Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infection of registry, difficulty in detecting


  • This topic is locked This topic is locked
20 replies to this topic

#1 etche_homo

etche_homo

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 06 November 2010 - 01:39 AM

Hello, all,

I have been battling for the last 72 hours a number of malwares that got installed on my system over the last couple of weeks, when I had changed from avast to Sophos at the request of the IT department at my work. Or at least I think that is when I became vulnerable. I'm back to avast, but my problems are not over.

This started with HDD Defragmenter. I didn't buy anything, and figured out the symptoms pretty quickly, and thought I got rid of it, and then conducted a full system search.

After a first run with an updated avast5 to find some 70-odd viruses and Trojan horses on my system, and then a second run where it was ostensibly clean, I also downloaded Malwarebytes' Anti-Malware and ran that, to find four more things on the quick scan:

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell (Worm.Palevo) -> Delete on reboot.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (C:\RECYCLER\S-1-5-21-8030351200-8952626911-569725617-2148\yv8g67.exe,explorer.exe,C:\Users\(me)\AppData\Roaming\juzjf.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.


and

Files Infected:
C:\ProgramData\common.data (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\(me)\secupdat.dat (Worm.Autorun) -> Quarantined and deleted successfully.


I then was able to conduct a full detailed scan with MWB after reboot and had no more events. But I don't like those "Bad:" infections of my registry items.

I had a few things happen since that convince me that I have something really embedded in my registry / rootkit infection, and I don't know how to get rid of it.

First, although I have rerun avast a few times to concentrate in particular on rootkits (full scan), it has found nothing, but "juzjf.exe" ended up again in the quarantine (and was deleted).

Malwarebytes finds nothing else, despite a few full scans.

I have a Hijackthis log ready but things seem aboveboard.

However, one svchost.exe is infected, and shuts down (I get a Windows message) after avast5 regularly refuses a connection to some variant of the below if I am online:

ht tp://z0g7yail0.com/ (different random string at the beginning until it starts "2Y2xrPT...==") and then there are two different numbers and a letter.


Here is another, similar one for the domain, though the string is different:

ht tp://a0g7ya1i0.com/nAr1woJl5F5xvRu17c191b48a7d21c4802f652ccce1a2dc207c


And more recently, I am getting more clever workarounds when I am online, because I get a new tab that sometimes attempts to open in my browser.

199.80.55.19 (or -.80)/go.php?data= (long string)


creative-net.net/?xurl=http://a0g7ya1i0.com (etc)


Most disturbing, this morning, this tab opened and I copied the link before closing again:

ht tp://elistsorg.com/?xurl=http://a0g7ya1i0.com/Ja02tX9P5Z6mC5u39be4f99dafe1a2576ce31d5c0eb12bb606A&xref=http://elistsorg.com/default.pk?tsearch=hijackthis+forum+english&search_button.x=0&search_button.y=0


The shutdown looks like this, and causes no further problems in and of itself. It's usually once a boot, though on occasion twice, and its closure does not prevent the repeated attempts at connection described above:

Problem signature:
  Problem Event Name:    APPCRASH
  Application Name:    svchost.exe
  Application Version:    6.0.6000.16386
  Application Timestamp:    4549adc4
  Fault Module Name:    ntdll.dll
  Fault Module Version:    6.0.6000.16386
  Fault Module Timestamp:    4549bdc9
  Exception Code:    c0000005
  Exception Offset:    00040026
  OS Version:    6.0.6000.2.0.0.256.6
  Locale ID:    1033
  Additional Information 1:    ce4d
  Additional Information 2:    486aef3f39b9a3d69cb1bff6c06b105b
  Additional Information 3:    8ad4
  Additional Information 4:    c56e94a6b2aaae8d669b3f6804909a58


I get occasional blinks of my screen, with more time to load open OpenOffice.org documents when I switch back to their window, than I am accustomed to.

I tried downloading and running RootRepeal, but it posted "Could not initialize the driver! Please contact the author!" And then crashed. So I did contact him, but he has not been able to respond.

Problematic this morning, is that I am getting HDD Defragmenter-like prevention of my running executables. Yesterday I ran gmer, but it did not complete (my computer wouldn't wake up after the screen went to sleep and I had to reboot), and today I can't get either gmer.exe or the ddr.scr to run, as their "dependency groups fail to start". Which is a problem I had earlier.

Any and all help will be vastly appreciated.

So, clearly something starts when I startup, and detects when I am online to attempt to link to the websites I wrote in the previous post. And then the service shuts down after a few refusals of avast to let whatever it is connect. I look at the startup list, and the things in red below catch my eye:

StartupList report, 11/7/2010, 10:17:02 AM
StartupList version: 1.52.2
Started from : C:\Program Files\Trend Micro\HiJackThis\HiJackThis.EXE
Detected: Windows Vista (WinNT 6.00.1904)
Detected: Internet Explorer v7.00 (7.00.6000.16982)
* Using default options
* Showing rarely important sections
==================================================

Running processes:

C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Lexmark 4900 Series\lxdrmon.exe
C:\Program Files\Lexmark 4900 Series\ezprint.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Users\Heather\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Users\Heather\AppData\Local\Temp\78F6.tmp\MBR.DAT
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup]
Dropbox.lnk = C:\Users\Heather\AppData\Roaming\Dropbox\bin\Dropbox.exe
OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe

Shell folders Common Startup:
[C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup]
WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\Windows\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Apoint = C:\Program Files\Apoint2K\Apoint.exe
RtHDVCpl = RtHDVCpl.exe
IgfxTray = C:\Windows\system32\igfxtray.exe
HotKeysCmds = C:\Windows\system32\hkcmd.exe
Persistence = C:\Windows\system32\igfxpers.exe
PSQLLauncher = "C:\Program Files\Protector Suite QL\launcher.exe" /startup
IAAnotif = "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
NDSTray.exe = NDSTray.exe
ThpSrv = C:\Windows\system32\thpsrv /logon
TosAutLk = C:\Program Files\TOSHIBA\WirelessKeyLogon\TosAutLk.exe -s
Google Desktop Search = "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
SunJavaUpdateSched = "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
Adobe Reader Speed Launcher = "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
Adobe ARM = "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
lxdrmon.exe = "C:\Program Files\Lexmark 4900 Series\lxdrmon.exe"
EzPrint = "C:\Program Files\Lexmark 4900 Series\ezprint.exe"
Adobe Acrobat Speed Launcher = "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
(Default) =
Acrobat Assistant 8.0 = "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
avast5 = "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
Malwarebytes Anti-Malware (reboot) = "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

TOSCDSPD = C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
swg = "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
=

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\Windows\system32\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = C:\Windows\system32\ie4uinit.exe -UserIconConfig

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI (is this normal?)

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = C:\Windows\system32\ie4uinit.exe -BaseSettings

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

--------------------------------------------------

Load/Run keys from C:\Windows\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL acaptuser32.dll

--------------------------------------------------

Shell & screensaver key from C:\Windows\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=explorer.exe
SCRNSAVE.EXE=C:\Windows\system32\logon.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\Windows\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\Windows\Explorer\Explorer.exe: not present
C:\Windows\System\Explorer.exe: not present
C:\Windows\System32\Explorer.exe: not present
C:\Windows\Command\Explorer.exe: not present
C:\Windows\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: *Registry key not found*
.shb: *Registry key not found*
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\Windows
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename NOT OK: 'REGEDIT.EXE.MUI'
- File description: 'Registry Editor'

Registry check failed!

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHelperStub - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll - {18DF081C-E8AD-4283-A596-FA578C2EBDC3}
(no name) - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}
(no name) - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll - {AE7CD045-E861-484f-8273-0445EE161910}
SkypeIEPluginBHO - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
(no name) - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E}
(no name) - C:\Program Files\Java\jre6\bin\jp2ssv.dll - {DBC80044-A445-435b-BC74-9C25C1C588A9}
SmartSelect - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll - {F4971EE7-DAA0-4053-9964-665D8EE6A077}

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\Windows\system32\NLAapi.dll
NameSpace #4: C:\Windows\system32\napinsp.dll
NameSpace #5: C:\Windows\system32\pnrpnsp.dll
NameSpace #6: C:\Windows\system32\pnrpnsp.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

@%SystemRoot%\system32\aelupsvc.dll,-1: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Agere Modem Call Progress Audio: C:\Windows\system32\agrsmsvc.exe (autostart)
aswMonFlt: \??\C:\Windows\system32\drivers\aswMonFlt.sys (autostart)
@%SystemRoot%\system32\audiosrv.dll,-204: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
@%SystemRoot%\system32\audiosrv.dll,-200: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted (autostart)
avast! Antivirus: "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe" (autostart)
@%SystemRoot%\system32\bfe.dll,-1001: %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork (autostart)
@%SystemRoot%\system32\qmgr.dll,-1000: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
@%systemroot%\system32\browser.dll,-100: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
@%SystemRoot%\System32\certprop.dll,-11: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
ConfigFree Service: C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (autostart)
Symantec Lic NetConnect service: "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (autostart)
@%SystemRoot%\system32\cryptsvc.dll,-1001: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)
@%systemroot%\system32\cscsvc.dll,-200: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
@oleres.dll,-5012: %SystemRoot%\system32\svchost.exe -k DcomLaunch (autostart)
@%SystemRoot%\system32\dhcpcsvc.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted (autostart)
@%SystemRoot%\System32\dnsapi.dll,-101: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)
@%systemroot%\system32\dps.dll,-500: %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork (autostart)
@%SystemRoot%\system32\emdmgmt.dll,-1000: %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
@%SystemRoot%\system32\wevtsvc.dll,-200: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted (autostart)
@comres.dll,-2450: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Intel® PROSet/Wireless Event Log: C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (autostart)
@%systemroot%\system32\fdrespub.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
@%SystemRoot%\system32\PresentationHost.exe,-3309: %systemroot%\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (autostart)
@gpapi.dll,-112: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Intel® Matrix Storage Event Monitor: C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe (autostart)
@%SystemRoot%\system32\ikeext.dll,-501: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
@%SystemRoot%\system32\iphlpsvc.dll,-200: %SystemRoot%\System32\svchost.exe -k NetSvcs (autostart)
@comres.dll,-2946: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
@%systemroot%\system32\srvsvc.dll,-100: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
@%systemroot%\system32\wkssvc.dll,-100: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Link-Layer Topology Discovery Mapper I/O Driver: system32\DRIVERS\lltdio.sys (autostart)
@%SystemRoot%\system32\lmhsvc.dll,-101: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted (autostart)
UAC File Virtualization: \SystemRoot\system32\drivers\luafv.sys (autostart)
lxdrCATSCustConnectService: C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdrserv.exe (autostart)
lxdr_device: C:\Windows\system32\lxdrcoms.exe -service (autostart)
@%systemroot%\system32\mmcss.dll,-100: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
@%SystemRoot%\system32\FirewallAPI.dll,-23090: %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork (autostart)
@%SystemRoot%\system32\netprof.dll,-246: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
@%SystemRoot%\System32\nlasvc.dll,-1: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
@%SystemRoot%\system32\nsisvc.dll,-200: %systemroot%\system32\svchost.exe -k LocalService (autostart)
Parvdm: \SystemRoot\system32\drivers\parvdm.sys (autostart)
@%SystemRoot%\system32\pcasvc.dll,-1: %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
PEAUTH: system32\drivers\peauth.sys (autostart)
pinger: C:\Toshiba\IVP\ISM\pinger.exe (autostart)
@%SystemRoot%\system32\umpnpmgr.dll,-100: %SystemRoot%\system32\svchost.exe -k DcomLaunch (autostart)
@%SystemRoot%\System32\polstore.dll,-5010: %SystemRoot%\system32\svchost.exe -k NetworkServiceNetworkRestricted (autostart)
@%systemroot%\system32\profsvc.dll,-300: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Intel® PROSet/Wireless Registry Service: C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (autostart)
@oleres.dll,-5010: %SystemRoot%\system32\svchost.exe -k rpcss (autostart)
Link-Layer Topology Discovery Responder: system32\DRIVERS\rspndr.sys (autostart)
@%SystemRoot%\system32\samsrv.dll,-1: %SystemRoot%\system32\lsass.exe (autostart)
@%SystemRoot%\System32\SCardSvr.dll,-1: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
@%SystemRoot%\system32\schedsvc.dll,-100: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
@%SystemRoot%\system32\seclogon.dll,-7001: %windir%\system32\svchost.exe -k netsvcs (autostart)
@%SystemRoot%\system32\Sens.dll,-200: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
@%SystemRoot%\System32\shsvcs.dll,-12288: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
@%SystemRoot%\system32\SLsvc.exe,-101: %SystemRoot%\system32\SLsvc.exe (autostart)
@%systemroot%\system32\spoolsv.exe,-1: %SystemRoot%\System32\spoolsv.exe (autostart)
@%SystemRoot%\system32\wiaservc.dll,-9: %SystemRoot%\system32\svchost.exe -k imgsvc (autostart)
Swupdtmr: c:\Toshiba\IVP\swupdate\swupdtmr.exe (autostart)
@%SystemRoot%\system32\sysmain.dll,-1000: %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
@%SystemRoot%\system32\TabSvc.dll,-100: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
TCP/IP Registry Compatibility: System32\drivers\tcpipreg.sys (autostart)
@%SystemRoot%\System32\termsrv.dll,-268: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
@%SystemRoot%\System32\shsvcs.dll,-8192: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
TOSHIBA HDD Protection: C:\Windows\system32\ThpSrv.exe (autostart)
TOSHIBA Optical Disc Drive Service: C:\Windows\system32\TODDSrv.exe (autostart)
TOSHIBA Power Saver: "C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe" (autostart)
TOSHIBA Bluetooth Service: C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (autostart)
@%SystemRoot%\system32\trkwks.dll,-1: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
@%SystemRoot%\system32\dwm.exe,-2000: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
@%SystemRoot%\system32\w32time.dll,-200: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
WD SmartWare Drive Manager: "C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe" (autostart)
WD SmartWare Background Service: "C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe" (autostart)
@%systemroot%\system32\webclnt.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
@%SystemRoot%\System32\wersvc.dll,-100: %SystemRoot%\System32\svchost.exe -k WerSvcGroup (autostart)
@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103: %SystemRoot%\System32\svchost.exe -k secsvcs (autostart)
@%Systemroot%\system32\wbem\wmisvc.dll,-205: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
@%SystemRoot%\System32\wlansvc.dll,-257: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
@%SystemRoot%\system32\wpdbusenum.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
@%SystemRoot%\System32\wscsvc.dll,-200: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted (autostart)
@%systemroot%\system32\SearchIndexer.exe,-103: %systemroot%\system32\SearchIndexer.exe /Embedding (autostart)
@%systemroot%\system32\wuaueng.dll,-105: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
@%SystemRoot%\system32\wudfsvc.dll,-1000: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (autostart)

---

I had still been unable to run the ddr.scr or gmer.exe, but I found a tool that would just look at the MBR.dat file, and this is what it comes up with:

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.1 by Gmer, http://www.gmer.net
Windows 6.0.6000

device: opened successfully
user: error reading MBR
error: Read The handle is invalid.
kernel: error reading MBR

--

When I go into that 78F6.tmp folder containing the MBR.DAT file, then it contains these files, which to me means that the script which is hung, has produced these, and they stay in the temp folder. That's a good sign. There are two other similar nnNn.tmp folders corresponding to earlier attempts to run the dds.scr.

Assoc.cmd
dds.cmd
DDS.txt
ffdefstr.dll
MBR.dat
mbr.txt
MSCIsid.exe
MSGB.pif
notifykeysB.com
osidDDS.pif
OSProp.pif
PEV.dat
Policies.exe
RegX64.cmd
Screentxt.txt (this is the welcome text for the DDS script)
SED.dat
StartUp.txt
svclist.dat
SvcWhtDDS.dll
SvcWhtDDSVista.dll
SvvWhtDDSW7.dll
SWREG.dat
Vista.krl
Vista.mac

What next? I am uploading my latest HJT log, and I did get gmer.exe to work, so am uploading that, too. Presumably whatever is useful from the dds script is in the list of files above, which folder I have moved out of temp if that is of any use. And although I know the information is repetitive, there are the logs of startup processes and services.

Have a good weekend, everyone.

EDIT: Posts merged ~BP

Help!

I'm losing the battle, apparently. I've bluescreened once, OpenOffice shuts down unexpectedly, and I'm getting unwanted tabs opening up that get past avast5 - for example (the spaces were added by me):

ht tp:// esale-town.com/?xurl=ht tp:// a0g7ya1i0.com/TvA2trZp6A5JKrs3b0f512ca8554da67743811e0c2098e4805h&xref=ht tp://esale-town.com/default.pk?tsearch=snp+genotyping&search_button.x=0&search_button.y=0

which starts first as:

ht tp://a0g7ya1i0.com/TvA2trZp6A5JKrs3b0f512ca8554da67743811e0c2098e4805h

Or, earlier today, I had this happen also in rapid succession after a Google search (closed quickly, but trace still in my browsing history:)

ht tp:// 3109monticello.com/default.pk?tsearch=Network+of+European+CNS+Transplantation+And+Restoration+%28NECTAR%29&search_button.x=0&search_button.y=0

ht tp:// wincfg.org/default.pk?tsearch=Network+of+European+CNS+Transplantation+And+Restoration+%28NECTAR%29&search_button.x=0&search_button.y=0

ht tp:// 66.230.188.67/click.php?c=eNo1k8uuqjAART_IRNtCeQzOAO[massive string thereafter]

ht tp:// 68.169.92.52/click.php?re=1&cc=eNo1k8uuqjAART_IRNtCeQzOAOShHE[another massive string]

ht tp:// kc.mv.bidsystem.com/bin/findwhat.dll?clickthrough&y=55685&x=lVF1viU;Fox1U8[more big string]

ht tp:// kc.mv.bidsystem.com/bin/findwhat.dll?clickthrough&y=55685&x=uY92FL0m5mC2pbq[more big string]

and finally

ht tp:// plxlestatservlce.com/Zzt27FCp8p7Xfns045fffade4bee3f670e0004d15974878335k


Now, some hope!
I did a search based on this last domain, which I hadn't yet seen, and I came across a legit post about seeing it in association with my old friend a0g7ya1i0.com, which itself points back to a different thread right here (http://www.bleepingcomputer.com/forums/topic354658.html), saying that following the advice led to the resolution of their problems.

"The TDSSKiller scan found Malicious object Rootkit.Win32.TDSS.tdl3"

So I'm going to have a look with that scanner and get right on that. Will follow up.

Hooray! The Kapersky tool finally gave me a diagnosis.

\HardDisk0 - detected Rootkit.Win32.TDSS.tdl4

I used the "cure" and reboot option. So far so good. I still get screen flickers and the like, but no attempts yet to hijack my internet connection.

I would really appreciate careful guidance in using Combofix as I should to clean up, and also, is it urgent? I have a massive deadline in exactly 24 hours, and if this will tide me over until then, that would be super.

Thanks in advance!

EDIT: 2 more posts merged ~BP

Attached Files


Edited by Budapest, 08 November 2010 - 04:17 PM.


BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,831 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:56 AM

Posted 14 November 2010 - 07:00 AM

Hello ,
And :welcome: to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Quick Scan button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please Download Rootkit Unhooker Save it to your desktop.
  • extract RKUnhooker to your desktop
    Note** it is zipped up in a .rar file - If you do not have a program to unzip this type of file -
    you can get a free one from here - http://www.7-zip.org/
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


"just click on Cancel, then Accept".

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • RKU log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 etche_homo

etche_homo
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 14 November 2010 - 09:18 AM

Hi, Elise, and thank you in advance.

Here is OTL.txt :

OTL logfile created on: 11/14/2010 2:37:30 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Heather\Desktop
Windows Vista Business Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 44.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 61.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 104.41 Gb Total Space | 53.57 Gb Free Space | 51.31% Space Free | Partition Type: NTFS
Drive D: | 38.19 Gb Total Space | 4.85 Gb Free Space | 12.70% Space Free | Partition Type: NTFS
Drive E: | 1.89 Gb Total Space | 0.93 Gb Free Space | 49.32% Space Free | Partition Type: FAT

Computer Name: HEATHER-PC | User Name: Heather | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/14 14:35:40 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Heather\Desktop\OTL.exe
PRC - [2010/11/10 08:45:21 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/10/30 19:47:06 | 012,487,856 | ---- | M] (Mozilla Messaging) -- C:\Program Files\Mozilla Thunderbird\thunderbird.exe
PRC - [2010/10/30 19:43:45 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/10/30 19:43:44 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/10/12 15:16:10 | 000,030,192 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2010/10/11 15:47:58 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2010/09/07 17:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/05/20 23:28:00 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/05/20 23:27:58 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2010/02/26 06:10:20 | 021,979,992 | ---- | M] () -- C:\Users\Heather\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2010/02/18 10:43:20 | 000,490,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2009/10/16 15:00:54 | 000,589,824 | ---- | M] ( ) -- C:\Windows\System32\lxdrcoms.exe
PRC - [2009/10/14 13:32:46 | 009,085,760 | ---- | M] (Western Digital) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
PRC - [2009/10/14 13:32:46 | 002,049,344 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
PRC - [2009/10/14 13:31:02 | 000,098,304 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2009/06/16 08:58:08 | 000,020,480 | ---- | M] (Memeo) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
PRC - [2008/06/11 21:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2008/05/21 14:46:09 | 000,131,752 | ---- | M] (Lexmark International Inc.) -- C:\Program Files\Lexmark 4900 Series\ezprint.exe
PRC - [2008/05/21 14:46:04 | 000,676,520 | ---- | M] () -- C:\Program Files\Lexmark 4900 Series\lxdrmon.exe
PRC - [2008/05/13 02:12:00 | 006,139,904 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/01/10 00:12:59 | 001,006,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/10/24 01:27:16 | 000,066,928 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
PRC - [2007/07/21 05:45:16 | 001,372,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
PRC - [2007/06/20 00:28:32 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
PRC - [2007/06/16 06:01:58 | 000,448,080 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SmoothView\SmoothView.exe
PRC - [2007/05/23 01:32:52 | 000,538,744 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
PRC - [2007/05/18 12:43:00 | 000,430,080 | ---- | M] () -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
PRC - [2007/04/24 12:31:10 | 000,529,976 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\ThpSrv.exe
PRC - [2007/03/29 19:39:20 | 000,427,576 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2007/03/29 19:39:18 | 000,411,192 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
PRC - [2007/03/07 00:55:42 | 000,643,072 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2007/03/07 00:37:04 | 000,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2007/02/26 06:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2007/02/12 22:38:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/02/12 22:37:58 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/01/26 03:47:50 | 000,136,816 | ---- | M] () -- C:\TOSHIBA\IVP\ISM\pinger.exe
PRC - [2006/12/04 00:51:38 | 000,021,504 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\upeksvr.exe
PRC - [2006/12/04 00:34:56 | 000,054,288 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\psqltray.exe
PRC - [2006/11/15 05:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2006/10/05 21:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/05/26 03:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe


========== Modules (SafeList) ==========

MOD - [2010/11/14 14:35:40 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Heather\Desktop\OTL.exe
MOD - [2008/01/10 00:31:27 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.20533_none_4634c4a0218d65c1\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2010/10/19 13:40:37 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/10/12 15:16:10 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)
SRV - [2010/09/07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/10/16 15:00:54 | 000,589,824 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxdrcoms.exe -- (lxdr_device)
SRV - [2009/10/16 14:49:48 | 000,094,208 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdrserv.exe -- (lxdrCATSCustConnectService)
SRV - [2009/10/14 13:31:02 | 000,098,304 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2009/06/16 08:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2008/01/10 00:12:59 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/10/24 01:27:16 | 000,066,928 | ---- | M] () [Auto | Running] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2007/04/24 12:31:10 | 000,529,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\ThpSrv.exe -- (Thpsrv)
SRV - [2007/03/29 19:39:20 | 000,427,576 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007/03/07 00:55:42 | 000,643,072 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2007/03/07 00:37:04 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2007/02/26 06:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2007/02/12 22:38:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007/01/26 03:47:50 | 000,136,816 | ---- | M] () [Auto | Running] -- C:\TOSHIBA\IVP\ISM\pinger.exe -- (pinger)
SRV - [2006/11/15 05:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2006/10/05 21:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/05/26 03:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2005/11/14 10:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010/09/07 16:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 16:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 16:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 16:47:30 | 000,050,768 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010/09/07 16:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/03/26 07:17:20 | 000,220,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2009/06/01 05:58:52 | 000,009,728 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2009/02/13 11:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/05/14 10:43:00 | 002,137,112 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/09/26 12:12:22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2007/09/04 00:30:24 | 000,013,336 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\Thpevm.SYS -- (Thpevm)
DRV - [2007/04/27 19:22:00 | 000,021,504 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\thpdrv.sys -- (Thpdrv)
DRV - [2007/04/24 05:13:52 | 001,674,240 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2007/03/26 18:19:00 | 000,062,208 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\oz776.sys -- (guardian2)
DRV - [2007/02/12 22:36:54 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2006/12/04 00:21:10 | 000,039,056 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tcusb.sys -- (TcUsb)
DRV - [2006/11/29 00:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/09 06:32:00 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)
DRV - [2006/11/09 06:31:00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)
DRV - [2006/11/02 10:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 10:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 10:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 10:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 10:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 10:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 10:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 10:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 10:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 10:50:17 | 000,041,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2006/11/02 10:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 10:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 10:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 10:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 10:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 10:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 10:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 10:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 10:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 10:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 10:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 10:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 09:55:04 | 000,071,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2006/11/02 09:51:27 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbccid.sys -- (USBCCID)
DRV - [2006/11/02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 08:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2006/10/18 20:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/10/06 07:13:12 | 000,016,768 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ.SYS -- (TVALZ)
DRV - [2006/09/27 12:06:00 | 000,479,488 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr3npxp.sys -- (KR3NPXP)
DRV - [2006/08/30 18:35:58 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2272322138-3919781592-3860045920-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2272322138-3919781592-3860045920-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\S-1-5-21-2272322138-3919781592-3860045920-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2272322138-3919781592-3860045920-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {3e559c3c-4aad-4168-bd47-e1056298df8e}:2.0.1
FF - prefs.js..extensions.enabledItems: fr-classique-reforme1990@dictionaries.addons.mozilla.org:3.9.2

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/11 22:03:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/11 22:03:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/11/11 22:03:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2010/10/11 15:48:08 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\Mozilla\Extensions
[2010/10/11 15:39:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Heather\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/11/13 14:54:25 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\xabjiqfb.default\extensions
[2010/11/11 21:29:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\xabjiqfb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/12 12:40:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\xabjiqfb.default\extensions\{3e559c3c-4aad-4168-bd47-e1056298df8e}
[2010/11/03 09:11:59 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\xabjiqfb.default\extensions\firefox@facebook(23).com
[2010/10/18 21:22:35 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\xabjiqfb.default\extensions\fr-classique-reforme1990@dictionaries.addons.mozilla.org
[2010/11/05 08:54:45 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/12 10:37:14 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/10/12 09:20:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/10/12 09:20:21 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2272322138-3919781592-3860045920-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-2272322138-3919781592-3860045920-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 4900 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [lxdrmon.exe] C:\Program Files\Lexmark 4900 Series\lxdrmon.exe ()
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ThpSrv] C:\Windows\System32\thpsrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosAutLk] C:\Program Files\TOSHIBA\WirelessKeyLogon\TosAutLk.exe ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [TOSDCR] C:\Program Files\Toshiba\PasswordUtility\TOSDCR.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2272322138-3919781592-3860045920-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-2272322138-3919781592-3860045920-1000..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe ()
O4 - Startup: C:\Users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Heather\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
O4 - Startup: C:\Users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2272322138-3919781592-3860045920-1000\..Trusted Domains: lcl.fr ([particuliers.secure] https in Trusted sites)
O15 - HKU\S-1-5-21-2272322138-3919781592-3860045920-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-2272322138-3919781592-3860045920-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {4EFE4BE8-8771-4649-B3EF-D97374C8D2C2} https://particuliers.secure.lcl.fr/v_1.0/img/akl/FormProtect.cab (KeybHunterWebInterface Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\System32\acaptuser32.dll (Adobe Systems, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\System32\vrlogon.dll (UPEK Inc.)
O20 - HKU\S-1-5-21-2272322138-3919781592-3860045920-1000 Winlogon: Shell - (硅汰牯牥攮數18) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\psfus: DllName - C:\Windows\system32\psqlpwd.dll - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\Toshiba-3.JPG
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Toshiba-3.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{9eba41cc-d592-11df-a33a-001c7e03afaa}\Shell - "" = AutoRun
O33 - MountPoints2\{9eba41cc-d592-11df-a33a-001c7e03afaa}\Shell\AutoRun\command - "" = H:\WD SmartWare.exe -- File not found
O33 - MountPoints2\{a82ad395-d692-11df-a2fe-00215c314cfd}\Shell - "" = AutoRun
O33 - MountPoints2\{a82ad395-d692-11df-a2fe-00215c314cfd}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (aswBoot.exe /M:24a6967168) - C:\Windows\System32\aswBoot.exe (AVAST Software)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/14 14:35:37 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Heather\Desktop\OTL.exe
[2010/11/14 14:34:42 | 000,719,574 | ---- | C] (UG North ) -- C:\Users\Heather\Desktop\RkU3.8.388.590.exe
[2010/11/11 22:07:59 | 000,000,000 | ---D | C] -- C:\Users\Heather\AppData\Local\Apple Computer
[2010/11/11 22:07:27 | 000,000,000 | ---D | C] -- C:\Users\Heather\AppData\Roaming\Apple Computer
[2010/11/11 22:02:32 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/11/11 22:02:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010/11/11 21:59:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/11/11 21:59:08 | 000,000,000 | ---D | C] -- C:\Users\Heather\AppData\Local\Apple
[2010/11/11 21:59:04 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/11/11 21:59:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010/11/11 21:50:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Risxtd
[2010/11/11 21:49:07 | 000,000,000 | ---D | C] -- C:\Program Files\EndNote 9
[2010/11/11 21:48:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/11/10 08:46:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2010/11/10 08:46:04 | 000,696,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll
[2010/11/10 08:45:39 | 000,110,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2010/11/10 08:45:39 | 000,045,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciidex.sys
[2010/11/10 08:45:21 | 002,923,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010/11/10 08:44:06 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcfg.exe
[2010/11/10 08:43:49 | 001,808,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0046.dll
[2010/11/10 08:43:49 | 001,793,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0045.dll
[2010/11/10 08:43:49 | 001,558,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0049.dll
[2010/11/10 08:43:49 | 001,411,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0047.dll
[2010/11/10 08:43:48 | 002,136,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0021.dll
[2010/11/10 08:43:48 | 001,782,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0039.dll
[2010/11/10 08:43:48 | 001,236,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0020.dll
[2010/11/10 08:43:47 | 005,499,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0022.dll
[2010/11/10 08:43:46 | 007,964,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0024.dll
[2010/11/10 08:43:46 | 005,791,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0026.dll
[2010/11/10 08:43:45 | 006,224,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0027.dll
[2010/11/10 08:43:44 | 004,981,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0013.dll
[2010/11/10 08:43:44 | 004,175,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0010.dll
[2010/11/10 08:43:44 | 003,331,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0018.dll
[2010/11/10 08:43:44 | 002,466,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0011.dll
[2010/11/10 08:43:43 | 011,722,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0001.dll
[2010/11/10 08:43:43 | 006,781,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0019.dll
[2010/11/10 08:43:42 | 004,164,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0002.dll
[2010/11/10 08:43:42 | 001,452,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0003.dll
[2010/11/10 08:43:41 | 012,240,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll
[2010/11/10 08:43:41 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004a.dll
[2010/11/10 08:43:41 | 002,644,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll
[2010/11/10 08:43:40 | 004,093,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004c.dll
[2010/11/10 08:43:40 | 001,972,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004e.dll
[2010/11/10 08:43:40 | 001,702,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004b.dll
[2010/11/10 08:43:39 | 006,014,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons001a.dll
[2010/11/10 08:43:39 | 004,045,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons003e.dll
[2010/11/10 08:43:39 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons002a.dll
[2010/11/10 08:43:38 | 006,585,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons001b.dll
[2010/11/10 08:43:38 | 006,346,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons001d.dll
[2010/11/10 08:43:37 | 009,892,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000a.dll
[2010/11/10 08:43:36 | 006,237,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000c.dll
[2010/11/10 08:43:36 | 005,654,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000f.dll
[2010/11/10 08:43:36 | 001,722,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000d.dll
[2010/11/10 08:43:35 | 005,090,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0416.dll
[2010/11/10 08:43:35 | 004,616,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0414.dll
[2010/11/10 08:43:34 | 007,042,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons081a.dll
[2010/11/10 08:43:34 | 005,071,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsModels0011.dll
[2010/11/10 08:43:34 | 005,031,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0816.dll
[2010/11/10 08:43:33 | 003,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0047.dll
[2010/11/10 08:43:33 | 003,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0046.dll
[2010/11/10 08:43:33 | 003,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0045.dll
[2010/11/10 08:43:32 | 003,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0049.dll
[2010/11/10 08:43:31 | 003,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0039.dll
[2010/11/10 08:43:31 | 003,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0020.dll
[2010/11/10 08:43:31 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0022.dll
[2010/11/10 08:43:31 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0021.dll
[2010/11/10 08:43:30 | 001,965,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0027.dll
[2010/11/10 08:43:30 | 001,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0026.dll
[2010/11/10 08:43:30 | 001,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0024.dll
[2010/11/10 08:43:29 | 004,493,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0010.dll
[2010/11/10 08:43:29 | 002,655,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0011.dll
[2010/11/10 08:43:28 | 004,495,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0019.dll
[2010/11/10 08:43:28 | 003,464,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0013.dll
[2010/11/10 08:43:28 | 001,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0018.dll
[2010/11/10 08:43:28 | 001,523,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0000.dll
[2010/11/10 08:43:27 | 002,597,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0001.dll
[2010/11/10 08:43:27 | 001,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0003.dll
[2010/11/10 08:43:27 | 001,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0002.dll
[2010/11/10 08:43:26 | 004,874,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0009.dll
[2010/11/10 08:43:26 | 003,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData004a.dll
[2010/11/10 08:43:26 | 002,241,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0007.dll
[2010/11/10 08:43:25 | 003,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData004e.dll
[2010/11/10 08:43:25 | 003,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData004c.dll
[2010/11/10 08:43:25 | 003,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData004b.dll
[2010/11/10 08:43:24 | 001,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData001b.dll
[2010/11/10 08:43:24 | 001,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData001a.dll
[2010/11/10 08:43:24 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData003e.dll
[2010/11/10 08:43:24 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData002a.dll
[2010/11/10 08:43:23 | 004,493,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData001d.dll
[2010/11/10 08:43:22 | 009,845,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData000a.dll
[2010/11/10 08:43:22 | 002,641,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData000c.dll
[2010/11/10 08:43:21 | 004,493,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0414.dll
[2010/11/10 08:43:21 | 002,340,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData000d.dll
[2010/11/10 08:43:21 | 001,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData000f.dll
[2010/11/10 08:43:20 | 004,493,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0816.dll
[2010/11/10 08:43:20 | 004,493,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0416.dll
[2010/11/10 08:43:20 | 000,797,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2010/11/10 08:43:19 | 006,917,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0c1a.dll
[2010/11/10 08:43:19 | 001,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0c1a.dll
[2010/11/10 08:43:19 | 001,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData081a.dll
[2010/11/10 08:40:17 | 000,313,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe
[2010/11/10 08:40:16 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2010/11/10 08:40:16 | 000,371,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2010/11/10 08:40:16 | 000,019,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kd1394.dll
[2010/11/10 08:40:16 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srdelayed.exe
[2010/11/10 08:40:15 | 000,944,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2010/11/10 08:40:15 | 000,905,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2010/11/10 08:40:15 | 000,620,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
[2010/11/10 08:40:15 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvinst.exe
[2010/11/10 08:40:15 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
[2010/11/10 08:40:14 | 000,260,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpx.dll
[2010/11/10 08:40:14 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\loadperf.dll
[2010/11/10 08:40:14 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lodctr.exe
[2010/11/10 08:40:14 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unlodctr.exe
[2010/11/10 08:40:14 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prflbmsg.dll
[2010/11/10 08:40:14 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kbd106n.dll
[2010/11/10 08:40:12 | 000,035,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2010/11/10 08:40:12 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dispci.dll
[2010/11/10 08:40:12 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\batt.dll
[2010/11/10 08:40:12 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\f3ahvoas.dll
[2010/11/10 08:39:15 | 000,654,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2010/11/10 08:39:15 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2010/11/10 08:39:13 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2010/11/10 08:39:13 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2010/11/10 08:39:13 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2010/11/10 08:39:13 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2010/11/10 08:38:50 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
[2010/11/10 08:38:50 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2010/11/10 08:38:33 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010/11/10 08:38:14 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2010/11/10 08:38:14 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe
[2010/11/10 08:37:39 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMASF.DLL
[2010/11/10 08:37:39 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\LAPRXY.DLL
[2010/11/10 08:37:39 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asferror.dll
[2010/11/10 08:37:26 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2010/11/10 08:37:02 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll
[2010/11/10 08:37:02 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll
[2010/11/10 08:36:43 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2010/11/10 08:36:42 | 000,712,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2010/11/10 08:36:41 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2010/11/10 08:35:59 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll
[2010/11/10 08:35:59 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printcom.dll
[2010/11/10 08:35:44 | 000,435,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010/11/10 08:35:44 | 000,312,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2010/11/10 08:35:44 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010/11/10 08:35:44 | 000,154,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010/11/10 08:35:43 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010/11/10 08:35:43 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010/11/10 08:35:43 | 000,473,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010/11/10 08:35:43 | 000,472,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010/11/10 08:35:43 | 000,431,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010/11/10 08:35:23 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\INETRES.dll
[2010/11/08 17:08:08 | 000,000,000 | ---D | C] -- C:\Users\Heather\AppData\Local\WindowsUpdate
[2010/11/07 23:54:59 | 000,000,000 | ---D | C] -- C:\rsit
[2010/11/07 12:13:27 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/11/06 15:17:18 | 000,000,000 | ---D | C] -- C:\Users\Heather\Desktop\getservice
[2010/11/05 22:59:10 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/11/05 12:14:24 | 002,031,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/11/05 12:12:44 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2010/11/05 12:12:43 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshrm.dll
[2010/11/05 12:11:23 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
[2010/11/05 12:11:22 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
[2010/11/05 12:10:21 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbunattend.exe
[2010/11/05 12:09:34 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2010/11/05 12:05:29 | 000,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2010/11/05 12:05:28 | 000,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2010/11/05 12:05:28 | 000,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2010/11/05 12:05:28 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2010/11/05 12:05:22 | 000,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2010/11/05 12:05:20 | 000,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2010/11/05 12:05:20 | 000,326,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2010/11/05 12:05:20 | 000,043,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2010/11/05 11:55:02 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2010/11/05 11:55:00 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2010/11/05 11:54:59 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2010/11/04 10:25:39 | 000,000,000 | ---D | C] -- C:\Users\Heather\AppData\Roaming\Malwarebytes
[2010/11/04 10:25:30 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/11/04 10:25:29 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/11/04 10:25:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/11/04 10:25:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/03 22:30:30 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/11/03 22:29:07 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/11/03 22:13:56 | 000,017,744 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/11/03 22:13:55 | 000,165,584 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/11/03 22:13:55 | 000,046,672 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/11/03 22:13:55 | 000,023,376 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/11/03 22:13:54 | 000,050,768 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/11/03 22:13:38 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2010/11/03 22:13:37 | 000,167,592 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2010/11/03 19:35:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/11/03 19:35:52 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/11/03 10:29:18 | 000,000,000 | ---D | C] -- C:\Users\Heather\AppData\Local\Sophos
[2010/11/01 10:19:06 | 000,000,000 | ---D | C] -- C:\Users\Heather\Desktop\HTC Driver
[2010/10/28 09:10:49 | 000,000,000 | RHSD | C] -- C:\RECYCLER
[2010/10/22 19:07:39 | 000,000,000 | ---D | C] -- D:\Heather\Documents\InterVideo
[2010/10/22 17:58:00 | 000,000,000 | ---D | C] -- C:\Users\Heather\AppData\Roaming\InterVideo
[2010/10/22 16:14:01 | 000,000,000 | ---D | C] -- C:\Users\Heather\AppData\Roaming\gtk-2.0
[2010/10/22 16:13:46 | 000,000,000 | ---D | C] -- C:\Users\Heather\.thumbnails
[2010/10/22 15:55:52 | 000,000,000 | ---D | C] -- D:\Heather\Documents\gegl-0.0
[2010/10/22 15:55:52 | 000,000,000 | ---D | C] -- C:\Users\Heather\.gimp-2.6
[2010/10/22 12:39:16 | 000,000,000 | ---D | C] -- C:\Users\Heather\Desktop\gels
[2010/10/21 13:00:07 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\LAN-Fax Utilities
[2010/10/21 12:57:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Ricoh
[2010/10/21 12:32:55 | 000,299,008 | ---- | C] (Ricoh Co.Ltd.) -- C:\Windows\System32\RscEnd2.ocx
[2010/10/21 12:32:54 | 000,118,784 | ---- | C] (RICOH SYSYTEM KAIHATU Co., Ltd.) -- C:\Windows\System32\JPDW32.dll
[2010/10/21 12:32:54 | 000,086,016 | ---- | C] (リコーソフトウエア株式会社) -- C:\Windows\System32\RicImg.dll
[2010/10/21 12:32:54 | 000,067,584 | ---- | C] (RICOH SYSTEM KAIHATSU Co.,Ltd.) -- C:\Windows\System32\BilW32.dll
[2010/10/21 12:32:54 | 000,064,512 | ---- | C] (リコーシステム開発株式会社) -- C:\Windows\System32\BitW32.dll
[2010/10/21 12:32:54 | 000,052,224 | ---- | C] (RICOH SYSTEM KAIHATSU CO.,LTD.) -- C:\Windows\System32\JPCW32.DLL
[2010/10/21 12:31:26 | 000,000,000 | ---D | C] -- C:\temp
[2010/10/21 10:55:33 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010/10/21 10:55:33 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/10/21 10:55:33 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010/10/21 10:55:33 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010/10/21 10:55:33 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2010/10/21 10:53:20 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/10/21 10:53:20 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2010/10/21 10:53:20 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2010/10/21 10:53:20 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2010/10/21 10:53:19 | 002,452,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2010/10/21 10:53:19 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010/10/21 10:53:17 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/10/21 10:53:15 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2010/10/21 10:53:15 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2010/10/21 10:53:14 | 000,459,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/10/21 10:53:13 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/10/21 10:53:09 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/10/21 10:53:08 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010/10/21 10:53:08 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2010/10/21 10:53:06 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/10/21 10:53:04 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/10/21 10:53:02 | 001,830,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/10/21 10:53:00 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/10/21 10:52:57 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/10/21 10:52:57 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2010/10/21 10:52:56 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/10/21 10:52:56 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/10/21 10:50:25 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FwRemoteSvr.dll
[2010/10/21 10:50:24 | 000,272,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\polstore.dll
[2010/10/21 10:50:24 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winipsec.dll
[2010/10/21 10:48:45 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2010/10/21 10:48:44 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2010/10/21 10:48:44 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2010/10/21 10:47:46 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2010/10/21 10:47:46 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE
[2010/10/21 10:47:46 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE
[2010/10/21 10:47:46 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE
[2010/10/21 10:47:46 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2010/10/21 10:47:46 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE
[2010/10/21 10:47:46 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\finger.exe
[2010/10/21 10:47:46 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE
[2010/10/21 10:47:43 | 000,213,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2010/10/21 10:45:41 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll
[2010/10/21 10:45:39 | 000,289,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2010/10/21 10:45:39 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanhlp.dll
[2010/10/21 10:45:39 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll
[2010/10/21 10:45:38 | 000,299,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll
[2010/10/21 10:44:40 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2010/10/21 10:44:39 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml6r.dll
[2010/10/21 10:43:37 | 001,233,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2010/10/21 10:42:17 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/10/21 10:41:52 | 002,855,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2010/10/21 10:41:51 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2010/10/21 10:41:51 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rrinstaller.exe
[2010/10/21 10:41:51 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe
[2010/10/21 10:41:51 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mferror.dll
[2010/10/21 10:41:49 | 002,433,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2010/10/21 10:40:47 | 003,502,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/10/21 10:40:46 | 003,468,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/10/21 10:39:15 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010/10/21 10:35:32 | 000,500,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2010/10/21 10:35:32 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll
[2010/10/21 10:34:19 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2010/10/21 10:34:18 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2010/10/21 10:33:21 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2010/10/21 10:19:05 | 000,713,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2010/10/21 10:12:22 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/10/21 09:38:45 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010/10/21 09:38:41 | 004,247,552 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010/10/21 09:38:41 | 001,686,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2010/10/21 09:33:23 | 000,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2010/10/21 09:33:23 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2010/10/21 09:32:20 | 001,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
[2010/10/21 09:31:26 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2010/10/21 09:31:26 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2010/10/21 09:15:46 | 001,069,056 | ---- | C] ( ) -- C:\Windows\System32\lxdrserv.dll
[2010/10/21 09:15:45 | 000,651,264 | ---- | C] ( ) -- C:\Windows\System32\lxdrpmui.dll
[2010/10/21 09:15:45 | 000,589,824 | ---- | C] ( ) -- C:\Windows\System32\lxdrcoms.exe
[2010/10/21 09:15:45 | 000,577,536 | ---- | C] ( ) -- C:\Windows\System32\lxdrlmpm.dll
[2010/10/21 09:15:43 | 000,376,832 | ---- | C] ( ) -- C:\Windows\System32\lxdrcomm.dll
[2010/10/21 09:15:42 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxdrinpa.dll
[2010/10/21 09:15:42 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdriesc.dll
[2010/10/21 09:15:41 | 000,761,856 | ---- | C] ( ) -- C:\Windows\System32\lxdrcomc.dll
[2010/10/21 09:15:39 | 000,860,160 | ---- | C] ( ) -- C:\Windows\System32\lxdrusb1.dll
[2010/10/21 09:15:39 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxdrhbn3.dll
[2010/10/21 09:15:35 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxdrcfg.exe
[2010/10/21 09:15:31 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\lxdrih.exe
[2010/10/21 09:14:26 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll
[2010/10/21 09:14:26 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll
[2010/10/21 09:14:09 | 000,321,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2010/10/21 09:13:50 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\poqexec.exe
[2010/10/21 09:12:45 | 001,327,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010/10/21 09:12:44 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2010/10/21 09:12:44 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010/10/21 09:12:44 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010/10/21 09:12:44 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll
[2010/10/21 09:12:04 | 000,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2010/10/21 09:11:47 | 008,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010/10/21 09:11:45 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2010/10/21 09:11:44 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2010/10/21 09:11:43 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2010/10/21 09:11:37 | 000,311,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2010/10/21 09:07:07 | 000,000,000 | ---D | C] -- D:\Heather\Documents\Fragments
[2010/10/21 08:13:32 | 000,000,000 | ---D | C] -- C:\Users\Heather\AppData\Local\FileMaker
[2010/10/20 14:03:01 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP-2.0
[2010/10/19 14:25:47 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2010/10/19 13:40:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2010/10/19 13:39:43 | 000,022,872 | R--- | C] (Adobe Systems Inc.) -- C:\Windows\System32\AdobePDFUI.dll
[2010/10/19 13:39:42 | 000,045,392 | R--- | C] (Adobe Systems Inc) -- C:\Windows\System32\AdobePDF.dll
[2010/10/16 21:40:50 | 002,421,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2010/10/16 21:40:49 | 000,044,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2010/10/16 21:40:15 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2010/10/16 21:40:14 | 000,575,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2010/10/16 21:40:14 | 000,035,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2010/10/16 21:39:56 | 000,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2010/10/16 21:39:56 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2010/10/12 15:38:37 | 000,438,272 | ---- | C] ( ) -- C:\Windows\System32\LXDRhcp.dll
[2009/10/15 20:32:46 | 000,409,600 | ---- | C] ( ) -- C:\Windows\System32\lxdrcoin.dll

========== Files - Modified Within 30 Days ==========

[2010/11/14 14:35:40 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Heather\Desktop\OTL.exe
[2010/11/14 14:27:13 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/14 14:27:13 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/14 14:14:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/14 13:27:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/14 08:44:57 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/14 08:35:21 | 2137,841,664 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/14 00:08:07 | 000,010,123 | ---- | M] () -- C:\Users\Heather\Desktop\Downstairs bathroom.odg
[2010/11/12 17:24:08 | 000,005,414 | ---- | M] () -- D:\Heather\Documents\cc_20101112_172359.reg
[2010/11/12 17:21:50 | 000,012,586 | ---- | M] () -- C:\Users\Heather\.recently-used.xbel
[2010/11/11 22:37:25 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\http.sys.mui
[2010/11/11 21:51:38 | 000,618,648 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/11/11 21:51:38 | 000,104,024 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/11/10 08:46:04 | 000,696,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll
[2010/11/10 08:45:39 | 000,110,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2010/11/10 08:45:39 | 000,045,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciidex.sys
[2010/11/10 08:45:21 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010/11/10 08:44:06 | 000,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netcfg.exe
[2010/11/10 08:43:49 | 001,808,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0046.dll
[2010/11/10 08:43:49 | 001,793,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0045.dll
[2010/11/10 08:43:49 | 001,558,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0049.dll
[2010/11/10 08:43:49 | 001,411,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0047.dll
[2010/11/10 08:43:48 | 002,136,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0021.dll
[2010/11/10 08:43:48 | 001,782,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0039.dll
[2010/11/10 08:43:48 | 001,236,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0020.dll
[2010/11/10 08:43:47 | 005,499,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0022.dll
[2010/11/10 08:43:46 | 007,964,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0024.dll
[2010/11/10 08:43:46 | 005,791,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0026.dll
[2010/11/10 08:43:45 | 006,224,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0027.dll
[2010/11/10 08:43:45 | 004,175,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0010.dll
[2010/11/10 08:43:44 | 004,981,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0013.dll
[2010/11/10 08:43:44 | 003,331,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0018.dll
[2010/11/10 08:43:44 | 002,466,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0011.dll
[2010/11/10 08:43:43 | 011,722,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0001.dll
[2010/11/10 08:43:43 | 006,781,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0019.dll
[2010/11/10 08:43:42 | 004,164,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0002.dll
[2010/11/10 08:43:42 | 001,452,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0003.dll
[2010/11/10 08:43:41 | 012,240,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll
[2010/11/10 08:43:41 | 003,419,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004a.dll
[2010/11/10 08:43:41 | 002,644,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll
[2010/11/10 08:43:40 | 004,093,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004c.dll
[2010/11/10 08:43:40 | 004,045,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons003e.dll
[2010/11/10 08:43:40 | 001,972,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004e.dll
[2010/11/10 08:43:40 | 001,702,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004b.dll
[2010/11/10 08:43:39 | 006,014,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons001a.dll
[2010/11/10 08:43:39 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons002a.dll
[2010/11/10 08:43:38 | 006,585,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons001b.dll
[2010/11/10 08:43:38 | 006,346,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons001d.dll
[2010/11/10 08:43:37 | 009,892,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000a.dll
[2010/11/10 08:43:36 | 006,237,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000c.dll
[2010/11/10 08:43:36 | 005,654,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000f.dll
[2010/11/10 08:43:36 | 001,722,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000d.dll
[2010/11/10 08:43:35 | 005,090,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0416.dll
[2010/11/10 08:43:35 | 005,031,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0816.dll
[2010/11/10 08:43:35 | 004,616,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0414.dll
[2010/11/10 08:43:34 | 007,042,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons081a.dll
[2010/11/10 08:43:34 | 005,071,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsModels0011.dll
[2010/11/10 08:43:33 | 003,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0047.dll
[2010/11/10 08:43:33 | 003,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0046.dll
[2010/11/10 08:43:33 | 003,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0045.dll
[2010/11/10 08:43:32 | 003,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0049.dll
[2010/11/10 08:43:32 | 003,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0039.dll
[2010/11/10 08:43:31 | 003,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0020.dll
[2010/11/10 08:43:31 | 001,799,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0022.dll
[2010/11/10 08:43:31 | 001,799,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0021.dll
[2010/11/10 08:43:30 | 001,965,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0027.dll
[2010/11/10 08:43:30 | 001,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0026.dll
[2010/11/10 08:43:30 | 001,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0024.dll
[2010/11/10 08:43:29 | 004,493,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0010.dll
[2010/11/10 08:43:29 | 003,464,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0013.dll
[2010/11/10 08:43:29 | 002,655,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0011.dll
[2010/11/10 08:43:28 | 004,495,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0019.dll
[2010/11/10 08:43:28 | 001,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0018.dll
[2010/11/10 08:43:28 | 001,523,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0000.dll
[2010/11/10 08:43:27 | 002,597,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0001.dll
[2010/11/10 08:43:27 | 001,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0003.dll
[2010/11/10 08:43:27 | 001,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0002.dll
[2010/11/10 08:43:26 | 004,874,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0009.dll
[2010/11/10 08:43:26 | 003,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData004a.dll
[2010/11/10 08:43:26 | 002,241,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0007.dll
[2010/11/10 08:43:25 | 003,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData004e.dll
[2010/11/10 08:43:25 | 003,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData004c.dll
[2010/11/10 08:43:25 | 003,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData004b.dll
[2010/11/10 08:43:24 | 001,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData001b.dll
[2010/11/10 08:43:24 | 001,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData001a.dll
[2010/11/10 08:43:24 | 001,799,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData003e.dll
[2010/11/10 08:43:24 | 001,799,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData002a.dll
[2010/11/10 08:43:23 | 004,493,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData001d.dll
[2010/11/10 08:43:22 | 009,845,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData000a.dll
[2010/11/10 08:43:22 | 002,641,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData000c.dll
[2010/11/10 08:43:21 | 004,493,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0414.dll
[2010/11/10 08:43:21 | 002,340,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData000d.dll
[2010/11/10 08:43:21 | 001,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData000f.dll
[2010/11/10 08:43:20 | 004,493,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0816.dll
[2010/11/10 08:43:20 | 004,493,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0416.dll
[2010/11/10 08:43:20 | 001,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData081a.dll
[2010/11/10 08:43:20 | 000,797,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2010/11/10 08:43:19 | 006,917,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0c1a.dll
[2010/11/10 08:43:19 | 001,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0c1a.dll
[2010/11/10 08:40:18 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\i8042prt.sys.mui
[2010/11/10 08:40:18 | 000,005,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\sermouse.sys.mui
[2010/11/10 08:40:18 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\mouclass.sys.mui
[2010/11/10 08:40:18 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\kbdclass.sys.mui
[2010/11/10 08:40:18 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\mouhid.sys.mui
[2010/11/10 08:40:18 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\kbdhid.sys.mui
[2010/11/10 08:40:17 | 000,371,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2010/11/10 08:40:17 | 000,313,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe
[2010/11/10 08:40:16 | 000,613,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2010/11/10 08:40:16 | 000,019,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kd1394.dll
[2010/11/10 08:40:16 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srdelayed.exe
[2010/11/10 08:40:15 | 000,944,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2010/11/10 08:40:15 | 000,905,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2010/11/10 08:40:15 | 000,620,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
[2010/11/10 08:40:15 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drvinst.exe
[2010/11/10 08:40:15 | 000,019,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
[2010/11/10 08:40:14 | 000,260,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dpx.dll
[2010/11/10 08:40:14 | 000,115,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\loadperf.dll
[2010/11/10 08:40:14 | 000,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lodctr.exe
[2010/11/10 08:40:14 | 000,032,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\unlodctr.exe
[2010/11/10 08:40:14 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\prflbmsg.dll
[2010/11/10 08:40:14 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kbd106n.dll
[2010/11/10 08:40:12 | 000,035,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2010/11/10 08:40:12 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dispci.dll
[2010/11/10 08:40:12 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\batt.dll
[2010/11/10 08:40:12 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\f3ahvoas.dll
[2010/11/10 08:39:15 | 000,654,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2010/11/10 08:39:15 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2010/11/10 08:39:13 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2010/11/10 08:39:13 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2010/11/10 08:39:13 | 000,053,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2010/11/10 08:39:13 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2010/11/10 08:38:50 | 000,220,672 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
[2010/11/10 08:38:50 | 000,062,464 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2010/11/10 08:38:33 | 000,512,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010/11/10 08:38:14 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2010/11/10 08:38:14 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe
[2010/11/10 08:37:39 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMASF.DLL
[2010/11/10 08:37:39 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\LAPRXY.DLL
[2010/11/10 08:37:39 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\asferror.dll
[2010/11/10 08:37:26 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2010/11/10 08:37:02 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll
[2010/11/10 08:37:02 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll
[2010/11/10 08:36:43 | 000,712,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2010/11/10 08:36:43 | 000,425,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2010/11/10 08:36:42 | 000,347,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2010/11/10 08:35:59 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll
[2010/11/10 08:35:59 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printcom.dll
[2010/11/10 08:35:44 | 000,435,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010/11/10 08:35:44 | 000,312,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2010/11/10 08:35:44 | 000,154,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010/11/10 08:35:44 | 000,154,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010/11/10 08:35:43 | 000,523,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010/11/10 08:35:43 | 000,515,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010/11/10 08:35:43 | 000,473,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010/11/10 08:35:43 | 000,472,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010/11/10 08:35:43 | 000,431,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010/11/10 08:35:23 | 000,084,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\INETRES.dll
[2010/11/08 18:56:32 | 000,095,513 | ---- | M] () -- C:\Users\Heather\Desktop\SNP calling.jpg
[2010/11/05 23:23:39 | 000,000,000 | ---- | M] () -- C:\Users\Heather\defogger_reenable
[2010/11/05 13:45:19 | 000,393,264 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/11/05 12:14:24 | 002,031,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/11/05 12:12:44 | 000,113,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2010/11/05 12:12:43 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wshrm.dll
[2010/11/05 12:11:23 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
[2010/11/05 12:11:22 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
[2010/11/05 12:10:21 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sbunattend.exe
[2010/11/05 12:09:34 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2010/11/05 12:05:29 | 000,622,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2010/11/05 12:05:28 | 000,097,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2010/11/05 12:05:28 | 000,037,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2010/11/05 12:05:28 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2010/11/05 12:05:22 | 000,105,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2010/11/05 12:05:20 | 000,781,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2010/11/05 12:05:20 | 000,326,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2010/11/05 12:05:20 | 000,043,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2010/11/05 12:02:14 | 038,404,096 | ---- | M] () -- C:\Windows\ocsetup_install_NetFx3.etl
[2010/11/05 12:02:14 | 000,196,608 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf
[2010/11/05 12:02:14 | 000,065,536 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx
[2010/11/05 11:55:43 | 000,014,848 | ---- | M] () -- C:\Users\Heather\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/05 11:55:02 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2010/11/05 11:55:00 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2010/11/05 11:54:59 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2010/11/03 22:13:56 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/11/03 22:13:54 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/11/02 12:29:52 | 000,270,327 | ---- | M] () -- C:\Users\Heather\Desktop\Rental Agreement 2010 11 27 to 12 02 Heather_revised.pdf
[2010/10/30 15:15:08 | 000,012,146 | ---- | M] () -- C:\Users\Heather\Desktop\Smail.odt
[2010/10/30 14:18:55 | 000,004,757 | ---- | M] () -- C:\Users\Heather\Desktop\E_TKT.pdf
[2010/10/30 14:16:47 | 000,131,143 | ---- | M] () -- C:\Users\Heather\Desktop\E_s.pdf
[2010/10/30 14:16:39 | 000,045,056 | ---- | M] () -- C:\Users\Heather\Desktop\Lectures 1st Course XI cycle April 16.xls
[2010/10/28 12:26:10 | 002,939,904 | ---- | M] () -- C:\Users\Heather\Desktop\Présentation ALK (Candice BABARIT).ppt
[2010/10/26 11:06:35 | 000,630,351 | ---- | M] () -- C:\Users\Heather\Desktop\Accord CPP 2010 - copie.JPG
[2010/10/21 16:19:57 | 000,000,954 | ---- | M] () -- C:\Users\Heather\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/10/21 13:03:57 | 000,000,158 | ---- | M] () -- C:\Windows\ricdb.ini
[2010/10/21 10:55:33 | 000,289,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010/10/21 10:55:33 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/10/21 10:55:33 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010/10/21 10:55:33 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010/10/21 10:55:33 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2010/10/21 10:53:20 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/10/21 10:53:20 | 000,230,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2010/10/21 10:53:20 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2010/10/21 10:53:20 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2010/10/21 10:53:19 | 002,452,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2010/10/21 10:53:19 | 000,380,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010/10/21 10:53:17 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/10/21 10:53:15 | 000,347,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2010/10/21 10:53:15 | 000,214,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2010/10/21 10:53:14 | 000,459,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/10/21 10:53:13 | 000,180,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/10/21 10:53:09 | 000,389,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/10/21 10:53:08 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010/10/21 10:53:08 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2010/10/21 10:53:06 | 001,383,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/10/21 10:53:04 | 000,671,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/10/21 10:53:02 | 001,830,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/10/21 10:53:00 | 000,026,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/10/21 10:52:57 | 000,070,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/10/21 10:52:57 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2010/10/21 10:52:56 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/10/21 10:52:56 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/10/21 10:50:25 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FwRemoteSvr.dll
[2010/10/21 10:50:24 | 000,272,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\polstore.dll
[2010/10/21 10:50:24 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winipsec.dll
[2010/10/21 10:48:45 | 000,241,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2010/10/21 10:48:44 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2010/10/21 10:48:44 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2010/10/21 10:47:46 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2010/10/21 10:47:46 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE
[2010/10/21 10:47:46 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE
[2010/10/21 10:47:46 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE
[2010/10/21 10:47:46 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2010/10/21 10:47:46 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE
[2010/10/21 10:47:46 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\finger.exe
[2010/10/21 10:47:46 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE
[2010/10/21 10:47:43 | 000,213,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2010/10/21 10:45:41 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll
[2010/10/21 10:45:39 | 001,654,487 | ---- | M] () -- C:\Windows\System32\wlan.tmf
[2010/10/21 10:45:39 | 000,289,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2010/10/21 10:45:39 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanhlp.dll
[2010/10/21 10:45:39 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll
[2010/10/21 10:45:38 | 000,299,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll
[2010/10/21 10:44:40 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2010/10/21 10:44:39 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msxml6r.dll
[2010/10/21 10:43:37 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2010/10/21 10:41:52 | 002,855,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2010/10/21 10:41:51 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2010/10/21 10:41:51 | 000,052,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rrinstaller.exe
[2010/10/21 10:41:51 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe
[2010/10/21 10:41:51 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mferror.dll
[2010/10/21 10:41:49 | 002,433,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2010/10/21 10:40:47 | 003,502,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/10/21 10:40:46 | 003,468,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/10/21 10:39:15 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010/10/21 10:35:32 | 000,500,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2010/10/21 10:35:32 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll
[2010/10/21 10:34:19 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2010/10/21 10:34:18 | 000,036,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2010/10/21 10:33:21 | 000,303,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2010/10/21 10:19:05 | 000,713,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2010/10/21 10:12:22 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/10/21 09:38:45 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010/10/21 09:38:42 | 004,247,552 | ---- | M] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010/10/21 09:38:41 | 001,686,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2010/10/21 09:33:23 | 000,996,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2010/10/21 09:33:23 | 000,094,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2010/10/21 09:32:20 | 001,645,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
[2010/10/21 09:31:26 | 000,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2010/10/21 09:31:26 | 000,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2010/10/21 09:14:26 | 000,274,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll
[2010/10/21 09:14:26 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll
[2010/10/21 09:14:09 | 000,321,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2010/10/21 09:13:50 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\poqexec.exe
[2010/10/21 09:12:44 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2010/10/21 09:12:44 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010/10/21 09:12:44 | 000,082,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010/10/21 09:12:44 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll
[2010/10/21 09:12:04 | 000,604,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2010/10/21 09:11:47 | 008,147,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010/10/21 09:11:45 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2010/10/21 09:11:43 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2010/10/21 09:11:37 | 000,311,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2010/10/20 14:03:39 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[2010/10/19 10:41:44 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/10/18 20:57:29 | 000,012,446 | ---- | M] () -- D:\Heather\Documents\A2_Coordinator.pdf
[2010/10/16 21:40:50 | 002,421,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2010/10/16 21:40:49 | 000,044,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2010/10/16 21:40:15 | 000,087,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2010/10/16 21:40:14 | 000,575,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2010/10/16 21:40:14 | 000,035,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2010/10/16 21:39:56 | 000,171,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2010/10/16 21:39:56 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2010/10/16 12:42:31 | 000,001,898 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk

========== Files Created - No Company Name ==========

[2010/11/13 22:09:01 | 000,010,123 | ---- | C] () -- C:\Users\Heather\Desktop\Downstairs bathroom.odg
[2010/11/12 17:24:01 | 000,005,414 | ---- | C] () -- D:\Heather\Documents\cc_20101112_172359.reg
[2010/11/12 17:21:50 | 000,012,586 | ---- | C] () -- C:\Users\Heather\.recently-used.xbel
[2010/11/08 18:56:31 | 000,095,513 | ---- | C] () -- C:\Users\Heather\Desktop\SNP calling.jpg
[2010/11/08 17:09:39 | 000,000,886 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/08 17:09:36 | 000,000,882 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/05 23:23:39 | 000,000,000 | ---- | C] () -- C:\Users\Heather\defogger_reenable
[2010/11/05 11:58:17 | 038,404,096 | ---- | C] () -- C:\Windows\ocsetup_install_NetFx3.etl
[2010/11/05 11:58:17 | 000,196,608 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf
[2010/11/05 11:58:17 | 000,065,536 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx
[2010/11/05 11:33:23 | 2137,841,664 | -HS- | C] () -- C:\hiberfil.sys
[2010/11/03 22:13:56 | 000,001,851 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/11/02 12:20:48 | 000,270,327 | ---- | C] () -- C:\Users\Heather\Desktop\Rental Agreement 2010 11 27 to 12 02 Heather_revised.pdf
[2010/10/30 15:02:43 | 000,012,146 | ---- | C] () -- C:\Users\Heather\Desktop\Smail.odt
[2010/10/30 14:18:55 | 000,004,757 | ---- | C] () -- C:\Users\Heather\Desktop\E_TKT.pdf
[2010/10/30 14:16:46 | 000,131,143 | ---- | C] () -- C:\Users\Heather\Desktop\E_s.pdf
[2010/10/30 14:16:39 | 000,045,056 | ---- | C] () -- C:\Users\Heather\Desktop\Lectures 1st Course XI cycle April 16.xls
[2010/10/28 12:26:05 | 002,939,904 | ---- | C] () -- C:\Users\Heather\Desktop\Présentation ALK (Candice BABARIT).ppt
[2010/10/26 11:06:34 | 000,630,351 | ---- | C] () -- C:\Users\Heather\Desktop\Accord CPP 2010 - copie.JPG
[2010/10/21 13:03:56 | 000,000,158 | ---- | C] () -- C:\Windows\ricdb.ini
[2010/10/21 10:45:39 | 001,654,487 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2010/10/21 09:15:36 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdrgrd.dll
[2010/10/20 14:03:39 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[2010/10/19 15:46:21 | 000,003,110 | ---- | C] () -- C:\ProgramData\lxdrJSW.log
[2010/10/18 20:57:29 | 000,012,446 | ---- | C] () -- D:\Heather\Documents\A2_Coordinator.pdf
[2010/10/13 08:24:58 | 000,014,848 | ---- | C] () -- C:\Users\Heather\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/12 15:40:53 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxdrvs.dll
[2010/10/12 15:39:58 | 000,000,252 | ---- | C] () -- C:\ProgramData\FastPics.log
[2010/10/12 15:39:37 | 001,036,288 | ---- | C] () -- C:\Windows\System32\lxdrdrs.dll
[2010/10/12 15:39:37 | 000,081,920 | ---- | C] () -- C:\Windows\System32\lxdrcaps.dll
[2010/10/12 15:39:37 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxdrcnv4.dll
[2010/10/12 15:38:37 | 000,389,120 | ---- | C] () -- C:\Windows\System32\LXDRinst.dll
[2010/10/12 15:21:38 | 000,000,000 | ---- | C] () -- C:\ProgramData\UpdaterLog.txt
[2010/10/12 10:38:27 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/10/11 17:33:07 | 000,000,680 | ---- | C] () -- C:\Users\Heather\AppData\Local\d3d9caps.dat
[2008/07/24 12:25:22 | 000,000,732 | ---- | C] () -- C:\Windows\System32\setup.ini
[2008/01/19 08:35:37 | 000,000,006 | RHS- | C] () -- C:\Windows\System32\drivers\taishop.sys
[2008/01/10 03:19:36 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/01/10 02:18:34 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2008/01/10 02:18:34 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2008/01/10 02:18:34 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2008/01/10 02:18:34 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2007/04/24 05:36:20 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1263.dll
[2007/04/24 05:12:02 | 000,910,304 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/04/24 04:24:40 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007/03/07 00:54:04 | 000,995,328 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll
[2006/12/05 22:05:04 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/07/23 06:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 522831 bytes -> C:\Users\Heather\AppData\Roaming\desktop.ini:init

< End of report >

Extras and RkU report in next post (this one is too long). Thanks!

#4 etche_homo

etche_homo
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 14 November 2010 - 09:20 AM

The OTL Extras.txt :

OTL logfile created on: 11/14/2010 2:37:30 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Heather\Desktop
Windows Vista Business Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 44.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 61.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 104.41 Gb Total Space | 53.57 Gb Free Space | 51.31% Space Free | Partition Type: NTFS
Drive D: | 38.19 Gb Total Space | 4.85 Gb Free Space | 12.70% Space Free | Partition Type: NTFS
Drive E: | 1.89 Gb Total Space | 0.93 Gb Free Space | 49.32% Space Free | Partition Type: FAT

Computer Name: HEATHER-PC | User Name: Heather | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/14 14:35:40 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Heather\Desktop\OTL.exe
PRC - [2010/11/10 08:45:21 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/10/30 19:47:06 | 012,487,856 | ---- | M] (Mozilla Messaging) -- C:\Program Files\Mozilla Thunderbird\thunderbird.exe
PRC - [2010/10/30 19:43:45 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/10/30 19:43:44 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/10/12 15:16:10 | 000,030,192 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2010/10/11 15:47:58 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2010/09/07 17:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/05/20 23:28:00 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/05/20 23:27:58 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2010/02/26 06:10:20 | 021,979,992 | ---- | M] () -- C:\Users\Heather\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2010/02/18 10:43:20 | 000,490,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2009/10/16 15:00:54 | 000,589,824 | ---- | M] ( ) -- C:\Windows\System32\lxdrcoms.exe
PRC - [2009/10/14 13:32:46 | 009,085,760 | ---- | M] (Western Digital) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
PRC - [2009/10/14 13:32:46 | 002,049,344 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
PRC - [2009/10/14 13:31:02 | 000,098,304 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2009/06/16 08:58:08 | 000,020,480 | ---- | M] (Memeo) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
PRC - [2008/06/11 21:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2008/05/21 14:46:09 | 000,131,752 | ---- | M] (Lexmark International Inc.) -- C:\Program Files\Lexmark 4900 Series\ezprint.exe
PRC - [2008/05/21 14:46:04 | 000,676,520 | ---- | M] () -- C:\Program Files\Lexmark 4900 Series\lxdrmon.exe
PRC - [2008/05/13 02:12:00 | 006,139,904 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/01/10 00:12:59 | 001,006,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/10/24 01:27:16 | 000,066,928 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
PRC - [2007/07/21 05:45:16 | 001,372,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
PRC - [2007/06/20 00:28:32 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
PRC - [2007/06/16 06:01:58 | 000,448,080 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SmoothView\SmoothView.exe
PRC - [2007/05/23 01:32:52 | 000,538,744 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
PRC - [2007/05/18 12:43:00 | 000,430,080 | ---- | M] () -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
PRC - [2007/04/24 12:31:10 | 000,529,976 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\ThpSrv.exe
PRC - [2007/03/29 19:39:20 | 000,427,576 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2007/03/29 19:39:18 | 000,411,192 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
PRC - [2007/03/07 00:55:42 | 000,643,072 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2007/03/07 00:37:04 | 000,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2007/02/26 06:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2007/02/12 22:38:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/02/12 22:37:58 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/01/26 03:47:50 | 000,136,816 | ---- | M] () -- C:\TOSHIBA\IVP\ISM\pinger.exe
PRC - [2006/12/04 00:51:38 | 000,021,504 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\upeksvr.exe
PRC - [2006/12/04 00:34:56 | 000,054,288 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\psqltray.exe
PRC - [2006/11/15 05:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2006/10/05 21:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/05/26 03:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe


========== Modules (SafeList) ==========

MOD - [2010/11/14 14:35:40 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Heather\Desktop\OTL.exe
MOD - [2008/01/10 00:31:27 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.20533_none_4634c4a0218d65c1\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2010/10/19 13:40:37 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/10/12 15:16:10 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)
SRV - [2010/09/07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/10/16 15:00:54 | 000,589,824 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxdrcoms.exe -- (lxdr_device)
SRV - [2009/10/16 14:49:48 | 000,094,208 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdrserv.exe -- (lxdrCATSCustConnectService)
SRV - [2009/10/14 13:31:02 | 000,098,304 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2009/06/16 08:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2008/01/10 00:12:59 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/10/24 01:27:16 | 000,066,928 | ---- | M] () [Auto | Running] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2007/04/24 12:31:10 | 000,529,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\ThpSrv.exe -- (Thpsrv)
SRV - [2007/03/29 19:39:20 | 000,427,576 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007/03/07 00:55:42 | 000,643,072 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2007/03/07 00:37:04 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2007/02/26 06:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2007/02/12 22:38:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007/01/26 03:47:50 | 000,136,816 | ---- | M] () [Auto | Running] -- C:\TOSHIBA\IVP\ISM\pinger.exe -- (pinger)
SRV - [2006/11/15 05:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2006/10/05 21:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/05/26 03:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2005/11/14 10:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010/09/07 16:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 16:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 16:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 16:47:30 | 000,050,768 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010/09/07 16:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/03/26 07:17:20 | 000,220,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2009/06/01 05:58:52 | 000,009,728 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2009/02/13 11:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/05/14 10:43:00 | 002,137,112 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/09/26 12:12:22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2007/09/04 00:30:24 | 000,013,336 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\Thpevm.SYS -- (Thpevm)
DRV - [2007/04/27 19:22:00 | 000,021,504 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\thpdrv.sys -- (Thpdrv)
DRV - [2007/04/24 05:13:52 | 001,674,240 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2007/03/26 18:19:00 | 000,062,208 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\oz776.sys -- (guardian2)
DRV - [2007/02/12 22:36:54 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2006/12/04 00:21:10 | 000,039,056 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tcusb.sys -- (TcUsb)
DRV - [2006/11/29 00:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/09 06:32:00 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)
DRV - [2006/11/09 06:31:00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)
DRV - [2006/11/02 10:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 10:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 10:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 10:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 10:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 10:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 10:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 10:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 10:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 10:50:17 | 000,041,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2006/11/02 10:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 10:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 10:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 10:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 10:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 10:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 10:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 10:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 10:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 10:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 10:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 10:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 09:55:04 | 000,071,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2006/11/02 09:51:27 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbccid.sys -- (USBCCID)
DRV - [2006/11/02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 08:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2006/10/18 20:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/10/06 07:13:12 | 000,016,768 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ.SYS -- (TVALZ)
DRV - [2006/09/27 12:06:00 | 000,479,488 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr3npxp.sys -- (KR3NPXP)
DRV - [2006/08/30 18:35:58 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2272322138-3919781592-3860045920-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2272322138-3919781592-3860045920-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\S-1-5-21-2272322138-3919781592-3860045920-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2272322138-3919781592-3860045920-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {3e559c3c-4aad-4168-bd47-e1056298df8e}:2.0.1
FF - prefs.js..extensions.enabledItems: fr-classique-reforme1990@dictionaries.addons.mozilla.org:3.9.2

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/11 22:03:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/11 22:03:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/11/11 22:03:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2010/10/11 15:48:08 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\Mozilla\Extensions
[2010/10/11 15:39:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Heather\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/11/13 14:54:25 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\xabjiqfb.default\extensions
[2010/11/11 21:29:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\xabjiqfb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/12 12:40:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\xabjiqfb.default\extensions\{3e559c3c-4aad-4168-bd47-e1056298df8e}
[2010/11/03 09:11:59 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\xabjiqfb.default\extensions\firefox@facebook(23).com
[2010/10/18 21:22:35 | 000,000,000 | ---D | M] -- C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\xabjiqfb.default\extensions\fr-classique-reforme1990@dictionaries.addons.mozilla.org
[2010/11/05 08:54:45 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/12 10:37:14 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/10/12 09:20:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/10/12 09:20:21 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2272322138-3919781592-3860045920-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-2272322138-3919781592-3860045920-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 4900 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [lxdrmon.exe] C:\Program Files\Lexmark 4900 Series\lxdrmon.exe ()
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ThpSrv] C:\Windows\System32\thpsrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosAutLk] C:\Program Files\TOSHIBA\WirelessKeyLogon\TosAutLk.exe ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [TOSDCR] C:\Program Files\Toshiba\PasswordUtility\TOSDCR.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2272322138-3919781592-3860045920-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-2272322138-3919781592-3860045920-1000..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe ()
O4 - Startup: C:\Users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Heather\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
O4 - Startup: C:\Users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2272322138-3919781592-3860045920-1000\..Trusted Domains: lcl.fr ([particuliers.secure] https in Trusted sites)
O15 - HKU\S-1-5-21-2272322138-3919781592-3860045920-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-2272322138-3919781592-3860045920-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {4EFE4BE8-8771-4649-B3EF-D97374C8D2C2} https://particuliers.secure.lcl.fr/v_1.0/img/akl/FormProtect.cab (KeybHunterWebInterface Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\System32\acaptuser32.dll (Adobe Systems, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\System32\vrlogon.dll (UPEK Inc.)
O20 - HKU\S-1-5-21-2272322138-3919781592-3860045920-1000 Winlogon: Shell - (硅汰牯牥攮數18) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\psfus: DllName - C:\Windows\system32\psqlpwd.dll - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\Toshiba-3.JPG
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Toshiba-3.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{9eba41cc-d592-11df-a33a-001c7e03afaa}\Shell - "" = AutoRun
O33 - MountPoints2\{9eba41cc-d592-11df-a33a-001c7e03afaa}\Shell\AutoRun\command - "" = H:\WD SmartWare.exe -- File not found
O33 - MountPoints2\{a82ad395-d692-11df-a2fe-00215c314cfd}\Shell - "" = AutoRun
O33 - MountPoints2\{a82ad395-d692-11df-a2fe-00215c314cfd}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (aswBoot.exe /M:24a6967168) - C:\Windows\System32\aswBoot.exe (AVAST Software)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/14 14:35:37 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Heather\Desktop\OTL.exe
[2010/11/14 14:34:42 | 000,719,574 | ---- | C] (UG North ) -- C:\Users\Heather\Desktop\RkU3.8.388.590.exe
[2010/11/11 22:07:59 | 000,000,000 | ---D | C] -- C:\Users\Heather\AppData\Local\Apple Computer
[2010/11/11 22:07:27 | 000,000,000 | ---D | C] -- C:\Users\Heather\AppData\Roaming\Apple Computer
[2010/11/11 22:02:32 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/11/11 22:02:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010/11/11 21:59:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/11/11 21:59:08 | 000,000,000 | ---D | C] -- C:\Users\Heather\AppData\Local\Apple
[2010/11/11 21:59:04 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/11/11 21:59:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010/11/11 21:50:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Risxtd
[2010/11/11 21:49:07 | 000,000,000 | ---D | C] -- C:\Program Files\EndNote 9
[2010/11/11 21:48:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/11/10 08:46:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2010/11/10 08:46:04 | 000,696,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll
[2010/11/10 08:45:39 | 000,110,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2010/11/10 08:45:39 | 000,045,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciidex.sys
[2010/11/10 08:45:21 | 002,923,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010/11/10 08:44:06 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcfg.exe
[2010/11/10 08:43:49 | 001,808,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0046.dll
[2010/11/10 08:43:49 | 001,793,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0045.dll
[2010/11/10 08:43:49 | 001,558,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0049.dll
[2010/11/10 08:43:49 | 001,411,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0047.dll
[2010/11/10 08:43:48 | 002,136,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0021.dll
[2010/11/10 08:43:48 | 001,782,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0039.dll
[2010/11/10 08:43:48 | 001,236,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0020.dll
[2010/11/10 08:43:47 | 005,499,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0022.dll
[2010/11/10 08:43:46 | 007,964,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0024.dll
[2010/11/10 08:43:46 | 005,791,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0026.dll
[2010/11/10 08:43:45 | 006,224,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0027.dll
[2010/11/10 08:43:44 | 004,981,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0013.dll
[2010/11/10 08:43:44 | 004,175,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0010.dll
[2010/11/10 08:43:44 | 003,331,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0018.dll
[2010/11/10 08:43:44 | 002,466,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0011.dll
[2010/11/10 08:43:43 | 011,722,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0001.dll
[2010/11/10 08:43:43 | 006,781,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0019.dll
[2010/11/10 08:43:42 | 004,164,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0002.dll
[2010/11/10 08:43:42 | 001,452,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0003.dll
[2010/11/10 08:43:41 | 012,240,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll
[2010/11/10 08:43:41 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004a.dll
[2010/11/10 08:43:41 | 002,644,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll
[2010/11/10 08:43:40 | 004,093,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004c.dll
[2010/11/10 08:43:40 | 001,972,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004e.dll
[2010/11/10 08:43:40 | 001,702,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004b.dll
[2010/11/10 08:43:39 | 006,014,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons001a.dll
[2010/11/10 08:43:39 | 004,045,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons003e.dll
[2010/11/10 08:43:39 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons002a.dll
[2010/11/10 08:43:38 | 006,585,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons001b.dll
[2010/11/10 08:43:38 | 006,346,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons001d.dll
[2010/11/10 08:43:37 | 009,892,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000a.dll
[2010/11/10 08:43:36 | 006,237,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000c.dll
[2010/11/10 08:43:36 | 005,654,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000f.dll
[2010/11/10 08:43:36 | 001,722,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000d.dll
[2010/11/10 08:43:35 | 005,090,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0416.dll
[2010/11/10 08:43:35 | 004,616,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0414.dll
[2010/11/10 08:43:34 | 007,042,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons081a.dll
[2010/11/10 08:43:34 | 005,071,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsModels0011.dll
[2010/11/10 08:43:34 | 005,031,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0816.dll
[2010/11/10 08:43:33 | 003,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0047.dll
[2010/11/10 08:43:33 | 003,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0046.dll
[2010/11/10 08:43:33 | 003,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0045.dll
[2010/11/10 08:43:32 | 003,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0049.dll
[2010/11/10 08:43:31 | 003,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0039.dll
[2010/11/10 08:43:31 | 003,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0020.dll
[2010/11/10 08:43:31 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0022.dll
[2010/11/10 08:43:31 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0021.dll
[2010/11/10 08:43:30 | 001,965,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0027.dll
[2010/11/10 08:43:30 | 001,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0026.dll
[2010/11/10 08:43:30 | 001,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0024.dll
[2010/11/10 08:43:29 | 004,493,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0010.dll
[2010/11/10 08:43:29 | 002,655,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0011.dll
[2010/11/10 08:43:28 | 004,495,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0019.dll
[2010/11/10 08:43:28 | 003,464,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0013.dll
[2010/11/10 08:43:28 | 001,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0018.dll
[2010/11/10 08:43:28 | 001,523,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0000.dll
[2010/11/10 08:43:27 | 002,597,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0001.dll
[2010/11/10 08:43:27 | 001,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0003.dll
[2010/11/10 08:43:27 | 001,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0002.dll
[2010/11/10 08:43:26 | 004,874,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0009.dll
[2010/11/10 08:43:26 | 003,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData004a.dll
[2010/11/10 08:43:26 | 002,241,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0007.dll
[2010/11/10 08:43:25 | 003,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData004e.dll
[2010/11/10 08:43:25 | 003,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData004c.dll
[2010/11/10 08:43:25 | 003,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData004b.dll
[2010/11/10 08:43:24 | 001,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData001b.dll
[2010/11/10 08:43:24 | 001,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData001a.dll
[2010/11/10 08:43:24 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData003e.dll
[2010/11/10 08:43:24 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData002a.dll
[2010/11/10 08:43:23 | 004,493,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData001d.dll
[2010/11/10 08:43:22 | 009,845,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData000a.dll
[2010/11/10 08:43:22 | 002,641,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData000c.dll
[2010/11/10 08:43:21 | 004,493,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0414.dll
[2010/11/10 08:43:21 | 002,340,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData000d.dll
[2010/11/10 08:43:21 | 001,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData000f.dll
[2010/11/10 08:43:20 | 004,493,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0816.dll
[2010/11/10 08:43:20 | 004,493,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0416.dll
[2010/11/10 08:43:20 | 000,797,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2010/11/10 08:43:19 | 006,917,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0c1a.dll
[2010/11/10 08:43:19 | 001,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0c1a.dll
[2010/11/10 08:43:19 | 001,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData081a.dll
[2010/11/10 08:40:17 | 000,313,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe
[2010/11/10 08:40:16 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2010/11/10 08:40:16 | 000,371,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2010/11/10 08:40:16 | 000,019,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kd1394.dll
[2010/11/10 08:40:16 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srdelayed.exe
[2010/11/10 08:40:15 | 000,944,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2010/11/10 08:40:15 | 000,905,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2010/11/10 08:40:15 | 000,620,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
[2010/11/10 08:40:15 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvinst.exe
[2010/11/10 08:40:15 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
[2010/11/10 08:40:14 | 000,260,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpx.dll
[2010/11/10 08:40:14 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\loadperf.dll
[2010/11/10 08:40:14 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lodctr.exe
[2010/11/10 08:40:14 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unlodctr.exe
[2010/11/10 08:40:14 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prflbmsg.dll
[2010/11/10 08:40:14 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kbd106n.dll
[2010/11/10 08:40:12 | 000,035,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2010/11/10 08:40:12 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dispci.dll
[2010/11/10 08:40:12 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\batt.dll
[2010/11/10 08:40:12 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\f3ahvoas.dll
[2010/11/10 08:39:15 | 000,654,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2010/11/10 08:39:15 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2010/11/10 08:39:13 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2010/11/10 08:39:13 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2010/11/10 08:39:13 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2010/11/10 08:39:13 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2010/11/10 08:38:50 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
[2010/11/10 08:38:50 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2010/11/10 08:38:33 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010/11/10 08:38:14 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2010/11/10 08:38:14 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe
[2010/11/10 08:37:39 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMASF.DLL
[2010/11/10 08:37:39 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\LAPRXY.DLL
[2010/11/10 08:37:39 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asferror.dll
[2010/11/10 08:37:26 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2010/11/10 08:37:02 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll
[2010/11/10 08:37:02 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll
[2010/11/10 08:36:43 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2010/11/10 08:36:42 | 000,712,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2010/11/10 08:36:41 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2010/11/10 08:35:59 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll
[2010/11/10 08:35:59 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printcom.dll
[2010/11/10 08:35:44 | 000,435,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010/11/10 08:35:44 | 000,312,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2010/11/10 08:35:44 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010/11/10 08:35:44 | 000,154,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010/11/10 08:35:43 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010/11/10 08:35:43 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010/11/10 08:35:43 | 000,473,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010/11/10 08:35:43 | 000,472,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010/11/10 08:35:43 | 000,431,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010/11/10 08:35:23 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\INETRES.dll
[2010/11/08 17:08:08 | 000,000,000 | ---D | C] -- C:\Users\Heather\AppData\Local\WindowsUpdate
[2010/11/07 23:54:59 | 000,000,000 | ---D | C] -- C:\rsit
[2010/11/07 12:13:27 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/11/06 15:17:18 | 000,000,000 | ---D | C] -- C:\Users\Heather\Desktop\getservice
[2010/11/05 22:59:10 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/11/05 12:14:24 | 002,031,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/11/05 12:12:44 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2010/11/05 12:12:43 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshrm.dll
[2010/11/05 12:11:23 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
[2010/11/05 12:11:22 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
[2010/11/05 12:10:21 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbunattend.exe
[2010/11/05 12:09:34 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2010/11/05 12:05:29 | 000,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2010/11/05 12:05:28 | 000,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2010/11/05 12:05:28 | 000,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2010/11/05 12:05:28 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2010/11/05 12:05:22 | 000,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2010/11/05 12:05:20 | 000,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2010/11/05 12:05:20 | 000,326,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2010/11/05 12:05:20 | 000,043,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2010/11/05 11:55:02 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2010/11/05 11:55:00 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2010/11/05 11:54:59 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2010/11/04 10:25:39 | 000,000,000 | ---D | C] -- C:\Users\Heather\AppData\Roaming\Malwarebytes
[2010/11/04 10:25:30 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/11/04 10:25:29 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/11/04 10:25:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/11/04 10:25:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/03 22:30:30 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/11/03 22:29:07 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/11/03 22:13:56 | 000,017,744 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/11/03 22:13:55 | 000,165,584 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/11/03 22:13:55 | 000,046,672 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/11/03 22:13:55 | 000,023,376 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/11/03 22:13:54 | 000,050,768 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/11/03 22:13:38 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2010/11/03 22:13:37 | 000,167,592 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2010/11/03 19:35:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/11/03 19:35:52 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/11/03 10:29:18 | 000,000,000 | ---D | C] -- C:\Users\Heather\AppData\Local\Sophos
[2010/11/01 10:19:06 | 000,000,000 | ---D | C] -- C:\Users\Heather\Desktop\HTC Driver
[2010/10/28 09:10:49 | 000,000,000 | RHSD | C] -- C:\RECYCLER
[2010/10/22 19:07:39 | 000,000,000 | ---D | C] -- D:\Heather\Documents\InterVideo
[2010/10/22 17:58:00 | 000,000,000 | ---D | C] -- C:\Users\Heather\AppData\Roaming\InterVideo
[2010/10/22 16:14:01 | 000,000,000 | ---D | C] -- C:\Users\Heather\AppData\Roaming\gtk-2.0
[2010/10/22 16:13:46 | 000,000,000 | ---D | C] -- C:\Users\Heather\.thumbnails
[2010/10/22 15:55:52 | 000,000,000 | ---D | C] -- D:\Heather\Documents\gegl-0.0
[2010/10/22 15:55:52 | 000,000,000 | ---D | C] -- C:\Users\Heather\.gimp-2.6
[2010/10/22 12:39:16 | 000,000,000 | ---D | C] -- C:\Users\Heather\Desktop\gels
[2010/10/21 13:00:07 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\LAN-Fax Utilities
[2010/10/21 12:57:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Ricoh
[2010/10/21 12:32:55 | 000,299,008 | ---- | C] (Ricoh Co.Ltd.) -- C:\Windows\System32\RscEnd2.ocx
[2010/10/21 12:32:54 | 000,118,784 | ---- | C] (RICOH SYSYTEM KAIHATU Co., Ltd.) -- C:\Windows\System32\JPDW32.dll
[2010/10/21 12:32:54 | 000,086,016 | ---- | C] (リコーソフトウエア株式会社) -- C:\Windows\System32\RicImg.dll
[2010/10/21 12:32:54 | 000,067,584 | ---- | C] (RICOH SYSTEM KAIHATSU Co.,Ltd.) -- C:\Windows\System32\BilW32.dll
[2010/10/21 12:32:54 | 000,064,512 | ---- | C] (リコーシステム開発株式会社) -- C:\Windows\System32\BitW32.dll
[2010/10/21 12:32:54 | 000,052,224 | ---- | C] (RICOH SYSTEM KAIHATSU CO.,LTD.) -- C:\Windows\System32\JPCW32.DLL
[2010/10/21 12:31:26 | 000,000,000 | ---D | C] -- C:\temp
[2010/10/21 10:55:33 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010/10/21 10:55:33 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/10/21 10:55:33 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010/10/21 10:55:33 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010/10/21 10:55:33 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2010/10/21 10:53:20 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/10/21 10:53:20 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2010/10/21 10:53:20 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2010/10/21 10:53:20 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2010/10/21 10:53:19 | 002,452,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2010/10/21 10:53:19 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010/10/21 10:53:17 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/10/21 10:53:15 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2010/10/21 10:53:15 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2010/10/21 10:53:14 | 000,459,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/10/21 10:53:13 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/10/21 10:53:09 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/10/21 10:53:08 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010/10/21 10:53:08 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2010/10/21 10:53:06 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/10/21 10:53:04 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/10/21 10:53:02 | 001,830,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/10/21 10:53:00 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/10/21 10:52:57 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/10/21 10:52:57 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2010/10/21 10:52:56 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/10/21 10:52:56 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/10/21 10:50:25 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FwRemoteSvr.dll
[2010/10/21 10:50:24 | 000,272,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\polstore.dll
[2010/10/21 10:50:24 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winipsec.dll
[2010/10/21 10:48:45 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2010/10/21 10:48:44 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2010/10/21 10:48:44 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2010/10/21 10:47:46 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2010/10/21 10:47:46 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE
[2010/10/21 10:47:46 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE
[2010/10/21 10:47:46 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE
[2010/10/21 10:47:46 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2010/10/21 10:47:46 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE
[2010/10/21 10:47:46 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\finger.exe
[2010/10/21 10:47:46 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE
[2010/10/21 10:47:43 | 000,213,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2010/10/21 10:45:41 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll
[2010/10/21 10:45:39 | 000,289,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2010/10/21 10:45:39 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanhlp.dll
[2010/10/21 10:45:39 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll
[2010/10/21 10:45:38 | 000,299,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll
[2010/10/21 10:44:40 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2010/10/21 10:44:39 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml6r.dll
[2010/10/21 10:43:37 | 001,233,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2010/10/21 10:42:17 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/10/21 10:41:52 | 002,855,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2010/10/21 10:41:51 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2010/10/21 10:41:51 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rrinstaller.exe
[2010/10/21 10:41:51 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe
[2010/10/21 10:41:51 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mferror.dll
[2010/10/21 10:41:49 | 002,433,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2010/10/21 10:40:47 | 003,502,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/10/21 10:40:46 | 003,468,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/10/21 10:39:15 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010/10/21 10:35:32 | 000,500,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2010/10/21 10:35:32 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll
[2010/10/21 10:34:19 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2010/10/21 10:34:18 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2010/10/21 10:33:21 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2010/10/21 10:19:05 | 000,713,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2010/10/21 10:12:22 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/10/21 09:38:45 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010/10/21 09:38:41 | 004,247,552 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010/10/21 09:38:41 | 001,686,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2010/10/21 09:33:23 | 000,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2010/10/21 09:33:23 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2010/10/21 09:32:20 | 001,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
[2010/10/21 09:31:26 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2010/10/21 09:31:26 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2010/10/21 09:15:46 | 001,069,056 | ---- | C] ( ) -- C:\Windows\System32\lxdrserv.dll
[2010/10/21 09:15:45 | 000,651,264 | ---- | C] ( ) -- C:\Windows\System32\lxdrpmui.dll
[2010/10/21 09:15:45 | 000,589,824 | ---- | C] ( ) -- C:\Windows\System32\lxdrcoms.exe
[2010/10/21 09:15:45 | 000,577,536 | ---- | C] ( ) -- C:\Windows\System32\lxdrlmpm.dll
[2010/10/21 09:15:43 | 000,376,832 | ---- | C] ( ) -- C:\Windows\System32\lxdrcomm.dll
[2010/10/21 09:15:42 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxdrinpa.dll
[2010/10/21 09:15:42 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdriesc.dll
[2010/10/21 09:15:41 | 000,761,856 | ---- | C] ( ) -- C:\Windows\System32\lxdrcomc.dll
[2010/10/21 09:15:39 | 000,860,160 | ---- | C] ( ) -- C:\Windows\System32\lxdrusb1.dll
[2010/10/21 09:15:39 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxdrhbn3.dll
[2010/10/21 09:15:35 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxdrcfg.exe
[2010/10/21 09:15:31 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\lxdrih.exe
[2010/10/21 09:14:26 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll
[2010/10/21 09:14:26 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll
[2010/10/21 09:14:09 | 000,321,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2010/10/21 09:13:50 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\poqexec.exe
[2010/10/21 09:12:45 | 001,327,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010/10/21 09:12:44 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2010/10/21 09:12:44 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010/10/21 09:12:44 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010/10/21 09:12:44 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll
[2010/10/21 09:12:04 | 000,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2010/10/21 09:11:47 | 008,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010/10/21 09:11:45 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2010/10/21 09:11:44 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2010/10/21 09:11:43 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2010/10/21 09:11:37 | 000,311,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2010/10/21 09:07:07 | 000,000,000 | ---D | C] -- D:\Heather\Documents\Fragments
[2010/10/21 08:13:32 | 000,000,000 | ---D | C] -- C:\Users\Heather\AppData\Local\FileMaker
[2010/10/20 14:03:01 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP-2.0
[2010/10/19 14:25:47 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2010/10/19 13:40:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2010/10/19 13:39:43 | 000,022,872 | R--- | C] (Adobe Systems Inc.) -- C:\Windows\System32\AdobePDFUI.dll
[2010/10/19 13:39:42 | 000,045,392 | R--- | C] (Adobe Systems Inc) -- C:\Windows\System32\AdobePDF.dll
[2010/10/16 21:40:50 | 002,421,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2010/10/16 21:40:49 | 000,044,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2010/10/16 21:40:15 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2010/10/16 21:40:14 | 000,575,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2010/10/16 21:40:14 | 000,035,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2010/10/16 21:39:56 | 000,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2010/10/16 21:39:56 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2010/10/12 15:38:37 | 000,438,272 | ---- | C] ( ) -- C:\Windows\System32\LXDRhcp.dll
[2009/10/15 20:32:46 | 000,409,600 | ---- | C] ( ) -- C:\Windows\System32\lxdrcoin.dll

========== Files - Modified Within 30 Days ==========

[2010/11/14 14:35:40 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Heather\Desktop\OTL.exe
[2010/11/14 14:27:13 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/14 14:27:13 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/14 14:14:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/14 13:27:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/14 08:44:57 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/14 08:35:21 | 2137,841,664 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/14 00:08:07 | 000,010,123 | ---- | M] () -- C:\Users\Heather\Desktop\Downstairs bathroom.odg
[2010/11/12 17:24:08 | 000,005,414 | ---- | M] () -- D:\Heather\Documents\cc_20101112_172359.reg
[2010/11/12 17:21:50 | 000,012,586 | ---- | M] () -- C:\Users\Heather\.recently-used.xbel
[2010/11/11 22:37:25 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\http.sys.mui
[2010/11/11 21:51:38 | 000,618,648 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/11/11 21:51:38 | 000,104,024 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/11/10 08:46:04 | 000,696,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll
[2010/11/10 08:45:39 | 000,110,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2010/11/10 08:45:39 | 000,045,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciidex.sys
[2010/11/10 08:45:21 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010/11/10 08:44:06 | 000,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netcfg.exe
[2010/11/10 08:43:49 | 001,808,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0046.dll
[2010/11/10 08:43:49 | 001,793,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0045.dll
[2010/11/10 08:43:49 | 001,558,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0049.dll
[2010/11/10 08:43:49 | 001,411,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0047.dll
[2010/11/10 08:43:48 | 002,136,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0021.dll
[2010/11/10 08:43:48 | 001,782,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0039.dll
[2010/11/10 08:43:48 | 001,236,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0020.dll
[2010/11/10 08:43:47 | 005,499,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0022.dll
[2010/11/10 08:43:46 | 007,964,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0024.dll
[2010/11/10 08:43:46 | 005,791,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0026.dll
[2010/11/10 08:43:45 | 006,224,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0027.dll
[2010/11/10 08:43:45 | 004,175,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0010.dll
[2010/11/10 08:43:44 | 004,981,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0013.dll
[2010/11/10 08:43:44 | 003,331,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0018.dll
[2010/11/10 08:43:44 | 002,466,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0011.dll
[2010/11/10 08:43:43 | 011,722,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0001.dll
[2010/11/10 08:43:43 | 006,781,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0019.dll
[2010/11/10 08:43:42 | 004,164,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0002.dll
[2010/11/10 08:43:42 | 001,452,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0003.dll
[2010/11/10 08:43:41 | 012,240,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll
[2010/11/10 08:43:41 | 003,419,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004a.dll
[2010/11/10 08:43:41 | 002,644,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll
[2010/11/10 08:43:40 | 004,093,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004c.dll
[2010/11/10 08:43:40 | 004,045,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons003e.dll
[2010/11/10 08:43:40 | 001,972,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004e.dll
[2010/11/10 08:43:40 | 001,702,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004b.dll
[2010/11/10 08:43:39 | 006,014,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons001a.dll
[2010/11/10 08:43:39 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons002a.dll
[2010/11/10 08:43:38 | 006,585,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons001b.dll
[2010/11/10 08:43:38 | 006,346,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons001d.dll
[2010/11/10 08:43:37 | 009,892,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000a.dll
[2010/11/10 08:43:36 | 006,237,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000c.dll
[2010/11/10 08:43:36 | 005,654,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000f.dll
[2010/11/10 08:43:36 | 001,722,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000d.dll
[2010/11/10 08:43:35 | 005,090,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0416.dll
[2010/11/10 08:43:35 | 005,031,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0816.dll
[2010/11/10 08:43:35 | 004,616,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0414.dll
[2010/11/10 08:43:34 | 007,042,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons081a.dll
[2010/11/10 08:43:34 | 005,071,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsModels0011.dll
[2010/11/10 08:43:33 | 003,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0047.dll
[2010/11/10 08:43:33 | 003,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0046.dll
[2010/11/10 08:43:33 | 003,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0045.dll
[2010/11/10 08:43:32 | 003,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0049.dll
[2010/11/10 08:43:32 | 003,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0039.dll
[2010/11/10 08:43:31 | 003,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0020.dll
[2010/11/10 08:43:31 | 001,799,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0022.dll
[2010/11/10 08:43:31 | 001,799,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0021.dll
[2010/11/10 08:43:30 | 001,965,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0027.dll
[2010/11/10 08:43:30 | 001,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0026.dll
[2010/11/10 08:43:30 | 001,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0024.dll
[2010/11/10 08:43:29 | 004,493,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0010.dll
[2010/11/10 08:43:29 | 003,464,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0013.dll
[2010/11/10 08:43:29 | 002,655,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0011.dll
[2010/11/10 08:43:28 | 004,495,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0019.dll
[2010/11/10 08:43:28 | 001,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0018.dll
[2010/11/10 08:43:28 | 001,523,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0000.dll
[2010/11/10 08:43:27 | 002,597,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0001.dll
[2010/11/10 08:43:27 | 001,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0003.dll
[2010/11/10 08:43:27 | 001,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0002.dll
[2010/11/10 08:43:26 | 004,874,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0009.dll
[2010/11/10 08:43:26 | 003,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData004a.dll
[2010/11/10 08:43:26 | 002,241,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0007.dll
[2010/11/10 08:43:25 | 003,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData004e.dll
[2010/11/10 08:43:25 | 003,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData004c.dll
[2010/11/10 08:43:25 | 003,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData004b.dll
[2010/11/10 08:43:24 | 001,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData001b.dll
[2010/11/10 08:43:24 | 001,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData001a.dll
[2010/11/10 08:43:24 | 001,799,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData003e.dll
[2010/11/10 08:43:24 | 001,799,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData002a.dll
[2010/11/10 08:43:23 | 004,493,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData001d.dll
[2010/11/10 08:43:22 | 009,845,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData000a.dll
[2010/11/10 08:43:22 | 002,641,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData000c.dll
[2010/11/10 08:43:21 | 004,493,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0414.dll
[2010/11/10 08:43:21 | 002,340,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData000d.dll
[2010/11/10 08:43:21 | 001,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData000f.dll
[2010/11/10 08:43:20 | 004,493,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0816.dll
[2010/11/10 08:43:20 | 004,493,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0416.dll
[2010/11/10 08:43:20 | 001,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData081a.dll
[2010/11/10 08:43:20 | 000,797,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2010/11/10 08:43:19 | 006,917,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0c1a.dll
[2010/11/10 08:43:19 | 001,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0c1a.dll
[2010/11/10 08:40:18 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\i8042prt.sys.mui
[2010/11/10 08:40:18 | 000,005,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\sermouse.sys.mui
[2010/11/10 08:40:18 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\mouclass.sys.mui
[2010/11/10 08:40:18 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\kbdclass.sys.mui
[2010/11/10 08:40:18 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\mouhid.sys.mui
[2010/11/10 08:40:18 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\kbdhid.sys.mui
[2010/11/10 08:40:17 | 000,371,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2010/11/10 08:40:17 | 000,313,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe
[2010/11/10 08:40:16 | 000,613,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2010/11/10 08:40:16 | 000,019,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kd1394.dll
[2010/11/10 08:40:16 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srdelayed.exe
[2010/11/10 08:40:15 | 000,944,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2010/11/10 08:40:15 | 000,905,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2010/11/10 08:40:15 | 000,620,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
[2010/11/10 08:40:15 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drvinst.exe
[2010/11/10 08:40:15 | 000,019,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
[2010/11/10 08:40:14 | 000,260,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dpx.dll
[2010/11/10 08:40:14 | 000,115,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\loadperf.dll
[2010/11/10 08:40:14 | 000,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lodctr.exe
[2010/11/10 08:40:14 | 000,032,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\unlodctr.exe
[2010/11/10 08:40:14 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\prflbmsg.dll
[2010/11/10 08:40:14 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kbd106n.dll
[2010/11/10 08:40:12 | 000,035,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2010/11/10 08:40:12 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dispci.dll
[2010/11/10 08:40:12 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\batt.dll
[2010/11/10 08:40:12 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\f3ahvoas.dll
[2010/11/10 08:39:15 | 000,654,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2010/11/10 08:39:15 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2010/11/10 08:39:13 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2010/11/10 08:39:13 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2010/11/10 08:39:13 | 000,053,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2010/11/10 08:39:13 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2010/11/10 08:38:50 | 000,220,672 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
[2010/11/10 08:38:50 | 000,062,464 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2010/11/10 08:38:33 | 000,512,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010/11/10 08:38:14 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2010/11/10 08:38:14 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe
[2010/11/10 08:37:39 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMASF.DLL
[2010/11/10 08:37:39 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\LAPRXY.DLL
[2010/11/10 08:37:39 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\asferror.dll
[2010/11/10 08:37:26 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2010/11/10 08:37:02 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll
[2010/11/10 08:37:02 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll
[2010/11/10 08:36:43 | 000,712,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2010/11/10 08:36:43 | 000,425,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2010/11/10 08:36:42 | 000,347,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2010/11/10 08:35:59 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll
[2010/11/10 08:35:59 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printcom.dll
[2010/11/10 08:35:44 | 000,435,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010/11/10 08:35:44 | 000,312,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2010/11/10 08:35:44 | 000,154,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010/11/10 08:35:44 | 000,154,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010/11/10 08:35:43 | 000,523,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010/11/10 08:35:43 | 000,515,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010/11/10 08:35:43 | 000,473,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010/11/10 08:35:43 | 000,472,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010/11/10 08:35:43 | 000,431,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010/11/10 08:35:23 | 000,084,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\INETRES.dll
[2010/11/08 18:56:32 | 000,095,513 | ---- | M] () -- C:\Users\Heather\Desktop\SNP calling.jpg
[2010/11/05 23:23:39 | 000,000,000 | ---- | M] () -- C:\Users\Heather\defogger_reenable
[2010/11/05 13:45:19 | 000,393,264 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/11/05 12:14:24 | 002,031,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/11/05 12:12:44 | 000,113,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2010/11/05 12:12:43 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wshrm.dll
[2010/11/05 12:11:23 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
[2010/11/05 12:11:22 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
[2010/11/05 12:10:21 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sbunattend.exe
[2010/11/05 12:09:34 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2010/11/05 12:05:29 | 000,622,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2010/11/05 12:05:28 | 000,097,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2010/11/05 12:05:28 | 000,037,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2010/11/05 12:05:28 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2010/11/05 12:05:22 | 000,105,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2010/11/05 12:05:20 | 000,781,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2010/11/05 12:05:20 | 000,326,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2010/11/05 12:05:20 | 000,043,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2010/11/05 12:02:14 | 038,404,096 | ---- | M] () -- C:\Windows\ocsetup_install_NetFx3.etl
[2010/11/05 12:02:14 | 000,196,608 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf
[2010/11/05 12:02:14 | 000,065,536 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx
[2010/11/05 11:55:43 | 000,014,848 | ---- | M] () -- C:\Users\Heather\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/05 11:55:02 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2010/11/05 11:55:00 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2010/11/05 11:54:59 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2010/11/03 22:13:56 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/11/03 22:13:54 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/11/02 12:29:52 | 000,270,327 | ---- | M] () -- C:\Users\Heather\Desktop\Rental Agreement 2010 11 27 to 12 02 Heather_revised.pdf
[2010/10/30 15:15:08 | 000,012,146 | ---- | M] () -- C:\Users\Heather\Desktop\Smail.odt
[2010/10/30 14:18:55 | 000,004,757 | ---- | M] () -- C:\Users\Heather\Desktop\E_TKT.pdf
[2010/10/30 14:16:47 | 000,131,143 | ---- | M] () -- C:\Users\Heather\Desktop\E_s.pdf
[2010/10/30 14:16:39 | 000,045,056 | ---- | M] () -- C:\Users\Heather\Desktop\Lectures 1st Course XI cycle April 16.xls
[2010/10/28 12:26:10 | 002,939,904 | ---- | M] () -- C:\Users\Heather\Desktop\Présentation ALK (Candice BABARIT).ppt
[2010/10/26 11:06:35 | 000,630,351 | ---- | M] () -- C:\Users\Heather\Desktop\Accord CPP 2010 - copie.JPG
[2010/10/21 16:19:57 | 000,000,954 | ---- | M] () -- C:\Users\Heather\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/10/21 13:03:57 | 000,000,158 | ---- | M] () -- C:\Windows\ricdb.ini
[2010/10/21 10:55:33 | 000,289,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010/10/21 10:55:33 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/10/21 10:55:33 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010/10/21 10:55:33 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010/10/21 10:55:33 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2010/10/21 10:53:20 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/10/21 10:53:20 | 000,230,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2010/10/21 10:53:20 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2010/10/21 10:53:20 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2010/10/21 10:53:19 | 002,452,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2010/10/21 10:53:19 | 000,380,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010/10/21 10:53:17 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/10/21 10:53:15 | 000,347,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2010/10/21 10:53:15 | 000,214,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2010/10/21 10:53:14 | 000,459,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/10/21 10:53:13 | 000,180,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/10/21 10:53:09 | 000,389,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/10/21 10:53:08 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010/10/21 10:53:08 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2010/10/21 10:53:06 | 001,383,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/10/21 10:53:04 | 000,671,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/10/21 10:53:02 | 001,830,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/10/21 10:53:00 | 000,026,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/10/21 10:52:57 | 000,070,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/10/21 10:52:57 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2010/10/21 10:52:56 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/10/21 10:52:56 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/10/21 10:50:25 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FwRemoteSvr.dll
[2010/10/21 10:50:24 | 000,272,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\polstore.dll
[2010/10/21 10:50:24 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winipsec.dll
[2010/10/21 10:48:45 | 000,241,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2010/10/21 10:48:44 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2010/10/21 10:48:44 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2010/10/21 10:47:46 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2010/10/21 10:47:46 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE
[2010/10/21 10:47:46 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE
[2010/10/21 10:47:46 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE
[2010/10/21 10:47:46 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2010/10/21 10:47:46 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE
[2010/10/21 10:47:46 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\finger.exe
[2010/10/21 10:47:46 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE
[2010/10/21 10:47:43 | 000,213,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2010/10/21 10:45:41 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll
[2010/10/21 10:45:39 | 001,654,487 | ---- | M] () -- C:\Windows\System32\wlan.tmf
[2010/10/21 10:45:39 | 000,289,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2010/10/21 10:45:39 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanhlp.dll
[2010/10/21 10:45:39 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll
[2010/10/21 10:45:38 | 000,299,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll
[2010/10/21 10:44:40 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2010/10/21 10:44:39 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msxml6r.dll
[2010/10/21 10:43:37 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2010/10/21 10:41:52 | 002,855,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2010/10/21 10:41:51 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2010/10/21 10:41:51 | 000,052,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rrinstaller.exe
[2010/10/21 10:41:51 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe
[2010/10/21 10:41:51 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mferror.dll
[2010/10/21 10:41:49 | 002,433,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2010/10/21 10:40:47 | 003,502,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/10/21 10:40:46 | 003,468,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/10/21 10:39:15 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010/10/21 10:35:32 | 000,500,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2010/10/21 10:35:32 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll
[2010/10/21 10:34:19 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2010/10/21 10:34:18 | 000,036,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2010/10/21 10:33:21 | 000,303,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2010/10/21 10:19:05 | 000,713,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2010/10/21 10:12:22 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/10/21 09:38:45 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010/10/21 09:38:42 | 004,247,552 | ---- | M] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010/10/21 09:38:41 | 001,686,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2010/10/21 09:33:23 | 000,996,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2010/10/21 09:33:23 | 000,094,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2010/10/21 09:32:20 | 001,645,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
[2010/10/21 09:31:26 | 000,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2010/10/21 09:31:26 | 000,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2010/10/21 09:14:26 | 000,274,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll
[2010/10/21 09:14:26 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll
[2010/10/21 09:14:09 | 000,321,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2010/10/21 09:13:50 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\poqexec.exe
[2010/10/21 09:12:44 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2010/10/21 09:12:44 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010/10/21 09:12:44 | 000,082,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010/10/21 09:12:44 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll
[2010/10/21 09:12:04 | 000,604,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2010/10/21 09:11:47 | 008,147,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010/10/21 09:11:45 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2010/10/21 09:11:43 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2010/10/21 09:11:37 | 000,311,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2010/10/20 14:03:39 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[2010/10/19 10:41:44 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/10/18 20:57:29 | 000,012,446 | ---- | M] () -- D:\Heather\Documents\A2_Coordinator.pdf
[2010/10/16 21:40:50 | 002,421,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2010/10/16 21:40:49 | 000,044,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2010/10/16 21:40:15 | 000,087,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2010/10/16 21:40:14 | 000,575,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2010/10/16 21:40:14 | 000,035,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2010/10/16 21:39:56 | 000,171,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2010/10/16 21:39:56 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2010/10/16 12:42:31 | 000,001,898 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk

========== Files Created - No Company Name ==========

[2010/11/13 22:09:01 | 000,010,123 | ---- | C] () -- C:\Users\Heather\Desktop\Downstairs bathroom.odg
[2010/11/12 17:24:01 | 000,005,414 | ---- | C] () -- D:\Heather\Documents\cc_20101112_172359.reg
[2010/11/12 17:21:50 | 000,012,586 | ---- | C] () -- C:\Users\Heather\.recently-used.xbel
[2010/11/08 18:56:31 | 000,095,513 | ---- | C] () -- C:\Users\Heather\Desktop\SNP calling.jpg
[2010/11/08 17:09:39 | 000,000,886 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/08 17:09:36 | 000,000,882 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/05 23:23:39 | 000,000,000 | ---- | C] () -- C:\Users\Heather\defogger_reenable
[2010/11/05 11:58:17 | 038,404,096 | ---- | C] () -- C:\Windows\ocsetup_install_NetFx3.etl
[2010/11/05 11:58:17 | 000,196,608 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf
[2010/11/05 11:58:17 | 000,065,536 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx
[2010/11/05 11:33:23 | 2137,841,664 | -HS- | C] () -- C:\hiberfil.sys
[2010/11/03 22:13:56 | 000,001,851 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/11/02 12:20:48 | 000,270,327 | ---- | C] () -- C:\Users\Heather\Desktop\Rental Agreement 2010 11 27 to 12 02 Heather_revised.pdf
[2010/10/30 15:02:43 | 000,012,146 | ---- | C] () -- C:\Users\Heather\Desktop\Smail.odt
[2010/10/30 14:18:55 | 000,004,757 | ---- | C] () -- C:\Users\Heather\Desktop\E_TKT.pdf
[2010/10/30 14:16:46 | 000,131,143 | ---- | C] () -- C:\Users\Heather\Desktop\E_s.pdf
[2010/10/30 14:16:39 | 000,045,056 | ---- | C] () -- C:\Users\Heather\Desktop\Lectures 1st Course XI cycle April 16.xls
[2010/10/28 12:26:05 | 002,939,904 | ---- | C] () -- C:\Users\Heather\Desktop\Présentation ALK (Candice BABARIT).ppt
[2010/10/26 11:06:34 | 000,630,351 | ---- | C] () -- C:\Users\Heather\Desktop\Accord CPP 2010 - copie.JPG
[2010/10/21 13:03:56 | 000,000,158 | ---- | C] () -- C:\Windows\ricdb.ini
[2010/10/21 10:45:39 | 001,654,487 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2010/10/21 09:15:36 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdrgrd.dll
[2010/10/20 14:03:39 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[2010/10/19 15:46:21 | 000,003,110 | ---- | C] () -- C:\ProgramData\lxdrJSW.log
[2010/10/18 20:57:29 | 000,012,446 | ---- | C] () -- D:\Heather\Documents\A2_Coordinator.pdf
[2010/10/13 08:24:58 | 000,014,848 | ---- | C] () -- C:\Users\Heather\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/12 15:40:53 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxdrvs.dll
[2010/10/12 15:39:58 | 000,000,252 | ---- | C] () -- C:\ProgramData\FastPics.log
[2010/10/12 15:39:37 | 001,036,288 | ---- | C] () -- C:\Windows\System32\lxdrdrs.dll
[2010/10/12 15:39:37 | 000,081,920 | ---- | C] () -- C:\Windows\System32\lxdrcaps.dll
[2010/10/12 15:39:37 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxdrcnv4.dll
[2010/10/12 15:38:37 | 000,389,120 | ---- | C] () -- C:\Windows\System32\LXDRinst.dll
[2010/10/12 15:21:38 | 000,000,000 | ---- | C] () -- C:\ProgramData\UpdaterLog.txt
[2010/10/12 10:38:27 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/10/11 17:33:07 | 000,000,680 | ---- | C] () -- C:\Users\Heather\AppData\Local\d3d9caps.dat
[2008/07/24 12:25:22 | 000,000,732 | ---- | C] () -- C:\Windows\System32\setup.ini
[2008/01/19 08:35:37 | 000,000,006 | RHS- | C] () -- C:\Windows\System32\drivers\taishop.sys
[2008/01/10 03:19:36 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/01/10 02:18:34 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2008/01/10 02:18:34 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2008/01/10 02:18:34 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2008/01/10 02:18:34 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2007/04/24 05:36:20 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1263.dll
[2007/04/24 05:12:02 | 000,910,304 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/04/24 04:24:40 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007/03/07 00:54:04 | 000,995,328 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll
[2006/12/05 22:05:04 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/07/23 06:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 522831 bytes -> C:\Users\Heather\AppData\Roaming\desktop.ini:init

< End of report >

And for RkU, I had to abort the Files scan, but here are the results for the rest:

[Edited: sorry about that. I will repost, having unchecked what I was supposed to have unchecked.]

My major problems as specified above appear to have been resolved by eliminating the TDSS.tdl4 with TDSSKiller - but I would like to be certain of it, and also to find out if there is any residual sort of backdoor activity remaining. If it's cleaner to just reinstall my whole system, so be it.

If things seem pretty safe, then simply cleaning things up would be welcome.

Thanks for your help!

Edited by etche_homo, 14 November 2010 - 09:38 AM.


#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,831 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:56 AM

Posted 14 November 2010 - 09:24 AM

Okay, I'll wait for the other logs. :)

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#6 etche_homo

etche_homo
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 14 November 2010 - 09:45 AM

Here we are for RkU, which in fact finishes with "!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)"

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6000
Number of processors #2
==============================================
>Drivers
==============================================
0x8BC1A000 C:\Windows\system32\DRIVERS\igdkmd32.sys 6184960 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver)
0x82400000 C:\Windows\system32\ntkrnlpa.exe 3805184 bytes (Microsoft Corporation, NT Kernel & System)
0x82400000 PnpManager 3805184 bytes
0x82400000 RAW 3805184 bytes
0x82400000 WMIxWDM 3805184 bytes
0x8C5D1000 C:\Windows\system32\DRIVERS\NETw4v32.sys 2289664 bytes (Intel Corporation, Intel® Wireless WiFi Link Driver)
0x8E1F7000 C:\Windows\system32\drivers\RTKVHDA.sys 2134016 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0x94A00000 Win32k 2097152 bytes
0x94A00000 C:\Windows\System32\win32k.sys 2097152 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8E0DB000 C:\Windows\system32\DRIVERS\AGRSM.sys 1163264 bytes (Agere Systems, SoftModem Device Driver)
0x82CF8000 C:\Windows\System32\Drivers\Ntfs.sys 1081344 bytes (Microsoft Corporation, NT File System Driver)
0x822FC000 C:\Windows\system32\drivers\ndis.sys 1064960 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x8051F000 C:\Windows\system32\CI.dll 921600 bytes (Microsoft Corporation, Code Integrity Module)
0xAC922000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x8DE20000 C:\Windows\System32\drivers\tcpip.sys 872448 bytes (Microsoft Corporation, TCP/IP Driver)
0x8F472000 C:\Windows\System32\Drivers\dump_iaStor.sys 778240 bytes
0x806C0000 C:\Windows\system32\DRIVERS\iaStor.sys 778240 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0x8B6F3000 C:\Windows\System32\drivers\dxgkrnl.sys 643072 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0xA9D32000 C:\Windows\system32\drivers\spsys.sys 581632 bytes (Microsoft Corporation, security processor)
0x8C3CD000 C:\Windows\system32\DRIVERS\rdpdr.sys 552960 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0x804A4000 C:\Windows\system32\drivers\Wdf01000.sys 503808 bytes (Microsoft Corporation, WDF Dynamic)
0x82259000 C:\Windows\System32\Drivers\ksecdd.sys 434176 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xAB997000 C:\Windows\system32\drivers\HTTP.sys 430080 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x80266000 C:\Windows\system32\mcupdate_GenuineIntel.dll 393216 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x8E490000 C:\Windows\system32\drivers\csc.sys 339968 bytes (Microsoft Corporation, Windows Client Side Caching Driver)
0xAC3AF000 C:\Windows\System32\DRIVERS\srv.sys 331776 bytes (Microsoft Corporation, Server driver)
0x8077E000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8E5B9000 C:\Windows\system32\drivers\afd.sys 290816 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x80461000 C:\Windows\system32\drivers\acpi.sys 274432 bytes (Microsoft Corporation, ACPI Driver for NT)
0x8C591000 C:\Windows\system32\DRIVERS\storport.sys 262144 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x8B62E000 C:\Windows\system32\DRIVERS\USBPORT.SYS 249856 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8021A000 C:\Windows\system32\CLFS.SYS 241664 bytes (Microsoft Corporation, Common Log File System Driver)
0x8E523000 C:\Windows\system32\DRIVERS\rdbss.sys 241664 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xAB86C000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x822C3000 C:\Windows\system32\drivers\NETIO.SYS 233472 bytes (Microsoft Corporation, Network I/O Subsystem)
0x8B6BB000 C:\Windows\system32\DRIVERS\e1e6032.sys 229376 bytes (Intel Corporation, Intel® PRO/1000 Adapter NDIS 6 deserialized driver)
0xA73C9000 C:\Windows\system32\drivers\aswMonFlt.sys 225280 bytes (AVAST Software, avast! File System Minifilter for Windows 2003/Vista)
0x82223000 C:\Windows\system32\drivers\volsnap.sys 221184 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x827A1000 ACPI_HAL 212992 bytes
0x827A1000 C:\Windows\system32\hal.dll 212992 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x8C338000 C:\Windows\system32\DRIVERS\usbhub.sys 212992 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x8E587000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x80669000 C:\Windows\system32\drivers\fltmgr.sys 200704 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x8DFBD000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x8BBBD000 C:\Windows\system32\DRIVERS\msiscsi.sys 176128 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x80625000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0xA9CA4000 C:\Windows\system32\DRIVERS\nwifi.sys 176128 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x8C396000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0x807C8000 C:\Windows\system32\DRIVERS\pcmcia.sys 172032 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0x8BA2F000 C:\Windows\system32\DRIVERS\Apfiltr.sys 163840 bytes (Alps Electric Co., Ltd., Alps Touch Pad Driver)
0xAEE54000 C:\Windows\System32\Drivers\fastfat.SYS 163840 bytes (Microsoft Corporation, Fast FAT File System Driver)
0x8E452000 C:\Windows\System32\Drivers\aswSP.SYS 159744 bytes (AVAST Software, avast! self protection module)
0x8DF98000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x82CD3000 C:\Windows\System32\drivers\ecache.sys 151552 bytes (Microsoft Corporation, Special Memory Device Cache)
0x80434000 C:\Windows\system32\drivers\pci.sys 151552 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xAB848000 C:\Windows\System32\DRIVERS\srv2.sys 147456 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x8C557000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x82CA1000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0x8DF20000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0xAB8C3000 C:\Windows\system32\drivers\mrxdav.sys 131072 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x8069A000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0xAB8A5000 C:\Windows\system32\DRIVERS\mrxsmb.sys 122880 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x94C65000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0xAB93C000 C:\Windows\System32\DRIVERS\srvnet.sys 110592 bytes (Microsoft Corporation, Server Network driver)
0x8BC00000 C:\Windows\system32\DRIVERS\serial.sys 106496 bytes (Microsoft Corporation, Serial Device Driver)
0xAB8E3000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x8DE07000 C:\Windows\System32\drivers\fwpkclnt.sys 102400 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x8BBE8000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x8B604000 C:\Windows\system32\DRIVERS\sdbus.sys 98304 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0x8E479000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Client MUP Surrogate Driver)
0x8C57A000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xAC80B000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x8E571000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x8E0C6000 C:\Windows\system32\DRIVERS\tdx.sys 86016 bytes (Microsoft Corporation, TDI Translation Driver)
0x94C50000 C:\Windows\system32\DRIVERS\WUDFRd.sys 86016 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector)
0xA7A04000 C:\Windows\System32\drivers\mpsdrv.sys 81920 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8E012000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x8BA57000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
0x8C454000 C:\Windows\system32\DRIVERS\raspptp.sys 77824 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xA76BD000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8E55E000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x8B61C000 C:\Windows\system32\DRIVERS\HDAudBus.sys 73728 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0xAA002000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 73728 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0xA7234000 C:\Windows\system32\DRIVERS\WUDFPf.sys 73728 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x82CC2000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x80659000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x8F400000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x8040B000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x88D00000 C:\Windows\System32\Drivers\NDProxy.SYS 65536 bytes (Microsoft Corporation, NDIS Proxy)
0x88D30000 C:\Windows\system32\DRIVERS\ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0x88D20000 C:\Windows\System32\Drivers\oz776.sys 65536 bytes (O2Micro, O2Micro USB CCID SmartCard Reader)
0x8C494000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x82205000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x82214000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x82EF1000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8C467000 C:\Windows\system32\DRIVERS\termdd.sys 61440 bytes (Microsoft Corporation, Terminal Server Driver)
0x80425000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x8BB3A000 C:\Windows\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xA5C10000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x8BB48000 C:\Windows\system32\DRIVERS\intelppm.sys 57344 bytes (Microsoft Corporation, Processor Device Driver)
0x8BB64000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8BB56000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x807F2000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x88C58000 C:\Windows\system32\DRIVERS\usbehci.sys 57344 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x88C2F000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8DF8B000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x8BA0C000 C:\Windows\system32\drivers\tpm.sys 53248 bytes (Microsoft Corporation, TPM Device Driver)
0x8C3C0000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x8AE1A000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x8020D000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0x8C2B8000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8AE04000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x8BA24000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x8DEF5000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8BA01000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8E427000 C:\Windows\System32\Drivers\SMCLIB.SYS 45056 bytes (Microsoft Corporation, Smard Card Driver Library)
0xA77B3000 C:\Windows\System32\drivers\tcpipreg.sys 45056 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x8BA19000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x8AE27000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8AE0F000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x8DF41000 C:\Windows\System32\Drivers\aswTdi.SYS 40960 bytes (AVAST Software, avast! TDI Filter Driver)
0x8041B000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver)
0x8E03A000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8C38C000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x8E0A8000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x8E026000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x8E076000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x88C00000 C:\Windows\system32\DRIVERS\serenum.sys 40960 bytes (Microsoft Corporation, Serial Port Enumerator)
0x80616000 C:\Windows\system32\DRIVERS\thpdrv.sys 40960 bytes (TOSHIBA Corporation, TOSHIBA HDD Protection Driver)
0x80605000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x8AF2F000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0xBFE13000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x8025D000 C:\Windows\system32\PSHED.dll 36864 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x80650000 C:\Windows\System32\Drivers\PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0x8AF41000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x8AF38000 C:\Windows\system32\DRIVERS\sffdisk.sys 36864 bytes (Microsoft Corporation, Small Form Factor Disk Driver)
0xA5C00000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8AEF0000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x80204000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x806B8000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x80255000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x802C6000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x80459000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8AFB0000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8AFB8000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0xA7740000 C:\Windows\system32\DRIVERS\sffp_sd.sys 32768 bytes (Microsoft Corporation, Small Form Factor SD Protocol Driver)
0x8060E000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x8AF98000 C:\Windows\System32\Drivers\tcusb.sys 32768 bytes (UPEK Inc., TouchChip USB Kernel Driver)
0x8BA86000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x8BA71000 C:\Windows\System32\Drivers\GEARAspiWDM.sys 28672 bytes (GEAR Software Inc., CD/DVD Class Filter Driver)
0x80404000 C:\Windows\system32\drivers\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0x8BA7F000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x8B67F000 C:\Windows\System32\Drivers\aswRdr.SYS 20480 bytes (AVAST Software, avast! TDI RDR Driver)
0x80620000 C:\Windows\system32\DRIVERS\TVALZ.SYS 20480 bytes (TOSHIBA Corporation, TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver)
0x8B7C4000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0x8B7FC000 C:\Windows\system32\DRIVERS\tdcmdpst.sys 16384 bytes (TOSHIBA Corporation., Toshiba ODD Writing Driver For x86.)
0x88C27000 C:\Windows\System32\Drivers\aswFsBlk.SYS 12288 bytes (AVAST Software, avast! File System Access Blocking Driver)
0x80201000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0x8B793000 C:\Windows\system32\DRIVERS\tosrfec.sys 12288 bytes (TOSHIBA Corporation, TOSHIBA Bluetooth EC Driver)
0x82E26000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x80402000 C:\Windows\system32\DRIVERS\Thpevm.SYS 8192 bytes (TOSHIBA Corporation, TOSHIBA HDD Protection - Shock Sensor Driver)
0x8DA4A000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================
0x05290000 Hidden Image-->Tanagra.DataClad.dll [ EPROCESS 0x84A875C8 ] PID: 4156, 1077248 bytes
0x06530000 Hidden Image-->Tanagra.BMU.dll [ EPROCESS 0x84A875C8 ] PID: 4156, 1413120 bytes
0x01D10000 Hidden Image-->Tanagra.DataClad.DataAccess.dll [ EPROCESS 0x84A875C8 ] PID: 4156, 299008 bytes
0x00340000 Hidden Image-->MemeoRemoteCore.dll [ EPROCESS 0xABB2AD90 ] PID: 3144, 36864 bytes
0x01970000 Hidden Image-->XMLSettings.dll [ EPROCESS 0x84A875C8 ] PID: 4156, 36864 bytes
0x040C0000 Hidden Image-->Tanagra.Interop.dll [ EPROCESS 0x84A875C8 ] PID: 4156, 61440 bytes
0x00D10000 Hidden Image-->Memeo.API.dll [ EPROCESS 0x84A875C8 ] PID: 4156, 69632 bytes
0x04150000 Hidden Image-->SQLite.NET.dll [ EPROCESS 0x84A875C8 ] PID: 4156, 77824 bytes
0x04B30000 Hidden Image-->Tanagra.Utility.dll [ EPROCESS 0x84A875C8 ] PID: 4156, 913408 bytes
0x03AB0000 Hidden Image-->TCrdMain.resources.dll [ EPROCESS 0x84B115C8 ] PID: 3740, 978944 bytes

#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,831 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:56 AM

Posted 14 November 2010 - 12:24 PM

Hi, since you had TDL4, the backdoor remains, see below.

BACKDOOR WARNING
------------------------------
One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and cleaned, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.


COMBOFIX
---------------
Please download ComboFix from one of these locations:
Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#8 etche_homo

etche_homo
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 14 November 2010 - 04:58 PM

Hi, Elise,

I'd like to give it a try, and in the meantime, will go about the painful task of changing all my passwords.

I ran Combofix despite the warnings that arose when it detected a running copy of Norton 360 - this may have been a preinstall, but I certainly tried to uninstall all factory-provided AV software, and can not find it to uninstall much less stop, either via the Control Panel or through CCleaner. I only thought about Windows Defender once it was complete; is it a problem?

Java 6 Update 22 is available for installation; I'm waiting on it for now.

Here is the log. Those seven randomly named *.exe files in [HKLM\~\startupfolder\C:^Users...] etc don't look very promising, do they?

Thanks!
==

ComboFix 10-11-13.01 - Heather 11/14/2010 22:25:33.2.2 - x86
Microsoft® Windows Vista™ Business 6.0.6000.0.1252.1.1033.18.2038.891 [GMT 1:00]
Running from: c:\users\Heather\Downloads\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Norton 360 *On-access scanning enabled* (Updated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
FW: Norton 360 *enabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}
SP: avast! Antivirus *disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Norton 360 *enabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\windows\system32\setup.ini

.
((((((((((((((((((((((((( Files Created from 2010-10-14 to 2010-11-14 )))))))))))))))))))))))))))))))
.

2010-11-14 21:32 . 2010-11-14 21:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-14 13:49 . 2010-11-14 13:49 -------- d-----w- c:\windows\system32\Purple
2010-11-11 21:41 . 2010-11-11 21:41 378368 ----a-w- c:\windows\system32\winhttp.dll
2010-11-11 21:07 . 2010-11-11 21:07 -------- d-----w- c:\users\Heather\AppData\Local\Apple Computer
2010-11-11 21:07 . 2010-11-11 21:07 -------- d-----w- c:\users\Heather\AppData\Roaming\Apple Computer
2010-11-11 21:02 . 2010-11-11 21:02 -------- d-----w- c:\programdata\Apple Computer
2010-11-11 20:59 . 2010-11-11 20:59 -------- d-----w- c:\program files\Common Files\Apple
2010-11-11 20:59 . 2010-11-11 20:59 -------- d-----w- c:\users\Heather\AppData\Local\Apple
2010-11-11 20:59 . 2010-11-11 20:59 -------- d-----w- c:\program files\Apple Software Update
2010-11-11 20:59 . 2010-11-11 20:59 -------- d-----w- c:\programdata\Apple
2010-11-11 20:50 . 2010-11-11 20:50 -------- d-----w- c:\program files\Common Files\Risxtd
2010-11-11 20:49 . 2010-11-11 20:51 -------- d-----w- c:\program files\EndNote 9
2010-11-11 20:48 . 2010-11-11 20:48 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-11-10 07:46 . 2010-11-10 07:46 268800 ----a-w- c:\windows\system32\es.dll
2010-11-10 07:46 . 2010-11-10 07:46 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-11-10 07:46 . 2010-11-10 07:46 696832 ----a-w- c:\windows\system32\localspl.dll
2010-11-10 07:45 . 2010-11-10 07:45 45112 ----a-w- c:\windows\system32\drivers\pciidex.sys
2010-11-10 07:45 . 2010-11-10 07:45 21560 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-11-10 07:45 . 2010-11-10 07:45 211000 ----a-w- c:\windows\system32\drivers\volsnap.sys
2010-11-10 07:45 . 2010-11-10 07:45 17976 ----a-w- c:\windows\system32\drivers\intelide.sys
2010-11-10 07:45 . 2010-11-10 07:45 154624 ----a-w- c:\windows\system32\drivers\nwifi.sys
2010-11-10 07:45 . 2010-11-10 07:45 110136 ----a-w- c:\windows\system32\drivers\ataport.sys
2010-11-10 07:45 . 2010-11-10 07:45 2923520 ----a-w- c:\windows\explorer.exe
2010-11-10 07:44 . 2010-11-10 07:44 171520 ----a-w- c:\windows\system32\wintrust.dll
2010-11-10 07:44 . 2010-11-10 07:44 494592 ----a-w- c:\windows\system32\kerberos.dll
2010-11-10 07:44 . 2010-11-10 07:44 272384 ----a-w- c:\windows\system32\schannel.dll
2010-11-10 07:44 . 2010-11-10 07:44 24064 ----a-w- c:\windows\system32\netcfg.exe
2010-11-10 07:40 . 2010-11-10 07:40 1585664 ----a-w- c:\windows\system32\setupapi.dll
2010-11-10 07:39 . 2010-11-10 07:39 549888 ----a-w- c:\windows\system32\rpcss.dll
2010-11-10 07:39 . 2010-11-10 07:39 654336 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2010-11-10 07:39 . 2010-11-10 07:39 24576 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2010-11-10 07:39 . 2010-11-10 07:39 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2010-11-10 07:39 . 2010-11-10 07:39 501760 ----a-w- c:\windows\system32\wbem\WmiPrvSD.dll
2010-11-10 07:39 . 2010-11-10 07:39 247296 ----a-w- c:\windows\system32\wbem\WmiPrvSE.exe
2010-11-10 07:39 . 2010-11-10 07:39 130560 ----a-w- c:\windows\system32\wbem\WmiDcPrv.dll
2010-11-10 07:39 . 2010-11-10 07:39 97280 ----a-w- c:\windows\system32\iasrecst.dll
2010-11-10 07:39 . 2010-11-10 07:39 53248 ----a-w- c:\windows\system32\iasads.dll
2010-11-10 07:39 . 2010-11-10 07:39 37888 ----a-w- c:\windows\system32\iasdatastore.dll
2010-11-10 07:39 . 2010-11-10 07:39 158720 ----a-w- c:\windows\system32\sdohlp.dll
2010-11-10 07:38 . 2010-11-10 07:38 62464 ----a-w- c:\windows\system32\l3codeca.acm
2010-11-10 07:38 . 2010-11-10 07:38 220672 ----a-w- c:\windows\system32\l3codecp.acm
2010-11-10 07:38 . 2010-11-10 07:38 815104 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-11-10 07:38 . 2010-11-10 07:38 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-11-10 07:38 . 2010-11-10 07:38 22016 ----a-w- c:\windows\system32\netiougc.exe
2010-11-10 07:38 . 2010-11-10 07:38 179712 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-11-10 07:38 . 2010-11-10 07:38 167424 ----a-w- c:\windows\system32\tcpipcfg.dll
2010-11-10 07:38 . 2010-11-10 07:38 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS
2010-11-10 07:37 . 2010-11-10 07:37 454656 ----a-w- c:\program files\Common Files\System\msadc\msadce.dll
2010-11-10 07:37 . 2010-11-10 07:37 9728 ----a-w- c:\windows\system32\LAPRXY.DLL
2010-11-10 07:37 . 2010-11-10 07:37 223232 ----a-w- c:\windows\system32\WMASF.DLL
2010-11-10 07:37 . 2010-11-10 07:37 2048 ----a-w- c:\windows\system32\asferror.dll
2010-11-10 07:37 . 2010-11-10 07:37 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-11-10 07:37 . 2010-11-10 07:37 25600 ----a-w- c:\windows\system32\amxread.dll
2010-11-10 07:37 . 2010-11-10 07:37 14848 ----a-w- c:\windows\system32\apilogen.dll
2010-11-10 07:36 . 2010-11-10 07:36 425472 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2010-11-10 07:36 . 2010-11-10 07:36 712192 ----a-w- c:\windows\system32\WindowsCodecs.dll
2010-11-10 07:36 . 2010-11-10 07:36 347136 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2010-11-10 07:36 . 2010-11-10 07:36 97792 ----a-w- c:\windows\system32\cabview.dll
2010-11-08 16:08 . 2010-11-08 16:08 -------- d-----w- c:\users\Heather\AppData\Local\WindowsUpdate
2010-11-07 22:54 . 2010-11-08 05:30 -------- d-----w- C:\rsit
2010-11-05 21:59 . 2010-11-05 21:59 388096 ----a-r- c:\users\Heather\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-11-05 21:59 . 2010-11-05 21:59 -------- d-----w- c:\program files\Trend Micro
2010-11-05 11:14 . 2010-11-05 11:14 2031104 ----a-w- c:\windows\system32\win32k.sys
2010-11-05 11:12 . 2010-11-05 11:12 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys
2010-11-05 11:12 . 2010-11-05 11:12 14848 ----a-w- c:\windows\system32\wshrm.dll
2010-11-05 11:11 . 2010-11-05 11:11 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2010-11-05 11:11 . 2010-11-05 11:11 18432 ----a-w- c:\windows\system32\amcompat.tlb
2010-11-05 11:11 . 2010-11-05 11:11 43520 ----a-w- c:\windows\system32\msdxm.tlb
2010-11-05 11:10 . 2010-11-05 11:10 66048 ----a-w- c:\program files\Windows Sidebar\sbdrop.dll
2010-11-05 11:10 . 2010-11-05 11:10 1232896 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
2010-11-05 11:10 . 2010-11-05 11:10 11776 ----a-w- c:\windows\system32\sbunattend.exe
2010-11-05 11:09 . 2010-11-05 11:09 83968 ----a-w- c:\windows\system32\dnsrslvr.dll
2010-11-05 11:09 . 2010-11-05 11:09 24576 ----a-w- c:\windows\system32\dnscacheugc.exe
2010-11-05 11:05 . 2010-11-05 11:05 622080 ----a-w- c:\windows\system32\icardagt.exe
2010-11-05 11:05 . 2010-11-05 11:05 97800 ----a-w- c:\windows\system32\infocardapi.dll
2010-11-05 11:05 . 2010-11-05 11:05 37384 ----a-w- c:\windows\system32\infocardcpl.cpl
2010-11-05 11:05 . 2010-11-05 11:05 11264 ----a-w- c:\windows\system32\icardres.dll
2010-11-05 11:05 . 2010-11-05 11:05 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2010-11-05 11:05 . 2010-11-05 11:05 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2010-11-05 11:05 . 2010-11-05 11:05 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-11-05 11:05 . 2010-11-05 11:05 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2010-11-05 10:55 . 2010-11-05 10:55 96760 ----a-w- c:\windows\system32\dfshim.dll
2010-11-05 10:55 . 2010-11-05 10:55 41984 ----a-w- c:\windows\system32\netfxperf.dll
2010-11-05 10:55 . 2010-11-05 10:55 282112 ----a-w- c:\windows\system32\mscoree.dll
2010-11-05 10:55 . 2010-11-05 10:55 158720 ----a-w- c:\windows\system32\mscorier.dll
2010-11-05 10:54 . 2010-11-05 10:54 83968 ----a-w- c:\windows\system32\mscories.dll
2010-11-04 09:25 . 2010-11-04 09:25 -------- d-----w- c:\users\Heather\AppData\Roaming\Malwarebytes
2010-11-04 09:25 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-04 09:25 . 2010-11-04 09:25 -------- d-----w- c:\programdata\Malwarebytes
2010-11-04 09:25 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-04 09:25 . 2010-11-04 09:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-03 21:29 . 2010-11-03 21:29 -------- d-----w- c:\program files\CCleaner
2010-11-03 21:13 . 2010-09-07 15:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-11-03 21:13 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-11-03 21:13 . 2010-09-07 15:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-11-03 21:13 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-11-03 21:13 . 2010-09-07 15:47 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-11-03 21:13 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
2010-11-03 21:13 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-11-03 18:35 . 2010-11-03 18:35 -------- d-----w- c:\programdata\Alwil Software
2010-11-03 18:35 . 2010-11-03 18:35 -------- d-----w- c:\program files\Alwil Software
2010-11-03 09:29 . 2010-11-03 09:29 -------- d-----w- c:\users\Heather\AppData\Local\Sophos
2010-10-22 16:58 . 2010-10-22 16:58 -------- d-----w- c:\users\Heather\AppData\Roaming\InterVideo
2010-10-22 15:14 . 2010-11-12 16:21 -------- d-----w- c:\users\Heather\AppData\Roaming\gtk-2.0
2010-10-22 15:13 . 2010-10-22 15:13 -------- d-----w- c:\users\Heather\.thumbnails
2010-10-22 14:55 . 2010-11-12 16:21 -------- d-----w- c:\users\Heather\.gimp-2.6
2010-10-21 11:57 . 2010-10-21 12:03 -------- d-----w- c:\programdata\Ricoh
2010-10-21 11:56 . 2010-07-13 18:03 54272 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\EUDMPP32.DLL
2010-10-21 11:31 . 2010-10-26 20:46 -------- d-----w- C:\temp
2010-10-21 09:55 . 2010-10-21 09:55 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-10-21 09:55 . 2010-10-21 09:55 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-10-21 09:55 . 2010-10-21 09:55 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-10-21 09:55 . 2010-10-21 09:55 24064 ----a-w- c:\windows\system32\lpk.dll
2010-10-21 09:55 . 2010-10-21 09:55 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-10-21 09:55 . 2010-10-21 09:55 10240 ----a-w- c:\windows\system32\dciman32.dll
2010-10-21 09:52 . 2010-10-21 09:52 134144 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2010-10-21 09:52 . 2010-10-21 09:52 56320 ----a-w- c:\windows\system32\iesetup.dll
2010-10-21 09:52 . 2010-10-21 09:52 301568 ----a-w- c:\program files\Internet Explorer\ieuser.exe
2010-10-21 09:50 . 2010-10-21 09:50 28672 ----a-w- c:\windows\system32\FwRemoteSvr.dll
2010-10-21 09:50 . 2010-10-21 09:50 61440 ----a-w- c:\windows\system32\winipsec.dll
2010-10-21 09:50 . 2010-10-21 09:50 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2010-10-21 09:50 . 2010-10-21 09:50 272896 ----a-w- c:\windows\system32\polstore.dll
2010-10-21 09:49 . 2010-10-21 09:49 84992 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-21 09:49 . 2010-10-21 09:49 306688 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-21 09:48 . 2010-10-21 09:48 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-11 21:37 . 2010-11-11 21:37 36864 ----a-w- c:\windows\system32\drivers\en-US\http.sys.mui
2010-11-10 07:40 . 2010-11-10 07:40 5632 ----a-w- c:\windows\system32\drivers\en-US\sermouse.sys.mui
2010-11-10 07:40 . 2010-11-10 07:40 4608 ----a-w- c:\windows\system32\drivers\en-US\mouclass.sys.mui
2010-11-10 07:40 . 2010-11-10 07:40 4608 ----a-w- c:\windows\system32\drivers\en-US\kbdclass.sys.mui
2010-11-10 07:40 . 2010-11-10 07:40 3072 ----a-w- c:\windows\system32\drivers\en-US\mouhid.sys.mui
2010-11-10 07:40 . 2010-11-10 07:40 3072 ----a-w- c:\windows\system32\drivers\en-US\kbdhid.sys.mui
2010-11-10 07:40 . 2010-11-10 07:40 10752 ----a-w- c:\windows\system32\drivers\en-US\i8042prt.sys.mui
2010-11-10 07:37 . 2010-11-10 07:37 40960 ----a-w- c:\windows\apppatch\apihex86.dll
2010-10-21 09:53 . 2010-10-21 09:53 52736 ----a-w- c:\windows\apppatch\iebrshim.dll
2010-10-21 08:38 . 2010-10-21 08:38 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2010-10-21 08:38 . 2010-10-21 08:38 2143744 ----a-w- c:\windows\apppatch\AcGenral.dll
2010-10-21 08:38 . 2010-10-21 08:38 537600 ----a-w- c:\windows\apppatch\AcLayers.dll
2010-10-21 08:38 . 2010-10-21 08:38 449024 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2010-10-21 08:38 . 2010-10-21 08:38 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2010-10-12 08:20 . 2010-10-12 08:20 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-11 23:50 . 2010-10-11 23:50 56 ----a-w- c:\windows\system32\IHV_Install.bat
2010-09-08 10:17 . 2010-09-08 10:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 10:17 . 2010-09-08 10:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-10-12 14:16 . 2010-10-12 14:16 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Heather\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Heather\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Heather\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2006-12-04 00:03 2854912 ----a-w- c:\program files\Protector Suite QL\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2006-12-04 00:03 2854912 ----a-w- c:\program files\Protector Suite QL\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2007-05-18 430080]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-10-11 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-09-11 180224]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-13 6139904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-27 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-27 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-27 133912]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2006-12-03 49168]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872]
"TOSDCR"="c:\program files\TOSHIBA\PasswordUtility\TOSDCR.exe" [2007-01-10 174200]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 411192]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-08 55416]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-16 448080]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-05-23 538744]
"NDSTray.exe"="NDSTray.exe" [BU]
"TosAutLk"="c:\program files\TOSHIBA\WirelessKeyLogon\TosAutLk.exe" [2007-06-14 116304]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-10-12 30192]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-09-24 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"lxdrmon.exe"="c:\program files\Lexmark 4900 Series\lxdrmon.exe" [2008-05-21 676520]
"EzPrint"="c:\program files\Lexmark 4900 Series\ezprint.exe" [2008-05-21 131752]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]

c:\users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Heather\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-10-14 2049344]
WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-10-14 9085760]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-12-03 23:50 90112 ----a-w- c:\windows\System32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll c:\windows\System32\acaptuser32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /M:24a6967168

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^Heather^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^6t5jjej.exe]
path=c:\users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6t5jjej.exe
backup=c:\windows\pss\6t5jjej.exe.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Heather^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^flffaqql.exe]
path=c:\users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\flffaqql.exe
backup=c:\windows\pss\flffaqql.exe.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Heather^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^h0xshh6xh.exe]
path=c:\users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\h0xshh6xh.exe
backup=c:\windows\pss\h0xshh6xh.exe.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Heather^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^hxmhcsccs.exe]
path=c:\users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hxmhcsccs.exe
backup=c:\windows\pss\hxmhcsccs.exe.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Heather^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^mhmhmh6c27s.exe]
path=c:\users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mhmhmh6c27s.exe
backup=c:\windows\pss\mhmhmh6c27s.exe.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Heather^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^s6s2x5cxs07.exe]
path=c:\users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\s6s2x5cxs07.exe
backup=c:\windows\pss\s6s2x5cxs07.exe.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Heather^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^vfv9qqlllv.exe]
path=c:\users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vfv9qqlllv.exe
backup=c:\windows\pss\vfv9qqlllv.exe.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-11-08 135664]
R2 lxdrCATSCustConnectService;lxdrCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxdrserv.exe [2009-10-16 94208]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-10-12 30192]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2007-04-27 21504]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2007-09-03 13336]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S2 lxdr_device;lxdr_device;c:\windows\system32\lxdrcoms.exe [2009-10-16 589824]
S2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-10-14 98304]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
Contents of the 'Scheduled Tasks' folder

2010-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-08 16:09]

2010-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-08 16:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.toshibadirect.com/dpdstart
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
Trusted Zone: lcl.fr\particuliers.secure
TCP: {00F55210-54E0-4585-96BD-3901E5060224} = 139.124.203.194,139.124.1.2
DPF: {4EFE4BE8-8771-4649-B3EF-D97374C8D2C2} - hxxps://particuliers.secure.lcl.fr/v_1.0/img/akl/FormProtect.cab
FF - ProfilePath - c:\users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\xabjiqfb.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-14 22:32
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i?????{?1O????? ??????@???X???p?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(796)
c:\users\Heather\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
c:\program files\Protector Suite QL\farchns.dll
c:\program files\Protector Suite QL\infra.dll
.
Completion time: 2010-11-14 22:35:17
ComboFix-quarantined-files.txt 2010-11-14 21:35

Pre-Run: 56,551,665,664 bytes free
Post-Run: 56,483,291,136 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=9 Sets=1,2,3,4,5,6,7,8,9
- - End Of File - - 54C7A5CFD2B6AAFB95030DD707ACD72F

#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,831 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:56 AM

Posted 15 November 2010 - 04:20 AM

Hi again, those look indeed a bit suspicious. Lets see if we can get rid of them.

CF-SCRIPT
-------------
We need to execute a CF-script.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:
File::
c:\users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6t5jjej.exe
c:\windows\pss\6t5jjej.exe.Startup
c:\users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\flffaqql.exe
c:\windows\pss\flffaqql.exe.Startup
c:\users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\h0xshh6xh.exe
c:\windows\pss\h0xshh6xh.exe.Startup
c:\users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hxmhcsccs.exe
c:\windows\pss\hxmhcsccs.exe.Startup
c:\users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mhmhmh6c27s.exe
c:\windows\pss\mhmhmh6c27s.exe.Startup
c:\users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\s6s2x5cxs07.exe
backup=c:\windows\pss\s6s2x5cxs07.exe.Startup
c:\users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vfv9qqlllv.exe
c:\windows\pss\vfv9qqlllv.exe.Startup
Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 etche_homo

etche_homo
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 15 November 2010 - 09:51 AM

Hello again, Elise.

After running Combofix, if I try to launch an executable, I get

"Illegal operation attempted on a registry key that has been marked for deletion"

and I reboot, and things are fine if very slow to get going. And I have to respecify that Firefox is my default browser.
----

Here are the latest results after your script:

ComboFix 10-11-13.01 - Heather 11/15/2010 14:10:17.3.2 - x86
Microsoft® Windows Vista™ Business 6.0.6000.0.1252.1.1033.18.2038.912 [GMT 1:00]
Running from: c:\users\Heather\Desktop\ComboFix.exe
Command switches used :: c:\users\Heather\Desktop\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Norton 360 *On-access scanning enabled* (Updated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
FW: Norton 360 *enabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}
SP: avast! Antivirus *disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Norton 360 *enabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6t5jjej.exe"
"c:\users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\flffaqql.exe"
"c:\users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\h0xshh6xh.exe"
"c:\users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hxmhcsccs.exe"
"c:\users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mhmhmh6c27s.exe"
"c:\users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\s6s2x5cxs07.exe"
"c:\users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vfv9qqlllv.exe"
"c:\windows\pss\6t5jjej.exe.Startup"
"c:\windows\pss\flffaqql.exe.Startup"
"c:\windows\pss\h0xshh6xh.exe.Startup"
"c:\windows\pss\hxmhcsccs.exe.Startup"
"c:\windows\pss\mhmhmh6c27s.exe.Startup"
"c:\windows\pss\vfv9qqlllv.exe.Startup"
.

((((((((((((((((((((((((( Files Created from 2010-10-15 to 2010-11-15 )))))))))))))))))))))))))))))))
.

2010-11-15 13:21 . 2010-11-15 13:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-15 07:31 . 2010-10-18 07:41 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0CBA211E-0BEB-46E6-9BA7-0A1E72B14DE0}\mpengine.dll
2010-11-15 07:23 . 2010-11-15 07:23 -------- d-----w- c:\programdata\WD_SmartWareCommon
2010-11-14 13:49 . 2010-11-14 13:49 -------- d-----w- c:\windows\system32\Purple
2010-11-11 21:41 . 2010-11-11 21:41 378368 ----a-w- c:\windows\system32\winhttp.dll
2010-11-11 21:07 . 2010-11-11 21:07 -------- d-----w- c:\users\Heather\AppData\Local\Apple Computer
2010-11-11 21:07 . 2010-11-11 21:07 -------- d-----w- c:\users\Heather\AppData\Roaming\Apple Computer
2010-11-11 21:02 . 2010-11-11 21:02 -------- d-----w- c:\programdata\Apple Computer
2010-11-11 20:59 . 2010-11-11 20:59 -------- d-----w- c:\program files\Common Files\Apple
2010-11-11 20:59 . 2010-11-11 20:59 -------- d-----w- c:\users\Heather\AppData\Local\Apple
2010-11-11 20:59 . 2010-11-11 20:59 -------- d-----w- c:\program files\Apple Software Update
2010-11-11 20:59 . 2010-11-11 20:59 -------- d-----w- c:\programdata\Apple
2010-11-11 20:50 . 2010-11-11 20:50 -------- d-----w- c:\program files\Common Files\Risxtd
2010-11-11 20:49 . 2010-11-11 20:51 -------- d-----w- c:\program files\EndNote 9
2010-11-11 20:48 . 2010-11-11 20:48 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-11-10 07:46 . 2010-11-10 07:46 268800 ----a-w- c:\windows\system32\es.dll
2010-11-10 07:46 . 2010-11-10 07:46 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-11-10 07:46 . 2010-11-10 07:46 696832 ----a-w- c:\windows\system32\localspl.dll
2010-11-10 07:45 . 2010-11-10 07:45 45112 ----a-w- c:\windows\system32\drivers\pciidex.sys
2010-11-10 07:45 . 2010-11-10 07:45 21560 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-11-10 07:45 . 2010-11-10 07:45 211000 ----a-w- c:\windows\system32\drivers\volsnap.sys
2010-11-10 07:45 . 2010-11-10 07:45 17976 ----a-w- c:\windows\system32\drivers\intelide.sys
2010-11-10 07:45 . 2010-11-10 07:45 154624 ----a-w- c:\windows\system32\drivers\nwifi.sys
2010-11-10 07:45 . 2010-11-10 07:45 110136 ----a-w- c:\windows\system32\drivers\ataport.sys
2010-11-10 07:45 . 2010-11-10 07:45 2923520 ----a-w- c:\windows\explorer.exe
2010-11-10 07:44 . 2010-11-10 07:44 171520 ----a-w- c:\windows\system32\wintrust.dll
2010-11-10 07:44 . 2010-11-10 07:44 494592 ----a-w- c:\windows\system32\kerberos.dll
2010-11-10 07:44 . 2010-11-10 07:44 272384 ----a-w- c:\windows\system32\schannel.dll
2010-11-10 07:44 . 2010-11-10 07:44 24064 ----a-w- c:\windows\system32\netcfg.exe
2010-11-10 07:40 . 2010-11-10 07:40 1585664 ----a-w- c:\windows\system32\setupapi.dll
2010-11-10 07:39 . 2010-11-10 07:39 549888 ----a-w- c:\windows\system32\rpcss.dll
2010-11-10 07:39 . 2010-11-10 07:39 654336 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2010-11-10 07:39 . 2010-11-10 07:39 24576 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2010-11-10 07:39 . 2010-11-10 07:39 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2010-11-10 07:39 . 2010-11-10 07:39 501760 ----a-w- c:\windows\system32\wbem\WmiPrvSD.dll
2010-11-10 07:39 . 2010-11-10 07:39 247296 ----a-w- c:\windows\system32\wbem\WmiPrvSE.exe
2010-11-10 07:39 . 2010-11-10 07:39 130560 ----a-w- c:\windows\system32\wbem\WmiDcPrv.dll
2010-11-10 07:39 . 2010-11-10 07:39 97280 ----a-w- c:\windows\system32\iasrecst.dll
2010-11-10 07:39 . 2010-11-10 07:39 53248 ----a-w- c:\windows\system32\iasads.dll
2010-11-10 07:39 . 2010-11-10 07:39 37888 ----a-w- c:\windows\system32\iasdatastore.dll
2010-11-10 07:39 . 2010-11-10 07:39 158720 ----a-w- c:\windows\system32\sdohlp.dll
2010-11-10 07:38 . 2010-11-10 07:38 62464 ----a-w- c:\windows\system32\l3codeca.acm
2010-11-10 07:38 . 2010-11-10 07:38 220672 ----a-w- c:\windows\system32\l3codecp.acm
2010-11-10 07:38 . 2010-11-10 07:38 815104 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-11-10 07:38 . 2010-11-10 07:38 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-11-10 07:38 . 2010-11-10 07:38 22016 ----a-w- c:\windows\system32\netiougc.exe
2010-11-10 07:38 . 2010-11-10 07:38 179712 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-11-10 07:38 . 2010-11-10 07:38 167424 ----a-w- c:\windows\system32\tcpipcfg.dll
2010-11-10 07:38 . 2010-11-10 07:38 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS
2010-11-10 07:37 . 2010-11-10 07:37 454656 ----a-w- c:\program files\Common Files\System\msadc\msadce.dll
2010-11-10 07:37 . 2010-11-10 07:37 9728 ----a-w- c:\windows\system32\LAPRXY.DLL
2010-11-10 07:37 . 2010-11-10 07:37 223232 ----a-w- c:\windows\system32\WMASF.DLL
2010-11-10 07:37 . 2010-11-10 07:37 2048 ----a-w- c:\windows\system32\asferror.dll
2010-11-10 07:37 . 2010-11-10 07:37 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-11-10 07:37 . 2010-11-10 07:37 25600 ----a-w- c:\windows\system32\amxread.dll
2010-11-10 07:37 . 2010-11-10 07:37 14848 ----a-w- c:\windows\system32\apilogen.dll
2010-11-10 07:36 . 2010-11-10 07:36 425472 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2010-11-10 07:36 . 2010-11-10 07:36 712192 ----a-w- c:\windows\system32\WindowsCodecs.dll
2010-11-10 07:36 . 2010-11-10 07:36 347136 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2010-11-10 07:36 . 2010-11-10 07:36 97792 ----a-w- c:\windows\system32\cabview.dll
2010-11-08 16:08 . 2010-11-08 16:08 -------- d-----w- c:\users\Heather\AppData\Local\WindowsUpdate
2010-11-07 22:54 . 2010-11-08 05:30 -------- d-----w- C:\rsit
2010-11-05 21:59 . 2010-11-05 21:59 388096 ----a-r- c:\users\Heather\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-11-05 21:59 . 2010-11-05 21:59 -------- d-----w- c:\program files\Trend Micro
2010-11-05 11:14 . 2010-11-05 11:14 2031104 ----a-w- c:\windows\system32\win32k.sys
2010-11-05 11:12 . 2010-11-05 11:12 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys
2010-11-05 11:12 . 2010-11-05 11:12 14848 ----a-w- c:\windows\system32\wshrm.dll
2010-11-05 11:11 . 2010-11-05 11:11 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2010-11-05 11:11 . 2010-11-05 11:11 18432 ----a-w- c:\windows\system32\amcompat.tlb
2010-11-05 11:11 . 2010-11-05 11:11 43520 ----a-w- c:\windows\system32\msdxm.tlb
2010-11-05 11:10 . 2010-11-05 11:10 66048 ----a-w- c:\program files\Windows Sidebar\sbdrop.dll
2010-11-05 11:10 . 2010-11-05 11:10 1232896 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
2010-11-05 11:10 . 2010-11-05 11:10 11776 ----a-w- c:\windows\system32\sbunattend.exe
2010-11-05 11:09 . 2010-11-05 11:09 83968 ----a-w- c:\windows\system32\dnsrslvr.dll
2010-11-05 11:09 . 2010-11-05 11:09 24576 ----a-w- c:\windows\system32\dnscacheugc.exe
2010-11-05 11:05 . 2010-11-05 11:05 622080 ----a-w- c:\windows\system32\icardagt.exe
2010-11-05 11:05 . 2010-11-05 11:05 97800 ----a-w- c:\windows\system32\infocardapi.dll
2010-11-05 11:05 . 2010-11-05 11:05 37384 ----a-w- c:\windows\system32\infocardcpl.cpl
2010-11-05 11:05 . 2010-11-05 11:05 11264 ----a-w- c:\windows\system32\icardres.dll
2010-11-05 11:05 . 2010-11-05 11:05 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2010-11-05 11:05 . 2010-11-05 11:05 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2010-11-05 11:05 . 2010-11-05 11:05 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-11-05 11:05 . 2010-11-05 11:05 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2010-11-05 10:55 . 2010-11-05 10:55 96760 ----a-w- c:\windows\system32\dfshim.dll
2010-11-05 10:55 . 2010-11-05 10:55 41984 ----a-w- c:\windows\system32\netfxperf.dll
2010-11-05 10:55 . 2010-11-05 10:55 282112 ----a-w- c:\windows\system32\mscoree.dll
2010-11-05 10:55 . 2010-11-05 10:55 158720 ----a-w- c:\windows\system32\mscorier.dll
2010-11-05 10:54 . 2010-11-05 10:54 83968 ----a-w- c:\windows\system32\mscories.dll
2010-11-04 09:25 . 2010-11-04 09:25 -------- d-----w- c:\users\Heather\AppData\Roaming\Malwarebytes
2010-11-04 09:25 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-04 09:25 . 2010-11-04 09:25 -------- d-----w- c:\programdata\Malwarebytes
2010-11-04 09:25 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-04 09:25 . 2010-11-04 09:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-03 21:29 . 2010-11-03 21:29 -------- d-----w- c:\program files\CCleaner
2010-11-03 21:13 . 2010-09-07 15:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-11-03 21:13 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-11-03 21:13 . 2010-09-07 15:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-11-03 21:13 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-11-03 21:13 . 2010-09-07 15:47 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-11-03 21:13 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
2010-11-03 21:13 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-11-03 18:35 . 2010-11-03 18:35 -------- d-----w- c:\programdata\Alwil Software
2010-11-03 18:35 . 2010-11-03 18:35 -------- d-----w- c:\program files\Alwil Software
2010-11-03 09:29 . 2010-11-03 09:29 -------- d-----w- c:\users\Heather\AppData\Local\Sophos
2010-10-22 16:58 . 2010-10-22 16:58 -------- d-----w- c:\users\Heather\AppData\Roaming\InterVideo
2010-10-22 15:14 . 2010-11-12 16:21 -------- d-----w- c:\users\Heather\AppData\Roaming\gtk-2.0
2010-10-22 15:13 . 2010-10-22 15:13 -------- d-----w- c:\users\Heather\.thumbnails
2010-10-22 14:55 . 2010-11-12 16:21 -------- d-----w- c:\users\Heather\.gimp-2.6
2010-10-21 11:57 . 2010-10-21 12:03 -------- d-----w- c:\programdata\Ricoh
2010-10-21 11:56 . 2010-07-13 18:03 54272 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\EUDMPP32.DLL
2010-10-21 11:31 . 2010-10-26 20:46 -------- d-----w- C:\temp
2010-10-21 09:55 . 2010-10-21 09:55 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-10-21 09:55 . 2010-10-21 09:55 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-10-21 09:55 . 2010-10-21 09:55 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-10-21 09:55 . 2010-10-21 09:55 24064 ----a-w- c:\windows\system32\lpk.dll
2010-10-21 09:55 . 2010-10-21 09:55 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-10-21 09:55 . 2010-10-21 09:55 10240 ----a-w- c:\windows\system32\dciman32.dll
2010-10-21 09:52 . 2010-10-21 09:52 134144 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2010-10-21 09:52 . 2010-10-21 09:52 56320 ----a-w- c:\windows\system32\iesetup.dll
2010-10-21 09:52 . 2010-10-21 09:52 301568 ----a-w- c:\program files\Internet Explorer\ieuser.exe
2010-10-21 09:50 . 2010-10-21 09:50 28672 ----a-w- c:\windows\system32\FwRemoteSvr.dll
2010-10-21 09:50 . 2010-10-21 09:50 61440 ----a-w- c:\windows\system32\winipsec.dll
2010-10-21 09:50 . 2010-10-21 09:50 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2010-10-21 09:50 . 2010-10-21 09:50 272896 ----a-w- c:\windows\system32\polstore.dll
2010-10-21 09:49 . 2010-10-21 09:49 84992 ----a-w- c:\windows\system32\drivers\srvnet.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-11 21:37 . 2010-11-11 21:37 36864 ----a-w- c:\windows\system32\drivers\en-US\http.sys.mui
2010-11-10 07:40 . 2010-11-10 07:40 5632 ----a-w- c:\windows\system32\drivers\en-US\sermouse.sys.mui
2010-11-10 07:40 . 2010-11-10 07:40 4608 ----a-w- c:\windows\system32\drivers\en-US\mouclass.sys.mui
2010-11-10 07:40 . 2010-11-10 07:40 4608 ----a-w- c:\windows\system32\drivers\en-US\kbdclass.sys.mui
2010-11-10 07:40 . 2010-11-10 07:40 3072 ----a-w- c:\windows\system32\drivers\en-US\mouhid.sys.mui
2010-11-10 07:40 . 2010-11-10 07:40 3072 ----a-w- c:\windows\system32\drivers\en-US\kbdhid.sys.mui
2010-11-10 07:40 . 2010-11-10 07:40 10752 ----a-w- c:\windows\system32\drivers\en-US\i8042prt.sys.mui
2010-11-10 07:37 . 2010-11-10 07:37 40960 ----a-w- c:\windows\apppatch\apihex86.dll
2010-10-21 09:53 . 2010-10-21 09:53 52736 ----a-w- c:\windows\apppatch\iebrshim.dll
2010-10-21 08:38 . 2010-10-21 08:38 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2010-10-21 08:38 . 2010-10-21 08:38 2143744 ----a-w- c:\windows\apppatch\AcGenral.dll
2010-10-21 08:38 . 2010-10-21 08:38 537600 ----a-w- c:\windows\apppatch\AcLayers.dll
2010-10-21 08:38 . 2010-10-21 08:38 449024 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2010-10-21 08:38 . 2010-10-21 08:38 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2010-10-12 08:20 . 2010-10-12 08:20 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-11 23:50 . 2010-10-11 23:50 56 ----a-w- c:\windows\system32\IHV_Install.bat
2010-09-08 10:17 . 2010-09-08 10:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 10:17 . 2010-09-08 10:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-10-12 14:16 . 2010-10-12 14:16 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Heather\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Heather\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Heather\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2006-12-04 00:03 2854912 ----a-w- c:\program files\Protector Suite QL\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2006-12-04 00:03 2854912 ----a-w- c:\program files\Protector Suite QL\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2007-05-18 430080]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-10-11 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-09-11 180224]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-13 6139904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-27 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-27 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-27 133912]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2006-12-03 49168]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872]
"TOSDCR"="c:\program files\TOSHIBA\PasswordUtility\TOSDCR.exe" [2007-01-10 174200]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 411192]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-08 55416]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-16 448080]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-05-23 538744]
"NDSTray.exe"="NDSTray.exe" [BU]
"TosAutLk"="c:\program files\TOSHIBA\WirelessKeyLogon\TosAutLk.exe" [2007-06-14 116304]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-10-12 30192]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-09-24 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"lxdrmon.exe"="c:\program files\Lexmark 4900 Series\lxdrmon.exe" [2008-05-21 676520]
"EzPrint"="c:\program files\Lexmark 4900 Series\ezprint.exe" [2008-05-21 131752]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]

c:\users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Heather\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-10-14 2049344]
WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-10-14 9085760]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-12-03 23:50 90112 ----a-w- c:\windows\System32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll c:\windows\System32\acaptuser32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /M:24a6967168

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^Heather^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^6t5jjej.exe]
path=c:\users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6t5jjej.exe
backup=c:\windows\pss\6t5jjej.exe.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Heather^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^flffaqql.exe]
path=c:\users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\flffaqql.exe
backup=c:\windows\pss\flffaqql.exe.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Heather^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^h0xshh6xh.exe]
path=c:\users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\h0xshh6xh.exe
backup=c:\windows\pss\h0xshh6xh.exe.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Heather^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^hxmhcsccs.exe]
path=c:\users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hxmhcsccs.exe
backup=c:\windows\pss\hxmhcsccs.exe.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Heather^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^mhmhmh6c27s.exe]
path=c:\users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mhmhmh6c27s.exe
backup=c:\windows\pss\mhmhmh6c27s.exe.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Heather^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^s6s2x5cxs07.exe]
path=c:\users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\s6s2x5cxs07.exe
backup=c:\windows\pss\s6s2x5cxs07.exe.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Heather^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^vfv9qqlllv.exe]
path=c:\users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vfv9qqlllv.exe
backup=c:\windows\pss\vfv9qqlllv.exe.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-11-08 135664]
R2 lxdrCATSCustConnectService;lxdrCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxdrserv.exe [2009-10-16 94208]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-10-12 30192]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2007-04-27 21504]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2007-09-03 13336]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S2 lxdr_device;lxdr_device;c:\windows\system32\lxdrcoms.exe [2009-10-16 589824]
S2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-10-14 98304]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
Contents of the 'Scheduled Tasks' folder

2010-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-08 16:09]

2010-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-08 16:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.toshibadirect.com/dpdstart
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
Trusted Zone: lcl.fr\particuliers.secure
TCP: {00F55210-54E0-4585-96BD-3901E5060224} = 139.124.203.194,139.124.1.2
DPF: {4EFE4BE8-8771-4649-B3EF-D97374C8D2C2} - hxxps://particuliers.secure.lcl.fr/v_1.0/img/akl/FormProtect.cab
FF - ProfilePath - c:\users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\xabjiqfb.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-15 14:21
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i?????{?1O????? ??????@???X???p?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(2544)
c:\users\Heather\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
c:\program files\Protector Suite QL\farchns.dll
c:\program files\Protector Suite QL\infra.dll
.
Completion time: 2010-11-15 14:25:10
ComboFix-quarantined-files.txt 2010-11-15 13:25
ComboFix2.txt 2010-11-14 21:35

Pre-Run: 56,117,694,464 bytes free
Post-Run: 55,875,997,696 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=9 Sets=1,2,3,4,5,6,7,8,9
- - End Of File - - 8DDBB65D49F27FD98362824A4A3E771A

#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,831 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:56 AM

Posted 15 November 2010 - 10:17 AM

Reboot your computer once and things should be okay. :)

Please run the following as a CFScript:

Registry::
[-HKLM\~\startupfolder\C:^Users^Heather^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^6t5jjej.exe]
[-HKLM\~\startupfolder\C:^Users^Heather^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^flffaqql.exe]
[-HKLM\~\startupfolder\C:^Users^Heather^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^h0xshh6xh.exe]
[-HKLM\~\startupfolder\C:^Users^Heather^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^hxmhcsccs.exe]
[-HKLM\~\startupfolder\C:^Users^Heather^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^mhmhmh6c27s.exe]
[-HKLM\~\startupfolder\C:^Users^Heather^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^s6s2x5cxs07.exe]
[-HKLM\~\startupfolder\C:^Users^Heather^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^vfv9qqlllv.exe]

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 etche_homo

etche_homo
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 15 November 2010 - 11:30 AM

Looking better!

ComboFix 10-11-13.01 - Heather 11/15/2010 16:43:43.4.2 - x86
Microsoft® Windows Vista™ Business 6.0.6000.0.1252.1.1033.18.2038.1078 [GMT 1:00]
Running from: c:\users\Heather\Desktop\ComboFix.exe
Command switches used :: c:\users\Heather\Desktop\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Norton 360 *On-access scanning enabled* (Updated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
FW: Norton 360 *enabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}
SP: avast! Antivirus *disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Norton 360 *enabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-10-15 to 2010-11-15 )))))))))))))))))))))))))))))))
.

2010-11-15 15:51 . 2010-11-15 15:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-15 07:31 . 2010-10-18 07:41 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0CBA211E-0BEB-46E6-9BA7-0A1E72B14DE0}\mpengine.dll
2010-11-15 07:23 . 2010-11-15 07:23 -------- d-----w- c:\programdata\WD_SmartWareCommon
2010-11-14 13:49 . 2010-11-14 13:49 -------- d-----w- c:\windows\system32\Purple
2010-11-11 21:41 . 2010-11-11 21:41 378368 ----a-w- c:\windows\system32\winhttp.dll
2010-11-11 21:07 . 2010-11-11 21:07 -------- d-----w- c:\users\Heather\AppData\Local\Apple Computer
2010-11-11 21:07 . 2010-11-11 21:07 -------- d-----w- c:\users\Heather\AppData\Roaming\Apple Computer
2010-11-11 21:02 . 2010-11-11 21:02 -------- d-----w- c:\programdata\Apple Computer
2010-11-11 20:59 . 2010-11-11 20:59 -------- d-----w- c:\program files\Common Files\Apple
2010-11-11 20:59 . 2010-11-11 20:59 -------- d-----w- c:\users\Heather\AppData\Local\Apple
2010-11-11 20:59 . 2010-11-11 20:59 -------- d-----w- c:\program files\Apple Software Update
2010-11-11 20:59 . 2010-11-11 20:59 -------- d-----w- c:\programdata\Apple
2010-11-11 20:50 . 2010-11-11 20:50 -------- d-----w- c:\program files\Common Files\Risxtd
2010-11-11 20:49 . 2010-11-11 20:51 -------- d-----w- c:\program files\EndNote 9
2010-11-11 20:48 . 2010-11-11 20:48 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-11-10 07:46 . 2010-11-10 07:46 268800 ----a-w- c:\windows\system32\es.dll
2010-11-10 07:46 . 2010-11-10 07:46 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-11-10 07:46 . 2010-11-10 07:46 696832 ----a-w- c:\windows\system32\localspl.dll
2010-11-10 07:45 . 2010-11-10 07:45 45112 ----a-w- c:\windows\system32\drivers\pciidex.sys
2010-11-10 07:45 . 2010-11-10 07:45 21560 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-11-10 07:45 . 2010-11-10 07:45 211000 ----a-w- c:\windows\system32\drivers\volsnap.sys
2010-11-10 07:45 . 2010-11-10 07:45 17976 ----a-w- c:\windows\system32\drivers\intelide.sys
2010-11-10 07:45 . 2010-11-10 07:45 154624 ----a-w- c:\windows\system32\drivers\nwifi.sys
2010-11-10 07:45 . 2010-11-10 07:45 110136 ----a-w- c:\windows\system32\drivers\ataport.sys
2010-11-10 07:45 . 2010-11-10 07:45 2923520 ----a-w- c:\windows\explorer.exe
2010-11-10 07:44 . 2010-11-10 07:44 171520 ----a-w- c:\windows\system32\wintrust.dll
2010-11-10 07:44 . 2010-11-10 07:44 494592 ----a-w- c:\windows\system32\kerberos.dll
2010-11-10 07:44 . 2010-11-10 07:44 272384 ----a-w- c:\windows\system32\schannel.dll
2010-11-10 07:44 . 2010-11-10 07:44 24064 ----a-w- c:\windows\system32\netcfg.exe
2010-11-10 07:40 . 2010-11-10 07:40 1585664 ----a-w- c:\windows\system32\setupapi.dll
2010-11-10 07:39 . 2010-11-10 07:39 549888 ----a-w- c:\windows\system32\rpcss.dll
2010-11-10 07:39 . 2010-11-10 07:39 654336 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2010-11-10 07:39 . 2010-11-10 07:39 24576 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2010-11-10 07:39 . 2010-11-10 07:39 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2010-11-10 07:39 . 2010-11-10 07:39 501760 ----a-w- c:\windows\system32\wbem\WmiPrvSD.dll
2010-11-10 07:39 . 2010-11-10 07:39 247296 ----a-w- c:\windows\system32\wbem\WmiPrvSE.exe
2010-11-10 07:39 . 2010-11-10 07:39 130560 ----a-w- c:\windows\system32\wbem\WmiDcPrv.dll
2010-11-10 07:39 . 2010-11-10 07:39 97280 ----a-w- c:\windows\system32\iasrecst.dll
2010-11-10 07:39 . 2010-11-10 07:39 53248 ----a-w- c:\windows\system32\iasads.dll
2010-11-10 07:39 . 2010-11-10 07:39 37888 ----a-w- c:\windows\system32\iasdatastore.dll
2010-11-10 07:39 . 2010-11-10 07:39 158720 ----a-w- c:\windows\system32\sdohlp.dll
2010-11-10 07:38 . 2010-11-10 07:38 62464 ----a-w- c:\windows\system32\l3codeca.acm
2010-11-10 07:38 . 2010-11-10 07:38 220672 ----a-w- c:\windows\system32\l3codecp.acm
2010-11-10 07:38 . 2010-11-10 07:38 815104 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-11-10 07:38 . 2010-11-10 07:38 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-11-10 07:38 . 2010-11-10 07:38 22016 ----a-w- c:\windows\system32\netiougc.exe
2010-11-10 07:38 . 2010-11-10 07:38 179712 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-11-10 07:38 . 2010-11-10 07:38 167424 ----a-w- c:\windows\system32\tcpipcfg.dll
2010-11-10 07:38 . 2010-11-10 07:38 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS
2010-11-10 07:37 . 2010-11-10 07:37 454656 ----a-w- c:\program files\Common Files\System\msadc\msadce.dll
2010-11-10 07:37 . 2010-11-10 07:37 9728 ----a-w- c:\windows\system32\LAPRXY.DLL
2010-11-10 07:37 . 2010-11-10 07:37 223232 ----a-w- c:\windows\system32\WMASF.DLL
2010-11-10 07:37 . 2010-11-10 07:37 2048 ----a-w- c:\windows\system32\asferror.dll
2010-11-10 07:37 . 2010-11-10 07:37 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-11-10 07:37 . 2010-11-10 07:37 25600 ----a-w- c:\windows\system32\amxread.dll
2010-11-10 07:37 . 2010-11-10 07:37 14848 ----a-w- c:\windows\system32\apilogen.dll
2010-11-10 07:36 . 2010-11-10 07:36 425472 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2010-11-10 07:36 . 2010-11-10 07:36 712192 ----a-w- c:\windows\system32\WindowsCodecs.dll
2010-11-10 07:36 . 2010-11-10 07:36 347136 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2010-11-10 07:36 . 2010-11-10 07:36 97792 ----a-w- c:\windows\system32\cabview.dll
2010-11-08 16:08 . 2010-11-08 16:08 -------- d-----w- c:\users\Heather\AppData\Local\WindowsUpdate
2010-11-07 22:54 . 2010-11-08 05:30 -------- d-----w- C:\rsit
2010-11-05 21:59 . 2010-11-05 21:59 388096 ----a-r- c:\users\Heather\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-11-05 21:59 . 2010-11-05 21:59 -------- d-----w- c:\program files\Trend Micro
2010-11-05 11:14 . 2010-11-05 11:14 2031104 ----a-w- c:\windows\system32\win32k.sys
2010-11-05 11:12 . 2010-11-05 11:12 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys
2010-11-05 11:12 . 2010-11-05 11:12 14848 ----a-w- c:\windows\system32\wshrm.dll
2010-11-05 11:11 . 2010-11-05 11:11 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2010-11-05 11:11 . 2010-11-05 11:11 18432 ----a-w- c:\windows\system32\amcompat.tlb
2010-11-05 11:11 . 2010-11-05 11:11 43520 ----a-w- c:\windows\system32\msdxm.tlb
2010-11-05 11:10 . 2010-11-05 11:10 66048 ----a-w- c:\program files\Windows Sidebar\sbdrop.dll
2010-11-05 11:10 . 2010-11-05 11:10 1232896 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
2010-11-05 11:10 . 2010-11-05 11:10 11776 ----a-w- c:\windows\system32\sbunattend.exe
2010-11-05 11:09 . 2010-11-05 11:09 83968 ----a-w- c:\windows\system32\dnsrslvr.dll
2010-11-05 11:09 . 2010-11-05 11:09 24576 ----a-w- c:\windows\system32\dnscacheugc.exe
2010-11-05 11:05 . 2010-11-05 11:05 622080 ----a-w- c:\windows\system32\icardagt.exe
2010-11-05 11:05 . 2010-11-05 11:05 97800 ----a-w- c:\windows\system32\infocardapi.dll
2010-11-05 11:05 . 2010-11-05 11:05 37384 ----a-w- c:\windows\system32\infocardcpl.cpl
2010-11-05 11:05 . 2010-11-05 11:05 11264 ----a-w- c:\windows\system32\icardres.dll
2010-11-05 11:05 . 2010-11-05 11:05 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2010-11-05 11:05 . 2010-11-05 11:05 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2010-11-05 11:05 . 2010-11-05 11:05 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-11-05 11:05 . 2010-11-05 11:05 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2010-11-05 10:55 . 2010-11-05 10:55 96760 ----a-w- c:\windows\system32\dfshim.dll
2010-11-05 10:55 . 2010-11-05 10:55 41984 ----a-w- c:\windows\system32\netfxperf.dll
2010-11-05 10:55 . 2010-11-05 10:55 282112 ----a-w- c:\windows\system32\mscoree.dll
2010-11-05 10:55 . 2010-11-05 10:55 158720 ----a-w- c:\windows\system32\mscorier.dll
2010-11-05 10:54 . 2010-11-05 10:54 83968 ----a-w- c:\windows\system32\mscories.dll
2010-11-04 09:25 . 2010-11-04 09:25 -------- d-----w- c:\users\Heather\AppData\Roaming\Malwarebytes
2010-11-04 09:25 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-04 09:25 . 2010-11-04 09:25 -------- d-----w- c:\programdata\Malwarebytes
2010-11-04 09:25 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-04 09:25 . 2010-11-04 09:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-03 21:29 . 2010-11-03 21:29 -------- d-----w- c:\program files\CCleaner
2010-11-03 21:13 . 2010-09-07 15:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-11-03 21:13 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-11-03 21:13 . 2010-09-07 15:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-11-03 21:13 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-11-03 21:13 . 2010-09-07 15:47 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-11-03 21:13 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
2010-11-03 21:13 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-11-03 18:35 . 2010-11-03 18:35 -------- d-----w- c:\programdata\Alwil Software
2010-11-03 18:35 . 2010-11-03 18:35 -------- d-----w- c:\program files\Alwil Software
2010-11-03 09:29 . 2010-11-03 09:29 -------- d-----w- c:\users\Heather\AppData\Local\Sophos
2010-10-22 16:58 . 2010-10-22 16:58 -------- d-----w- c:\users\Heather\AppData\Roaming\InterVideo
2010-10-22 15:14 . 2010-11-12 16:21 -------- d-----w- c:\users\Heather\AppData\Roaming\gtk-2.0
2010-10-22 15:13 . 2010-10-22 15:13 -------- d-----w- c:\users\Heather\.thumbnails
2010-10-22 14:55 . 2010-11-12 16:21 -------- d-----w- c:\users\Heather\.gimp-2.6
2010-10-21 11:57 . 2010-10-21 12:03 -------- d-----w- c:\programdata\Ricoh
2010-10-21 11:56 . 2010-07-13 18:03 54272 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\EUDMPP32.DLL
2010-10-21 11:31 . 2010-10-26 20:46 -------- d-----w- C:\temp
2010-10-21 09:55 . 2010-10-21 09:55 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-10-21 09:55 . 2010-10-21 09:55 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-10-21 09:55 . 2010-10-21 09:55 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-10-21 09:55 . 2010-10-21 09:55 24064 ----a-w- c:\windows\system32\lpk.dll
2010-10-21 09:55 . 2010-10-21 09:55 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-10-21 09:55 . 2010-10-21 09:55 10240 ----a-w- c:\windows\system32\dciman32.dll
2010-10-21 09:52 . 2010-10-21 09:52 134144 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2010-10-21 09:52 . 2010-10-21 09:52 56320 ----a-w- c:\windows\system32\iesetup.dll
2010-10-21 09:52 . 2010-10-21 09:52 301568 ----a-w- c:\program files\Internet Explorer\ieuser.exe
2010-10-21 09:50 . 2010-10-21 09:50 28672 ----a-w- c:\windows\system32\FwRemoteSvr.dll
2010-10-21 09:50 . 2010-10-21 09:50 61440 ----a-w- c:\windows\system32\winipsec.dll
2010-10-21 09:50 . 2010-10-21 09:50 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2010-10-21 09:50 . 2010-10-21 09:50 272896 ----a-w- c:\windows\system32\polstore.dll
2010-10-21 09:49 . 2010-10-21 09:49 84992 ----a-w- c:\windows\system32\drivers\srvnet.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-11 21:37 . 2010-11-11 21:37 36864 ----a-w- c:\windows\system32\drivers\en-US\http.sys.mui
2010-11-10 07:40 . 2010-11-10 07:40 5632 ----a-w- c:\windows\system32\drivers\en-US\sermouse.sys.mui
2010-11-10 07:40 . 2010-11-10 07:40 4608 ----a-w- c:\windows\system32\drivers\en-US\mouclass.sys.mui
2010-11-10 07:40 . 2010-11-10 07:40 4608 ----a-w- c:\windows\system32\drivers\en-US\kbdclass.sys.mui
2010-11-10 07:40 . 2010-11-10 07:40 3072 ----a-w- c:\windows\system32\drivers\en-US\mouhid.sys.mui
2010-11-10 07:40 . 2010-11-10 07:40 3072 ----a-w- c:\windows\system32\drivers\en-US\kbdhid.sys.mui
2010-11-10 07:40 . 2010-11-10 07:40 10752 ----a-w- c:\windows\system32\drivers\en-US\i8042prt.sys.mui
2010-11-10 07:37 . 2010-11-10 07:37 40960 ----a-w- c:\windows\apppatch\apihex86.dll
2010-10-21 09:53 . 2010-10-21 09:53 52736 ----a-w- c:\windows\apppatch\iebrshim.dll
2010-10-21 08:38 . 2010-10-21 08:38 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2010-10-21 08:38 . 2010-10-21 08:38 2143744 ----a-w- c:\windows\apppatch\AcGenral.dll
2010-10-21 08:38 . 2010-10-21 08:38 537600 ----a-w- c:\windows\apppatch\AcLayers.dll
2010-10-21 08:38 . 2010-10-21 08:38 449024 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2010-10-21 08:38 . 2010-10-21 08:38 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2010-10-12 08:20 . 2010-10-12 08:20 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-11 23:50 . 2010-10-11 23:50 56 ----a-w- c:\windows\system32\IHV_Install.bat
2010-09-08 10:17 . 2010-09-08 10:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 10:17 . 2010-09-08 10:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-10-12 14:16 . 2010-10-12 14:16 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Heather\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Heather\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Heather\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2006-12-04 00:03 2854912 ----a-w- c:\program files\Protector Suite QL\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2006-12-04 00:03 2854912 ----a-w- c:\program files\Protector Suite QL\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2007-05-18 430080]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-10-11 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-09-11 180224]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-13 6139904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-27 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-27 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-27 133912]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2006-12-03 49168]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872]
"TOSDCR"="c:\program files\TOSHIBA\PasswordUtility\TOSDCR.exe" [2007-01-10 174200]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 411192]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-08 55416]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-16 448080]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-05-23 538744]
"NDSTray.exe"="NDSTray.exe" [BU]
"TosAutLk"="c:\program files\TOSHIBA\WirelessKeyLogon\TosAutLk.exe" [2007-06-14 116304]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-10-12 30192]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-09-24 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"lxdrmon.exe"="c:\program files\Lexmark 4900 Series\lxdrmon.exe" [2008-05-21 676520]
"EzPrint"="c:\program files\Lexmark 4900 Series\ezprint.exe" [2008-05-21 131752]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]

c:\users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Heather\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-10-14 2049344]
WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-10-14 9085760]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-12-03 23:50 90112 ----a-w- c:\windows\System32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll c:\windows\System32\acaptuser32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /M:24a6967168

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-11-08 135664]
R2 lxdrCATSCustConnectService;lxdrCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxdrserv.exe [2009-10-16 94208]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-10-12 30192]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2007-04-27 21504]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2007-09-03 13336]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S2 lxdr_device;lxdr_device;c:\windows\system32\lxdrcoms.exe [2009-10-16 589824]
S2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-10-14 98304]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
Contents of the 'Scheduled Tasks' folder

2010-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-08 16:09]

2010-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-08 16:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.toshibadirect.com/dpdstart
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
Trusted Zone: lcl.fr\particuliers.secure
TCP: {00F55210-54E0-4585-96BD-3901E5060224} = 139.124.203.194,139.124.1.2
DPF: {4EFE4BE8-8771-4649-B3EF-D97374C8D2C2} - hxxps://particuliers.secure.lcl.fr/v_1.0/img/akl/FormProtect.cab
FF - ProfilePath - c:\users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\xabjiqfb.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-15 16:51
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i?????{?1O????? ??????@???X???p?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(3476)
c:\users\Heather\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
c:\program files\Protector Suite QL\farchns.dll
c:\program files\Protector Suite QL\infra.dll
.
Completion time: 2010-11-15 16:53:18
ComboFix-quarantined-files.txt 2010-11-15 15:53
ComboFix2.txt 2010-11-15 13:25
ComboFix3.txt 2010-11-14 21:35

Pre-Run: 55,960,076,288 bytes free
Post-Run: 55,720,423,424 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=9 Sets=1,2,3,4,5,6,7,8,9
- - End Of File - - 87742E79FBCF467382FBD7350B844F26

#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,831 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:56 AM

Posted 15 November 2010 - 12:12 PM

Please launch OTL, click the NONE button, and then change the value under Extra Registry to "use safelist". Click Run Scan. Post me extra.txt

How are things running now?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 etche_homo

etche_homo
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 15 November 2010 - 02:58 PM

Things start slowly, but seem to be functional. I probably just need to clean up my startup files. I am not sure about all the errors at the end, but it seems to not be virus/worm/etc-related.

Here's OTC's extras:

OTL Extras logfile created on: 11/15/2010 8:49:41 PM - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Heather\Desktop
Windows Vista Business Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 46.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 104.41 Gb Total Space | 51.20 Gb Free Space | 49.04% Space Free | Partition Type: NTFS
Drive D: | 38.19 Gb Total Space | 4.86 Gb Free Space | 12.72% Space Free | Partition Type: NTFS
Drive E: | 1.89 Gb Total Space | 0.93 Gb Free Space | 49.32% Space Free | Partition Type: FAT

Computer Name: HEATHER-PC | User Name: Heather | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine -- (TOSHIBA Corporation)
"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- ()


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06CE0B4B-3C2D-42AE-ACC2-0AFAB6698FB2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0912D1FE-3C60-4495-9402-3C90499DA35E}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{182FFEEB-DC47-490D-8279-A4847EA865AD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4636F718-3D19-4F66-BE6B-C1DFEE771F48}" = lport=138 | protocol=17 | dir=in | app=system |
"{54BCBC1B-0EFB-4032-AA96-BD3806761C86}" = lport=445 | protocol=6 | dir=in | app=system |
"{5AC032D2-402D-49FC-97A7-EA356A13AA5A}" = rport=139 | protocol=6 | dir=out | app=system |
"{5C124D27-960E-46A3-8C9D-014D12214CF0}" = rport=138 | protocol=17 | dir=out | app=system |
"{79703F7E-D5E4-497E-91F0-FA5CC1C3BB6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{8DCC451C-F249-445C-B978-4B4BBBF23CCD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B345CA3C-D53A-45CC-B99C-0469CF3A6480}" = rport=137 | protocol=17 | dir=out | app=system |
"{B8A5063D-97F3-4482-966A-8331EACFF2B7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{EA9CB59A-6373-4735-84AE-06415344B730}" = lport=139 | protocol=6 | dir=in | app=system |
"{EC8D6064-594D-43C5-A193-8A0152E31648}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{FF0EB039-C657-45CF-9ED7-C3A1C77D7E35}" = lport=137 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E6AAF58-DB05-44D9-8918-B0FA03E57488}" = protocol=6 | dir=in | app=c:\windows\system32\lxdrcoms.exe |
"{0EB725A9-AEE3-48B4-924C-BFA3B471B1D2}" = protocol=17 | dir=in | app=c:\windows\system32\lxdrcoms.exe |
"{19BA9A2A-C39D-4E80-90BD-4487D1184BE3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{21D26F6A-457C-4D70-B2D4-D2A9A65F2DAD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3B908F35-B5AD-4392-927A-13B896C8B492}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{5413D5D7-ACAB-4786-A565-4AEB5ED579A3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{597ADA9E-28D9-4B5D-9F7A-F2950E8777F5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{777EEA66-3A58-41B3-BA1D-2F2E6C5E5994}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdrpswx.exe |
"{94606F21-BF09-4226-8971-D6CD529239BF}" = protocol=17 | dir=in | app=c:\users\heather\appdata\roaming\dropbox\bin\dropbox.exe |
"{AC183FFB-365C-46AF-8745-9A6BBD02889B}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdrpswx.exe |
"{C4B6E039-F73F-4AFA-AA9D-902DC9C3FF07}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{EEBC4605-2852-48F7-AA0D-897C34349517}" = protocol=6 | dir=in | app=c:\users\heather\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{E701DF1C-2723-4CF3-BFE1-1D91BD65828C}C:\users\heather\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\heather\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{5461AA16-44A8-4306-9154-14AC7DA704A3}C:\users\heather\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\heather\appdata\roaming\dropbox\bin\dropbox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A5C09CE-C6F7-4183-858A-527077575BAD}" = OZ776 SCR Driver V1.1.4.2
"{10113A44-CBFF-4FF7-8A13-BD1EC4180C56}" = Protector Suite QL 5.6
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for TOSHIBA
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 22
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3AAA33B1-908B-42B0-A766-6EF3D15D8CE3}" = TOSHIBA Mic Effect MUI
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53C020C2-8C1A-11D9-8BDE-F66BAD1E3F3A}" = EndNote 9 Volume License Edition
"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.5
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{BBF5493A-05FB-4449-90DE-84A61EB78154}" = TOSHIBA SD Memory Boot Utility
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{C97627DD-D22F-4828-B74B-19933E97D79F}" = Type3350 TWAIN Driver Ver.4
"{CD0DC280-2489-4464-A2FC-16104676394A}" = WD SmartWare
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E1E502E2-C006-49DB-9C0C-F2196E51826F}_is1" = Rootkit Unhooker LE 3.8 SR 2
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}" = mCore
"{FC4C645F-8EBC-4F1E-A517-D1505B43A374}" = TOSHIBA Wireless Key Logon
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast5" = avast! Free Antivirus
"CCleaner" = CCleaner (remove only)
"Google Desktop" = Google Desktop
"HDMI" = Intel® Graphics Media Accelerator Driver
"InstallShield_{0A5C09CE-C6F7-4183-858A-527077575BAD}" = OZ776 SCR Driver V1.1.4.2
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for TOSHIBA
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"ISI ResearchSoft - Export Helper" = ISI ResearchSoft - Export Helper
"LAN-Fax Utilities" = LAN-Fax Utilities
"Lexmark 4900 Series" = Lexmark 4900 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MozBackup" = MozBackup 1.4.10
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"Mozilla Thunderbird (3.1.6)" = Mozilla Thunderbird (3.1.6)
"Picasa2" = Picasa 2
"ProInst" = Intel® PROSet/Wireless Software
"PROSet" = Intel® PRO Network Connections Drivers
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/14/2010 3:40:31 PM | Computer Name = Heather-PC | Source = WerSvc | ID = 5007
Description =

Error - 11/14/2010 5:21:42 PM | Computer Name = Heather-PC | Source = Google Update | ID = 20
Description =

Error - 11/14/2010 5:25:22 PM | Computer Name = Heather-PC | Source = WerSvc | ID = 5007
Description =

Error - 11/14/2010 5:31:43 PM | Computer Name = Heather-PC | Source = Google Update | ID = 20
Description =

Error - 11/15/2010 3:22:33 AM | Computer Name = Heather-PC | Source = WerSvc | ID = 5007
Description =

Error - 11/15/2010 9:10:00 AM | Computer Name = Heather-PC | Source = WerSvc | ID = 5007
Description =

Error - 11/15/2010 11:10:01 AM | Computer Name = Heather-PC | Source = WerSvc | ID = 5007
Description =

Error - 11/15/2010 11:37:59 AM | Computer Name = Heather-PC | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.2.3951, time stamp 0x4cc7ae16,
faulting module Acrobat.dll, version 9.0.0.332, time stamp 0x4850e755, exception
code 0xc0000005, fault offset 0x0013111c, process id 0xa64, application start time
0x01cb84cf5123c961.

Error - 11/15/2010 12:23:00 PM | Computer Name = Heather-PC | Source = WerSvc | ID = 5007
Description =

Error - 11/15/2010 2:04:04 PM | Computer Name = Heather-PC | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 11/10/2010 3:33:49 AM | Computer Name = Heather-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 11/10/2010 3:33:49 AM | Computer Name = Heather-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 11/10/2010 3:33:49 AM | Computer Name = Heather-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 11/10/2010 3:33:49 AM | Computer Name = Heather-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 11/10/2010 3:33:49 AM | Computer Name = Heather-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 11/10/2010 3:33:49 AM | Computer Name = Heather-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 11/10/2010 3:33:49 AM | Computer Name = Heather-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 11/10/2010 3:33:49 AM | Computer Name = Heather-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 11/10/2010 3:33:49 AM | Computer Name = Heather-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 11/10/2010 3:33:49 AM | Computer Name = Heather-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =


< End of report >

#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,831 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:56 AM

Posted 15 November 2010 - 03:45 PM

Please launch Malwarebytes Antimalware, update it and run a full scan. Post me the resulting log.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users