is fnished it will produce a log for you C:\Files.txt
Copy and paste the contents of that log in your reply.

Edited by m0le, 18 July 2010 - 06:31 PM.

Posted Image
m0le is a proud member of UNITE

#5 papilio01

papilio01
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 20 July 2010 - 02:35 AM

Hi mOle, I can't seem to get OTL to output Extras.txt, have rebooted and re-downloaded several times. I did run it several days ago, just out of curiosity to see what would show up -- didn't take any action on the basis of it, but it did output the file that one time. I don't know, might be malware eating it, that sort of thing's happened plenty before. Any ideas?

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:48 AM

Posted 20 July 2010 - 06:26 PM

Extras.txt not generating at this point is not a problem. Go ahead with File Lister. thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#7 papilio01

papilio01
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 20 July 2010 - 09:56 PM

After 2 days, finally was just now able to get back online -- and last night Avast was disabled and I was without a firewall until I got back from work and noticed, by that time I'd been without a firewall for about 12 hrs. It's been re-installed with a fresh download, and updated. For what it may be worth, I've included the Extras.txt from several days ago, the only one which has ever been generated. (If there are any inconsistent timestamps, I'll mention again that my clock seems constantly messed with.) FileLister, run from its own unzipped folder on the desktop as you instructed, generated and empty page, but still named Files.txt. Deleted and re-downloaded the program 3 times, no good. BTW, OTL was run as administrator, and I did set it to include files from the past 60 rather than just 30 days. Otherwise settings as instructed.

As mentioned initially, part of the trouble seemed to have been Microsoft's inability to find the Win 7 product code -- once I discovered that the file had been "tampered with" and ran the other re-verification files which Microsoft recommended, I've quit seeing indications of their presence for the past week or so, for instance my directories are no longer being constantly scanned. But one thing related to that, I began seeing some of these problems (slightly but obvious) when I was still on XP a few months ago, and there was no indication of Windows licensing being an issue, I assume because it was an OEM installation.

As you say, the logs don't seem to indicate serious trouble, which has made this so frustrating -- my usual scans typically show the machine as being clean, and good but expensive local techies, though able to see the problems, have not been able to resolve things. Having been on a computer a lot for the past decade+, never any trouble whatsoever, you can imagine how annoying this is, driving me nuts! lol

Anyway, here's what I'm able to post, hopefully it will at least begin to help you. Thanks!



OTL logfile created on: 7/20/2010 9:03:09 PM - Run 7
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\papilio\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 73.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): f:\pagefile.sys 4000 4000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 48.83 Gb Total Space | 14.00 Gb Free Space | 28.68% Space Free | Partition Type: NTFS
Drive D: | 5.16 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
Drive F: | 416.93 Gb Total Space | 288.71 Gb Free Space | 69.25% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VERSICOLOR
Current User Name: papilio
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 60 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\papilio\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\afwServ.exe (AVAST Software)
PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files\Stardock\CursorFX\CursorFX.exe (Stardock Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
PRC - C:\Windows\UnsignedThemesSvc.exe (The Within Network, LLC)
PRC - C:\Program Files\WinRoll\winroll.exe ()


========== Modules (SafeList) ==========

MOD - C:\Users\papilio\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Stardock\CursorFX\CurXP0.dll ( )
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\WinRoll\winroll.dll ()


========== Win32 Services (SafeList) ==========

SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (avast! Firewall) -- C:\Program Files\Alwil Software\Avast5\afwServ.exe (AVAST Software)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (UnsignedThemes) -- C:\Windows\UnsignedThemesSvc.exe (The Within Network, LLC)
SRV - (WindowBlinds) -- C:\Program Files\Stardock\Object Desktop\WindowBlinds\VistaSrv.exe (Stardock Corporation)


========== Driver Services (SafeList) ==========

DRV - (PORTMON) -- C:\Users\papilio\Downloads\SysinternalsSuite\PORTMSYS.SYS File not found
DRV - (cpuz132) -- C:\Users\papilio\AppData\Local\Temp\cpuz132\cpuz132_x32.sys File not found
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (aswFW) -- C:\Windows\System32\drivers\aswFW.sys (ALWIL Software)
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (ALWIL Software)
DRV - (aswNdis2) -- C:\Windows\System32\drivers\aswNdis2.sys (ALWIL Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (MEMSWEEP2) -- C:\Windows\System32\F9EB.tmp (Sophos Plc)
DRV - (aswNdis) -- C:\Windows\system32\DRIVERS\aswNdis.sys (ALWIL Software)
DRV - (epmntdrv) -- C:\Windows\System32\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\Windows\System32\EuGdiDrv.sys ()
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\system32\DRIVERS\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (uxpatch) -- C:\Windows\System32\drivers\uxpatch.sys ()
DRV - (e1express) Intel® -- C:\Windows\System32\drivers\e1e6232.sys (Intel Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://radarsync.netvibes.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://radarsync.netvibes.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1C 2E 3F AB 52 15 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.addSBtoToolbar: false
FF - prefs.js..browser.search.autosizerwizard: ""
FF - prefs.js..browser.search.maxwidth: 291
FF - prefs.js..browser.search.minwidth: 291
FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.update: false
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.4
FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.11
FF - prefs.js..extensions.enabledItems: {8b86149f-01fb-4842-9dd8-4d7eb02fd055}:0.21.1
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.4
FF - prefs.js..extensions.enabledItems: {21cfaec0-dbb3-11dc-95ff-0800200c9a66}:1.1.2.4
FF - prefs.js..extensions.enabledItems: {F645A8C9-E969-42D9-B3F3-F325537222FD}:1.1.6
FF - prefs.js..extensions.enabledItems: {03B08592-E5B4-45ff-A0BE-C1D975458688}:0.6.0.8
FF - prefs.js..extensions.enabledItems: {655397ca-4766-496b-b7a8-3a5b176ee4c2}:1.4.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..extensions.enabledItems: {113c2360-15a3-11de-8c30-0800200c9a66}:0.9
FF - prefs.js..extensions.enabledItems: {5b175400-2368-11de-8c30-0800200c9a66}:1.9


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/05 14:50:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/12 18:10:04 | 000,000,000 | ---D | M]

[2010/06/26 12:32:45 | 000,000,000 | ---D | M] -- C:\Users\papilio\AppData\Roaming\Mozilla\Extensions
[2010/07/12 18:20:28 | 000,000,000 | ---D | M] -- C:\Users\papilio\AppData\Roaming\Mozilla\Firefox\Profiles\7g5slwig.default\extensions
[2010/07/06 18:36:23 | 000,000,000 | ---D | M] (Toolbar Buttons) -- C:\Users\papilio\AppData\Roaming\Mozilla\Firefox\Profiles\7g5slwig.default\extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688}
[2010/06/26 12:36:45 | 000,000,000 | ---D | M] (All-in-One Sidebar) -- C:\Users\papilio\AppData\Roaming\Mozilla\Firefox\Profiles\7g5slwig.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}
[2010/06/26 12:36:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\papilio\AppData\Roaming\Mozilla\Firefox\Profiles\7g5slwig.default\extensions\{113c2360-15a3-11de-8c30-0800200c9a66}
[2010/06/26 12:36:45 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Users\papilio\AppData\Roaming\Mozilla\Firefox\Profiles\7g5slwig.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2010/06/26 12:36:45 | 000,000,000 | ---D | M] (Easy DragToGo) -- C:\Users\papilio\AppData\Roaming\Mozilla\Firefox\Profiles\7g5slwig.default\extensions\{21cfaec0-dbb3-11dc-95ff-0800200c9a66}
[2010/07/06 09:30:40 | 000,000,000 | ---D | M] (Stylish) -- C:\Users\papilio\AppData\Roaming\Mozilla\Firefox\Profiles\7g5slwig.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2010/07/06 16:19:00 | 000,000,000 | ---D | M] (Oskar) -- C:\Users\papilio\AppData\Roaming\Mozilla\Firefox\Profiles\7g5slwig.default\extensions\{5b175400-2368-11de-8c30-0800200c9a66}
[2010/07/12 18:10:43 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\papilio\AppData\Roaming\Mozilla\Firefox\Profiles\7g5slwig.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/07/08 20:40:25 | 000,000,000 | ---D | M] (Searchbar Autosizer) -- C:\Users\papilio\AppData\Roaming\Mozilla\Firefox\Profiles\7g5slwig.default\extensions\{655397ca-4766-496b-b7a8-3a5b176ee4c2}
[2010/06/26 12:36:45 | 000,000,000 | ---D | M] (All-in-One Gestures) -- C:\Users\papilio\AppData\Roaming\Mozilla\Firefox\Profiles\7g5slwig.default\extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055}
[2010/06/26 12:36:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\papilio\AppData\Roaming\Mozilla\Firefox\Profiles\7g5slwig.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2010/06/26 12:36:45 | 000,000,000 | ---D | M] (QuickRestart) -- C:\Users\papilio\AppData\Roaming\Mozilla\Firefox\Profiles\7g5slwig.default\extensions\{F645A8C9-E969-42D9-B3F3-F325537222FD}
[2010/07/12 18:10:06 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/12 18:10:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/07/12 18:09:58 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKCU..\Run: [CursorFX] C:\Program Files\Stardock\CursorFX\CursorFX.exe (Stardock Corporation)
O4 - Startup: C:\Users\papilio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\winroll.exe - Shortcut.lnk = C:\Program Files\WinRoll\winroll.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (wbsys.dll) - C:\Windows\System32\wbsys.dll (Stardock.Net, Inc)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\WBSrv: DllName - C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll - C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll (Stardock Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 60 Days ==========

[2010/07/20 20:53:17 | 000,000,000 | ---D | C] -- C:\Users\papilio\Desktop\FileLister
[2010/07/20 20:51:51 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\papilio\Desktop\OTL.exe
[2010/07/20 20:46:23 | 000,000,000 | ---D | C] -- C:\Users\papilio\Documents\My Received Files
[2010/07/20 20:39:34 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\avastSS.scr
[2010/07/20 20:15:32 | 000,165,456 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/07/20 20:15:32 | 000,017,744 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/07/20 20:15:31 | 000,312,912 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2010/07/20 20:15:30 | 000,099,280 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswFW.sys
[2010/07/20 20:15:14 | 000,188,168 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswNdis2.sys
[2010/07/20 20:15:14 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/07/20 20:15:14 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/07/20 20:15:12 | 000,050,256 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/07/20 20:15:04 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswNdis.sys
[2010/07/20 20:15:02 | 000,165,032 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2010/07/20 18:36:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/07/20 18:36:06 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2010/07/20 18:35:47 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/07/20 18:35:31 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/07/20 18:26:50 | 001,247,056 | ---- | C] (Microsoft Corporation) -- C:\Users\papilio\Desktop\wlsetup-web.exe
[2010/07/17 08:44:04 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/07/16 22:43:42 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\papilio\Desktop\hjt.exe
[2010/07/15 18:56:46 | 000,000,000 | ---D | C] -- C:\New folder (2)
[2010/07/15 18:31:21 | 000,000,000 | ---D | C] -- C:\Users\papilio\Desktop\Devine_Icons_Part_2_by_ipapun
[2010/07/15 10:04:17 | 000,173,119 | ---- | C] (Eric_71) -- C:\Users\papilio\Desktop\Rooter.exe
[2010/07/15 00:21:22 | 000,000,000 | ---D | C] -- C:\Users\papilio\Desktop\RootRepeal
[2010/07/13 18:27:29 | 000,000,000 | ---D | C] -- C:\Program Files\yzsdw109
[2010/07/13 03:24:11 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/07/13 03:24:09 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/07/13 03:24:09 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/12 21:30:14 | 000,000,000 | ---D | C] -- C:\Users\papilio\Desktop\gmer
[2010/07/12 18:39:18 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\papilio\Desktop\mb.exe
[2010/07/12 18:27:41 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/07/12 18:24:40 | 001,154,616 | ---- | C] (Piriform Ltd) -- C:\Users\papilio\Desktop\ccsetup233_slim.exe
[2010/07/12 18:10:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/07/12 18:10:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/07/12 18:10:04 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/07/12 18:10:04 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/07/12 18:10:04 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/07/12 18:10:04 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/07/12 18:09:57 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/07/12 18:07:08 | 000,921,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\papilio\Desktop\JavaSetup6u20.exe
[2010/07/11 22:09:22 | 000,000,000 | ---D | C] -- C:\Program Files\RocketDock
[2010/07/10 13:32:12 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2010/07/10 12:30:14 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/07/10 09:30:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Extensions
[2010/07/09 19:41:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Jasc Software Inc
[2010/07/09 19:41:37 | 000,000,000 | ---D | C] -- C:\Users\papilio\AppData\Roaming\Jasc Software Inc
[2010/07/09 19:40:49 | 000,000,000 | ---D | C] -- C:\Program Files\Jasc Software Inc
[2010/07/09 19:16:56 | 000,000,000 | ---D | C] -- C:\New folder
[2010/07/09 00:57:49 | 000,000,000 | ---D | C] -- C:\.Trash-1000
[2010/07/08 12:09:19 | 000,000,000 | ---D | C] -- C:\Users\papilio\AppData\Roaming\gtk-2.0
[2010/07/08 12:06:57 | 000,000,000 | ---D | C] -- C:\Users\papilio\AppData\Roaming\Wireshark
[2010/07/08 11:46:45 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap
[2010/07/08 11:46:27 | 000,000,000 | ---D | C] -- C:\Program Files\Wireshark
[2010/07/07 20:28:52 | 000,000,000 | -HSD | C] -- C:\found.000
[2010/07/07 03:52:25 | 000,042,672 | ---- | C] (Stardock.Net, Inc) -- C:\Windows\System32\wbsys.dll
[2010/07/06 19:25:23 | 000,198,504 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\papilio\Desktop\Tcpview - Copy.exe
[2010/07/06 11:59:44 | 000,299,520 | ---- | C] (InstallShield Corporation, Inc.) -- C:\Windows\uninst.exe
[2010/07/06 11:58:10 | 000,212,480 | ---- | C] (Eastman Kodak) -- C:\Windows\PCDLIB32.DLL
[2010/07/06 11:57:47 | 000,306,688 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\IsUninst.exe
[2010/07/06 11:10:21 | 000,339,968 | ---- | C] (CANON INC.) -- C:\Windows\System32\N124UFW.dll
[2010/07/06 11:10:21 | 000,114,688 | ---- | C] (CANON INC.) -- C:\Windows\System32\SG62UUD.DLL
[2010/07/06 11:10:21 | 000,028,720 | ---- | C] (CANON INC.) -- C:\Windows\System32\SG62CPL.DLL
[2010/07/06 02:23:01 | 000,000,000 | R--D | C] -- C:\Users\papilio\Desktop\[____NEF
[2010/07/05 22:25:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/07/05 21:19:15 | 010,888,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2010/07/05 21:19:15 | 004,967,528 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll
[2010/07/05 21:19:13 | 015,764,072 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2010/07/05 21:19:13 | 009,712,744 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll
[2010/07/05 21:19:13 | 004,513,384 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2010/07/05 21:19:11 | 001,592,424 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvapi.dll
[2010/07/05 21:19:11 | 000,232,040 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcod1921.dll
[2010/07/05 21:19:11 | 000,232,040 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcod.dll
[2010/07/05 21:19:06 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2010/07/05 21:13:45 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2010/07/05 21:11:27 | 000,000,000 | ---D | C] -- C:\Users\papilio\AppData\Roaming\Registry Mechanic
[2010/07/05 20:57:59 | 000,000,000 | ---D | C] -- C:\Program Files\Phyxion.net
[2010/07/05 17:43:22 | 000,000,000 | R--D | C] -- C:\Users\papilio\Documents\Scanned Documents
[2010/07/05 17:43:22 | 000,000,000 | ---D | C] -- C:\Users\papilio\Documents\Fax
[2010/07/05 16:29:21 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/07/05 14:53:09 | 000,000,000 | ---D | C] -- C:\Users\papilio\AppData\Roaming\Help
[2010/07/05 14:53:09 | 000,000,000 | ---D | C] -- C:\Users\papilio\AppData\Local\Help
[2010/07/05 14:52:21 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\winhlp32.exe
[2010/07/05 14:52:21 | 000,195,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ftsrch.dll
[2010/07/05 14:52:21 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ftlx041e.dll
[2010/07/05 14:52:21 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ftlx0411.dll
[2010/07/05 14:50:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage
[2010/07/05 12:42:14 | 000,000,000 | ---D | C] -- C:\Users\papilio\AppData\Local\RadarSync
[2010/07/05 11:44:26 | 000,154,496 | ---- | C] (Gibson Research Corp.) -- C:\Users\papilio\Desktop\DNSBench.exe
[2010/07/05 10:13:00 | 000,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2010/07/05 10:12:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2010/07/05 02:31:27 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2010/07/05 02:18:39 | 000,000,000 | ---D | C] -- C:\Program Files\The Weather Channel FW
[2010/07/05 02:14:29 | 000,000,000 | ---D | C] -- C:\Users\papilio\AppData\Local\The Weather Channel
[2010/07/05 02:14:28 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010/07/05 02:10:11 | 000,000,000 | ---D | C] -- C:\Program Files\RadarSync
[2010/07/05 01:20:56 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\System32\CSVer.dll
[2010/07/05 01:20:44 | 000,000,000 | ---D | C] -- C:\Intel
[2010/07/05 00:51:51 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/07/04 23:36:10 | 000,000,000 | ---D | C] -- C:\Windows\System32\vmm32
[2010/07/04 23:36:09 | 000,000,000 | ---D | C] -- C:\Program Files\Dell
[2010/07/04 23:10:33 | 000,000,000 | ---D | C] -- C:\Users\papilio\AppData\Local\Diagnostics
[2010/07/04 21:33:28 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar Installer
[2010/07/04 21:33:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Driver Inspector
[2010/07/04 21:17:26 | 000,000,000 | ---D | C] -- C:\Users\papilio\Desktop\lide20lide30n670un676un1240uvst7031a_xpen
[2010/07/04 21:16:58 | 001,070,527 | ---- | C] (AKSoft) -- C:\Users\papilio\Desktop\dj889mu.exe
[2010/07/04 07:58:13 | 000,157,232 | ---- | C] (Alwil Software) -- C:\Users\papilio\Desktop\aswclear5.exe
[2010/07/03 16:50:14 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2010/07/03 16:50:14 | 000,000,000 | ---D | C] -- C:\Users\papilio\AppData\Roaming\InstallShield
[2010/07/03 14:50:14 | 000,000,000 | ---D | C] -- C:\Users\papilio\AppData\Local\Apps
[2010/07/03 14:50:13 | 000,000,000 | ---D | C] -- C:\Users\papilio\AppData\Local\Deployment
[2010/07/03 14:32:54 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Drivers HeadQuarters
[2010/07/03 14:27:24 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2010/07/03 14:27:21 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2010/07/03 14:26:55 | 000,795,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpinst.exe
[2010/07/03 14:26:55 | 000,056,936 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2010/07/03 14:26:55 | 000,010,920 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvBridge.kmd
[2010/07/03 14:26:53 | 002,890,856 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvencodemft.dll
[2010/07/03 14:26:53 | 002,632,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2010/07/03 14:26:53 | 002,145,896 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2010/07/03 14:26:53 | 000,332,392 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdecodemft.dll
[2010/07/03 14:26:50 | 010,263,144 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2010/07/03 14:02:06 | 000,000,000 | ---D | C] -- C:\Users\papilio\AppData\Local\ElevatedDiagnostics
[2010/07/03 13:52:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Driver Whiz
[2010/07/02 12:31:21 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/07/02 12:24:26 | 000,389,180 | ---- | C] (Canon) -- C:\Windows\System32\UCS32P.DLL
[2010/07/02 12:24:26 | 000,036,864 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNQU70.DLL
[2010/06/30 15:48:08 | 000,000,000 | ---D | C] -- C:\Users\papilio\Tracing
[2010/06/30 15:47:01 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010/06/30 15:41:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2010/06/28 00:20:19 | 000,000,000 | ---D | C] -- C:\Users\papilio\AppData\Roaming\vlc
[2010/06/27 23:56:39 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2010/06/27 21:30:20 | 000,000,000 | ---D | C] -- C:\Users\papilio\AppData\Roaming\dvdcss
[2010/06/27 21:27:38 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010/06/27 09:39:54 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/06/27 04:59:32 | 000,000,000 | ---D | C] -- C:\Users\papilio\AppData\Local\Adobe
[2010/06/27 04:59:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010/06/27 04:59:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/06/27 04:59:10 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/06/27 03:50:12 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat
[2010/06/27 03:40:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/06/27 03:39:46 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2010/06/27 03:39:46 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2010/06/27 03:39:46 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2010/06/27 03:16:48 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2010/06/27 03:16:47 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll
[2010/06/27 03:16:46 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2010/06/27 03:16:46 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll
[2010/06/27 03:16:46 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2010/06/27 03:16:46 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2010/06/27 03:16:36 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010/06/27 03:16:36 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/06/27 03:16:33 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/06/27 03:16:33 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/06/27 03:16:33 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/06/27 03:16:33 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/06/27 03:16:32 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010/06/27 03:16:32 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010/06/27 03:16:32 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010/06/27 03:16:31 | 003,954,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/06/27 03:16:31 | 003,899,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/06/27 03:16:22 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010/06/27 03:16:19 | 001,037,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2010/06/27 03:16:19 | 000,133,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecpkg.sys
[2010/06/27 03:16:14 | 002,326,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/06/27 03:16:11 | 001,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2010/06/27 03:16:11 | 000,507,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2010/06/27 03:16:11 | 000,442,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2010/06/27 03:16:10 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010/06/27 03:15:09 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010/06/27 03:15:09 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010/06/27 03:15:09 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010/06/27 03:15:09 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010/06/27 03:15:09 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010/06/27 03:15:09 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010/06/27 03:15:09 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010/06/27 03:15:09 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010/06/27 03:15:07 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010/06/27 03:14:58 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/06/27 03:14:54 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010/06/27 03:14:54 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010/06/27 03:14:54 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010/06/26 18:19:50 | 000,000,000 | R--D | C] -- C:\KB
[2010/06/26 17:34:01 | 000,000,000 | ---D | C] -- C:\Program Files\EASEUS
[2010/06/26 14:55:31 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2010/06/26 14:50:44 | 000,000,000 | ---D | C] -- C:\Windows.old
[2010/06/26 14:50:35 | 000,000,000 | ---D | C] -- C:\Users\papilio\AppData\Local\Stardock
[2010/06/26 14:48:31 | 000,000,000 | -H-D | C] -- C:\ProgramData\{E568B6A0-8E02-46C8-8954-00ECD7CD3554}
[2010/06/26 14:48:30 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Stardock
[2010/06/26 14:48:30 | 000,000,000 | ---D | C] -- C:\Program Files\Stardock
[2010/06/26 14:44:41 | 008,876,032 | ---- | C] (Acclaim Software Ltd) -- C:\Windows\System32\FocusMag.dll
[2010/06/26 14:44:40 | 000,000,000 | ---D | C] -- C:\Program Files\Focus Magic
[2010/06/26 14:40:23 | 000,000,000 | ---D | C] -- C:\Program Files\WinRoll
[2010/06/26 14:34:11 | 000,000,000 | ---D | C] -- C:\Users\papilio\AppData\Roaming\Malwarebytes
[2010/06/26 14:34:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/06/26 14:17:01 | 000,000,000 | ---D | C] -- C:\Users\papilio\AppData\Roaming\AVP 2009
[2010/06/26 14:12:26 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield
[2010/06/26 14:12:03 | 000,000,000 | ---D | C] -- C:\Users\papilio\Documents\My PSP Files
[2010/06/26 13:57:42 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Insight Software
[2010/06/26 13:57:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Insight Software Solutions
[2010/06/26 13:57:39 | 000,000,000 | ---D | C] -- C:\Program Files\ShortKeys2
[2010/06/26 13:56:50 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2010/06/26 13:56:31 | 000,000,000 | ---D | C] -- C:\Program Files\IrfanView
[2010/06/26 13:43:52 | 000,000,000 | ---D | C] -- C:\Users\papilio\AppData\Local\Nikon
[2010/06/26 13:40:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010/06/26 13:40:30 | 000,000,000 | ---D | C] -- C:\Users\papilio\AppData\Roaming\Nikon
[2010/06/26 13:40:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nikon
[2010/06/26 13:40:24 | 000,000,000 | ---D | C] -- C:\Program Files\Nikon
[2010/06/26 13:39:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Ultima_T15
[2010/06/26 13:39:54 | 000,000,000 | ---D | C] -- C:\ProgramData\EnterNHelp
[2010/06/26 12:51:54 | 000,000,000 | ---D | C] -- C:\_SPC1
[2010/06/26 12:46:05 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/06/26 12:32:40 | 000,000,000 | ---D | C] -- C:\Users\papilio\AppData\Roaming\Mozilla
[2010/06/26 12:32:40 | 000,000,000 | ---D | C] -- C:\Users\papilio\AppData\Local\Mozilla
[2010/06/26 12:32:33 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/06/26 12:24:31 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2010/06/26 12:24:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/06/26 12:14:31 | 000,000,000 | ---D | C] -- C:\Users\papilio\AppData\Roaming\Macromedia
[2010/06/26 12:14:31 | 000,000,000 | ---D | C] -- C:\Users\papilio\AppData\Roaming\Adobe
[2010/06/26 12:13:39 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2010/06/26 12:05:38 | 000,000,000 | R--D | C] -- C:\Users\papilio\Searches
[2010/06/26 12:05:37 | 000,000,000 | -H-D | C] -- C:\Users\papilio\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2010/06/26 12:05:28 | 000,000,000 | ---D | C] -- C:\Users\papilio\AppData\Roaming\Identities
[2010/06/26 12:05:27 | 000,000,000 | R--D | C] -- C:\Users\papilio\Contacts
[2010/06/26 12:05:21 | 000,000,000 | ---D | C] -- C:\Users\papilio\AppData\Local\VirtualStore
[2010/06/26 12:05:20 | 000,000,000 | --SD | C] -- C:\Users\papilio\AppData\Roaming\Microsoft
[2010/06/26 12:05:20 | 000,000,000 | R--D | C] -- C:\Users\papilio\Videos
[2010/06/26 12:05:20 | 000,000,000 | R--D | C] -- C:\Users\papilio\Saved Games
[2010/06/26 12:05:20 | 000,000,000 | R--D | C] -- C:\Users\papilio\Pictures
[2010/06/26 12:05:20 | 000,000,000 | R--D | C] -- C:\Users\papilio\Music
[2010/06/26 12:05:20 | 000,000,000 | R--D | C] -- C:\Users\papilio\Links
[2010/06/26 12:05:20 | 000,000,000 | R--D | C] -- C:\Users\papilio\Favorites
[2010/06/26 12:05:20 | 000,000,000 | R--D | C] -- C:\Users\papilio\Downloads
[2010/06/26 12:05:20 | 000,000,000 | R--D | C] -- C:\Users\papilio\My Documents
[2010/06/26 12:05:20 | 000,000,000 | R--D | C] -- C:\Users\papilio\Desktop
[2010/06/26 12:05:20 | 000,000,000 | -HSD | C] -- C:\Users\papilio\AppData\Local\Temporary Internet Files
[2010/06/26 12:05:20 | 000,000,000 | -HSD | C] -- C:\Users\papilio\Templates
[2010/06/26 12:05:20 | 000,000,000 | -HSD | C] -- C:\Users\papilio\Start Menu
[2010/06/26 12:05:20 | 000,000,000 | -HSD | C] -- C:\Users\papilio\SendTo
[2010/06/26 12:05:20 | 000,000,000 | -HSD | C] -- C:\Users\papilio\Recent
[2010/06/26 12:05:20 | 000,000,000 | -HSD | C] -- C:\Users\papilio\PrintHood
[2010/06/26 12:05:20 | 000,000,000 | -HSD | C] -- C:\Users\papilio\NetHood
[2010/06/26 12:05:20 | 000,000,000 | -HSD | C] -- C:\Users\papilio\Documents\My Videos
[2010/06/26 12:05:20 | 000,000,000 | -HSD | C] -- C:\Users\papilio\Documents\My Pictures
[2010/06/26 12:05:20 | 000,000,000 | -HSD | C] -- C:\Users\papilio\Documents\My Music
[2010/06/26 12:05:20 | 000,000,000 | -HSD | C] -- C:\Users\papilio\My Documents
[2010/06/26 12:05:20 | 000,000,000 | -HSD | C] -- C:\Users\papilio\Local Settings
[2010/06/26 12:05:20 | 000,000,000 | -HSD | C] -- C:\Users\papilio\AppData\Local\History
[2010/06/26 12:05:20 | 000,000,000 | -HSD | C] -- C:\Users\papilio\Cookies
[2010/06/26 12:05:20 | 000,000,000 | -HSD | C] -- C:\Users\papilio\Application Data
[2010/06/26 12:05:20 | 000,000,000 | -HSD | C] -- C:\Users\papilio\AppData\Local\Application Data
[2010/06/26 12:05:20 | 000,000,000 | -H-D | C] -- C:\Users\papilio\AppData
[2010/06/26 12:05:20 | 000,000,000 | ---D | C] -- C:\Users\papilio\AppData\Local\Temp
[2010/06/26 12:05:20 | 000,000,000 | ---D | C] -- C:\Users\papilio\AppData\Local\Microsoft
[2010/06/26 12:05:20 | 000,000,000 | ---D | C] -- C:\Users\papilio\AppData\Roaming\Media Center Programs
[2010/06/26 12:05:08 | 000,000,000 | -HSD | C] -- C:\Recovery
[2010/06/26 12:05:05 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010/06/26 11:49:01 | 000,000,000 | -HSD | C] -- C:\Boot
[2010/06/26 00:57:21 | 000,000,000 | ---D | C] -- C:\TEMP
[2010/06/25 02:07:07 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/06/25 01:43:46 | 000,000,000 | ---D | C] -- C:\DELL
[2010/06/09 07:11:26 | 000,737,280 | ---- | C] (Ciansoft) -- C:\Windows\System32\TwainControlX.ocx
[2010/06/07 17:48:04 | 013,917,800 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.dll
[2010/06/07 17:48:04 | 001,331,816 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvsvc.dll
[2010/06/07 17:48:04 | 000,110,696 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvmctray.dll
[2010/06/07 17:48:04 | 000,066,664 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvshext.dll
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 60 Days ==========

[2010/07/20 21:02:38 | 000,726,316 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/07/20 21:02:38 | 000,623,940 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/07/20 21:02:38 | 000,106,316 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/07/20 20:58:41 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\Anti_Malware_Pro.job
[2010/07/20 20:58:25 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/07/20 20:58:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/07/20 20:58:13 | 2414,284,800 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/20 20:57:31 | 001,835,008 | -HS- | M] () -- C:\Users\papilio\NTUSER.DAT
[2010/07/20 20:57:29 | 001,638,666 | -H-- | M] () -- C:\Users\papilio\AppData\Local\IconCache.db
[2010/07/20 20:52:44 | 000,020,359 | ---- | M] () -- C:\Users\papilio\Desktop\FileLister.zip
[2010/07/20 20:51:55 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\papilio\Desktop\OTL.exe
[2010/07/20 20:39:35 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/07/20 20:36:52 | 000,019,312 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/20 20:36:52 | 000,019,312 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/20 20:32:00 | 000,000,124 | ---- | M] () -- C:\Users\papilio\Desktop\Very talented malware! Not identified.URL
[2010/07/20 20:15:32 | 000,002,009 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2010/07/20 18:31:40 | 000,000,895 | ---- | M] () -- C:\Users\papilio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\winroll.exe - Shortcut.lnk
[2010/07/20 18:27:04 | 001,247,056 | ---- | M] (Microsoft Corporation) -- C:\Users\papilio\Desktop\wlsetup-web.exe
[2010/07/20 18:23:17 | 000,000,936 | ---- | M] () -- C:\Users\papilio\Desktop\License.zip
[2010/07/17 15:26:10 | 000,000,167 | ---- | M] () -- C:\Users\papilio\AppData\Roaming\PLGComp.ini
[2010/07/16 23:02:37 | 000,525,824 | ---- | M] () -- C:\Users\papilio\Desktop\dds.scr
[2010/07/16 22:43:46 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\papilio\Desktop\hjt.exe
[2010/07/15 12:49:42 | 000,000,175 | ---- | M] () -- C:\Users\papilio\Desktop\Hopeless__by_Lyon106.7z
[2010/07/15 10:27:13 | 000,000,193 | ---- | M] () -- C:\Windows\WORDPAD.INI
[2010/07/15 10:04:18 | 000,173,119 | ---- | M] (Eric_71) -- C:\Users\papilio\Desktop\Rooter.exe
[2010/07/15 09:30:54 | 001,059,885 | ---- | M] () -- C:\Users\papilio\Desktop\Aphotic_CAD_by_murasaki55.zip
[2010/07/15 09:19:29 | 004,749,591 | ---- | M] () -- C:\Users\papilio\Desktop\World_hold_on_by_art_styles.zip
[2010/07/15 09:17:25 | 003,298,846 | ---- | M] () -- C:\Users\papilio\Desktop\Revolution_in_Paradise_by_art_styles.zip
[2010/07/15 09:09:29 | 051,585,091 | ---- | M] () -- C:\Users\papilio\Desktop\Devine_Icons_Part_2_by_ipapun.zip
[2010/07/15 09:04:31 | 003,186,864 | ---- | M] () -- C:\Users\papilio\Desktop\Relaxet__Wallpapers_2_by_ipapun.zip
[2010/07/15 08:50:46 | 000,702,512 | ---- | M] () -- C:\Users\papilio\Desktop\Mini_Calendar_by_murasaki55.rar
[2010/07/15 08:43:59 | 000,000,026 | ---- | M] () -- C:\Users\papilio\Desktop\Hopeless__by_Lyon106.png
[2010/07/15 07:02:04 | 012,228,493 | ---- | M] () -- C:\Users\papilio\Desktop\APPOWS2010_by_neiio.7z
[2010/07/15 00:33:55 | 000,007,764 | ---- | M] () -- C:\Users\papilio\Documents\cc_20100715_003137.reg
[2010/07/15 00:24:11 | 000,000,969 | ---- | M] () -- C:\Users\papilio\Desktop\CCleaner.lnk
[2010/07/15 00:07:50 | 000,465,298 | ---- | M] () -- C:\Users\papilio\Desktop\RootRepeal.rar
[2010/07/14 23:01:27 | 000,000,000 | ---- | M] () -- C:\Windows\System32\settings.dat
[2010/07/14 17:59:38 | 000,268,184 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/07/14 17:56:07 | 000,697,328 | ---- | M] () -- C:\Windows\System32\drivers\sptd.sys
[2010/07/14 15:18:30 | 000,866,107 | ---- | M] () -- C:\Users\papilio\Desktop\Image3b.jpg
[2010/07/14 15:16:58 | 002,025,645 | ---- | M] () -- C:\Users\papilio\Desktop\Lightness5.pspimage
[2010/07/14 13:38:09 | 082,325,439 | ---- | M] () -- C:\Users\papilio\Desktop\Image7.pspimage
[2010/07/14 10:54:12 | 000,915,882 | ---- | M] () -- C:\Users\papilio\Desktop\Image3.jpg
[2010/07/14 08:25:05 | 000,058,040 | ---- | M] () -- C:\Users\papilio\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/07/14 01:04:26 | 000,000,937 | ---- | M] () -- C:\Users\papilio\Desktop\RocketDock.lnk
[2010/07/13 10:25:51 | 017,250,800 | ---- | M] () -- C:\Users\papilio\Documents\XWD_Create_his_skin_tutorial_by_RajTheeban95.pdf
[2010/07/13 03:24:13 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/12 21:28:50 | 000,284,915 | ---- | M] () -- C:\Users\papilio\Desktop\gmer.zip
[2010/07/12 18:42:45 | 002,396,509 | ---- | M] () -- C:\Users\papilio\Desktop\MGtools.exe
[2010/07/12 18:42:03 | 003,737,917 | ---- | M] () -- C:\Users\papilio\Desktop\ComboFix.exe
[2010/07/12 18:39:58 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\papilio\Desktop\mb.exe
[2010/07/12 18:36:58 | 000,000,000 | ---- | M] () -- C:\Users\papilio\defogger_reenable
[2010/07/12 18:36:39 | 000,050,477 | ---- | M] () -- C:\Users\papilio\Desktop\Defogger.exe
[2010/07/12 18:24:49 | 001,154,616 | ---- | M] (Piriform Ltd) -- C:\Users\papilio\Desktop\ccsetup233_slim.exe
[2010/07/12 18:09:58 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/07/12 18:09:58 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/07/12 18:09:58 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/07/12 18:09:58 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/07/12 18:07:11 | 000,921,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\papilio\Desktop\JavaSetup6u20.exe
[2010/07/11 22:49:14 | 000,000,199 | ---- | M] () -- C:\Users\papilio\Desktop\Event log error 4201 - ERROR_WMI_INSTANCE_NOT_FOUND.url
[2010/07/11 20:32:08 | 000,001,357 | ---- | M] () -- C:\Users\papilio\Desktop\autoruns.exe - Shortcut.lnk
[2010/07/11 20:01:21 | 000,000,164 | ---- | M] () -- C:\Users\papilio\Desktop\taskeng.exe and Dwm.exe.url
[2010/07/11 17:35:36 | 000,001,344 | ---- | M] () -- C:\Users\papilio\Desktop\Procmon.exe - Shortcut.lnk
[2010/07/11 17:21:00 | 219,973,696 | ---- | M] () -- C:\Users\papilio\Documents\7.10.PML
[2010/07/11 17:21:00 | 014,589,663 | ---- | M] () -- C:\Users\papilio\Documents\7.10-1.PML
[2010/07/11 17:17:09 | 000,007,605 | ---- | M] () -- C:\Users\papilio\AppData\Local\Resmon.ResmonCfg
[2010/07/10 15:04:45 | 003,814,578 | ---- | M] () -- C:\Users\papilio\Desktop\hklu serv.reg
[2010/07/10 14:55:09 | 000,001,146 | ---- | M] () -- C:\Users\papilio\Desktop\hm.reg
[2010/07/10 09:30:55 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLbx.DAT
[2010/07/10 09:30:54 | 000,000,268 | RH-- | M] () -- C:\ProgramData\Basic Track
[2010/07/10 09:30:54 | 000,000,268 | RH-- | M] () -- C:\Users\papilio\AppData\Roaming\Automatic Filter
[2010/07/10 09:29:45 | 000,001,155 | ---- | M] () -- C:\Users\Public\Desktop\Capture NX 2.lnk
[2010/07/10 08:49:57 | 027,651,915 | ---- | M] () -- C:\Users\papilio\Desktop\Image10.tif
[2010/07/10 08:47:14 | 006,913,515 | ---- | M] () -- C:\Users\papilio\Desktop\Image9.tif
[2010/07/10 07:31:47 | 009,427,457 | ---- | M] () -- C:\Users\papilio\Desktop\!_Image7.tif
[2010/07/10 07:31:24 | 011,366,710 | ---- | M] () -- C:\Users\papilio\Desktop\Image3.pspimage
[2010/07/10 02:29:14 | 129,239,324 | ---- | M] () -- C:\Users\papilio\Desktop\Image4.pspimage
[2010/07/10 00:27:03 | 000,000,942 | ---- | M] () -- C:\Users\Public\Desktop\Focus Magic.lnk
[2010/07/09 23:35:03 | 003,394,102 | ---- | M] () -- C:\Users\papilio\Desktop\13.bmp
[2010/07/09 21:52:37 | 000,087,800 | ---- | M] () -- C:\Users\papilio\Desktop\point.htm
[2010/07/09 20:02:44 | 000,672,309 | ---- | M] () -- C:\Users\papilio\Desktop\preview-1-7144.jpg
[2010/07/09 19:41:57 | 000,002,671 | ---- | M] () -- C:\Users\Public\Desktop\Jasc Paint Shop Pro 9.lnk
[2010/07/08 15:54:34 | 000,000,218 | ---- | M] () -- C:\Users\papilio\.recently-used.xbel
[2010/07/08 14:05:43 | 000,000,066 | ---- | M] () -- C:\Users\papilio\Desktop\acl access
[2010/07/08 14:04:22 | 000,000,066 | ---- | M] () -- C:\Users\papilio\Desktop\acl2
[2010/07/08 12:09:19 | 000,000,066 | ---- | M] () -- C:\Users\papilio\Documents\enable acl
[2010/07/08 11:46:34 | 000,001,688 | ---- | M] () -- C:\Users\Public\Desktop\Wireshark.lnk
[2010/07/07 04:06:36 | 000,000,455 | ---- | M] () -- C:\Windows\win.ini
[2010/07/07 03:53:17 | 000,002,166 | ---- | M] () -- C:\Users\Public\Desktop\WindowBlinds.lnk
[2010/07/06 19:48:30 | 000,000,024 | ---- | M] () -- C:\Windows\pstudio.ini
[2010/07/06 19:48:30 | 000,000,011 | ---- | M] () -- C:\Windows\album.ini
[2010/07/06 19:48:07 | 000,000,008 | ---- | M] () -- C:\Windows\phbase.ini
[2010/07/06 12:01:07 | 000,000,572 | ---- | M] () -- C:\Windows\maxlink.ini
[2010/07/06 12:00:20 | 000,000,000 | ---- | M] () -- C:\Windows\OP70.INI
[2010/07/06 09:24:45 | 000,000,000 | ---- | M] () -- C:\ProgramData\Sounds
[2010/07/05 11:44:26 | 000,154,496 | ---- | M] (Gibson Research Corp.) -- C:\Users\papilio\Desktop\DNSBench.exe
[2010/07/05 11:41:34 | 000,000,714 | ---- | M] () -- C:\Users\papilio\Desktop\releaserenew.zip
[2010/07/05 11:26:50 | 000,451,584 | ---- | M] () -- C:\Users\papilio\Desktop\CKScanner.exe
[2010/07/05 02:34:48 | 000,000,570 | ---- | M] () -- C:\Users\papilio\Desktop\papilio.PspWorkspace - Shortcut.lnk
[2010/07/04 21:10:27 | 001,070,527 | ---- | M] (AKSoft) -- C:\Users\papilio\Desktop\dj889mu.exe
[2010/07/04 07:10:04 | 000,157,232 | ---- | M] (Alwil Software) -- C:\Users\papilio\Desktop\aswclear5.exe
[2010/07/04 06:19:39 | 000,001,669 | ---- | M] () -- C:\Users\papilio\Desktop\license.avastlic
[2010/07/03 01:56:57 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/06/28 15:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\Windows\avastSS.scr
[2010/06/28 15:57:12 | 000,165,032 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2010/06/28 15:39:55 | 000,099,280 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswFW.sys
[2010/06/28 15:39:38 | 000,312,912 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2010/06/28 15:38:56 | 000,188,168 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswNdis2.sys
[2010/06/28 15:37:52 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/06/28 15:37:30 | 000,165,456 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/06/28 15:33:13 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/06/28 15:32:56 | 000,050,256 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/06/28 15:32:33 | 000,017,744 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/06/27 23:56:39 | 000,001,024 | ---- | M] () -- C:\Users\papilio\Desktop\Active@ ISO Burner.lnk
[2010/06/27 21:26:34 | 000,000,209 | ---- | M] () -- C:\Users\papilio\Application Data\Microsoft\Internet Explorer\Quick Launch\FREE GAMES!.url
[2010/06/27 21:26:34 | 000,000,205 | ---- | M] () -- C:\Users\papilio\Application Data\Microsoft\Internet Explorer\Quick Launch\1000 Free Songs!.url
[2010/06/26 17:34:07 | 000,001,392 | ---- | M] () -- C:\Users\Public\Desktop\EASEUS Partition Master 5.8.1 Home Edition.lnk
[2010/06/26 14:55:19 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010/06/26 14:55:18 | 000,000,355 | RHS- | M] () -- C:\Boot.ini.saved
[2010/06/26 13:59:25 | 000,041,962 | ---- | M] () -- C:\Windows\System32\license.rtf
[2010/06/26 12:32:36 | 000,001,913 | ---- | M] () -- C:\Users\papilio\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/06/26 12:11:40 | 000,001,411 | ---- | M] () -- C:\Users\papilio\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/06/26 12:07:50 | 000,524,288 | -HS- | M] () -- C:\Users\papilio\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2010/06/26 12:07:50 | 000,524,288 | -HS- | M] () -- C:\Users\papilio\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010/06/26 12:07:50 | 000,065,536 | -HS- | M] () -- C:\Users\papilio\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010/06/26 12:05:20 | 000,000,020 | -HS- | M] () -- C:\Users\papilio\ntuser.ini
[2010/06/25 01:43:31 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/06/25 01:43:31 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/06/25 01:40:01 | 000,000,211 | -H-- | M] () -- C:\Boot.BAK
[2010/06/07 18:57:00 | 015,764,072 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2010/06/07 18:57:00 | 010,888,168 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2010/06/07 18:57:00 | 010,263,144 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2010/06/07 18:57:00 | 009,712,744 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll
[2010/06/07 18:57:00 | 004,967,528 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll
[2010/06/07 18:57:00 | 004,513,384 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2010/06/07 18:57:00 | 002,890,856 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvencodemft.dll
[2010/06/07 18:57:00 | 002,632,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2010/06/07 18:57:00 | 002,145,896 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2010/06/07 18:57:00 | 001,592,424 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvapi.dll
[2010/06/07 18:57:00 | 000,795,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dpinst.exe
[2010/06/07 18:57:00 | 000,332,392 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvdecodemft.dll
[2010/06/07 18:57:00 | 000,232,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcod1921.dll
[2010/06/07 18:57:00 | 000,232,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcod.dll
[2010/06/07 18:57:00 | 000,056,936 | ---- | M] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2010/06/07 18:57:00 | 000,010,920 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvBridge.kmd
[2010/06/07 18:57:00 | 000,009,633 | ---- | M] () -- C:\Windows\System32\nvinfo.pb
[2010/06/07 17:48:04 | 013,917,800 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.dll
[2010/06/07 17:48:04 | 001,331,816 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvsvc.dll
[2010/06/07 17:48:04 | 000,110,696 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvmctray.dll
[2010/06/07 17:48:04 | 000,066,664 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvshext.dll
[2010/06/07 15:59:46 | 000,057,904 | ---- | M] () -- C:\Windows\System32\wbload.dll
[2010/05/27 02:24:13 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010/05/26 22:49:37 | 000,293,888 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/20 20:52:44 | 000,020,359 | ---- | C] () -- C:\Users\papilio\Desktop\FileLister.zip
[2010/07/20 20:32:00 | 000,000,124 | ---- | C] () -- C:\Users\papilio\Desktop\Very talented malware! Not identified.URL
[2010/07/20 20:15:32 | 000,002,009 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2010/07/20 18:32:09 | 000,000,895 | ---- | C] () -- C:\Users\papilio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\winroll.exe - Shortcut.lnk
[2010/07/20 18:23:15 | 000,000,936 | ---- | C] () -- C:\Users\papilio\Desktop\License.zip
[2010/07/16 23:02:36 | 000,525,824 | ---- | C] () -- C:\Users\papilio\Desktop\dds.scr
[2010/07/15 12:49:42 | 000,000,175 | ---- | C] () -- C:\Users\papilio\Desktop\Hopeless__by_Lyon106.7z
[2010/07/15 10:27:13 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2010/07/15 09:30:47 | 001,059,885 | ---- | C] () -- C:\Users\papilio\Desktop\Aphotic_CAD_by_murasaki55.zip
[2010/07/15 09:18:44 | 004,749,591 | ---- | C] () -- C:\Users\papilio\Desktop\World_hold_on_by_art_styles.zip
[2010/07/15 09:17:12 | 003,298,846 | ---- | C] () -- C:\Users\papilio\Desktop\Revolution_in_Paradise_by_art_styles.zip
[2010/07/15 09:03:29 | 003,186,864 | ---- | C] () -- C:\Users\papilio\Desktop\Relaxet__Wallpapers_2_by_ipapun.zip
[2010/07/15 09:00:21 | 051,585,091 | ---- | C] () -- C:\Users\papilio\Desktop\Devine_Icons_Part_2_by_ipapun.zip
[2010/07/15 08:50:41 | 000,702,512 | ---- | C] () -- C:\Users\papilio\Desktop\Mini_Calendar_by_murasaki55.rar
[2010/07/15 08:43:59 | 000,000,026 | ---- | C] () -- C:\Users\papilio\Desktop\Hopeless__by_Lyon106.png
[2010/07/15 07:00:21 | 012,228,493 | ---- | C] () -- C:\Users\papilio\Desktop\APPOWS2010_by_neiio.7z
[2010/07/15 00:31:39 | 000,007,764 | ---- | C] () -- C:\Users\papilio\Documents\cc_20100715_003137.reg
[2010/07/15 00:07:46 | 000,465,298 | ---- | C] () -- C:\Users\papilio\Desktop\RootRepeal.rar
[2010/07/14 23:01:27 | 000,000,000 | ---- | C] () -- C:\Windows\System32\settings.dat
[2010/07/14 17:56:07 | 000,697,328 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2010/07/14 15:18:30 | 000,866,107 | ---- | C] () -- C:\Users\papilio\Desktop\Image3b.jpg
[2010/07/14 15:16:57 | 002,025,645 | ---- | C] () -- C:\Users\papilio\Desktop\Lightness5.pspimage
[2010/07/14 13:37:50 | 082,325,439 | ---- | C] () -- C:\Users\papilio\Desktop\Image7.pspimage
[2010/07/14 10:52:43 | 000,915,882 | ---- | C] () -- C:\Users\papilio\Desktop\Image3.jpg
[2010/07/13 10:25:51 | 017,250,800 | ---- | C] () -- C:\Users\papilio\Documents\XWD_Create_his_skin_tutorial_by_RajTheeban95.pdf
[2010/07/13 03:24:13 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/12 21:28:49 | 000,284,915 | ---- | C] () -- C:\Users\papilio\Desktop\gmer.zip
[2010/07/12 18:42:32 | 002,396,509 | ---- | C] () -- C:\Users\papilio\Desktop\MGtools.exe
[2010/07/12 18:41:35 | 003,737,917 | ---- | C] () -- C:\Users\papilio\Desktop\ComboFix.exe
[2010/07/12 18:36:58 | 000,000,000 | ---- | C] () -- C:\Users\papilio\defogger_reenable
[2010/07/12 18:36:39 | 000,050,477 | ---- | C] () -- C:\Users\papilio\Desktop\Defogger.exe
[2010/07/12 18:27:46 | 000,000,969 | ---- | C] () -- C:\Users\papilio\Desktop\CCleaner.lnk
[2010/07/11 22:49:14 | 000,000,199 | ---- | C] () -- C:\Users\papilio\Desktop\Event log error 4201 - ERROR_WMI_INSTANCE_NOT_FOUND.url
[2010/07/11 22:09:25 | 000,000,937 | ---- | C] () -- C:\Users\papilio\Desktop\RocketDock.lnk
[2010/07/11 20:32:08 | 000,001,357 | ---- | C] () -- C:\Users\papilio\Desktop\autoruns.exe - Shortcut.lnk
[2010/07/11 20:01:21 | 000,000,164 | ---- | C] () -- C:\Users\papilio\Desktop\taskeng.exe and Dwm.exe.url
[2010/07/11 17:35:36 | 000,001,344 | ---- | C] () -- C:\Users\papilio\Desktop\Procmon.exe - Shortcut.lnk
[2010/07/11 17:20:25 | 014,589,663 | ---- | C] () -- C:\Users\papilio\Documents\7.10-1.PML
[2010/07/11 17:19:47 | 219,973,696 | ---- | C] () -- C:\Users\papilio\Documents\7.10.PML
[2010/07/11 17:17:09 | 000,007,605 | ---- | C] () -- C:\Users\papilio\AppData\Local\Resmon.ResmonCfg
[2010/07/10 15:04:45 | 003,814,578 | ---- | C] () -- C:\Users\papilio\Desktop\hklu serv.reg
[2010/07/10 14:55:09 | 000,001,146 | ---- | C] () -- C:\Users\papilio\Desktop\hm.reg
[2010/07/10 09:30:54 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Basic Track
[2010/07/10 09:29:45 | 000,001,155 | ---- | C] () -- C:\Users\Public\Desktop\Capture NX 2.lnk
[2010/07/10 08:47:31 | 027,651,915 | ---- | C] () -- C:\Users\papilio\Desktop\Image10.tif
[2010/07/10 08:47:14 | 006,913,515 | ---- | C] () -- C:\Users\papilio\Desktop\Image9.tif
[2010/07/10 07:28:27 | 009,427,457 | ---- | C] () -- C:\Users\papilio\Desktop\!_Image7.tif
[2010/07/10 02:28:41 | 129,239,324 | ---- | C] () -- C:\Users\papilio\Desktop\Image4.pspimage
[2010/07/10 00:31:02 | 011,366,710 | ---- | C] () -- C:\Users\papilio\Desktop\Image3.pspimage
[2010/07/09 23:35:03 | 003,394,102 | ---- | C] () -- C:\Users\papilio\Desktop\13.bmp
[2010/07/09 23:21:34 | 009,458,400 | ---- | C] () -- C:\Users\papilio\Desktop\13017.tif
[2010/07/09 21:52:36 | 000,087,800 | ---- | C] () -- C:\Users\papilio\Desktop\point.htm
[2010/07/09 20:02:44 | 000,672,309 | ---- | C] () -- C:\Users\papilio\Desktop\preview-1-7144.jpg
[2010/07/09 19:42:15 | 000,002,671 | ---- | C] () -- C:\Users\Public\Desktop\Jasc Paint Shop Pro 9.lnk
[2010/07/08 15:54:34 | 000,000,218 | ---- | C] () -- C:\Users\papilio\.recently-used.xbel
[2010/07/08 14:04:22 | 000,000,066 | ---- | C] () -- C:\Users\papilio\Desktop\acl2
[2010/07/08 12:10:23 | 000,000,066 | ---- | C] () -- C:\Users\papilio\Desktop\acl access
[2010/07/08 12:09:19 | 000,000,066 | ---- | C] () -- C:\Users\papilio\Documents\enable acl
[2010/07/08 11:46:34 | 000,001,688 | ---- | C] () -- C:\Users\Public\Desktop\Wireshark.lnk
[2010/07/07 03:53:17 | 000,002,166 | ---- | C] () -- C:\Users\Public\Desktop\WindowBlinds.lnk
[2010/07/07 03:52:26 | 000,057,904 | ---- | C] () -- C:\Windows\System32\wbload.dll
[2010/07/06 20:17:20 | 000,086,016 | ---- | C] () -- C:\Windows\OPDIRDEL.exe
[2010/07/06 12:01:07 | 000,000,572 | ---- | C] () -- C:\Windows\maxlink.ini
[2010/07/06 12:00:20 | 000,000,000 | ---- | C] () -- C:\Windows\OP70.INI
[2010/07/06 11:59:17 | 000,000,008 | ---- | C] () -- C:\Windows\phbase.ini
[2010/07/06 11:58:10 | 000,000,024 | ---- | C] () -- C:\Windows\pstudio.ini
[2010/07/06 11:58:10 | 000,000,011 | ---- | C] () -- C:\Windows\album.ini
[2010/07/06 09:24:45 | 000,000,000 | ---- | C] () -- C:\ProgramData\Sounds
[2010/07/05 11:41:34 | 000,000,714 | ---- | C] () -- C:\Users\papilio\Desktop\releaserenew.zip
[2010/07/05 11:26:50 | 000,451,584 | ---- | C] () -- C:\Users\papilio\Desktop\CKScanner.exe
[2010/07/05 02:34:48 | 000,000,570 | ---- | C] () -- C:\Users\papilio\Desktop\papilio.PspWorkspace - Shortcut.lnk
[2010/07/04 06:19:39 | 000,001,669 | ---- | C] () -- C:\Users\papilio\Desktop\license.avastlic
[2010/07/03 14:26:55 | 000,009,633 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
[2010/07/03 01:56:57 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/06/28 00:06:11 | 000,001,024 | ---- | C] () -- C:\Users\papilio\Desktop\Active@ ISO Burner.lnk
[2010/06/27 21:26:34 | 000,000,209 | ---- | C] () -- C:\Users\papilio\Application Data\Microsoft\Internet Explorer\Quick Launch\FREE GAMES!.url
[2010/06/27 21:26:34 | 000,000,205 | ---- | C] () -- C:\Users\papilio\Application Data\Microsoft\Internet Explorer\Quick Launch\1000 Free Songs!.url
[2010/06/26 17:34:07 | 000,001,392 | ---- | C] () -- C:\Users\Public\Desktop\EASEUS Partition Master 5.8.1 Home Edition.lnk
[2010/06/26 17:34:06 | 001,718,912 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2010/06/26 17:34:06 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2010/06/26 17:34:06 | 000,014,848 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2010/06/26 17:34:06 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2010/06/26 17:34:06 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2010/06/26 14:55:18 | 000,000,211 | -H-- | C] () -- C:\Boot.BAK
[2010/06/26 14:49:32 | 000,396,416 | ---- | C] () -- C:\Users\papilio\Desktop\papilio.PspWorkspace
[2010/06/26 14:44:41 | 000,000,942 | ---- | C] () -- C:\Users\Public\Desktop\Focus Magic.lnk
[2010/06/26 14:44:41 | 000,000,167 | ---- | C] () -- C:\Users\papilio\AppData\Roaming\PLGComp.ini
[2010/06/26 14:17:01 | 000,000,330 | ---- | C] () -- C:\Windows\tasks\Anti_Malware_Pro.job
[2010/06/26 13:56:11 | 2414,284,800 | -HS- | C] () -- C:\hiberfil.sys
[2010/06/26 13:43:39 | 000,000,268 | RH-- | C] () -- C:\Users\papilio\AppData\Roaming\Automatic Filter
[2010/06/26 13:39:54 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbx.DAT
[2010/06/26 12:32:36 | 000,001,913 | ---- | C] () -- C:\Users\papilio\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/06/26 12:11:39 | 000,001,411 | ---- | C] () -- C:\Users\papilio\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/06/26 12:05:20 | 001,835,008 | -HS- | C] () -- C:\Users\papilio\NTUSER.DAT
[2010/06/26 12:05:20 | 000,524,288 | -HS- | C] () -- C:\Users\papilio\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2010/06/26 12:05:20 | 000,524,288 | -HS- | C] () -- C:\Users\papilio\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010/06/26 12:05:20 | 000,262,144 | -HS- | C] () -- C:\Users\papilio\ntuser.dat.LOG1
[2010/06/26 12:05:20 | 000,065,536 | -HS- | C] () -- C:\Users\papilio\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010/06/26 12:05:20 | 000,000,290 | ---- | C] () -- C:\Users\papilio\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2010/06/26 12:05:20 | 000,000,272 | ---- | C] () -- C:\Users\papilio\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/06/26 12:05:20 | 000,000,020 | -HS- | C] () -- C:\Users\papilio\ntuser.ini
[2010/06/26 12:05:20 | 000,000,000 | -HS- | C] () -- C:\Users\papilio\ntuser.dat.LOG2
[2010/06/26 11:49:05 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK
[2010/06/26 11:49:01 | 000,383,562 | RHS- | C] () -- C:\bootmgr
[2010/06/25 01:43:31 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010/06/25 01:43:31 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2009/10/20 13:19:30 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/13 01:07:46 | 000,025,448 | ---- | C] () -- C:\Windows\System32\drivers\uxpatch.sys

========== LOP Check ==========

[2010/06/26 14:26:42 | 000,000,000 | ---D | M] -- C:\Users\papilio\AppData\Roaming\AVP 2009
[2010/07/08 14:05:43 | 000,000,000 | ---D | M] -- C:\Users\papilio\AppData\Roaming\gtk-2.0
[2010/06/26 13:44:15 | 000,000,000 | ---D | M] -- C:\Users\papilio\AppData\Roaming\Nikon
[2010/07/05 21:11:27 | 000,000,000 | ---D | M] -- C:\Users\papilio\AppData\Roaming\Registry Mechanic
[2010/07/08 15:54:34 | 000,000,000 | ---D | M] -- C:\Users\papilio\AppData\Roaming\Wireshark
[2010/07/20 20:58:41 | 000,000,330 | ---- | M] () -- C:\Windows\Tasks\Anti_Malware_Pro.job
[2009/07/13 23:53:46 | 000,024,820 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 162 bytes -> C:\ProgramData\TEMP:D1B5B4F1
< End of report >




OTL Extras logfile created on: 7/16/2010 9:54:51 PM - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Users\papilio\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 72.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): f:\pagefile.sys 4000 4000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 48.83 Gb Total Space | 14.86 Gb Free Space | 30.42% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 416.93 Gb Total Space | 307.74 Gb Free Space | 73.81% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VERSICOLOR
Current User Name: papilio
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-881942326-2776305613-4268095126-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E363055-15E5-4D8A-9C69-A0A9DE9A3337}" = UxStyle Core Beta
"{A89768CF-CD21-44FD-A723-16D5A8557415}" = NEF Codec
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{B4F3A360-E1E2-479D-ADE7-9BE3B07F4539}" = NVIDIA PhysX
"{C1080852-065E-4991-9260-F3756E3CC182}" = CursorFX
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{F843C6A3-224D-4615-94F8-3C461BD9AEA0}" = Jasc Paint Shop Pro 9
"{FCD9CD52-7222-4672-94A0-A722BA702FD0}" = Dell Resource CD
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast5" = avast! Internet Security
"Capture NX 2" = Capture NX 2
"CCleaner" = CCleaner
"CursorFX" = CursorFX
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 5.8.1 Home Edition
"Focus Magic_is1" = Focus Magic 3.02
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"RocketDock_is1" = RocketDock 1.3.5
"ShortKeys Lite" = ShortKeys Lite
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.4
"VLC media player" = VLC media player 1.1.0
"WindowBlinds" = WindowBlinds
"WinPcapInst" = WinPcap 4.1.1
"Wireshark" = Wireshark 1.2.9

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >


#8 papilio01

papilio01
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 20 July 2010 - 10:37 PM

Probably trivial, but thought I should perhaps mention, in case what I just wrote caused any confusion on this point, I *have* been online over the past couple of days using my live ubuntu CD, also had downloaded File Lister that way and ran it back on the Win 7 OS from the desktop, but as it appears to run under Internet Explorer, I'd been thinking (hoping) that the lack of an output was because IE couldn't go online.

#9 papilio01

papilio01
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 20 July 2010 - 11:24 PM

Hi mOle, found Files.txt ! thumbup2.gif I'd been deleting the empty Files.txt from C:\ after each run, but just found this in \system32, from its first run this evening. Still wonder why it didn't come up the first time -- and why the one in \system 32 wasn't over-written on subsequent runs ... ?



+++++++++++++++++++++++++++
+ File Lister Version 1.1.4 +
+ +
+ By bamajim / SpywareHammer.com +
+++++++++++++++++++++++++++

Report ran on --->>> 7/20/2010 9:13:26 PM

====== Running Processes ======

C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\UnsignedThemesSvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\Alwil Software\Avast5\afwServ.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\dllhost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\msdtc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\UI0Detect.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Stardock\CursorFX\CursorFX.exe
C:\Program Files\WinRoll\winroll.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\svchost.exe
C:\Windows\notepad.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\WScript.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe

====== BHO's ======
BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: (NO NAME) - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: (NO NAME) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: (NO NAME) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

====== System Keys (some whitelisted items will not be shown)======

Winlogon\Userinit = C:\Windows\system32\userinit.exe,
Winlogon\Shell = explorer.exe
AppInit_DLLs = wbsys.dll

====== HKLM\~\Run Keys ======

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

[SunJavaUpdateSched] = "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
[Adobe Reader Speed Launcher] = "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
[Adobe ARM] = "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
[avast5] = "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

====== HKCU\~\Run Keys ======

[CursorFX] = "C:\Program Files\Stardock\CursorFX\CursorFX.exe"
[msnmsgr] = "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

====== DNS Info (List may be empty) ======


ICSDomain = mshome.net
SyncDomainWithMembership = 1
NV Hostname = versicolor
DataBasePath = %SystemRoot%\System32\drivers\etc
ForwardBroadcasts = 0
IPEnableRouter = 0
Hostname = versicolor
UseDomainNameDevolution = 1
EnableICMPRedirect = 1
DeadGWDetectDefault = 1
DontAddDefaultGatewayDefault = 0
EnableWsd = 1
QualifyingDestinationThreshold = 3
OverrideDefaultAddressSelection = 1
DhcpNameServer = 192.168.2.1
DhcpDomain = Mr.klugi

====== Folders and Files from "%\" and "%\Windows" Created Last 60 Days ======

7/9/2010 12:57:49 AM 0 C:\.Trash-1000
7/9/2010 12:57:49 AM 0 C:\.Trash-1000\files
7/9/2010 12:57:49 AM 0 C:\.Trash-1000\info
6/26/2010 11:49:01 AM 14839796 C:\Boot
6/26/2010 11:49:01 AM 89168 C:\Boot\cs-CZ
6/26/2010 11:49:01 AM 87616 C:\Boot\da-DK
6/26/2010 11:49:01 AM 91712 C:\Boot\de-DE
6/26/2010 11:49:01 AM 94800 C:\Boot\el-GR
6/26/2010 11:49:01 AM 128656 C:\Boot\en-US
6/26/2010 11:49:01 AM 90192 C:\Boot\es-ES
6/26/2010 11:49:01 AM 89152 C:\Boot\fi-FI
6/26/2010 11:49:01 AM 11973892 C:\Boot\Fonts
6/26/2010 11:49:01 AM 93248 C:\Boot\fr-FR
6/26/2010 11:49:01 AM 90688 C:\Boot\hu-HU
6/26/2010 11:49:01 AM 90704 C:\Boot\it-IT
6/26/2010 11:49:01 AM 76352 C:\Boot\ja-JP
6/26/2010 11:49:01 AM 75344 C:\Boot\ko-KR
6/26/2010 11:49:01 AM 88144 C:\Boot\nb-NO
6/26/2010 11:49:01 AM 90704 C:\Boot\nl-NL
6/26/2010 11:49:01 AM 90704 C:\Boot\pl-PL
6/26/2010 11:49:01 AM 90176 C:\Boot\pt-BR
6/26/2010 11:49:01 AM 89664 C:\Boot\pt-PT
6/26/2010 11:49:01 AM 90192 C:\Boot\ru-RU
6/26/2010 11:49:01 AM 87616 C:\Boot\sv-SE
6/26/2010 11:49:01 AM 87104 C:\Boot\tr-TR
6/26/2010 11:49:01 AM 70720 C:\Boot\zh-CN
6/26/2010 11:49:01 AM 70224 C:\Boot\zh-HK
6/26/2010 11:49:01 AM 70208 C:\Boot\zh-TW
6/25/2010 2:07:07 AM 0 C:\Config.Msi
6/25/2010 1:43:46 AM 125776476 C:\DELL
6/25/2010 1:52:40 AM 125533756 C:\DELL\drivers
6/25/2010 1:59:33 AM 3652994 C:\DELL\drivers\R121089
6/25/2010 1:53:11 AM 11174240 C:\DELL\drivers\R124105
6/25/2010 1:53:12 AM 2575152 C:\DELL\drivers\R124105\HDAQFE
6/25/2010 1:53:12 AM 1851480 C:\DELL\drivers\R124105\HDAQFE\win2k3
6/25/2010 1:53:12 AM 927020 C:\DELL\drivers\R124105\HDAQFE\win2k3\jpn
6/25/2010 1:53:12 AM 924460 C:\DELL\drivers\R124105\HDAQFE\win2k3\us
6/25/2010 1:53:13 AM 723672 C:\DELL\drivers\R124105\HDAQFE\win2k_xp
6/25/2010 1:53:13 AM 723672 C:\DELL\drivers\R124105\HDAQFE\win2k_xp\us
6/25/2010 1:53:13 AM 5014097 C:\DELL\drivers\R124105\WDM
6/25/2010 1:57:04 AM 335018 C:\DELL\drivers\R130118
7/3/2010 4:46:34 PM 13028256 C:\DELL\drivers\R130298
6/25/2010 1:52:40 AM 24805969 C:\DELL\drivers\R130391
6/25/2010 1:57:29 AM 16781883 C:\DELL\drivers\R135114
6/25/2010 1:59:05 AM 4045527 C:\DELL\drivers\R135588
6/25/2010 1:59:05 AM 340777 C:\DELL\drivers\R135588\DOS
6/25/2010 1:59:05 AM 239884 C:\DELL\drivers\R135588\DOS\Diags
6/25/2010 1:59:05 AM 56956 C:\DELL\drivers\R135588\DOS\NDIS2
6/25/2010 1:59:05 AM 43937 C:\DELL\drivers\R135588\DOS\ODI
6/25/2010 1:59:05 AM 7328 C:\DELL\drivers\R135588\Unattend
6/25/2010 1:59:05 AM 7328 C:\DELL\drivers\R135588\Unattend\WINXP
6/25/2010 1:59:05 AM 1942123 C:\DELL\drivers\R135588\WinXP
6/25/2010 1:58:25 AM 13028787 C:\DELL\drivers\R135591
7/3/2010 4:50:39 PM 4763798 C:\DELL\drivers\R149166
7/3/2010 4:52:37 PM 6242498 C:\DELL\drivers\R150579
7/3/2010 4:50:11 PM 21756464 C:\DELL\drivers\R158600
7/3/2010 4:49:57 PM 404738 C:\DELL\drivers\R158601
7/3/2010 4:49:36 PM 5513584 C:\DELL\drivers\R171870
7/3/2010 4:49:36 PM 428141 C:\DELL\drivers\R171870\DOS
7/3/2010 4:49:36 PM 324496 C:\DELL\drivers\R171870\DOS\Diags
7/3/2010 4:49:36 PM 58284 C:\DELL\drivers\R171870\DOS\NDIS2
7/3/2010 4:49:36 PM 45361 C:\DELL\drivers\R171870\DOS\ODI
7/3/2010 4:49:36 PM 7328 C:\DELL\drivers\R171870\unattend
7/3/2010 4:49:36 PM 7328 C:\DELL\drivers\R171870\unattend\WINXP
7/3/2010 4:49:36 PM 1984930 C:\DELL\drivers\R171870\winxp
7/7/2010 8:28:52 PM 4096 C:\found.000
7/7/2010 8:28:52 PM 4096 C:\found.000\dir0000.chk
7/5/2010 1:20:44 AM 715924 C:\Intel
7/5/2010 1:20:44 AM 715924 C:\Intel\Logs
6/26/2010 6:19:50 PM 1338 C:\KB
7/5/2010 10:13:00 AM 1196443 C:\MGADiagToolOutput
7/9/2010 7:16:56 PM 0 C:\New folder
7/15/2010 6:56:46 PM 0 C:\New folder (2)
7/5/2010 9:19:06 PM 110638248 C:\NVIDIA
7/5/2010 9:19:06 PM 110638248 C:\NVIDIA\DisplayDriver
7/5/2010 9:19:06 PM 110638248 C:\NVIDIA\DisplayDriver\257.21
7/5/2010 9:19:06 PM 110638248 C:\NVIDIA\DisplayDriver\257.21\WinVista_Win7
7/5/2010 9:19:06 PM 110638248 C:\NVIDIA\DisplayDriver\257.21\WinVista_Win7\English
6/26/2010 12:05:08 PM 148009089 C:\Recovery
6/26/2010 12:05:08 PM 148009089 C:\Recovery\be6dadbe-815c-11df-94b4-b94652c79297
6/26/2010 12:57:21 AM 72167382 C:\TEMP
7/6/2010 9:47:48 AM 11660736 C:\TEMP\SGCSU622
7/6/2010 9:47:48 AM 11612139 C:\TEMP\SGCSU622\N124USG
7/6/2010 9:47:48 AM 507051 C:\TEMP\SGCSU622\N124USG\images
6/27/2010 3:52:34 AM 0 C:\TEMP\_asw_aisI.tm~a00664
6/26/2010 11:34:26 AM 60418876 C:\TEMP\_av_sfx.tm~a00456
6/26/2010 2:50:44 PM 3665140358 C:\Windows.old
6/26/2010 12:51:54 PM 0 C:\_SPC1
6/26/2010 2:55:18 PM 211 2 C:\Boot.BAK
6/26/2010 11:49:01 AM 383562 39 C:\bootmgr
6/26/2010 11:49:05 AM 8192 39 C:\BOOTSECT.BAK
7/20/2010 9:08:46 PM 0 32 C:\Files.txt
6/26/2010 1:56:11 PM 2414284800 38 C:\hiberfil.sys
6/25/2010 1:43:31 AM 0 39 C:\IO.SYS
6/25/2010 1:43:31 AM 0 39 C:\MSDOS.SYS
6/26/2010 12:24:31 PM 298823792 C:\Windows\Installer
6/27/2010 9:40:12 AM 90255778 C:\Windows\Installer\$PatchCache$
6/27/2010 9:40:12 AM 90255778 C:\Windows\Installer\$PatchCache$\Managed
7/20/2010 6:35:32 PM 1664075 C:\Windows\Installer\$PatchCache$\Managed\000021599B0090400000000000F01FEC
7/20/2010 6:35:32 PM 1664075 C:\Windows\Installer\$PatchCache$\Managed\000021599B0090400000000000F01FEC\12.0.6012
7/4/2010 11:36:11 PM 950336 C:\Windows\Installer\$PatchCache$\Managed\25DC9DCF22272764490A7A22AB07F20D
7/4/2010 11:36:11 PM 950336 C:\Windows\Installer\$PatchCache$\Managed\25DC9DCF22272764490A7A22AB07F20D\1.0.0
6/28/2010 10:34:54 AM 85455308 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010
6/28/2010 10:34:54 AM 85455301 C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0
7/10/2010 9:26:54 AM 899907 C:\Windows\Installer\$PatchCache$\Managed\b25099274a207264182f8181add555d0
7/10/2010 9:26:54 AM 899907 C:\Windows\Installer\$PatchCache$\Managed\b25099274a207264182f8181add555d0\8.0.56336
7/5/2010 10:25:23 PM 0 C:\Windows\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100
7/5/2010 10:25:23 PM 0 C:\Windows\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0
6/27/2010 9:40:12 AM 1286152 C:\Windows\Installer\$PatchCache$\Managed\DDA39468D428E8B4DB27C8D5DC5CA217
6/27/2010 9:40:12 AM 1286152 C:\Windows\Installer\$PatchCache$\Managed\DDA39468D428E8B4DB27C8D5DC5CA217\4.20.9870
7/20/2010 6:36:06 PM 73092 C:\Windows\Installer\{205C6BDD-7B73-42DE-8505-9A093F35A238}
7/12/2010 6:09:58 PM 4993536 C:\Windows\Installer\{26A24AE4-039D-4CA4-87B4-2F83216020FF}
7/20/2010 6:36:11 PM 29926 C:\Windows\Installer\{45338B07-A236-4270-9A77-EBB4115517B5}
7/20/2010 6:37:09 PM 58945 C:\Windows\Installer\{6412CECE-8172-4BE5-935B-6CECACD2CA87}
6/27/2010 9:40:12 AM 32768 C:\Windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
7/5/2010 10:25:27 PM 59958 C:\Windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
7/3/2010 1:51:34 PM 46392 C:\Windows\Installer\{97BBECCF-B1FD-4010-8D4B-EFC9E3CCEECF}
6/27/2010 4:59:14 AM 2069242 C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-A93000000001}
7/3/2010 2:27:30 PM 50428 C:\Windows\Installer\{B4F3A360-E1E2-479D-ADE7-9BE3B07F4539}
7/20/2010 6:36:42 PM 80395 C:\Windows\Installer\{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}
7/5/2010 9:20:24 PM 10134 C:\Windows\Installer\{DA97BDF9-BC72-46FD-8E76-427F2BB951EE}
7/4/2010 9:33:09 PM 46392 C:\Windows\Installer\{DAC27085-280B-46C0-A145-D4C7DB8AC785}
7/20/2010 6:35:58 PM 61272 C:\Windows\Installer\{E6158D07-2637-4ECF-B576-37C489669174}
6/27/2010 9:39:56 AM 32768 C:\Windows\Installer\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
7/9/2010 7:41:57 PM 50428 C:\Windows\Installer\{F843C6A3-224D-4615-94F8-3C461BD9AEA0}
7/4/2010 11:36:11 PM 48640 C:\Windows\Installer\{FCD9CD52-7222-4672-94A0-A722BA702FD0}
7/2/2010 12:31:21 PM 160616 C:\Windows\Minidump
6/26/2010 2:55:31 PM 1601458 C:\Windows\Panther
6/26/2010 2:55:31 PM 0 C:\Windows\Panther\setup.exe
6/26/2010 1:56:33 PM 21612 C:\Windows\Panther\UnattendGC
7/20/2010 6:35:31 PM 0 C:\Windows\PCHEALTH
7/20/2010 6:35:31 PM 0 C:\Windows\PCHEALTH\ERRORREP
7/20/2010 6:35:31 PM 0 C:\Windows\PCHEALTH\ERRORREP\QHEADLES
7/20/2010 6:35:31 PM 0 C:\Windows\PCHEALTH\ERRORREP\QSIGNOFF
6/26/2010 1:56:50 PM 21265630 C:\Windows\Prefetch
6/26/2010 1:56:50 PM 6971409 C:\Windows\Prefetch\ReadyBoot
7/17/2010 8:44:04 AM 573 C:\Windows\pss
6/26/2010 12:05:05 PM 100822147 C:\Windows\SoftwareDistribution
6/26/2010 12:05:05 PM 34112 C:\Windows\SoftwareDistribution\AuthCabs
6/30/2010 3:41:53 PM 27390 C:\Windows\SoftwareDistribution\AuthCabs\7971f918-a847-4430-9279-4a52d1efe18d
6/30/2010 3:41:52 PM 0 C:\Windows\SoftwareDistribution\AuthCabs\Downloaded
6/26/2010 12:05:05 PM 79241216 C:\Windows\SoftwareDistribution\DataStore
6/26/2010 12:05:05 PM 28844032 C:\Windows\SoftwareDistribution\DataStore\Logs
6/26/2010 12:05:05 PM 21304085 C:\Windows\SoftwareDistribution\Download
7/12/2010 1:49:40 PM 210173 C:\Windows\SoftwareDistribution\Download\8d46e6dac9145ebcc1a1ae4eed2471a2
7/12/2010 1:49:40 PM 12 C:\Windows\SoftwareDistribution\Download\8d46e6dac9145ebcc1a1ae4eed2471a2\cbshandler
7/12/2010 1:49:40 PM 0 C:\Windows\SoftwareDistribution\Download\8d46e6dac9145ebcc1a1ae4eed2471a2\x86_microsoft-windows-a..ence-infrastructure_31bf3856ad364e35_6.1.7600.16481_none_d4e35a9fae1103ff
7/12/2010 1:49:40 PM 0 C:\Windows\SoftwareDistribution\Download\8d46e6dac9145ebcc1a1ae4eed2471a2\x86_microsoft-windows-a..ence-infrastructure_31bf3856ad364e35_6.1.7600.20591_none_d562277ec736bfba
7/12/2010 1:49:40 PM 0 C:\Windows\SoftwareDistribution\Download\8d46e6dac9145ebcc1a1ae4eed2471a2\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16481_none_93903c22b7a2b5ea
7/12/2010 1:49:40 PM 0 C:\Windows\SoftwareDistribution\Download\8d46e6dac9145ebcc1a1ae4eed2471a2\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.20591_none_940f0901d0c871a5
7/12/2010 1:49:40 PM 0 C:\Windows\SoftwareDistribution\Download\8d46e6dac9145ebcc1a1ae4eed2471a2\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16481_none_6c02b882157a3fa4
7/12/2010 1:49:40 PM 0 C:\Windows\SoftwareDistribution\Download\8d46e6dac9145ebcc1a1ae4eed2471a2\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20591_none_6c8185612e9ffb5f
6/26/2010 12:07:24 PM 0 C:\Windows\SoftwareDistribution\PostRebootEventCache
7/5/2010 2:52:01 PM 0 C:\Windows\SoftwareDistribution\ScanFile
6/26/2010 12:05:06 PM 7796 C:\Windows\SoftwareDistribution\SelfUpdate
6/26/2010 12:05:06 PM 0 C:\Windows\SoftwareDistribution\SelfUpdate\Handler
6/26/2010 12:05:08 PM 25222 C:\Windows\SoftwareDistribution\WuRedir
6/30/2010 11:24:11 PM 12506 C:\Windows\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D
6/26/2010 12:05:08 PM 12716 C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77
7/6/2010 11:58:10 AM 11 32 C:\Windows\album.ini
7/20/2010 8:39:34 PM 38848 32 C:\Windows\avastSS.scr
6/27/2010 3:16:22 AM 2614272 32 C:\Windows\explorer.exe
7/6/2010 11:57:47 AM 306688 32 C:\Windows\IsUninst.exe
7/6/2010 12:01:07 PM 572 32 C:\Windows\maxlink.ini
7/15/2010 12:37:43 AM 170912 32 C:\Windows\ntbtlog.txt
7/6/2010 12:00:20 PM 0 32 C:\Windows\OP70.INI
7/6/2010 8:17:20 PM 86016 32 C:\Windows\OPDIRDEL.exe
7/6/2010 11:58:10 AM 212480 32 C:\Windows\PCDLIB32.DLL
7/20/2010 7:58:58 PM 1246 32 C:\Windows\PFRO.log
7/6/2010 11:59:17 AM 8 32 C:\Windows\phbase.ini
7/6/2010 11:58:10 AM 24 32 C:\Windows\pstudio.ini
7/15/2010 5:31:17 AM 728 32 C:\Windows\setupact.log
7/15/2010 5:31:17 AM 0 32 C:\Windows\setuperr.log
7/6/2010 11:59:44 AM 299520 32 C:\Windows\uninst.exe
7/15/2010 3:09:10 AM 179414 32 C:\Windows\WindowsUpdate.log
7/5/2010 2:52:21 PM 296960 32 C:\Windows\winhlp32.exe
7/15/2010 10:27:13 AM 193 32 C:\Windows\WORDPAD.INI
6/26/2010 12:13:39 PM 12104734 C:\Windows\System32\Macromed
6/26/2010 12:13:39 PM 12104734 C:\Windows\System32\Macromed\Flash
7/4/2010 11:36:10 PM 59466 C:\Windows\System32\vmm32
6/27/2010 3:50:12 AM 1836192 C:\Windows\System32\Wat
7/15/2010 2:56:34 AM 6144 0 C:\Windows\System32\7D2D.tmp
7/12/2010 1:49:39 PM 292864 32 C:\Windows\System32\apphelp.dll
7/20/2010 8:15:02 PM 165032 32 C:\Windows\System32\aswBoot.exe
6/27/2010 3:16:48 AM 67584 32 C:\Windows\System32\asycfilt.dll
6/27/2010 3:14:54 AM 293888 32 C:\Windows\System32\atmfd.dll
6/27/2010 3:14:54 AM 34304 32 C:\Windows\System32\atmlib.dll
6/27/2010 3:16:32 AM 91648 32 C:\Windows\System32\avifil32.dll
6/26/2010 5:34:06 PM 1718912 32 C:\Windows\System32\BootMan.exe
6/26/2010 12:06:07 PM 132608 32 C:\Windows\System32\cabview.dll
6/27/2010 3:16:11 AM 1320960 32 C:\Windows\System32\CertEnroll.dll
7/2/2010 12:24:26 PM 36864 32 C:\Windows\System32\CNQU70.DLL
6/27/2010 3:16:47 AM 641536 32 C:\Windows\System32\CPFilters.dll
7/5/2010 1:20:56 AM 53248 32 C:\Windows\System32\CSVer.dll
7/16/2010 11:01:46 PM 450 32 C:\Windows\System32\defogger_disable.log
7/12/2010 6:10:04 PM 411368 32 C:\Windows\System32\deployJava1.dll
6/27/2010 3:39:46 AM 1130824 32 C:\Windows\System32\dfshim.dll
7/3/2010 2:26:55 PM 795104 32 C:\Windows\System32\dpinst.exe
6/26/2010 5:34:06 PM 14216 32 C:\Windows\System32\epmntdrv.sys
6/26/2010 5:34:06 PM 14848 32 C:\Windows\System32\EuEpmGdi.dll
6/26/2010 5:34:06 PM 8456 32 C:\Windows\System32\EuGdiDrv.sys
7/15/2010 2:57:05 AM 6144 0 C:\Windows\System32\F9EB.tmp
7/20/2010 9:07:15 PM 18676 32 C:\Windows\System32\Files.txt
6/26/2010 2:44:41 PM 8876032 32 C:\Windows\System32\FocusMag.dll
6/27/2010 3:14:54 AM 70656 32 C:\Windows\System32\fontsub.dll
7/5/2010 2:52:21 PM 9216 32 C:\Windows\System32\ftlx0411.dll
7/5/2010 2:52:21 PM 10240 32 C:\Windows\System32\ftlx041e.dll
7/5/2010 2:52:21 PM 195072 32 C:\Windows\System32\ftsrch.dll
7/20/2010 9:08:30 PM 37326 32 C:\Windows\System32\Hidden.txt
6/27/2010 3:16:33 AM 381440 32 C:\Windows\System32\iedkcs32.dll
6/27/2010 3:16:34 AM 10984448 32 C:\Windows\System32\ieframe.dll
6/27/2010 3:16:15 AM 740864 32 C:\Windows\System32\inetcomm.dll
6/27/2010 3:16:32 AM 50176 32 C:\Windows\System32\iyuv_32.dll
7/12/2010 6:10:04 PM 145184 32 C:\Windows\System32\java.exe
7/12/2010 6:10:04 PM 145184 32 C:\Windows\System32\javaw.exe
7/12/2010 6:10:04 PM 153376 32 C:\Windows\System32\javaws.exe
6/27/2010 3:16:36 AM 716800 32 C:\Windows\System32\jscript.dll
6/27/2010 3:16:33 AM 48128 32 C:\Windows\System32\jsproxy.dll
7/12/2010 1:49:39 PM 857088 32 C:\Windows\System32\kernel32.dll
6/27/2010 3:16:19 AM 1037312 32 C:\Windows\System32\lsasrv.dll
6/27/2010 3:16:32 AM 84480 32 C:\Windows\System32\mciavi32.dll
6/27/2010 3:16:46 AM 199680 32 C:\Windows\System32\mpg2splt.ax
6/26/2010 12:46:05 PM 221568 0 C:\Windows\System32\MpSigStub.exe
6/27/2010 3:41:03 AM 34045896 32 C:\Windows\System32\MRT.exe
6/27/2010 3:16:21 AM 34816 32 C:\Windows\System32\msasn1.dll
6/27/2010 3:39:46 AM 297808 32 C:\Windows\System32\mscoree.dll
6/27/2010 3:16:46 AM 417792 32 C:\Windows\System32\msdri.dll
6/27/2010 3:16:33 AM 64512 32 C:\Windows\System32\msfeedsbs.dll
6/27/2010 3:16:35 AM 5970944 32 C:\Windows\System32\mshtml.dll
6/27/2010 3:16:46 AM 204288 32 C:\Windows\System32\MSNP.ax
6/27/2010 3:16:32 AM 13312 32 C:\Windows\System32\msrle32.dll
6/27/2010 3:16:33 AM 606208 32 C:\Windows\System32\mstime.dll
6/27/2010 3:44:58 AM 257024 32 C:\Windows\System32\msv1_0.dll
6/27/2010 3:16:32 AM 31744 32 C:\Windows\System32\msvidc32.dll
6/27/2010 3:16:32 AM 22016 32 C:\Windows\System32\msyuv.dll
7/6/2010 11:10:21 AM 339968 32 C:\Windows\System32\N124UFW.dll
6/27/2010 3:39:46 AM 49472 32 C:\Windows\System32\netfxperf.dll
6/27/2010 3:16:14 AM 1286456 32 C:\Windows\System32\ntdll.dll
6/27/2010 3:16:31 AM 3954568 32 C:\Windows\System32\ntkrnlpa.exe
6/27/2010 3:16:31 AM 3899280 32 C:\Windows\System32\ntoskrnl.exe
7/5/2010 9:19:11 PM 1592424 32 C:\Windows\System32\nvapi.dll
7/5/2010 9:19:11 PM 232040 32 C:\Windows\System32\nvcod.dll
7/5/2010 9:19:11 PM 232040 32 C:\Windows\System32\nvcod1921.dll
7/3/2010 2:26:50 PM 10263144 32 C:\Windows\System32\nvcompiler.dll
6/7/2010 5:48:04 PM 13917800 32 C:\Windows\System32\nvcpl.dll
7/5/2010 9:19:13 PM 4513384 32 C:\Windows\System32\nvcuda.dll
7/3/2010 2:26:53 PM 2632296 32 C:\Windows\System32\nvcuvenc.dll
7/3/2010 2:26:53 PM 2145896 32 C:\Windows\System32\nvcuvid.dll
7/5/2010 9:19:13 PM 9712744 32 C:\Windows\System32\nvd3dum.dll
7/3/2010 2:26:53 PM 332392 32 C:\Windows\System32\nvdecodemft.dll
7/3/2010 2:26:53 PM 2890856 32 C:\Windows\System32\nvencodemft.dll
7/3/2010 2:26:55 PM 9633 32 C:\Windows\System32\nvinfo.pb
6/7/2010 5:48:04 PM 110696 32 C:\Windows\System32\nvmctray.dll
7/5/2010 9:19:13 PM 15764072 32 C:\Windows\System32\nvoglv32.dll
6/7/2010 5:48:04 PM 66664 32 C:\Windows\System32\nvshext.dll
6/7/2010 5:48:04 PM 1331816 32 C:\Windows\System32\nvsvc.dll
6/7/2010 5:48:04 PM 129640 32 C:\Windows\System32\nvvsvc.exe
7/5/2010 9:19:15 PM 4967528 32 C:\Windows\System32\nvwgf2um.dll
7/3/2010 2:26:55 PM 56936 32 C:\Windows\System32\OpenCL.dll
6/26/2010 12:07:50 PM 726316 32 C:\Windows\System32\PerfStringBackup.INI
6/27/2010 3:39:46 AM 295264 32 C:\Windows\System32\PresentationHost.exe
6/27/2010 3:39:46 AM 99176 32 C:\Windows\System32\PresentationHostProxy.dll
6/27/2010 3:16:46 AM 465408 32 C:\Windows\System32\psisdecd.dll
6/27/2010 3:16:32 AM 1328640 32 C:\Windows\System32\quartz.dll
6/27/2010 3:15:09 AM 320512 32 C:\Windows\System32\RMActivate.exe
6/27/2010 3:15:09 AM 324608 32 C:\Windows\System32\RMActivate_isv.exe
6/27/2010 3:15:09 AM 280064 32 C:\Windows\System32\RMActivate_ssp.exe
6/27/2010 3:15:09 AM 277504 32 C:\Windows\System32\RMActivate_ssp_isv.exe
6/27/2010 3:15:09 AM 369152 32 C:\Windows\System32\secproc.dll
6/27/2010 3:15:09 AM 365568 32 C:\Windows\System32\secproc_isv.dll
6/27/2010 3:15:09 AM 85504 32 C:\Windows\System32\secproc_ssp.dll
6/27/2010 3:15:09 AM 85504 32 C:\Windows\System32\secproc_ssp_isv.dll
7/14/2010 11:01:27 PM 0 32 C:\Windows\System32\settings.dat
6/26/2010 5:34:06 PM 86408 32 C:\Windows\System32\setupempdrv03.exe
7/6/2010 11:10:21 AM 28720 32 C:\Windows\System32\SG62CPL.DLL
7/6/2010 11:10:21 AM 114688 32 C:\Windows\System32\SG62UUD.DLL
6/27/2010 3:16:20 AM 12867072 32 C:\Windows\System32\shell32.dll
6/27/2010 3:16:36 AM 108544 32 C:\Windows\System32\t2embed.dll
6/27/2010 3:16:32 AM 12288 32 C:\Windows\System32\tsbyuv.dll
6/9/2010 7:11:26 AM 737280 32 C:\Windows\System32\TwainControlX.ocx
6/27/2010 3:14:58 AM 2048 32 C:\Windows\System32\tzres.dll
7/2/2010 12:24:26 PM 389180 32 C:\Windows\System32\UCS32P.DLL
7/20/2010 9:08:30 PM 1334 32 C:\Windows\System32\UNI.txt
6/27/2010 3:16:33 AM 1225216 32 C:\Windows\System32\urlmon.dll
6/27/2010 3:15:07 AM 427520 32 C:\Windows\System32\vbscript.dll
7/7/2010 3:52:26 AM 57904 32 C:\Windows\System32\wbload.dll
7/7/2010 3:52:25 AM 42672 32 C:\Windows\System32\wbsys.dll
6/27/2010 3:16:14 AM 2326528 32 C:\Windows\System32\win32k.sys
6/27/2010 3:16:33 AM 977920 32 C:\Windows\System32\wininet.dll
6/27/2010 3:16:11 AM 507568 32 C:\Windows\System32\winload.exe
6/27/2010 3:16:22 AM 285696 32 C:\Windows\System32\winlogon.exe
6/27/2010 3:16:11 AM 442920 32 C:\Windows\System32\winresume.exe
6/26/2010 12:06:12 PM 172032 32 C:\Windows\System32\wintrust.dll
6/27/2010 3:16:12 AM 11406336 32 C:\Windows\System32\wmp.dll
6/27/2010 3:16:10 AM 12625408 32 C:\Windows\System32\wmploc.DLL

====== "\Administrator & All Users\Startup" Last 60 Days======




====== "\Program Files" Last 60 Days======

7/5/2010 2:31:27 AM 3094515 C:\Program Files\7-Zip
6/27/2010 4:59:10 AM 213805074 C:\Program Files\Adobe
7/5/2010 12:51:51 AM 162214265 C:\Program Files\Alwil Software
7/12/2010 6:27:41 PM 2903051 C:\Program Files\CCleaner
7/5/2010 2:14:28 AM 0 C:\Program Files\Conduit
7/4/2010 11:36:09 PM 0 C:\Program Files\Dell
6/26/2010 5:34:01 PM 42994446 C:\Program Files\EASEUS
6/26/2010 2:44:40 PM 1513705 C:\Program Files\Focus Magic
6/27/2010 11:56:39 PM 7511598 C:\Program Files\InstallShield Installation Information
7/3/2010 4:50:14 PM 83527 C:\Program Files\Intel
6/26/2010 1:56:31 PM 11683592 C:\Program Files\IrfanView
7/9/2010 7:40:49 PM 309001247 C:\Program Files\Jasc Software Inc
7/12/2010 6:09:57 PM 87742973 C:\Program Files\Java
7/13/2010 3:24:09 AM 3962805 C:\Program Files\Malwarebytes' Anti-Malware
7/20/2010 6:36:31 PM 226432 C:\Program Files\Microsoft
7/5/2010 10:25:23 PM 38274027 C:\Program Files\Microsoft Silverlight
6/27/2010 3:40:17 AM 15715 C:\Program Files\Microsoft.NET
6/26/2010 12:32:33 PM 35030151 C:\Program Files\Mozilla Firefox
7/4/2010 9:33:28 PM 6844 C:\Program Files\MSN Toolbar Installer
6/27/2010 9:39:54 AM 0 C:\Program Files\MSXML 4.0
6/26/2010 1:40:24 PM 31182143 C:\Program Files\Nikon
7/3/2010 2:27:21 PM 120137501 C:\Program Files\NVIDIA Corporation
7/5/2010 8:57:59 PM 253124782 C:\Program Files\Phyxion.net
7/5/2010 2:10:11 AM 0 C:\Program Files\RadarSync
7/11/2010 10:09:22 PM 11667157 C:\Program Files\RocketDock
6/26/2010 1:57:39 PM 3130489 C:\Program Files\ShortKeys2
7/10/2010 1:32:12 PM 2875080 C:\Program Files\Sophos
6/26/2010 2:48:30 PM 349605952 C:\Program Files\Stardock
7/5/2010 2:18:39 AM 0 C:\Program Files\The Weather Channel FW
6/27/2010 9:27:38 PM 81381558 C:\Program Files\VideoLAN
7/20/2010 6:35:47 PM 78195995 C:\Program Files\Windows Live
7/20/2010 6:36:06 PM 245112 C:\Program Files\Windows Live SkyDrive
7/8/2010 11:46:45 AM 237453 C:\Program Files\WinPcap
6/26/2010 2:40:23 PM 87287 C:\Program Files\WinRoll
7/8/2010 11:46:27 AM 79542592 C:\Program Files\Wireshark
7/13/2010 6:27:29 PM 807300 C:\Program Files\yzsdw109

======"Drivers" Modified Last 60 Days======

7/20/2010 8:15:32 PM 17744 32 C:\Windows\System32\drivers\aswFsBlk.sys
7/20/2010 8:15:30 PM 99280 32 C:\Windows\System32\drivers\aswFW.sys
7/20/2010 8:15:12 PM 50256 32 C:\Windows\System32\drivers\aswMonFlt.sys
7/20/2010 8:15:14 PM 188168 32 C:\Windows\System32\drivers\aswNdis2.sys
7/20/2010 8:15:14 PM 23376 32 C:\Windows\System32\drivers\aswRdr.sys
7/20/2010 8:15:31 PM 312912 32 C:\Windows\System32\drivers\aswSnx.sys
7/20/2010 8:15:32 PM 165456 32 C:\Windows\System32\drivers\aswSP.sys
7/20/2010 8:15:14 PM 46672 32 C:\Windows\System32\drivers\aswTdi.sys
7/3/2010 1:56:57 AM 0 34 C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
7/3/2010 2:26:55 PM 10920 32 C:\Windows\System32\drivers\nvBridge.kmd
7/5/2010 9:19:15 PM 10888168 32 C:\Windows\System32\drivers\nvlddmkm.sys
7/14/2010 5:56:07 PM 697328 32 C:\Windows\System32\drivers\sptd.sys

====== Files Deleted under "%Temp%" ======

3 Files deleted

======"All Users\Application Data" Last 60 Days======



====== HKLM\~\ShellServiceObjectDelayLoad======

WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -


====== HKLM\~\SharedTaskScheduler======

======HKLM\~\msconfig\startupreg======

HKLM\Software\microsoft\shared tools\msconfig\startupreg\

====== Services ( Services that are Whitelisted are not shown) ======

1394ohci (1394 OHCI Compliant Host Controller)- C:\Windows\system32\DRIVERS\1394ohci.sys - Manual/Stopped
ACPI (Microsoft ACPI Driver)- C:\Windows\system32\DRIVERS\ACPI.sys - Boot/Running
AcpiPmi (ACPI Power Meter Driver)- C:\Windows\system32\DRIVERS\acpipmi.sys - Manual/Stopped
adp94xx (adp94xx)- C:\Windows\system32\DRIVERS\adp94xx.sys - Manual/Stopped
adpahci (adpahci)- C:\Windows\system32\DRIVERS\adpahci.sys - Manual/Stopped
adpu320 (adpu320)- C:\Windows\system32\DRIVERS\adpu320.sys - Manual/Stopped
AFD (Ancillary Function Driver for Winsock)- C:\Windows\system32\drivers\afd.sys - System/Running
agp440 (Intel AGP Bus Filter)- C:\Windows\system32\DRIVERS\agp440.sys - Manual/Stopped
aic78xx (aic78xx)- C:\Windows\system32\DRIVERS\djsvs.sys - Manual/Stopped
aliide (aliide)- C:\Windows\system32\DRIVERS\aliide.sys - Manual/Stopped
amdagp (AMD AGP Bus Filter Driver)- C:\Windows\system32\DRIVERS\amdagp.sys - Manual/Stopped
amdide (amdide)- C:\Windows\system32\DRIVERS\amdide.sys - Manual/Stopped
AmdK8 (AMD K8 Processor Driver)- C:\Windows\system32\DRIVERS\amdk8.sys - Manual/Stopped
AmdPPM (AMD Processor Driver)- C:\Windows\system32\DRIVERS\amdppm.sys - Manual/Stopped
amdsata (amdsata)- C:\Windows\system32\DRIVERS\amdsata.sys - Manual/Stopped
amdsbs (amdsbs)- C:\Windows\system32\DRIVERS\amdsbs.sys - Manual/Stopped
amdxata (amdxata)- C:\Windows\system32\DRIVERS\amdxata.sys - Boot/Running
AppID (AppID Driver)- C:\Windows\system32\drivers\appid.sys - Manual/Running
arc (arc)- C:\Windows\system32\DRIVERS\arc.sys - Manual/Stopped
arcsas (arcsas)- C:\Windows\system32\DRIVERS\arcsas.sys - Manual/Stopped
aswFsBlk (aswFsBlk)- C:\Windows\system32\drivers\aswFsBlk.sys - Auto/Running
aswFW (avast! TDI Firewall driver)- C:\Windows\system32\drivers\aswFW.sys - System/Running
aswMonFlt (aswMonFlt)- \??\C:\Windows\system32\drivers\aswMonFlt.sys - Auto/Running
aswNdis (avast! Firewall NDIS Filter Service)- C:\Windows\system32\DRIVERS\aswNdis.sys - Boot/Running
aswNdis2 (avast! Firewall Core Firewall Service)- C:\Windows\system32\drivers\aswNdis2.sys - Boot/Running
aswRdr (aswRdr)- C:\Windows\system32\drivers\aswRdr.sys - System/Running
aswSnx (aswSnx)- C:\Windows\system32\drivers\aswSnx.sys - System/Running
aswSP (aswSP)- C:\Windows\system32\drivers\aswSP.sys - System/Running
aswTdi (avast! Network Shield Support)- C:\Windows\system32\drivers\aswTdi.sys - System/Running
AsyncMac (RAS Asynchronous Media Driver)- C:\Windows\system32\DRIVERS\asyncmac.sys - Manual/Running
atapi (atapi)- C:\Windows\system32\DRIVERS\atapi.sys - Manual/Stopped
b06bdrv (Broadcom NetXtreme II VBD)- C:\Windows\system32\DRIVERS\bxvbdx.sys - Manual/Stopped
b57nd60x (Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0)- C:\Windows\system32\DRIVERS\b57nd60x.sys - Manual/Stopped
Beep (Beep)- C:\Windows\system32\drivers\Beep.sys - System/Running
blbdrive (blbdrive)- C:\Windows\system32\DRIVERS\blbdrive.sys - System/Running
bowser (Browser Support Driver)- C:\Windows\system32\DRIVERS\bowser.sys - Manual/Running
BrFiltLo (Brother USB Mass-Storage Lower Filter Driver)- C:\Windows\system32\DRIVERS\BrFiltLo.sys - Manual/Stopped
BrFiltUp (Brother USB Mass-Storage Upper Filter Driver)- C:\Windows\system32\DRIVERS\BrFiltUp.sys - Manual/Stopped
Brserid (Brother MFC Serial Port Interface Driver (WDM))- C:\Windows\system32\Drivers\Brserid.sys - Manual/Stopped
BrSerWdm (Brother WDM Serial driver)- C:\Windows\system32\Drivers\BrSerWdm.sys - Manual/Stopped
BrUsbMdm (Brother MFC USB Fax Only Modem)- C:\Windows\system32\Drivers\BrUsbMdm.sys - Manual/Stopped
BrUsbSer (Brother MFC USB Serial WDM Driver)- C:\Windows\system32\Drivers\BrUsbSer.sys - Manual/Stopped
BTHMODEM (Bluetooth Serial Communications Driver)- C:\Windows\system32\DRIVERS\bthmodem.sys - Manual/Stopped
cdfs (CD/DVD File System Reader)- C:\Windows\system32\DRIVERS\cdfs.sys - Disabled/Stopped
cdrom (CD-ROM Driver)- C:\Windows\system32\DRIVERS\cdrom.sys - System/Running
circlass (Consumer IR Devices)- C:\Windows\system32\DRIVERS\circlass.sys - Manual/Stopped
CLFS (Common Log (CLFS))- C:\Windows\system32\CLFS.sys - Boot/Running
CmBatt (Microsoft ACPI Control Method Battery Driver)- C:\Windows\system32\DRIVERS\CmBatt.sys - Manual/Stopped
cmdide (cmdide)- C:\Windows\system32\DRIVERS\cmdide.sys - Manual/Stopped
CNG (CNG)- C:\Windows\system32\Drivers\cng.sys - Boot/Running
Compbatt (Compbatt)- C:\Windows\system32\DRIVERS\compbatt.sys - Manual/Stopped
CompositeBus (Composite Bus Enumerator Driver)- C:\Windows\system32\DRIVERS\CompositeBus.sys - Manual/Running
crcdisk (Crcdisk Filter Driver)- C:\Windows\system32\DRIVERS\crcdisk.sys - Disabled/Stopped
DfsC (DFS Namespace Client Driver)- C:\Windows\system32\Drivers\dfsc.sys - System/Running
discache (System Attribute Cache)- C:\Windows\system32\drivers\discache.sys - System/Running
Disk (Disk Driver)- C:\Windows\system32\DRIVERS\disk.sys - Boot/Running
drmkaud (Microsoft Trusted Audio Drivers)- C:\Windows\system32\drivers\drmkaud.sys - Manual/Stopped
DXGKrnl (LDDM Graphics Subsystem)- C:\Windows\system32\drivers\dxgkrnl.sys - Manual/Running
e1express (Intel® PRO/1000 PCI Express Network Connection Driver)- C:\Windows\system32\DRIVERS\e1e6232.sys - Manual/Running
ebdrv (Broadcom NetXtreme II 10 GigE VBD)- C:\Windows\system32\DRIVERS\evbdx.sys - Manual/Stopped
elxstor (elxstor)- C:\Windows\system32\DRIVERS\elxstor.sys - Manual/Stopped
epmntdrv (epmntdrv)- \??\C:\Windows\system32\epmntdrv.sys - Manual/Stopped
ErrDev (Microsoft Hardware Error Device Driver)- C:\Windows\system32\DRIVERS\errdev.sys - Manual/Stopped
EuGdiDrv (EuGdiDrv)- \??\C:\Windows\system32\EuGdiDrv.sys - Manual/Stopped
exfat (exFAT File System Driver)- C:\Windows\system32\drivers\exfat.sys - Manual/Stopped
fastfat (FAT12/16/32 File System Driver)- C:\Windows\system32\drivers\fastfat.sys - Manual/Stopped
fdc (Floppy Disk Controller Driver)- C:\Windows\system32\DRIVERS\fdc.sys - Manual/Stopped
FileInfo (File Information FS MiniFilter)- C:\Windows\system32\drivers\fileinfo.sys - Boot/Running
Filetrace (Filetrace)- C:\Windows\system32\drivers\filetrace.sys - Manual/Stopped
flpydisk (Floppy Disk Driver)- C:\Windows\system32\DRIVERS\flpydisk.sys - Manual/Stopped
FltMgr (FltMgr)- C:\Windows\system32\drivers\fltmgr.sys - Boot/Running
FsDepends (File System Dependency Minifilter)- C:\Windows\system32\drivers\FsDepends.sys - Manual/Stopped
fvevol (Bitlocker Drive Encryption Filter Driver)- C:\Windows\system32\DRIVERS\fvevol.sys - Boot/Running
gagp30kx (Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms)- C:\Windows\system32\DRIVERS\gagp30kx.sys - Manual/Stopped
hcw85cir (Hauppauge Consumer Infrared Receiver)- C:\Windows\system32\drivers\hcw85cir.sys - Manual/Stopped
HdAudAddService (Microsoft 1.1 UAA Function Driver for High Definition Audio Service)- C:\Windows\system32\drivers\HdAudio.sys - Manual/Running
HDAudBus (Microsoft UAA Bus Driver for High Definition Audio)- C:\Windows\system32\DRIVERS\HDAudBus.sys - Manual/Running
HidBatt (HID UPS Battery Driver)- C:\Windows\system32\DRIVERS\HidBatt.sys - Manual/Stopped
HidBth (Microsoft Bluetooth HID Miniport)- C:\Windows\system32\DRIVERS\hidbth.sys - Manual/Stopped
HidIr (Microsoft Infrared HID Driver)- C:\Windows\system32\DRIVERS\hidir.sys - Manual/Stopped
HidUsb (Microsoft HID Class Driver)- C:\Windows\system32\DRIVERS\hidusb.sys - Manual/Running
HpSAMD (HpSAMD)- C:\Windows\system32\DRIVERS\HpSAMD.sys - Manual/Stopped
HTTP (HTTP)- C:\Windows\system32\drivers\HTTP.sys - Manual/Running
hwpolicy (Hardware Policy Driver)- C:\Windows\system32\drivers\hwpolicy.sys - Boot/Running
i8042prt (i8042 Keyboard and PS/2 Mouse Port Driver)- C:\Windows\system32\DRIVERS\i8042prt.sys - Manual/Stopped
iaStorV (Intel RAID Controller Windows 7)- C:\Windows\system32\DRIVERS\iaStorV.sys - Boot/Running
iirsp (iirsp)- C:\Windows\system32\DRIVERS\iirsp.sys - Manual/Stopped
intelide (intelide)- C:\Windows\system32\DRIVERS\intelide.sys - Manual/Stopped
intelppm (Intel Processor Driver)- C:\Windows\system32\DRIVERS\intelppm.sys - Manual/Running
IpFilterDriver (IP Traffic Filter Driver)- C:\Windows\system32\DRIVERS\ipfltdrv.sys - Manual/Stopped
IPMIDRV (IPMIDRV)- C:\Windows\system32\DRIVERS\IPMIDrv.sys - Manual/Stopped
IPNAT (IP Network Address Translator)- C:\Windows\system32\drivers\ipnat.sys - Manual/Stopped
IRENUM (IR Bus Enumerator)- C:\Windows\system32\drivers\irenum.sys - Manual/Stopped
isapnp (isapnp)- C:\Windows\system32\DRIVERS\isapnp.sys - Manual/Stopped
iScsiPrt (iScsiPort Driver)- C:\Windows\system32\DRIVERS\msiscsi.sys - Manual/Stopped
kbdclass (Keyboard Class Driver)- C:\Windows\system32\DRIVERS\kbdclass.sys - Manual/Running
kbdhid (Keyboard HID Driver)- C:\Windows\system32\DRIVERS\kbdhid.sys - Manual/Running
KSecDD (KSecDD)- C:\Windows\system32\Drivers\ksecdd.sys - Boot/Running
KSecPkg (KSecPkg)- C:\Windows\system32\Drivers\ksecpkg.sys - Boot/Running
lltdio (Link-Layer Topology Discovery Mapper I/O Driver)- C:\Windows\system32\DRIVERS\lltdio.sys - Auto/Running
LSI_FC (LSI_FC)- C:\Windows\system32\DRIVERS\lsi_fc.sys - Manual/Stopped
LSI_SAS (LSI_SAS)- C:\Windows\system32\DRIVERS\lsi_sas.sys - Manual/Stopped
LSI_SAS2 (LSI_SAS2)- C:\Windows\system32\DRIVERS\lsi_sas2.sys - Manual/Stopped
LSI_SCSI (LSI_SCSI)- C:\Windows\system32\DRIVERS\lsi_scsi.sys - Manual/Stopped
luafv (UAC File Virtualization)- C:\Windows\system32\drivers\luafv.sys - Auto/Running
megasas (megasas)- C:\Windows\system32\DRIVERS\megasas.sys - Manual/Stopped
MegaSR (MegaSR)- C:\Windows\system32\DRIVERS\MegaSR.sys - Manual/Stopped
MEMSWEEP2 (MEMSWEEP2)- \??\C:\Windows\system32\F9EB.tmp - Manual/Stopped
Modem (Modem)- C:\Windows\system32\drivers\modem.sys - Manual/Stopped
monitor (Microsoft Monitor Class Function Driver Service)- C:\Windows\system32\DRIVERS\monitor.sys - Manual/Running
mouclass (Mouse Class Driver)- C:\Windows\system32\DRIVERS\mouclass.sys - Manual/Running
mouhid (Mouse HID Driver)- C:\Windows\system32\DRIVERS\mouhid.sys - Manual/Running
mountmgr (Mount Point Manager)- C:\Windows\system32\drivers\mountmgr.sys - Boot/Running
mpio (mpio)- C:\Windows\system32\DRIVERS\mpio.sys - Manual/Stopped
mpsdrv (Windows Firewall Authorization Driver)- C:\Windows\system32\drivers\mpsdrv.sys - Manual/Running
MRxDAV (WebDav Client Redirector Driver)- C:\Windows\system32\drivers\mrxdav.sys - Manual/Stopped
mrxsmb (SMB MiniRedirector Wrapper and Engine)- C:\Windows\system32\DRIVERS\mrxsmb.sys - Manual/Running
mrxsmb10 (SMB 1.x MiniRedirector)- C:\Windows\system32\DRIVERS\mrxsmb10.sys - Manual/Running
mrxsmb20 (SMB 2.0 MiniRedirector)- C:\Windows\system32\DRIVERS\mrxsmb20.sys - Manual/Running
msahci (msahci)- C:\Windows\system32\DRIVERS\msahci.sys - Manual/Stopped
msdsm (msdsm)- C:\Windows\system32\DRIVERS\msdsm.sys - Manual/Stopped
Msfs (Msfs)- C:\Windows\system32\drivers\Msfs.sys - System/Running
mshidkmdf (Pass-through HID to KMDF Filter Driver)- C:\Windows\system32\drivers\mshidkmdf.sys - Manual/Stopped
msisadrv (msisadrv)- C:\Windows\system32\DRIVERS\msisadrv.sys - Boot/Running
MSKSSRV (Microsoft Streaming Service Proxy)- C:\Windows\system32\drivers\MSKSSRV.sys - Manual/Stopped
MSPCLOCK (Microsoft Streaming Clock Proxy)- C:\Windows\system32\drivers\MSPCLOCK.sys - Manual/Stopped
MSPQM (Microsoft Streaming Quality Manager Proxy)- C:\Windows\system32\drivers\MSPQM.sys - Manual/Stopped
MsRPC (MsRPC)- C:\Windows\system32\drivers\MsRPC.sys - Manual/Stopped
mssmbios (Microsoft System Management BIOS Driver)- C:\Windows\system32\DRIVERS\mssmbios.sys - System/Running
MSTEE (Microsoft Streaming Tee/Sink-to-Sink Converter)- C:\Windows\system32\drivers\MSTEE.sys - Manual/Stopped
MTConfig (Microsoft Input Configuration Driver)- C:\Windows\system32\DRIVERS\MTConfig.sys - Manual/Stopped
Mup (Mup)- C:\Windows\system32\Drivers\mup.sys - Boot/Running
NativeWifiP (NativeWiFi Filter)- C:\Windows\system32\DRIVERS\nwifi.sys - Manual/Stopped
NDIS (NDIS System Driver)- C:\Windows\system32\drivers\ndis.sys - Boot/Running
NdisCap (NDIS Capture LightWeight Filter)- C:\Windows\system32\DRIVERS\ndiscap.sys - Manual/Stopped
NdisTapi (Remote Access NDIS TAPI Driver)- C:\Windows\system32\DRIVERS\ndistapi.sys - Manual/Running
Ndisuio (NDIS Usermode I/O Protocol)- C:\Windows\system32\DRIVERS\ndisuio.sys - Manual/Stopped
NdisWan (Remote Access NDIS WAN Driver)- C:\Windows\system32\DRIVERS\ndiswan.sys - Manual/Running
NDProxy (NDIS Proxy)- C:\Windows\system32\drivers\NDProxy.sys - Manual/Running
NetBIOS (NetBIOS Interface)- C:\Windows\system32\DRIVERS\netbios.sys - System/Running
NetBT (NetBT)- C:\Windows\system32\DRIVERS\netbt.sys - System/Running
nfrd960 (nfrd960)- C:\Windows\system32\DRIVERS\nfrd960.sys - Manual/Stopped
NPF (NetGroup Packet Filter Driver)- C:\Windows\system32\drivers\npf.sys - Auto/Running
Npfs (Npfs)- C:\Windows\system32\drivers\Npfs.sys - System/Running
nsiproxy (NSI proxy service driver.)- C:\Windows\system32\drivers\nsiproxy.sys - System/Running
Ntfs (Ntfs)- C:\Windows\system32\drivers\Ntfs.sys - Manual/Running
Null (Null)- C:\Windows\system32\drivers\Null.sys - System/Running
nvlddmkm (nvlddmkm)- C:\Windows\system32\DRIVERS\nvlddmkm.sys - Manual/Running
ohci1394 (1394 OHCI Compliant Host Controller (Legacy))- C:\Windows\system32\DRIVERS\ohci1394.sys - Manual/Stopped
Parport (Parallel port driver)- C:\Windows\system32\DRIVERS\parport.sys - Manual/Stopped
partmgr (Partition Manager)- C:\Windows\system32\drivers\partmgr.sys - Boot/Running
Parvdm (Parvdm)- C:\Windows\system32\DRIVERS\parvdm.sys - Auto/Stopped
pci (PCI Bus Driver)- C:\Windows\system32\DRIVERS\pci.sys - Boot/Running
pciide (pciide)- C:\Windows\system32\DRIVERS\pciide.sys - Manual/Stopped
pcmcia (pcmcia)- C:\Windows\system32\DRIVERS\pcmcia.sys - Manual/Stopped
pcw (Performance Counters for Windows Driver)- C:\Windows\system32\drivers\pcw.sys - Boot/Running
PEAUTH (PEAUTH)- C:\Windows\system32\drivers\peauth.sys - Auto/Running
PptpMiniport (WAN Miniport (PPTP))- C:\Windows\system32\DRIVERS\raspptp.sys - Manual/Running
Processor (Processor Driver)- C:\Windows\system32\DRIVERS\processr.sys - Manual/Stopped
Psched (QoS Packet Scheduler)- C:\Windows\system32\DRIVERS\pacer.sys - System/Running
ql2300 (ql2300)- C:\Windows\system32\DRIVERS\ql2300.sys - Manual/Stopped
ql40xx (ql40xx)- C:\Windows\system32\DRIVERS\ql40xx.sys - Manual/Stopped
QWAVEdrv (QWAVE driver)- C:\Windows\system32\drivers\qwavedrv.sys - Manual/Stopped
RasAcd (Remote Access Auto Connection Driver)- C:\Windows\system32\DRIVERS\rasacd.sys - Manual/Stopped
RasAgileVpn (WAN Miniport (IKEv2))- C:\Windows\system32\DRIVERS\AgileVpn.sys - Manual/Running
Rasl2tp (WAN Miniport (L2TP))- C:\Windows\system32\DRIVERS\rasl2tp.sys - Manual/Running
RasPppoe (Remote Access PPPOE Driver)- C:\Windows\system32\DRIVERS\raspppoe.sys - Manual/Running
RasSstp (WAN Miniport (SSTP))- C:\Windows\system32\DRIVERS\rassstp.sys - Manual/Running
rdbss (Redirected Buffering Sub Sysytem)- C:\Windows\system32\DRIVERS\rdbss.sys - System/Running
rdpbus (Remote Desktop Device Redirector Bus Driver)- C:\Windows\system32\DRIVERS\rdpbus.sys - Manual/Stopped
RDPCDD (RDPCDD)- C:\Windows\system32\DRIVERS\RDPCDD.sys - System/Running
RDPENCDD (RDP Encoder Mirror Driver)- C:\Windows\system32\drivers\rdpencdd.sys - System/Running
RDPREFMP (Reflector Display Driver used to gain access to graphics data)- C:\Windows\system32\drivers\rdprefmp.sys - System/Running
RDPWD (RDP Winstation Driver)- C:\Windows\system32\drivers\RDPWD.sys - Manual/Stopped
rdyboost (ReadyBoost)- C:\Windows\system32\drivers\rdyboost.sys - Boot/Running
rspndr (Link-Layer Topology Discovery Responder)- C:\Windows\system32\DRIVERS\rspndr.sys - Auto/Running
sbp2port (sbp2port)- C:\Windows\system32\DRIVERS\sbp2port.sys - Manual/Stopped
scfilter (Smart card PnP Class Filter Driver)- C:\Windows\system32\DRIVERS\scfilter.sys - Manual/Stopped
secdrv (Security Driver)- C:\Windows\system32\drivers\secdrv.sys - Auto/Running
Serenum (Serenum Filter Driver)- C:\Windows\system32\DRIVERS\serenum.sys - Manual/Stopped
Serial (Serial Port Driver)- C:\Windows\system32\DRIVERS\serial.sys - Manual/Stopped
sermouse (Serial Mouse Driver)- C:\Windows\system32\DRIVERS\sermouse.sys - Manual/Stopped
sffdisk (SFF Storage Class Driver)- C:\Windows\system32\DRIVERS\sffdisk.sys - Manual/Stopped
sffp_mmc (SFF Storage Protocol Driver for MMC)- C:\Windows\system32\DRIVERS\sffp_mmc.sys - Manual/Stopped
sffp_sd (SFF Storage Protocol Driver for SDBus)- C:\Windows\system32\DRIVERS\sffp_sd.sys - Manual/Stopped
sfloppy (High-Capacity Floppy Disk Drive)- C:\Windows\system32\DRIVERS\sfloppy.sys - Manual/Stopped
sisagp (SIS AGP Bus Filter)- C:\Windows\system32\DRIVERS\sisagp.sys - Manual/Stopped
SiSRaid2 (SiSRaid2)- C:\Windows\system32\DRIVERS\SiSRaid2.sys - Manual/Stopped
SiSRaid4 (SiSRaid4)- C:\Windows\system32\DRIVERS\sisraid4.sys - Manual/Stopped
Smb (Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session))- C:\Windows\system32\DRIVERS\smb.sys - Manual/Stopped
spldr (Security Processor Loader Driver)- C:\Windows\system32\drivers\spldr.sys - Boot/Running
srv (Server SMB 1.xxx Driver)- C:\Windows\system32\DRIVERS\srv.sys - Manual/Running
srv2 (Server SMB 2.xxx Driver)- C:\Windows\system32\DRIVERS\srv2.sys - Manual/Running
srvnet (srvnet)- C:\Windows\system32\DRIVERS\srvnet.sys - Manual/Running
stexstor (stexstor)- C:\Windows\system32\DRIVERS\stexstor.sys - Manual/Stopped
swenum (Software Bus Driver)- C:\Windows\system32\DRIVERS\swenum.sys - Manual/Running
Tcpip (TCP/IP Protocol Driver)- C:\Windows\system32\drivers\tcpip.sys - Boot/Running
TCPIP6 (Microsoft IPv6 Protocol Driver)- C:\Windows\system32\DRIVERS\tcpip.sys - Manual/Stopped
tcpipreg (TCP/IP Registry Compatibility)- C:\Windows\system32\drivers\tcpipreg.sys - Auto/Running
TDPIPE (TDPIPE)- C:\Windows\system32\drivers\tdpipe.sys - Manual/Stopped
TDTCP (TDTCP)- C:\Windows\system32\drivers\tdtcp.sys - Manual/Stopped
tdx (NetIO Legacy TDI Support Driver)- C:\Windows\system32\DRIVERS\tdx.sys - System/Running
TermDD (Terminal Device Driver)- C:\Windows\system32\DRIVERS\termdd.sys - System/Running
tssecsrv (Remote Desktop Services Security Filter Driver)- C:\Windows\system32\DRIVERS\tssecsrv.sys - Manual/Stopped
tunnel (Microsoft Tunnel Miniport Adapter Driver)- C:\Windows\system32\DRIVERS\tunnel.sys - Manual/Running
uagp35 (Microsoft AGPv3.5 Filter)- C:\Windows\system32\DRIVERS\uagp35.sys - Manual/Stopped
udfs (udfs)- C:\Windows\system32\DRIVERS\udfs.sys - Disabled/Running
uliagpkx (Uli AGP Bus Filter)- C:\Windows\system32\DRIVERS\uliagpkx.sys - Manual/Stopped
umbus (UMBus Enumerator Driver)- C:\Windows\system32\DRIVERS\umbus.sys - Manual/Running
UmPass (Microsoft UMPass Driver)- C:\Windows\system32\DRIVERS\umpass.sys - Manual/Stopped
usbccgp (Microsoft USB Generic Parent Driver)- C:\Windows\system32\DRIVERS\usbccgp.sys - Manual/Running
usbcir (eHome Infrared Receiver (USBCIR))- C:\Windows\system32\DRIVERS\usbcir.sys - Manual/Stopped
usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver)- C:\Windows\system32\DRIVERS\usbehci.sys - Manual/Running
usbhub (Microsoft USB Standard Hub Driver)- C:\Windows\system32\DRIVERS\usbhub.sys - Manual/Running
usbohci (Microsoft USB Open Host Controller Miniport Driver)- C:\Windows\system32\DRIVERS\usbohci.sys - Manual/Stopped
usbprint (Microsoft USB PRINTER Class)- C:\Windows\system32\DRIVERS\usbprint.sys - Manual/Running
usbscan (USB Scanner Driver)- C:\Windows\system32\DRIVERS\usbscan.sys - Manual/Stopped
USBSTOR (USB Mass Storage Driver)- C:\Windows\system32\DRIVERS\USBSTOR.SYS - Manual/Running
usbuhci (Microsoft USB Universal Host Controller Miniport Driver)- C:\Windows\system32\DRIVERS\usbuhci.sys - Manual/Running
uxpatch (uxpatch)- \??\C:\Windows\system32\drivers\uxpatch.sys - Auto/Running
vdrvroot (Microsoft Virtual Drive Enumerator Driver)- C:\Windows\system32\DRIVERS\vdrvroot.sys - Boot/Running
vga (vga)- C:\Windows\system32\DRIVERS\vgapnp.sys - Manual/Stopped
VgaSave (VgaSave)- C:\Windows\system32\drivers\vga.sys - System/Running
vhdmp (vhdmp)- C:\Windows\system32\DRIVERS\vhdmp.sys - Manual/Stopped
viaagp (VIA AGP Bus Filter)- C:\Windows\system32\DRIVERS\viaagp.sys - Manual/Stopped
ViaC7 (VIA C7 Processor Driver)- C:\Windows\system32\DRIVERS\viac7.sys - Manual/Stopped
viaide (viaide)- C:\Windows\system32\DRIVERS\viaide.sys - Manual/Stopped
volmgr (Volume Manager Driver)- C:\Windows\system32\DRIVERS\volmgr.sys - Boot/Running
volmgrx (Dynamic Volume Manager)- C:\Windows\system32\drivers\volmgrx.sys - Boot/Running
volsnap (Storage volumes)- C:\Windows\system32\DRIVERS\volsnap.sys - Boot/Running
vsmraid (vsmraid)- C:\Windows\system32\DRIVERS\vsmraid.sys - Manual/Stopped
vwifibus (Virtual WiFi Bus Driver)- C:\Windows\system32\drivers\vwifibus.sys - Manual/Stopped
WacomPen (Wacom Serial Pen HID Driver)- C:\Windows\system32\DRIVERS\wacompen.sys - Manual/Stopped
WANARP (Remote Access IP ARP Driver)- C:\Windows\system32\DRIVERS\wanarp.sys - Manual/Stopped
Wanarpv6 (Remote Access IPv6 ARP Driver)- C:\Windows\system32\DRIVERS\wanarp.sys - Disabled/Stopped
Wd (Wd)- C:\Windows\system32\DRIVERS\wd.sys - Manual/Stopped
Wdf01000 (Kernel Mode Driver Frameworks service)- C:\Windows\system32\drivers\Wdf01000.sys - Boot/Running
WfpLwf (WFP Lightweight Filter)- C:\Windows\system32\DRIVERS\wfplwf.sys - System/Running
WIMMount (WIMMount)- C:\Windows\system32\drivers\wimmount.sys - Manual/Stopped
WmiAcpi (Microsoft Windows Management Interface for ACPI)- C:\Windows\system32\DRIVERS\wmiacpi.sys - Manual/Stopped
ws2ifsl (Winsock IFS Driver)- C:\Windows\system32\drivers\ws2ifsl.sys - Disabled/Stopped
WudfPf (User Mode Driver Frameworks Platform Driver)- C:\Windows\system32\drivers\WudfPf.sys - Manual/Running
WUDFRd (WUDFRd)- C:\Windows\system32\DRIVERS\WUDFRd.sys - Manual/Running

====== Uninstall List ======

A file named 'UNI.txt' was created and saved to
FileListers default location. Post the results if requested.

======== Other Info ========

TOTAL PHYSICAL RAM: 3219 MB

Boot Info

OS Type: Microsoft Windows 7 Home Premium
Build: 6.1.7600
Service Pack: 0.0

====== Files with Hidden Attributes======

A file named 'Hidden.txt' was created and saved to
FileListers default location. Post the results if requested.

==End of Report==

Edited by papilio01, 21 July 2010 - 12:26 AM.


#10 papilio01

papilio01
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 20 July 2010 - 11:30 PM

(Never mind ... edited the above post instead) whistling.gif

Edited by papilio01, 21 July 2010 - 12:28 AM.


#11 papilio01

papilio01
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 20 July 2010 - 11:43 PM

Hope you don't mind -- while I'm at it, thought I might as well paste the \system32\Hidden.txt I found there too ...

C:\hiberfil.sys
C:\IO.SYS
C:\MSDOS.SYS
C:\NTDETECT.COM
C:\$Recycle.Bin\S-1-5-21-881942326-2776305613-4268095126-1000\$R6YK1LW.ini
C:\$Recycle.Bin\S-1-5-21-881942326-2776305613-4268095126-1000\desktop.ini
C:\Boot\BOOTSTAT.DAT
C:\KB\desktop.ini
C:\Program Files\desktop.ini
C:\Program Files\Common Files\microsoft shared\Stationery\Desktop.ini
C:\Program Files\Windows Mail\WinMail.exe
C:\ProgramData\PKP_DLbx.DAT
C:\ProgramData\Microsoft\Windows\Ringtones\desktop.ini
C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\desktop.ini
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Desktop.ini
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\desktop.ini
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\desktop.ini
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
C:\Users\desktop.ini
C:\Users\All Users\PKP_DLbx.DAT
C:\Users\All Users\Microsoft\Windows\Ringtones\desktop.ini
C:\Users\All Users\Microsoft\Windows\Start Menu\desktop.ini
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\desktop.ini
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Accessories\desktop.ini
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Desktop.ini
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\desktop.ini
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Games\desktop.ini
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
C:\Users\Default\NTUSER.DAT
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Desktop.ini
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Desktop.ini
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini
C:\Users\papilio\NTUSER.DAT
C:\Users\papilio\ntuser.ini
C:\Users\papilio\AppData\Local\Microsoft\Feeds Cache\index.dat
C:\Users\papilio\AppData\Local\Microsoft\Feeds Cache\desktop.ini
C:\Users\papilio\AppData\Local\Microsoft\Feeds Cache\5JW7ONUS\desktop.ini
C:\Users\papilio\AppData\Local\Microsoft\Feeds Cache\I7EX2XD5\desktop.ini
C:\Users\papilio\AppData\Local\Microsoft\Feeds Cache\XLT8YKB4\desktop.ini
C:\Users\papilio\AppData\Local\Microsoft\Feeds Cache\YEYW7GEK\desktop.ini
C:\Users\papilio\AppData\Local\Microsoft\Windows\UsrClass.dat
C:\Users\papilio\AppData\Local\Microsoft\Windows\Burn\Burn\desktop.ini
C:\Users\papilio\AppData\Local\Microsoft\Windows\Burn\Burn1\desktop.ini
C:\Users\papilio\AppData\Local\Microsoft\Windows\History\desktop.ini
C:\Users\papilio\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
C:\Users\papilio\AppData\Local\Microsoft\Windows\History\History.IE5\desktop.ini
C:\Users\papilio\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010071220100719\index.dat
C:\Users\papilio\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010071920100720\index.dat
C:\Users\papilio\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012010072020100721\index.dat
C:\Users\papilio\AppData\Local\Microsoft\Windows\History\Low\desktop.ini
C:\Users\papilio\AppData\Local\Microsoft\Windows\History\Low\History.IE5\desktop.ini
C:\Users\papilio\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini
C:\Users\papilio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
C:\Users\papilio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini
C:\Users\papilio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\019DEWBB\desktop.ini
C:\Users\papilio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5S421YUV\desktop.ini
C:\Users\papilio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BKN2CP4T\desktop.ini
C:\Users\papilio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X57OEX0T\desktop.ini
C:\Users\papilio\AppData\Local\Microsoft\Windows Mail\Stationery\Desktop.ini
C:\Users\papilio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
C:\Users\papilio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\desktop.ini
C:\Users\papilio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9d91276b0be3e46b\desktop.ini
C:\Users\papilio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\desktop.ini
C:\Users\papilio\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
C:\Users\papilio\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\index.dat
C:\Users\papilio\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
C:\Users\papilio\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
C:\Users\papilio\AppData\Roaming\Microsoft\Windows\IETldCache\Low\index.dat
C:\Users\papilio\AppData\Roaming\Microsoft\Windows\Libraries\desktop.ini
C:\Users\papilio\AppData\Roaming\Microsoft\Windows\PrivacIE\Low\index.dat
C:\Users\papilio\AppData\Roaming\Microsoft\Windows\Recent\desktop.ini
C:\Users\papilio\AppData\Roaming\Microsoft\Windows\SendTo\Desktop.ini
C:\Users\papilio\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
C:\Users\papilio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
C:\Users\papilio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini
C:\Users\papilio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Desktop.ini
C:\Users\papilio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini
C:\Users\papilio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini
C:\Users\papilio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini
C:\Users\papilio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
C:\Users\papilio\AppData\Roaming\Microsoft\Windows\Themes\slideshow.ini
C:\Users\papilio\Contacts\desktop.ini
C:\Users\papilio\Desktop\desktop.ini
C:\Users\papilio\Desktop\[____NEF\desktop.ini
C:\Users\papilio\Documents\desktop.ini
C:\Users\papilio\Documents\Fax\Drafts\desktop.ini
C:\Users\papilio\Documents\Fax\Inbox\desktop.ini
C:\Users\papilio\Documents\Scanned Documents\desktop.ini
C:\Users\papilio\Downloads\desktop.ini
C:\Users\papilio\Downloads\APPOWS2010_by_neiio\Appows for Win7\Themes\Appows Dusk\en-US\desktop.ini
C:\Users\papilio\Downloads\APPOWS2010_by_neiio\Appows for Win7\Themes\Appows Dusk\Shell\desktop.ini
C:\Users\papilio\Downloads\APPOWS2010_by_neiio\Appows for Win7\Themes\Appows Haze\en-US\desktop.ini
C:\Users\papilio\Downloads\APPOWS2010_by_neiio\Appows for Win7\Themes\Appows Haze\Shell\desktop.ini
C:\Users\papilio\Downloads\APPOWS2010_by_neiio\Appows for Win7\Themes\Appows Lite\en-US\desktop.ini
C:\Users\papilio\Downloads\APPOWS2010_by_neiio\Appows for Win7\Themes\Appows Lite\Shell\desktop.ini
C:\Users\papilio\Downloads\APPOWS2010_by_neiio\Appows for Win7\Themes\Appows Nite\en-US\desktop.ini
C:\Users\papilio\Downloads\APPOWS2010_by_neiio\Appows for Win7\Themes\Appows Nite\Shell\desktop.ini
C:\Users\papilio\Downloads\APPOWS2010_by_neiio\Appows for Win7\Themes\Appows Peek\en-US\desktop.ini
C:\Users\papilio\Downloads\APPOWS2010_by_neiio\Appows for Win7\Themes\Appows Peek\Shell\desktop.ini
C:\Users\papilio\Downloads\APPOWS2010_by_neiio\Appows for Win7\Themes\Appows Work\en-US\desktop.ini
C:\Users\papilio\Downloads\APPOWS2010_by_neiio\Appows for Win7\Themes\Appows Work\Shell\desktop.ini
C:\Users\papilio\Downloads\surcox\surcox icons\Desktop.ini
C:\Users\papilio\Favorites\desktop.ini
C:\Users\papilio\Favorites\Links\desktop.ini
C:\Users\papilio\Favorites\Links for United States\desktop.ini
C:\Users\papilio\Links\desktop.ini
C:\Users\papilio\Music\desktop.ini
C:\Users\papilio\Pictures\desktop.ini
C:\Users\papilio\Pictures\New folder\___PART_2\fldr_7.6.2\desktop.ini
C:\Users\papilio\Saved Games\desktop.ini
C:\Users\papilio\Searches\desktop.ini
C:\Users\papilio\Videos\desktop.ini
C:\Users\Public\desktop.ini
C:\Users\Public\Desktop\desktop.ini
C:\Users\Public\Documents\desktop.ini
C:\Users\Public\Downloads\desktop.ini
C:\Users\Public\Libraries\desktop.ini
C:\Users\Public\Music\desktop.ini
C:\Users\Public\Music\Sample Music\desktop.ini
C:\Users\Public\Pictures\desktop.ini
C:\Users\Public\Pictures\Sample Pictures\desktop.ini
C:\Users\Public\Recorded TV\desktop.ini
C:\Users\Public\Recorded TV\Sample Media\desktop.ini
C:\Users\Public\Videos\desktop.ini
C:\Users\Public\Videos\Sample Videos\desktop.ini
C:\Windows\assembly\pubpol4.dat
C:\Windows\assembly\Desktop.ini
C:\Windows\assembly\NativeImages_v2.0.50727_32\indexfc.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\indexfe.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\indexff.dat
C:\Windows\assembly\NativeImages_v4.0.30319_32\index55.dat
C:\Windows\assembly\NativeImages_v4.0.30319_32\index56.dat
C:\Windows\Downloaded Program Files\desktop.ini
C:\Windows\Fonts\StaticCache.dat
C:\Windows\Globalization\MCT\MCT-AU\Wallpaper\desktop.ini
C:\Windows\Globalization\MCT\MCT-CA\Wallpaper\desktop.ini
C:\Windows\Globalization\MCT\MCT-GB\Link\desktop.ini
C:\Windows\Globalization\MCT\MCT-GB\Wallpaper\desktop.ini
C:\Windows\Globalization\MCT\MCT-US\Link\desktop.ini
C:\Windows\Globalization\MCT\MCT-US\Wallpaper\desktop.ini
C:\Windows\Globalization\MCT\MCT-ZA\Wallpaper\desktop.ini
C:\Windows\Media\Desktop.ini
C:\Windows\Media\Afternoon\Desktop.ini
C:\Windows\Media\Calligraphy\Desktop.ini
C:\Windows\Media\Characters\Desktop.ini
C:\Windows\Media\Cityscape\Desktop.ini
C:\Windows\Media\Delta\Desktop.ini
C:\Windows\Media\Festival\Desktop.ini
C:\Windows\Media\Garden\Desktop.ini
C:\Windows\Media\Heritage\Desktop.ini
C:\Windows\Media\Landscape\Desktop.ini
C:\Windows\Media\Quirky\Desktop.ini
C:\Windows\Media\Raga\Desktop.ini
C:\Windows\Media\Savanna\Desktop.ini
C:\Windows\Media\Sonata\Desktop.ini
C:\Windows\Offline Web Pages\desktop.ini
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\desktop.ini
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\desktop.ini
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0367EZKQ\desktop.ini
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5UEYIYPB\desktop.ini
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L6KM7CHB\desktop.ini
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QKHQ48JP\desktop.ini
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\desktop.ini
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\desktop.ini
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\8B1Z27PK\desktop.ini
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\A7K0UKOK\desktop.ini
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\HCR9CKMX\desktop.ini
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ZHK51MNO\desktop.ini
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\SendTo\Desktop.ini
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Desktop.ini
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\SendTo\Desktop.ini
C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini
C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Desktop.ini
C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini
C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini
C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
C:\Windows\System32\api-ms-win-security-lsalookup-l1-1-0.dll
C:\Windows\System32\api-ms-win-security-sddl-l1-1-0.dll
C:\Windows\System32\api-ms-win-service-core-l1-1-0.dll
C:\Windows\System32\api-ms-win-service-management-l1-1-0.dll
C:\Windows\System32\api-ms-win-service-management-l2-1-0.dll
C:\Windows\System32\api-ms-win-service-winsvc-l1-1-0.dll
C:\Windows\System32\desktop.ini
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Burn\Burn\desktop.ini
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\desktop.ini
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\desktop.ini
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MOVX2IZ4\desktop.ini
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QPX3VT8R\desktop.ini
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WDZ0CFOU\desktop.ini
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZM8MCMQ1\desktop.ini
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows Sidebar\Gadgets\desktop.ini
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Libraries\desktop.ini
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent\desktop.ini
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
C:\Windows\System32\config\systemprofile\Contacts\desktop.ini
C:\Windows\System32\config\systemprofile\Desktop\desktop.ini
C:\Windows\System32\config\systemprofile\Documents\desktop.ini
C:\Windows\System32\config\systemprofile\Downloads\desktop.ini
C:\Windows\System32\config\systemprofile\Favorites\desktop.ini
C:\Windows\System32\config\systemprofile\Links\desktop.ini
C:\Windows\System32\config\systemprofile\Music\desktop.ini
C:\Windows\System32\config\systemprofile\Music\Playlists\desktop.ini
C:\Windows\System32\config\systemprofile\Pictures\desktop.ini
C:\Windows\System32\config\systemprofile\Pictures\Slide Shows\desktop.ini
C:\Windows\System32\config\systemprofile\Saved Games\desktop.ini
C:\Windows\System32\config\systemprofile\Searches\desktop.ini
C:\Windows\System32\config\systemprofile\Videos\desktop.ini
C:\Windows\Tasks\SA.DAT
C:\Windows\Web\Wallpaper\Architecture\Desktop.ini
C:\Windows\Web\Wallpaper\Characters\Desktop.ini
C:\Windows\Web\Wallpaper\Landscapes\Desktop.ini
C:\Windows\Web\Wallpaper\Nature\Desktop.ini
C:\Windows\Web\Wallpaper\Scenes\Desktop.ini
C:\Windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
C:\Windows\winsxs\x86_microsoft-windows-minioapinamespace_31bf3856ad364e35_6.1.7600.16385_none_6c9a1ef812f0bb30\api-ms-win-security-lsalookup-l1-1-0.dll
C:\Windows\winsxs\x86_microsoft-windows-minioapinamespace_31bf3856ad364e35_6.1.7600.16385_none_6c9a1ef812f0bb30\api-ms-win-security-sddl-l1-1-0.dll
C:\Windows\winsxs\x86_microsoft-windows-minioapinamespace_31bf3856ad364e35_6.1.7600.16385_none_6c9a1ef812f0bb30\api-ms-win-service-core-l1-1-0.dll
C:\Windows\winsxs\x86_microsoft-windows-minioapinamespace_31bf3856ad364e35_6.1.7600.16385_none_6c9a1ef812f0bb30\api-ms-win-service-management-l1-1-0.dll
C:\Windows\winsxs\x86_microsoft-windows-minioapinamespace_31bf3856ad364e35_6.1.7600.16385_none_6c9a1ef812f0bb30\api-ms-win-service-management-l2-1-0.dll
C:\Windows\winsxs\x86_microsoft-windows-minioapinamespace_31bf3856ad364e35_6.1.7600.16385_none_6c9a1ef812f0bb30\api-ms-win-service-winsvc-l1-1-0.dll
C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-console-l1-1-0.dll
C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-datetime-l1-1-0.dll
C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-debug-l1-1-0.dll
C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-delayload-l1-1-0.dll
C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-errorhandling-l1-1-0.dll
C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-fibers-l1-1-0.dll
C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-file-l1-1-0.dll
C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-handle-l1-1-0.dll
C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-heap-l1-1-0.dll
C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-interlocked-l1-1-0.dll
C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-io-l1-1-0.dll
C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll
C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-localization-l1-1-0.dll
C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-localregistry-l1-1-0.dll
C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-memory-l1-1-0.dll
C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-misc-l1-1-0.dll
C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-namedpipe-l1-1-0.dll
C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-processenvironment-l1-1-0.dll
C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-processthreads-l1-1-0.dll
C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-profile-l1-1-0.dll
C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-rtlsupport-l1-1-0.dll
C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-string-l1-1-0.dll
C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-synch-l1-1-0.dll
C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-sysinfo-l1-1-0.dll
C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-threadpool-l1-1-0.dll
C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-util-l1-1-0.dll
C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-xstate-l1-1-0.dll
C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-security-base-l1-1-0.dll
C:\Windows.old\Documents and Settings\Administrator\NTUSER.DAT
C:\Windows.old\Documents and Settings\Administrator\ntuser.ini
C:\Windows.old\Documents and Settings\Administrator\Application Data\desktop.ini
C:\Windows.old\Documents and Settings\Administrator\Local Settings\desktop.ini
C:\Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
C:\Windows.old\Documents and Settings\Administrator\Local Settings\History\desktop.ini
C:\Windows.old\Documents and Settings\Administrator\Local Settings\History\History.IE5\desktop.ini
C:\Windows.old\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\desktop.ini
C:\Windows.old\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini
C:\Windows.old\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\03OJAF0B\desktop.ini
C:\Windows.old\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\8141SRWX\desktop.ini
C:\Windows.old\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\S3OP09IR\desktop.ini
C:\Windows.old\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\WZGTCH25\desktop.ini
C:\Windows.old\Documents and Settings\Administrator\SendTo\desktop.ini
C:\Windows.old\Documents and Settings\Administrator\Start Menu\desktop.ini
C:\Windows.old\Documents and Settings\Administrator\Start Menu\Programs\desktop.ini
C:\Windows.old\Documents and Settings\Administrator\Start Menu\Programs\Accessories\desktop.ini
C:\Windows.old\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\desktop.ini
C:\Windows.old\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Entertainment\desktop.ini
C:\Windows.old\Documents and Settings\Administrator\Start Menu\Programs\Startup\desktop.ini
C:\Windows.old\Documents and Settings\All Users\Application Data\desktop.ini
C:\Windows.old\Documents and Settings\All Users\Documents\desktop.ini
C:\Windows.old\Documents and Settings\All Users\Documents\My Music\Desktop.ini
C:\Windows.old\Documents and Settings\All Users\Documents\My Music\Sample Music\desktop.ini
C:\Windows.old\Documents and Settings\All Users\Documents\My Pictures\Desktop.ini
C:\Windows.old\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\desktop.ini
C:\Windows.old\Documents and Settings\All Users\Start Menu\desktop.ini
C:\Windows.old\Documents and Settings\All Users\Start Menu\Programs\desktop.ini
C:\Windows.old\Documents and Settings\All Users\Start Menu\Programs\Accessories\desktop.ini
C:\Windows.old\Documents and Settings\All Users\Start Menu\Programs\Accessories\Accessibility\desktop.ini
C:\Windows.old\Documents and Settings\All Users\Start Menu\Programs\Accessories\Communications\desktop.ini
C:\Windows.old\Documents and Settings\All Users\Start Menu\Programs\Accessories\Entertainment\desktop.ini
C:\Windows.old\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\desktop.ini
C:\Windows.old\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\desktop.ini
C:\Windows.old\Documents and Settings\All Users\Start Menu\Programs\Games\desktop.ini
C:\Windows.old\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
C:\Windows.old\Documents and Settings\Default User\NTUSER.DAT
C:\Windows.old\Documents and Settings\Default User\Application Data\desktop.ini
C:\Windows.old\Documents and Settings\Default User\Local Settings\desktop.ini
C:\Windows.old\Documents and Settings\Default User\Local Settings\History\desktop.ini
C:\Windows.old\Documents and Settings\Default User\Local Settings\History\History.IE5\desktop.ini
C:\Windows.old\Documents and Settings\Default User\Local Settings\Temporary Internet Files\desktop.ini
C:\Windows.old\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini
C:\Windows.old\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\03OJAF0B\desktop.ini
C:\Windows.old\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\8141SRWX\desktop.ini
C:\Windows.old\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\S3OP09IR\desktop.ini
C:\Windows.old\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\WZGTCH25\desktop.ini
C:\Windows.old\Documents and Settings\Default User\SendTo\desktop.ini
C:\Windows.old\Documents and Settings\Default User\Start Menu\desktop.ini
C:\Windows.old\Documents and Settings\Default User\Start Menu\Programs\desktop.ini
C:\Windows.old\Documents and Settings\Default User\Start Menu\Programs\Accessories\desktop.ini
C:\Windows.old\Documents and Settings\Default User\Start Menu\Programs\Accessories\Accessibility\desktop.ini
C:\Windows.old\Documents and Settings\Default User\Start Menu\Programs\Accessories\Entertainment\desktop.ini
C:\Windows.old\Documents and Settings\Default User\Start Menu\Programs\Startup\desktop.ini
C:\Windows.old\Documents and Settings\LocalService\NTUSER.DAT
C:\Windows.old\Documents and Settings\LocalService\ntuser.ini
C:\Windows.old\Documents and Settings\LocalService\Local Settings\desktop.ini
C:\Windows.old\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
C:\Windows.old\Documents and Settings\LocalService\Local Settings\History\desktop.ini
C:\Windows.old\Documents and Settings\LocalService\Local Settings\History\History.IE5\desktop.ini
C:\Windows.old\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\desktop.ini
C:\Windows.old\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini
C:\Windows.old\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IDUL6PMJ\desktop.ini
C:\Windows.old\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QVK9SXKZ\desktop.ini
C:\Windows.old\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\UXEVW7O9\desktop.ini
C:\Windows.old\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\W7OHAR0B\desktop.ini
C:\Windows.old\Documents and Settings\NetworkService\NTUSER.DAT
C:\Windows.old\Documents and Settings\NetworkService\ntuser.ini
C:\Windows.old\Documents and Settings\NetworkService\Local Settings\desktop.ini
C:\Windows.old\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
C:\Windows.old\Documents and Settings\NetworkService\Local Settings\History\desktop.ini
C:\Windows.old\Documents and Settings\NetworkService\Local Settings\History\History.IE5\desktop.ini
C:\Windows.old\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\desktop.ini
C:\Windows.old\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini
C:\Windows.old\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\03OJAF0B\desktop.ini
C:\Windows.old\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8141SRWX\desktop.ini
C:\Windows.old\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\S3OP09IR\desktop.ini
C:\Windows.old\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\WZGTCH25\desktop.ini
C:\Windows.old\Documents and Settings\ornata\NTUSER.DAT
C:\Windows.old\Documents and Settings\ornata\ntuser.ini
C:\Windows.old\Documents and Settings\ornata\Application Data\desktop.ini
C:\Windows.old\Documents and Settings\ornata\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
C:\Windows.old\Documents and Settings\ornata\Favorites\Desktop.ini
C:\Windows.old\Documents and Settings\ornata\Local Settings\desktop.ini
C:\Windows.old\Documents and Settings\ornata\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
C:\Windows.old\Documents and Settings\ornata\Local Settings\History\desktop.ini
C:\Windows.old\Documents and Settings\ornata\Local Settings\History\History.IE5\desktop.ini
C:\Windows.old\Documents and Settings\ornata\Local Settings\Temporary Internet Files\desktop.ini
C:\Windows.old\Documents and Settings\ornata\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini
C:\Windows.old\Documents and Settings\ornata\Local Settings\Temporary Internet Files\Content.IE5\1T3CE6L5\desktop.ini
C:\Windows.old\Documents and Settings\ornata\Local Settings\Temporary Internet Files\Content.IE5\50H0SHQ9\desktop.ini
C:\Windows.old\Documents and Settings\ornata\Local Settings\Temporary Internet Files\Content.IE5\OPWFC7U7\desktop.ini
C:\Windows.old\Documents and Settings\ornata\Local Settings\Temporary Internet Files\Content.IE5\Q3M5CRSL\desktop.ini
C:\Windows.old\Documents and Settings\ornata\My Documents\desktop.ini
C:\Windows.old\Documents and Settings\ornata\My Documents\My Music\Desktop.ini
C:\Windows.old\Documents and Settings\ornata\My Documents\My Pictures\Desktop.ini
C:\Windows.old\Documents and Settings\ornata\Recent\Desktop.ini
C:\Windows.old\Documents and Settings\ornata\SendTo\desktop.ini
C:\Windows.old\Documents and Settings\ornata\Start Menu\desktop.ini
C:\Windows.old\Documents and Settings\ornata\Start Menu\Programs\desktop.ini
C:\Windows.old\Documents and Settings\ornata\Start Menu\Programs\Accessories\desktop.ini
C:\Windows.old\Documents and Settings\ornata\Start Menu\Programs\Accessories\Accessibility\desktop.ini
C:\Windows.old\Documents and Settings\ornata\Start Menu\Programs\Accessories\Entertainment\desktop.ini
C:\Windows.old\Documents and Settings\ornata\Start Menu\Programs\Startup\desktop.ini
C:\Windows.old\Windows\Downloaded Program Files\desktop.ini
C:\Windows.old\Windows\Fonts\desktop.ini
C:\Windows.old\Windows\Offline Web Pages\desktop.ini
C:\Windows.old\Windows\repair\ntuser.dat
C:\Windows.old\Windows\system32\config\systemprofile\Application Data\desktop.ini
C:\Windows.old\Windows\system32\config\systemprofile\Local Settings\desktop.ini
C:\Windows.old\Windows\system32\config\systemprofile\Local Settings\History\desktop.ini
C:\Windows.old\Windows\system32\config\systemprofile\Local Settings\History\History.IE5\desktop.ini
C:\Windows.old\Windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\desktop.ini
C:\Windows.old\Windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini
C:\Windows.old\Windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\F7N87KKF\desktop.ini
C:\Windows.old\Windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\FFYODF73\desktop.ini
C:\Windows.old\Windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\FPAS5DP8\desktop.ini
C:\Windows.old\Windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\WTWDK450\desktop.ini
C:\Windows.old\Windows\system32\config\systemprofile\SendTo\desktop.ini
C:\Windows.old\Windows\system32\config\systemprofile\Start Menu\desktop.ini
C:\Windows.old\Windows\system32\config\systemprofile\Start Menu\Programs\desktop.ini
C:\Windows.old\Windows\system32\config\systemprofile\Start Menu\Programs\Accessories\desktop.ini
C:\Windows.old\Windows\system32\config\systemprofile\Start Menu\Programs\Accessories\Accessibility\desktop.ini
C:\Windows.old\Windows\system32\config\systemprofile\Start Menu\Programs\Accessories\Entertainment\desktop.ini
C:\Windows.old\Windows\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini
C:\Windows.old\Windows\Tasks\SA.DAT
C:\Windows.old\Windows\Tasks\desktop.ini


#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:48 AM

Posted 24 July 2010 - 07:46 PM

Been through this twice and there's nothing there.

What symptoms have you seen in the last two days?
Posted Image
m0le is a proud member of UNITE

#13 papilio01

papilio01
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 24 July 2010 - 10:18 PM

Hi mOle,

Thanks for all your effort, I ran Kaspersky's and ESET's online scans, this time I found two trojans which nothing else has picked up. I may need help in removing them, but I'm hoping that they are responsible for any remaining problems (things like Avast continually being disabled, then a new download by me and re-installation, other security settings lowered or disabled. Also Event logging keeps stopping, and lots of logons under my username -- though I keep changing my password). These do sound like trojan behavior, yes? Once my machine is clean, I'll re-install the rest of my apps and then begin logging on with a limited user account -- though I have been reading that this is no longer a very effective protection, one test by a major internet security company showed little difference between the two logon types in terms of effective malware intrusions and functioning. Your thoughts on this?

I didn't want to speak too soon, but it now seems pretty clear that, since I got the Windows activation problem cleared up, I've begun seeing logs of MS uninstalling a lot of those ROOT-enumerated strange services, hidden devices and so on, evidently returning my machine back to its default. (These survices had been specifically set up so as not to show up on scans as running processes.) And I'm finally being allowed to retain ownership of my own files. I can't believe that their activities were so invasive, but the constant scanning and monitoring of my computer, all of the outgoing communications from those services, have gradually diminished greatly. It's still a mystery why the same invasive symptoms began while still on my OEM XP, but I have the feeling of being fairly secure again. Since I'd not heard from you in several days, I had pretty much assumed that you had at least not found anything urgent.

So if you can help me with these trojans, hopefully, together with my new knowledge of how to avoid reacting to "social engineering" online (though I've never been likely to surf unsafely), things will probably get back to normal at last.

I'm also still wondering though about the constant running of the silently installed sptd.sys, what the purpose of it's presence on my PC what may be if not malware-related. I reinstalled it, since without it Explorer kept crashing. According to the timestamps at least, it had not been on Windows initially, and I'd never seen it as a running service till lately.

Is it true that (according to the EULA) unless I get a full license instead of the Upgrade, I can't do a clean install or dual boot? (I do dual boot with ubuntu, though on the same partition. I'd like to have another Windows on a separate partition.)

And finally, since all of my other scanners, Malwarebytes, Avast, Orphos, seemed unable to scan deeply enough, what you would suggest as effective software, or should I just run these two online scans once a week or so, sfc /scannow, and keep Avast for its Firewall and monitoring of system/suspicious program activity and so on.

Here are those two scans.

Thanks mOle!
Michael

>>>>>>>>>>>>>>>>>>>

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=b5894f326fdef643a411d3bee8090599
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-07-23 02:39:52
# local_time=2010-07-23 09:39:52 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 829236 829236 0 0
# compatibility_mode=5893 16776573 100 94 0 31438090 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=104398
# found=1
# cleaned=0
# scan_time=2692
C:\Windows.old\Program Files\vReveal\QTSourcePXT.dll Win32/Packed.Themida.AAA trojan 00000000000000000000000000000000 I






--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Wednesday, July 21, 2010
Operating system: Microsoft Home Edition (build 7600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, July 21, 2010 23:56:37
Records in database: 4232093
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\

Scan statistics:
Objects scanned: 123320
Threats found: 1
Infected objects found: 1
Suspicious objects found: 0
Scan duration: 01:58:43


File name / Threat / Threats count
C:\Users\papilio\Desktop\MGtools.exe Infected: Trojan-Dropper.Win32.Agent.ckcd 1

Selected area has been scanned.



#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:48 AM

Posted 25 July 2010 - 05:26 PM

Let's give MBAM and SAS a go and see if it finds anything

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.


Then

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Posted Image
m0le is a proud member of UNITE

#15 papilio01

papilio01
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 26 July 2010 - 05:06 AM

Hi mOle,

First off, as an aside, this evening I found this posted in Kaspersky's malware forum

"The program named MGtools.exe is a tool used to aid in the removal of malware. It was developed by me
and has been in use for years over at forums.majorgeeks.com. I have recently been getting reports by
Kasperky users that MGtools.exe is being detected as Trojan-Dropper.Win32.Agent. Please correct your
detections as this is a false detection. "

I Shift+Deleted it anyway, also all of Windows.old, where the other trojan had been located -- no need for it.


When I first installed Win 7, the EULA implied that an Upgrade version had to be installed over an in-place, validated XP. I've just read on CNET that the EULA for the Upgrade has since been reworded to allow for clean installs, just as long as there had been a valid prior OS on the machine. Of course, I'd prefer to just get rid of whatever bugs might remain, but ...

Well, even today Avast was again reverted to an "Expired Trial" and disabled, they are always very helpful but insist that it's malware-related. But Avast has been the only problem experienced for a while, so maybe v.5 is still buggy. I really like the Avast interface, but if that's all that's going on, adios.

Anyway, here are the logs. Malwarebytes found nothing, and just 5 or 10 tracking cookies flagged and completely removed by SUPERAntiSpyware. Haven't checked for rootkits since just before starting this thread. I think if there continues to be evidence of malware but we have too much trouble dealing with it, I will finally do a proper clean install as I had wanted to do right from the start.

>>>>>>>>>>>>

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4347

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

7/25/2010 6:10:43 PM
mbam-log-2010-07-25 (18-10-43).txt

Scan type: Full scan (C:\|F:\|)
Objects scanned: 251809
Time elapsed: 33 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


>>>>>>>>>>>>>>>>>>>>>>>>>>>

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/25/2010 at 11:51 PM

Application Version : 4.41.1000

Core Rules Database Version : 5265
Trace Rules Database Version: 3077

Scan type : Custom Scan
Total Scan Time : 00:12:54

Memory items scanned : 688
Memory threats detected : 0
Registry items scanned : 8830
Registry threats detected : 0
File items scanned : 8545
File threats detected : 9

Adware.Tracking Cookie
C:\Users\papilio\AppData\Roaming\Microsoft\Windows\Cookies\papilio@atdmt[1].txt
C:\Users\papilio\AppData\Roaming\Microsoft\Windows\Cookies\papilio@ehg-eset.hitbox[2].txt
C:\Users\papilio\AppData\Roaming\Microsoft\Windows\Cookies\papilio@hitbox[2].txt
C:\Users\papilio\AppData\Roaming\Microsoft\Windows\Cookies\papilio@doubleclick[1].txt

Adware.Flash Tracking Cookie
C:\Users\papilio\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\W33QB8MD\WIDGET1.ADNET.VN
C:\Users\papilio\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\W33QB8MD\MEDIA1.BREAK.COM
C:\Users\papilio\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\W33QB8MD\A.ADS2.MSADS.NET
C:\Users\papilio\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\W33QB8MD\ADS2.MSADS.NET
C:\Users\papilio\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\W33QB8MD\B.ADS2.MSADS.NET


>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/26/2010 at 01:47 AM

Application Version : 4.41.1000

Core Rules Database Version : 5266
Trace Rules Database Version: 3078

Scan type : Complete Scan
Total Scan Time : 00:26:29

Memory items scanned : 667
Memory threats detected : 0
Registry items scanned : 8839
Registry threats detected : 0
File items scanned : 27448
File threats detected : 1

Adware.Tracking Cookie
C:\Users\papilio\AppData\Roaming\Microsoft\Windows\Cookies\papilio@atdmt[2].txt






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users