Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Fishy happenings going on lately with the computer


  • This topic is locked This topic is locked
17 replies to this topic

#1 s14lenny

s14lenny

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:10:24 AM

Posted 26 September 2010 - 06:07 AM

Oookay, so recently, i thought i had contracted a virus. I had various programs just crashing randomly, i don't recall which ones exactly. I then get a pop up that said it would run various scans on my computer(it was a window with status bars and names of various well known malware scanning software next to them)

Now I to this date, do not know what compelled me to do this but i let it do it! I don't know, maybe i thought it was my avg or avast or something(which it was only after-the-fact i realized that i had no such thing installed sad.gif ) Anywho, it asks me if i want to install any of those and thankfully, i remembered i had a download of an AVG program in my documents so i opted to use that instead. So i run the avg scan and its getting like trojan after trojan. Now i think after a couple of scans, it stops pulling them up so i think, "okay, coast clear" so i power it down for the night. The next day, however, i go to turn it on, i log in and boom! I get a message that explorer has crash so now i have no desktop at all. I turn power off, restart, go to hit f8 to get it so it will boot to safe mode, and i realize that on the screen where you have to use the arrow keys to select 'safe mode', the keyboard is powered off. I suspect that the virus in question had smartly decided to remove that function whenever that screen would pop up because the second the 30 seconds were up to hit 'boot in safe mode' it would begin to work.

Its been like this all week, i made a post on one of the forums but haven't got any response. I think i wasn't detailed enough or something so i posted this one here. On a side note, i go to turn it on tonight and explorer.exe didn't crash(which is why im making this post, i think i have a window of opportunity to fix this) Also, i get two error messages saying "Error loading C:\Windows\system32\d2nq7vt5o.dll - the specified module could not be found"

Thats about all i can think of, here is the DDS tool log:


DDS (Ver_10-03-17.01) - NTFSX64
Run by Lenny at 4:32:55.85 on Sun 09/26/2010
Internet Explorer: 8.0.6001.18943 BrowserJavaVersion: 1.6.0_17
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.4094.2039 [GMT -5:00]

SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\dldtcoms.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\WerFault.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files (x86)\Dell V305\dldtmon.exe
C:\Windows\RAVCpl64.exe
C:\Program Files (x86)\DNA\btdna.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Dell V305\dldtMsdMon.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Lenny\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\AIM\aim.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Logitech\Z Cinema\Z Cinema.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Lenny\AppData\Local\Apps\2.0\DPEXV8ER.BGN\AQADZTT9.KJZ\curs..tion_eee711038731a406_0004.0000_172b37d8269e5e48\CurseClient.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Registry Mechanic\regmech.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\Taskmgr.exe
C:\Users\Lenny\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lenny\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lenny\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Lenny\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uStart Page = www.google.com
uDefault_Page_URL = hxxp://www.msn.com
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
mStart Page = hxxp://www.yahoo.com/
mDefault_Page_URL = hxxp://www.yahoo.com/
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
mLocal Page = c:\windows\syswow64\blank.htm
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files (x86)\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~2\spybot~1\SDHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: c:\windows\syswow64\pwy3i71.dll: {b1ba40a1-75f2-51bd-f313-04b03a2c8953} - c:\windows\syswow64\pwy3i71.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
uRun: [BitTorrent DNA] "c:\program files (x86)\dna\btdna.exe"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Steam] "c:\program files (x86)\steam\Steam.exe" -silent
uRun: [SpybotSD TeaTimer] c:\program files (x86)\spybot - search & destroy\TeaTimer.exe
uRun: [Skype] "c:\program files (x86)\skype\\phone\Skype.exe" /nosplash /minimized
uRun: [RegistryMechanic] c:\program files (x86)\registry mechanic\RMTray.exe /H
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Google Update] "c:\users\lenny\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Aim] "c:\program files (x86)\aim\aim.exe" /d locale=en-US
uRun: [uPc+kt0NYkNJsiv] rundll32.exe c:\windows\system32\d2nq7vt5o.dll, SystemServer
uRun: [Lvehhfngpta] c:\users\lenny\appdata\local\temp\services.exe
uRun: [Mquta] c:\windows\services.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files (x86)\java\jre6\bin\jusched.exe"
mRun: [SSDMonitor] "c:\program files (x86)\common files\pc tools\smonitor\SSDMonitor.exe"
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"
mRun: [Lvehhfngmec] c:\users\lenny\appdata\local\temp\lc5mes.exe
mRun: [uPc+kt0NYkNJsiv] rundll32.exe c:\windows\system32\d2nq7vt5o.dll, SystemServer
mRun: [wupdate] %SystemRoot%\system32\wupdate.exe
mRun: [Lvehhfngpta] c:\users\lenny\appdata\local\temp\services.exe
mRun: [Mquta] c:\windows\services.exe
mRun: [AVG9_TRAY] c:\progra~2\avg\avg9\avgtray.exe
mExplorerRun: [59t4] c:\users\lenny\appdata\local\temp\1biq.exe
StartupFolder: c:\users\lenny\appdata\roaming\microsoft\windows\start menu\programs\startup\CurseClientStartup.ccip
StartupFolder: c:\users\lenny\appdata\roaming\micros~1\windows\startm~1\programs\startup\zcinem~1.lnk - c:\users\lenny\appdata\roaming\microsoft\installer\{6e166235-49f3-4dfa-a102-1e86675abd11}\StartupShortcut_6E16623549F34DFAA1021E86675ABD11.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 2 (0x2)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~2\micros~3\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~2\spybot~1\SDHelper.dll
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.9.113.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} - hxxps://ediagnostics.lexmark.com/serval.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files (x86)\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL
STS: c:\windows\syswow64\pwy3i71.dll: {b1ba40a1-75f2-51bd-f313-04b03a2c8953} - c:\windows\syswow64\pwy3i71.dll
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files (x86)\avg\avg9\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun-x64: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun-x64: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
mRun-x64: [dldtmon.exe] "c:\program files (x86)\dell v305\dldtmon.exe"
mRun-x64: [dldtamon] "c:\program files (x86)\dell v305\dldtamon.exe"
mRun-x64: [RtHDVCpl] RAVCpl64.exe
mRun-x64: [Skytel] Skytel.exe
AppInit_DLLs-X64: avgrssta.dll
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R1 AvgLdx64;AVG Free AVI Loader Driver x64;c:\windows\system32\drivers\avgldx64.sys [2010-9-21 269904]
R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;c:\windows\system32\drivers\avgmfx64.sys [2010-9-21 35536]
R1 AvgTdiA;AVG Free Network Redirector x64;c:\windows\system32\drivers\avgtdia.sys [2010-9-21 317520]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv64.sys [2010-2-17 14920]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\saskutil64.sys [2010-2-17 12360]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore64.exe [2010-6-29 128752]
R2 avg9wd;AVG Free WatchDog;c:\program files (x86)\avg\avg9\avgwdsvc.exe [2010-9-26 308136]
R2 dldt_device;dldt_device;c:\windows\system32\dldtcoms.exe -service --> c:\windows\system32\dldtcoms.exe -service [?]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\common files\pc tools\smonitor\StartManSvc.exe [2010-1-16 583640]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\spybot - search & destroy\SDWinSec.exe [2009-8-10 1153368]
S2 dldtCATSCustConnectService;dldtCATSCustConnectService;c:\windows\system32\spool\drivers\x64\3\dldtserv.exe [2009-7-9 33448]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2009-9-30 93184]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe [2010-3-8 25832]
S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-1-20 19968]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2010-4-19 50688]
S3 ZCinema_TSHD_x64;ZCinema TruSurround HD driver;c:\windows\system32\drivers\ZCinema_SRS_amd64.sys [2007-8-22 21648]

============== File Associations ===============

JSEFile=c:\windows\syswow64\WScript.exe "%1" %*

=============== Created Last 30 ================

2010-09-26 09:32:27 0 ----a-w- c:\users\lenny\defogger_reenable
2010-09-26 05:24:15 610304 ----a-w- c:\windows\system32\drivers\http.sys
2010-09-26 05:24:15 33792 ----a-w- c:\windows\system32\httpapi.dll
2010-09-26 05:24:15 32768 ----a-w- c:\windows\system32\nshhttp.dll
2010-09-26 05:24:15 31232 ----a-w- c:\windows\syswow64\httpapi.dll
2010-09-26 05:24:15 24064 ----a-w- c:\windows\syswow64\nshhttp.dll
2010-09-26 05:16:31 73216 ----a-w- c:\windows\system32\MSDvbNP.ax
2010-09-26 05:16:31 101376 ----a-w- c:\windows\system32\MSNP.ax
2010-09-26 05:16:30 80896 ----a-w- c:\windows\syswow64\MSNP.ax
2010-09-26 05:16:30 57856 ----a-w- c:\windows\syswow64\MSDvbNP.ax
2010-09-26 05:16:30 227328 ----a-w- c:\windows\system32\mpg2splt.ax
2010-09-26 05:16:30 177664 ----a-w- c:\windows\syswow64\mpg2splt.ax
2010-09-26 05:16:29 558592 ----a-w- c:\windows\system32\EncDec.dll
2010-09-26 05:16:29 428544 ----a-w- c:\windows\syswow64\EncDec.dll
2010-09-26 05:16:29 375808 ----a-w- c:\windows\system32\psisdecd.dll
2010-09-26 05:16:29 293376 ----a-w- c:\windows\syswow64\psisdecd.dll
2010-09-26 05:16:29 289792 ----a-w- c:\windows\system32\psisrndr.ax
2010-09-26 05:16:29 217088 ----a-w- c:\windows\syswow64\psisrndr.ax
2010-09-26 05:11:57 13048 ----a-w- c:\windows\system32\avgrssta.dll
2010-09-25 05:20:41 12240896 ----a-w- c:\windows\syswow64\NlsLexicons0007.dll
2010-09-25 05:20:41 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2010-09-25 05:20:40 2644480 ----a-w- c:\windows\syswow64\NlsLexicons0009.dll
2010-09-25 05:20:40 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2010-09-25 05:20:33 1361920 ----a-w- c:\windows\system32\NaturalLanguage6.dll
2010-09-25 05:20:32 801280 ----a-w- c:\windows\syswow64\NaturalLanguage6.dll
2010-09-25 05:07:27 656384 ----a-w- c:\windows\system32\kerberos.dll
2010-09-25 05:07:27 499712 ----a-w- c:\windows\syswow64\kerberos.dll
2010-09-25 05:07:24 437248 ----a-w- c:\windows\system32\WSDApi.dll
2010-09-25 05:07:24 351232 ----a-w- c:\windows\syswow64\WSDApi.dll
2010-09-25 05:05:55 3080704 ----a-w- c:\windows\explorer.exe
2010-09-25 05:04:59 599040 ----a-w- c:\windows\syswow64\msfeeds.dll
2010-09-25 05:03:50 730112 ----a-w- c:\windows\system32\msdtcprx.dll
2010-09-25 04:57:31 97792 ----a-w- c:\windows\system32\wlanhlp.dll
2010-09-25 04:57:31 615936 ----a-w- c:\windows\system32\wlansvc.dll
2010-09-25 04:57:31 376832 ----a-w- c:\windows\system32\wlansec.dll
2010-09-25 04:57:31 353280 ----a-w- c:\windows\system32\wlanmsm.dll
2010-09-25 04:57:31 302592 ----a-w- c:\windows\syswow64\wlansec.dll
2010-09-25 04:57:31 293376 ----a-w- c:\windows\syswow64\wlanmsm.dll
2010-09-25 04:57:31 2608803 ----a-w- c:\windows\system32\wlan.tmf
2010-09-25 04:57:31 157184 ----a-w- c:\windows\system32\L2SecHC.dll
2010-09-25 04:57:31 127488 ----a-w- c:\windows\syswow64\L2SecHC.dll
2010-09-25 04:57:30 86528 ----a-w- c:\windows\system32\wlanapi.dll
2010-09-25 04:35:28 99176 ----a-w- c:\windows\syswow64\PresentationHostProxy.dll
2010-09-25 04:35:28 49472 ----a-w- c:\windows\syswow64\netfxperf.dll
2010-09-25 04:35:28 48960 ----a-w- c:\windows\system32\netfxperf.dll
2010-09-25 04:35:28 444752 ----a-w- c:\windows\system32\mscoree.dll
2010-09-25 04:35:28 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2010-09-25 04:35:28 297808 ----a-w- c:\windows\syswow64\mscoree.dll
2010-09-25 04:35:28 295264 ----a-w- c:\windows\syswow64\PresentationHost.exe
2010-09-25 04:35:28 1942856 ----a-w- c:\windows\system32\dfshim.dll
2010-09-25 04:35:28 1130824 ----a-w- c:\windows\syswow64\dfshim.dll
2010-09-25 04:35:28 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-09-25 04:34:19 0 d-sh--w- c:\windows\syswow64\%APPDATA%
2010-09-23 03:23:12 0 d-----w- c:\windows\pss
2010-09-23 03:19:05 98304 ----a-w- c:\windows\syswow64\cabview.dll
2010-09-23 03:19:05 218112 ----a-w- c:\windows\system32\wintrust.dll
2010-09-23 03:19:05 171520 ----a-w- c:\windows\syswow64\wintrust.dll
2010-09-23 03:19:05 104960 ----a-w- c:\windows\system32\cabview.dll
2010-09-23 01:21:14 0 d-----w- c:\users\lenny\appdata\roaming\SUPERAntiSpyware.com
2010-09-23 01:21:14 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2010-09-23 01:21:10 0 d-----w- c:\programdata\!SASCORE
2010-09-23 01:21:08 0 d-----w- c:\program files\SUPERAntiSpyware
2010-09-22 02:18:44 0 d--h--w- C:\$AVG
2010-09-22 02:18:43 317520 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2010-09-22 02:18:39 35536 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2010-09-22 02:18:39 269904 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2010-09-22 02:18:38 0 d-----w- c:\windows\system32\drivers\Avg
2010-09-22 02:04:08 0 d-----w- c:\programdata\Update
2010-09-19 05:24:11 0 d-----w- c:\programdata\AIM
2010-09-19 05:24:10 0 d-----w- c:\program files (x86)\common files\Software Update Utility
2010-09-19 05:24:10 0 d-----w- c:\program files (x86)\AIM
2010-09-19 05:24:09 0 d-----w- c:\program files (x86)\common files\AOL
2010-09-19 05:23:53 374 ---ha-w- C:\IPH.PH
2010-09-12 18:42:31 0 d-----w- C:\Wow ptr
2010-09-04 03:22:05 0 d-----w- c:\program files\iPod
2010-09-04 03:22:04 0 d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2010-09-04 03:22:04 0 d-----w- c:\program files\iTunes
2010-09-04 03:22:04 0 d-----w- c:\program files (x86)\iTunes
2010-09-04 03:20:23 0 d-----w- c:\program files\Bonjour
2010-09-04 03:20:23 0 d-----w- c:\program files (x86)\Bonjour

==================== Find3M ====================

2010-09-26 05:54:08 86016 ----a-w- c:\windows\inf\infstor.dat
2010-09-26 05:54:08 51200 ----a-w- c:\windows\inf\infpub.dat
2010-09-26 05:54:05 86016 ----a-w- c:\windows\inf\infstrng.dat
2010-09-26 05:54:05 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-08-17 14:04:48 267776 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-27 23:55:50 95520 ----a-w- c:\windows\system32\dnssd.dll
2010-07-27 23:55:50 237856 ----a-w- c:\windows\system32\dnssdX.dll
2010-07-27 23:55:50 119584 ----a-w- c:\windows\system32\dns-sd.exe
2010-07-27 23:44:10 91424 ----a-w- c:\windows\syswow64\dnssd.dll
2010-07-27 23:44:10 197920 ----a-w- c:\windows\syswow64\dnssdX.dll
2010-07-27 23:44:10 107808 ----a-w- c:\windows\syswow64\dns-sd.exe
2010-07-26 16:55:26 11581440 ----a-w- c:\windows\syswow64\shell32.dll
2008-01-21 03:21:14 174 --sha-w- c:\program files\desktop.ini
2008-01-21 03:21:14 174 --sha-w- c:\program files (x86)\desktop.ini
2006-11-02 15:14:32 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 15:14:32 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 15:14:32 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 15:14:32 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-11-24 21:40:28 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2010-05-23 16:13:21 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\temp\cookies\index.dat
2010-05-23 16:13:21 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\temp\history\history.ie5\index.dat
2010-05-23 16:13:21 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 4:33:21.09 ===============

P.S. when i ran the GMER program, all the boxes except "Services, libraries" and the one below that, were grayed out. I don't know. Help!

Attached Files



BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:24 PM

Posted 30 September 2010 - 06:00 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.

Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    drivers32 /all
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.sys /90
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32
    ahcix86s.sys
    nvrd32.sys
    user32.dll
    ws2_32.dll
    /md5stop
    %systemroot%\*. /mp /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    CREATERESTOREPOINT

  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new OTL log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


In your reply, please post both OTL logs and the GMER log.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 s14lenny

s14lenny
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:10:24 AM

Posted 30 September 2010 - 07:43 PM

I still have two rundll32 errors appearing on my screen when i log in. Explorer.exe isn't crashing anymore(though i have only turned the computer off twice since i last posted) and thats about it. here are the logs as requested:


OTL logfile created on: 9/30/2010 6:32:44 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Lenny\Downloads
64bit-Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 26.00% Memory free
8.00 Gb Paging File | 5.00 Gb Available in Paging File | 64.00% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279.46 Gb Total Space | 144.07 Gb Free Space | 51.56% Space Free | Partition Type: NTFS
Drive D: | 149.05 Gb Total Space | 122.59 Gb Free Space | 82.25% Space Free | Partition Type: NTFS
Drive E: | 931.39 Gb Total Space | 499.48 Gb Free Space | 53.63% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 931.51 Gb Total Space | 931.37 Gb Free Space | 99.98% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: UNKNOWN
Current User Name: Lenny
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/30 18:31:48 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Lenny\Downloads\OTL.exe
PRC - [2010/09/26 00:11:57 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgtray.exe
PRC - [2010/09/26 00:11:56 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
PRC - [2010/09/21 00:40:50 | 000,977,976 | ---- | M] (Google Inc.) -- C:\Users\Lenny\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2010/08/24 21:35:37 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/07/04 19:47:41 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\DNA\btdna.exe
PRC - [2010/01/30 18:06:39 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2009/10/14 16:43:06 | 003,217,368 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Registry Mechanic\RegMech.exe
PRC - [2009/10/14 16:42:38 | 000,583,640 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2009/10/14 16:42:38 | 000,104,408 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/06/24 01:27:40 | 000,025,840 | ---- | M] () -- C:\Program Files (x86)\Dell V305\dldtmsdmon.exe
PRC - [2008/06/24 01:26:16 | 000,668,912 | ---- | M] () -- C:\Program Files (x86)\Dell V305\dldtmon.exe


========== Modules (SafeList) ==========

MOD - [2010/09/30 18:31:48 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Lenny\Downloads\OTL.exe
MOD - [2008/01/20 21:49:08 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2008/01/20 21:47:14 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\PnkBstrA.exe -- (PnkBstrA)
SRV:64bit: - [2010/06/29 12:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2009/07/09 18:48:34 | 001,044,648 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\dldtcoms.exe -- (dldt_device)
SRV:64bit: - [2009/07/09 18:48:28 | 000,033,448 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\dldtserv.exe -- (dldtCATSCustConnectService)
SRV:64bit: - [2008/01/20 21:51:22 | 000,252,928 | ---- | M] () [On_Demand | Running] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2008/01/20 21:51:03 | 000,598,016 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2008/01/20 21:50:23 | 000,195,584 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2008/01/20 21:46:39 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/09/26 00:11:56 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/07/02 12:05:18 | 000,395,048 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/03/18 14:27:14 | 001,020,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/08 20:33:26 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- c:\Program Files (x86)\Steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2010/01/30 18:06:39 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2009/10/14 16:42:38 | 000,583,640 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/02/25 11:38:12 | 000,595,184 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\dldtcoms.exe -- (dldt_device)
SRV - [2008/01/20 21:46:08 | 000,428,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/20 21:46:08 | 000,211,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)
DRV:64bit: - [2010/09/26 00:11:57 | 000,317,520 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgtdia.sys -- (AvgTdiA)
DRV:64bit: - [2010/09/26 00:11:57 | 000,035,536 | ---- | M] () [File_System | System | Running] -- C:\Windows\SysNative\Drivers\avgmfx64.sys -- (AvgMfx64)
DRV:64bit: - [2010/09/26 00:11:55 | 000,269,904 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgldx64.sys -- (AvgLdx64)
DRV:64bit: - [2010/04/19 20:47:42 | 000,050,688 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/02/17 13:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 13:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2009/10/22 15:10:30 | 000,069,320 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2009/10/22 15:09:12 | 000,084,808 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/02/14 01:56:14 | 000,160,768 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/01/20 21:51:03 | 000,460,800 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2008/01/20 21:46:34 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/01/20 21:46:00 | 000,019,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2007/08/22 15:26:32 | 000,021,648 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZCinema_SRS_amd64.sys -- (ZCinema_TSHD_x64)
DRV:64bit: - [2006/09/18 16:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV - [2009/08/27 18:58:31 | 000,020,544 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2007/02/07 13:27:46 | 000,014,104 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2368538248-2756442690-910610396-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKU\S-1-5-21-2368538248-2756442690-910610396-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.live.com [binary data]
IE - HKU\S-1-5-21-2368538248-2756442690-910610396-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
IE - HKU\S-1-5-21-2368538248-2756442690-910610396-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2368538248-2756442690-910610396-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKU\S-1-5-21-2368538248-2756442690-910610396-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2368538248-2756442690-910610396-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2368538248-2756442690-910610396-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-2368538248-2756442690-910610396-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[2010/07/15 16:04:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2008/09/03 19:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npbittorrent.dll
[2010/09/16 08:33:38 | 000,002,075 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google_search.xml

O1 HOSTS File: ([2010/04/25 14:34:24 | 000,392,729 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 13565 more lines...
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (C:\Windows\SysWow64\pwy3i71.dll) - {B1BA40A1-75F2-51BD-F313-04B03A2C8953} - C:\Windows\SysWow64\pwy3i71.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-2368538248-2756442690-910610396-1000\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4:64bit: - HKLM..\Run: [dldtamon] C:\Program Files (x86)\Dell V305\dldtamon.exe ()
O4:64bit: - HKLM..\Run: [dldtmon.exe] C:\Program Files (x86)\Dell V305\dldtmon.exe ()
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL ()
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.DLL ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Lvehhfngmec] C:\Users\Lenny\AppData\Local\Temp\lc5mes.exe File not found
O4 - HKLM..\Run: [Lvehhfngpta] C:\Users\Lenny\AppData\Local\Temp\services.exe File not found
O4 - HKLM..\Run: [Mquta] C:\Windows\services.exe File not found
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKLM..\Run: [uPc+kt0NYkNJsiv] C:\Windows\SysWow64\d2nq7vt5o.DLL File not found
O4 - HKLM..\Run: [wupdate] C:\Windows\SysWow64\wupdate.exe File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2368538248-2756442690-910610396-1000..\Run: [Aim] C:\Program Files (x86)\AIM\aim.exe (AOL Inc.)
O4 - HKU\S-1-5-21-2368538248-2756442690-910610396-1000..\Run: [BitTorrent DNA] C:\Program Files (x86)\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-2368538248-2756442690-910610396-1000..\Run: [Lvehhfngpta] C:\Users\Lenny\AppData\Local\Temp\services.exe File not found
O4 - HKU\S-1-5-21-2368538248-2756442690-910610396-1000..\Run: [Mquta] C:\Windows\services.exe File not found
O4 - HKU\S-1-5-21-2368538248-2756442690-910610396-1000..\Run: [RegistryMechanic] C:\Program Files (x86)\Registry Mechanic\RMTray.exe (PC Tools )
O4 - HKU\S-1-5-21-2368538248-2756442690-910610396-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-2368538248-2756442690-910610396-1000..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-2368538248-2756442690-910610396-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-2368538248-2756442690-910610396-1000..\Run: [uPc+kt0NYkNJsiv] C:\Windows\SysWow64\d2nq7vt5o.DLL File not found
O4 - HKU\S-1-5-21-2368538248-2756442690-910610396-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2368538248-2756442690-910610396-1001..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Lenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: C:\Users\Lenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Z Cinema.lnk = C:\Users\Lenny\AppData\Roaming\Microsoft\Installer\{6E166235-49F3-4DFA-A102-1E86675ABD11}\StartupShortcut_6E16623549F34DFAA1021E86675ABD11.exe (Macrovision Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 59t4 = C:\Users\Lenny\AppData\Local\Temp\1biq.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.9.113.cab (CDownloadCtrl Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} https://ediagnostics.lexmark.com/serval.cab (Lexmark eDiagnostics Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.2
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe ()
O20 - HKU\S-1-5-21-2368538248-2756442690-910610396-1000 Winlogon: Shell - (EXPLORER.EXE) - EXPLORER.EXE ()
O20 - HKU\S-1-5-21-2368538248-2756442690-910610396-1001 Winlogon: Shell - (C:\Windows\eHome\McrMgr.exe) - C:\Windows\ehome\McrMgr.exe (Microsoft Corporation)
O22 - SharedTaskScheduler: {B1BA40A1-75F2-51BD-F313-04B03A2C8953} - jsfsue98jfi8dfjijse - C:\Windows\SysWow64\pwy3i71.dll File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{c44d4d3f-9d8a-11df-833a-001fd08e81a0}\Shell\AutoRun\command - "" = H:\Installer.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll ()

MsConfig:64bit - State: "bootini" - Reg Error: Key error.

Drivers32:64bit: aux - wdmaud.drv ()
Drivers32:64bit: aux1 - wdmaud.drv ()
Drivers32:64bit: aux2 - wdmaud.drv ()
Drivers32:64bit: aux3 - wdmaud.drv ()
Drivers32:64bit: aux4 - wdmaud.drv ()
Drivers32:64bit: aux5 - wdmaud.drv ()
Drivers32:64bit: aux6 - wdmaud.drv ()
Drivers32:64bit: aux7 - wdmaud.drv ()
Drivers32:64bit: aux8 - wdmaud.drv ()
Drivers32:64bit: aux9 - wdmaud.drv ()
Drivers32:64bit: midi - wdmaud.drv ()
Drivers32:64bit: midi1 - wdmaud.drv ()
Drivers32:64bit: midi2 - wdmaud.drv ()
Drivers32:64bit: midi3 - wdmaud.drv ()
Drivers32:64bit: midi4 - wdmaud.drv ()
Drivers32:64bit: midi5 - wdmaud.drv ()
Drivers32:64bit: midi6 - wdmaud.drv ()
Drivers32:64bit: midi7 - wdmaud.drv ()
Drivers32:64bit: midi8 - wdmaud.drv ()
Drivers32:64bit: midi9 - wdmaud.drv ()
Drivers32:64bit: midimapper - midimap.dll ()
Drivers32:64bit: mixer - wdmaud.drv ()
Drivers32:64bit: mixer1 - wdmaud.drv ()
Drivers32:64bit: mixer2 - wdmaud.drv ()
Drivers32:64bit: mixer3 - wdmaud.drv ()
Drivers32:64bit: mixer4 - wdmaud.drv ()
Drivers32:64bit: mixer5 - wdmaud.drv ()
Drivers32:64bit: mixer6 - wdmaud.drv ()
Drivers32:64bit: mixer7 - wdmaud.drv ()
Drivers32:64bit: mixer8 - wdmaud.drv ()
Drivers32:64bit: mixer9 - wdmaud.drv ()
Drivers32:64bit: msacm.imaadpcm - imaadp32.acm ()
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm ()
Drivers32:64bit: msacm.msadpcm - msadp32.acm ()
Drivers32:64bit: msacm.msg711 - msg711.acm ()
Drivers32:64bit: msacm.msgsm610 - msgsm32.acm ()
Drivers32:64bit: vidc.i420 - iyuv_32.dll ()
Drivers32:64bit: vidc.iyuv - iyuv_32.dll ()
Drivers32:64bit: vidc.mrle - msrle32.dll ()
Drivers32:64bit: vidc.msvc - msvidc32.dll ()
Drivers32:64bit: vidc.uyvy - msyuv.dll ()
Drivers32:64bit: vidc.yuy2 - msyuv.dll ()
Drivers32:64bit: vidc.yvu9 - tsbyuv.dll ()
Drivers32:64bit: vidc.yvyu - msyuv.dll ()
Drivers32:64bit: wave - wdmaud.drv ()
Drivers32:64bit: wave1 - wdmaud.drv ()
Drivers32:64bit: wave2 - wdmaud.drv ()
Drivers32:64bit: wave3 - wdmaud.drv ()
Drivers32:64bit: wave4 - wdmaud.drv ()
Drivers32:64bit: wave5 - wdmaud.drv ()
Drivers32:64bit: wave6 - wdmaud.drv ()
Drivers32:64bit: wave7 - wdmaud.drv ()
Drivers32:64bit: wave8 - wdmaud.drv ()
Drivers32:64bit: wave9 - wdmaud.drv ()
Drivers32:64bit: wavemapper - msacm32.drv ()
Drivers32: aux - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: aux2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: aux3 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: aux4 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: aux5 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: aux6 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: aux7 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: aux8 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: aux9 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi3 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi4 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi5 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi6 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi7 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi8 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi9 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\SysWow64\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer4 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer5 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer6 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer7 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer8 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer9 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\SysWow64\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\SysWow64\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\SysWow64\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\SysWow64\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\Windows\SysWow64\sirenacm.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.ffds - C:\Program Files (x86)\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
Drivers32: vidc.i420 - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\SysWow64\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\SysWow64\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\Windows\SysWow64\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave4 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave5 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave6 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave7 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave8 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave9 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\SysWow64\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 90 Days ==========

[2010/09/24 23:34:19 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2010/09/22 22:23:12 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/09/22 20:21:14 | 000,000,000 | ---D | C] -- C:\Users\Lenny\AppData\Roaming\SUPERAntiSpyware.com
[2010/09/22 20:21:14 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/09/22 20:21:10 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2010/09/22 20:21:08 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/09/21 21:18:44 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/09/21 21:18:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\Avg
[2010/09/21 21:04:14 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server
[2010/09/21 21:04:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Update
[2010/09/19 13:27:16 | 000,000,000 | ---D | C] -- C:\Users\Lenny\Desktop\Sandman Volume 1 - Preludes and Nocturnes
[2010/09/19 00:24:14 | 000,000,000 | ---D | C] -- C:\Users\Lenny\AppData\Local\AOL
[2010/09/19 00:24:14 | 000,000,000 | ---D | C] -- C:\Users\Lenny\AppData\Local\AIM
[2010/09/19 00:24:14 | 000,000,000 | ---D | C] -- C:\Users\Lenny\AppData\Roaming\acccore
[2010/09/19 00:24:11 | 000,000,000 | ---D | C] -- C:\ProgramData\AIM
[2010/09/19 00:24:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Software Update Utility
[2010/09/19 00:24:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AIM
[2010/09/19 00:24:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AOL
[2010/09/12 13:42:31 | 000,000,000 | ---D | C] -- C:\Wow ptr
[2010/09/07 00:39:01 | 000,000,000 | ---D | C] -- C:\Users\Lenny\Documents\Zombie Shooter 2 Demo Saves
[2010/09/03 22:22:05 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/09/03 22:22:04 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/09/03 22:22:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/09/03 22:22:04 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2010/09/03 22:21:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/09/03 22:20:23 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/09/03 22:20:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010/08/01 13:15:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StarCraft
[2010/07/30 19:56:28 | 000,000,000 | ---D | C] -- C:\Users\Lenny\Documents\My Received Files
[2010/07/30 19:49:28 | 000,000,000 | ---D | C] -- C:\Users\Lenny\Tracing
[2010/07/30 19:48:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2010/07/30 19:48:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live SkyDrive
[2010/07/30 19:47:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2010/07/30 19:45:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2010/07/23 19:09:00 | 000,000,000 | ---D | C] -- C:\Users\Lenny\AppData\Roaming\vlc
[2010/07/17 09:53:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2010/07/15 16:06:45 | 000,000,000 | ---D | C] -- C:\Users\Lenny\AppData\Roaming\Vidalia
[2010/07/11 00:28:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vidalia Bundle
[2010/07/05 03:05:02 | 000,000,000 | ---D | C] -- C:\Users\Lenny\Documents\Bioshock2
[2010/07/05 03:05:02 | 000,000,000 | ---D | C] -- C:\Users\Lenny\AppData\Roaming\Bioshock2
[2010/07/05 03:04:09 | 000,000,000 | RH-D | C] -- C:\Users\Lenny\AppData\Roaming\SecuROM
[2010/07/05 01:37:44 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/07/04 01:30:41 | 000,000,000 | ---D | C] -- C:\Users\Lenny\Desktop\Ripped stuff
[2009/08/13 13:05:56 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\dldtinpa.dll
[2009/08/13 13:05:55 | 000,647,168 | ---- | C] ( ) -- C:\Windows\SysWow64\dldtpmui.dll
[2009/08/13 13:05:55 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\dldtiesc.dll
[2009/08/13 13:05:53 | 000,843,776 | ---- | C] ( ) -- C:\Windows\SysWow64\dldtusb1.dll
[2009/08/13 13:05:52 | 001,105,920 | ---- | C] ( ) -- C:\Windows\SysWow64\dldtserv.dll
[2009/08/13 13:05:52 | 000,569,344 | ---- | C] ( ) -- C:\Windows\SysWow64\dldtlmpm.dll
[2009/08/13 13:05:52 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\dldtprox.dll
[2009/08/13 13:05:51 | 000,663,552 | ---- | C] ( ) -- C:\Windows\SysWow64\dldthbn3.dll
[2009/08/13 13:05:50 | 000,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\dldtcomc.dll
[2009/08/13 13:05:50 | 000,376,832 | ---- | C] ( ) -- C:\Windows\SysWow64\dldtcomm.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/09/30 18:32:45 | 007,077,888 | ---- | M] () -- C:\Users\Lenny\NTUSER.DAT
[2010/09/30 17:56:59 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2368538248-2756442690-910610396-1000UA.job
[2010/09/30 17:20:24 | 065,495,753 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/09/30 17:19:32 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/30 17:19:32 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/30 10:56:59 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2368538248-2756442690-910610396-1000Core.job
[2010/09/30 08:35:34 | 000,000,434 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{EFC39D03-BA34-4662-A7BD-3342142D9CEE}.job
[2010/09/29 03:03:06 | 000,719,536 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/09/29 03:03:06 | 000,607,168 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/09/29 03:03:06 | 000,104,808 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/09/27 04:34:24 | 000,002,545 | ---- | M] () -- C:\Users\Lenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Z Cinema.lnk
[2010/09/27 03:19:38 | 000,375,000 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/09/27 03:19:36 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/27 03:19:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/27 03:17:56 | 000,524,288 | -HS- | M] () -- C:\Users\Lenny\NTUSER.DAT{be684c37-6c1f-11df-8b48-001fd08e81a0}.TMContainer00000000000000000001.regtrans-ms
[2010/09/27 03:17:56 | 000,065,536 | -HS- | M] () -- C:\Users\Lenny\NTUSER.DAT{be684c37-6c1f-11df-8b48-001fd08e81a0}.TM.blf
[2010/09/27 03:17:55 | 003,964,155 | -H-- | M] () -- C:\Users\Lenny\AppData\Local\IconCache.db
[2010/09/27 03:17:46 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\SmartDefrag.job
[2010/09/26 04:32:27 | 000,000,000 | ---- | M] () -- C:\Users\Lenny\defogger_reenable
[2010/09/26 04:08:05 | 000,100,856 | ---- | M] () -- C:\Users\Lenny\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/09/26 00:18:38 | 000,000,219 | ---- | M] () -- C:\Windows\win.ini
[2010/09/26 00:11:57 | 000,317,520 | ---- | M] () -- C:\Windows\SysNative\drivers\avgtdia.sys
[2010/09/26 00:11:57 | 000,035,536 | ---- | M] () -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2010/09/26 00:11:57 | 000,013,048 | ---- | M] () -- C:\Windows\SysNative\avgrssta.dll
[2010/09/26 00:11:55 | 000,269,904 | ---- | M] () -- C:\Windows\SysNative\drivers\avgldx64.sys
[2010/09/24 23:59:27 | 523,130,228 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/09/23 17:28:53 | 000,001,460 | ---- | M] () -- C:\Users\Lenny\AppData\Local\d3d9caps64.dat
[2010/09/22 22:33:33 | 000,240,640 | ---- | M] () -- C:\Users\Lenny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/22 20:21:10 | 000,001,766 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/09/21 21:18:43 | 000,001,699 | ---- | M] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2010/09/21 21:18:39 | 000,113,461 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\iavichjw.avm
[2010/09/21 21:18:38 | 006,061,540 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\avi7.avg
[2010/09/21 21:18:38 | 000,492,629 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\miniavi.avg
[2010/09/21 21:18:38 | 000,142,495 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\microavi.avg
[2010/09/19 13:15:07 | 000,002,255 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/09/19 00:24:14 | 000,000,374 | -H-- | M] () -- C:\IPH.PH
[2010/09/19 00:24:11 | 000,001,786 | ---- | M] () -- C:\Users\Lenny\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2010/09/19 00:24:11 | 000,001,762 | ---- | M] () -- C:\Users\Public\Desktop\AIM.lnk
[2010/09/16 05:15:05 | 000,000,713 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2010/08/01 13:16:35 | 000,000,954 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft - Brood War.lnk
[2010/07/27 18:55:50 | 000,237,856 | ---- | M] () -- C:\Windows\SysNative\dnssdX.dll
[2010/07/27 18:55:50 | 000,119,584 | ---- | M] () -- C:\Windows\SysNative\dns-sd.exe
[2010/07/27 18:55:50 | 000,095,520 | ---- | M] () -- C:\Windows\SysNative\dnssd.dll
[2010/07/23 19:02:19 | 019,473,201 | ---- | M] () -- C:\Users\Lenny\Desktop\vlc-1.1.1-win32.exe
[2010/07/15 21:22:30 | 000,010,477 | ---- | M] () -- C:\Users\Lenny\Documents\092a09f83e9946cbd2e28fd3ee337121.jpg
[2010/07/15 21:09:46 | 000,006,176 | ---- | M] () -- C:\Users\Lenny\Documents\d8f59952a1a9bc9d274e43868c6ac635.jpg
[2010/07/10 03:45:58 | 000,708,868 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/07/04 19:48:24 | 000,000,056 | -H-- | M] () -- C:\Windows\SysWow64\ezsidmv.dat
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/28 13:15:54 | 000,002,048 | ---- | C] () -- C:\Windows\SysNative\tzres.dll
[2010/09/26 18:53:16 | 000,442,368 | ---- | C] () -- C:\Windows\SysNative\winhttp.dll
[2010/09/26 18:53:10 | 000,975,360 | ---- | C] () -- C:\Windows\SysNative\inetcomm.dll
[2010/09/26 05:23:35 | 000,293,376 | ---- | C] () -- C:\Users\Lenny\Desktop\gmer.exe
[2010/09/26 04:32:27 | 000,000,000 | ---- | C] () -- C:\Users\Lenny\defogger_reenable
[2010/09/26 00:46:03 | 000,024,064 | ---- | C] () -- C:\Windows\SysNative\wsepno.dll
[2010/09/26 00:46:02 | 000,106,605 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2010/09/26 00:46:02 | 000,106,605 | ---- | C] () -- C:\Windows\SysNative\StructuredQuerySchema.bin
[2010/09/26 00:46:02 | 000,080,896 | ---- | C] () -- C:\Windows\SysNative\propdefs.dll
[2010/09/26 00:46:02 | 000,067,072 | ---- | C] () -- C:\Windows\SysNative\xmlfilter.dll
[2010/09/26 00:46:02 | 000,044,544 | ---- | C] () -- C:\Windows\SysNative\msscb.dll
[2010/09/26 00:46:02 | 000,043,008 | ---- | C] () -- C:\Windows\SysNative\rtffilt.dll
[2010/09/26 00:46:02 | 000,037,376 | ---- | C] () -- C:\Windows\SysNative\mimefilt.dll
[2010/09/26 00:46:02 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2010/09/26 00:46:02 | 000,018,904 | ---- | C] () -- C:\Windows\SysNative\StructuredQuerySchemaTrivial.bin
[2010/09/26 00:46:02 | 000,012,288 | ---- | C] () -- C:\Windows\SysNative\msshooks.dll
[2010/09/26 00:46:01 | 011,967,524 | ---- | C] () -- C:\Windows\SysWow64\korwbrkr.lex
[2010/09/26 00:46:01 | 011,967,524 | ---- | C] () -- C:\Windows\SysNative\korwbrkr.lex
[2010/09/26 00:46:01 | 001,676,800 | ---- | C] () -- C:\Windows\SysNative\chsbrkr.dll
[2010/09/26 00:46:01 | 000,921,088 | ---- | C] () -- C:\Windows\SysNative\propsys.dll
[2010/09/26 00:46:01 | 000,347,648 | ---- | C] () -- C:\Windows\SysNative\srchadmin.dll
[2010/09/26 00:46:01 | 000,317,440 | ---- | C] () -- C:\Windows\SysNative\thawbrkr.dll
[2010/09/26 00:46:01 | 000,316,928 | ---- | C] () -- C:\Windows\SysNative\msshsq.dll
[2010/09/26 00:46:01 | 000,280,064 | ---- | C] () -- C:\Windows\SysNative\offfilt.dll
[2010/09/26 00:46:01 | 000,181,248 | ---- | C] () -- C:\Windows\SysNative\nlhtml.dll
[2010/09/26 00:46:01 | 000,180,736 | ---- | C] () -- C:\Windows\SysNative\korwbrkr.dll
[2010/09/26 00:46:01 | 000,087,552 | ---- | C] () -- C:\Windows\SysNative\mssitlb.dll
[2010/09/26 00:46:01 | 000,040,448 | ---- | C] () -- C:\Windows\SysNative\mssprxy.dll
[2010/09/26 00:46:00 | 006,100,480 | ---- | C] () -- C:\Windows\SysNative\chtbrkr.dll
[2010/09/26 00:46:00 | 002,209,792 | ---- | C] () -- C:\Windows\SysNative\tquery.dll
[2010/09/26 00:46:00 | 002,176,512 | ---- | C] () -- C:\Windows\SysNative\mssrch.dll
[2010/09/26 00:46:00 | 000,796,672 | ---- | C] () -- C:\Windows\SysNative\mssvp.dll
[2010/09/26 00:46:00 | 000,598,016 | ---- | C] () -- C:\Windows\SysNative\SearchIndexer.exe
[2010/09/26 00:46:00 | 000,498,176 | ---- | C] () -- C:\Windows\SysNative\mssph.dll
[2010/09/26 00:46:00 | 000,312,832 | ---- | C] () -- C:\Windows\SysNative\mssphtb.dll
[2010/09/26 00:46:00 | 000,258,560 | ---- | C] () -- C:\Windows\SysNative\SearchProtocolHost.exe
[2010/09/26 00:46:00 | 000,112,128 | ---- | C] () -- C:\Windows\SysNative\SearchFilterHost.exe
[2010/09/26 00:46:00 | 000,078,848 | ---- | C] () -- C:\Windows\SysNative\msstrc.dll
[2010/09/26 00:46:00 | 000,073,728 | ---- | C] () -- C:\Windows\SysNative\msscntrs.dll
[2010/09/26 00:24:15 | 000,610,304 | ---- | C] () -- C:\Windows\SysNative\drivers\http.sys
[2010/09/26 00:24:15 | 000,033,792 | ---- | C] () -- C:\Windows\SysNative\httpapi.dll
[2010/09/26 00:24:15 | 000,032,768 | ---- | C] () -- C:\Windows\SysNative\nshhttp.dll
[2010/09/26 00:16:31 | 000,101,376 | ---- | C] () -- C:\Windows\SysNative\MSNP.ax
[2010/09/26 00:16:31 | 000,073,216 | ---- | C] () -- C:\Windows\SysNative\MSDvbNP.ax
[2010/09/26 00:16:30 | 000,227,328 | ---- | C] () -- C:\Windows\SysNative\mpg2splt.ax
[2010/09/26 00:16:29 | 000,558,592 | ---- | C] () -- C:\Windows\SysNative\EncDec.dll
[2010/09/26 00:16:29 | 000,375,808 | ---- | C] () -- C:\Windows\SysNative\psisdecd.dll
[2010/09/26 00:16:29 | 000,289,792 | ---- | C] () -- C:\Windows\SysNative\psisrndr.ax
[2010/09/26 00:11:57 | 000,013,048 | ---- | C] () -- C:\Windows\SysNative\avgrssta.dll
[2010/09/25 00:20:41 | 012,240,896 | ---- | C] () -- C:\Windows\SysNative\NlsLexicons0007.dll
[2010/09/25 00:20:40 | 002,644,480 | ---- | C] () -- C:\Windows\SysNative\NlsLexicons0009.dll
[2010/09/25 00:20:33 | 001,361,920 | ---- | C] () -- C:\Windows\SysNative\NaturalLanguage6.dll
[2010/09/25 00:09:41 | 000,474,624 | ---- | C] () -- C:\Windows\SysNative\srcore.dll
[2010/09/25 00:09:41 | 000,382,008 | ---- | C] () -- C:\Windows\SysNative\ci.dll
[2010/09/25 00:09:41 | 000,339,968 | ---- | C] () -- C:\Windows\SysNative\rstrui.exe
[2010/09/25 00:09:41 | 000,058,368 | ---- | C] () -- C:\Windows\SysNative\setbcdlocale.dll
[2010/09/25 00:09:41 | 000,046,592 | ---- | C] () -- C:\Windows\SysNative\srclient.dll
[2010/09/25 00:09:41 | 000,018,944 | ---- | C] () -- C:\Windows\SysNative\srdelayed.exe
[2010/09/25 00:09:41 | 000,007,680 | ---- | C] () -- C:\Windows\SysNative\kbd106n.dll
[2010/09/25 00:09:39 | 001,078,840 | ---- | C] () -- C:\Windows\SysNative\winload.efi
[2010/09/25 00:09:39 | 001,066,040 | ---- | C] () -- C:\Windows\SysNative\winload.exe
[2010/09/25 00:09:39 | 000,993,336 | ---- | C] () -- C:\Windows\SysNative\winresume.efi
[2010/09/25 00:09:39 | 000,982,584 | ---- | C] () -- C:\Windows\SysNative\winresume.exe
[2010/09/25 00:09:39 | 000,022,072 | ---- | C] () -- C:\Windows\SysNative\kd1394.dll
[2010/09/25 00:09:34 | 013,426,176 | ---- | C] () -- C:\Windows\SysNative\wmp.dll
[2010/09/25 00:09:32 | 000,372,736 | ---- | C] () -- C:\Windows\SysNative\unregmp2.exe
[2010/09/25 00:09:30 | 008,147,968 | ---- | C] () -- C:\Windows\SysNative\wmploc.DLL
[2010/09/25 00:09:24 | 001,420,176 | ---- | C] () -- C:\Windows\SysNative\drivers\tcpip.sys
[2010/09/25 00:09:23 | 001,691,648 | ---- | C] () -- C:\Windows\SysNative\connect.dll
[2010/09/25 00:09:21 | 000,143,360 | ---- | C] () -- C:\Windows\SysNative\msvfw32.dll
[2010/09/25 00:09:21 | 000,108,544 | ---- | C] () -- C:\Windows\SysNative\avifil32.dll
[2010/09/25 00:09:21 | 000,093,184 | ---- | C] () -- C:\Windows\SysNative\mciavi32.dll
[2010/09/25 00:09:21 | 000,076,800 | ---- | C] () -- C:\Windows\SysNative\avicap32.dll
[2010/09/25 00:09:21 | 000,054,272 | ---- | C] () -- C:\Windows\SysNative\iyuv_32.dll
[2010/09/25 00:09:21 | 000,038,400 | ---- | C] () -- C:\Windows\SysNative\msvidc32.dll
[2010/09/25 00:09:21 | 000,025,600 | ---- | C] () -- C:\Windows\SysNative\msyuv.dll
[2010/09/25 00:09:21 | 000,015,872 | ---- | C] () -- C:\Windows\SysNative\msrle32.dll
[2010/09/25 00:09:21 | 000,013,824 | ---- | C] () -- C:\Windows\SysNative\tsbyuv.dll
[2010/09/25 00:09:15 | 000,189,440 | ---- | C] () -- C:\Windows\SysNative\t2embed.dll
[2010/09/25 00:09:13 | 000,791,552 | ---- | C] () -- C:\Windows\SysNative\localspl.dll
[2010/09/25 00:09:10 | 000,817,664 | ---- | C] () -- C:\Windows\SysNative\jscript.dll
[2010/09/25 00:09:07 | 004,240,384 | ---- | C] () -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2010/09/25 00:09:07 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\Apphlpdm.dll
[2010/09/25 00:09:03 | 000,366,080 | ---- | C] () -- C:\Windows\SysNative\atmfd.dll
[2010/09/25 00:09:03 | 000,096,256 | ---- | C] () -- C:\Windows\SysNative\fontsub.dll
[2010/09/25 00:09:03 | 000,048,128 | ---- | C] () -- C:\Windows\SysNative\atmlib.dll
[2010/09/25 00:09:02 | 001,280,512 | ---- | C] () -- C:\Windows\SysNative\rpcrt4.dll
[2010/09/25 00:09:01 | 000,818,688 | ---- | C] () -- C:\Windows\SysNative\WMSPDMOD.DLL
[2010/09/25 00:07:27 | 000,656,384 | ---- | C] () -- C:\Windows\SysNative\kerberos.dll
[2010/09/25 00:07:24 | 000,437,248 | ---- | C] () -- C:\Windows\SysNative\WSDApi.dll
[2010/09/25 00:06:48 | 012,898,304 | ---- | C] () -- C:\Windows\SysNative\shell32.dll
[2010/09/25 00:06:46 | 000,660,480 | ---- | C] () -- C:\Windows\SysNative\win32spl.dll
[2010/09/25 00:06:45 | 000,084,480 | ---- | C] () -- C:\Windows\SysNative\asycfilt.dll
[2010/09/25 00:06:42 | 000,273,920 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb10.sys
[2010/09/25 00:06:42 | 000,135,168 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb.sys
[2010/09/25 00:06:41 | 000,105,472 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb20.sys
[2010/09/25 00:06:40 | 000,462,848 | ---- | C] () -- C:\Windows\SysNative\drivers\srv.sys
[2010/09/25 00:06:40 | 000,174,592 | ---- | C] () -- C:\Windows\SysNative\drivers\srv2.sys
[2010/09/25 00:06:39 | 002,749,952 | ---- | C] () -- C:\Windows\SysNative\win32k.sys
[2010/09/25 00:06:37 | 000,612,864 | ---- | C] () -- C:\Windows\SysNative\vbscript.dll
[2010/09/25 00:06:36 | 000,295,936 | ---- | C] () -- C:\Windows\SysNative\raschap.dll
[2010/09/25 00:06:36 | 000,280,576 | ---- | C] () -- C:\Windows\SysNative\rastls.dll
[2010/09/25 00:06:34 | 001,208,832 | ---- | C] () -- C:\Windows\SysNative\kernel32.dll
[2010/09/25 00:06:33 | 000,025,600 | ---- | C] () -- C:\Windows\SysNative\amxread.dll
[2010/09/25 00:06:33 | 000,015,872 | ---- | C] () -- C:\Windows\SysNative\apilogen.dll
[2010/09/25 00:06:32 | 000,388,608 | ---- | C] () -- C:\Windows\SysNative\gdi32.dll
[2010/09/25 00:06:31 | 000,050,688 | ---- | C] () -- C:\Windows\SysNative\rtutils.dll
[2010/09/25 00:06:30 | 000,295,424 | ---- | C] () -- C:\Windows\SysNative\MP4SDECD.DLL
[2010/09/25 00:06:29 | 000,267,776 | ---- | C] () -- C:\Windows\SysNative\spoolsv.exe
[2010/09/25 00:06:27 | 001,729,024 | ---- | C] () -- C:\Windows\SysNative\msxml6.dll
[2010/09/25 00:06:22 | 004,690,832 | ---- | C] () -- C:\Windows\SysNative\ntoskrnl.exe
[2010/09/25 00:06:21 | 000,324,608 | ---- | C] () -- C:\Windows\SysNative\PortableDeviceApi.dll
[2010/09/25 00:06:20 | 000,361,984 | ---- | C] () -- C:\Windows\SysNative\es.dll
[2010/09/25 00:06:18 | 002,423,296 | ---- | C] () -- C:\Windows\SysNative\mstscax.dll
[2010/09/25 00:06:16 | 000,531,456 | ---- | C] () -- C:\Windows\SysNative\IPSECSVC.DLL
[2010/09/25 00:06:15 | 000,880,640 | ---- | C] () -- C:\Windows\SysNative\timedate.cpl
[2010/09/25 00:06:12 | 001,030,656 | ---- | C] () -- C:\Windows\SysNative\printfilterpipelinesvc.exe
[2010/09/25 00:06:12 | 000,718,336 | ---- | C] () -- C:\Windows\SysNative\rpcss.dll
[2010/09/25 00:06:11 | 000,231,424 | ---- | C] () -- C:\Windows\SysNative\sdohlp.dll
[2010/09/25 00:06:11 | 000,163,840 | ---- | C] () -- C:\Windows\SysNative\iasrecst.dll
[2010/09/25 00:06:11 | 000,075,776 | ---- | C] () -- C:\Windows\SysNative\iasads.dll
[2010/09/25 00:06:11 | 000,061,440 | ---- | C] () -- C:\Windows\SysNative\iasdatastore.dll
[2010/09/25 00:06:11 | 000,036,352 | ---- | C] () -- C:\Windows\SysNative\printfilterpipelineprxy.dll
[2010/09/25 00:06:11 | 000,024,576 | ---- | C] () -- C:\Windows\SysNative\iashost.exe
[2010/09/25 00:06:05 | 000,594,432 | ---- | C] () -- C:\Windows\SysNative\RMActivate.exe
[2010/09/25 00:06:04 | 000,594,944 | ---- | C] () -- C:\Windows\SysNative\RMActivate_isv.exe
[2010/09/25 00:06:01 | 000,535,040 | ---- | C] () -- C:\Windows\SysNative\secproc.dll
[2010/09/25 00:06:01 | 000,534,016 | ---- | C] () -- C:\Windows\SysNative\secproc_isv.dll
[2010/09/25 00:06:01 | 000,413,696 | ---- | C] () -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2010/09/25 00:06:01 | 000,409,600 | ---- | C] () -- C:\Windows\SysNative\RMActivate_ssp.exe
[2010/09/25 00:06:00 | 000,457,216 | ---- | C] () -- C:\Windows\SysNative\msdrm.dll
[2010/09/25 00:06:00 | 000,159,232 | ---- | C] () -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2010/09/25 00:06:00 | 000,158,720 | ---- | C] () -- C:\Windows\SysNative\secproc_ssp.dll
[2010/09/25 00:05:50 | 003,547,136 | ---- | C] () -- C:\Windows\SysNative\mf.dll
[2010/09/25 00:05:50 | 002,900,480 | ---- | C] () -- C:\Windows\SysNative\WMVCORE.DLL
[2010/09/25 00:05:47 | 001,692,160 | ---- | C] () -- C:\Windows\SysNative\lsasrv.dll
[2010/09/25 00:05:47 | 000,515,656 | ---- | C] () -- C:\Windows\SysNative\drivers\ksecdd.sys
[2010/09/25 00:05:47 | 000,268,800 | ---- | C] () -- C:\Windows\SysNative\msv1_0.dll
[2010/09/25 00:05:47 | 000,205,312 | ---- | C] () -- C:\Windows\SysNative\wdigest.dll
[2010/09/25 00:05:47 | 000,094,720 | ---- | C] () -- C:\Windows\SysNative\secur32.dll
[2010/09/25 00:05:47 | 000,011,264 | ---- | C] () -- C:\Windows\SysNative\lsass.exe
[2010/09/25 00:05:45 | 000,088,576 | ---- | C] () -- C:\Windows\SysNative\atl.dll
[2010/09/25 00:05:44 | 000,557,056 | ---- | C] () -- C:\Windows\SysNative\wmpeffects.dll
[2010/09/25 00:05:43 | 000,227,328 | ---- | C] () -- C:\Windows\SysNative\scrobj.dll
[2010/09/25 00:05:43 | 000,197,632 | ---- | C] () -- C:\Windows\SysNative\scrrun.dll
[2010/09/25 00:05:43 | 000,166,912 | ---- | C] () -- C:\Windows\SysNative\wscript.exe
[2010/09/25 00:05:43 | 000,147,968 | ---- | C] () -- C:\Windows\SysNative\cscript.exe
[2010/09/25 00:05:43 | 000,144,384 | ---- | C] () -- C:\Windows\SysNative\wshom.ocx
[2010/09/25 00:05:43 | 000,101,888 | ---- | C] () -- C:\Windows\SysNative\wshext.dll
[2010/09/25 00:05:38 | 000,141,312 | ---- | C] () -- C:\Windows\SysNative\netiohlp.dll
[2010/09/25 00:05:37 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\NETSTAT.EXE
[2010/09/25 00:05:37 | 000,023,040 | ---- | C] () -- C:\Windows\SysNative\ARP.EXE
[2010/09/25 00:05:37 | 000,021,504 | ---- | C] () -- C:\Windows\SysNative\ROUTE.EXE
[2010/09/25 00:05:37 | 000,017,920 | ---- | C] () -- C:\Windows\SysNative\netevent.dll
[2010/09/25 00:05:37 | 000,012,800 | ---- | C] () -- C:\Windows\SysNative\MRINFO.EXE
[2010/09/25 00:05:37 | 000,011,264 | ---- | C] () -- C:\Windows\SysNative\finger.exe
[2010/09/25 00:05:37 | 000,010,752 | ---- | C] () -- C:\Windows\SysNative\TCPSVCS.EXE
[2010/09/25 00:05:37 | 000,010,240 | ---- | C] () -- C:\Windows\SysNative\HOSTNAME.EXE
[2010/09/25 00:04:58 | 012,473,344 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2010/09/25 00:04:58 | 009,250,816 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2010/09/25 00:04:57 | 002,335,744 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2010/09/25 00:04:57 | 001,487,360 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2010/09/25 00:04:57 | 001,147,904 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2010/09/25 00:04:57 | 000,459,776 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2010/09/25 00:04:56 | 001,638,912 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2010/09/25 00:04:56 | 001,538,560 | ---- | C] () -- C:\Windows\SysNative\inetcpl.cpl
[2010/09/25 00:04:56 | 001,062,912 | ---- | C] () -- C:\Windows\SysNative\mstime.dll
[2010/09/25 00:04:56 | 000,706,048 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2010/09/25 00:04:56 | 000,252,416 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
[2010/09/25 00:04:56 | 000,243,712 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2010/09/25 00:04:56 | 000,219,136 | ---- | C] () -- C:\Windows\SysNative\ieui.dll
[2010/09/25 00:04:56 | 000,162,816 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe
[2010/09/25 00:04:56 | 000,132,096 | ---- | C] () -- C:\Windows\SysNative\iesysprep.dll
[2010/09/25 00:04:56 | 000,077,312 | ---- | C] () -- C:\Windows\SysNative\iesetup.dll
[2010/09/25 00:04:56 | 000,072,192 | ---- | C] () -- C:\Windows\SysNative\iernonce.dll
[2010/09/25 00:04:56 | 000,071,680 | ---- | C] () -- C:\Windows\SysNative\msfeedsbs.dll
[2010/09/25 00:04:56 | 000,070,656 | ---- | C] () -- C:\Windows\SysNative\ie4uinit.exe
[2010/09/25 00:04:56 | 000,057,667 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2010/09/25 00:04:56 | 000,057,667 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2010/09/25 00:04:56 | 000,031,744 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2010/09/25 00:04:56 | 000,012,288 | ---- | C] () -- C:\Windows\SysNative\msfeedssync.exe
[2010/09/25 00:04:35 | 001,245,184 | ---- | C] () -- C:\Windows\SysNative\WMNetMgr.dll
[2010/09/25 00:04:35 | 000,112,640 | ---- | C] () -- C:\Windows\SysNative\logagent.exe
[2010/09/25 00:04:32 | 001,875,456 | ---- | C] () -- C:\Windows\SysNative\msxml3.dll
[2010/09/25 00:04:29 | 001,570,816 | ---- | C] () -- C:\Windows\SysNative\quartz.dll
[2010/09/25 00:04:28 | 000,883,200 | ---- | C] () -- C:\Windows\SysNative\drivers\dxgkrnl.sys
[2010/09/25 00:04:28 | 000,399,872 | ---- | C] () -- C:\Windows\SysNative\emdmgmt.dll
[2010/09/25 00:04:28 | 000,187,392 | ---- | C] () -- C:\Windows\SysNative\drivers\nwifi.sys
[2010/09/25 00:04:28 | 000,048,640 | ---- | C] () -- C:\Windows\SysNative\dataclen.dll
[2010/09/25 00:04:28 | 000,047,104 | ---- | C] () -- C:\Windows\SysNative\cdd.dll
[2010/09/25 00:04:26 | 000,140,288 | ---- | C] () -- C:\Windows\SysNative\drivers\rmcast.sys
[2010/09/25 00:04:26 | 000,017,408 | ---- | C] () -- C:\Windows\SysNative\wshrm.dll
[2010/09/25 00:04:25 | 000,082,944 | ---- | C] () -- C:\Windows\SysNative\msasn1.dll
[2010/09/25 00:04:13 | 000,094,208 | ---- | C] () -- C:\Windows\SysNative\drivers\pacer.sys
[2010/09/25 00:04:13 | 000,039,424 | ---- | C] () -- C:\Windows\SysNative\traffic.dll
[2010/09/25 00:04:13 | 000,017,920 | ---- | C] () -- C:\Windows\SysNative\pacerprf.dll
[2010/09/25 00:04:13 | 000,016,896 | ---- | C] () -- C:\Windows\SysNative\wshqos.dll
[2010/09/25 00:04:10 | 000,202,752 | ---- | C] () -- C:\Windows\SysNative\wkssvc.dll
[2010/09/25 00:03:50 | 000,730,112 | ---- | C] () -- C:\Windows\SysNative\msdtcprx.dll
[2010/09/25 00:03:50 | 000,048,640 | ---- | C] () -- C:\Windows\SysNative\xolehlp.dll
[2010/09/25 00:03:49 | 000,072,192 | ---- | C] () -- C:\Windows\SysNative\l3codeca.acm
[2010/09/25 00:03:47 | 000,622,080 | ---- | C] () -- C:\Windows\SysNative\usp10.dll
[2010/09/25 00:03:34 | 000,176,640 | ---- | C] () -- C:\Windows\SysNative\Faultrep.dll
[2010/09/25 00:03:34 | 000,120,832 | ---- | C] () -- C:\Windows\SysNative\wersvc.dll
[2010/09/25 00:03:33 | 000,343,040 | ---- | C] () -- C:\Windows\SysNative\schannel.dll
[2010/09/25 00:03:26 | 000,368,128 | ---- | C] () -- C:\Windows\SysNative\wmpdxm.dll
[2010/09/25 00:03:26 | 000,009,216 | ---- | C] () -- C:\Windows\SysNative\spwmp.dll
[2010/09/25 00:03:26 | 000,005,120 | ---- | C] () -- C:\Windows\SysNative\msdxm.ocx
[2010/09/25 00:03:26 | 000,005,120 | ---- | C] () -- C:\Windows\SysNative\dxmasf.dll
[2010/09/25 00:03:25 | 000,043,520 | ---- | C] () -- C:\Windows\SysNative\msdxm.tlb
[2010/09/25 00:03:25 | 000,018,432 | ---- | C] () -- C:\Windows\SysNative\amcompat.tlb
[2010/09/24 23:57:31 | 002,608,803 | ---- | C] () -- C:\Windows\SysNative\wlan.tmf
[2010/09/24 23:57:31 | 000,615,936 | ---- | C] () -- C:\Windows\SysNative\wlansvc.dll
[2010/09/24 23:57:31 | 000,376,832 | ---- | C] () -- C:\Windows\SysNative\wlansec.dll
[2010/09/24 23:57:31 | 000,353,280 | ---- | C] () -- C:\Windows\SysNative\wlanmsm.dll
[2010/09/24 23:57:31 | 000,157,184 | ---- | C] () -- C:\Windows\SysNative\L2SecHC.dll
[2010/09/24 23:57:31 | 000,097,792 | ---- | C] () -- C:\Windows\SysNative\wlanhlp.dll
[2010/09/24 23:57:30 | 000,086,528 | ---- | C] () -- C:\Windows\SysNative\wlanapi.dll
[2010/09/24 23:51:41 | 002,621,440 | ---- | C] () -- C:\Windows\SysNative\wucltux.dll
[2010/09/24 23:51:41 | 002,424,024 | ---- | C] () -- C:\Windows\SysNative\wuaueng.dll
[2010/09/24 23:51:41 | 000,057,560 | ---- | C] () -- C:\Windows\SysNative\wuauclt.exe
[2010/09/24 23:51:41 | 000,043,744 | ---- | C] () -- C:\Windows\SysNative\wups2.dll
[2010/09/24 23:51:37 | 000,700,640 | ---- | C] () -- C:\Windows\SysNative\wuapi.dll
[2010/09/24 23:51:37 | 000,098,816 | ---- | C] () -- C:\Windows\SysNative\wudriver.dll
[2010/09/24 23:51:37 | 000,038,112 | ---- | C] () -- C:\Windows\SysNative\wups.dll
[2010/09/24 23:51:35 | 000,185,416 | ---- | C] () -- C:\Windows\SysNative\wuwebv.dll
[2010/09/24 23:51:35 | 000,036,864 | ---- | C] () -- C:\Windows\SysNative\wuapp.exe
[2010/09/24 23:35:28 | 001,942,856 | ---- | C] () -- C:\Windows\SysNative\dfshim.dll
[2010/09/24 23:35:28 | 000,444,752 | ---- | C] () -- C:\Windows\SysNative\mscoree.dll
[2010/09/24 23:35:28 | 000,320,352 | ---- | C] () -- C:\Windows\SysNative\PresentationHost.exe
[2010/09/24 23:35:28 | 000,109,912 | ---- | C] () -- C:\Windows\SysNative\PresentationHostProxy.dll
[2010/09/24 23:35:28 | 000,048,960 | ---- | C] () -- C:\Windows\SysNative\netfxperf.dll
[2010/09/22 22:19:05 | 000,218,112 | ---- | C] () -- C:\Windows\SysNative\wintrust.dll
[2010/09/22 22:19:05 | 000,104,960 | ---- | C] () -- C:\Windows\SysNative\cabview.dll
[2010/09/22 20:21:10 | 000,001,766 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/09/21 21:18:43 | 000,317,520 | ---- | C] () -- C:\Windows\SysNative\drivers\avgtdia.sys
[2010/09/21 21:18:43 | 000,001,699 | ---- | C] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2010/09/21 21:18:39 | 000,269,904 | ---- | C] () -- C:\Windows\SysNative\drivers\avgldx64.sys
[2010/09/21 21:18:39 | 000,113,461 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\iavichjw.avm
[2010/09/21 21:18:39 | 000,035,536 | ---- | C] () -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2010/09/21 21:18:38 | 065,495,753 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/09/21 21:18:38 | 006,061,540 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\avi7.avg
[2010/09/21 21:18:38 | 000,492,629 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\miniavi.avg
[2010/09/21 21:18:38 | 000,142,495 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\microavi.avg
[2010/09/19 00:24:11 | 000,001,786 | ---- | C] () -- C:\Users\Lenny\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2010/09/19 00:24:11 | 000,001,762 | ---- | C] () -- C:\Users\Public\Desktop\AIM.lnk
[2010/09/19 00:23:53 | 000,000,374 | -H-- | C] () -- C:\IPH.PH
[2010/09/06 19:33:42 | 000,411,276 | ---- | C] () -- C:\Users\Lenny\AppData\Local\dd_vcredistMSI2C03.txt
[2010/09/06 19:33:42 | 000,011,414 | ---- | C] () -- C:\Users\Lenny\AppData\Local\dd_vcredistUI2C03.txt
[2010/09/03 22:22:12 | 000,002,255 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/08/01 13:15:30 | 000,000,954 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft - Brood War.lnk
[2010/07/27 18:55:50 | 000,237,856 | ---- | C] () -- C:\Windows\SysNative\dnssdX.dll
[2010/07/27 18:55:50 | 000,119,584 | ---- | C] () -- C:\Windows\SysNative\dns-sd.exe
[2010/07/27 18:55:50 | 000,095,520 | ---- | C] () -- C:\Windows\SysNative\dnssd.dll
[2010/07/23 19:01:52 | 019,473,201 | ---- | C] () -- C:\Users\Lenny\Desktop\vlc-1.1.1-win32.exe
[2010/07/15 21:22:19 | 000,010,477 | ---- | C] () -- C:\Users\Lenny\Documents\092a09f83e9946cbd2e28fd3ee337121.jpg
[2010/07/15 21:09:38 | 000,006,176 | ---- | C] () -- C:\Users\Lenny\Documents\d8f59952a1a9bc9d274e43868c6ac635.jpg
[2010/07/10 03:45:58 | 000,708,868 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/07/04 19:48:24 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/06/23 19:29:39 | 000,014,976 | ---- | C] () -- C:\Windows\SysWow64\drivers\SBKUPNT.SYS
[2010/06/23 19:28:56 | 000,002,799 | ---- | C] () -- C:\Windows\SKLANG.INI
[2010/04/06 11:15:21 | 000,000,680 | ---- | C] () -- C:\Users\Lenny\AppData\Local\d3d9caps.dat
[2010/04/03 15:04:50 | 000,419,010 | ---- | C] () -- C:\Users\Lenny\AppData\Local\dd_vcredistMSI4178.txt
[2010/04/03 15:04:49 | 000,011,486 | ---- | C] () -- C:\Users\Lenny\AppData\Local\dd_vcredistUI4178.txt
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009/10/28 21:26:36 | 000,453,370 | ---- | C] () -- C:\Users\Lenny\AppData\Local\dd_vcredistMSI7ACC.txt
[2009/10/28 21:26:36 | 000,011,428 | ---- | C] () -- C:\Users\Lenny\AppData\Local\dd_vcredistUI7ACC.txt
[2009/09/30 15:07:44 | 002,466,534 | ---- | C] () -- C:\Users\Lenny\AppData\Local\dd_NET_Framework35_x64_MSI4D19.txt
[2009/09/30 14:59:23 | 000,200,326 | ---- | C] () -- C:\Users\Lenny\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
[2009/09/30 14:59:08 | 000,191,964 | ---- | C] () -- C:\Users\Lenny\AppData\Local\dd_dotnetfx35install.txt
[2009/09/30 14:59:08 | 000,002,690 | ---- | C] () -- C:\Users\Lenny\AppData\Local\uxeventlog.txt
[2009/09/30 14:59:08 | 000,000,002 | ---- | C] () -- C:\Users\Lenny\AppData\Local\dd_dotnetfx35error.txt
[2009/08/29 22:21:15 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2009/08/29 22:21:15 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2009/08/29 22:21:15 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2009/08/13 13:05:56 | 000,348,160 | ---- | C] () -- C:\Windows\SysWow64\DLDTinst.dll
[2009/08/13 13:05:56 | 000,335,872 | ---- | C] () -- C:\Windows\SysWow64\dldtcomx.dll
[2009/08/13 13:05:55 | 000,520,192 | ---- | C] () -- C:\Windows\SysWow64\dldtutil.dll
[2009/08/13 13:05:55 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\dldtjswr.dll
[2009/08/13 13:05:55 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\dldtinsr.dll
[2009/08/13 13:05:55 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\dldtcur.dll
[2009/08/13 13:05:54 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\dldtinsb.dll
[2009/08/13 13:05:54 | 000,176,128 | ---- | C] () -- C:\Windows\SysWow64\dldtins.dll
[2009/08/13 13:05:53 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\dldtcub.dll
[2009/08/13 13:05:53 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\dldtcu.dll
[2009/05/19 21:29:24 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2009/04/12 00:45:35 | 000,240,640 | ---- | C] () -- C:\Users\Lenny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/11 15:36:34 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2009/04/11 15:29:20 | 000,001,460 | ---- | C] () -- C:\Users\Lenny\AppData\Local\d3d9caps64.dat
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008/02/21 15:41:23 | 000,782,336 | ---- | C] () -- C:\Windows\SysWow64\dldtdrs.dll
[2008/02/19 17:25:56 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\dldtcaps.dll
[2008/01/22 02:05:12 | 000,077,906 | ---- | C] () -- C:\Windows\SysWow64\dldtcfg.dll
[2008/01/20 21:49:10 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 21:48:56 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2007/11/13 19:13:10 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\dldtcnv4.dll

========== LOP Check ==========

[2009/09/23 20:43:31 | 000,000,000 | -HSD | M] -- C:\Users\Lenny\AppData\Roaming\.#
[2010/09/19 00:26:59 | 000,000,000 | ---D | M] -- C:\Users\Lenny\AppData\Roaming\acccore
[2010/07/02 22:37:26 | 000,000,000 | ---D | M] -- C:\Users\Lenny\AppData\Roaming\Any Video Converter
[2010/03/18 18:25:13 | 000,000,000 | ---D | M] -- C:\Users\Lenny\AppData\Roaming\Arduino
[2010/07/10 20:23:31 | 000,000,000 | ---D | M] -- C:\Users\Lenny\AppData\Roaming\Bioshock2
[2010/08/26 03:10:29 | 000,000,000 | ---D | M] -- C:\Users\Lenny\AppData\Roaming\BitTorrent
[2010/02/12 10:57:56 | 000,000,000 | ---D | M] -- C:\Users\Lenny\AppData\Roaming\dBpoweramp
[2010/09/30 18:33:05 | 000,000,000 | ---D | M] -- C:\Users\Lenny\AppData\Roaming\DNA
[2009/12/23 23:15:16 | 000,000,000 | ---D | M] -- C:\Users\Lenny\AppData\Roaming\EVEMon
[2010/03/25 00:42:33 | 000,000,000 | ---D | M] -- C:\Users\Lenny\AppData\Roaming\GetRightToGo
[2010/06/27 02:46:16 | 000,000,000 | ---D | M] -- C:\Users\Lenny\AppData\Roaming\Gmote
[2010/01/31 01:17:05 | 000,000,000 | ---D | M] -- C:\Users\Lenny\AppData\Roaming\IObit
[2009/04/12 11:47:28 | 000,000,000 | ---D | M] -- C:\Users\Lenny\AppData\Roaming\Leadertech
[2010/06/20 19:37:44 | 000,000,000 | ---D | M] -- C:\Users\Lenny\AppData\Roaming\LolClient
[2009/09/26 02:52:46 | 000,000,000 | ---D | M] -- C:\Users\Lenny\AppData\Roaming\Orbit
[2010/06/01 22:41:27 | 000,000,000 | ---D | M] -- C:\Users\Lenny\AppData\Roaming\PMS
[2010/01/24 09:15:14 | 000,000,000 | ---D | M] -- C:\Users\Lenny\AppData\Roaming\Registry Mechanic
[2009/10/28 21:26:52 | 000,000,000 | ---D | M] -- C:\Users\Lenny\AppData\Roaming\runic games
[2009/08/13 15:53:49 | 000,000,000 | ---D | M] -- C:\Users\Lenny\AppData\Roaming\uTorrent
[2010/09/27 03:18:01 | 000,032,540 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/09/27 03:17:46 | 000,000,408 | ---- | M] () -- C:\Windows\Tasks\SmartDefrag.job
[2010/09/30 08:35:34 | 000,000,434 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{EFC39D03-BA34-4662-A7BD-3342142D9CEE}.job

========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2008/01/20 21:48:13 | 001,386,496 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\msvbvm60.dll
[2008/05/08 16:59:32 | 000,172,032 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\scrrun.dll

< %systemroot%\system32\*.sys /90 >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %SYSTEMDRIVE%\*.* >
[2008/01/20 21:49:22 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2009/04/11 18:17:47 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2009/02/27 04:41:58 | 000,171,136 | RHS- | M] () -- C:\grldr
[2010/09/19 00:24:14 | 000,000,374 | -H-- | M] () -- C:\IPH.PH
[2009/05/06 18:31:20 | 000,000,178 | ---- | M] () -- C:\lxbl.log
[2009/09/20 19:07:41 | 000,000,256 | ---- | M] () -- C:\lxcf.log
[2010/09/27 03:19:13 | 312,033,279 | -HS- | M] () -- C:\pagefile.sys
[2010/09/23 04:36:46 | 000,000,377 | ---- | M] () -- C:\rkill.log

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

< %systemroot%\*. /mp /s >


< MD5 for: AGP440.SYS >
[2008/01/20 21:45:58 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008/01/20 21:45:58 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/01/20 21:45:58 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2009/04/11 02:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 06:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2008/01/20 21:46:07 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2008/01/20 21:50:06 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009/04/11 02:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2008/01/20 21:47:35 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SysWOW64\netlogon.dll
[2008/01/20 21:47:35 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SysWOW64\netlogon.dll
[2008/01/20 21:47:35 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2008/01/20 21:46:02 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/20 21:49:34 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SysWOW64\scecli.dll
[2008/01/20 21:49:34 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SysWOW64\scecli.dll
[2008/01/20 21:49:34 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2008/01/20 21:48:56 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009/04/11 02:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll

< MD5 for: USER32.DLL >
[2008/01/20 21:48:20 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\Windows\SysWOW64\user32.dll
[2008/01/20 21:48:20 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\Windows\SysWOW64\user32.dll
[2008/01/20 21:48:20 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_33abb2175a1ab263\user32.dll
[2009/04/11 01:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_35972b23573c7daf\user32.dll
[2009/04/11 02:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=F3F5549E69AE8509342E67E4F972CA1C -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_2b4280d122dbbbb4\user32.dll
[2008/01/20 21:47:35 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_295707c525b9f068\user32.dll

< MD5 for: WS2_32.DLL >
[2008/01/20 21:49:38 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\Windows\SysWOW64\ws2_32.dll
[2008/01/20 21:49:38 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\Windows\SysWOW64\ws2_32.dll
[2008/01/20 21:49:38 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6001.18000_none_f2b7b0c2ce5605c4\ws2_32.dll
[2008/01/20 21:49:38 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6002.18005_none_f4a329cecb77d110\ws2_32.dll
[2009/04/11 02:11:31 | 000,264,704 | ---- | M] (Microsoft Corporation) MD5=BAB10B35E2D5EE0DC3DE05A177C52C50 -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6002.18005_none_50c1c55283d54246\ws2_32.dll
[2008/01/20 21:48:48 | 000,265,216 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6001.18000_none_4ed64c4686b376fa\ws2_32.dll

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

========== Alternate Data Streams ==========

@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:D1B5B4F1
< End of report >



EDIT: Paste log in message to remove bbcode tags

Attached Files

  • Attached File  OTL.Txt   156.5KB   4 downloads
  • Attached File  Gmr.log   390bytes   2 downloads
  • Attached File  Extras.Txt   106.27KB   3 downloads

Edited by etavares, 01 October 2010 - 05:47 PM.


#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:24 PM

Posted 01 October 2010 - 05:52 PM

Hello, s14lenny.

OK, looks like a leftover infection. Please copy and paste the contents of the log directly into your reply, it makes it much easier for me. Thanks!




P2P Warning and Request
The log shows that you have been using so called peer-to-peer or file-sharing programmes (in your case BitTorrent). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come a long way and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of their malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. I recommend that you uninstall this program. That is optional, however. If you decide to not uninstall, please refrain from using it until I let you know your computer is clean.

Registry Cleaner Warning


I also see that you have a registry cleaner installed (in your case Registry Mechanic). Here at BC, we do not recommend using registry cleaners. If you do use it, make sure to use a tool like ERUNT to back up your registry first. Merely backing it up yourself via regedit wont' help you if you can't boot up as a result!

See here for more information:
http://www.bleepingcomputer.com/forums/ind...p;#entry1326578


Multiple Antispyware programs


I also see that you have Spybot, Windows Defender and Super AntiSpyware installed and running in real time. You should only have one program running in each of these categories: anti-virus (you have AVG), firewall (you have windows) and antispyware( the three mentioned above). Having multiple antispyware programs running results in potential system instability as they jockey for access with real-time access scans. Please uninstall, or disable real time protection for 2 of the 3. I recommend keeping Super Antispyware. Leave AVG on for anti-virus control.




Step 1

1. We need to disable Spybot S&D's "TeaTimer"
TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.
  1. Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  2. If prompted with a legal dialog, accept the warning.
  3. Click and then on "Advanced Mode"
  4. You may be presented with a warning dialog. If so, press
  5. Click on
  6. Click on
  7. Uncheck this checkbox:
  8. Close/Exit Spybot Search and Destroy
Step 2

Install ERUNT
This tool will create a complete backup of your registry. After every reboot, a new backup is created to ensure we have a safety net after each step. Do not delete these backups until we are finished.
  • Please download erunt-setup.exe to your desktop.
  • Double click erunt-setup.exe. Follow the prompts and allow ERUNT to be installed with the settings at default. If you do not want a Desktop icon, feel free to uncheck that. When asked if you want to create an ERUNT entry in the startup folder, answer Yes. You can delete the installation file after use.
  • Erunt will open when the installation is finished. Check all items to be backed up in the default location and click OK.
The automatic part won't work with Vista or W7. Please backup manually using ERUNT with the following instructions:
  1. Please locate the ERUNT icon on the desktop. If it is not there, click Start and type ERUNT into the search box.
  2. Right click the ERUNT icon in the desktop or the Start menu, and select Run as Administrator
  3. Click OK at the first message box.
  4. Ensure the checkboxes for both "system registry" and "current user registry" are checked. Leave the default save location in there.
  5. Click OK.
  6. Click Yes to create the new folder.
  7. You'll get a window saying "registry backup complete" once it's done. Click OK. If you get an error message, please STOP here and let me know. Do not proceed with any additional instructions until you check back with me.
Step 3

We need run an OTL Script
  1. Please download OTL from one of the following mirrors if you do not still have it.
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Paste the following code under the Custom Scans/Fixes box at the bottom. Do not include the word "Code".
    CODE
    :OTL
    SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\PnkBstrA.exe -- (PnkBstrA)
    DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)
    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (C:\Windows\SysWow64\pwy3i71.dll) - {B1BA40A1-75F2-51BD-F313-04B03A2C8953} - C:\Windows\SysWow64\pwy3i71.dll File not found
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKU\S-1-5-21-2368538248-2756442690-910610396-1000\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O4 - HKLM..\Run: [Lvehhfngmec] C:\Users\Lenny\AppData\Local\Temp\lc5mes.exe File not found
    O4 - HKLM..\Run: [Lvehhfngpta] C:\Users\Lenny\AppData\Local\Temp\services.exe File not found
    O4 - HKLM..\Run: [Mquta] C:\Windows\services.exe File not found
    O4 - HKLM..\Run: [uPc+kt0NYkNJsiv] C:\Windows\SysWow64\d2nq7vt5o.DLL File not found
    O4 - HKLM..\Run: [wupdate] C:\Windows\SysWow64\wupdate.exe File not found
    O4 - HKU\S-1-5-21-2368538248-2756442690-910610396-1000..\Run: [Lvehhfngpta] C:\Users\Lenny\AppData\Local\Temp\services.exe File not found
    O4 - HKU\S-1-5-21-2368538248-2756442690-910610396-1000..\Run: [Mquta] C:\Windows\services.exe File not found
    O4 - HKU\S-1-5-21-2368538248-2756442690-910610396-1000..\Run: [uPc+kt0NYkNJsiv] C:\Windows\SysWow64\d2nq7vt5o.DLL File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 59t4 = C:\Users\Lenny\AppData\Local\Temp\1biq.exe File not found
    O13 - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
    O22 - SharedTaskScheduler: {B1BA40A1-75F2-51BD-F313-04B03A2C8953} - jsfsue98jfi8dfjijse - C:\Windows\SysWow64\pwy3i71.dll File not found
    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
    "DisableSR" = 0
  5. Click the Run Fix button at the top.
  6. let the program run unhindered and reboot when it is done.
  7. You will get a log when it is done, please post that in your reply.
  8. Please then create a new OTL report....
  9. Click the "Scan All Users" checkbox.
  10. Push the button.
  11. A report will open, copy and paste it in a reply here.
Step 4

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

etavares

EDIT BBcode tag

Edited by etavares, 01 October 2010 - 05:54 PM.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#5 s14lenny

s14lenny
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:10:24 AM

Posted 01 October 2010 - 07:09 PM

Okay, here are the logs as requested(Malware asked me to reboot the computer after the scan, just FYI)

MBAM Log:


10/1/2010 7:00:10 PM
mbam-log-2010-10-01 (19-00-10).txt

Scan type: Quick scan
Objects scanned: 149134
Time elapsed: 3 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{fe4c2c37-edc8-4c00-b864-3c38cf3ba834} (Adware.Adshot) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\nofolderoptions (Hijack.FolderOptions) -> Delete on reboot.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Public\Documents\Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Public\Documents\Server\server.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Lenny\AppData\Local\Temp\skaioejiesfjoee.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Lenny\AppData\Local\Temp\skahgfhasd.bat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Lenny\downloads\eXplorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

New OTL Log:


OTL logfile created on: 10/1/2010 6:50:42 PM - Run 2
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Lenny\Downloads
64bit-Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 56.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279.46 Gb Total Space | 144.36 Gb Free Space | 51.66% Space Free | Partition Type: NTFS
Drive D: | 149.05 Gb Total Space | 122.59 Gb Free Space | 82.25% Space Free | Partition Type: NTFS
Drive E: | 931.39 Gb Total Space | 499.48 Gb Free Space | 53.63% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 931.51 Gb Total Space | 931.37 Gb Free Space | 99.98% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: UNKNOWN
Current User Name: Lenny
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/09/30 18:31:48 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Lenny\Downloads\OTL.exe
PRC - [2010/09/26 00:11:57 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgtray.exe
PRC - [2010/09/26 00:11:56 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
PRC - [2010/09/21 00:40:50 | 000,977,976 | ---- | M] (Google Inc.) -- C:\Users\Lenny\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2010/08/24 21:35:37 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/07/04 19:47:41 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\DNA\btdna.exe
PRC - [2008/06/24 01:27:40 | 000,025,840 | ---- | M] () -- C:\Program Files (x86)\Dell V305\dldtmsdmon.exe
PRC - [2008/06/24 01:26:16 | 000,668,912 | ---- | M] () -- C:\Program Files (x86)\Dell V305\dldtmon.exe


========== Modules (SafeList) ==========

MOD - [2010/09/30 18:31:48 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Lenny\Downloads\OTL.exe
MOD - [2008/01/20 21:49:08 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2008/01/20 21:47:14 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll
MOD - [2006/11/02 10:01:00 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\linkinfo.dll
MOD - [2006/11/02 03:33:06 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\normaliz.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/06/29 12:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2009/07/09 18:48:34 | 001,044,648 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\dldtcoms.exe -- (dldt_device)
SRV:64bit: - [2009/07/09 18:48:28 | 000,033,448 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\dldtserv.exe -- (dldtCATSCustConnectService)
SRV:64bit: - [2008/01/20 21:51:22 | 000,252,928 | ---- | M] () [On_Demand | Running] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2008/01/20 21:51:03 | 000,598,016 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2008/01/20 21:50:23 | 000,195,584 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2008/01/20 21:46:39 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/09/26 00:11:56 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/07/02 12:05:18 | 000,395,048 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/03/18 14:27:14 | 001,020,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/08 20:33:26 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- c:\Program Files (x86)\Steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2008/02/25 11:38:12 | 000,595,184 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\dldtcoms.exe -- (dldt_device)
SRV - [2008/01/20 21:46:08 | 000,428,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/20 21:46:08 | 000,211,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/09/26 00:11:57 | 000,317,520 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgtdia.sys -- (AvgTdiA)
DRV:64bit: - [2010/09/26 00:11:57 | 000,035,536 | ---- | M] () [File_System | System | Running] -- C:\Windows\SysNative\Drivers\avgmfx64.sys -- (AvgMfx64)
DRV:64bit: - [2010/09/26 00:11:55 | 000,269,904 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgldx64.sys -- (AvgLdx64)
DRV:64bit: - [2010/04/19 20:47:42 | 000,050,688 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/02/17 13:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 13:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2009/10/22 15:10:30 | 000,069,320 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2009/10/22 15:09:12 | 000,084,808 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/02/14 01:56:14 | 000,160,768 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/01/20 21:51:03 | 000,460,800 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2008/01/20 21:46:34 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/01/20 21:46:00 | 000,019,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2007/08/22 15:26:32 | 000,021,648 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZCinema_SRS_amd64.sys -- (ZCinema_TSHD_x64)
DRV:64bit: - [2006/09/18 16:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV - [2009/08/27 18:58:31 | 000,020,544 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2007/02/07 13:27:46 | 000,014,104 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2368538248-2756442690-910610396-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKU\S-1-5-21-2368538248-2756442690-910610396-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.live.com [binary data]
IE - HKU\S-1-5-21-2368538248-2756442690-910610396-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
IE - HKU\S-1-5-21-2368538248-2756442690-910610396-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2368538248-2756442690-910610396-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKU\S-1-5-21-2368538248-2756442690-910610396-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2368538248-2756442690-910610396-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2368538248-2756442690-910610396-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


[2010/07/15 16:04:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2008/09/03 19:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npbittorrent.dll
[2010/09/16 08:33:38 | 000,002,075 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google_search.xml

O1 HOSTS File: ([2010/04/25 14:34:24 | 000,392,729 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 13565 more lines...
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O4:64bit: - HKLM..\Run: [dldtamon] C:\Program Files (x86)\Dell V305\dldtamon.exe ()
O4:64bit: - HKLM..\Run: [dldtmon.exe] C:\Program Files (x86)\Dell V305\dldtmon.exe ()
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL ()
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.DLL ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2368538248-2756442690-910610396-1000..\Run: [BitTorrent DNA] C:\Program Files (x86)\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-2368538248-2756442690-910610396-1000..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-2368538248-2756442690-910610396-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\Lenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: C:\Users\Lenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\Lenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Z Cinema.lnk = C:\Users\Lenny\AppData\Roaming\Microsoft\Installer\{6E166235-49F3-4DFA-A102-1E86675ABD11}\StartupShortcut_6E16623549F34DFAA1021E86675ABD11.exe (Macrovision Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-2368538248-2756442690-910610396-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKU\S-1-5-21-2368538248-2756442690-910610396-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.9.113.cab (CDownloadCtrl Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} https://ediagnostics.lexmark.com/serval.cab (Lexmark eDiagnostics Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.2
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe ()
O20 - HKU\S-1-5-21-2368538248-2756442690-910610396-1000 Winlogon: Shell - (EXPLORER.EXE) - EXPLORER.EXE ()
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{c44d4d3f-9d8a-11df-833a-001fd08e81a0}\Shell\AutoRun\command - "" = H:\Installer.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/01 18:35:51 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/10/01 18:33:07 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/10/01 18:32:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010/09/26 00:46:02 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mimefilt.dll
[2010/09/26 00:46:02 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscb.dll
[2010/09/26 00:46:02 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msshooks.dll
[2010/09/26 00:46:01 | 001,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\chsbrkr.dll
[2010/09/26 00:46:01 | 000,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\thawbrkr.dll
[2010/09/26 00:46:01 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msshsq.dll
[2010/09/26 00:46:01 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\offfilt.dll
[2010/09/26 00:46:01 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\korwbrkr.dll
[2010/09/26 00:46:01 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nlhtml.dll
[2010/09/26 00:46:01 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssitlb.dll
[2010/09/26 00:46:01 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\propdefs.dll
[2010/09/26 00:46:01 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msstrc.dll
[2010/09/26 00:46:01 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtffilt.dll
[2010/09/26 00:46:01 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssprxy.dll
[2010/09/26 00:46:00 | 006,103,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\chtbrkr.dll
[2010/09/26 00:46:00 | 001,582,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2010/09/26 00:46:00 | 001,418,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2010/09/26 00:46:00 | 000,670,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll
[2010/09/26 00:46:00 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll
[2010/09/26 00:46:00 | 000,203,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssphtb.dll
[2010/09/26 00:46:00 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll
[2010/09/26 00:46:00 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xmlfilter.dll
[2010/09/26 00:24:15 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\httpapi.dll
[2010/09/26 00:24:15 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshhttp.dll
[2010/09/26 00:16:30 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2010/09/26 00:16:30 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2010/09/26 00:16:30 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSDvbNP.ax
[2010/09/26 00:16:29 | 000,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2010/09/26 00:16:29 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2010/09/26 00:16:29 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2010/09/25 00:20:41 | 012,240,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\NlsLexicons0007.dll
[2010/09/25 00:20:40 | 002,644,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\NlsLexicons0009.dll
[2010/09/25 00:20:32 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\NaturalLanguage6.dll
[2010/09/25 00:09:41 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\kbd106n.dll
[2010/09/25 00:09:32 | 010,624,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2010/09/25 00:09:31 | 000,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\unregmp2.exe
[2010/09/25 00:09:30 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2010/09/25 00:09:23 | 001,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\connect.dll
[2010/09/25 00:09:21 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvfw32.dll
[2010/09/25 00:09:21 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avifil32.dll
[2010/09/25 00:09:21 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciavi32.dll
[2010/09/25 00:09:21 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avicap32.dll
[2010/09/25 00:09:14 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010/09/25 00:09:13 | 000,636,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\localspl.dll
[2010/09/25 00:09:10 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2010/09/25 00:09:08 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Apphlpdm.dll
[2010/09/25 00:09:07 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
[2010/09/25 00:09:03 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010/09/25 00:09:03 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2010/09/25 00:09:03 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2010/09/25 00:09:03 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dciman32.dll
[2010/09/25 00:09:01 | 000,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMSPDMOD.DLL
[2010/09/25 00:06:46 | 000,443,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2010/09/25 00:06:37 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vbscript.dll
[2010/09/25 00:06:36 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\raschap.dll
[2010/09/25 00:06:36 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rastls.dll
[2010/09/25 00:06:33 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\amxread.dll
[2010/09/25 00:06:33 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apilogen.dll
[2010/09/25 00:06:31 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll
[2010/09/25 00:06:30 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MP4SDECD.DLL
[2010/09/25 00:06:28 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll
[2010/09/25 00:06:21 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceApi.dll
[2010/09/25 00:06:18 | 002,066,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2010/09/25 00:06:16 | 000,272,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\polstore.dll
[2010/09/25 00:06:16 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winipsec.dll
[2010/09/25 00:06:16 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FwRemoteSvr.dll
[2010/09/25 00:06:15 | 000,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2010/09/25 00:06:11 | 000,183,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sdohlp.dll
[2010/09/25 00:06:11 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iasrecst.dll
[2010/09/25 00:06:11 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iasads.dll
[2010/09/25 00:06:11 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iasdatastore.dll
[2010/09/25 00:06:11 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iashost.exe
[2010/09/25 00:06:03 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2010/09/25 00:06:03 | 000,511,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2010/09/25 00:06:01 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2010/09/25 00:06:01 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2010/09/25 00:06:00 | 000,472,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2010/09/25 00:06:00 | 000,472,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2010/09/25 00:06:00 | 000,329,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdrm.dll
[2010/09/25 00:06:00 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2010/09/25 00:06:00 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2010/09/25 00:05:55 | 003,080,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010/09/25 00:05:55 | 002,927,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2010/09/25 00:05:50 | 002,386,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVCORE.DLL
[2010/09/25 00:05:49 | 002,868,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2010/09/25 00:05:44 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpeffects.dll
[2010/09/25 00:05:43 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scrobj.dll
[2010/09/25 00:05:43 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scrrun.dll
[2010/09/25 00:05:43 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshom.ocx
[2010/09/25 00:05:43 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cscript.exe
[2010/09/25 00:05:43 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshext.dll
[2010/09/25 00:05:38 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netiohlp.dll
[2010/09/25 00:05:37 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\NETSTAT.EXE
[2010/09/25 00:05:37 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ARP.EXE
[2010/09/25 00:05:37 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ROUTE.EXE
[2010/09/25 00:05:37 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2010/09/25 00:05:37 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRINFO.EXE
[2010/09/25 00:05:37 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\finger.exe
[2010/09/25 00:05:37 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TCPSVCS.EXE
[2010/09/25 00:05:37 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\HOSTNAME.EXE
[2010/09/25 00:04:59 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010/09/25 00:04:57 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2010/09/25 00:04:57 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2010/09/25 00:04:57 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/09/25 00:04:57 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2010/09/25 00:04:57 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/09/25 00:04:57 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2010/09/25 00:04:57 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010/09/25 00:04:56 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2010/09/25 00:04:56 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2010/09/25 00:04:56 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2010/09/25 00:04:35 | 000,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMNetMgr.dll
[2010/09/25 00:04:35 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\logagent.exe
[2010/09/25 00:04:29 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2010/09/25 00:04:28 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dataclen.dll
[2010/09/25 00:04:26 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshrm.dll
[2010/09/25 00:04:13 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\traffic.dll
[2010/09/25 00:04:13 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pacerprf.dll
[2010/09/25 00:04:13 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshqos.dll
[2010/09/25 00:03:50 | 000,562,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdtcprx.dll
[2010/09/25 00:03:50 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xolehlp.dll
[2010/09/25 00:03:49 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\SysWow64\l3codeca.acm
[2010/09/25 00:03:34 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Faultrep.dll
[2010/09/25 00:03:26 | 000,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpdxm.dll
[2010/09/25 00:03:26 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\spwmp.dll
[2010/09/25 00:03:25 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdxm.tlb
[2010/09/25 00:03:25 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\amcompat.tlb
[2010/09/25 00:03:25 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdxm.ocx
[2010/09/25 00:03:25 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxmasf.dll
[2010/09/24 23:57:31 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlansec.dll
[2010/09/24 23:57:31 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlanmsm.dll
[2010/09/24 23:57:31 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\L2SecHC.dll
[2010/09/24 23:51:37 | 000,575,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2010/09/24 23:51:37 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2010/09/24 23:51:37 | 000,035,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll
[2010/09/24 23:51:35 | 000,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2010/09/24 23:51:35 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2010/09/24 23:35:28 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2010/09/24 23:35:28 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe
[2010/09/24 23:35:28 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll
[2010/09/24 23:35:28 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll
[2010/09/24 23:34:19 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2010/09/22 22:23:12 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/09/22 22:19:05 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wintrust.dll
[2010/09/22 22:19:05 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cabview.dll
[2010/09/22 20:21:14 | 000,000,000 | ---D | C] -- C:\Users\Lenny\AppData\Roaming\SUPERAntiSpyware.com
[2010/09/22 20:21:14 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/09/22 20:21:10 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2010/09/22 20:21:08 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/09/21 21:18:44 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/09/21 21:18:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\Avg
[2010/09/21 21:04:14 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server
[2010/09/21 21:04:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Update
[2010/09/19 13:27:16 | 000,000,000 | ---D | C] -- C:\Users\Lenny\Desktop\Sandman Volume 1 - Preludes and Nocturnes
[2010/09/19 00:24:14 | 000,000,000 | ---D | C] -- C:\Users\Lenny\AppData\Local\AOL
[2010/09/19 00:24:14 | 000,000,000 | ---D | C] -- C:\Users\Lenny\AppData\Local\AIM
[2010/09/19 00:24:14 | 000,000,000 | ---D | C] -- C:\Users\Lenny\AppData\Roaming\acccore
[2010/09/19 00:24:11 | 000,000,000 | ---D | C] -- C:\ProgramData\AIM
[2010/09/19 00:24:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Software Update Utility
[2010/09/19 00:24:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AIM
[2010/09/19 00:24:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AOL
[2010/09/12 13:42:31 | 000,000,000 | ---D | C] -- C:\Wow ptr
[2010/09/07 00:39:01 | 000,000,000 | ---D | C] -- C:\Users\Lenny\Documents\Zombie Shooter 2 Demo Saves
[2010/09/03 22:22:05 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/09/03 22:22:04 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/09/03 22:22:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/09/03 22:22:04 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2010/09/03 22:21:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/09/03 22:20:23 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/09/03 22:20:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2009/08/13 13:05:56 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\dldtinpa.dll
[2009/08/13 13:05:55 | 000,647,168 | ---- | C] ( ) -- C:\Windows\SysWow64\dldtpmui.dll
[2009/08/13 13:05:55 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\dldtiesc.dll
[2009/08/13 13:05:53 | 000,843,776 | ---- | C] ( ) -- C:\Windows\SysWow64\dldtusb1.dll
[2009/08/13 13:05:52 | 001,105,920 | ---- | C] ( ) -- C:\Windows\SysWow64\dldtserv.dll
[2009/08/13 13:05:52 | 000,569,344 | ---- | C] ( ) -- C:\Windows\SysWow64\dldtlmpm.dll
[2009/08/13 13:05:52 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\dldtprox.dll
[2009/08/13 13:05:51 | 000,663,552 | ---- | C] ( ) -- C:\Windows\SysWow64\dldthbn3.dll
[2009/08/13 13:05:50 | 000,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\dldtcomc.dll
[2009/08/13 13:05:50 | 000,376,832 | ---- | C] ( ) -- C:\Windows\SysWow64\dldtcomm.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/01 18:45:48 | 007,077,888 | ---- | M] () -- C:\Users\Lenny\NTUSER.DAT
[2010/10/01 18:44:42 | 000,707,456 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/10/01 18:44:42 | 000,607,168 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/10/01 18:44:42 | 000,104,808 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/10/01 18:41:50 | 000,000,312 | ---- | M] () -- C:\Users\Lenny\Desktop\Curse Client.appref-ms
[2010/10/01 18:40:32 | 000,002,545 | ---- | M] () -- C:\Users\Lenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Z Cinema.lnk
[2010/10/01 18:39:08 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/01 18:39:08 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/01 18:39:05 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/10/01 18:39:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/01 18:37:14 | 000,524,288 | -HS- | M] () -- C:\Users\Lenny\NTUSER.DAT{be684c37-6c1f-11df-8b48-001fd08e81a0}.TMContainer00000000000000000001.regtrans-ms
[2010/10/01 18:37:14 | 000,065,536 | -HS- | M] () -- C:\Users\Lenny\NTUSER.DAT{be684c37-6c1f-11df-8b48-001fd08e81a0}.TM.blf
[2010/10/01 18:37:04 | 004,480,238 | -H-- | M] () -- C:\Users\Lenny\AppData\Local\IconCache.db
[2010/10/01 18:32:46 | 000,000,953 | ---- | M] () -- C:\Users\Lenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/10/01 18:32:39 | 000,000,773 | ---- | M] () -- C:\Users\Lenny\Desktop\NTREGOPT.lnk
[2010/10/01 18:32:39 | 000,000,754 | ---- | M] () -- C:\Users\Lenny\Desktop\ERUNT.lnk
[2010/10/01 17:56:59 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2368538248-2756442690-910610396-1000UA.job
[2010/10/01 17:20:45 | 065,541,492 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/10/01 10:56:59 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2368538248-2756442690-910610396-1000Core.job
[2010/10/01 09:31:21 | 000,000,434 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{EFC39D03-BA34-4662-A7BD-3342142D9CEE}.job
[2010/09/27 03:19:38 | 000,375,000 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/09/27 03:17:46 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\SmartDefrag.job
[2010/09/26 04:32:27 | 000,000,000 | ---- | M] () -- C:\Users\Lenny\defogger_reenable
[2010/09/26 04:08:05 | 000,100,856 | ---- | M] () -- C:\Users\Lenny\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/09/26 00:18:38 | 000,000,219 | ---- | M] () -- C:\Windows\win.ini
[2010/09/26 00:11:57 | 000,317,520 | ---- | M] () -- C:\Windows\SysNative\drivers\avgtdia.sys
[2010/09/26 00:11:57 | 000,035,536 | ---- | M] () -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2010/09/26 00:11:57 | 000,013,048 | ---- | M] () -- C:\Windows\SysNative\avgrssta.dll
[2010/09/26 00:11:55 | 000,269,904 | ---- | M] () -- C:\Windows\SysNative\drivers\avgldx64.sys
[2010/09/24 23:59:27 | 523,130,228 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/09/23 17:28:53 | 000,001,460 | ---- | M] () -- C:\Users\Lenny\AppData\Local\d3d9caps64.dat
[2010/09/22 22:33:33 | 000,240,640 | ---- | M] () -- C:\Users\Lenny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/22 20:21:10 | 000,001,766 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/09/21 21:18:43 | 000,001,699 | ---- | M] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2010/09/21 21:18:39 | 000,113,461 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\iavichjw.avm
[2010/09/21 21:18:38 | 006,061,540 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\avi7.avg
[2010/09/21 21:18:38 | 000,492,629 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\miniavi.avg
[2010/09/21 21:18:38 | 000,142,495 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\microavi.avg
[2010/09/19 13:15:07 | 000,002,255 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/09/19 00:24:14 | 000,000,374 | -H-- | M] () -- C:\IPH.PH
[2010/09/19 00:24:11 | 000,001,786 | ---- | M] () -- C:\Users\Lenny\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2010/09/19 00:24:11 | 000,001,762 | ---- | M] () -- C:\Users\Public\Desktop\AIM.lnk
[2010/09/16 05:15:05 | 000,000,713 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/01 18:32:46 | 000,000,953 | ---- | C] () -- C:\Users\Lenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/10/01 18:32:39 | 000,000,773 | ---- | C] () -- C:\Users\Lenny\Desktop\NTREGOPT.lnk
[2010/10/01 18:32:39 | 000,000,754 | ---- | C] () -- C:\Users\Lenny\Desktop\ERUNT.lnk
[2010/09/28 13:15:54 | 000,002,048 | ---- | C] () -- C:\Windows\SysNative\tzres.dll
[2010/09/26 18:53:16 | 000,442,368 | ---- | C] () -- C:\Windows\SysNative\winhttp.dll
[2010/09/26 18:53:10 | 000,975,360 | ---- | C] () -- C:\Windows\SysNative\inetcomm.dll
[2010/09/26 05:23:35 | 000,293,376 | ---- | C] () -- C:\Users\Lenny\Desktop\gmer.exe
[2010/09/26 04:32:27 | 000,000,000 | ---- | C] () -- C:\Users\Lenny\defogger_reenable
[2010/09/26 00:46:03 | 000,024,064 | ---- | C] () -- C:\Windows\SysNative\wsepno.dll
[2010/09/26 00:46:02 | 000,106,605 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2010/09/26 00:46:02 | 000,106,605 | ---- | C] () -- C:\Windows\SysNative\StructuredQuerySchema.bin
[2010/09/26 00:46:02 | 000,080,896 | ---- | C] () -- C:\Windows\SysNative\propdefs.dll
[2010/09/26 00:46:02 | 000,067,072 | ---- | C] () -- C:\Windows\SysNative\xmlfilter.dll
[2010/09/26 00:46:02 | 000,044,544 | ---- | C] () -- C:\Windows\SysNative\msscb.dll
[2010/09/26 00:46:02 | 000,043,008 | ---- | C] () -- C:\Windows\SysNative\rtffilt.dll
[2010/09/26 00:46:02 | 000,037,376 | ---- | C] () -- C:\Windows\SysNative\mimefilt.dll
[2010/09/26 00:46:02 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2010/09/26 00:46:02 | 000,018,904 | ---- | C] () -- C:\Windows\SysNative\StructuredQuerySchemaTrivial.bin
[2010/09/26 00:46:02 | 000,012,288 | ---- | C] () -- C:\Windows\SysNative\msshooks.dll
[2010/09/26 00:46:01 | 011,967,524 | ---- | C] () -- C:\Windows\SysWow64\korwbrkr.lex
[2010/09/26 00:46:01 | 011,967,524 | ---- | C] () -- C:\Windows\SysNative\korwbrkr.lex
[2010/09/26 00:46:01 | 001,676,800 | ---- | C] () -- C:\Windows\SysNative\chsbrkr.dll
[2010/09/26 00:46:01 | 000,921,088 | ---- | C] () -- C:\Windows\SysNative\propsys.dll
[2010/09/26 00:46:01 | 000,347,648 | ---- | C] () -- C:\Windows\SysNative\srchadmin.dll
[2010/09/26 00:46:01 | 000,317,440 | ---- | C] () -- C:\Windows\SysNative\thawbrkr.dll
[2010/09/26 00:46:01 | 000,316,928 | ---- | C] () -- C:\Windows\SysNative\msshsq.dll
[2010/09/26 00:46:01 | 000,280,064 | ---- | C] () -- C:\Windows\SysNative\offfilt.dll
[2010/09/26 00:46:01 | 000,181,248 | ---- | C] () -- C:\Windows\SysNative\nlhtml.dll
[2010/09/26 00:46:01 | 000,180,736 | ---- | C] () -- C:\Windows\SysNative\korwbrkr.dll
[2010/09/26 00:46:01 | 000,087,552 | ---- | C] () -- C:\Windows\SysNative\mssitlb.dll
[2010/09/26 00:46:01 | 000,040,448 | ---- | C] () -- C:\Windows\SysNative\mssprxy.dll
[2010/09/26 00:46:00 | 006,100,480 | ---- | C] () -- C:\Windows\SysNative\chtbrkr.dll
[2010/09/26 00:46:00 | 002,209,792 | ---- | C] () -- C:\Windows\SysNative\tquery.dll
[2010/09/26 00:46:00 | 002,176,512 | ---- | C] () -- C:\Windows\SysNative\mssrch.dll
[2010/09/26 00:46:00 | 000,796,672 | ---- | C] () -- C:\Windows\SysNative\mssvp.dll
[2010/09/26 00:46:00 | 000,598,016 | ---- | C] () -- C:\Windows\SysNative\SearchIndexer.exe
[2010/09/26 00:46:00 | 000,498,176 | ---- | C] () -- C:\Windows\SysNative\mssph.dll
[2010/09/26 00:46:00 | 000,312,832 | ---- | C] () -- C:\Windows\SysNative\mssphtb.dll
[2010/09/26 00:46:00 | 000,258,560 | ---- | C] () -- C:\Windows\SysNative\SearchProtocolHost.exe
[2010/09/26 00:46:00 | 000,112,128 | ---- | C] () -- C:\Windows\SysNative\SearchFilterHost.exe
[2010/09/26 00:46:00 | 000,078,848 | ---- | C] () -- C:\Windows\SysNative\msstrc.dll
[2010/09/26 00:46:00 | 000,073,728 | ---- | C] () -- C:\Windows\SysNative\msscntrs.dll
[2010/09/26 00:24:15 | 000,610,304 | ---- | C] () -- C:\Windows\SysNative\drivers\http.sys
[2010/09/26 00:24:15 | 000,033,792 | ---- | C] () -- C:\Windows\SysNative\httpapi.dll
[2010/09/26 00:24:15 | 000,032,768 | ---- | C] () -- C:\Windows\SysNative\nshhttp.dll
[2010/09/26 00:16:31 | 000,101,376 | ---- | C] () -- C:\Windows\SysNative\MSNP.ax
[2010/09/26 00:16:31 | 000,073,216 | ---- | C] () -- C:\Windows\SysNative\MSDvbNP.ax
[2010/09/26 00:16:30 | 000,227,328 | ---- | C] () -- C:\Windows\SysNative\mpg2splt.ax
[2010/09/26 00:16:29 | 000,558,592 | ---- | C] () -- C:\Windows\SysNative\EncDec.dll
[2010/09/26 00:16:29 | 000,375,808 | ---- | C] () -- C:\Windows\SysNative\psisdecd.dll
[2010/09/26 00:16:29 | 000,289,792 | ---- | C] () -- C:\Windows\SysNative\psisrndr.ax
[2010/09/26 00:11:57 | 000,013,048 | ---- | C] () -- C:\Windows\SysNative\avgrssta.dll
[2010/09/25 00:20:41 | 012,240,896 | ---- | C] () -- C:\Windows\SysNative\NlsLexicons0007.dll
[2010/09/25 00:20:40 | 002,644,480 | ---- | C] () -- C:\Windows\SysNative\NlsLexicons0009.dll
[2010/09/25 00:20:33 | 001,361,920 | ---- | C] () -- C:\Windows\SysNative\NaturalLanguage6.dll
[2010/09/25 00:09:41 | 000,474,624 | ---- | C] () -- C:\Windows\SysNative\srcore.dll
[2010/09/25 00:09:41 | 000,382,008 | ---- | C] () -- C:\Windows\SysNative\ci.dll
[2010/09/25 00:09:41 | 000,339,968 | ---- | C] () -- C:\Windows\SysNative\rstrui.exe
[2010/09/25 00:09:41 | 000,058,368 | ---- | C] () -- C:\Windows\SysNative\setbcdlocale.dll
[2010/09/25 00:09:41 | 000,046,592 | ---- | C] () -- C:\Windows\SysNative\srclient.dll
[2010/09/25 00:09:41 | 000,018,944 | ---- | C] () -- C:\Windows\SysNative\srdelayed.exe
[2010/09/25 00:09:41 | 000,007,680 | ---- | C] () -- C:\Windows\SysNative\kbd106n.dll
[2010/09/25 00:09:39 | 001,078,840 | ---- | C] () -- C:\Windows\SysNative\winload.efi
[2010/09/25 00:09:39 | 001,066,040 | ---- | C] () -- C:\Windows\SysNative\winload.exe
[2010/09/25 00:09:39 | 000,993,336 | ---- | C] () -- C:\Windows\SysNative\winresume.efi
[2010/09/25 00:09:39 | 000,982,584 | ---- | C] () -- C:\Windows\SysNative\winresume.exe
[2010/09/25 00:09:39 | 000,022,072 | ---- | C] () -- C:\Windows\SysNative\kd1394.dll
[2010/09/25 00:09:34 | 013,426,176 | ---- | C] () -- C:\Windows\SysNative\wmp.dll
[2010/09/25 00:09:32 | 000,372,736 | ---- | C] () -- C:\Windows\SysNative\unregmp2.exe
[2010/09/25 00:09:30 | 008,147,968 | ---- | C] () -- C:\Windows\SysNative\wmploc.DLL
[2010/09/25 00:09:24 | 001,420,176 | ---- | C] () -- C:\Windows\SysNative\drivers\tcpip.sys
[2010/09/25 00:09:23 | 001,691,648 | ---- | C] () -- C:\Windows\SysNative\connect.dll
[2010/09/25 00:09:21 | 000,143,360 | ---- | C] () -- C:\Windows\SysNative\msvfw32.dll
[2010/09/25 00:09:21 | 000,108,544 | ---- | C] () -- C:\Windows\SysNative\avifil32.dll
[2010/09/25 00:09:21 | 000,093,184 | ---- | C] () -- C:\Windows\SysNative\mciavi32.dll
[2010/09/25 00:09:21 | 000,076,800 | ---- | C] () -- C:\Windows\SysNative\avicap32.dll
[2010/09/25 00:09:21 | 000,054,272 | ---- | C] () -- C:\Windows\SysNative\iyuv_32.dll
[2010/09/25 00:09:21 | 000,038,400 | ---- | C] () -- C:\Windows\SysNative\msvidc32.dll
[2010/09/25 00:09:21 | 000,025,600 | ---- | C] () -- C:\Windows\SysNative\msyuv.dll
[2010/09/25 00:09:21 | 000,015,872 | ---- | C] () -- C:\Windows\SysNative\msrle32.dll
[2010/09/25 00:09:21 | 000,013,824 | ---- | C] () -- C:\Windows\SysNative\tsbyuv.dll
[2010/09/25 00:09:15 | 000,189,440 | ---- | C] () -- C:\Windows\SysNative\t2embed.dll
[2010/09/25 00:09:13 | 000,791,552 | ---- | C] () -- C:\Windows\SysNative\localspl.dll
[2010/09/25 00:09:10 | 000,817,664 | ---- | C] () -- C:\Windows\SysNative\jscript.dll
[2010/09/25 00:09:07 | 004,240,384 | ---- | C] () -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2010/09/25 00:09:07 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\Apphlpdm.dll
[2010/09/25 00:09:03 | 000,366,080 | ---- | C] () -- C:\Windows\SysNative\atmfd.dll
[2010/09/25 00:09:03 | 000,096,256 | ---- | C] () -- C:\Windows\SysNative\fontsub.dll
[2010/09/25 00:09:03 | 000,048,128 | ---- | C] () -- C:\Windows\SysNative\atmlib.dll
[2010/09/25 00:09:02 | 001,280,512 | ---- | C] () -- C:\Windows\SysNative\rpcrt4.dll
[2010/09/25 00:09:01 | 000,818,688 | ---- | C] () -- C:\Windows\SysNative\WMSPDMOD.DLL
[2010/09/25 00:07:27 | 000,656,384 | ---- | C] () -- C:\Windows\SysNative\kerberos.dll
[2010/09/25 00:07:24 | 000,437,248 | ---- | C] () -- C:\Windows\SysNative\WSDApi.dll
[2010/09/25 00:06:48 | 012,898,304 | ---- | C] () -- C:\Windows\SysNative\shell32.dll
[2010/09/25 00:06:46 | 000,660,480 | ---- | C] () -- C:\Windows\SysNative\win32spl.dll
[2010/09/25 00:06:45 | 000,084,480 | ---- | C] () -- C:\Windows\SysNative\asycfilt.dll
[2010/09/25 00:06:42 | 000,273,920 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb10.sys
[2010/09/25 00:06:42 | 000,135,168 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb.sys
[2010/09/25 00:06:41 | 000,105,472 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb20.sys
[2010/09/25 00:06:40 | 000,462,848 | ---- | C] () -- C:\Windows\SysNative\drivers\srv.sys
[2010/09/25 00:06:40 | 000,174,592 | ---- | C] () -- C:\Windows\SysNative\drivers\srv2.sys
[2010/09/25 00:06:39 | 002,749,952 | ---- | C] () -- C:\Windows\SysNative\win32k.sys
[2010/09/25 00:06:37 | 000,612,864 | ---- | C] () -- C:\Windows\SysNative\vbscript.dll
[2010/09/25 00:06:36 | 000,295,936 | ---- | C] () -- C:\Windows\SysNative\raschap.dll
[2010/09/25 00:06:36 | 000,280,576 | ---- | C] () -- C:\Windows\SysNative\rastls.dll
[2010/09/25 00:06:34 | 001,208,832 | ---- | C] () -- C:\Windows\SysNative\kernel32.dll
[2010/09/25 00:06:33 | 000,025,600 | ---- | C] () -- C:\Windows\SysNative\amxread.dll
[2010/09/25 00:06:33 | 000,015,872 | ---- | C] () -- C:\Windows\SysNative\apilogen.dll
[2010/09/25 00:06:32 | 000,388,608 | ---- | C] () -- C:\Windows\SysNative\gdi32.dll
[2010/09/25 00:06:31 | 000,050,688 | ---- | C] () -- C:\Windows\SysNative\rtutils.dll
[2010/09/25 00:06:30 | 000,295,424 | ---- | C] () -- C:\Windows\SysNative\MP4SDECD.DLL
[2010/09/25 00:06:29 | 000,267,776 | ---- | C] () -- C:\Windows\SysNative\spoolsv.exe
[2010/09/25 00:06:27 | 001,729,024 | ---- | C] () -- C:\Windows\SysNative\msxml6.dll
[2010/09/25 00:06:22 | 004,690,832 | ---- | C] () -- C:\Windows\SysNative\ntoskrnl.exe
[2010/09/25 00:06:21 | 000,324,608 | ---- | C] () -- C:\Windows\SysNative\PortableDeviceApi.dll
[2010/09/25 00:06:20 | 000,361,984 | ---- | C] () -- C:\Windows\SysNative\es.dll
[2010/09/25 00:06:18 | 002,423,296 | ---- | C] () -- C:\Windows\SysNative\mstscax.dll
[2010/09/25 00:06:16 | 000,531,456 | ---- | C] () -- C:\Windows\SysNative\IPSECSVC.DLL
[2010/09/25 00:06:15 | 000,880,640 | ---- | C] () -- C:\Windows\SysNative\timedate.cpl
[2010/09/25 00:06:12 | 001,030,656 | ---- | C] () -- C:\Windows\SysNative\printfilterpipelinesvc.exe
[2010/09/25 00:06:12 | 000,718,336 | ---- | C] () -- C:\Windows\SysNative\rpcss.dll
[2010/09/25 00:06:11 | 000,231,424 | ---- | C] () -- C:\Windows\SysNative\sdohlp.dll
[2010/09/25 00:06:11 | 000,163,840 | ---- | C] () -- C:\Windows\SysNative\iasrecst.dll
[2010/09/25 00:06:11 | 000,075,776 | ---- | C] () -- C:\Windows\SysNative\iasads.dll
[2010/09/25 00:06:11 | 000,061,440 | ---- | C] () -- C:\Windows\SysNative\iasdatastore.dll
[2010/09/25 00:06:11 | 000,036,352 | ---- | C] () -- C:\Windows\SysNative\printfilterpipelineprxy.dll
[2010/09/25 00:06:11 | 000,024,576 | ---- | C] () -- C:\Windows\SysNative\iashost.exe
[2010/09/25 00:06:05 | 000,594,432 | ---- | C] () -- C:\Windows\SysNative\RMActivate.exe
[2010/09/25 00:06:04 | 000,594,944 | ---- | C] () -- C:\Windows\SysNative\RMActivate_isv.exe
[2010/09/25 00:06:01 | 000,535,040 | ---- | C] () -- C:\Windows\SysNative\secproc.dll
[2010/09/25 00:06:01 | 000,534,016 | ---- | C] () -- C:\Windows\SysNative\secproc_isv.dll
[2010/09/25 00:06:01 | 000,413,696 | ---- | C] () -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2010/09/25 00:06:01 | 000,409,600 | ---- | C] () -- C:\Windows\SysNative\RMActivate_ssp.exe
[2010/09/25 00:06:00 | 000,457,216 | ---- | C] () -- C:\Windows\SysNative\msdrm.dll
[2010/09/25 00:06:00 | 000,159,232 | ---- | C] () -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2010/09/25 00:06:00 | 000,158,720 | ---- | C] () -- C:\Windows\SysNative\secproc_ssp.dll
[2010/09/25 00:05:50 | 003,547,136 | ---- | C] () -- C:\Windows\SysNative\mf.dll
[2010/09/25 00:05:50 | 002,900,480 | ---- | C] () -- C:\Windows\SysNative\WMVCORE.DLL
[2010/09/25 00:05:47 | 001,692,160 | ---- | C] () -- C:\Windows\SysNative\lsasrv.dll
[2010/09/25 00:05:47 | 000,515,656 | ---- | C] () -- C:\Windows\SysNative\drivers\ksecdd.sys
[2010/09/25 00:05:47 | 000,268,800 | ---- | C] () -- C:\Windows\SysNative\msv1_0.dll
[2010/09/25 00:05:47 | 000,205,312 | ---- | C] () -- C:\Windows\SysNative\wdigest.dll
[2010/09/25 00:05:47 | 000,094,720 | ---- | C] () -- C:\Windows\SysNative\secur32.dll
[2010/09/25 00:05:47 | 000,011,264 | ---- | C] () -- C:\Windows\SysNative\lsass.exe
[2010/09/25 00:05:45 | 000,088,576 | ---- | C] () -- C:\Windows\SysNative\atl.dll
[2010/09/25 00:05:44 | 000,557,056 | ---- | C] () -- C:\Windows\SysNative\wmpeffects.dll
[2010/09/25 00:05:43 | 000,227,328 | ---- | C] () -- C:\Windows\SysNative\scrobj.dll
[2010/09/25 00:05:43 | 000,197,632 | ---- | C] () -- C:\Windows\SysNative\scrrun.dll
[2010/09/25 00:05:43 | 000,166,912 | ---- | C] () -- C:\Windows\SysNative\wscript.exe
[2010/09/25 00:05:43 | 000,147,968 | ---- | C] () -- C:\Windows\SysNative\cscript.exe
[2010/09/25 00:05:43 | 000,144,384 | ---- | C] () -- C:\Windows\SysNative\wshom.ocx
[2010/09/25 00:05:43 | 000,101,888 | ---- | C] () -- C:\Windows\SysNative\wshext.dll
[2010/09/25 00:05:38 | 000,141,312 | ---- | C] () -- C:\Windows\SysNative\netiohlp.dll
[2010/09/25 00:05:37 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\NETSTAT.EXE
[2010/09/25 00:05:37 | 000,023,040 | ---- | C] () -- C:\Windows\SysNative\ARP.EXE
[2010/09/25 00:05:37 | 000,021,504 | ---- | C] () -- C:\Windows\SysNative\ROUTE.EXE
[2010/09/25 00:05:37 | 000,017,920 | ---- | C] () -- C:\Windows\SysNative\netevent.dll
[2010/09/25 00:05:37 | 000,012,800 | ---- | C] () -- C:\Windows\SysNative\MRINFO.EXE
[2010/09/25 00:05:37 | 000,011,264 | ---- | C] () -- C:\Windows\SysNative\finger.exe
[2010/09/25 00:05:37 | 000,010,752 | ---- | C] () -- C:\Windows\SysNative\TCPSVCS.EXE
[2010/09/25 00:05:37 | 000,010,240 | ---- | C] () -- C:\Windows\SysNative\HOSTNAME.EXE
[2010/09/25 00:04:58 | 012,473,344 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2010/09/25 00:04:58 | 009,250,816 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2010/09/25 00:04:57 | 002,335,744 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2010/09/25 00:04:57 | 001,487,360 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2010/09/25 00:04:57 | 001,147,904 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2010/09/25 00:04:57 | 000,459,776 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2010/09/25 00:04:56 | 001,638,912 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2010/09/25 00:04:56 | 001,538,560 | ---- | C] () -- C:\Windows\SysNative\inetcpl.cpl
[2010/09/25 00:04:56 | 001,062,912 | ---- | C] () -- C:\Windows\SysNative\mstime.dll
[2010/09/25 00:04:56 | 000,706,048 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2010/09/25 00:04:56 | 000,252,416 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
[2010/09/25 00:04:56 | 000,243,712 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2010/09/25 00:04:56 | 000,219,136 | ---- | C] () -- C:\Windows\SysNative\ieui.dll
[2010/09/25 00:04:56 | 000,162,816 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe
[2010/09/25 00:04:56 | 000,132,096 | ---- | C] () -- C:\Windows\SysNative\iesysprep.dll
[2010/09/25 00:04:56 | 000,077,312 | ---- | C] () -- C:\Windows\SysNative\iesetup.dll
[2010/09/25 00:04:56 | 000,072,192 | ---- | C] () -- C:\Windows\SysNative\iernonce.dll
[2010/09/25 00:04:56 | 000,071,680 | ---- | C] () -- C:\Windows\SysNative\msfeedsbs.dll
[2010/09/25 00:04:56 | 000,070,656 | ---- | C] () -- C:\Windows\SysNative\ie4uinit.exe
[2010/09/25 00:04:56 | 000,057,667 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2010/09/25 00:04:56 | 000,057,667 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2010/09/25 00:04:56 | 000,031,744 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2010/09/25 00:04:56 | 000,012,288 | ---- | C] () -- C:\Windows\SysNative\msfeedssync.exe
[2010/09/25 00:04:35 | 001,245,184 | ---- | C] () -- C:\Windows\SysNative\WMNetMgr.dll
[2010/09/25 00:04:35 | 000,112,640 | ---- | C] () -- C:\Windows\SysNative\logagent.exe
[2010/09/25 00:04:32 | 001,875,456 | ---- | C] () -- C:\Windows\SysNative\msxml3.dll
[2010/09/25 00:04:29 | 001,570,816 | ---- | C] () -- C:\Windows\SysNative\quartz.dll
[2010/09/25 00:04:28 | 000,883,200 | ---- | C] () -- C:\Windows\SysNative\drivers\dxgkrnl.sys
[2010/09/25 00:04:28 | 000,399,872 | ---- | C] () -- C:\Windows\SysNative\emdmgmt.dll
[2010/09/25 00:04:28 | 000,187,392 | ---- | C] () -- C:\Windows\SysNative\drivers\nwifi.sys
[2010/09/25 00:04:28 | 000,048,640 | ---- | C] () -- C:\Windows\SysNative\dataclen.dll
[2010/09/25 00:04:28 | 000,047,104 | ---- | C] () -- C:\Windows\SysNative\cdd.dll
[2010/09/25 00:04:26 | 000,140,288 | ---- | C] () -- C:\Windows\SysNative\drivers\rmcast.sys
[2010/09/25 00:04:26 | 000,017,408 | ---- | C] () -- C:\Windows\SysNative\wshrm.dll
[2010/09/25 00:04:25 | 000,082,944 | ---- | C] () -- C:\Windows\SysNative\msasn1.dll
[2010/09/25 00:04:13 | 000,094,208 | ---- | C] () -- C:\Windows\SysNative\drivers\pacer.sys
[2010/09/25 00:04:13 | 000,039,424 | ---- | C] () -- C:\Windows\SysNative\traffic.dll
[2010/09/25 00:04:13 | 000,017,920 | ---- | C] () -- C:\Windows\SysNative\pacerprf.dll
[2010/09/25 00:04:13 | 000,016,896 | ---- | C] () -- C:\Windows\SysNative\wshqos.dll
[2010/09/25 00:04:10 | 000,202,752 | ---- | C] () -- C:\Windows\SysNative\wkssvc.dll
[2010/09/25 00:03:50 | 000,730,112 | ---- | C] () -- C:\Windows\SysNative\msdtcprx.dll
[2010/09/25 00:03:50 | 000,048,640 | ---- | C] () -- C:\Windows\SysNative\xolehlp.dll
[2010/09/25 00:03:49 | 000,072,192 | ---- | C] () -- C:\Windows\SysNative\l3codeca.acm
[2010/09/25 00:03:47 | 000,622,080 | ---- | C] () -- C:\Windows\SysNative\usp10.dll
[2010/09/25 00:03:34 | 000,176,640 | ---- | C] () -- C:\Windows\SysNative\Faultrep.dll
[2010/09/25 00:03:34 | 000,120,832 | ---- | C] () -- C:\Windows\SysNative\wersvc.dll
[2010/09/25 00:03:33 | 000,343,040 | ---- | C] () -- C:\Windows\SysNative\schannel.dll
[2010/09/25 00:03:26 | 000,368,128 | ---- | C] () -- C:\Windows\SysNative\wmpdxm.dll
[2010/09/25 00:03:26 | 000,009,216 | ---- | C] () -- C:\Windows\SysNative\spwmp.dll
[2010/09/25 00:03:26 | 000,005,120 | ---- | C] () -- C:\Windows\SysNative\msdxm.ocx
[2010/09/25 00:03:26 | 000,005,120 | ---- | C] () -- C:\Windows\SysNative\dxmasf.dll
[2010/09/25 00:03:25 | 000,043,520 | ---- | C] () -- C:\Windows\SysNative\msdxm.tlb
[2010/09/25 00:03:25 | 000,018,432 | ---- | C] () -- C:\Windows\SysNative\amcompat.tlb
[2010/09/24 23:57:31 | 002,608,803 | ---- | C] () -- C:\Windows\SysNative\wlan.tmf
[2010/09/24 23:57:31 | 000,615,936 | ---- | C] () -- C:\Windows\SysNative\wlansvc.dll
[2010/09/24 23:57:31 | 000,376,832 | ---- | C] () -- C:\Windows\SysNative\wlansec.dll
[2010/09/24 23:57:31 | 000,353,280 | ---- | C] () -- C:\Windows\SysNative\wlanmsm.dll
[2010/09/24 23:57:31 | 000,157,184 | ---- | C] () -- C:\Windows\SysNative\L2SecHC.dll
[2010/09/24 23:57:31 | 000,097,792 | ---- | C] () -- C:\Windows\SysNative\wlanhlp.dll
[2010/09/24 23:57:30 | 000,086,528 | ---- | C] () -- C:\Windows\SysNative\wlanapi.dll
[2010/09/24 23:51:41 | 002,621,440 | ---- | C] () -- C:\Windows\SysNative\wucltux.dll
[2010/09/24 23:51:41 | 002,424,024 | ---- | C] () -- C:\Windows\SysNative\wuaueng.dll
[2010/09/24 23:51:41 | 000,057,560 | ---- | C] () -- C:\Windows\SysNative\wuauclt.exe
[2010/09/24 23:51:41 | 000,043,744 | ---- | C] () -- C:\Windows\SysNative\wups2.dll
[2010/09/24 23:51:37 | 000,700,640 | ---- | C] () -- C:\Windows\SysNative\wuapi.dll
[2010/09/24 23:51:37 | 000,098,816 | ---- | C] () -- C:\Windows\SysNative\wudriver.dll
[2010/09/24 23:51:37 | 000,038,112 | ---- | C] () -- C:\Windows\SysNative\wups.dll
[2010/09/24 23:51:35 | 000,185,416 | ---- | C] () -- C:\Windows\SysNative\wuwebv.dll
[2010/09/24 23:51:35 | 000,036,864 | ---- | C] () -- C:\Windows\SysNative\wuapp.exe
[2010/09/24 23:35:28 | 001,942,856 | ---- | C] () -- C:\Windows\SysNative\dfshim.dll
[2010/09/24 23:35:28 | 000,444,752 | ---- | C] () -- C:\Windows\SysNative\mscoree.dll
[2010/09/24 23:35:28 | 000,320,352 | ---- | C] () -- C:\Windows\SysNative\PresentationHost.exe
[2010/09/24 23:35:28 | 000,109,912 | ---- | C] () -- C:\Windows\SysNative\PresentationHostProxy.dll
[2010/09/24 23:35:28 | 000,048,960 | ---- | C] () -- C:\Windows\SysNative\netfxperf.dll
[2010/09/22 22:19:05 | 000,218,112 | ---- | C] () -- C:\Windows\SysNative\wintrust.dll
[2010/09/22 22:19:05 | 000,104,960 | ---- | C] () -- C:\Windows\SysNative\cabview.dll
[2010/09/22 20:21:10 | 000,001,766 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/09/21 21:18:43 | 000,317,520 | ---- | C] () -- C:\Windows\SysNative\drivers\avgtdia.sys
[2010/09/21 21:18:43 | 000,001,699 | ---- | C] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2010/09/21 21:18:39 | 000,269,904 | ---- | C] () -- C:\Windows\SysNative\drivers\avgldx64.sys
[2010/09/21 21:18:39 | 000,113,461 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\iavichjw.avm
[2010/09/21 21:18:39 | 000,035,536 | ---- | C] () -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2010/09/21 21:18:38 | 065,541,492 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/09/21 21:18:38 | 006,061,540 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\avi7.avg
[2010/09/21 21:18:38 | 000,492,629 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\miniavi.avg
[2010/09/21 21:18:38 | 000,142,495 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\microavi.avg
[2010/09/19 00:24:11 | 000,001,786 | ---- | C] () -- C:\Users\Lenny\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2010/09/19 00:24:11 | 000,001,762 | ---- | C] () -- C:\Users\Public\Desktop\AIM.lnk
[2010/09/19 00:23:53 | 000,000,374 | -H-- | C] () -- C:\IPH.PH
[2010/09/06 19:33:42 | 000,411,276 | ---- | C] () -- C:\Users\Lenny\AppData\Local\dd_vcredistMSI2C03.txt
[2010/09/06 19:33:42 | 000,011,414 | ---- | C] () -- C:\Users\Lenny\AppData\Local\dd_vcredistUI2C03.txt
[2010/09/03 22:22:12 | 000,002,255 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/07/10 03:45:58 | 000,708,868 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/06/23 19:29:39 | 000,014,976 | ---- | C] () -- C:\Windows\SysWow64\drivers\SBKUPNT.SYS
[2010/06/23 19:28:56 | 000,002,799 | ---- | C] () -- C:\Windows\SKLANG.INI
[2010/04/06 11:15:21 | 000,000,680 | ---- | C] () -- C:\Users\Lenny\AppData\Local\d3d9caps.dat
[2010/04/03 15:04:50 | 000,419,010 | ---- | C] () -- C:\Users\Lenny\AppData\Local\dd_vcredistMSI4178.txt
[2010/04/03 15:04:49 | 000,011,486 | ---- | C] () -- C:\Users\Lenny\AppData\Local\dd_vcredistUI4178.txt
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009/10/28 21:26:36 | 000,453,370 | ---- | C] () -- C:\Users\Lenny\AppData\Local\dd_vcredistMSI7ACC.txt
[2009/10/28 21:26:36 | 000,011,428 | ---- | C] () -- C:\Users\Lenny\AppData\Local\dd_vcredistUI7ACC.txt
[2009/09/30 15:07:44 | 002,466,534 | ---- | C] () -- C:\Users\Lenny\AppData\Local\dd_NET_Framework35_x64_MSI4D19.txt
[2009/09/30 14:59:23 | 000,200,326 | ---- | C] () -- C:\Users\Lenny\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
[2009/09/30 14:59:08 | 000,191,964 | ---- | C] () -- C:\Users\Lenny\AppData\Local\dd_dotnetfx35install.txt
[2009/09/30 14:59:08 | 000,002,690 | ---- | C] () -- C:\Users\Lenny\AppData\Local\uxeventlog.txt
[2009/09/30 14:59:08 | 000,000,002 | ---- | C] () -- C:\Users\Lenny\AppData\Local\dd_dotnetfx35error.txt
[2009/08/29 22:21:15 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2009/08/29 22:21:15 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2009/08/29 22:21:15 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2009/08/13 13:05:56 | 000,348,160 | ---- | C] () -- C:\Windows\SysWow64\DLDTinst.dll
[2009/08/13 13:05:56 | 000,335,872 | ---- | C] () -- C:\Windows\SysWow64\dldtcomx.dll
[2009/08/13 13:05:55 | 000,520,192 | ---- | C] () -- C:\Windows\SysWow64\dldtutil.dll
[2009/08/13 13:05:55 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\dldtjswr.dll
[2009/08/13 13:05:55 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\dldtinsr.dll
[2009/08/13 13:05:55 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\dldtcur.dll
[2009/08/13 13:05:54 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\dldtinsb.dll
[2009/08/13 13:05:54 | 000,176,128 | ---- | C] () -- C:\Windows\SysWow64\dldtins.dll
[2009/08/13 13:05:53 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\dldtcub.dll
[2009/08/13 13:05:53 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\dldtcu.dll
[2009/05/19 21:29:24 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2009/04/12 00:45:35 | 000,240,640 | ---- | C] () -- C:\Users\Lenny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/11 15:36:34 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2009/04/11 15:29:20 | 000,001,460 | ---- | C] () -- C:\Users\Lenny\AppData\Local\d3d9caps64.dat
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008/02/21 15:41:23 | 000,782,336 | ---- | C] () -- C:\Windows\SysWow64\dldtdrs.dll
[2008/02/19 17:25:56 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\dldtcaps.dll
[2008/01/22 02:05:12 | 000,077,906 | ---- | C] () -- C:\Windows\SysWow64\dldtcfg.dll
[2008/01/20 21:49:10 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 21:48:56 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2007/11/13 19:13:10 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\dldtcnv4.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:D1B5B4F1
< End of report >



#6 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:24 PM

Posted 02 October 2010 - 11:00 AM

Hello, s14lenny.

How is it running now? No DLL errors on startup?



Step 1

Next, we need to update Java.
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 21 and save it to your desktop.
  • Scroll down to where it says "JDK 6 Update 21 (JDK or JRE)...allows end-users to run Java applications".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) or Java™ in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u21-windows-i586-p.exe to install the newest version.



Step 2

Please pull anything out of the recycle bin that you want to save. Part of this fix will empty temp files, and that does include the recycle bin.

Please download TFC by OldTimer and save it to your desktop.
alternate download link

  • Save any unsaved work. TFC will close ALL open programs including your browser!
  • Double-click on TFC.exe to run it. If you are using Vista or Windows 7, right-click on the file and choose Run As Administrator.
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.




Step 3

Please go to the Kaspersky website and perform an online antivirus scan.
  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    Spyware, Adware, Dialers, and other potentially dangerous programs
    Archives
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply.

Note: Kaspersky online scan may take time to complete, please be patient.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#7 s14lenny

s14lenny
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:10:24 AM

Posted 02 October 2010 - 09:54 PM

Sorry, but i can't do step three because i already have an anti-virus installed. Should I uninstall AVG and go with Kapersky? I've already done steps 1 and 2. Oh and no, the RunDLL errors don't show up anymore.

#8 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:24 PM

Posted 03 October 2010 - 06:06 AM

No need to uninstall AVG and switch to Kapersky. This is just an online scan for a second opinion. Always good to get an extra opinion versus me just looking at the logs. The logs don't always have everything.

For this, you can disable AVG. Open AVG from the icon in your system tray (by the clock). Double click the "resident shield". Uncheck the 'residential shield active' and click 'save settings'. Then run Kapersky. When complete, do the same but CHECK the 'residential shield active' to enable AVG. Don't do anything in the interim such as email, websurf, etc., until you reactivate AVG. I'd run this overnight. It can take some time.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#9 s14lenny

s14lenny
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:10:24 AM

Posted 03 October 2010 - 09:10 PM

okay, did the scan and save the log. Here it is:

KASPERSKY ONLINE SCANNER 7.0: scan report
Sunday, October 3, 2010
Operating system: Microsoft Windows Vista Ultimate Edition, 64-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Sunday, October 03, 2010 13:23:58
Records in database: 4282816
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: no

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\

Scan statistics:
Objects scanned: 254847
Threats found: 2
Infected objects found: 4
Suspicious objects found: 0
Scan duration: 02:10:16


File name / Threat / Threats count
C:\Program Files (x86)\Mozilla Firefox\searchplugins\google_search.xml Infected: Trojan.Win32.Clicker.hd 1
C:\Users\Lenny\Downloads\mirc635.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.g 1
D:\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.g 1
D:\mirc635.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.g 1

Selected area has been scanned.

#10 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:24 PM

Posted 04 October 2010 - 05:59 PM

Hello, s14lenny.
OK, one more file to take care of. We'll also update Adobe Reader.



Step 1

Your Adobe Reader software is out of date and has known security holes. Please launch it, go to Help --> Check for Updates and let it update the main program if needed. Updates the languages and/or dictionaries is optional.



Step 2

We need run an OTL Script
  1. Please download OTL from one of the following mirrors if you do not still have it.
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Paste the following code under the Custom Scans/Fixes box at the bottom. Do not include the word "Code".
    CODE
    :files
    C:\Program Files (x86)\Mozilla Firefox\searchplugins\google_search.xml
  5. Click the Run Fix button at the top.
  6. let the program run unhindered and reboot when it is done.
  7. You will get a log when it is done, please post that in your reply.
  8. Please then create a new OTL report....
  9. Click the "Scan All Users" checkbox.
  10. Push the button.
  11. A report will open, copy and paste it in a reply here.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#11 s14lenny

s14lenny
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:10:24 AM

Posted 08 October 2010 - 09:22 PM

OTL logfile created on: 10/6/2010 7:49:20 PM - Run 3
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Lenny\Downloads
64bit-Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 56.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279.46 Gb Total Space | 130.58 Gb Free Space | 46.73% Space Free | Partition Type: NTFS
Drive D: | 149.05 Gb Total Space | 122.27 Gb Free Space | 82.04% Space Free | Partition Type: NTFS
Drive E: | 931.39 Gb Total Space | 499.48 Gb Free Space | 53.63% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 931.51 Gb Total Space | 931.37 Gb Free Space | 99.98% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: UNKNOWN
Current User Name: Lenny
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/10/04 09:37:22 | 002,067,808 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgtray.exe
PRC - [2010/09/30 18:31:48 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Lenny\Downloads\OTL.exe
PRC - [2010/09/26 00:11:56 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
PRC - [2010/08/24 21:35:37 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/07/04 19:47:41 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\DNA\btdna.exe
PRC - [2008/06/24 01:27:40 | 000,025,840 | ---- | M] () -- C:\Program Files (x86)\Dell V305\dldtmsdmon.exe
PRC - [2008/06/24 01:26:16 | 000,668,912 | ---- | M] () -- C:\Program Files (x86)\Dell V305\dldtmon.exe


========== Modules (SafeList) ==========

MOD - [2010/09/30 18:31:48 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Lenny\Downloads\OTL.exe
MOD - [2008/01/20 21:49:08 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2008/01/20 21:47:14 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/06/29 12:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2009/07/09 18:48:34 | 001,044,648 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\dldtcoms.exe -- (dldt_device)
SRV:64bit: - [2009/07/09 18:48:28 | 000,033,448 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\dldtserv.exe -- (dldtCATSCustConnectService)
SRV:64bit: - [2008/01/20 21:51:22 | 000,252,928 | ---- | M] () [On_Demand | Running] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2008/01/20 21:51:03 | 000,598,016 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2008/01/20 21:50:23 | 000,195,584 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2008/01/20 21:46:39 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/09/26 00:11:56 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/07/02 12:05:18 | 000,395,048 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/03/18 14:27:14 | 001,020,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/08 20:33:26 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- c:\Program Files (x86)\Steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2008/02/25 11:38:12 | 000,595,184 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\dldtcoms.exe -- (dldt_device)
SRV - [2008/01/20 21:46:08 | 000,428,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/20 21:46:08 | 000,211,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/09/26 00:11:57 | 000,317,520 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgtdia.sys -- (AvgTdiA)
DRV:64bit: - [2010/09/26 00:11:57 | 000,035,536 | ---- | M] () [File_System | System | Running] -- C:\Windows\SysNative\Drivers\avgmfx64.sys -- (AvgMfx64)
DRV:64bit: - [2010/09/26 00:11:55 | 000,269,904 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgldx64.sys -- (AvgLdx64)
DRV:64bit: - [2010/04/19 20:47:42 | 000,050,688 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/02/17 13:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 13:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2009/10/22 15:10:30 | 000,069,320 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2009/10/22 15:09:12 | 000,084,808 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/02/14 01:56:14 | 000,160,768 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/01/20 21:51:03 | 000,460,800 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2008/01/20 21:46:34 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/01/20 21:46:00 | 000,019,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2007/08/22 15:26:32 | 000,021,648 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZCinema_SRS_amd64.sys -- (ZCinema_TSHD_x64)
DRV:64bit: - [2006/09/18 16:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV - [2009/08/27 18:58:31 | 000,020,544 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2007/02/07 13:27:46 | 000,014,104 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2368538248-2756442690-910610396-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKU\S-1-5-21-2368538248-2756442690-910610396-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.live.com [binary data]
IE - HKU\S-1-5-21-2368538248-2756442690-910610396-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
IE - HKU\S-1-5-21-2368538248-2756442690-910610396-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2368538248-2756442690-910610396-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKU\S-1-5-21-2368538248-2756442690-910610396-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2368538248-2756442690-910610396-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2368538248-2756442690-910610396-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig?hl=en"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/10/03 18:02:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/05 22:34:43 | 000,000,000 | ---D | M]

[2010/10/03 18:02:34 | 000,000,000 | ---D | M] -- C:\Users\Lenny\AppData\Roaming\Mozilla\Extensions
[2010/10/05 18:39:18 | 000,000,000 | ---D | M] -- C:\Users\Lenny\AppData\Roaming\Mozilla\Firefox\Profiles\oge6bcyq.default\extensions
[2010/10/05 18:39:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Lenny\AppData\Roaming\Mozilla\Firefox\Profiles\oge6bcyq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/03 22:22:50 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Lenny\AppData\Roaming\Mozilla\Firefox\Profiles\oge6bcyq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/10/05 18:39:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2008/09/03 19:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npbittorrent.dll

O1 HOSTS File: ([2010/04/25 14:34:24 | 000,392,729 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 13565 more lines...
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O4:64bit: - HKLM..\Run: [dldtamon] C:\Program Files (x86)\Dell V305\dldtamon.exe ()
O4:64bit: - HKLM..\Run: [dldtmon.exe] C:\Program Files (x86)\Dell V305\dldtmon.exe ()
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL ()
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.DLL ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2368538248-2756442690-910610396-1000..\Run: [BitTorrent DNA] C:\Program Files (x86)\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-2368538248-2756442690-910610396-1000..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-2368538248-2756442690-910610396-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\Lenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: C:\Users\Lenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\Lenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Z Cinema.lnk = C:\Users\Lenny\AppData\Roaming\Microsoft\Installer\{6E166235-49F3-4DFA-A102-1E86675ABD11}\StartupShortcut_6E16623549F34DFAA1021E86675ABD11.exe (Macrovision Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-2368538248-2756442690-910610396-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.9.113.cab (CDownloadCtrl Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} https://ediagnostics.lexmark.com/serval.cab (Lexmark eDiagnostics Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.2
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-2368538248-2756442690-910610396-1000 Winlogon: Shell - (EXPLORER.EXE) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{c44d4d3f-9d8a-11df-833a-001fd08e81a0}\Shell\AutoRun\command - "" = H:\Installer.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/05 22:34:37 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/10/02 15:05:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/10/02 15:05:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/10/02 15:05:28 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/10/02 15:05:28 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/10/02 15:05:28 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/10/02 15:05:28 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/10/01 18:54:43 | 000,000,000 | ---D | C] -- C:\Users\Lenny\AppData\Roaming\Malwarebytes
[2010/10/01 18:54:14 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/10/01 18:54:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/10/01 18:54:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/10/01 18:52:39 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Lenny\Desktop\mbam-setup-1.46.exe
[2010/10/01 18:35:51 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/10/01 18:33:07 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/10/01 18:32:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010/09/26 00:46:02 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mimefilt.dll
[2010/09/26 00:46:02 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscb.dll
[2010/09/26 00:46:02 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msshooks.dll
[2010/09/26 00:46:01 | 001,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\chsbrkr.dll
[2010/09/26 00:46:01 | 000,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\thawbrkr.dll
[2010/09/26 00:46:01 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msshsq.dll
[2010/09/26 00:46:01 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\offfilt.dll
[2010/09/26 00:46:01 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\korwbrkr.dll
[2010/09/26 00:46:01 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nlhtml.dll
[2010/09/26 00:46:01 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssitlb.dll
[2010/09/26 00:46:01 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\propdefs.dll
[2010/09/26 00:46:01 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msstrc.dll
[2010/09/26 00:46:01 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtffilt.dll
[2010/09/26 00:46:01 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssprxy.dll
[2010/09/26 00:46:00 | 006,103,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\chtbrkr.dll
[2010/09/26 00:46:00 | 001,582,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2010/09/26 00:46:00 | 001,418,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2010/09/26 00:46:00 | 000,670,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll
[2010/09/26 00:46:00 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll
[2010/09/26 00:46:00 | 000,203,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssphtb.dll
[2010/09/26 00:46:00 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll
[2010/09/26 00:46:00 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xmlfilter.dll
[2010/09/26 00:24:15 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\httpapi.dll
[2010/09/26 00:24:15 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshhttp.dll
[2010/09/26 00:16:30 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2010/09/26 00:16:30 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2010/09/26 00:16:30 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSDvbNP.ax
[2010/09/26 00:16:29 | 000,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2010/09/26 00:16:29 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2010/09/26 00:16:29 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2010/09/25 00:20:41 | 012,240,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\NlsLexicons0007.dll
[2010/09/25 00:20:40 | 002,644,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\NlsLexicons0009.dll
[2010/09/25 00:20:32 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\NaturalLanguage6.dll
[2010/09/25 00:09:41 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\kbd106n.dll
[2010/09/25 00:09:32 | 010,624,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2010/09/25 00:09:31 | 000,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\unregmp2.exe
[2010/09/25 00:09:30 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2010/09/25 00:09:23 | 001,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\connect.dll
[2010/09/25 00:09:21 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvfw32.dll
[2010/09/25 00:09:21 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avifil32.dll
[2010/09/25 00:09:21 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciavi32.dll
[2010/09/25 00:09:21 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avicap32.dll
[2010/09/25 00:09:14 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010/09/25 00:09:13 | 000,636,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\localspl.dll
[2010/09/25 00:09:10 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2010/09/25 00:09:08 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Apphlpdm.dll
[2010/09/25 00:09:07 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
[2010/09/25 00:09:03 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010/09/25 00:09:03 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2010/09/25 00:09:03 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2010/09/25 00:09:03 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dciman32.dll
[2010/09/25 00:09:01 | 000,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMSPDMOD.DLL
[2010/09/25 00:06:46 | 000,443,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2010/09/25 00:06:37 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vbscript.dll
[2010/09/25 00:06:36 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\raschap.dll
[2010/09/25 00:06:36 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rastls.dll
[2010/09/25 00:06:33 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\amxread.dll
[2010/09/25 00:06:33 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apilogen.dll
[2010/09/25 00:06:31 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll
[2010/09/25 00:06:30 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MP4SDECD.DLL
[2010/09/25 00:06:28 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll
[2010/09/25 00:06:21 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceApi.dll
[2010/09/25 00:06:18 | 002,066,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2010/09/25 00:06:16 | 000,272,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\polstore.dll
[2010/09/25 00:06:16 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winipsec.dll
[2010/09/25 00:06:16 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FwRemoteSvr.dll
[2010/09/25 00:06:15 | 000,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2010/09/25 00:06:11 | 000,183,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sdohlp.dll
[2010/09/25 00:06:11 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iasrecst.dll
[2010/09/25 00:06:11 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iasads.dll
[2010/09/25 00:06:11 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iasdatastore.dll
[2010/09/25 00:06:11 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iashost.exe
[2010/09/25 00:06:03 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2010/09/25 00:06:03 | 000,511,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2010/09/25 00:06:01 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2010/09/25 00:06:01 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2010/09/25 00:06:00 | 000,472,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2010/09/25 00:06:00 | 000,472,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2010/09/25 00:06:00 | 000,329,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdrm.dll
[2010/09/25 00:06:00 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2010/09/25 00:06:00 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2010/09/25 00:05:55 | 003,080,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010/09/25 00:05:55 | 002,927,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2010/09/25 00:05:50 | 002,386,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVCORE.DLL
[2010/09/25 00:05:49 | 002,868,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2010/09/25 00:05:44 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpeffects.dll
[2010/09/25 00:05:43 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scrobj.dll
[2010/09/25 00:05:43 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scrrun.dll
[2010/09/25 00:05:43 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshom.ocx
[2010/09/25 00:05:43 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cscript.exe
[2010/09/25 00:05:43 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshext.dll
[2010/09/25 00:05:38 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netiohlp.dll
[2010/09/25 00:05:37 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\NETSTAT.EXE
[2010/09/25 00:05:37 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ARP.EXE
[2010/09/25 00:05:37 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ROUTE.EXE
[2010/09/25 00:05:37 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2010/09/25 00:05:37 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRINFO.EXE
[2010/09/25 00:05:37 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\finger.exe
[2010/09/25 00:05:37 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TCPSVCS.EXE
[2010/09/25 00:05:37 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\HOSTNAME.EXE
[2010/09/25 00:04:59 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010/09/25 00:04:57 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2010/09/25 00:04:57 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2010/09/25 00:04:57 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/09/25 00:04:57 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2010/09/25 00:04:57 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/09/25 00:04:57 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2010/09/25 00:04:57 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010/09/25 00:04:56 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2010/09/25 00:04:56 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2010/09/25 00:04:56 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2010/09/25 00:04:35 | 000,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMNetMgr.dll
[2010/09/25 00:04:35 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\logagent.exe
[2010/09/25 00:04:29 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2010/09/25 00:04:28 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dataclen.dll
[2010/09/25 00:04:26 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshrm.dll
[2010/09/25 00:04:13 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\traffic.dll
[2010/09/25 00:04:13 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pacerprf.dll
[2010/09/25 00:04:13 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshqos.dll
[2010/09/25 00:03:50 | 000,562,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdtcprx.dll
[2010/09/25 00:03:50 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xolehlp.dll
[2010/09/25 00:03:49 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\SysWow64\l3codeca.acm
[2010/09/25 00:03:34 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Faultrep.dll
[2010/09/25 00:03:26 | 000,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpdxm.dll
[2010/09/25 00:03:26 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\spwmp.dll
[2010/09/25 00:03:25 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdxm.tlb
[2010/09/25 00:03:25 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\amcompat.tlb
[2010/09/25 00:03:25 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdxm.ocx
[2010/09/25 00:03:25 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxmasf.dll
[2010/09/24 23:57:31 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlansec.dll
[2010/09/24 23:57:31 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlanmsm.dll
[2010/09/24 23:57:31 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\L2SecHC.dll
[2010/09/24 23:51:37 | 000,575,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2010/09/24 23:51:37 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2010/09/24 23:51:37 | 000,035,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll
[2010/09/24 23:51:35 | 000,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2010/09/24 23:51:35 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2010/09/24 23:35:28 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2010/09/24 23:35:28 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe
[2010/09/24 23:35:28 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll
[2010/09/24 23:35:28 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll
[2010/09/24 23:34:19 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2010/09/22 22:23:12 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/09/22 22:19:05 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wintrust.dll
[2010/09/22 22:19:05 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cabview.dll
[2010/09/22 20:21:14 | 000,000,000 | ---D | C] -- C:\Users\Lenny\AppData\Roaming\SUPERAntiSpyware.com
[2010/09/22 20:21:14 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/09/22 20:21:10 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2010/09/22 20:21:08 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/09/21 21:18:44 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/09/21 21:18:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\Avg
[2010/09/21 21:04:14 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server
[2010/09/21 21:04:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Update
[2010/09/19 13:27:16 | 000,000,000 | ---D | C] -- C:\Users\Lenny\Desktop\Sandman Volume 1 - Preludes and Nocturnes
[2010/09/19 00:24:14 | 000,000,000 | ---D | C] -- C:\Users\Lenny\AppData\Local\AOL
[2010/09/19 00:24:14 | 000,000,000 | ---D | C] -- C:\Users\Lenny\AppData\Local\AIM
[2010/09/19 00:24:14 | 000,000,000 | ---D | C] -- C:\Users\Lenny\AppData\Roaming\acccore
[2010/09/19 00:24:11 | 000,000,000 | ---D | C] -- C:\ProgramData\AIM
[2010/09/19 00:24:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Software Update Utility
[2010/09/19 00:24:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AIM
[2010/09/19 00:24:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AOL
[2010/09/12 13:42:31 | 000,000,000 | ---D | C] -- C:\Wow ptr
[2010/09/07 00:39:01 | 000,000,000 | ---D | C] -- C:\Users\Lenny\Documents\Zombie Shooter 2 Demo Saves
[2009/08/13 13:05:56 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\dldtinpa.dll
[2009/08/13 13:05:55 | 000,647,168 | ---- | C] ( ) -- C:\Windows\SysWow64\dldtpmui.dll
[2009/08/13 13:05:55 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\dldtiesc.dll
[2009/08/13 13:05:53 | 000,843,776 | ---- | C] ( ) -- C:\Windows\SysWow64\dldtusb1.dll
[2009/08/13 13:05:52 | 001,105,920 | ---- | C] ( ) -- C:\Windows\SysWow64\dldtserv.dll
[2009/08/13 13:05:52 | 000,569,344 | ---- | C] ( ) -- C:\Windows\SysWow64\dldtlmpm.dll
[2009/08/13 13:05:52 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\dldtprox.dll
[2009/08/13 13:05:51 | 000,663,552 | ---- | C] ( ) -- C:\Windows\SysWow64\dldthbn3.dll
[2009/08/13 13:05:50 | 000,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\dldtcomc.dll
[2009/08/13 13:05:50 | 000,376,832 | ---- | C] ( ) -- C:\Windows\SysWow64\dldtcomm.dll

========== Files - Modified Within 30 Days ==========

[2010/10/06 19:50:39 | 007,077,888 | ---- | M] () -- C:\Users\Lenny\NTUSER.DAT
[2010/10/06 19:47:22 | 000,000,434 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{EFC39D03-BA34-4662-A7BD-3342142D9CEE}.job
[2010/10/06 19:46:38 | 000,000,680 | ---- | M] () -- C:\Users\Lenny\AppData\Local\d3d9caps.dat
[2010/10/06 19:46:34 | 000,707,456 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/10/06 19:46:34 | 000,607,168 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/10/06 19:46:34 | 000,104,808 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/10/06 19:46:11 | 000,002,545 | ---- | M] () -- C:\Users\Lenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Z Cinema.lnk
[2010/10/06 19:44:06 | 065,681,351 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/10/06 19:40:12 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/06 19:40:12 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/06 19:40:10 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/10/06 19:40:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/06 05:12:58 | 000,524,288 | -HS- | M] () -- C:\Users\Lenny\NTUSER.DAT{be684c37-6c1f-11df-8b48-001fd08e81a0}.TMContainer00000000000000000001.regtrans-ms
[2010/10/06 05:12:58 | 000,065,536 | -HS- | M] () -- C:\Users\Lenny\NTUSER.DAT{be684c37-6c1f-11df-8b48-001fd08e81a0}.TM.blf
[2010/10/06 05:12:49 | 001,850,919 | -H-- | M] () -- C:\Users\Lenny\AppData\Local\IconCache.db
[2010/10/06 04:56:59 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2368538248-2756442690-910610396-1000UA.job
[2010/10/05 22:34:43 | 000,001,927 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/10/05 18:59:18 | 000,000,312 | ---- | M] () -- C:\Users\Lenny\Desktop\Curse Client.appref-ms
[2010/10/04 10:56:59 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2368538248-2756442690-910610396-1000Core.job
[2010/10/03 18:02:24 | 000,001,812 | ---- | M] () -- C:\Users\Lenny\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/10/03 16:18:42 | 000,000,713 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2010/10/02 15:05:25 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/10/02 15:05:25 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/10/02 15:05:25 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/10/02 15:05:25 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/10/01 18:54:17 | 000,000,858 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/01 18:52:41 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Lenny\Desktop\mbam-setup-1.46.exe
[2010/10/01 18:32:46 | 000,000,953 | ---- | M] () -- C:\Users\Lenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/10/01 18:32:39 | 000,000,773 | ---- | M] () -- C:\Users\Lenny\Desktop\NTREGOPT.lnk
[2010/10/01 18:32:39 | 000,000,754 | ---- | M] () -- C:\Users\Lenny\Desktop\ERUNT.lnk
[2010/09/27 03:19:38 | 000,375,000 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/09/27 03:17:46 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\SmartDefrag.job
[2010/09/26 04:32:27 | 000,000,000 | ---- | M] () -- C:\Users\Lenny\defogger_reenable
[2010/09/26 04:08:05 | 000,100,856 | ---- | M] () -- C:\Users\Lenny\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/09/26 00:18:38 | 000,000,219 | ---- | M] () -- C:\Windows\win.ini
[2010/09/26 00:11:57 | 000,317,520 | ---- | M] () -- C:\Windows\SysNative\drivers\avgtdia.sys
[2010/09/26 00:11:57 | 000,035,536 | ---- | M] () -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2010/09/26 00:11:57 | 000,013,048 | ---- | M] () -- C:\Windows\SysNative\avgrssta.dll
[2010/09/26 00:11:55 | 000,269,904 | ---- | M] () -- C:\Windows\SysNative\drivers\avgldx64.sys
[2010/09/24 23:59:27 | 523,130,228 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/09/23 17:28:53 | 000,001,460 | ---- | M] () -- C:\Users\Lenny\AppData\Local\d3d9caps64.dat
[2010/09/22 22:33:33 | 000,240,640 | ---- | M] () -- C:\Users\Lenny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/22 20:21:10 | 000,001,766 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/09/21 21:18:43 | 000,001,699 | ---- | M] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2010/09/21 21:18:39 | 000,113,461 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\iavichjw.avm
[2010/09/21 21:18:38 | 006,061,540 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\avi7.avg
[2010/09/21 21:18:38 | 000,492,629 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\miniavi.avg
[2010/09/21 21:18:38 | 000,142,495 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\microavi.avg
[2010/09/19 13:15:07 | 000,002,255 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/09/19 00:24:14 | 000,000,374 | -H-- | M] () -- C:\IPH.PH
[2010/09/19 00:24:11 | 000,001,786 | ---- | M] () -- C:\Users\Lenny\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk

========== Files Created - No Company Name ==========

[2010/10/05 22:34:43 | 000,001,927 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/10/03 18:02:24 | 000,001,812 | ---- | C] () -- C:\Users\Lenny\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/10/01 18:54:17 | 000,000,858 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/01 18:54:13 | 000,024,664 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
[2010/10/01 18:32:46 | 000,000,953 | ---- | C] () -- C:\Users\Lenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/10/01 18:32:39 | 000,000,773 | ---- | C] () -- C:\Users\Lenny\Desktop\NTREGOPT.lnk
[2010/10/01 18:32:39 | 000,000,754 | ---- | C] () -- C:\Users\Lenny\Desktop\ERUNT.lnk
[2010/09/28 13:15:54 | 000,002,048 | ---- | C] () -- C:\Windows\SysNative\tzres.dll
[2010/09/26 18:53:16 | 000,442,368 | ---- | C] () -- C:\Windows\SysNative\winhttp.dll
[2010/09/26 18:53:10 | 000,975,360 | ---- | C] () -- C:\Windows\SysNative\inetcomm.dll
[2010/09/26 05:23:35 | 000,293,376 | ---- | C] () -- C:\Users\Lenny\Desktop\gmer.exe
[2010/09/26 04:32:27 | 000,000,000 | ---- | C] () -- C:\Users\Lenny\defogger_reenable
[2010/09/26 00:46:03 | 000,024,064 | ---- | C] () -- C:\Windows\SysNative\wsepno.dll
[2010/09/26 00:46:02 | 000,106,605 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2010/09/26 00:46:02 | 000,106,605 | ---- | C] () -- C:\Windows\SysNative\StructuredQuerySchema.bin
[2010/09/26 00:46:02 | 000,080,896 | ---- | C] () -- C:\Windows\SysNative\propdefs.dll
[2010/09/26 00:46:02 | 000,067,072 | ---- | C] () -- C:\Windows\SysNative\xmlfilter.dll
[2010/09/26 00:46:02 | 000,044,544 | ---- | C] () -- C:\Windows\SysNative\msscb.dll
[2010/09/26 00:46:02 | 000,043,008 | ---- | C] () -- C:\Windows\SysNative\rtffilt.dll
[2010/09/26 00:46:02 | 000,037,376 | ---- | C] () -- C:\Windows\SysNative\mimefilt.dll
[2010/09/26 00:46:02 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2010/09/26 00:46:02 | 000,018,904 | ---- | C] () -- C:\Windows\SysNative\StructuredQuerySchemaTrivial.bin
[2010/09/26 00:46:02 | 000,012,288 | ---- | C] () -- C:\Windows\SysNative\msshooks.dll
[2010/09/26 00:46:01 | 011,967,524 | ---- | C] () -- C:\Windows\SysWow64\korwbrkr.lex
[2010/09/26 00:46:01 | 011,967,524 | ---- | C] () -- C:\Windows\SysNative\korwbrkr.lex
[2010/09/26 00:46:01 | 001,676,800 | ---- | C] () -- C:\Windows\SysNative\chsbrkr.dll
[2010/09/26 00:46:01 | 000,921,088 | ---- | C] () -- C:\Windows\SysNative\propsys.dll
[2010/09/26 00:46:01 | 000,347,648 | ---- | C] () -- C:\Windows\SysNative\srchadmin.dll
[2010/09/26 00:46:01 | 000,317,440 | ---- | C] () -- C:\Windows\SysNative\thawbrkr.dll
[2010/09/26 00:46:01 | 000,316,928 | ---- | C] () -- C:\Windows\SysNative\msshsq.dll
[2010/09/26 00:46:01 | 000,280,064 | ---- | C] () -- C:\Windows\SysNative\offfilt.dll
[2010/09/26 00:46:01 | 000,181,248 | ---- | C] () -- C:\Windows\SysNative\nlhtml.dll
[2010/09/26 00:46:01 | 000,180,736 | ---- | C] () -- C:\Windows\SysNative\korwbrkr.dll
[2010/09/26 00:46:01 | 000,087,552 | ---- | C] () -- C:\Windows\SysNative\mssitlb.dll
[2010/09/26 00:46:01 | 000,040,448 | ---- | C] () -- C:\Windows\SysNative\mssprxy.dll
[2010/09/26 00:46:00 | 006,100,480 | ---- | C] () -- C:\Windows\SysNative\chtbrkr.dll
[2010/09/26 00:46:00 | 002,209,792 | ---- | C] () -- C:\Windows\SysNative\tquery.dll
[2010/09/26 00:46:00 | 002,176,512 | ---- | C] () -- C:\Windows\SysNative\mssrch.dll
[2010/09/26 00:46:00 | 000,796,672 | ---- | C] () -- C:\Windows\SysNative\mssvp.dll
[2010/09/26 00:46:00 | 000,598,016 | ---- | C] () -- C:\Windows\SysNative\SearchIndexer.exe
[2010/09/26 00:46:00 | 000,498,176 | ---- | C] () -- C:\Windows\SysNative\mssph.dll
[2010/09/26 00:46:00 | 000,312,832 | ---- | C] () -- C:\Windows\SysNative\mssphtb.dll
[2010/09/26 00:46:00 | 000,258,560 | ---- | C] () -- C:\Windows\SysNative\SearchProtocolHost.exe
[2010/09/26 00:46:00 | 000,112,128 | ---- | C] () -- C:\Windows\SysNative\SearchFilterHost.exe
[2010/09/26 00:46:00 | 000,078,848 | ---- | C] () -- C:\Windows\SysNative\msstrc.dll
[2010/09/26 00:46:00 | 000,073,728 | ---- | C] () -- C:\Windows\SysNative\msscntrs.dll
[2010/09/26 00:24:15 | 000,610,304 | ---- | C] () -- C:\Windows\SysNative\drivers\http.sys
[2010/09/26 00:24:15 | 000,033,792 | ---- | C] () -- C:\Windows\SysNative\httpapi.dll
[2010/09/26 00:24:15 | 000,032,768 | ---- | C] () -- C:\Windows\SysNative\nshhttp.dll
[2010/09/26 00:16:31 | 000,101,376 | ---- | C] () -- C:\Windows\SysNative\MSNP.ax
[2010/09/26 00:16:31 | 000,073,216 | ---- | C] () -- C:\Windows\SysNative\MSDvbNP.ax
[2010/09/26 00:16:30 | 000,227,328 | ---- | C] () -- C:\Windows\SysNative\mpg2splt.ax
[2010/09/26 00:16:29 | 000,558,592 | ---- | C] () -- C:\Windows\SysNative\EncDec.dll
[2010/09/26 00:16:29 | 000,375,808 | ---- | C] () -- C:\Windows\SysNative\psisdecd.dll
[2010/09/26 00:16:29 | 000,289,792 | ---- | C] () -- C:\Windows\SysNative\psisrndr.ax
[2010/09/26 00:11:57 | 000,013,048 | ---- | C] () -- C:\Windows\SysNative\avgrssta.dll
[2010/09/25 00:20:41 | 012,240,896 | ---- | C] () -- C:\Windows\SysNative\NlsLexicons0007.dll
[2010/09/25 00:20:40 | 002,644,480 | ---- | C] () -- C:\Windows\SysNative\NlsLexicons0009.dll
[2010/09/25 00:20:33 | 001,361,920 | ---- | C] () -- C:\Windows\SysNative\NaturalLanguage6.dll
[2010/09/25 00:09:41 | 000,474,624 | ---- | C] () -- C:\Windows\SysNative\srcore.dll
[2010/09/25 00:09:41 | 000,382,008 | ---- | C] () -- C:\Windows\SysNative\ci.dll
[2010/09/25 00:09:41 | 000,339,968 | ---- | C] () -- C:\Windows\SysNative\rstrui.exe
[2010/09/25 00:09:41 | 000,058,368 | ---- | C] () -- C:\Windows\SysNative\setbcdlocale.dll
[2010/09/25 00:09:41 | 000,046,592 | ---- | C] () -- C:\Windows\SysNative\srclient.dll
[2010/09/25 00:09:41 | 000,018,944 | ---- | C] () -- C:\Windows\SysNative\srdelayed.exe
[2010/09/25 00:09:41 | 000,007,680 | ---- | C] () -- C:\Windows\SysNative\kbd106n.dll
[2010/09/25 00:09:39 | 001,078,840 | ---- | C] () -- C:\Windows\SysNative\winload.efi
[2010/09/25 00:09:39 | 001,066,040 | ---- | C] () -- C:\Windows\SysNative\winload.exe
[2010/09/25 00:09:39 | 000,993,336 | ---- | C] () -- C:\Windows\SysNative\winresume.efi
[2010/09/25 00:09:39 | 000,982,584 | ---- | C] () -- C:\Windows\SysNative\winresume.exe
[2010/09/25 00:09:39 | 000,022,072 | ---- | C] () -- C:\Windows\SysNative\kd1394.dll
[2010/09/25 00:09:34 | 013,426,176 | ---- | C] () -- C:\Windows\SysNative\wmp.dll
[2010/09/25 00:09:32 | 000,372,736 | ---- | C] () -- C:\Windows\SysNative\unregmp2.exe
[2010/09/25 00:09:30 | 008,147,968 | ---- | C] () -- C:\Windows\SysNative\wmploc.DLL
[2010/09/25 00:09:24 | 001,420,176 | ---- | C] () -- C:\Windows\SysNative\drivers\tcpip.sys
[2010/09/25 00:09:23 | 001,691,648 | ---- | C] () -- C:\Windows\SysNative\connect.dll
[2010/09/25 00:09:21 | 000,143,360 | ---- | C] () -- C:\Windows\SysNative\msvfw32.dll
[2010/09/25 00:09:21 | 000,108,544 | ---- | C] () -- C:\Windows\SysNative\avifil32.dll
[2010/09/25 00:09:21 | 000,093,184 | ---- | C] () -- C:\Windows\SysNative\mciavi32.dll
[2010/09/25 00:09:21 | 000,076,800 | ---- | C] () -- C:\Windows\SysNative\avicap32.dll
[2010/09/25 00:09:21 | 000,054,272 | ---- | C] () -- C:\Windows\SysNative\iyuv_32.dll
[2010/09/25 00:09:21 | 000,038,400 | ---- | C] () -- C:\Windows\SysNative\msvidc32.dll
[2010/09/25 00:09:21 | 000,025,600 | ---- | C] () -- C:\Windows\SysNative\msyuv.dll
[2010/09/25 00:09:21 | 000,015,872 | ---- | C] () -- C:\Windows\SysNative\msrle32.dll
[2010/09/25 00:09:21 | 000,013,824 | ---- | C] () -- C:\Windows\SysNative\tsbyuv.dll
[2010/09/25 00:09:15 | 000,189,440 | ---- | C] () -- C:\Windows\SysNative\t2embed.dll
[2010/09/25 00:09:13 | 000,791,552 | ---- | C] () -- C:\Windows\SysNative\localspl.dll
[2010/09/25 00:09:10 | 000,817,664 | ---- | C] () -- C:\Windows\SysNative\jscript.dll
[2010/09/25 00:09:07 | 004,240,384 | ---- | C] () -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2010/09/25 00:09:07 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\Apphlpdm.dll
[2010/09/25 00:09:03 | 000,366,080 | ---- | C] () -- C:\Windows\SysNative\atmfd.dll
[2010/09/25 00:09:03 | 000,096,256 | ---- | C] () -- C:\Windows\SysNative\fontsub.dll
[2010/09/25 00:09:03 | 000,048,128 | ---- | C] () -- C:\Windows\SysNative\atmlib.dll
[2010/09/25 00:09:02 | 001,280,512 | ---- | C] () -- C:\Windows\SysNative\rpcrt4.dll
[2010/09/25 00:09:01 | 000,818,688 | ---- | C] () -- C:\Windows\SysNative\WMSPDMOD.DLL
[2010/09/25 00:07:27 | 000,656,384 | ---- | C] () -- C:\Windows\SysNative\kerberos.dll
[2010/09/25 00:07:24 | 000,437,248 | ---- | C] () -- C:\Windows\SysNative\WSDApi.dll
[2010/09/25 00:06:48 | 012,898,304 | ---- | C] () -- C:\Windows\SysNative\shell32.dll
[2010/09/25 00:06:46 | 000,660,480 | ---- | C] () -- C:\Windows\SysNative\win32spl.dll
[2010/09/25 00:06:45 | 000,084,480 | ---- | C] () -- C:\Windows\SysNative\asycfilt.dll
[2010/09/25 00:06:42 | 000,273,920 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb10.sys
[2010/09/25 00:06:42 | 000,135,168 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb.sys
[2010/09/25 00:06:41 | 000,105,472 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb20.sys
[2010/09/25 00:06:40 | 000,462,848 | ---- | C] () -- C:\Windows\SysNative\drivers\srv.sys
[2010/09/25 00:06:40 | 000,174,592 | ---- | C] () -- C:\Windows\SysNative\drivers\srv2.sys
[2010/09/25 00:06:39 | 002,749,952 | ---- | C] () -- C:\Windows\SysNative\win32k.sys
[2010/09/25 00:06:37 | 000,612,864 | ---- | C] () -- C:\Windows\SysNative\vbscript.dll
[2010/09/25 00:06:36 | 000,295,936 | ---- | C] () -- C:\Windows\SysNative\raschap.dll
[2010/09/25 00:06:36 | 000,280,576 | ---- | C] () -- C:\Windows\SysNative\rastls.dll
[2010/09/25 00:06:34 | 001,208,832 | ---- | C] () -- C:\Windows\SysNative\kernel32.dll
[2010/09/25 00:06:33 | 000,025,600 | ---- | C] () -- C:\Windows\SysNative\amxread.dll
[2010/09/25 00:06:33 | 000,015,872 | ---- | C] () -- C:\Windows\SysNative\apilogen.dll
[2010/09/25 00:06:32 | 000,388,608 | ---- | C] () -- C:\Windows\SysNative\gdi32.dll
[2010/09/25 00:06:31 | 000,050,688 | ---- | C] () -- C:\Windows\SysNative\rtutils.dll
[2010/09/25 00:06:30 | 000,295,424 | ---- | C] () -- C:\Windows\SysNative\MP4SDECD.DLL
[2010/09/25 00:06:29 | 000,267,776 | ---- | C] () -- C:\Windows\SysNative\spoolsv.exe
[2010/09/25 00:06:27 | 001,729,024 | ---- | C] () -- C:\Windows\SysNative\msxml6.dll
[2010/09/25 00:06:22 | 004,690,832 | ---- | C] () -- C:\Windows\SysNative\ntoskrnl.exe
[2010/09/25 00:06:21 | 000,324,608 | ---- | C] () -- C:\Windows\SysNative\PortableDeviceApi.dll
[2010/09/25 00:06:20 | 000,361,984 | ---- | C] () -- C:\Windows\SysNative\es.dll
[2010/09/25 00:06:18 | 002,423,296 | ---- | C] () -- C:\Windows\SysNative\mstscax.dll
[2010/09/25 00:06:16 | 000,531,456 | ---- | C] () -- C:\Windows\SysNative\IPSECSVC.DLL
[2010/09/25 00:06:15 | 000,880,640 | ---- | C] () -- C:\Windows\SysNative\timedate.cpl
[2010/09/25 00:06:12 | 001,030,656 | ---- | C] () -- C:\Windows\SysNative\printfilterpipelinesvc.exe
[2010/09/25 00:06:12 | 000,718,336 | ---- | C] () -- C:\Windows\SysNative\rpcss.dll
[2010/09/25 00:06:11 | 000,231,424 | ---- | C] () -- C:\Windows\SysNative\sdohlp.dll
[2010/09/25 00:06:11 | 000,163,840 | ---- | C] () -- C:\Windows\SysNative\iasrecst.dll
[2010/09/25 00:06:11 | 000,075,776 | ---- | C] () -- C:\Windows\SysNative\iasads.dll
[2010/09/25 00:06:11 | 000,061,440 | ---- | C] () -- C:\Windows\SysNative\iasdatastore.dll
[2010/09/25 00:06:11 | 000,036,352 | ---- | C] () -- C:\Windows\SysNative\printfilterpipelineprxy.dll
[2010/09/25 00:06:11 | 000,024,576 | ---- | C] () -- C:\Windows\SysNative\iashost.exe
[2010/09/25 00:06:05 | 000,594,432 | ---- | C] () -- C:\Windows\SysNative\RMActivate.exe
[2010/09/25 00:06:04 | 000,594,944 | ---- | C] () -- C:\Windows\SysNative\RMActivate_isv.exe
[2010/09/25 00:06:01 | 000,535,040 | ---- | C] () -- C:\Windows\SysNative\secproc.dll
[2010/09/25 00:06:01 | 000,534,016 | ---- | C] () -- C:\Windows\SysNative\secproc_isv.dll
[2010/09/25 00:06:01 | 000,413,696 | ---- | C] () -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2010/09/25 00:06:01 | 000,409,600 | ---- | C] () -- C:\Windows\SysNative\RMActivate_ssp.exe
[2010/09/25 00:06:00 | 000,457,216 | ---- | C] () -- C:\Windows\SysNative\msdrm.dll
[2010/09/25 00:06:00 | 000,159,232 | ---- | C] () -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2010/09/25 00:06:00 | 000,158,720 | ---- | C] () -- C:\Windows\SysNative\secproc_ssp.dll
[2010/09/25 00:05:50 | 003,547,136 | ---- | C] () -- C:\Windows\SysNative\mf.dll
[2010/09/25 00:05:50 | 002,900,480 | ---- | C] () -- C:\Windows\SysNative\WMVCORE.DLL
[2010/09/25 00:05:47 | 001,692,160 | ---- | C] () -- C:\Windows\SysNative\lsasrv.dll
[2010/09/25 00:05:47 | 000,515,656 | ---- | C] () -- C:\Windows\SysNative\drivers\ksecdd.sys
[2010/09/25 00:05:47 | 000,268,800 | ---- | C] () -- C:\Windows\SysNative\msv1_0.dll
[2010/09/25 00:05:47 | 000,205,312 | ---- | C] () -- C:\Windows\SysNative\wdigest.dll
[2010/09/25 00:05:47 | 000,094,720 | ---- | C] () -- C:\Windows\SysNative\secur32.dll
[2010/09/25 00:05:47 | 000,011,264 | ---- | C] () -- C:\Windows\SysNative\lsass.exe
[2010/09/25 00:05:45 | 000,088,576 | ---- | C] () -- C:\Windows\SysNative\atl.dll
[2010/09/25 00:05:44 | 000,557,056 | ---- | C] () -- C:\Windows\SysNative\wmpeffects.dll
[2010/09/25 00:05:43 | 000,227,328 | ---- | C] () -- C:\Windows\SysNative\scrobj.dll
[2010/09/25 00:05:43 | 000,197,632 | ---- | C] () -- C:\Windows\SysNative\scrrun.dll
[2010/09/25 00:05:43 | 000,166,912 | ---- | C] () -- C:\Windows\SysNative\wscript.exe
[2010/09/25 00:05:43 | 000,147,968 | ---- | C] () -- C:\Windows\SysNative\cscript.exe
[2010/09/25 00:05:43 | 000,144,384 | ---- | C] () -- C:\Windows\SysNative\wshom.ocx
[2010/09/25 00:05:43 | 000,101,888 | ---- | C] () -- C:\Windows\SysNative\wshext.dll
[2010/09/25 00:05:38 | 000,141,312 | ---- | C] () -- C:\Windows\SysNative\netiohlp.dll
[2010/09/25 00:05:37 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\NETSTAT.EXE
[2010/09/25 00:05:37 | 000,023,040 | ---- | C] () -- C:\Windows\SysNative\ARP.EXE
[2010/09/25 00:05:37 | 000,021,504 | ---- | C] () -- C:\Windows\SysNative\ROUTE.EXE
[2010/09/25 00:05:37 | 000,017,920 | ---- | C] () -- C:\Windows\SysNative\netevent.dll
[2010/09/25 00:05:37 | 000,012,800 | ---- | C] () -- C:\Windows\SysNative\MRINFO.EXE
[2010/09/25 00:05:37 | 000,011,264 | ---- | C] () -- C:\Windows\SysNative\finger.exe
[2010/09/25 00:05:37 | 000,010,752 | ---- | C] () -- C:\Windows\SysNative\TCPSVCS.EXE
[2010/09/25 00:05:37 | 000,010,240 | ---- | C] () -- C:\Windows\SysNative\HOSTNAME.EXE
[2010/09/25 00:04:58 | 012,473,344 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2010/09/25 00:04:58 | 009,250,816 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2010/09/25 00:04:57 | 002,335,744 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2010/09/25 00:04:57 | 001,487,360 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2010/09/25 00:04:57 | 001,147,904 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2010/09/25 00:04:57 | 000,459,776 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2010/09/25 00:04:56 | 001,638,912 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2010/09/25 00:04:56 | 001,538,560 | ---- | C] () -- C:\Windows\SysNative\inetcpl.cpl
[2010/09/25 00:04:56 | 001,062,912 | ---- | C] () -- C:\Windows\SysNative\mstime.dll
[2010/09/25 00:04:56 | 000,706,048 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2010/09/25 00:04:56 | 000,252,416 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
[2010/09/25 00:04:56 | 000,243,712 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2010/09/25 00:04:56 | 000,219,136 | ---- | C] () -- C:\Windows\SysNative\ieui.dll
[2010/09/25 00:04:56 | 000,162,816 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe
[2010/09/25 00:04:56 | 000,132,096 | ---- | C] () -- C:\Windows\SysNative\iesysprep.dll
[2010/09/25 00:04:56 | 000,077,312 | ---- | C] () -- C:\Windows\SysNative\iesetup.dll
[2010/09/25 00:04:56 | 000,072,192 | ---- | C] () -- C:\Windows\SysNative\iernonce.dll
[2010/09/25 00:04:56 | 000,071,680 | ---- | C] () -- C:\Windows\SysNative\msfeedsbs.dll
[2010/09/25 00:04:56 | 000,070,656 | ---- | C] () -- C:\Windows\SysNative\ie4uinit.exe
[2010/09/25 00:04:56 | 000,057,667 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2010/09/25 00:04:56 | 000,057,667 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2010/09/25 00:04:56 | 000,031,744 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2010/09/25 00:04:56 | 000,012,288 | ---- | C] () -- C:\Windows\SysNative\msfeedssync.exe
[2010/09/25 00:04:35 | 001,245,184 | ---- | C] () -- C:\Windows\SysNative\WMNetMgr.dll
[2010/09/25 00:04:35 | 000,112,640 | ---- | C] () -- C:\Windows\SysNative\logagent.exe
[2010/09/25 00:04:32 | 001,875,456 | ---- | C] () -- C:\Windows\SysNative\msxml3.dll
[2010/09/25 00:04:29 | 001,570,816 | ---- | C] () -- C:\Windows\SysNative\quartz.dll
[2010/09/25 00:04:28 | 000,883,200 | ---- | C] () -- C:\Windows\SysNative\drivers\dxgkrnl.sys
[2010/09/25 00:04:28 | 000,399,872 | ---- | C] () -- C:\Windows\SysNative\emdmgmt.dll
[2010/09/25 00:04:28 | 000,187,392 | ---- | C] () -- C:\Windows\SysNative\drivers\nwifi.sys
[2010/09/25 00:04:28 | 000,048,640 | ---- | C] () -- C:\Windows\SysNative\dataclen.dll
[2010/09/25 00:04:28 | 000,047,104 | ---- | C] () -- C:\Windows\SysNative\cdd.dll
[2010/09/25 00:04:26 | 000,140,288 | ---- | C] () -- C:\Windows\SysNative\drivers\rmcast.sys
[2010/09/25 00:04:26 | 000,017,408 | ---- | C] () -- C:\Windows\SysNative\wshrm.dll
[2010/09/25 00:04:25 | 000,082,944 | ---- | C] () -- C:\Windows\SysNative\msasn1.dll
[2010/09/25 00:04:13 | 000,094,208 | ---- | C] () -- C:\Windows\SysNative\drivers\pacer.sys
[2010/09/25 00:04:13 | 000,039,424 | ---- | C] () -- C:\Windows\SysNative\traffic.dll
[2010/09/25 00:04:13 | 000,017,920 | ---- | C] () -- C:\Windows\SysNative\pacerprf.dll
[2010/09/25 00:04:13 | 000,016,896 | ---- | C] () -- C:\Windows\SysNative\wshqos.dll
[2010/09/25 00:04:10 | 000,202,752 | ---- | C] () -- C:\Windows\SysNative\wkssvc.dll
[2010/09/25 00:03:50 | 000,730,112 | ---- | C] () -- C:\Windows\SysNative\msdtcprx.dll
[2010/09/25 00:03:50 | 000,048,640 | ---- | C] () -- C:\Windows\SysNative\xolehlp.dll
[2010/09/25 00:03:49 | 000,072,192 | ---- | C] () -- C:\Windows\SysNative\l3codeca.acm
[2010/09/25 00:03:47 | 000,622,080 | ---- | C] () -- C:\Windows\SysNative\usp10.dll
[2010/09/25 00:03:34 | 000,176,640 | ---- | C] () -- C:\Windows\SysNative\Faultrep.dll
[2010/09/25 00:03:34 | 000,120,832 | ---- | C] () -- C:\Windows\SysNative\wersvc.dll
[2010/09/25 00:03:33 | 000,343,040 | ---- | C] () -- C:\Windows\SysNative\schannel.dll
[2010/09/25 00:03:26 | 000,368,128 | ---- | C] () -- C:\Windows\SysNative\wmpdxm.dll
[2010/09/25 00:03:26 | 000,009,216 | ---- | C] () -- C:\Windows\SysNative\spwmp.dll
[2010/09/25 00:03:26 | 000,005,120 | ---- | C] () -- C:\Windows\SysNative\msdxm.ocx
[2010/09/25 00:03:26 | 000,005,120 | ---- | C] () -- C:\Windows\SysNative\dxmasf.dll
[2010/09/25 00:03:25 | 000,043,520 | ---- | C] () -- C:\Windows\SysNative\msdxm.tlb
[2010/09/25 00:03:25 | 000,018,432 | ---- | C] () -- C:\Windows\SysNative\amcompat.tlb
[2010/09/24 23:57:31 | 002,608,803 | ---- | C] () -- C:\Windows\SysNative\wlan.tmf
[2010/09/24 23:57:31 | 000,615,936 | ---- | C] () -- C:\Windows\SysNative\wlansvc.dll
[2010/09/24 23:57:31 | 000,376,832 | ---- | C] () -- C:\Windows\SysNative\wlansec.dll
[2010/09/24 23:57:31 | 000,353,280 | ---- | C] () -- C:\Windows\SysNative\wlanmsm.dll
[2010/09/24 23:57:31 | 000,157,184 | ---- | C] () -- C:\Windows\SysNative\L2SecHC.dll
[2010/09/24 23:57:31 | 000,097,792 | ---- | C] () -- C:\Windows\SysNative\wlanhlp.dll
[2010/09/24 23:57:30 | 000,086,528 | ---- | C] () -- C:\Windows\SysNative\wlanapi.dll
[2010/09/24 23:51:41 | 002,621,440 | ---- | C] () -- C:\Windows\SysNative\wucltux.dll
[2010/09/24 23:51:41 | 002,424,024 | ---- | C] () -- C:\Windows\SysNative\wuaueng.dll
[2010/09/24 23:51:41 | 000,057,560 | ---- | C] () -- C:\Windows\SysNative\wuauclt.exe
[2010/09/24 23:51:41 | 000,043,744 | ---- | C] () -- C:\Windows\SysNative\wups2.dll
[2010/09/24 23:51:37 | 000,700,640 | ---- | C] () -- C:\Windows\SysNative\wuapi.dll
[2010/09/24 23:51:37 | 000,098,816 | ---- | C] () -- C:\Windows\SysNative\wudriver.dll
[2010/09/24 23:51:37 | 000,038,112 | ---- | C] () -- C:\Windows\SysNative\wups.dll
[2010/09/24 23:51:35 | 000,185,416 | ---- | C] () -- C:\Windows\SysNative\wuwebv.dll
[2010/09/24 23:51:35 | 000,036,864 | ---- | C] () -- C:\Windows\SysNative\wuapp.exe
[2010/09/24 23:35:28 | 001,942,856 | ---- | C] () -- C:\Windows\SysNative\dfshim.dll
[2010/09/24 23:35:28 | 000,444,752 | ---- | C] () -- C:\Windows\SysNative\mscoree.dll
[2010/09/24 23:35:28 | 000,320,352 | ---- | C] () -- C:\Windows\SysNative\PresentationHost.exe
[2010/09/24 23:35:28 | 000,109,912 | ---- | C] () -- C:\Windows\SysNative\PresentationHostProxy.dll
[2010/09/24 23:35:28 | 000,048,960 | ---- | C] () -- C:\Windows\SysNative\netfxperf.dll
[2010/09/22 22:19:05 | 000,218,112 | ---- | C] () -- C:\Windows\SysNative\wintrust.dll
[2010/09/22 22:19:05 | 000,104,960 | ---- | C] () -- C:\Windows\SysNative\cabview.dll
[2010/09/22 20:21:10 | 000,001,766 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/09/21 21:18:43 | 000,317,520 | ---- | C] () -- C:\Windows\SysNative\drivers\avgtdia.sys
[2010/09/21 21:18:43 | 000,001,699 | ---- | C] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2010/09/21 21:18:39 | 000,269,904 | ---- | C] () -- C:\Windows\SysNative\drivers\avgldx64.sys
[2010/09/21 21:18:39 | 000,113,461 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\iavichjw.avm
[2010/09/21 21:18:39 | 000,035,536 | ---- | C] () -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2010/09/21 21:18:38 | 065,681,351 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/09/21 21:18:38 | 006,061,540 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\avi7.avg
[2010/09/21 21:18:38 | 000,492,629 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\miniavi.avg
[2010/09/21 21:18:38 | 000,142,495 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\microavi.avg
[2010/09/19 00:24:11 | 000,001,786 | ---- | C] () -- C:\Users\Lenny\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2010/09/19 00:23:53 | 000,000,374 | -H-- | C] () -- C:\IPH.PH
[2010/09/06 19:33:42 | 000,411,276 | ---- | C] () -- C:\Users\Lenny\AppData\Local\dd_vcredistMSI2C03.txt
[2010/09/06 19:33:42 | 000,011,414 | ---- | C] () -- C:\Users\Lenny\AppData\Local\dd_vcredistUI2C03.txt
[2010/07/10 03:45:58 | 000,708,868 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/06/23 19:29:39 | 000,014,976 | ---- | C] () -- C:\Windows\SysWow64\drivers\SBKUPNT.SYS
[2010/06/23 19:28:56 | 000,002,799 | ---- | C] () -- C:\Windows\SKLANG.INI
[2010/04/06 11:15:21 | 000,000,680 | ---- | C] () -- C:\Users\Lenny\AppData\Local\d3d9caps.dat
[2010/04/03 15:04:50 | 000,419,010 | ---- | C] () -- C:\Users\Lenny\AppData\Local\dd_vcredistMSI4178.txt
[2010/04/03 15:04:49 | 000,011,486 | ---- | C] () -- C:\Users\Lenny\AppData\Local\dd_vcredistUI4178.txt
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009/10/28 21:26:36 | 000,453,370 | ---- | C] () -- C:\Users\Lenny\AppData\Local\dd_vcredistMSI7ACC.txt
[2009/10/28 21:26:36 | 000,011,428 | ---- | C] () -- C:\Users\Lenny\AppData\Local\dd_vcredistUI7ACC.txt
[2009/09/30 15:07:44 | 002,466,534 | ---- | C] () -- C:\Users\Lenny\AppData\Local\dd_NET_Framework35_x64_MSI4D19.txt
[2009/09/30 14:59:23 | 000,200,326 | ---- | C] () -- C:\Users\Lenny\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
[2009/09/30 14:59:08 | 000,191,964 | ---- | C] () -- C:\Users\Lenny\AppData\Local\dd_dotnetfx35install.txt
[2009/09/30 14:59:08 | 000,002,690 | ---- | C] () -- C:\Users\Lenny\AppData\Local\uxeventlog.txt
[2009/09/30 14:59:08 | 000,000,002 | ---- | C] () -- C:\Users\Lenny\AppData\Local\dd_dotnetfx35error.txt
[2009/08/29 22:21:15 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2009/08/29 22:21:15 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2009/08/29 22:21:15 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2009/08/13 13:05:56 | 000,348,160 | ---- | C] () -- C:\Windows\SysWow64\DLDTinst.dll
[2009/08/13 13:05:56 | 000,335,872 | ---- | C] () -- C:\Windows\SysWow64\dldtcomx.dll
[2009/08/13 13:05:55 | 000,520,192 | ---- | C] () -- C:\Windows\SysWow64\dldtutil.dll
[2009/08/13 13:05:55 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\dldtjswr.dll
[2009/08/13 13:05:55 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\dldtinsr.dll
[2009/08/13 13:05:55 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\dldtcur.dll
[2009/08/13 13:05:54 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\dldtinsb.dll
[2009/08/13 13:05:54 | 000,176,128 | ---- | C] () -- C:\Windows\SysWow64\dldtins.dll
[2009/08/13 13:05:53 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\dldtcub.dll
[2009/08/13 13:05:53 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\dldtcu.dll
[2009/05/19 21:29:24 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2009/04/12 00:45:35 | 000,240,640 | ---- | C] () -- C:\Users\Lenny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/11 15:36:34 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2009/04/11 15:29:20 | 000,001,460 | ---- | C] () -- C:\Users\Lenny\AppData\Local\d3d9caps64.dat
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008/02/21 15:41:23 | 000,782,336 | ---- | C] () -- C:\Windows\SysWow64\dldtdrs.dll
[2008/02/19 17:25:56 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\dldtcaps.dll
[2008/01/22 02:05:12 | 000,077,906 | ---- | C] () -- C:\Windows\SysWow64\dldtcfg.dll
[2008/01/20 21:49:10 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 21:48:56 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2007/11/13 19:13:10 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\dldtcnv4.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:D1B5B4F1
< End of report >

((I couldn't find the txt document of the fix you had me run sad.gif but im sure it fixed whatever it was that you wanted me to fix...sorry for the long delay)

#12 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:24 PM

Posted 09 October 2010 - 06:33 AM

Hello, s14lenny.

Ok, almost done.



Step 1

Download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • A blank Windows shall open with the title "SystemLook v1.0-by Jpshortstuff".
  • Copy and Paste the content of the following codebox into the main textfield under "File":
    CODE
    :reg
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore
  • Please Confirm everything is copied and Pasted as I have provided above
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan.
  • Please post this log in your next reply.


Note: The log can also be found on your Desktop entitled SystemLook.txt
2nd Note: The scan may take a while from several seconds to a minute or more depending on the number of files you have and how fast your computer can perform the task




Step 2

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#13 s14lenny

s14lenny
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:10:24 AM

Posted 11 October 2010 - 07:54 PM

SystemLook 04.09.10 by jpshortstuff
Log created at 08:22 on 10/10/2010 by Lenny
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== reg ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR"="0"


-= EOF =-


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4789

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18943

10/10/2010 8:45:31 AM
mbam-log-2010-10-10 (08-45-31).txt

Scan type: Quick scan
Objects scanned: 150470
Time elapsed: 3 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\nofolderoptions (Hijack.FolderOptions) -> Delete on reboot.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


#14 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:24 PM

Posted 12 October 2010 - 05:08 PM

Ok, please run MBAM one more time and post the log here. I want to make sure that the hijack didn't reappear. How is it running?


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#15 s14lenny

s14lenny
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:10:24 AM

Posted 14 October 2010 - 06:43 PM

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4825

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18975

10/14/2010 6:40:55 PM
mbam-log-2010-10-14 (18-40-55).txt

Scan type: Quick scan
Objects scanned: 150682
Time elapsed: 3 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\nofolderoptions (Hijack.FolderOptions) -> Delete on reboot.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

((Its running great by the way smile.gif No problems that i can see anyway))




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users