Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cant install antivirus


  • This topic is locked This topic is locked
28 replies to this topic

#1 Imperio

Imperio

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tirana, Albania
  • Local time:10:12 PM

Posted 24 September 2010 - 04:55 PM

Hello, I cant install any antivirus. I have tried Norton, nod32, kaspersky, avira etc, but none of them works... My PC doesnt recognize me as Administrator as well. I dont know if these topics are related but anyway. I tried to format my Pc but nothing changed. I am freaking out and i dont know what to do. i dont know even any technican can help me. Please HELP ME!

DDS (Ver_10-03-17.01) - NTFSx86
Run by Fabi at 1:43:07.90 on Sat 09/25/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.608 [GMT 4.5:30]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\DOCUME~1\Fabi\LOCALS~1\Temp\bbiwql.exe
C:\Documents and Settings\Fabi\Desktop\dds.scr

============== Pseudo HJT Report ===============

BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
dRunOnce: [nltide_2] regsvr32 /s /n /i:U shell32
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
uPolicies-system: DisableRegistryTools = 1 (0x1)
uPolicies-system: DisableTaskMgr = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
dPolicies-system: DisableTaskMgr = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
TCP: {773193DB-A50C-4170-8F4B-B83D52668431} = 217.24.240.66,213.207.32.66
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\fabi\applic~1\mozilla\firefox\profiles\vz14jwz3.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\documents and settings\fabi\application data\idm\idmmzcc3\components\idmmzcc.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R3 amsint32;amsint32;\??\c:\windows\system32\drivers\momqs.sys --> c:\windows\system32\drivers\momqs.sys [?]
S3 FXDrv32;FXDrv32;\??\e:\fxdrv32.sys --> e:\FXDrv32.sys [?]

=============== Created Last 30 ================

2010-09-24 21:12:01 0 ----a-w- c:\documents and settings\fabi\defogger_reenable
2010-09-24 20:31:09 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2010-09-24 20:24:03 8 --sha-r- c:\documents and settings\fabi\ntuser.pol
2010-09-24 20:19:12 0 d--h--w- c:\windows\system32\GroupPolicy
2010-09-24 19:49:30 0 d-----w- c:\docume~1\fabi\applic~1\IDM
2010-09-24 19:49:30 0 d-----w- c:\docume~1\fabi\applic~1\DMCache
2010-09-24 19:49:29 0 d-----w- c:\program files\Internet Download Manager
2010-09-24 19:11:03 0 d-----w- c:\program files\common files\ODBC
2010-09-24 19:11:00 0 d-----w- c:\program files\common files\SpeechEngines
2010-09-24 18:53:56 0 d-----w- c:\program files\Realtek
2010-09-24 18:52:24 0 d-----w- c:\program files\ATI Technologies
2010-09-24 17:41:59 0 d-----w- c:\docume~1\alluse~1\applic~1\Symantec
2010-09-24 17:41:49 0 d-----w- c:\program files\common files\Symantec Shared
2010-09-24 17:26:46 0 d-sh--w- c:\documents and settings\all users\DRM
2010-09-24 17:26:32 0 d--h--w- c:\program files\WindowsUpdate
2010-09-24 17:25:54 0 d-----w- c:\program files\common files\MSSoap
2010-09-24 17:24:27 0 d-----w- c:\program files\Online Services
2010-09-24 17:24:17 0 d-----w- c:\program files\Windows Media Connect 2
2010-09-24 17:24:14 0 d-----w- c:\program files\Messenger
2010-09-24 17:24:10 0 d-----w- c:\program files\MSN Gaming Zone
2010-09-24 17:23:34 0 d-----w- c:\program files\Windows NT

==================== Find3M ====================

2010-09-24 17:49:17 103140 --sh--r- C:\wtpgr.exe
2010-09-24 17:24:45 21640 ----a-w- c:\windows\system32\emptyregdb.dat

============= FINISH: 1:43:17.34 ===============

Hello, I am sorry but while waiting for your reply I made some changes in my PC. I downloaded and installed different registry error cleaners because I thought they might help me with just installing this game so I would not be just waiting but at least pass the time playing. Unfortunately none of these ways worked and I should have listened to you. I should not have installed any new programs, but anyway a will post you the new logs in this second topic. I think you should ignore the first logs since they might have changed (I realized the way you work lately). I hope my mistake will not cause any trouble. I am really sorry!

I have a problem running "World of Warcraft". It is a game that I am sure u have heard of. When i try to run the game an error pops up:

Runtime error!
Program: C:\program files\world of warcraft\wow.exe
R6002
-floating point support not loaded

I tried to install virtual C++, last directX version, tried to clean runtime errors with different programs but none of these ways worked.
I dont know what else I should do.
My OS is windows XP SP3.


DDS (Ver_10-03-17.01) - NTFSx86
Run by Fabi at 13:27:13.76 on Sun 09/26/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.599 [GMT 2:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\Fabi\LOCALS~1\Temp\tndtss.exe
C:\Documents and Settings\Fabi\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.y8-y8.com/
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SkyTel] SkyTel.EXE
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [C-Media Mixer] Mixer.exe /startup
mRun: [Alcmtr] ALCMTR.EXE
dRunOnce: [nltide_2] regsvr32 /s /n /i:U shell32
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
uPolicies-system: DisableRegistryTools = 1 (0x1)
uPolicies-system: DisableTaskMgr = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
dPolicies-system: DisableTaskMgr = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
TCP: {773193DB-A50C-4170-8F4B-B83D52668431} = 217.24.240.66,213.207.32.66
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\fabi\applic~1\mozilla\firefox\profiles\vz14jwz3.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-9-26 54760]
R3 amsint32;amsint32;\??\c:\windows\system32\drivers\urkpn.sys --> c:\windows\system32\drivers\urkpn.sys [?]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 FXDrv32;FXDrv32;\??\e:\fxdrv32.sys --> e:\FXDrv32.sys [?]

=============== Created Last 30 ================

2010-09-25 23:47:37 0 d-----w- c:\docume~1\fabi\applic~1\ParetoLogic
2010-09-25 23:47:37 0 d-----w- c:\docume~1\fabi\applic~1\DriverCure
2010-09-25 23:47:29 0 d-----w- c:\docume~1\alluse~1\applic~1\ParetoLogic
2010-09-25 23:22:15 0 d-----w- c:\windows\pss
2010-09-25 23:08:55 0 d-----w- c:\documents and settings\fabi\Tracing
2010-09-25 23:01:04 54760 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2010-09-25 23:00:23 0 d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-09-25 22:59:17 0 d-----w- c:\program files\Windows Live SkyDrive
2010-09-25 22:53:40 0 d-----w- c:\program files\common files\Windows Live
2010-09-25 22:04:38 81920 ----a-w- c:\windows\eSellerateControl350.dll
2010-09-25 22:04:38 356352 ----a-w- c:\windows\eSellerateEngine.dll
2010-09-25 21:56:25 0 d-----w- c:\program files\SmartPCTools
2010-09-25 21:40:34 0 d-----w- c:\windows\system32\LogFiles
2010-09-25 21:27:59 443752 ----a-w- c:\windows\system32\d3dx10_33.dll
2010-09-25 21:20:54 0 d--h--w- c:\windows\msdownld.tmp
2010-09-25 21:20:50 0 d-----w- c:\windows\Logs
2010-09-25 12:23:05 25 ----a-w- c:\windows\mixerdef.ini
2010-09-25 12:06:27 0 d-----w- c:\docume~1\fabi\applic~1\BILEVSE
2010-09-25 12:03:17 10624 -c--a-w- c:\windows\system32\dllcache\gameenum.sys
2010-09-25 12:03:17 10624 ----a-w- c:\windows\system32\drivers\gameenum.sys
2010-09-25 11:46:17 0 d-----w- c:\program files\Microsoft SQL Server
2010-09-25 11:43:24 0 d-----w- c:\program files\common files\Merge Modules
2010-09-25 11:41:41 0 d-----w- c:\windows\system32\XPSViewer
2010-09-25 11:41:08 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-09-25 11:41:08 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-09-25 11:41:08 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-09-25 11:41:08 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-09-25 11:41:08 117760 ------w- c:\windows\system32\prntvpt.dll
2010-09-25 11:41:07 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-09-25 11:41:07 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-09-25 11:41:07 0 d-----w- C:\ca0bd2ee3f5b7807d3699d
2010-09-25 11:07:01 0 d-----w- C:\TC
2010-09-25 02:18:19 0 d-----w- c:\docume~1\alluse~1\applic~1\Blizzard Entertainment
2010-09-25 01:24:56 0 d-----w- c:\program files\Microsoft
2010-09-25 01:21:13 0 d-----w- c:\docume~1\fabi\applic~1\Sammsoft
2010-09-25 00:09:41 20 ----a-w- c:\documents and settings\fabi\defogger_reenable
2010-09-24 23:33:33 0 d-----w- c:\docume~1\alluse~1\applic~1\Blizzard
2010-09-24 22:51:26 0 d-----w- c:\program files\World of Warcraft
2010-09-24 22:51:26 0 d-----w- c:\program files\common files\Blizzard Entertainment
2010-09-24 22:43:18 0 d-----w- c:\docume~1\fabi\applic~1\DAEMON Tools Pro
2010-09-24 22:43:18 0 d-----w- c:\docume~1\alluse~1\applic~1\DAEMON Tools Pro
2010-09-24 22:35:10 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-09-24 22:29:19 2189952 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-09-24 22:29:19 2146304 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-09-24 22:29:18 2024448 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-09-24 22:28:42 697328 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-09-24 22:25:15 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-09-24 22:20:21 0 d-----w- c:\windows\system32\SoftwareDistribution
2010-09-24 20:31:09 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2010-09-24 20:24:03 8 --sha-r- c:\documents and settings\fabi\ntuser.pol
2010-09-24 20:19:12 0 d--h--w- c:\windows\system32\GroupPolicy
2010-09-24 19:49:30 0 d-----w- c:\docume~1\fabi\applic~1\DMCache
2010-09-24 19:11:03 0 d-----w- c:\program files\common files\ODBC
2010-09-24 19:11:00 0 d-----w- c:\program files\common files\SpeechEngines
2010-09-24 18:53:56 0 d-----w- c:\program files\Realtek
2010-09-24 18:52:24 0 d-----w- c:\program files\ATI Technologies
2010-09-24 17:41:59 0 d-----w- c:\docume~1\alluse~1\applic~1\Symantec
2010-09-24 17:41:49 0 d-----w- c:\program files\common files\Symantec Shared
2010-09-24 17:26:46 0 d-sh--w- c:\documents and settings\all users\DRM
2010-09-24 17:26:32 0 d--h--w- c:\program files\WindowsUpdate
2010-09-24 17:25:54 0 d-----w- c:\program files\common files\MSSoap
2010-09-24 17:24:27 0 d-----w- c:\program files\Online Services
2010-09-24 17:24:17 0 d-----w- c:\program files\Windows Media Connect 2
2010-09-24 17:24:14 0 d-----w- c:\program files\Messenger
2010-09-24 17:24:10 0 d-----w- c:\program files\MSN Gaming Zone
2010-09-24 17:23:34 0 d-----w- c:\program files\Windows NT

==================== Find3M ====================

2010-09-24 17:49:17 103140 --sh--r- C:\wtpgr.exe
2010-09-24 17:24:45 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-22 15:49:15 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll

============= FINISH: 13:27:29.01 ===============

EDIT: Posts merged ~BP

Attached Files


Edited by Budapest, 26 September 2010 - 04:14 PM.
Topics merged ~Pandy


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:12 PM

Posted 29 September 2010 - 02:45 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.
  1. Do not run any other tool untill instructed to do so!
  2. Please Do not Attach logs or put in code boxes.
  3. Tell me about any problems that have occurred during the fix.
  4. Tell me of any other symptoms you may be having as these can help also.
  5. Do not run anything while running a fix.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:
    Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
    • The application window will appear
    • Click the Disable button to disable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger may ask you to reboot the machine, if it does - click OK
    Do not re-enable these drivers until otherwise instructed.

Download DDS:
    Please download DDS by sUBs from one of the links below and save it to your desktop:


    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.
    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
      • DDS.txt
      • Attach.txt
    • A window will open instructing you save & post the logs
    • Save the logs to a convenient place such as your desktop
    • Copy the contents of both logs & post in your next reply

Scan With RKUnHooker
  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


information and logs:
    In your next post I need the following
      1.logs from DDS
      2.log from RKUnHooker
      3.let me know of any problems you may have had

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Imperio

Imperio
  • Topic Starter

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tirana, Albania
  • Local time:10:12 PM

Posted 29 September 2010 - 04:57 PM

Hello, thank you very much for the reply. I was just going to ask for help to a tech. The more time I spend on my PC the more i realize that i have a lot of other malware problems!
the last was that i could not use my mic. i have a headset and i can hear sounds fine but i cant use my mic. the PC recognizes it but cant record for example with sound recorder. Instead of my voice it record the background voice. (for ex. mediaplayer song that i am hearing or youtube etc) anyway... this are the logs that you requested!


DDS (Ver_10-03-17.01) - NTFSx86
Run by Fabi at 23:45:50.39 on Wed 09/29/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.495 [GMT 2:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BitTorrent\BitTorrent.exe
svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\DOCUME~1\Fabi\LOCALS~1\Temp\winjbqmok.exe
C:\Documents and Settings\Fabi\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.y8-y8.com/
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BitTorrent] "c:\program files\bittorrent\BitTorrent.exe"
mRun: [SkyTel] SkyTel.EXE
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [C-Media Mixer] Mixer.exe /startup
mRun: [Alcmtr] ALCMTR.EXE
dRunOnce: [nltide_2] regsvr32 /s /n /i:U shell32
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
uPolicies-system: DisableRegistryTools = 1 (0x1)
uPolicies-system: DisableTaskMgr = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
dPolicies-system: DisableTaskMgr = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
TCP: {773193DB-A50C-4170-8F4B-B83D52668431} = 217.24.240.66,213.207.32.66
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\fabi\applic~1\mozilla\firefox\profiles\vz14jwz3.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\documents and settings\fabi\application data\mozilla\firefox\profiles\vz14jwz3.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\fabi\application data\mozilla\firefox\profiles\vz14jwz3.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-9-26 54760]
R3 amsint32;amsint32;\??\c:\windows\system32\drivers\urkpn.sys --> c:\windows\system32\drivers\urkpn.sys [?]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 FXDrv32;FXDrv32;\??\e:\fxdrv32.sys --> e:\FXDrv32.sys [?]

=============== Created Last 30 ================

2010-09-28 12:11:52 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2010-09-28 12:11:52 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-09-27 19:23:49 0 d-----w- c:\program files\VideoLAN
2010-09-27 14:16:17 0 d-----w- c:\program files\gPotato.eu
2010-09-27 13:16:06 0 d-----w- c:\program files\BitTorrent
2010-09-27 13:15:22 0 d-----w- c:\docume~1\fabi\applic~1\BitTorrent
2010-09-25 23:47:37 0 d-----w- c:\docume~1\fabi\applic~1\ParetoLogic
2010-09-25 23:47:37 0 d-----w- c:\docume~1\fabi\applic~1\DriverCure
2010-09-25 23:47:29 0 d-----w- c:\docume~1\alluse~1\applic~1\ParetoLogic
2010-09-25 23:22:15 0 d-----w- c:\windows\pss
2010-09-25 23:08:55 0 d-----w- c:\documents and settings\fabi\Tracing
2010-09-25 23:01:04 54760 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2010-09-25 23:00:23 0 d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-09-25 22:59:17 0 d-----w- c:\program files\Windows Live SkyDrive
2010-09-25 22:53:40 0 d-----w- c:\program files\common files\Windows Live
2010-09-25 22:04:38 81920 ----a-w- c:\windows\eSellerateControl350.dll
2010-09-25 22:04:38 356352 ----a-w- c:\windows\eSellerateEngine.dll
2010-09-25 21:56:25 0 d-----w- c:\program files\SmartPCTools
2010-09-25 21:40:34 0 d-----w- c:\windows\system32\LogFiles
2010-09-25 21:27:59 443752 ----a-w- c:\windows\system32\d3dx10_33.dll
2010-09-25 21:20:54 0 d--h--w- c:\windows\msdownld.tmp
2010-09-25 21:20:50 0 d-----w- c:\windows\Logs
2010-09-25 12:23:05 25 ----a-w- c:\windows\mixerdef.ini
2010-09-25 12:06:27 0 d-----w- c:\docume~1\fabi\applic~1\BILEVSE
2010-09-25 12:03:17 10624 -c--a-w- c:\windows\system32\dllcache\gameenum.sys
2010-09-25 12:03:17 10624 ----a-w- c:\windows\system32\drivers\gameenum.sys
2010-09-25 11:46:17 0 d-----w- c:\program files\Microsoft SQL Server
2010-09-25 11:43:24 0 d-----w- c:\program files\common files\Merge Modules
2010-09-25 11:41:41 0 d-----w- c:\windows\system32\XPSViewer
2010-09-25 11:41:08 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-09-25 11:41:08 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-09-25 11:41:08 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-09-25 11:41:08 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-09-25 11:41:08 117760 ------w- c:\windows\system32\prntvpt.dll
2010-09-25 11:41:07 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-09-25 11:41:07 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-09-25 11:41:07 0 d-----w- C:\ca0bd2ee3f5b7807d3699d
2010-09-25 11:07:01 0 d-----w- C:\TC
2010-09-25 02:18:19 0 d-----w- c:\docume~1\alluse~1\applic~1\Blizzard Entertainment
2010-09-25 01:24:56 0 d-----w- c:\program files\Microsoft
2010-09-25 01:21:13 0 d-----w- c:\docume~1\fabi\applic~1\Sammsoft
2010-09-25 00:09:41 20 ----a-w- c:\documents and settings\fabi\defogger_reenable
2010-09-24 23:33:33 0 d-----w- c:\docume~1\alluse~1\applic~1\Blizzard
2010-09-24 22:51:26 0 d-----w- c:\program files\World of Warcraft
2010-09-24 22:51:26 0 d-----w- c:\program files\common files\Blizzard Entertainment
2010-09-24 22:43:18 0 d-----w- c:\docume~1\fabi\applic~1\DAEMON Tools Pro
2010-09-24 22:43:18 0 d-----w- c:\docume~1\alluse~1\applic~1\DAEMON Tools Pro
2010-09-24 22:35:10 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-09-24 22:29:19 2189952 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-09-24 22:29:19 2146304 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-09-24 22:29:18 2024448 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-09-24 22:28:42 697328 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-09-24 22:25:15 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-09-24 22:20:21 0 d-----w- c:\windows\system32\SoftwareDistribution
2010-09-24 20:31:09 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2010-09-24 20:24:03 8 --sha-r- c:\documents and settings\fabi\ntuser.pol
2010-09-24 20:19:12 0 d--h--w- c:\windows\system32\GroupPolicy
2010-09-24 19:49:30 0 d-----w- c:\docume~1\fabi\applic~1\DMCache
2010-09-24 19:11:03 0 d-----w- c:\program files\common files\ODBC
2010-09-24 19:11:00 0 d-----w- c:\program files\common files\SpeechEngines
2010-09-24 18:53:56 0 d-----w- c:\program files\Realtek
2010-09-24 18:52:24 0 d-----w- c:\program files\ATI Technologies
2010-09-24 17:41:59 0 d-----w- c:\docume~1\alluse~1\applic~1\Symantec
2010-09-24 17:41:49 0 d-----w- c:\program files\common files\Symantec Shared
2010-09-24 17:26:46 0 d-sh--w- c:\documents and settings\all users\DRM
2010-09-24 17:26:32 0 d--h--w- c:\program files\WindowsUpdate
2010-09-24 17:25:54 0 d-----w- c:\program files\common files\MSSoap
2010-09-24 17:24:27 0 d-----w- c:\program files\Online Services
2010-09-24 17:24:17 0 d-----w- c:\program files\Windows Media Connect 2
2010-09-24 17:24:14 0 d-----w- c:\program files\Messenger
2010-09-24 17:24:10 0 d-----w- c:\program files\MSN Gaming Zone
2010-09-24 17:23:34 0 d-----w- c:\program files\Windows NT

==================== Find3M ====================

2010-09-24 17:49:17 103140 --sh--r- C:\wtpgr.exe
2010-09-24 17:24:45 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-22 15:49:15 590848 ----a-w- c:\windows\system32\rpcrt4.dll

============= FINISH: 23:46:03.78 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 9/24/2010 7:30:05 PM
System Uptime: 9/29/2010 7:20:38 PM (4 hours ago)

Motherboard: FOXCONN | | RS690M2MA
Processor: AMD Athlon™ 64 X2 Dual Core Processor 4600+ | CPU 1 | 2410/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 78 GiB total, 39.795 GiB free.
D: is FIXED (NTFS) - 71 GiB total, 33.75 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 9/26/2010 1:29:34 AM - System Checkpoint
RP2: 9/26/2010 1:53:13 AM - PC Health Advisor Backup
RP3: 9/27/2010 3:58:53 PM - System Checkpoint
RP4: 9/29/2010 11:02:10 PM - System Checkpoint

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0.7
ATI - Software Uninstall Utility
BitTorrent
Dragonica(EU)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB945282)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946040)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946308)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947540)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947789)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB948127)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB981793)
Junk Mail filter update
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008 Management Objects
Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
Mozilla Firefox (3.6.10)
MSVCRT
NVIDIA Drivers
PCI Audio Driver
REALTEK GbE & FE Ethernet PCI NIC Driver
Realtek High Definition Audio Driver
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
SQL Server System CLR Types
Update for Windows XP (KB898461)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
VLC media player 1.1.4
WebFldrs XP
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
World of Warcraft

==== Event Viewer Messages From Past Week ========

9/28/2010 7:43:35 AM, error: Dhcp [1002] - The IP address lease 192.168.1.3 for the Network Card with network address 001C250FC533 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
9/27/2010 4:47:00 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\gPotato.eu\Dragonica\EU\release\dragonica.exe. Reference error message: The operation completed successfully. .
9/27/2010 4:47:00 PM, error: SideBySide [58] - Syntax error in manifest or policy file "C:\Program Files\gPotato.eu\Dragonica\EU\release\Microsoft.VC80.CRT.MANIFEST" on line 4.
9/27/2010 4:47:00 PM, error: SideBySide [34] - Component identity found in manifest does not match the identity of the component requested
9/27/2010 3:08:43 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Documents and Settings\Fabi\Desktop\dragonica_en.exe. Reference error message: The operation completed successfully. .
9/27/2010 1:33:47 AM, error: Dhcp [1002] - The IP address lease 192.168.1.12 for the Network Card with network address 001C250FC533 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
9/25/2010 9:44:55 PM, error: Tcpip [4198] - The system detected an address conflict for IP address 192.168.1.76 with the system having network hardware address 00:19:B9:52:D0:E4. The local interface has been disabled.
9/25/2010 7:00:16 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer ',0x1'. NtpClient will try the DNS lookup again in 240 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
9/25/2010 3:21:33 AM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC80.MFC. Reference error message: The referenced assembly is not installed on your system. .
9/25/2010 3:21:33 AM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC80.ATL. Reference error message: The referenced assembly is not installed on your system. .
9/25/2010 3:21:33 AM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\system32\TwcToolbarIe7.dll. Reference error message: The operation completed successfully. .
9/25/2010 3:21:33 AM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\system32\TwcToolbarBho.dll. Reference error message: The operation completed successfully. .
9/25/2010 3:21:33 AM, error: SideBySide [32] - Dependent Assembly Microsoft.VC80.MFC could not be found and Last Error was The referenced assembly is not installed on your system.
9/25/2010 3:21:33 AM, error: SideBySide [32] - Dependent Assembly Microsoft.VC80.ATL could not be found and Last Error was The referenced assembly is not installed on your system.
9/25/2010 12:31:01 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070002: Security Update for Windows XP (KB973869).
9/25/2010 12:15:18 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer ',0x1'. NtpClient will try the DNS lookup again in 60 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
9/25/2010 11:45:18 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer ',0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
9/25/2010 11:30:18 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer ',0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
9/25/2010 11:08:11 PM, error: NetBT [4307] - Initialization failed because the transport refused to open initial Addresses.
9/25/2010 11:06:04 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows XP (KB975560).
9/25/2010 1:39:54 PM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\windows\system32\ping.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.2600.5512, the version of the system file is 5.1.2600.5512.
9/25/2010 1:15:18 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer ',0x1'. NtpClient will try the DNS lookup again in 120 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
9/24/2010 9:39:34 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service NSCService with arguments "" in order to run the server: {09B7ADDC-8BF0-409B-8571-43E8EA2AAFA3}
9/24/2010 9:34:10 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service Symantec Core LC with arguments "-Service" in order to run the server: {60C70E11-2B08-4798-B366-C8450CDA7B1A}
9/24/2010 8:24:07 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the service.
9/24/2010 8:23:37 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the navapsvc service.
9/24/2010 8:22:56 PM, error: Service Control Manager [7034] - The Symantec Core LC service terminated unexpectedly. It has done this 1 time(s).
9/24/2010 8:21:52 PM, error: System Error [1003] - Error code 10000050, parameter1 fffffff0, parameter2 00000000, parameter3 80526431, parameter4 00000000.
9/24/2010 7:56:17 PM, error: Service Control Manager [7024] - The Symantec SPBBCSvc service terminated with service-specific error 4294967295 (0xFFFFFFFF).
9/24/2010 7:53:44 PM, error: Service Control Manager [7034] - The Symantec Event Manager service terminated unexpectedly. It has done this 1 time(s).
9/24/2010 7:53:43 PM, error: Service Control Manager [7034] - The Symantec Settings Manager service terminated unexpectedly. It has done this 1 time(s).

==== End Of File ===========================

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xF4C50000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 6856704 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 163.71 )
0xBF012000 C:\WINDOWS\System32\nv4_disp.dll 5783552 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 163.71 )
0xF14B2000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 4636672 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2150400 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2150400 bytes
0x804D7000 RAW 2150400 bytes
0x804D7000 WMIxWDM 2150400 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF7369000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xF1251000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF4A46000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xF4B5C000 C:\WINDOWS\system32\drivers\cmaudio.sys 380928 bytes (C-Media Inc, C-Media Audio WDM Driver)
0xF1336000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xB9FBF000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xB9C86000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF4ACC000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF74AD000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xBA03E000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF733C000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB8CAF000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xF12C1000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xF4BCD000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xF130E000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF7457000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xF4B38000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF4C18000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF4BF5000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xF12EC000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806E4000 ACPI_HAL 134400 bytes
0x806E4000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF741F000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF747D000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF7322000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF743F000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF1211000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF73F6000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF4B0D000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xBA403000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF4BB9000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF4B24000 C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys 81920 bytes (Realtek Semiconductor Corporation , Realtek 10/100/1000 NDIS 5.1 Driver )
0xF4C3C000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xF138F000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF740D000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF749C000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF4AFC000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF767C000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF774C000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF776C000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF777C000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF775C000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xBA790000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF780C000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF761C000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF778C000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF75FC000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF76BC000 C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys 49152 bytes (Microsoft Corporation, Family Safety Filter Driver (TDI))
0xF77AC000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF784C000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF773C000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF75EC000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF779C000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF75DC000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF77EC000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF77DC000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF760C000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF768C000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xB9B86000 C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 36864 bytes (Microsoft Corporation, IP FILTER DRIVER)
0xF77BC000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF783C000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xB8DF5000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF772C000 C:\WINDOWS\system32\DRIVERS\processr.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF782C000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF794C000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF7954000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xF78E4000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF7934000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF785C000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF7904000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF790C000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF793C000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF7944000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF7864000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF78F4000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF78FC000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF78EC000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF78DC000 C:\WINDOWS\system32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0xF795C000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF14AA000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF7AB0000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xBA728000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF7A90000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF79EC000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF1486000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF7AD0000 C:\WINDOWS\system32\DRIVERS\gameenum.sys 12288 bytes (Microsoft Corporation, Game Port Enumerator)
0xF1926000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xF14A6000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF7A94000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF4AB0000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF7AF8000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7AE0000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xF7B0E000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF7AF6000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7ADC000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7AFA000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7B5E000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF7AFC000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7AEE000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7BA2000 C:\WINDOWS\system32\drivers\urkpn.sys 8192 bytes
0xF7AF0000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7ADE000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7D1F000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7C60000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7D0C000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7BA4000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:12 PM

Posted 29 September 2010 - 06:37 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"
    In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Imperio

Imperio
  • Topic Starter

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tirana, Albania
  • Local time:10:12 PM

Posted 30 September 2010 - 05:03 AM

Hello, I did not have any problems installing and using Combofix. But I am afraid that It has not fixed anything that I need. This is the log.

ComboFix 10-09-29.04 - Fabi 09/30/2010 11:52:02.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.613 [GMT 2:00]
Running from: c:\documents and settings\Fabi\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\windows\ALCMTR.EXE
C:\wtpgr.exe
D:\Autorun.inf
D:\ifubw.pif

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AMSINT32
-------\Service_amsint32


((((((((((((((((((((((((( Files Created from 2010-08-28 to 2010-09-30 )))))))))))))))))))))))))))))))
.

2010-09-28 12:11 . 2001-08-17 15:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2010-09-28 12:11 . 2001-08-17 15:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-09-27 19:24 . 2010-09-27 19:27 -------- d-----w- c:\documents and settings\Fabi\Application Data\vlc
2010-09-27 19:23 . 2010-09-27 19:23 -------- d-----w- c:\program files\VideoLAN
2010-09-27 15:43 . 2010-06-29 22:13 52224 ----a-w- c:\documents and settings\Fabi\Application Data\Mozilla\Firefox\Profiles\vz14jwz3.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
2010-09-27 15:43 . 2010-06-29 22:13 101376 ----a-w- c:\documents and settings\Fabi\Application Data\Mozilla\Firefox\Profiles\vz14jwz3.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
2010-09-27 14:16 . 2010-09-27 14:16 -------- d-----w- c:\program files\gPotato.eu
2010-09-27 13:16 . 2010-09-27 13:16 -------- d-----w- c:\program files\BitTorrent
2010-09-27 13:15 . 2010-09-30 09:55 -------- d-----w- c:\documents and settings\Fabi\Application Data\BitTorrent
2010-09-26 18:21 . 2010-09-26 18:21 -------- d-----w- c:\documents and settings\Fabi\Application Data\AdobeUM
2010-09-25 23:47 . 2010-09-25 23:47 -------- d-----w- c:\documents and settings\Fabi\Application Data\ParetoLogic
2010-09-25 23:47 . 2010-09-25 23:47 -------- d-----w- c:\documents and settings\Fabi\Application Data\DriverCure
2010-09-25 23:47 . 2010-09-26 01:18 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2010-09-25 23:08 . 2010-09-30 09:55 -------- d-----w- c:\documents and settings\Fabi\Tracing
2010-09-25 23:01 . 2010-09-25 23:01 -------- dc----w- c:\windows\system32\DRVSTORE
2010-09-25 23:01 . 2010-04-28 05:44 54760 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2010-09-25 23:00 . 2010-09-25 23:00 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-09-25 22:59 . 2010-09-25 22:59 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-09-25 22:58 . 2010-09-25 23:01 -------- d-----w- c:\program files\Windows Live
2010-09-25 22:53 . 2010-09-25 22:53 -------- d-----w- c:\program files\Common Files\Windows Live
2010-09-25 22:04 . 2010-01-26 13:01 81920 ----a-w- c:\windows\eSellerateControl350.dll
2010-09-25 22:04 . 2010-01-26 13:01 356352 ----a-w- c:\windows\eSellerateEngine.dll
2010-09-25 21:56 . 2010-09-25 22:00 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-09-25 21:56 . 2010-09-25 21:56 -------- d-----w- c:\program files\SmartPCTools
2010-09-25 21:40 . 2010-09-25 21:40 -------- d-----w- c:\windows\system32\LogFiles
2010-09-25 21:27 . 2007-04-04 16:55 261480 ----a-w- c:\windows\system32\xactengine2_7.dll
2010-09-25 21:20 . 2010-09-25 21:20 -------- d-----w- c:\windows\Logs
2010-09-25 12:06 . 2010-09-25 12:06 -------- d-----w- c:\documents and settings\Fabi\Application Data\BILEVSE
2010-09-25 12:03 . 2008-04-14 02:15 10624 -c--a-w- c:\windows\system32\dllcache\gameenum.sys
2010-09-25 12:03 . 2008-04-14 02:15 10624 ----a-w- c:\windows\system32\drivers\gameenum.sys
2010-09-25 11:46 . 2010-09-25 11:46 -------- d-----w- c:\program files\Microsoft SQL Server
2010-09-25 11:45 . 2010-09-25 11:45 112640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VCExpress\9.0\1033\ResourceCache.dll
2010-09-25 11:45 . 2010-09-25 11:45 416 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2010-09-25 11:45 . 2010-09-25 11:45 -------- d-----w- c:\documents and settings\Fabi\Local Settings\Application Data\Microsoft Help
2010-09-25 11:43 . 2010-09-25 11:43 -------- d-----w- c:\program files\Microsoft.NET
2010-09-25 11:43 . 2010-09-25 11:44 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2010-09-25 11:43 . 2010-09-25 11:43 -------- d-----w- c:\program files\Common Files\Merge Modules
2010-09-25 11:42 . 2010-09-25 11:42 -------- d-----w- c:\program files\Microsoft SDKs
2010-09-25 11:07 . 2010-09-25 11:07 -------- d-----w- C:\TC
2010-09-25 08:39 . 2010-09-25 08:59 2826192 ----a-w- c:\documents and settings\Fabi\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2010-09-25 02:18 . 2010-09-25 02:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2010-09-25 01:24 . 2010-09-25 11:56 -------- d-----w- c:\program files\Microsoft
2010-09-25 01:24 . 2010-09-25 01:24 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-25 01:21 . 2010-09-25 11:27 -------- d-----w- c:\documents and settings\Fabi\Application Data\Sammsoft
2010-09-25 00:31 . 2008-04-14 08:00 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2010-09-25 00:04 . 2010-09-25 00:04 -------- d-----w- c:\documents and settings\Fabi\Local Settings\Application Data\Adobe
2010-09-24 23:45 . 2010-09-25 23:08 12912 ----a-w- c:\documents and settings\Fabi\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-24 23:33 . 2010-09-24 23:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard
2010-09-24 22:51 . 2010-09-26 23:57 -------- d-----w- c:\program files\World of Warcraft
2010-09-24 22:51 . 2010-09-25 21:52 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-09-24 22:43 . 2010-09-24 22:45 -------- d-----w- c:\documents and settings\Fabi\Application Data\DAEMON Tools Pro
2010-09-24 22:43 . 2010-09-24 22:43 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Pro
2010-09-24 22:35 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-09-24 22:29 . 2010-04-28 02:25 2189952 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-09-24 22:29 . 2010-04-27 13:59 2146304 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-09-24 22:29 . 2010-04-27 13:05 2024448 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-09-24 22:28 . 2010-09-24 22:43 697328 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-09-24 22:28 . 2010-09-24 22:28 -------- d-----w- c:\documents and settings\Fabi\Application Data\DAEMON Tools
2010-09-24 22:25 . 2010-07-22 05:57 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-09-24 20:31 . 2008-04-13 23:45 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2010-09-24 20:19 . 2010-09-24 20:19 -------- d--h--w- c:\windows\system32\GroupPolicy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-25 23:29 . 2010-09-24 19:49 -------- d-----w- c:\documents and settings\Fabi\Application Data\DMCache
2010-09-25 11:46 . 2010-04-07 12:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-09-25 11:41 . 2010-09-25 11:41 64200 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-09-25 11:41 . 2010-09-25 11:41 -------- d-----w- c:\program files\MSBuild
2010-09-25 11:41 . 2010-09-25 11:41 -------- d-----w- c:\program files\Reference Assemblies
2010-09-24 20:06 . 2010-09-24 17:26 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-09-24 19:46 . 2010-09-24 19:46 0 ----a-w- c:\windows\nsreg.dat
2010-09-24 19:41 . 2010-09-24 17:41 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-09-24 19:40 . 2010-09-24 17:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-09-24 18:55 . 2010-09-24 18:55 -------- d-----w- c:\program files\Common Files\Adobe
2010-09-24 18:53 . 2010-09-24 18:53 -------- d-----w- c:\program files\Realtek
2010-09-24 18:53 . 2010-09-24 18:52 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-24 18:53 . 2010-09-24 18:52 -------- d-----w- c:\program files\Common Files\InstallShield
2010-09-24 18:52 . 2010-09-24 18:52 -------- d-----w- c:\program files\ATI Technologies
2010-09-24 17:51 . 2010-03-31 13:25 -------- d-----w- c:\documents and settings\All Users\Application Data\SiComponents
2010-09-24 17:51 . 2010-09-23 18:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-09-24 17:51 . 2010-09-23 18:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-09-24 17:51 . 2010-04-14 17:53 -------- d-----w- c:\documents and settings\All Users\Application Data\AlcaTech
2010-09-24 17:28 . 2010-09-24 17:28 -------- d-----w- c:\program files\microsoft frontpage
2010-09-24 17:24 . 2010-09-24 17:24 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-09-24 17:24 . 2010-09-24 17:24 -------- d-----w- c:\program files\Windows Media Connect 2
2010-08-17 13:17 . 2008-04-14 08:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-22 15:49 . 2008-04-14 08:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
.

------- Sigcheck -------

[-] 2008-07-12 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"BitTorrent"="c:\program files\BitTorrent\BitTorrent.exe" [2010-09-27 3069296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"RTHDCPL"="RTHDCPL.EXE" [2007-02-26 16125440]
"nwiz"="nwiz.exe" [2007-09-16 1708032]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-16 81920]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-16 8491008]
"C-Media Mixer"="Mixer.exe" [2002-10-15 1896448]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 103424]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\reader_sl.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\All Users\\Documents\\giochi\\Jewel Quest Delux\\GameInstaller.exe"=
"c:\\WINDOWS\\system32\\nwiz.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\World of Warcraft\\Wow.exe"=
"c:\\WINDOWS\\Mixer.exe"=

S3 FXDrv32;FXDrv32;\??\e:\fxdrv32.sys --> e:\FXDrv32.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9/25/2010 12:28 AM 697328]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - AMSINT32
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.y8-y8.com/
TCP: {773193DB-A50C-4170-8F4B-B83D52668431} = 217.24.240.66,213.207.32.66
FF - ProfilePath - c:\documents and settings\Fabi\Application Data\Mozilla\Firefox\Profiles\vz14jwz3.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\documents and settings\Fabi\Application Data\Mozilla\Firefox\Profiles\vz14jwz3.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Fabi\Application Data\Mozilla\Firefox\Profiles\vz14jwz3.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(760)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\windows\Mixer.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
.
**************************************************************************
.
Completion time: 2010-09-30 11:56:57 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-30 09:56

Pre-Run: 42,714,030,080 bytes free
Post-Run: 42,777,358,336 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 0643E5357E492BDBF385CB3004A405C8

Regards, Imperio

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:12 PM

Posted 30 September 2010 - 04:26 PM

Hello

can I ask what contry you are in - your DNS settings point to albania that is why I ask


we are going to check the router

Create and Run Batch File
    Open Notepad and copy/paste the entire contents of the codebox below, into Notepad:
CODE
@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0
    Save this as router.bat Choose to Save type as - All Files and where to save - Desktop - then close the Notepad file.

    It should look like this: <--XP
    Double-click on router.bat to run it. it will open notepad when done please post back the results
gringo



I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Imperio

Imperio
  • Topic Starter

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tirana, Albania
  • Local time:10:12 PM

Posted 01 October 2010 - 04:28 AM

Hello, You asked me where i am from. Yes, I am from Albania. this is the log:


Windows IP Configuration



Host Name . . . . . . . . . . . . : imperio

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Internet Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Realtek RTL8169/8110 Family Gigabit Ethernet NIC

Physical Address. . . . . . . . . : 00-1C-25-0F-C5-33

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.3

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 217.24.240.66

213.207.32.66

Lease Obtained. . . . . . . . . . : Friday, October 01, 2010 8:31:06 AM

Lease Expires . . . . . . . . . . : Monday, October 11, 2010 8:31:06 AM

Server: aol1.albaniaonline.net
Address: 217.24.240.66

Name: google.com
Addresses: 209.85.135.104, 209.85.135.105, 209.85.135.106, 209.85.135.147
209.85.135.99, 209.85.135.103

Server: aol1.albaniaonline.net
Address: 217.24.240.66

Name: yahoo.com
Addresses: 98.137.149.56, 209.191.122.70, 67.195.160.76, 69.147.125.65
72.30.2.43



Pinging google.com [66.249.92.104] with 32 bytes of data:



Reply from 66.249.92.104: bytes=32 time=56ms TTL=50

Reply from 66.249.92.104: bytes=32 time=61ms TTL=50



Ping statistics for 66.249.92.104:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 56ms, Maximum = 61ms, Average = 58ms



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:



Reply from 209.191.122.70: bytes=32 time=170ms TTL=50

Reply from 209.191.122.70: bytes=32 time=167ms TTL=50



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 167ms, Maximum = 170ms, Average = 168ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 1c 25 0f c5 33 ...... Realtek RTL8169/8110 Family Gigabit Ethernet NIC - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.3 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.3 192.168.1.3 20
192.168.1.3 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.3 192.168.1.3 20
224.0.0.0 240.0.0.0 192.168.1.3 192.168.1.3 20
255.255.255.255 255.255.255.255 192.168.1.3 192.168.1.3 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None

Regards, Imperio

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:12 PM

Posted 03 October 2010 - 06:32 PM

Hello

Sorry for not replying sooner..

I have gone over the reports and I am not seeing any malware in them I am going to ask for a deeper scan to check and make sure all is ok


Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click on Minimal Output at the top
  • Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select "Save"
  • Double click inside the Custom Scan box at the bottom
  • A window will appear saying "Click Ok to load a custom scan from a file or Cancel to cancel"
  • Click the Ok button and navigate to the file scan.txt which we just saved to your desktop
  • Select scan.txt and click Open. Writing will now appear under the Custom Scan box
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the OTL.Txt into this topic and please attach the Extras.Txt.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Imperio

Imperio
  • Topic Starter

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tirana, Albania
  • Local time:10:12 PM

Posted 03 October 2010 - 08:13 PM

Hello Gringo, I think I should tell you again what problems do i have with my PC.
1-I can not install any antivirus
2-My PC does not recognize me as Administrator
3-When i try to run some games (online games, like world of warcraft, Dragonica) I get this message:
Microsoft Visual C++ Runtime Library
Runtime Error
Program: C:\.......
R6002
-floating point support not loaded.

I have tried to format my PC using windows XP CD, but nothing changed. (deleting the previous OS). A friend told me that if I format my PC in BIOS i can fix every problem. But I dont have any other Hard Disk to save my data. So i think we should do this with the "easy way" (meaning not in BIOS "the hard way")

Anyway, this is the log

OTL logfile created on: 10/4/2010 2:58:50 AM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Fabi\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 491.00 Mb Available Physical Memory | 48.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 78.13 Gb Total Space | 32.06 Gb Free Space | 41.04% Space Free | Partition Type: NTFS
Drive D: | 70.91 Gb Total Space | 30.97 Gb Free Space | 43.68% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: IMPERIO
Current User Name: Fabi
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Fabi\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\Fabi\Local Settings\temp\winmumoj.exe ()
PRC - C:\Program Files\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
PRC - C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Garena\Garena.exe (Garena Online PTE LTD)
PRC - C:\Program Files\Internet Download Manager\IEMonitor.exe (Tonec Inc.)
PRC - C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw))


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Fabi\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Internet Download Manager\idmmkb.dll (Tonec Inc.)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (GGSAFERDriver) -- C:\Program Files\Garena\plugins\UI\safedrv.sys File not found
DRV - (FXDrv32) -- E:\FXDrv32.sys File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (amsint32) -- C:\WINDOWS\System32\drivers\urkpn.sys File not found
DRV - (aic32p) -- C:\WINDOWS\System32\drivers\urkpn.sys File not found
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (cmpci) C-Media PCI Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\cmaudio.sys (C-Media Inc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://eu.ask.com?o=15458&l=dis
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.7.1.3
FF - prefs.js..extensions.enabledItems: mozilla_cc@internetdownloadmanager.com:7.1.6
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/24 21:46:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/30 13:31:17 | 000,000,000 | ---D | M]

[2010/09/30 13:32:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fabi\Application Data\Mozilla\Extensions
[2010/09/30 13:32:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fabi\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/10/03 17:23:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fabi\Application Data\Mozilla\Firefox\Profiles\vz14jwz3.default\extensions
[2010/09/27 17:43:10 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Documents and Settings\Fabi\Application Data\Mozilla\Firefox\Profiles\vz14jwz3.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2010/09/30 18:06:55 | 000,002,393 | ---- | M] () -- C:\Documents and Settings\Fabi\Application Data\Mozilla\Firefox\Profiles\vz14jwz3.default\searchplugins\askcom.xml
[2010/10/03 17:23:17 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/09/30 11:55:15 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [C-Media Mixer] C:\WINDOWS\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw))
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [BitTorrent] C:\Program Files\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\Fabi\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/09/24 19:27:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/09/30 11:56:16 | 000,000,235 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/09/30 11:56:16 | 000,000,259 | RHS- | M] () - D:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0



ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 90 Days ==========

[2010/10/04 02:54:05 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Fabi\Desktop\OTL.exe
[2010/10/03 14:48:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fabi\Application Data\IDM
[2010/10/03 14:48:44 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Download Manager
[2010/10/02 16:47:08 | 000,139,264 | ---- | C] (Task Manager Fix) -- C:\Documents and Settings\Fabi\Desktop\TaskManagerFix.exe
[2010/10/02 16:35:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2010/10/01 21:06:38 | 000,000,000 | ---D | C] -- C:\Program Files\Garena
[2010/10/01 09:23:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fabi\Local Settings\Application Data\AskToolbar
[2010/09/30 22:44:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/09/30 16:59:14 | 000,000,000 | ---D | C] -- C:\Program Files\BitTorrent
[2010/09/30 16:59:10 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2010/09/30 16:59:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fabi\Application Data\BitTorrent
[2010/09/30 14:09:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fabi\Desktop\New
[2010/09/30 13:32:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fabi\My Documents\LimeWire
[2010/09/30 13:32:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fabi\Application Data\LimeWire
[2010/09/30 13:31:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/09/30 13:31:07 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/09/30 13:30:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fabi\Application Data\Sun
[2010/09/30 13:30:14 | 000,000,000 | ---D | C] -- C:\Program Files\LimeWire
[2010/09/30 11:58:24 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/09/30 11:56:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/09/30 11:50:21 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/09/30 11:49:09 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/09/30 11:49:09 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/09/30 11:49:09 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/09/30 11:49:09 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/09/30 11:49:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/09/30 11:49:04 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/09/30 11:48:57 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/09/29 20:56:49 | 000,210,272 | ---- | C] (Tonec Inc.) -- C:\WINDOWS\System32\idmmbc.dll
[2010/09/27 21:24:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fabi\Application Data\vlc
[2010/09/27 21:23:49 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010/09/27 16:16:17 | 000,000,000 | ---D | C] -- C:\Program Files\gPotato.eu
[2010/09/26 20:21:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fabi\Application Data\AdobeUM
[2010/09/26 13:26:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fabi\Desktop\gmer
[2010/09/26 02:33:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fabi\My Documents\My Received Files
[2010/09/26 01:47:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fabi\Application Data\ParetoLogic
[2010/09/26 01:47:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fabi\Application Data\DriverCure
[2010/09/26 01:47:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/09/26 01:22:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/09/26 01:08:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fabi\Tracing
[2010/09/26 01:01:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2010/09/26 01:00:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010/09/26 00:59:17 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2010/09/26 00:58:55 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/09/26 00:53:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2010/09/26 00:04:38 | 000,356,352 | ---- | C] (eSellerate Inc.) -- C:\WINDOWS\eSellerateEngine.dll
[2010/09/26 00:04:38 | 000,081,920 | ---- | C] (eSellerate Inc.) -- C:\WINDOWS\eSellerateControl350.dll
[2010/09/25 23:56:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/09/25 23:56:25 | 000,000,000 | ---D | C] -- C:\Program Files\SmartPCTools
[2010/09/25 23:40:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2010/09/25 23:20:54 | 000,000,000 | -H-D | C] -- C:\WINDOWS\msdownld.tmp
[2010/09/25 23:20:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2010/09/25 14:06:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fabi\Application Data\BILEVSE
[2010/09/25 13:46:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2010/09/25 13:45:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fabi\My Documents\Visual Studio 2008
[2010/09/25 13:45:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fabi\Local Settings\Application Data\Microsoft Help
[2010/09/25 13:43:34 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/09/25 13:43:24 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 9.0
[2010/09/25 13:43:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Merge Modules
[2010/09/25 13:42:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs
[2010/09/25 13:41:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2010/09/25 13:41:39 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2010/09/25 13:41:34 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2010/09/25 13:41:07 | 000,000,000 | ---D | C] -- C:\ca0bd2ee3f5b7807d3699d
[2010/09/25 13:07:01 | 000,000,000 | ---D | C] -- C:\TC
[2010/09/25 11:07:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie7updates
[2010/09/25 04:18:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Blizzard Entertainment
[2010/09/25 03:24:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/09/25 03:24:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/09/25 03:21:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fabi\Application Data\Sammsoft
[2010/09/25 02:31:53 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Fabi\My Documents\My Videos
[2010/09/25 02:04:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fabi\Local Settings\Application Data\Adobe
[2010/09/25 01:33:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Blizzard
[2010/09/25 00:51:26 | 000,000,000 | ---D | C] -- C:\Program Files\World of Warcraft
[2010/09/25 00:51:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment
[2010/09/25 00:43:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fabi\Application Data\DAEMON Tools Pro
[2010/09/25 00:43:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2010/09/25 00:28:42 | 000,697,328 | ---- | C] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/09/25 00:28:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fabi\Application Data\DAEMON Tools
[2010/09/25 00:20:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2010/09/24 22:20:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fabi\Application Data\Macromedia
[2010/09/24 22:20:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fabi\Application Data\Adobe
[2010/09/24 22:19:12 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2010/09/24 21:49:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fabi\Application Data\DMCache
[2010/09/24 21:47:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fabi\My Documents\Downloads
[2010/09/24 21:46:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fabi\Local Settings\Application Data\Mozilla
[2010/09/24 21:46:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fabi\Application Data\Mozilla
[2010/09/24 21:46:42 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/09/24 21:11:04 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2010/09/24 21:11:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2010/09/24 21:11:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2010/09/24 21:10:59 | 000,000,000 | R--D | C] -- C:\Program Files
[2010/09/24 21:10:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2010/09/24 21:10:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2010/09/24 21:10:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2010/09/24 21:10:34 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates
[2010/09/24 21:10:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2010/09/24 21:10:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2010/09/24 21:10:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2010/09/24 21:09:56 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010/09/24 21:09:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings
[2010/09/24 21:07:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Lang
[2010/09/24 21:04:25 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2010/09/24 21:04:25 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2010/09/24 21:04:25 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2010/09/24 21:04:25 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
[2010/09/24 21:04:25 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2010/09/24 21:04:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2010/09/24 21:04:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2010/09/24 21:04:25 | 000,000,000 | ---D | C] -- C:\WINDOWS
[2010/09/24 21:04:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010/09/24 21:04:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2010/09/24 21:04:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2010/09/24 21:04:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2010/09/24 21:04:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2010/09/24 21:04:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
[2010/09/24 21:04:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
[2010/09/24 21:04:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2010/09/24 21:04:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2010/09/24 21:04:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2010/09/24 21:04:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
[2010/09/24 21:04:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/09/24 21:04:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2010/09/24 21:04:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
[2010/09/24 21:04:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2010/09/24 21:04:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2010/09/24 21:04:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2010/09/24 21:04:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\pchealth
[2010/09/24 21:04:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2010/09/24 21:04:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Offline Web Pages
[2010/09/24 21:04:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2010/09/24 21:04:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Network Diagnostic
[2010/09/24 21:04:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2010/09/24 21:04:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2010/09/24 21:04:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2010/09/24 21:04:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2010/09/24 21:04:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
[2010/09/24 21:04:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\L2Schemas
[2010/09/24 21:04:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
[2010/09/24 21:04:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2010/09/24 21:04:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2010/09/24 21:04:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
[2010/09/24 21:04:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2010/09/24 21:04:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2010/09/24 21:04:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
[2010/09/24 21:04:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2010/09/24 21:04:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2010/09/24 21:04:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2010/09/24 21:04:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/09/24 21:04:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\ehome
[2010/09/24 21:04:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2010/09/24 21:04:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2010/09/24 21:04:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2010/09/24 21:04:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2010/09/24 21:04:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2010/09/24 21:04:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2010/09/24 21:04:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2010/09/24 21:04:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2010/09/24 21:04:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2010/09/24 21:04:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2010/09/24 21:04:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2010/09/24 21:04:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2010/09/24 21:04:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2010/09/24 21:04:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2010/09/24 21:04:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2010/09/24 21:04:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2010/09/24 21:04:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2010/09/24 21:04:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2010/09/24 21:04:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2010/09/24 21:04:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2010/09/24 21:04:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2010/09/24 21:04:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[2010/09/24 21:01:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\nview
[2010/09/24 20:55:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/09/24 20:55:25 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/09/24 20:53:57 | 000,081,280 | ---- | C] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\drivers\Rtnicxp.sys
[2010/09/24 20:53:56 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2010/09/24 20:53:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\OPTIONS
[2010/09/24 20:53:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\RTCOM
[2010/09/24 20:53:22 | 002,808,832 | R--- | C] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
[2010/09/24 20:52:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2010/09/24 20:52:24 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2010/09/24 20:52:22 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2010/09/24 20:52:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010/09/24 20:51:48 | 000,000,000 | ---D | C] -- C:\ATI
[2010/09/24 20:50:05 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2010/09/24 20:49:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2010/09/24 19:54:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/09/24 19:48:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/09/24 19:46:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fabi\My Documents\Symantec
[2010/09/24 19:41:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2010/09/24 19:41:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/09/24 19:39:26 | 000,000,000 | ---D | C] -- C:\NISSetup
[2010/09/24 19:37:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fabi\Application Data\Identities
[2010/09/24 19:37:35 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Fabi\My Documents\My Pictures
[2010/09/24 19:37:35 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Fabi\My Documents\My Music
[2010/09/24 19:37:35 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2010/09/24 19:37:32 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Fabi\Local Settings\Application Data\Microsoft
[2010/09/24 19:37:32 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Fabi\Application Data\Microsoft
[2010/09/24 19:37:32 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Fabi\SendTo
[2010/09/24 19:37:32 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Fabi\Recent
[2010/09/24 19:37:32 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Fabi\Application Data
[2010/09/24 19:37:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Fabi\Start Menu
[2010/09/24 19:37:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Fabi\My Documents
[2010/09/24 19:37:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Fabi\Favorites
[2010/09/24 19:37:32 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Fabi\Cookies
[2010/09/24 19:37:32 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Fabi\Templates
[2010/09/24 19:37:32 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Fabi\PrintHood
[2010/09/24 19:37:32 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Fabi\NetHood
[2010/09/24 19:37:32 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Fabi\Local Settings
[2010/09/24 19:37:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fabi\Desktop
[2010/09/24 19:35:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2010/09/24 19:35:52 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2010/09/24 19:35:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/09/24 19:35:51 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/09/24 19:35:51 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/09/24 19:30:58 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/09/24 19:30:58 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/09/24 19:29:40 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2010/09/24 19:29:40 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2010/09/24 19:29:40 | 000,029,184 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2010/09/24 19:28:44 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2010/09/24 19:28:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2010/09/24 19:28:24 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2010/09/24 19:28:24 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2010/09/24 19:27:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2010/09/24 19:27:44 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2010/09/24 19:26:46 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2010/09/24 19:26:32 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2010/09/24 19:26:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2010/09/24 19:25:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2010/09/24 19:25:54 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2010/09/24 19:25:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2010/09/24 19:25:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2010/09/24 19:25:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2010/09/24 19:25:41 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2010/09/24 19:25:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2010/09/24 19:25:17 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2010/09/24 19:25:13 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2010/09/24 19:25:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2010/09/24 19:25:06 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2010/09/24 19:24:37 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2010/09/24 19:24:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2010/09/24 19:24:27 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2010/09/24 19:24:17 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2010/09/24 19:24:15 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2010/09/24 19:24:14 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger
[2010/09/24 19:24:10 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2010/09/24 19:23:36 | 000,281,088 | ---- | C] (Cinematronics) -- C:\WINDOWS\System32\dllcache\pinball.exe
[2010/09/24 19:23:36 | 000,000,000 | ---D | C] -- C:\Program Files\MSN
[2010/09/24 19:23:34 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2010/09/24 19:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2010/09/24 19:23:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2010/09/23 23:49:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2010/09/23 20:02:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010/09/23 20:01:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2010/09/23 17:42:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/10/04 02:54:08 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Fabi\Desktop\OTL.exe
[2010/10/04 02:01:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/10/04 00:45:45 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/10/04 00:45:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/03 23:36:44 | 002,883,584 | -H-- | M] () -- C:\Documents and Settings\Fabi\NTUSER.DAT
[2010/10/03 04:17:54 | 000,009,216 | ---- | M] () -- C:\Documents and Settings\Fabi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/02 16:47:08 | 000,139,264 | ---- | M] (Task Manager Fix) -- C:\Documents and Settings\Fabi\Desktop\TaskManagerFix.exe
[2010/10/01 21:12:57 | 000,000,301 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/10/01 21:06:44 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\Fabi\Desktop\Garena.lnk
[2010/09/30 18:02:57 | 000,033,602 | ---- | M] () -- C:\Documents and Settings\Fabi\Desktop\Playlist1.wpl
[2010/09/30 16:59:16 | 000,000,668 | ---- | M] () -- C:\Documents and Settings\Fabi\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2010/09/30 13:32:53 | 000,001,538 | ---- | M] () -- C:\Documents and Settings\Fabi\Start Menu\Programs\Startup\LimeWire On Startup.lnk
[2010/09/30 13:31:39 | 000,001,580 | ---- | M] () -- C:\Documents and Settings\Fabi\Desktop\LimeWire 5.5.14.lnk
[2010/09/30 11:56:16 | 000,103,140 | RHS- | M] () -- C:\pjmfa.pif
[2010/09/30 11:56:16 | 000,000,235 | RHS- | M] () -- C:\autorun.inf
[2010/09/30 11:55:15 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/09/30 11:50:29 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/09/30 11:48:28 | 003,991,534 | R--- | M] () -- C:\Documents and Settings\Fabi\Desktop\ComboFix.exe
[2010/09/29 23:43:29 | 000,267,776 | ---- | M] () -- C:\Documents and Settings\Fabi\Desktop\RKUnhookerLE.EXE
[2010/09/29 20:31:28 | 000,210,272 | ---- | M] (Tonec Inc.) -- C:\WINDOWS\System32\idmmbc.dll
[2010/09/29 19:20:15 | 000,000,572 | ---- | M] () -- C:\Documents and Settings\Fabi\My Documents\spider.sav
[2010/09/29 19:17:17 | 000,000,626 | ---- | M] () -- C:\Documents and Settings\Fabi\Desktop\Shortcut to spider.lnk
[2010/09/27 16:19:26 | 000,000,868 | ---- | M] () -- C:\Documents and Settings\Fabi\Desktop\Dragonica.lnk
[2010/09/26 13:25:44 | 000,667,648 | ---- | M] () -- C:\Documents and Settings\Fabi\Desktop\dds.scr
[2010/09/26 03:20:39 | 006,387,104 | -H-- | M] () -- C:\Documents and Settings\Fabi\Local Settings\Application Data\IconCache.db
[2010/09/26 02:15:42 | 000,051,782 | ---- | M] () -- C:\Documents and Settings\Fabi\Desktop\62320_1628011101011_1258580531_1741648_4877252_n.jpg
[2010/09/26 01:38:33 | 000,000,675 | ---- | M] () -- C:\Documents and Settings\Fabi\Desktop\Shortcut to Wow.lnk
[2010/09/26 01:35:46 | 000,432,688 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/09/26 01:35:46 | 000,067,660 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/09/26 01:35:45 | 000,508,956 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/09/26 01:31:05 | 000,096,664 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/09/26 01:28:27 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Fabi\ntuser.ini
[2010/09/26 01:28:24 | 000,000,554 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/09/26 01:28:24 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/09/26 01:08:51 | 000,012,912 | ---- | M] () -- C:\Documents and Settings\Fabi\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/09/25 15:32:26 | 000,001,917 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/09/25 14:23:05 | 000,000,025 | ---- | M] () -- C:\WINDOWS\mixerdef.ini
[2010/09/25 02:31:44 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\Fabi\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/09/25 02:09:46 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\Fabi\defogger_reenable
[2010/09/25 00:43:47 | 000,697,328 | ---- | M] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/09/24 23:11:06 | 000,185,645 | ---- | M] () -- C:\Documents and Settings\Fabi\Desktop\Defogger.exe
[2010/09/24 22:24:05 | 000,000,008 | RHS- | M] () -- C:\Documents and Settings\Fabi\ntuser.pol
[2010/09/24 21:46:49 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/09/24 21:46:44 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Fabi\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/09/24 21:46:44 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/09/24 21:20:26 | 000,004,444 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[2010/09/24 21:11:46 | 000,138,893 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/09/24 21:07:13 | 000,940,794 | ---- | M] () -- C:\WINDOWS\System32\LoopyMusic.wav
[2010/09/24 21:07:13 | 000,146,650 | ---- | M] () -- C:\WINDOWS\System32\BuzzingBee.wav
[2010/09/24 20:55:36 | 000,001,757 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[2010/09/24 20:55:36 | 000,001,740 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 7.0.lnk
[2010/09/24 19:37:49 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Fabi\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2010/09/24 19:37:46 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Fabi\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/09/24 19:37:27 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/24 19:31:02 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2010/09/24 19:30:10 | 000,000,261 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/09/24 19:27:34 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/09/24 19:27:34 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/09/24 19:27:34 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/09/24 19:27:34 | 000,000,000 | ---- | M] () -- C:\WINDOWS\control.ini
[2010/09/24 19:27:34 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/09/24 19:27:34 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/09/24 19:27:29 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/09/24 19:27:28 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/09/24 19:27:27 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/09/24 19:27:20 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010/09/24 19:26:39 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2010/09/24 19:26:39 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/09/24 19:26:36 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/09/24 19:26:36 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/09/24 19:26:36 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/09/24 19:26:36 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/09/24 19:26:36 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/09/24 19:26:36 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010/09/24 19:24:45 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/09/24 19:24:36 | 000,000,037 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2010/09/24 19:24:36 | 000,000,036 | ---- | M] () -- C:\WINDOWS\vb.ini
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/01 21:06:44 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\Fabi\Desktop\Garena.lnk
[2010/09/30 16:59:16 | 000,000,668 | ---- | C] () -- C:\Documents and Settings\Fabi\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2010/09/30 16:59:15 | 000,000,232 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/09/30 13:32:53 | 000,001,538 | ---- | C] () -- C:\Documents and Settings\Fabi\Start Menu\Programs\Startup\LimeWire On Startup.lnk
[2010/09/30 13:31:39 | 000,001,580 | ---- | C] () -- C:\Documents and Settings\Fabi\Desktop\LimeWire 5.5.14.lnk
[2010/09/30 11:56:16 | 000,103,140 | RHS- | C] () -- C:\pjmfa.pif
[2010/09/30 11:56:16 | 000,000,235 | RHS- | C] () -- C:\autorun.inf
[2010/09/30 11:50:29 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/09/30 11:50:23 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/09/30 11:49:09 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/09/30 11:49:09 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/09/30 11:49:09 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/09/30 11:49:09 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/09/30 11:49:09 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/09/30 11:48:00 | 003,991,534 | R--- | C] () -- C:\Documents and Settings\Fabi\Desktop\ComboFix.exe
[2010/09/29 23:43:29 | 000,267,776 | ---- | C] () -- C:\Documents and Settings\Fabi\Desktop\RKUnhookerLE.EXE
[2010/09/29 19:20:15 | 000,000,572 | ---- | C] () -- C:\Documents and Settings\Fabi\My Documents\spider.sav
[2010/09/29 19:17:17 | 000,000,626 | ---- | C] () -- C:\Documents and Settings\Fabi\Desktop\Shortcut to spider.lnk
[2010/09/29 12:46:09 | 000,033,602 | ---- | C] () -- C:\Documents and Settings\Fabi\Desktop\Playlist1.wpl
[2010/09/27 16:19:26 | 000,000,868 | ---- | C] () -- C:\Documents and Settings\Fabi\Desktop\Dragonica.lnk
[2010/09/26 13:25:44 | 000,667,648 | ---- | C] () -- C:\Documents and Settings\Fabi\Desktop\dds.scr
[2010/09/26 02:15:41 | 000,051,782 | ---- | C] () -- C:\Documents and Settings\Fabi\Desktop\62320_1628011101011_1258580531_1741648_4877252_n.jpg
[2010/09/26 01:28:12 | 000,001,757 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[2010/09/25 23:53:32 | 000,000,675 | ---- | C] () -- C:\Documents and Settings\Fabi\Desktop\Shortcut to Wow.lnk
[2010/09/25 14:23:05 | 000,000,025 | ---- | C] () -- C:\WINDOWS\mixerdef.ini
[2010/09/25 13:41:57 | 000,064,200 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/09/25 02:31:44 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\Fabi\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/09/25 02:09:41 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\Fabi\defogger_reenable
[2010/09/24 23:11:04 | 000,185,645 | ---- | C] () -- C:\Documents and Settings\Fabi\Desktop\Defogger.exe
[2010/09/24 22:24:03 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\Fabi\ntuser.pol
[2010/09/24 21:54:45 | 000,009,216 | ---- | C] () -- C:\Documents and Settings\Fabi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/24 21:46:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/09/24 21:46:44 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Fabi\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/09/24 21:46:44 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/09/24 21:35:24 | 000,000,075 | ---- | C] () -- C:\Documents and Settings\Fabi\LuResult.txt
[2010/09/24 21:20:26 | 000,004,444 | ---- | C] () -- C:\WINDOWS\System32\pid.PNF
[2010/09/24 21:11:06 | 000,001,917 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/09/24 21:11:01 | 001,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd
[2010/09/24 21:11:01 | 000,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf
[2010/09/24 21:11:00 | 000,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa
[2010/09/24 21:11:00 | 000,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa
[2010/09/24 21:10:55 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28603.nls
[2010/09/24 21:10:55 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28603.nls
[2010/09/24 21:10:53 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_857.nls
[2010/09/24 21:10:53 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_857.nls
[2010/09/24 21:10:53 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28599.nls
[2010/09/24 21:10:53 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28599.nls
[2010/09/24 21:10:53 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10081.nls
[2010/09/24 21:10:53 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10081.nls
[2010/09/24 21:10:51 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28595.nls
[2010/09/24 21:10:51 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28595.NLS
[2010/09/24 21:10:51 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10017.nls
[2010/09/24 21:10:51 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10017.nls
[2010/09/24 21:10:51 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10007.nls
[2010/09/24 21:10:51 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10007.nls
[2010/09/24 21:10:50 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_869.nls
[2010/09/24 21:10:50 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_869.nls
[2010/09/24 21:10:50 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_737.nls
[2010/09/24 21:10:50 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_737.nls
[2010/09/24 21:10:50 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_875.nls
[2010/09/24 21:10:50 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_875.nls
[2010/09/24 21:10:50 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28597.nls
[2010/09/24 21:10:50 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28597.NLS
[2010/09/24 21:10:50 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10006.nls
[2010/09/24 21:10:50 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10006.nls
[2010/09/24 21:10:49 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_866.nls
[2010/09/24 21:10:49 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_866.nls
[2010/09/24 21:10:49 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_855.nls
[2010/09/24 21:10:49 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_855.nls
[2010/09/24 21:10:49 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28594.nls
[2010/09/24 21:10:49 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28594.NLS
[2010/09/24 21:10:47 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_852.nls
[2010/09/24 21:10:47 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_852.nls
[2010/09/24 21:10:47 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10082.nls
[2010/09/24 21:10:47 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10082.nls
[2010/09/24 21:10:47 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10029.nls
[2010/09/24 21:10:47 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10029.nls
[2010/09/24 21:10:47 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10010.nls
[2010/09/24 21:10:47 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10010.nls
[2010/09/24 21:10:45 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20127.nls
[2010/09/24 21:10:45 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20127.nls
[2010/09/24 21:10:41 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2010/09/24 21:10:33 | 000,144,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2010/09/24 21:10:33 | 000,112,918 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2010/09/24 21:10:33 | 000,034,747 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2010/09/24 21:10:33 | 000,026,991 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2010/09/24 21:10:33 | 000,014,433 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2010/09/24 21:10:33 | 000,010,027 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2010/09/24 21:10:33 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2010/09/24 21:10:33 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2010/09/24 21:10:32 | 002,144,487 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2010/09/24 21:10:32 | 001,296,669 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP3.CAT
[2010/09/24 21:10:32 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2010/09/24 21:10:32 | 000,522,220 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2010/09/24 21:10:32 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2010/09/24 21:10:32 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2010/09/24 21:10:32 | 000,034,063 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2010/09/24 21:10:32 | 000,016,535 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2010/09/24 21:10:32 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2010/09/24 21:10:32 | 000,012,363 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2010/09/24 21:10:32 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2010/09/24 21:09:55 | 000,096,664 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/09/24 21:09:02 | 000,000,327 | RHS- | C] () -- C:\boot.ini
[2010/09/24 21:08:59 | 000,000,261 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/09/24 21:07:13 | 000,940,794 | ---- | C] () -- C:\WINDOWS\System32\LoopyMusic.wav
[2010/09/24 21:07:13 | 000,146,650 | ---- | C] () -- C:\WINDOWS\System32\BuzzingBee.wav
[2010/09/24 21:02:04 | 000,138,893 | ---- | C] () -- C:\WINDOWS\System32\nvapps.xml
[2010/09/24 21:01:27 | 000,017,525 | ---- | C] () -- C:\WINDOWS\System32\nvdisp.nvu
[2010/09/24 20:55:36 | 000,001,740 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 7.0.lnk
[2010/09/24 19:37:49 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Fabi\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2010/09/24 19:37:46 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Fabi\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/09/24 19:37:33 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\Fabi\ntuser.dat.LOG
[2010/09/24 19:37:33 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Fabi\ntuser.ini
[2010/09/24 19:37:32 | 002,883,584 | -H-- | C] () -- C:\Documents and Settings\Fabi\NTUSER.DAT
[2010/09/24 19:31:01 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2010/09/24 19:30:10 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/09/24 19:30:00 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls
[2010/09/24 19:29:36 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls
[2010/09/24 19:29:36 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls
[2010/09/24 19:29:35 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2010/09/24 19:29:22 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2010/09/24 19:29:22 | 000,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls
[2010/09/24 19:29:17 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2010/09/24 19:29:16 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2010/09/24 19:29:14 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2010/09/24 19:29:03 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2010/09/24 19:28:56 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2010/09/24 19:28:54 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2010/09/24 19:28:46 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2010/09/24 19:28:43 | 000,180,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls
[2010/09/24 19:28:43 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls
[2010/09/24 19:28:43 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls
[2010/09/24 19:28:43 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls
[2010/09/24 19:28:43 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls
[2010/09/24 19:28:43 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls
[2010/09/24 19:28:43 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2010/09/24 19:28:43 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls
[2010/09/24 19:28:43 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls
[2010/09/24 19:28:43 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls
[2010/09/24 19:28:43 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls
[2010/09/24 19:28:43 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls
[2010/09/24 19:28:42 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls
[2010/09/24 19:28:42 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls
[2010/09/24 19:28:42 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls
[2010/09/24 19:28:42 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls
[2010/09/24 19:28:42 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls
[2010/09/24 19:28:42 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls
[2010/09/24 19:28:42 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls
[2010/09/24 19:28:42 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls
[2010/09/24 19:28:42 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls
[2010/09/24 19:28:42 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls
[2010/09/24 19:28:42 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls
[2010/09/24 19:28:42 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls
[2010/09/24 19:28:42 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls
[2010/09/24 19:28:42 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls
[2010/09/24 19:28:42 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls
[2010/09/24 19:28:42 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls
[2010/09/24 19:28:42 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls
[2010/09/24 19:28:42 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls
[2010/09/24 19:28:42 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls
[2010/09/24 19:28:42 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls
[2010/09/24 19:28:42 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls
[2010/09/24 19:28:41 | 000,189,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls
[2010/09/24 19:28:41 | 000,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls
[2010/09/24 19:28:41 | 000,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls
[2010/09/24 19:28:41 | 000,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls
[2010/09/24 19:28:41 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls
[2010/09/24 19:28:41 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls
[2010/09/24 19:28:41 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls
[2010/09/24 19:28:41 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls
[2010/09/24 19:28:41 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls
[2010/09/24 19:28:41 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls
[2010/09/24 19:28:41 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls
[2010/09/24 19:28:41 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls
[2010/09/24 19:28:40 | 000,195,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls
[2010/09/24 19:28:40 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls
[2010/09/24 19:28:40 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls
[2010/09/24 19:28:40 | 000,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls
[2010/09/24 19:28:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls
[2010/09/24 19:28:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls
[2010/09/24 19:28:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls
[2010/09/24 19:28:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls
[2010/09/24 19:28:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls
[2010/09/24 19:28:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls
[2010/09/24 19:28:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls
[2010/09/24 19:28:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls
[2010/09/24 19:28:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls
[2010/09/24 19:28:39 | 000,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls
[2010/09/24 19:28:39 | 000,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls
[2010/09/24 19:27:34 | 000,002,577 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/09/24 19:27:34 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010/09/24 19:27:34 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010/09/24 19:27:34 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2010/09/24 19:27:34 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2010/09/24 19:27:29 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/09/24 19:27:28 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/09/24 19:27:27 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2010/09/24 19:26:39 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2010/09/24 19:26:39 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/09/24 19:26:36 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/09/24 19:26:36 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/09/24 19:26:36 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/09/24 19:26:36 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/09/24 19:26:36 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/09/24 19:26:36 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010/09/24 19:26:20 | 004,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2010/09/24 19:26:04 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2010/09/24 19:26:04 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2010/09/24 19:25:58 | 000,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2010/09/24 19:25:23 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msinfo.dll
[2010/09/24 19:24:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/09/24 19:23:59 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2010/09/24 19:23:59 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2010/09/24 19:23:59 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2010/09/24 19:23:59 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2010/09/24 19:23:59 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2010/09/24 19:23:59 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2010/09/24 19:23:59 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2010/09/24 19:23:59 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2010/09/24 19:23:59 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2010/09/24 19:23:59 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2010/09/24 19:23:59 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2010/09/24 19:23:58 | 000,093,702 | ---- | C] () -- C:\WINDOWS\System32\subrange.uce
[2010/09/24 19:23:58 | 000,060,458 | ---- | C] () -- C:\WINDOWS\System32\ideograf.uce
[2010/09/24 19:23:58 | 000,024,006 | ---- | C] () -- C:\WINDOWS\System32\gb2312.uce
[2010/09/24 19:23:58 | 000,022,984 | ---- | C] () -- C:\WINDOWS\System32\bopomofo.uce
[2010/09/24 19:23:58 | 000,016,740 | ---- | C] () -- C:\WINDOWS\System32\shiftjis.uce
[2010/09/24 19:23:58 | 000,012,876 | ---- | C] () -- C:\WINDOWS\System32\korean.uce
[2010/09/24 19:23:58 | 000,008,484 | ---- | C] () -- C:\WINDOWS\System32\kanji_2.uce
[2010/09/24 19:23:58 | 000,006,948 | ---- | C] () -- C:\WINDOWS\System32\kanji_1.uce
[2010/09/24 19:23:56 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2010/09/24 19:23:56 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2010/09/24 19:23:55 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2010/09/24 19:23:51 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2007/09/16 19:07:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/09/16 19:07:00 | 001,478,656 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/09/16 19:07:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/09/16 19:07:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/09/16 19:07:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

========== LOP Check ==========

[2010/09/24 19:51:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AlcaTech
[2010/09/25 00:43:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2010/09/26 03:18:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/09/24 19:51:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SiComponents
[2010/09/26 00:00:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/09/25 14:06:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fabi\Application Data\BILEVSE
[2010/10/04 02:56:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fabi\Application Data\BitTorrent
[2010/09/25 00:28:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fabi\Application Data\DAEMON Tools
[2010/09/25 00:45:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fabi\Application Data\DAEMON Tools Pro
[2010/09/26 01:29:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fabi\Application Data\DMCache
[2010/09/26 01:47:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fabi\Application Data\DriverCure
[2010/10/03 14:49:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fabi\Application Data\IDM
[2010/10/04 00:45:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fabi\Application Data\LimeWire
[2010/09/26 01:47:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fabi\Application Data\ParetoLogic
[2010/09/25 13:27:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fabi\Application Data\Sammsoft
[2010/10/04 02:01:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/09/24 19:27:34 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/09/30 11:56:16 | 000,000,235 | RHS- | M] () -- C:\autorun.inf
[2010/09/26 01:28:24 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/09/30 11:50:29 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2010/09/30 11:56:57 | 000,016,710 | ---- | M] () -- C:\ComboFix.txt
[2010/09/24 19:27:34 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/09/24 19:27:34 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/09/24 19:27:34 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/14 10:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 10:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/10/04 00:45:42 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
[2010/09/30 11:56:16 | 000,103,140 | RHS- | M] () -- C:\pjmfa.pif

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2010/09/24 19:27:11 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 14:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/07/06 12:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/04/17 00:04:40 | 000,306,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WLXPGSS.SCR
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2010/09/24 21:09:01 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010/09/24 21:09:01 | 001,089,536 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010/09/24 21:09:01 | 000,925,696 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2010/09/24 19:27:39 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/09/24 19:37:50 | 000,000,060 | -HS- | M] () -- C:\Documents and Settings\Fabi\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2010/09/24 19:37:49 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Fabi\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2010/09/30 11:48:28 | 003,991,534 | R--- | M] () -- C:\Documents and Settings\Fabi\Desktop\ComboFix.exe
[2010/09/24 23:11:06 | 000,185,645 | ---- | M] () -- C:\Documents and Settings\Fabi\Desktop\Defogger.exe
[2010/10/04 02:54:08 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Fabi\Desktop\OTL.exe
[2010/09/29 23:43:29 | 000,267,776 | ---- | M] () -- C:\Documents and Settings\Fabi\Desktop\RKUnhookerLE.EXE
[2010/10/02 16:47:08 | 000,139,264 | ---- | M] (Task Manager Fix) -- C:\Documents and Settings\Fabi\Desktop\TaskManagerFix.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/09/24 19:37:50 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Fabi\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2010/10/04 00:48:39 | 000,049,152 | -HS- | M] () -- C:\Documents and Settings\Fabi\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 19:40:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.exe >
[2008/04/14 05:42:30 | 001,830,400 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< %USERPROFILE%\Templates\*.tmp >

< %SYSTEMDRIVE%\explorexxx.exe\*.* >

< %Windir%\Installer\*.tmp >

< %systemroot%\System32\*.xco >

< %ProgramFiles%\system32\*.* >

< %systemroot%\System32\windos\*.* >

< %SystemRoot%\system32\sandbox\*.* >

< %SystemRoot%\system32\*.amo >

< %SystemRoot%\system32\Windows Live\*.* >

< %ProgramFiles%\logs\*.* >

< %ProgramFiles%\Bifrost\*.* >

< %SystemRoot%\system32\*.goo >

< %systemroot%\system32\IME\*.* >

< %systemroot%\BackUp\*.* >

< %systemroot%\system32\*.ico >

< %systemroot%\system\*.dat >

< %systemroot%\system\*.exe >

< %AppData%\Macromedia\Common\*.* >

< %SYSTEMDRIVE%\dir\*.* /s >

< %systemroot%\system32\ras\*.exe >

< %SYSTEMDRIVE%\MFILES\*.* >

< %SYSTEMDRIVE%\mDNSRespon.exe\*.* >

< %systemroot%\system32\services\*.* >

< %systemroot%\Spooler\*.* >

< %ProgramFiles%\system32\*.* >

< %systemroot%\system32\Setup\*.dll /x >

< %systemroot%\system32\*.mine >

< %SYSTEMDRIVE%\cleansweep.exe\*.* >

< %systemroot%\system32\ras\*.dll >

< %systemroot%\system32\ras\*.drv >

< %systemroot%\*.iq >

< %systemroot%\system32\XP\*.* >

< %SYSTEMDRIVE%\Extracted\*.* >

< %systemroot%\system32\windows\*.* >

< %systemroot%\logs\*.* >
[2010/09/25 23:28:16 | 000,392,844 | ---- | M] () -- C:\WINDOWS\Logs\DirectX.log

< %SYSTEMDRIVE%\Win.Msi\*.* >

< %systemroot%\regedit\*.* >

< %systemroot%\system32\skype\*.* >

< %AppData%\Adobe\dlluplwin25\*.* >

< %UserProfile%\*.dat >
[2010/10/03 23:36:44 | 002,883,584 | -H-- | M] () -- C:\Documents and Settings\Fabi\NTUSER.DAT

< %UserProfile%\*.dll >

< %systemroot%\system32\*.sxo >

< %SYSTEMDRIVE%\Gazma\*.* /s >

< %systemroot%\system32\spynet\*.* >

< %systemroot%\system32\System\*.* >

< %appdata%\Microsoft\Windows\*.* >

< %systemroot%\system32\WinDir\*.* >

< %systemroot%\_\*.* >

< %systemroot%\system32\windows32\*.* >

< %ProgramFiles%\win\*.* >

< %AppData%\Microsoft\CD Burning\*.* >

< %systemroot%\*.cab >

< %systemroot%\K.Backup\*.* >

< %ProgramFiles%\Massenger\*.* >

< %systemroot%\System32\*.doc >

< %systemroot%\Office12\*.* >

< %systemroot%\System32\Rundl32.exe\*.* >

< %ProgramFiles%\yahoo.net\*.* >

< %systemroot%\system32\*.igo >

< %systemroot%\*.rew >

< %systemroot%\System32\spool\DRIVERS\W32X86\3\*.exe >

< %USERPROFILE%\.COMMgr\*.* >

< %USERPROFILE%\Desktop\*.bat >

< %PROGRAMFILES%\Common Files\Real\visualizations\*.* >

< %PROGRAMFILES%\Internet Explorer\*.Jmp >

< %PROGRAMFILES%\Windows NT\system\*.dll >

< %systemroot%\system32\*.ext >

< %systemroot%\system32\Com\*.cfg >

< %systemroot%\system32\btz\*.* >

< %systemroot%\system32\EMP\*.* >

< %systemroot%\system32\expo\*.* >

< %systemroot%\system32\inet2\*.* >

< %systemroot%\system32\xrem\*.* >

< %ProgramFiles%\Microsoft\*.* >

< %systemroot%\usgwmt\*.* >

< %ProgramFiles%\B\*.* >

< %SYSTEMDRIVE%\lspp\*.* >

< %systemroot%\Kral\*.* >

< %SYSTEMDRIVE%\windowsdvd.exe\*.* >

< %systemroot%\system32\*.ipo >

< %SYSTEMDRIVE%\usxxxxxxxx.exe\*.* >

< %systemroot%\system32\*.mof >

< %systemroot%\*.atm >

< %systemroot%\system32\svhost\*.* >

< %ProgramFiles%\system32\*.* >

< %ProgramFiles%\Docmentt\*.* >

< %systemroot%\Help\*.vbs >

< %ProgramFiles%\Windows WinSxs\*.* /s >

< %ProgramFiles%\Outlook Express\IDT\*.* /s >

< %ProgramFiles%\Microsoft Office\365\*.* /s >

< %ProgramFiles%\Windows Live\*.* >

< %systemroot%\system32\win32\*.* >

< %SYSTEMDRIVE%\RECYCLER\*.* >

< %systemroot%\Fresh1\*.* >

< %ProgramFiles%\Kekj\*.* /s >

< %systemroot%\GDU\*.* >

< %systemroot%\KA\*.* >

< %systemroot%\R\*.* >

< %systemroot%\system32\*.fyo >

< %USERPROFILE%\System\*.* >

< %systemroot%\Source\*.* >

< %systemroot%\system32\ac\*.* >

< %ProgramFiles%\MSDN\*.* >

< %AppData%\AdobeUM\winvcldll54\*.* /s >

< %ProgramFiles%\Internet Explorer\*.ico >

< %systemroot%\system32\*.ojo >

< %systemroot%\system32\d323s\*.* >

< %systemroot%\system32\re\*.* >

< %UserProfile%\Microsoft\*.dll >

< %UserProfile%\Microsoft\*.log >

< %systemroot%\Bios\*.* >

< %ProgramFiles%\Spool\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-09-25 09:08:33

========== Alternate Data Streams ==========

@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ECF54A0E
< End of report >

Regards, Imperio

Attached Files



#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:12 PM

Posted 03 October 2010 - 08:31 PM

Hello

when you reinstalled the OS how did you do it?


Run OTL Script

We need to run an OTL Fix
  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the textbox. Do not include the word Code
    CODE
    :OTL
    PRC - C:\Documents and Settings\Fabi\Local Settings\temp\winmumoj.exe ()
    DRV - (amsint32) -- C:\WINDOWS\System32\drivers\urkpn.sys File not found
    DRV - (aic32p) -- C:\WINDOWS\System32\drivers\urkpn.sys File not found
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [EMPTYTEMP]
    [EMPTYFLASH]
    [RESETHOSTS]
  • Then click the Run Fix button at the top.
  • Click .
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.



I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Imperio

Imperio
  • Topic Starter

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tirana, Albania
  • Local time:10:12 PM

Posted 03 October 2010 - 08:44 PM

Hello

First I inserted the Windows XP CD (SP3). Then I reboot my PC and then I boot form the CD. There are 2 separations in my Hard Disk C: & D:. My OS is installed at C:. I deleted the portion C: and then recreated a new portion C:. I installed the new OS at the new portion. ( I had moved all my necessary documents at D:). Then I installed it.. that is all.

This is the log:

All processes killed
========== OTL ==========
Process winmumoj.exe killed successfully!
Error: Unable to stop service amsint32!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\amsint32 deleted successfully.
File C:\WINDOWS\System32\drivers\urkpn.sys File not found not found.
Service aic32p stopped successfully!
Service aic32p deleted successfully!
File C:\WINDOWS\System32\drivers\urkpn.sys File not found not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Fabi\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Fabi\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 1483511 bytes
->Temporary Internet Files folder emptied: 2698169 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Fabi
->Temp folder emptied: 15648254 bytes
->Temporary Internet Files folder emptied: 21604604 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 92418961 bytes
->Flash cache emptied: 2898375 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Poiyh
->Temp folder emptied: 587193 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2402044 bytes
%systemroot%\System32 .tmp files removed: 94225 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 134.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: Fabi
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: Poiyh

Total Flash Files Cleaned = 0.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.14.1 log created on 10042010_033445

Files\Folders moved on Reboot...
C:\Documents and Settings\Fabi\Local Settings\Temp\~DF8EBD.tmp moved successfully.
C:\Documents and Settings\Fabi\Local Settings\Temporary Internet Files\Content.IE5\VI07AIP8\msg_btn[1].htm moved successfully.
C:\Documents and Settings\Fabi\Local Settings\Temporary Internet Files\Content.IE5\QN03L49B\game_guide[1].htm moved successfully.
C:\Documents and Settings\Fabi\Local Settings\Temporary Internet Files\Content.IE5\QN03L49B\room_textlink[1].htm moved successfully.
C:\Documents and Settings\Fabi\Local Settings\Temporary Internet Files\Content.IE5\PQY9K588\index[1].htm moved successfully.
C:\Documents and Settings\Fabi\Local Settings\Temporary Internet Files\Content.IE5\PQY9K588\room_ad[5].htm moved successfully.
C:\Documents and Settings\Fabi\Local Settings\Temporary Internet Files\Content.IE5\PQY9K588\room_ad_vertical[7].htm moved successfully.
C:\Documents and Settings\Fabi\Local Settings\Temporary Internet Files\Content.IE5\IEC2NNOD\lobby_ad[1].htm moved successfully.

Registry entries deleted on Reboot...

Imperio

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:12 PM

Posted 03 October 2010 - 08:59 PM

that should have done it as that is a clean install but I did find something in the last log


Try now to install the antivirus

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Imperio

Imperio
  • Topic Starter

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tirana, Albania
  • Local time:10:12 PM

Posted 03 October 2010 - 09:00 PM

well... i do only have a very old version of norton antivirus... Can u suggest me some other ? or i just try it for now?
Imperio

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:12 PM

Posted 03 October 2010 - 09:08 PM

I use the first one

1) Antivir PersonalEdition Classic - Free anti-virus software for Windows. Detects and removes more than 50,000 viruses. Free support.
2) avast! 4 Home Edition - Anti-virus program for Windows. The home edition is freeware for noncommercial users.
3) AVG Anti-Virus Free Edition - Free edition of the AVG anti-virus program for Windows.


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Imperio

Imperio
  • Topic Starter

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tirana, Albania
  • Local time:10:12 PM

Posted 03 October 2010 - 09:16 PM

It is the same... I Downloaded AVIRA and just as the installation process starts the installation window disappears. I am sure it will be the same with all the others!

Regards, Imperio




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users