Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible rootkit / trojan overtaking computer


  • This topic is locked This topic is locked
19 replies to this topic

#1 Nemo_one

Nemo_one

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 14 December 2010 - 03:13 PM

Hello,

I have been surfing the Web few days ago, and landed on thermaltakeusa.com aspx page when a pop-up menu poped saying: "U're next", and web page background said "Hacked by Coiff" ... something. I've had AVG Free 2011 antivirus + malwarebyte anti-malware, and fully scanned computer, but there were no infections found.
Afterwards, i couldnt update AVG (update failed, general error).

I have two partitions (C:, D:) on my hard disk, and i've formatted C: (full NTFS format) and had Windows Xp Pro reinstalled.
After that AVG installed normally, but still couldnt update. I installed trial version of Kaspersky Internet security 2011 and there were no infections, but there were some strange files on D: partition D:/RECYCLED/D3d.exe/WISE0017.bin, but Kaspersky didnt find any infections).

OS is WIndows XP Pro SP3
Kaspersky Internet security 2011 + Malware byte anti malware.

Since, i couldnt update AVG, and im experiencing suspicious network speed slowdowns, im worried if some rootkit / trojan is present (in MBR??)

Many thanks in advance.

DDS log

DDS (Ver_10-12-12.02) - NTFSx86
Run by Nemo at 22:10:29,70 on uto 14.12.2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1250.385.1033.18.3325.2666 [GMT 1:00]

AV: Kaspersky Internet Security *Enabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\idt\intelxpv_v103\wdm\STacSV.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtblfs.exe
C:\Documents and Settings\Nemo\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = www.google.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2011\ievkbd.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2011\avp.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2011\ie_banner_deny.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll,c:\progra~1\kasper~1\kasper~1\kloehk.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\nemo\applic~1\mozilla\firefox\profiles\qmsyy7yb.default\
FF - component: c:\program files\mozilla firefox\extensions\kavantibanner@kaspersky.ru\components\abhelperxpcom.dll
FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Anti-Banner: KavAntiBanner@Kaspersky.ru - c:\program files\mozilla firefox\extensions\KavAntiBanner@Kaspersky.ru
FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru

============= SERVICES / DRIVERS ===============

R0 kl1;kl1;c:\windows\system32\drivers\kl1.sys [2010-6-9 132184]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2010-6-9 11352]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2010-12-14 475736]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 2011\avp.exe [2010-11-2 365336]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2010-5-7 32856]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2010-12-13 21992]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19472]

=============== Created Last 30 ================

2010-12-14 20:35:54 -------- d-----w- c:\docume~1\nemo\locals~1\applic~1\Temp
2010-12-14 20:34:34 -------- d-----w- c:\docume~1\nemo\locals~1\applic~1\Adobe
2010-12-14 19:55:53 -------- d-----w- c:\docume~1\alluse~1\applic~1\Canneverbe Limited
2010-12-14 19:55:52 -------- d-----w- c:\docume~1\nemo\applic~1\Canneverbe Limited
2010-12-14 19:55:45 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2010-12-14 16:13:38 109240 ----a-w- c:\program files\mozilla firefox\extensions\kavantibanner@kaspersky.ru\components\abhelperxpcom.dll
2010-12-14 16:13:37 150200 ----a-w- c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
2010-12-14 16:13:32 97859 ----a-w- c:\windows\system32\drivers\klick.dat
2010-12-14 16:13:32 114243 ----a-w- c:\windows\system32\drivers\klin.dat
2010-12-14 16:12:58 -------- d-----w- c:\program files\Kaspersky Lab
2010-12-14 16:12:58 -------- d-----w- c:\docume~1\alluse~1\applic~1\Kaspersky Lab
2010-12-14 16:11:45 -------- d-----w- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
2010-12-14 09:48:25 -------- d-sh--w- c:\documents and settings\nemo\IECompatCache
2010-12-13 23:04:42 -------- d-----w- c:\docume~1\nemo\applic~1\SUPERAntiSpyware.com
2010-12-13 23:04:42 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-12-13 23:04:34 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-12-13 22:00:48 -------- d-sh--w- c:\documents and settings\nemo\PrivacIE

==================== Find3M ====================

2010-12-13 21:31:35 0 ----a-w- c:\windows\ativpsrm.bin
2010-10-05 19:27:04 228024 ----a-w- c:\windows\system32\klogon.dll
2010-09-18 11:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll

============= FINISH: 22:11:31,12 ===============

Attached Files


Edited by Nemo_one, 14 December 2010 - 04:25 PM.


BC AdBot (Login to Remove)

 


#2 Nemo_one

Nemo_one
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 18 December 2010 - 01:47 AM

anyone?

#3 Nemo_one

Nemo_one
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 19 December 2010 - 09:08 AM

HiijackThis log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:04:58, on 19.12.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\idt\intelxpv_v103\wdm\STacSV.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Documents and Settings\Nemo\My Documents\Downloads\HijackThis.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\intelxpv_v103\wdm\STacSV.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

--
End of file - 3922 bytes

#4 Judicandus

Judicandus

    Bleepin' Pasta


  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Around the world
  • Local time:04:13 AM

Posted 23 December 2010 - 10:49 AM

Hello and welcome to Bleeping Computer

I'm judicandus and I'll be helping you out.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.

Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.

Please post a DDS log and Gmer log. For instructions please read this post:
http://www.bleepingcomputer.com/forums/topic34773.html

Then,


  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\TDSSKiller folder). Please copy and paste the contents of that file here.


#5 Nemo_one

Nemo_one
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 28 December 2010 - 02:33 PM

Hello,

i'm sorry for the reply delay, i thought this topic was forgotten.

Thank you for your help! I have reinstalled Windows, but "the slow down" problem is still present.

Here are DDS and Gmer logs.


DDS (Ver_10-12-12.02) - NTFSx86
Run by Nemo at 19:47:23,43 on uto 28.12.2010
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1250.385.1033.18.3325.2662 [GMT 1:00]

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\idt\intelxpv_v103\wdm\STacSV.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
svchost.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Documents and Settings\Nemo\Desktop\dds.scr

============== Pseudo HJT Report ===============

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\nemo\applic~1\mozilla\firefox\profiles\vsj5t9ik.default\
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg10\Firefox

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2010-11-23 6128208]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2010-12-16 21992]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

=============== Created Last 30 ================

2010-12-20 16:28:10 -------- d-----w- c:\docume~1\alluse~1\applic~1\Protexis
2010-12-20 16:26:36 348256 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\vstahost\coreldraw\9.0\1033\ResourceCache.dll
2010-12-20 16:26:18 416 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\msdn\9.0\1033\ResourceCache.dll
2010-12-20 16:26:15 -------- d-----w- c:\docume~1\nemo\locals~1\applic~1\Microsoft Help
2010-12-20 16:25:06 -------- d-----w- c:\program files\common files\Corel
2010-12-20 16:24:51 -------- d-----w- c:\program files\common files\Protexis
2010-12-20 16:24:50 -------- d-----w- c:\docume~1\alluse~1\applic~1\Corel
2010-12-20 16:22:46 -------- d-----w- c:\program files\Corel
2010-12-20 15:40:13 -------- d-----w- c:\windows\system32\XPSViewer
2010-12-20 15:39:51 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-12-20 15:39:43 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-12-20 15:39:43 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-12-20 15:39:43 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-12-20 15:39:43 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-12-20 15:39:43 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-12-20 15:39:43 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-12-20 15:39:43 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-12-20 15:39:43 117760 ------w- c:\windows\system32\prntvpt.dll
2010-12-20 15:39:43 -------- d-----w- C:\fe5466a148aa3c76ce5d90aaadb7d3
2010-12-20 15:22:17 -------- d-----w- c:\docume~1\alluse~1\applic~1\CorelDRAW Graphics Suite X5
2010-12-19 17:33:52 -------- d-----w- c:\docume~1\nemo\locals~1\applic~1\Identities
2010-12-19 12:50:40 -------- d-----w- c:\program files\SpeedFan
2010-12-17 08:55:15 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2010-12-17 08:53:39 -------- d-----w- c:\docume~1\nemo\locals~1\applic~1\Temp
2010-12-16 22:47:51 -------- d-----w- c:\docume~1\nemo\applic~1\Canneverbe Limited
2010-12-16 22:47:51 -------- d-----w- c:\docume~1\alluse~1\applic~1\Canneverbe Limited
2010-12-16 22:47:46 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2010-12-16 22:43:48 -------- d-----w- c:\docume~1\nemo\applic~1\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-12-16 22:40:58 -------- d-----w- c:\docume~1\alluse~1\applic~1\regid.1986-12.com.adobe
2010-12-16 22:34:50 -------- d-----w- c:\docume~1\alluse~1\applic~1\ALM
2010-12-16 22:24:35 -------- d-----w- c:\docume~1\nemo\locals~1\applic~1\Adobe
2010-12-16 22:19:35 -------- d-----w- c:\program files\GRETECH
2010-12-16 22:18:51 165376 ----a-w- c:\windows\system32\unrar.dll
2010-12-16 22:18:49 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-12-16 22:16:13 -------- d-----w- c:\docume~1\nemo\applic~1\Malwarebytes
2010-12-16 22:16:08 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-16 22:16:08 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-12-16 22:16:05 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-16 22:16:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-16 22:15:28 -------- d-----w- c:\program files\uTorrent
2010-12-16 22:14:58 -------- d-----w- c:\docume~1\nemo\applic~1\uTorrent
2010-12-16 22:14:18 -------- d-----w- c:\docume~1\nemo\applic~1\AVG10
2010-12-16 22:13:58 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files
2010-12-16 22:13:30 -------- d-----w- c:\windows\system32\drivers\AVG
2010-12-16 22:13:30 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10
2010-12-16 22:13:10 -------- d-----w- c:\program files\AVG
2010-12-16 22:12:44 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2010-12-16 22:06:59 343040 -c----w- c:\windows\system32\dllcache\mspaint.exe
2010-12-16 22:03:54 253952 -c----w- c:\windows\system32\dllcache\es.dll
2010-12-16 22:03:50 74240 -c----w- c:\windows\system32\dllcache\mscms.dll
2010-12-16 22:02:08 361600 -c----w- c:\windows\system32\dllcache\tcpip.sys
2010-12-16 22:02:08 245248 -c----w- c:\windows\system32\dllcache\mswsock.dll
2010-12-16 22:02:08 226880 -c----w- c:\windows\system32\dllcache\tcpip6.sys
2010-12-16 22:02:08 147968 -c----w- c:\windows\system32\dllcache\dnsapi.dll
2010-12-16 22:02:08 138496 -c----w- c:\windows\system32\dllcache\afd.sys
2010-12-16 22:02:04 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-12-16 22:02:01 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-12-16 22:02:01 -------- d--h--w- c:\windows\$hf_mig$
2010-12-16 22:01:42 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-12-16 22:00:05 614992 ----a-w- c:\windows\system32\COMCTL32.OCX
2010-12-16 22:00:05 53248 ----a-w- c:\windows\system32\SSUBTMR6.DLL
2010-12-16 22:00:05 32584 ----a-w- c:\windows\system32\FM20ENU.DLL
2010-12-16 22:00:05 218432 ----a-w- c:\windows\system32\RICHTX32.OCX
2010-12-16 22:00:05 155984 ----a-w- c:\windows\system32\COMDLG32.OCX
2010-12-16 22:00:05 1146184 ----a-w- c:\windows\system32\FM20.DLL
2010-12-16 22:00:05 10752 ----a-w- c:\windows\system32\aamd532.dll
2010-12-16 22:00:05 1069376 ----a-w- c:\windows\system32\MSCOMCTL.OCX

==================== Find3M ====================

2010-12-16 21:22:29 0 ----a-w- c:\windows\ativpsrm.bin

============= FINISH: 19:47:31,32 ===============

Attached Files



#6 Nemo_one

Nemo_one
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 28 December 2010 - 02:36 PM

TDSKiller report:

2010/12/28 20:35:42.0671 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
2010/12/28 20:35:42.0671 ================================================================================
2010/12/28 20:35:42.0671 SystemInfo:
2010/12/28 20:35:42.0671
2010/12/28 20:35:42.0671 OS Version: 5.1.2600 ServicePack: 3.0
2010/12/28 20:35:42.0671 Product type: Workstation
2010/12/28 20:35:42.0671 ComputerName: HOME-419A041E07
2010/12/28 20:35:42.0671 UserName: Nemo
2010/12/28 20:35:42.0671 Windows directory: C:\WINDOWS
2010/12/28 20:35:42.0671 System windows directory: C:\WINDOWS
2010/12/28 20:35:42.0671 Processor architecture: Intel x86
2010/12/28 20:35:42.0671 Number of processors: 2
2010/12/28 20:35:42.0671 Page size: 0x1000
2010/12/28 20:35:42.0671 Boot type: Normal boot
2010/12/28 20:35:42.0671 ================================================================================
2010/12/28 20:35:42.0875 Initialize success
2010/12/28 20:35:45.0406 ================================================================================
2010/12/28 20:35:45.0406 Scan started
2010/12/28 20:35:45.0406 Mode: Manual;
2010/12/28 20:35:45.0406 ================================================================================
2010/12/28 20:35:46.0265 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/12/28 20:35:46.0296 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/12/28 20:35:46.0328 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/12/28 20:35:46.0359 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2010/12/28 20:35:46.0468 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/12/28 20:35:46.0515 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/12/28 20:35:46.0515 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/12/28 20:35:46.0609 ati2mtag (e51aa5adf535c847072c0aed3e642912) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2010/12/28 20:35:46.0671 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/12/28 20:35:46.0687 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/12/28 20:35:46.0734 AVGIDSDriver (0c61f066f4d94bd67063dc6691935143) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
2010/12/28 20:35:46.0750 AVGIDSEH (84853f800cd69252c3c764fe50d0346f) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
2010/12/28 20:35:46.0765 AVGIDSFilter (28d6adcd03e10f3838488b9b5d407dd4) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
2010/12/28 20:35:46.0781 AVGIDSShim (0eb16f4dbbb946360af30d2b13a52d1d) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
2010/12/28 20:35:46.0796 Avgldx86 (5fe5a2c2330c376a1d8dcff8d2680a2d) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
2010/12/28 20:35:46.0796 Avgmfx86 (54f1a9b4c9b540c2d8ac4baa171696b1) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
2010/12/28 20:35:46.0812 Avgrkx86 (8da3b77993c5f354cc2977b7ea06d03a) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
2010/12/28 20:35:46.0828 Avgtdix (660788ec46f10ece80274d564fa8b4aa) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
2010/12/28 20:35:46.0890 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/12/28 20:35:46.0921 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/12/28 20:35:46.0937 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/12/28 20:35:46.0953 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/12/28 20:35:46.0984 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/12/28 20:35:47.0078 cpuz135 (c2eb4539a4f6ab6edd01bdc191619975) C:\WINDOWS\system32\drivers\cpuz135_x32.sys
2010/12/28 20:35:47.0125 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/12/28 20:35:47.0187 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/12/28 20:35:47.0265 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/12/28 20:35:47.0281 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/12/28 20:35:47.0312 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/12/28 20:35:47.0343 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/12/28 20:35:47.0375 e1express (34aaa3b298a852b3663e6e0d94d12945) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
2010/12/28 20:35:47.0421 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/12/28 20:35:47.0421 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/12/28 20:35:47.0453 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/12/28 20:35:47.0515 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/12/28 20:35:47.0531 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/12/28 20:35:47.0546 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/12/28 20:35:47.0562 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/12/28 20:35:47.0593 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
2010/12/28 20:35:47.0625 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/12/28 20:35:47.0656 HdAudAddService (56bf27d7a539f9e6bbc1de201aba0edf) C:\WINDOWS\system32\drivers\AtiHdAud.sys
2010/12/28 20:35:47.0671 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/12/28 20:35:47.0703 HECI (cc2c8c23417cc7ddf5eddb17e60a14db) C:\WINDOWS\system32\DRIVERS\HECI.sys
2010/12/28 20:35:47.0718 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/12/28 20:35:47.0781 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/12/28 20:35:47.0859 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
2010/12/28 20:35:47.0890 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/12/28 20:35:47.0937 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/12/28 20:35:47.0968 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/12/28 20:35:48.0000 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/12/28 20:35:48.0000 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/12/28 20:35:48.0031 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/12/28 20:35:48.0046 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/12/28 20:35:48.0062 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/12/28 20:35:48.0140 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/12/28 20:35:48.0156 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/12/28 20:35:48.0171 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/12/28 20:35:48.0218 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/12/28 20:35:48.0234 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/12/28 20:35:48.0296 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/12/28 20:35:48.0312 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/12/28 20:35:48.0328 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/12/28 20:35:48.0343 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/12/28 20:35:48.0359 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/12/28 20:35:48.0375 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/12/28 20:35:48.0406 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/12/28 20:35:48.0437 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/12/28 20:35:48.0468 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/12/28 20:35:48.0500 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/12/28 20:35:48.0500 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/12/28 20:35:48.0531 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/12/28 20:35:48.0546 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/12/28 20:35:48.0593 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/12/28 20:35:48.0625 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/12/28 20:35:48.0640 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/12/28 20:35:48.0671 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/12/28 20:35:48.0687 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/12/28 20:35:48.0734 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/12/28 20:35:48.0781 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/12/28 20:35:48.0812 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/12/28 20:35:48.0828 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/12/28 20:35:48.0859 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/12/28 20:35:48.0875 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/12/28 20:35:48.0906 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/12/28 20:35:48.0906 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/12/28 20:35:48.0921 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/12/28 20:35:48.0953 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2010/12/28 20:35:48.0968 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/12/28 20:35:48.0984 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/12/28 20:35:48.0984 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/12/28 20:35:49.0015 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/12/28 20:35:49.0078 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/12/28 20:35:49.0203 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/12/28 20:35:49.0218 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/12/28 20:35:49.0218 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/12/28 20:35:49.0265 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/12/28 20:35:49.0281 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/12/28 20:35:49.0296 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/12/28 20:35:49.0296 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/12/28 20:35:49.0312 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/12/28 20:35:49.0343 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/12/28 20:35:49.0359 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/12/28 20:35:49.0375 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/12/28 20:35:49.0437 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/12/28 20:35:49.0515 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/12/28 20:35:49.0546 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/12/28 20:35:49.0546 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/12/28 20:35:49.0609 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/12/28 20:35:49.0671 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\WINDOWS\system32\speedfan.sys
2010/12/28 20:35:49.0718 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/12/28 20:35:49.0765 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/12/28 20:35:49.0812 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/12/28 20:35:49.0859 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) C:\WINDOWS\system32\drivers\StarOpen.sys
2010/12/28 20:35:49.0906 STHDA (228519217a88c2f6b0cf8c022e6d669c) C:\WINDOWS\system32\drivers\sthda.sys
2010/12/28 20:35:49.0921 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/12/28 20:35:49.0968 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/12/28 20:35:50.0062 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/12/28 20:35:50.0109 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/12/28 20:35:50.0125 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/12/28 20:35:50.0140 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/12/28 20:35:50.0171 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/12/28 20:35:50.0234 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/12/28 20:35:50.0296 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/12/28 20:35:50.0328 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/12/28 20:35:50.0343 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/12/28 20:35:50.0375 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/12/28 20:35:50.0390 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/12/28 20:35:50.0421 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/12/28 20:35:50.0437 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/12/28 20:35:50.0500 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/12/28 20:35:50.0546 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/12/28 20:35:50.0687 ================================================================================
2010/12/28 20:35:50.0687 Scan finished
2010/12/28 20:35:50.0687 ================================================================================

#7 Judicandus

Judicandus

    Bleepin' Pasta


  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Around the world
  • Local time:04:13 AM

Posted 28 December 2010 - 08:19 PM

Hi nemo,

No one is forgotten ^_^ It's just that we get completely overloaded during holidays.

When the computer is slow, please send me the following:

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)


#8 Nemo_one

Nemo_one
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 29 December 2010 - 01:31 PM

RSIT
log.txt

Logfile of random's system information tool 1.08 (written by random/random)
Run by Nemo at 2010-12-29 19:29:00
Microsoft Windows XP Professional Service Pack 3
System drive C: has 88 GB (86%) free of 102 GB
Total RAM: 3325 MB (78% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:29:04, on 29.12.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\idt\intelxpv_v103\wdm\STacSV.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\AVG\AVG10\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Documents and Settings\Nemo\Desktop\RSIT.exe
C:\Program Files\trend micro\Nemo.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\intelxpv_v103\wdm\STacSV.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: wampapache - Apache Software Foundation - D:\ratko\wamp\bin\apache\apache2.2.11\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - D:\ratko\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe

--
End of file - 4460 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-10 62376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG10\avgssie.dll [2010-11-22 2732896]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray.exe [2009-03-12 483422]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"AVG_TRAY"=C:\Program Files\AVG\AVG10\avgtray.exe [2010-10-22 2745696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-12-21 122880]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\AVG\AVG10\avgmfapx.exe"="C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Adobe\Adobe Dreamweaver CS5\Dreamweaver.exe"="C:\Program Files\Adobe\Adobe Dreamweaver CS5\Dreamweaver.exe:*:Enabled:Adobe Dreamweaver CS5"
"D:\ratko\wamp\bin\apache\Apache2.2.11\bin\httpd.exe"="D:\ratko\wamp\bin\apache\Apache2.2.11\bin\httpd.exe:*:Enabled:Apache HTTP Server"
"C:\Program Files\AVG\AVG10\avgdiagex.exe"="C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011"
"C:\Program Files\AVG\AVG10\avgnsx.exe"="C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield"
"C:\Program Files\AVG\AVG10\avgemcx.exe"="C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Personal E-mail Scanner"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======File associations======

.js - open - "C:\Program Files\Adobe\Adobe Dreamweaver CS5\Dreamweaver.exe","%1"

======List of files/folders created in the last 1 months======

2010-12-29 19:29:00 ----D---- C:\rsit
2010-12-29 19:29:00 ----D---- C:\Program Files\trend micro
2010-12-28 20:35:42 ----A---- C:\TDSSKiller.2.4.12.0_28.12.2010_20.35.42_log.txt
2010-12-28 18:41:57 ----A---- C:\WINDOWS\ntbtlog.txt
2010-12-21 19:42:16 ----D---- C:\Documents and Settings\Nemo\Application Data\FileZilla
2010-12-21 19:42:11 ----D---- C:\Program Files\FileZilla FTP Client
2010-12-20 17:28:10 ----D---- C:\Documents and Settings\All Users\Application Data\Protexis
2010-12-20 17:28:09 ----D---- C:\Documents and Settings\Nemo\Application Data\Corel
2010-12-20 17:25:34 ----D---- C:\Program Files\Microsoft SDKs
2010-12-20 17:25:33 ----D---- C:\Program Files\Microsoft.NET
2010-12-20 17:25:33 ----D---- C:\Program Files\Microsoft Visual Studio 9.0
2010-12-20 17:25:33 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2010-12-20 17:25:06 ----D---- C:\Program Files\Common Files\Corel
2010-12-20 17:24:51 ----D---- C:\Program Files\Common Files\Protexis
2010-12-20 17:24:50 ----D---- C:\Documents and Settings\All Users\Application Data\Corel
2010-12-20 17:22:46 ----D---- C:\Program Files\Corel
2010-12-20 16:40:13 ----D---- C:\WINDOWS\system32\XPSViewer
2010-12-20 16:40:11 ----D---- C:\Program Files\MSBuild
2010-12-20 16:40:07 ----D---- C:\Program Files\Reference Assemblies
2010-12-20 16:39:43 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2010-12-20 16:39:43 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2010-12-20 16:39:43 ----N---- C:\WINDOWS\system32\prntvpt.dll
2010-12-20 16:39:43 ----D---- C:\fe5466a148aa3c76ce5d90aaadb7d3
2010-12-20 16:22:17 ----D---- C:\Documents and Settings\All Users\Application Data\CorelDRAW Graphics Suite X5
2010-12-19 13:50:40 ----D---- C:\Program Files\SpeedFan
2010-12-17 09:55:15 ----A---- C:\WINDOWS\system32\drivers\USBSTOR.SYS
2010-12-17 09:50:53 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2010-12-16 23:47:51 ----D---- C:\Documents and Settings\Nemo\Application Data\Canneverbe Limited
2010-12-16 23:47:51 ----D---- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
2010-12-16 23:47:46 ----A---- C:\WINDOWS\system32\drivers\StarOpen.sys
2010-12-16 23:47:45 ----D---- C:\Program Files\CDBurnerXP
2010-12-16 23:43:48 ----D---- C:\Documents and Settings\Nemo\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-12-16 23:40:58 ----D---- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
2010-12-16 23:34:50 ----D---- C:\Documents and Settings\All Users\Application Data\ALM
2010-12-16 23:30:06 ----D---- C:\Program Files\Adobe Media Player
2010-12-16 23:28:25 ----D---- C:\Program Files\Common Files\Adobe AIR
2010-12-16 23:28:25 ----D---- C:\Program Files\Adobe
2010-12-16 23:25:00 ----D---- C:\Documents and Settings\Nemo\Application Data\Macromedia
2010-12-16 23:25:00 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2010-12-16 23:24:53 ----D---- C:\Documents and Settings\Nemo\Application Data\Adobe
2010-12-16 23:24:51 ----D---- C:\Program Files\Common Files\Adobe
2010-12-16 23:22:48 ----D---- C:\Documents and Settings\Nemo\Application Data\GRETECH
2010-12-16 23:22:16 ----D---- C:\WINDOWS\Temp
2010-12-16 23:20:21 ----D---- C:\Documents and Settings\Nemo\Application Data\Mozilla
2010-12-16 23:20:15 ----D---- C:\Program Files\Mozilla Firefox
2010-12-16 23:19:35 ----D---- C:\Program Files\GRETECH
2010-12-16 23:19:16 ----D---- C:\Documents and Settings\Nemo\Application Data\Media Player Classic
2010-12-16 23:18:51 ----A---- C:\WINDOWS\system32\unrar.dll
2010-12-16 23:18:49 ----D---- C:\Program Files\K-Lite Codec Pack
2010-12-16 23:16:28 ----D---- C:\Documents and Settings\Nemo\Application Data\WinRAR
2010-12-16 23:16:27 ----D---- C:\Program Files\WinRAR
2010-12-16 23:16:13 ----D---- C:\Documents and Settings\Nemo\Application Data\Malwarebytes
2010-12-16 23:16:08 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-12-16 23:16:08 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-12-16 23:16:05 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-12-16 23:16:05 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-12-16 23:15:28 ----D---- C:\Program Files\uTorrent
2010-12-16 23:14:58 ----D---- C:\Documents and Settings\Nemo\Application Data\uTorrent
2010-12-16 23:14:18 ----D---- C:\Documents and Settings\Nemo\Application Data\AVG10
2010-12-16 23:13:58 ----HD---- C:\Documents and Settings\All Users\Application Data\Common Files
2010-12-16 23:13:30 ----D---- C:\WINDOWS\system32\drivers\AVG
2010-12-16 23:13:30 ----D---- C:\Documents and Settings\All Users\Application Data\AVG10
2010-12-16 23:13:10 ----D---- C:\Program Files\AVG
2010-12-16 23:12:44 ----D---- C:\Documents and Settings\All Users\Application Data\MFAData
2010-12-16 23:09:40 ----A---- C:\WINDOWS\system32\MRT.exe
2010-12-16 23:09:36 ----HDC---- C:\WINDOWS\$NtUninstallKB979687$
2010-12-16 23:09:32 ----HDC---- C:\WINDOWS\$NtUninstallKB2360937$
2010-12-16 23:09:27 ----HDC---- C:\WINDOWS\$NtUninstallKB2378111_WM9$
2010-12-16 23:09:23 ----HDC---- C:\WINDOWS\$NtUninstallKB2387149$
2010-12-16 23:09:15 ----HDC---- C:\WINDOWS\$NtUninstallKB981957$
2010-12-16 23:09:12 ----HDC---- C:\WINDOWS\$NtUninstallKB2296011$
2010-12-16 23:09:08 ----HDC---- C:\WINDOWS\$NtUninstallKB982132$
2010-12-16 23:09:02 ----HDC---- C:\WINDOWS\$NtUninstallKB2360131$
2010-12-16 23:08:57 ----HDC---- C:\WINDOWS\$NtUninstallKB2279986$
2010-12-16 23:08:53 ----N---- C:\WINDOWS\system32\xpsp4res.dll
2010-12-16 23:08:53 ----HDC---- C:\WINDOWS\$NtUninstallKB2345886$
2010-12-16 23:08:50 ----HDC---- C:\WINDOWS\$NtUninstallKB981322$
2010-12-16 23:08:46 ----HDC---- C:\WINDOWS\$NtUninstallKB2124261$
2010-12-16 23:08:42 ----HDC---- C:\WINDOWS\$NtUninstallKB2121546$
2010-12-16 23:08:38 ----HDC---- C:\WINDOWS\$NtUninstallKB2290570$
2010-12-16 23:08:34 ----HDC---- C:\WINDOWS\$NtUninstallKB2259922$
2010-12-16 23:08:31 ----HDC---- C:\WINDOWS\$NtUninstallKB2347290$
2010-12-16 23:08:26 ----HDC---- C:\WINDOWS\$NtUninstallKB981997$
2010-12-16 23:08:21 ----HDC---- C:\WINDOWS\$NtUninstallKB981852$
2010-12-16 23:08:17 ----HDC---- C:\WINDOWS\$NtUninstallKB980436$
2010-12-16 23:08:13 ----HDC---- C:\WINDOWS\$NtUninstallKB982665$
2010-12-16 23:08:10 ----HDC---- C:\WINDOWS\$NtUninstallKB2079403$
2010-12-16 23:08:06 ----HDC---- C:\WINDOWS\$NtUninstallKB2115168$
2010-12-16 23:08:01 ----HDC---- C:\WINDOWS\$NtUninstallKB2286198$
2010-12-16 23:07:57 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2010-12-16 23:07:51 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2010-12-16 23:07:51 ----A---- C:\WINDOWS\system32\wups2.dll
2010-12-16 23:07:51 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2010-12-16 23:07:51 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2010-12-16 23:07:51 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2010-12-16 23:07:44 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$
2010-12-16 23:07:40 ----HDC---- C:\WINDOWS\$NtUninstallKB980195$
2010-12-16 23:07:37 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$
2010-12-16 23:07:33 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$
2010-12-16 23:07:29 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
2010-12-16 23:07:25 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2010-12-16 23:07:22 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2010-12-16 23:07:18 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2010-12-16 23:07:14 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2010-12-16 23:07:10 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2010-12-16 23:07:06 ----HDC---- C:\WINDOWS\$NtUninstallKB975558_WM8$
2010-12-16 23:07:03 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-12-16 23:07:00 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-12-16 23:06:56 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-12-16 23:06:52 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-12-16 23:06:48 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-12-16 23:06:44 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-12-16 23:06:40 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2010-12-16 23:06:36 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2010-12-16 23:06:31 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2010-12-16 23:06:28 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-12-16 23:06:24 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-12-16 23:06:20 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2010-12-16 23:06:10 ----HDC---- C:\WINDOWS\$NtUninstallKB969084$
2010-12-16 23:06:06 ----HDC---- C:\WINDOWS\$NtUninstallKB975254$
2010-12-16 23:06:02 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2010-12-16 23:05:59 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2010-12-16 23:05:55 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2010-12-16 23:05:51 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2010-12-16 23:05:48 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2010-12-16 23:05:44 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2010-12-16 23:05:42 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2010-12-16 23:05:38 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2010-12-16 23:05:34 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2010-12-16 23:05:30 ----HDC---- C:\WINDOWS\$NtUninstallKB971029$
2010-12-16 23:05:25 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2010-12-16 23:05:21 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2010-12-16 23:05:18 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2010-12-16 23:05:14 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2010-12-16 23:05:09 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2010-12-16 23:05:05 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2010-12-16 23:05:00 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2010-12-16 23:04:57 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2010-12-16 23:04:53 ----HDC---- C:\WINDOWS\$NtUninstallKB970483$
2010-12-16 23:04:48 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2010-12-16 23:04:41 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2010-12-16 23:04:36 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2010-12-16 23:04:26 ----HDC---- C:\WINDOWS\$NtUninstallKB958655-v2$
2010-12-16 23:04:22 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2010-12-16 23:04:17 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2010-12-16 23:04:13 ----HDC---- C:\WINDOWS\$NtUninstallKB958752$
2010-12-16 23:04:09 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2010-12-16 23:04:05 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2010-12-16 23:04:02 ----HDC---- C:\WINDOWS\$NtUninstallKB953155$
2010-12-16 23:03:58 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2010-12-16 23:03:55 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2010-12-16 23:03:51 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2010-12-16 23:02:09 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2010-12-16 23:02:05 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2010-12-16 23:02:01 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2010-12-16 23:02:01 ----HD---- C:\WINDOWS\$hf_mig$
2010-12-16 23:01:49 ----HDC---- C:\WINDOWS\$NtUninstallKB942288-v3$
2010-12-16 23:01:42 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2010-12-16 23:00:05 ----A---- C:\WINDOWS\system32\SSUBTMR6.DLL
2010-12-16 23:00:05 ----A---- C:\WINDOWS\system32\FM20ENU.DLL
2010-12-16 23:00:05 ----A---- C:\WINDOWS\system32\FM20.DLL
2010-12-16 23:00:05 ----A---- C:\WINDOWS\system32\aamd532.dll
2010-12-16 22:58:29 ----D---- C:\WINDOWS\Prefetch
2010-12-16 22:55:32 ----N---- C:\WINDOWS\system32\msxml6r.dll
2010-12-16 22:55:31 ----N---- C:\WINDOWS\system32\msxml6.dll
2010-12-16 22:55:25 ----N---- C:\WINDOWS\system32\smtpapi.dll
2010-12-16 22:55:25 ----N---- C:\WINDOWS\system32\rwnh.dll
2010-12-16 22:55:25 ----N---- C:\WINDOWS\system32\drivers\irbus.sys
2010-12-16 22:55:25 ----N---- C:\WINDOWS\system32\comsdupd.exe
2010-12-16 22:55:24 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2010-12-16 22:55:24 ----N---- C:\WINDOWS\system32\eapsvc.dll
2010-12-16 22:55:24 ----N---- C:\WINDOWS\system32\eapqec.dll
2010-12-16 22:55:24 ----N---- C:\WINDOWS\system32\eappprxy.dll
2010-12-16 22:55:24 ----N---- C:\WINDOWS\system32\eapphost.dll
2010-12-16 22:55:24 ----N---- C:\WINDOWS\system32\eappgnui.dll
2010-12-16 22:55:24 ----N---- C:\WINDOWS\system32\eappcfg.dll
2010-12-16 22:55:24 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2010-12-16 22:55:24 ----N---- C:\WINDOWS\system32\eapolqec.dll
2010-12-16 22:55:24 ----N---- C:\WINDOWS\system32\dot3ui.dll
2010-12-16 22:55:24 ----N---- C:\WINDOWS\system32\dot3svc.dll
2010-12-16 22:55:24 ----N---- C:\WINDOWS\system32\dot3msm.dll
2010-12-16 22:55:24 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2010-12-16 22:55:24 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2010-12-16 22:55:24 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2010-12-16 22:55:24 ----N---- C:\WINDOWS\system32\dot3api.dll
2010-12-16 22:55:24 ----N---- C:\WINDOWS\system32\dimsroam.dll
2010-12-16 22:55:24 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2010-12-16 22:55:24 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2010-12-16 22:55:24 ----N---- C:\WINDOWS\system32\credssp.dll
2010-12-16 22:55:24 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2010-12-16 22:55:24 ----N---- C:\WINDOWS\system32\azroles.dll
2010-12-16 22:55:24 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2010-12-16 22:55:24 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2010-12-16 22:55:24 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2010-12-16 22:55:24 ----N---- C:\WINDOWS\system32\aaclient.dll
2010-12-16 22:55:23 ----N---- C:\WINDOWS\system32\wmphoto.dll
2010-12-16 22:55:23 ----N---- C:\WINDOWS\system32\wlanapi.dll
2010-12-16 22:55:23 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2010-12-16 22:55:23 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2010-12-16 22:55:23 ----N---- C:\WINDOWS\system32\verclsid.exe
2010-12-16 22:55:23 ----N---- C:\WINDOWS\system32\tzchange.exe
2010-12-16 22:55:23 ----N---- C:\WINDOWS\system32\tspkg.dll
2010-12-16 22:55:23 ----N---- C:\WINDOWS\system32\tsgQec.dll
2010-12-16 22:55:23 ----N---- C:\WINDOWS\system32\slserv.exe
2010-12-16 22:55:23 ----N---- C:\WINDOWS\system32\slrundll.exe
2010-12-16 22:55:23 ----N---- C:\WINDOWS\system32\slgen.dll
2010-12-16 22:55:23 ----N---- C:\WINDOWS\system32\slextspk.dll
2010-12-16 22:55:23 ----N---- C:\WINDOWS\system32\slcoinst.dll
2010-12-16 22:55:23 ----N---- C:\WINDOWS\system32\setupn.exe
2010-12-16 22:55:23 ----N---- C:\WINDOWS\system32\s3gnb.dll
2010-12-16 22:55:23 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2010-12-16 22:55:23 ----N---- C:\WINDOWS\system32\rasqec.dll
2010-12-16 22:55:23 ----N---- C:\WINDOWS\system32\qutil.dll
2010-12-16 22:55:23 ----N---- C:\WINDOWS\system32\qcliprov.dll
2010-12-16 22:55:23 ----N---- C:\WINDOWS\system32\qagentrt.dll
2010-12-16 22:55:23 ----N---- C:\WINDOWS\system32\qagent.dll
2010-12-16 22:55:23 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2010-12-16 22:55:23 ----N---- C:\WINDOWS\system32\onex.dll
2010-12-16 22:55:23 ----N---- C:\WINDOWS\system32\nv4_disp.dll
2010-12-16 22:55:23 ----N---- C:\WINDOWS\system32\napstat.exe
2010-12-16 22:55:23 ----N---- C:\WINDOWS\system32\napmontr.dll
2010-12-16 22:55:23 ----N---- C:\WINDOWS\system32\napipsec.dll
2010-12-16 22:55:23 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2010-12-16 22:55:23 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2010-12-16 22:55:23 ----N---- C:\WINDOWS\system32\mssha.dll
2010-12-16 22:55:23 ----N---- C:\WINDOWS\system32\mmcperf.exe
2010-12-16 22:55:23 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2010-12-16 22:55:23 ----N---- C:\WINDOWS\system32\mmcex.dll
2010-12-16 22:55:23 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2010-12-16 22:55:23 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2010-12-16 22:55:23 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2010-12-16 22:55:23 ----N---- C:\WINDOWS\system32\kmsvc.dll
2010-12-16 22:55:23 ----N---- C:\WINDOWS\system32\kbdpash.dll
2010-12-16 22:55:23 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2010-12-16 22:55:23 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2010-12-16 22:55:23 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2010-12-16 22:55:22 ----N---- C:\WINDOWS\system32\xpsp3res.dll
2010-12-16 22:55:22 ----N---- C:\WINDOWS\system32\xmllite.dll
2010-12-16 22:55:22 ----N---- C:\WINDOWS\slrundll.exe
2010-12-16 22:55:22 ----D---- C:\WINDOWS\system32\scripting
2010-12-16 22:55:22 ----D---- C:\WINDOWS\system32\en-us
2010-12-16 22:55:22 ----D---- C:\WINDOWS\system32\en
2010-12-16 22:55:22 ----D---- C:\WINDOWS\system32\bits
2010-12-16 22:55:22 ----D---- C:\WINDOWS\l2schemas
2010-12-16 22:54:49 ----D---- C:\WINDOWS\ServicePackFiles
2010-12-16 22:54:16 ----N---- C:\WINDOWS\system32\drivers\mtlmnt5.sys
2010-12-16 22:54:16 ----N---- C:\WINDOWS\system32\drivers\mdmxsdk.sys
2010-12-16 22:54:16 ----N---- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2010-12-16 22:54:16 ----N---- C:\WINDOWS\system32\drivers\hsfcxts2.sys
2010-12-16 22:54:16 ----N---- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
2010-12-16 22:54:16 ----N---- C:\WINDOWS\system32\drivers\hidir.sys
2010-12-16 22:54:16 ----N---- C:\WINDOWS\system32\drivers\hidbth.sys
2010-12-16 22:54:16 ----N---- C:\WINDOWS\system32\drivers\gagp30kx.sys
2010-12-16 22:54:16 ----N---- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
2010-12-16 22:54:16 ----N---- C:\WINDOWS\system32\drivers\bthusb.sys
2010-12-16 22:54:16 ----N---- C:\WINDOWS\system32\drivers\bthprint.sys
2010-12-16 22:54:16 ----N---- C:\WINDOWS\system32\drivers\bthport.sys
2010-12-16 22:54:16 ----N---- C:\WINDOWS\system32\drivers\bthpan.sys
2010-12-16 22:54:16 ----N---- C:\WINDOWS\system32\drivers\bthmodem.sys
2010-12-16 22:54:16 ----N---- C:\WINDOWS\system32\drivers\bthenum.sys
2010-12-16 22:54:16 ----N---- C:\WINDOWS\system32\drivers\atv10nt5.dll
2010-12-16 22:54:16 ----N---- C:\WINDOWS\system32\drivers\atv06nt5.dll
2010-12-16 22:54:16 ----N---- C:\WINDOWS\system32\drivers\atv04nt5.dll
2010-12-16 22:54:16 ----N---- C:\WINDOWS\system32\drivers\atv02nt5.dll
2010-12-16 22:54:16 ----N---- C:\WINDOWS\system32\drivers\atv01nt5.dll
2010-12-16 22:54:16 ----N---- C:\WINDOWS\system32\drivers\atinxsxx.sys
2010-12-16 22:54:16 ----N---- C:\WINDOWS\system32\drivers\atinxbxx.sys
2010-12-16 22:54:16 ----N---- C:\WINDOWS\system32\drivers\atintuxx.sys
2010-12-16 22:54:16 ----N---- C:\WINDOWS\system32\drivers\atinttxx.sys
2010-12-16 22:54:16 ----N---- C:\WINDOWS\system32\drivers\atinsnxx.sys
2010-12-16 22:54:16 ----N---- C:\WINDOWS\system32\drivers\atinrvxx.sys
2010-12-16 22:54:16 ----N---- C:\WINDOWS\system32\drivers\atinraxx.sys
2010-12-16 22:54:16 ----N---- C:\WINDOWS\system32\drivers\atinpdxx.sys
2010-12-16 22:54:16 ----N---- C:\WINDOWS\system32\drivers\atinmdxx.sys
2010-12-16 22:54:16 ----N---- C:\WINDOWS\system32\drivers\atinbtxx.sys
2010-12-16 22:54:16 ----N---- C:\WINDOWS\system32\drivers\ati2mtaa.sys
2010-12-16 22:54:16 ----N---- C:\WINDOWS\system32\drivers\ati1xsxx.sys
2010-12-16 22:54:16 ----N---- C:\WINDOWS\system32\drivers\ati1xbxx.sys
2010-12-16 22:54:16 ----N---- C:\WINDOWS\system32\drivers\ati1tuxx.sys
2010-12-16 22:54:16 ----N---- C:\WINDOWS\system32\drivers\ati1ttxx.sys
2010-12-16 22:54:16 ----N---- C:\WINDOWS\system32\drivers\ati1snxx.sys
2010-12-16 22:54:16 ----N---- C:\WINDOWS\system32\drivers\ati1rvxx.sys
2010-12-16 22:54:16 ----N---- C:\WINDOWS\system32\drivers\ati1raxx.sys
2010-12-16 22:54:16 ----N---- C:\WINDOWS\system32\drivers\ati1pdxx.sys
2010-12-16 22:54:16 ----N---- C:\WINDOWS\system32\drivers\ati1mdxx.sys
2010-12-16 22:54:16 ----N---- C:\WINDOWS\system32\drivers\ati1btxx.sys
2010-12-16 22:54:16 ----N---- C:\WINDOWS\system32\drivers\amdagp.sys
2010-12-16 22:54:16 ----N---- C:\WINDOWS\system32\drivers\alim1541.sys
2010-12-16 22:54:16 ----N---- C:\WINDOWS\system32\drivers\agpcpq.sys
2010-12-16 22:54:16 ----N---- C:\WINDOWS\system32\drivers\agp440.sys
2010-12-16 22:54:16 ----N---- C:\WINDOWS\system32\drivers\adv11nt5.dll
2010-12-16 22:54:16 ----N---- C:\WINDOWS\system32\drivers\adv09nt5.dll
2010-12-16 22:54:16 ----N---- C:\WINDOWS\system32\drivers\adv08nt5.dll
2010-12-16 22:54:16 ----N---- C:\WINDOWS\system32\drivers\adv07nt5.dll
2010-12-16 22:54:16 ----N---- C:\WINDOWS\system32\drivers\adv05nt5.dll
2010-12-16 22:54:16 ----N---- C:\WINDOWS\system32\drivers\adv02nt5.dll
2010-12-16 22:54:16 ----N---- C:\WINDOWS\system32\drivers\adv01nt5.dll
2010-12-16 22:54:16 ----D---- C:\WINDOWS\network diagnostic
2010-12-16 22:54:15 ----N---- C:\WINDOWS\system32\drivers\watv10nt.sys
2010-12-16 22:54:15 ----N---- C:\WINDOWS\system32\drivers\watv06nt.sys
2010-12-16 22:54:15 ----N---- C:\WINDOWS\system32\drivers\wadv11nt.sys
2010-12-16 22:54:15 ----N---- C:\WINDOWS\system32\drivers\wadv09nt.sys
2010-12-16 22:54:15 ----N---- C:\WINDOWS\system32\drivers\wadv08nt.sys
2010-12-16 22:54:15 ----N---- C:\WINDOWS\system32\drivers\wadv07nt.sys
2010-12-16 22:54:15 ----N---- C:\WINDOWS\system32\drivers\wacompen.sys
2010-12-16 22:54:15 ----N---- C:\WINDOWS\system32\drivers\viaagp.sys
2010-12-16 22:54:15 ----N---- C:\WINDOWS\system32\drivers\vchnt5.dll
2010-12-16 22:54:15 ----N---- C:\WINDOWS\system32\drivers\usbvideo.sys
2010-12-16 22:54:15 ----N---- C:\WINDOWS\system32\drivers\usb8023x.sys
2010-12-16 22:54:15 ----N---- C:\WINDOWS\system32\drivers\uagp35.sys
2010-12-16 22:54:15 ----N---- C:\WINDOWS\system32\drivers\smbali.sys
2010-12-16 22:54:15 ----N---- C:\WINDOWS\system32\drivers\slwdmsup.sys
2010-12-16 22:54:15 ----N---- C:\WINDOWS\system32\drivers\slnthal.sys
2010-12-16 22:54:15 ----N---- C:\WINDOWS\system32\drivers\slntamr.sys
2010-12-16 22:54:15 ----N---- C:\WINDOWS\system32\drivers\slnt7554.sys
2010-12-16 22:54:15 ----N---- C:\WINDOWS\system32\drivers\sisagp.sys
2010-12-16 22:54:15 ----N---- C:\WINDOWS\system32\drivers\siint5.dll
2010-12-16 22:54:15 ----N---- C:\WINDOWS\system32\drivers\sffp_mmc.sys
2010-12-16 22:54:15 ----N---- C:\WINDOWS\system32\drivers\s3gnbm.sys
2010-12-16 22:54:15 ----N---- C:\WINDOWS\system32\drivers\rndismpx.sys
2010-12-16 22:54:15 ----N---- C:\WINDOWS\system32\drivers\rfcomm.sys
2010-12-16 22:54:15 ----N---- C:\WINDOWS\system32\drivers\recagent.sys
2010-12-16 22:54:15 ----N---- C:\WINDOWS\system32\drivers\nv4_mini.sys
2010-12-16 22:54:15 ----N---- C:\WINDOWS\system32\drivers\ntmtlfax.sys
2010-12-16 22:54:15 ----N---- C:\WINDOWS\system32\drivers\mutohpen.sys
2010-12-16 22:54:15 ----N---- C:\WINDOWS\system32\drivers\mtxparhm.sys
2010-12-16 22:54:15 ----N---- C:\WINDOWS\system32\drivers\mtlstrm.sys
2010-12-16 22:54:01 ----N---- C:\WINDOWS\system32\spmsg.dll
2010-12-16 22:54:01 ----A---- C:\WINDOWS\002877_.tmp
2010-12-16 22:52:55 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2010-12-16 22:48:59 ----D---- C:\Documents and Settings\All Users\Application Data\ATI
2010-12-16 22:45:54 ----D---- C:\Program Files\Common Files\ATI Technologies
2010-12-16 22:45:36 ----N---- C:\WINDOWS\system32\ati2sgag.exe
2010-12-16 22:45:33 ----RA---- C:\WINDOWS\system32\atiiiexx.dll
2010-12-16 22:45:25 ----RA---- C:\WINDOWS\system32\ATIDEMGX.dll
2010-12-16 22:44:45 ----D---- C:\Program Files\ATI Technologies
2010-12-16 22:27:32 ----SHD---- C:\RECYCLER
2010-12-16 22:27:22 ----D---- C:\Program Files\CCleaner
2010-12-16 22:23:52 ----A---- C:\WINDOWS\WININIT.INI
2010-12-16 22:22:35 ----D---- C:\Documents and Settings\Nemo\Application Data\ATI
2010-12-16 22:09:13 ----A---- C:\WINDOWS\system32\h323log.txt
2010-12-16 22:07:55 ----A---- C:\WINDOWS\system32\drivers\audstub.sys
2010-12-16 22:07:23 ----A---- C:\WINDOWS\system32\drivers\redbook.sys
2010-12-16 22:07:01 ----A---- C:\WINDOWS\system32\drivers\enum1394.sys
2010-12-16 22:06:28 ----A---- C:\WINDOWS\system32\usbui.dll
2010-12-16 22:05:46 ----SHD---- C:\WINDOWS\Installer
2010-12-16 22:05:46 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-12-16 22:05:45 ----D---- C:\Program Files\Common Files\ODBC
2010-12-16 22:05:45 ----A---- C:\WINDOWS\ODBCINST.INI
2010-12-16 22:05:43 ----RD---- C:\Program Files
2010-12-16 22:05:43 ----D---- C:\Program Files\Common Files\SpeechEngines
2010-12-16 22:05:43 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-12-16 22:05:43 ----D---- C:\Program Files\Common Files
2010-12-16 22:05:41 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2010-12-16 22:05:41 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2010-12-16 22:05:41 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2010-12-16 22:05:39 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2010-12-16 22:05:39 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2010-12-16 22:05:39 ----RA---- C:\WINDOWS\system32\kbdur.dll
2010-12-16 22:05:39 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2010-12-16 22:05:39 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2010-12-16 22:05:39 ----RA---- C:\WINDOWS\system32\kbdru.dll
2010-12-16 22:05:39 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2010-12-16 22:05:39 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2010-12-16 22:05:39 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2010-12-16 22:05:39 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2010-12-16 22:05:39 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2010-12-16 22:05:39 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2010-12-16 22:05:36 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2010-12-16 22:05:36 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2010-12-16 22:05:36 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2010-12-16 22:05:36 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2010-12-16 22:05:36 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2010-12-16 22:05:36 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2010-12-16 22:05:36 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2010-12-16 22:05:35 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2010-12-16 22:05:35 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2010-12-16 22:05:35 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2010-12-16 22:05:35 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2010-12-16 22:05:35 ----RA---- C:\WINDOWS\system32\kbdest.dll
2010-12-16 22:05:33 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2010-12-16 22:05:33 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2010-12-16 22:05:33 ----RA---- C:\WINDOWS\system32\kbdro.dll
2010-12-16 22:05:33 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2010-12-16 22:05:33 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2010-12-16 22:05:33 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2010-12-16 22:05:33 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2010-12-16 22:05:33 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2010-12-16 22:05:33 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2010-12-16 22:05:32 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2010-12-16 22:05:32 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2010-12-16 22:05:32 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2010-12-16 22:05:32 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2010-12-16 22:05:31 ----A---- C:\WINDOWS\system32\irclass.dll
2010-12-16 22:05:30 ----A---- C:\WINDOWS\system32\spxcoins.dll
2010-12-16 22:05:30 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2010-12-16 22:05:30 ----A---- C:\WINDOWS\system32\dgsetup.dll
2010-12-16 22:05:30 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2010-12-16 22:05:28 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2010-12-16 22:05:28 ----A---- C:\WINDOWS\TASKMAN.EXE
2010-12-16 22:05:28 ----A---- C:\WINDOWS\system32\drivers\irenum.sys
2010-12-16 22:05:28 ----A---- C:\WINDOWS\system32\batt.dll
2010-12-16 22:05:27 ----A---- C:\WINDOWS\system32\storprop.dll
2010-12-16 22:05:27 ----A---- C:\WINDOWS\notepad.exe
2010-12-16 22:05:21 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2010-12-16 22:05:19 ----RA---- C:\WINDOWS\SET8.tmp
2010-12-16 22:05:17 ----RA---- C:\WINDOWS\SET4.tmp
2010-12-16 22:05:13 ----RA---- C:\WINDOWS\SET3.tmp
2010-12-16 22:05:09 ----D---- C:\WINDOWS\system32\CatRoot2
2010-12-16 22:05:09 ----D---- C:\WINDOWS\system32\CatRoot
2010-12-16 22:05:04 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-12-16 22:04:46 ----SHD---- C:\System Volume Information
2010-12-16 22:04:46 ----D---- C:\Documents and Settings
2010-12-16 22:03:53 ----SH---- C:\boot.ini
2010-12-16 22:00:02 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-12-16 22:00:02 ----RSD---- C:\WINDOWS\Fonts
2010-12-16 22:00:02 ----RD---- C:\WINDOWS\Web
2010-12-16 22:00:02 ----HD---- C:\WINDOWS\inf
2010-12-16 22:00:02 ----D---- C:\WINDOWS\WinSxS
2010-12-16 22:00:02 ----D---- C:\WINDOWS\twain_32
2010-12-16 22:00:02 ----D---- C:\WINDOWS\system32\wins
2010-12-16 22:00:02 ----D---- C:\WINDOWS\system32\wbem
2010-12-16 22:00:02 ----D---- C:\WINDOWS\system32\usmt
2010-12-16 22:00:02 ----D---- C:\WINDOWS\system32\spool
2010-12-16 22:00:02 ----D---- C:\WINDOWS\system32\ShellExt
2010-12-16 22:00:02 ----D---- C:\WINDOWS\system32\Setup
2010-12-16 22:00:02 ----D---- C:\WINDOWS\system32\ras
2010-12-16 22:00:02 ----D---- C:\WINDOWS\system32\oobe
2010-12-16 22:00:02 ----D---- C:\WINDOWS\system32\npp
2010-12-16 22:00:02 ----D---- C:\WINDOWS\system32\mui
2010-12-16 22:00:02 ----D---- C:\WINDOWS\system32\inetsrv
2010-12-16 22:00:02 ----D---- C:\WINDOWS\system32\IME
2010-12-16 22:00:02 ----D---- C:\WINDOWS\system32\icsxml
2010-12-16 22:00:02 ----D---- C:\WINDOWS\system32\ias
2010-12-16 22:00:02 ----D---- C:\WINDOWS\system32\export
2010-12-16 22:00:02 ----D---- C:\WINDOWS\system32\drivers\etc
2010-12-16 22:00:02 ----D---- C:\WINDOWS\system32\drivers\disdn
2010-12-16 22:00:02 ----D---- C:\WINDOWS\system32\drivers
2010-12-16 22:00:02 ----D---- C:\WINDOWS\system32\dhcp
2010-12-16 22:00:02 ----D---- C:\WINDOWS\system32\config
2010-12-16 22:00:02 ----D---- C:\WINDOWS\system32\3com_dmi
2010-12-16 22:00:02 ----D---- C:\WINDOWS\system32\3076
2010-12-16 22:00:02 ----D---- C:\WINDOWS\system32\2052
2010-12-16 22:00:02 ----D---- C:\WINDOWS\system32\1054
2010-12-16 22:00:02 ----D---- C:\WINDOWS\system32\1042
2010-12-16 22:00:02 ----D---- C:\WINDOWS\system32\1041
2010-12-16 22:00:02 ----D---- C:\WINDOWS\system32\1037
2010-12-16 22:00:02 ----D---- C:\WINDOWS\system32\1033
2010-12-16 22:00:02 ----D---- C:\WINDOWS\system32\1031
2010-12-16 22:00:02 ----D---- C:\WINDOWS\system32\1028
2010-12-16 22:00:02 ----D---- C:\WINDOWS\system32\1025
2010-12-16 22:00:02 ----D---- C:\WINDOWS\system32
2010-12-16 22:00:02 ----D---- C:\WINDOWS\system
2010-12-16 22:00:02 ----D---- C:\WINDOWS\security
2010-12-16 22:00:02 ----D---- C:\WINDOWS\Resources
2010-12-16 22:00:02 ----D---- C:\WINDOWS\repair
2010-12-16 22:00:02 ----D---- C:\WINDOWS\Provisioning
2010-12-16 22:00:02 ----D---- C:\WINDOWS\PeerNet
2010-12-16 22:00:02 ----D---- C:\WINDOWS\pchealth
2010-12-16 22:00:02 ----D---- C:\WINDOWS\mui
2010-12-16 22:00:02 ----D---- C:\WINDOWS\msapps
2010-12-16 22:00:02 ----D---- C:\WINDOWS\msagent
2010-12-16 22:00:02 ----D---- C:\WINDOWS\Media
2010-12-16 22:00:02 ----D---- C:\WINDOWS\java
2010-12-16 22:00:02 ----D---- C:\WINDOWS\ime
2010-12-16 22:00:02 ----D---- C:\WINDOWS\Help
2010-12-16 22:00:02 ----D---- C:\WINDOWS\ehome
2010-12-16 22:00:02 ----D---- C:\WINDOWS\Driver Cache
2010-12-16 22:00:02 ----D---- C:\WINDOWS\Debug
2010-12-16 22:00:02 ----D---- C:\WINDOWS\Cursors
2010-12-16 22:00:02 ----D---- C:\WINDOWS\Connection Wizard
2010-12-16 22:00:02 ----D---- C:\WINDOWS\Config
2010-12-16 22:00:02 ----D---- C:\WINDOWS\AppPatch
2010-12-16 22:00:02 ----D---- C:\WINDOWS\addins
2010-12-16 22:00:02 ----D---- C:\WINDOWS
2010-12-16 22:00:01 ----ASH---- C:\pagefile.sys
2010-12-16 21:49:23 ----D---- C:\Program Files\CPUID
2010-12-16 21:49:23 ----A---- C:\WINDOWS\system32\drivers\cpuz135_x32.sys
2010-12-16 21:39:06 ----D---- C:\Program Files\ATI
2010-12-16 21:38:36 ----D---- C:\ATI
2010-12-16 21:37:19 ----A---- C:\WINDOWS\system32\stlang.dll
2010-12-16 21:37:19 ----A---- C:\WINDOWS\system32\stacsv.exe
2010-12-16 21:37:19 ----A---- C:\WINDOWS\sttray.exe
2010-12-16 21:37:13 ----A---- C:\WINDOWS\system32\stacapi.dll
2010-12-16 21:37:13 ----A---- C:\WINDOWS\system32\st322000.dll
2010-12-16 21:37:13 ----A---- C:\WINDOWS\system32\drivers\sthda.sys
2010-12-16 21:36:59 ----D---- C:\Program Files\IDT
2010-12-16 21:34:24 ----A---- C:\WINDOWS\system32\drivers\wdmaud.sys
2010-12-16 21:34:24 ----A---- C:\WINDOWS\system32\drivers\splitter.sys
2010-12-16 21:34:23 ----A---- C:\WINDOWS\system32\drivers\swmidi.sys
2010-12-16 21:34:23 ----A---- C:\WINDOWS\system32\drivers\dmusic.sys
2010-12-16 21:34:22 ----A---- C:\WINDOWS\system32\drivers\kmixer.sys
2010-12-16 21:34:22 ----A---- C:\WINDOWS\system32\drivers\aec.sys
2010-12-16 21:34:21 ----A---- C:\WINDOWS\system32\drivers\sysaudio.sys
2010-12-16 21:34:21 ----A---- C:\WINDOWS\system32\drivers\drmkaud.sys
2010-12-16 21:34:20 ----A---- C:\WINDOWS\system32\drivers\mspqm.sys
2010-12-16 21:34:20 ----A---- C:\WINDOWS\system32\drivers\mskssrv.sys
2010-12-16 21:34:19 ----A---- C:\WINDOWS\system32\drivers\mspclock.sys
2010-12-16 21:34:02 ----RA---- C:\WINDOWS\system32\drivers\AtiHdAud.sys
2010-12-16 21:34:01 ----A---- C:\WINDOWS\system32\ksuser.dll
2010-12-16 21:34:01 ----A---- C:\WINDOWS\system32\drivers\drmk.sys
2010-12-16 21:33:53 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2010-12-16 21:33:52 ----HDC---- C:\WINDOWS\$NtUninstallKB888111WXPSP2$
2010-12-16 21:33:41 ----HD---- C:\Program Files\InstallShield Installation Information
2010-12-16 21:33:36 ----D---- C:\Program Files\Common Files\InstallShield
2010-12-16 21:32:28 ----RSD---- C:\WINDOWS\assembly
2010-12-16 21:32:13 ----D---- C:\WINDOWS\Microsoft.NET
2010-12-16 21:26:57 ----RA---- C:\WINDOWS\system32\NicEtCoE.dll
2010-12-16 21:26:57 ----RA---- C:\WINDOWS\system32\e1000msg.dll
2010-12-16 21:26:56 ----RA---- C:\WINDOWS\system32\Prounstl.exe
2010-12-16 21:26:56 ----RA---- C:\WINDOWS\system32\NicInstE.dll
2010-12-16 21:26:56 ----RA---- C:\WINDOWS\system32\NicCo.dll
2010-12-16 21:26:56 ----RA---- C:\WINDOWS\system32\drivers\e1e5132.sys
2010-12-16 21:25:42 ----A---- C:\WINDOWS\system32\drivers\HECI.sys
2010-12-16 21:25:41 ----A---- C:\WINDOWS\system32\heciudlg.exe
2010-12-16 21:25:41 ----A---- C:\WINDOWS\system32\difxapi.dll
2010-12-16 21:23:07 ----D---- C:\Program Files\MSXML 4.0
2010-12-16 21:23:03 ----D---- C:\TempEI4
2010-12-16 21:22:18 ----D---- C:\Program Files\Intel Desktop Board
2010-12-16 21:20:24 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-12-16 21:20:22 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-12-16 21:20:22 ----D---- C:\Program Files\Intel
2010-12-16 21:20:22 ----A---- C:\WINDOWS\system32\CSVer.dll
2010-12-16 21:20:16 ----D---- C:\Intel
2010-12-16 21:16:45 ----D---- C:\Documents and Settings\Nemo\Application Data\Identities
2010-12-16 21:16:44 ----HD---- C:\Program Files\Uninstall Information
2010-12-16 21:16:40 ----SD---- C:\Documents and Settings\Nemo\Application Data\Microsoft
2010-12-16 21:16:40 ----ASH---- C:\Documents and Settings\Nemo\Application Data\desktop.ini
2010-12-16 21:16:11 ----D---- C:\WINDOWS\SoftwareDistribution
2010-12-16 21:16:09 ----SD---- C:\WINDOWS\system32\Microsoft
2010-12-16 21:16:09 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-12-16 21:14:05 ----D---- C:\WINDOWS\system32\xircom
2010-12-16 21:14:05 ----D---- C:\Program Files\xerox
2010-12-16 21:14:05 ----D---- C:\Program Files\microsoft frontpage
2010-12-16 21:13:55 ----RASH---- C:\MSDOS.SYS
2010-12-16 21:13:55 ----RASH---- C:\IO.SYS
2010-12-16 21:13:55 ----A---- C:\WINDOWS\control.ini
2010-12-16 21:13:55 ----A---- C:\CONFIG.SYS
2010-12-16 21:13:55 ----A---- C:\AUTOEXEC.BAT
2010-12-16 21:13:45 ----A---- C:\WINDOWS\system32\mapi32.dll
2010-12-16 21:13:11 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-12-16 21:13:11 ----RD---- C:\WINDOWS\Offline Web Pages
2010-12-16 21:13:11 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2010-12-16 21:13:08 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2010-12-16 21:13:05 ----HD---- C:\Program Files\WindowsUpdate
2010-12-16 21:12:47 ----D---- C:\WINDOWS\system32\DirectX
2010-12-16 21:12:24 ----A---- C:\WINDOWS\system32\atrace.dll
2010-12-16 21:12:22 ----A---- C:\WINDOWS\system32\desktop.ini
2010-12-16 21:12:22 ----A---- C:\WINDOWS\desktop.ini
2010-12-16 21:12:16 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2010-12-16 21:12:15 ----A---- C:\WINDOWS\system32\acctres.dll
2010-12-16 21:12:14 ----D---- C:\Program Files\Common Files\Services
2010-12-16 21:12:11 ----SD---- C:\WINDOWS\Tasks
2010-12-16 21:12:11 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2010-12-16 21:12:10 ----D---- C:\Program Files\Common Files\MSSoap
2010-12-16 21:12:07 ----D---- C:\WINDOWS\system32\Macromed
2010-12-16 21:12:07 ----D---- C:\WINDOWS\srchasst
2010-12-16 21:12:04 ----A---- C:\WINDOWS\system32\wuweb.dll
2010-12-16 21:12:04 ----A---- C:\WINDOWS\system32\wups.dll
2010-12-16 21:12:04 ----A---- C:\WINDOWS\system32\wucltui.dll
2010-12-16 21:12:04 ----A---- C:\WINDOWS\system32\wuauserv.dll
2010-12-16 21:12:04 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2010-12-16 21:12:04 ----A---- C:\WINDOWS\system32\wuaueng.dll
2010-12-16 21:12:03 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2010-12-16 21:12:03 ----A---- C:\WINDOWS\system32\wuauclt.exe
2010-12-16 21:12:03 ----A---- C:\WINDOWS\system32\wuapi.dll
2010-12-16 21:12:03 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2010-12-16 21:12:03 ----A---- C:\WINDOWS\system32\qmgr.dll
2010-12-16 21:12:03 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2010-12-16 21:12:03 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2010-12-16 21:12:00 ----D---- C:\Program Files\Movie Maker
2010-12-16 21:11:56 ----A---- C:\WINDOWS\system32\safrslv.dll
2010-12-16 21:11:56 ----A---- C:\WINDOWS\system32\safrdm.dll
2010-12-16 21:11:56 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2010-12-16 21:11:56 ----A---- C:\WINDOWS\system32\racpldlg.dll
2010-12-16 21:11:50 ----D---- C:\WINDOWS\system32\Restore
2010-12-16 21:11:50 ----A---- C:\WINDOWS\system32\srsvc.dll
2010-12-16 21:11:50 ----A---- C:\WINDOWS\system32\srrstr.dll
2010-12-16 21:11:50 ----A---- C:\WINDOWS\system32\srclient.dll
2010-12-16 21:11:50 ----A---- C:\WINDOWS\system32\fltmc.exe
2010-12-16 21:11:50 ----A---- C:\WINDOWS\system32\fltlib.dll
2010-12-16 21:11:50 ----A---- C:\WINDOWS\system32\drivers\sr.sys
2010-12-16 21:11:50 ----A---- C:\WINDOWS\system32\drivers\fltmgr.sys
2010-12-16 21:11:49 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2010-12-16 21:11:49 ----A---- C:\WINDOWS\system32\msconf.dll
2010-12-16 21:11:49 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2010-12-16 21:11:49 ----A---- C:\WINDOWS\system32\mnmdd.dll
2010-12-16 21:11:49 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2010-12-16 21:11:49 ----A---- C:\WINDOWS\system32\ils.dll
2010-12-16 21:11:46 ----D---- C:\Program Files\NetMeeting
2010-12-16 21:11:46 ----A---- C:\WINDOWS\system32\msoert2.dll
2010-12-16 21:11:46 ----A---- C:\WINDOWS\system32\msoeacct.dll
2010-12-16 21:11:45 ----A---- C:\WINDOWS\system32\inetres.dll
2010-12-16 21:11:45 ----A---- C:\WINDOWS\system32\inetcomm.dll
2010-12-16 21:11:43 ----D---- C:\Program Files\Outlook Express
2010-12-16 21:11:43 ----A---- C:\WINDOWS\system32\schedsvc.dll
2010-12-16 21:11:43 ----A---- C:\WINDOWS\system32\mstinit.exe
2010-12-16 21:11:43 ----A---- C:\WINDOWS\system32\mstask.dll
2010-12-16 21:11:42 ----A---- C:\WINDOWS\system32\isign32.dll
2010-12-16 21:11:42 ----A---- C:\WINDOWS\system32\inetcfg.dll
2010-12-16 21:11:42 ----A---- C:\WINDOWS\system32\icwphbk.dll
2010-12-16 21:11:42 ----A---- C:\WINDOWS\system32\icwdial.dll
2010-12-16 21:11:36 ----D---- C:\Program Files\Common Files\System
2010-12-16 21:11:35 ----D---- C:\Program Files\Internet Explorer
2010-12-16 21:11:15 ----D---- C:\Program Files\ComPlus Applications
2010-12-16 21:11:14 ----A---- C:\WINDOWS\vbaddin.ini
2010-12-16 21:11:14 ----A---- C:\WINDOWS\vb.ini
2010-12-16 21:11:10 ----D---- C:\WINDOWS\Registration
2010-12-16 21:11:04 ----D---- C:\Program Files\Windows Media Player
2010-12-16 21:11:04 ----D---- C:\Program Files\Online Services
2010-12-16 21:10:59 ----D---- C:\Program Files\Messenger
2010-12-16 21:10:55 ----D---- C:\Program Files\MSN Gaming Zone
2010-12-16 21:10:55 ----A---- C:\WINDOWS\system32\write.exe
2010-12-16 21:10:44 ----A---- C:\WINDOWS\system32\sndvol32.exe
2010-12-16 21:10:44 ----A---- C:\WINDOWS\system32\hticons.dll
2010-12-16 21:10:44 ----A---- C:\WINDOWS\system32\avwav.dll
2010-12-16 21:10:44 ----A---- C:\WINDOWS\system32\avtapi.dll
2010-12-16 21:10:44 ----A---- C:\WINDOWS\system32\avmeter.dll
2010-12-16 21:10:43 ----A---- C:\WINDOWS\system32\winchat.exe
2010-12-16 21:10:35 ----A---- C:\WINDOWS\system32\getuname.dll
2010-12-16 21:10:34 ----A---- C:\WINDOWS\system32\winmine.exe
2010-12-16 21:10:34 ----A---- C:\WINDOWS\system32\sol.exe
2010-12-16 21:10:34 ----A---- C:\WINDOWS\system32\mshearts.exe
2010-12-16 21:10:34 ----A---- C:\WINDOWS\system32\charmap.exe
2010-12-16 21:10:34 ----A---- C:\WINDOWS\system32\calc.exe
2010-12-16 21:10:33 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2010-12-16 21:10:33 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2010-12-16 21:10:33 ----A---- C:\WINDOWS\system32\tslabels.ini
2010-12-16 21:10:33 ----A---- C:\WINDOWS\system32\tskill.exe
2010-12-16 21:10:33 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2010-12-16 21:10:33 ----A---- C:\WINDOWS\system32\tscon.exe
2010-12-16 21:10:33 ----A---- C:\WINDOWS\system32\shadow.exe
2010-12-16 21:10:33 ----A---- C:\WINDOWS\system32\rwinsta.exe
2010-12-16 21:10:33 ----A---- C:\WINDOWS\system32\reset.exe
2010-12-16 21:10:33 ----A---- C:\WINDOWS\system32\regini.exe
2010-12-16 21:10:33 ----A---- C:\WINDOWS\system32\freecell.exe
2010-12-16 21:10:32 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2010-12-16 21:10:32 ----A---- C:\WINDOWS\system32\qwinsta.exe
2010-12-16 21:10:32 ----A---- C:\WINDOWS\system32\qappsrv.exe
2010-12-16 21:10:32 ----A---- C:\WINDOWS\system32\msg.exe
2010-12-16 21:10:32 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2010-12-16 21:10:32 ----A---- C:\WINDOWS\system32\logoff.exe
2010-12-16 21:10:32 ----A---- C:\WINDOWS\system32\cdmodem.dll
2010-12-16 21:10:31 ----A---- C:\WINDOWS\system32\stclient.dll
2010-12-16 21:10:31 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2010-12-16 21:10:31 ----A---- C:\WINDOWS\system32\mtxex.dll
2010-12-16 21:10:31 ----A---- C:\WINDOWS\system32\mtxdm.dll
2010-12-16 21:10:31 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2010-12-16 21:10:31 ----A---- C:\WINDOWS\system32\comrepl.dll
2010-12-16 21:10:31 ----A---- C:\WINDOWS\system32\comaddin.dll
2010-12-16 21:10:30 ----A---- C:\WINDOWS\system32\comsnap.dll
2010-12-16 21:10:25 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2010-12-16 21:10:18 ----D---- C:\Program Files\MSN
2010-12-16 21:10:17 ----A---- C:\WINDOWS\system32\sndrec32.exe
2010-12-16 21:10:17 ----A---- C:\WINDOWS\system32\mplay32.exe
2010-12-16 21:10:17 ----A---- C:\WINDOWS\system32\hypertrm.dll
2010-12-16 21:10:17 ----A---- C:\WINDOWS\system32\accwiz.exe
2010-12-16 21:10:16 ----D---- C:\Program Files\Windows NT
2010-12-16 21:10:16 ----A---- C:\WINDOWS\system32\spider.exe
2010-12-16 21:10:16 ----A---- C:\WINDOWS\system32\mspaint.exe
2010-12-16 21:10:16 ----A---- C:\WINDOWS\system32\drivers\tdtcp.sys
2010-12-16 21:10:16 ----A---- C:\WINDOWS\system32\drivers\tdpipe.sys
2010-12-16 21:10:16 ----A---- C:\WINDOWS\system32\clipbrd.exe
2010-12-16 21:10:15 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2010-12-16 21:10:15 ----A---- C:\WINDOWS\system32\sessmgr.exe
2010-12-16 21:10:15 ----A---- C:\WINDOWS\system32\remotepg.dll
2010-12-16 21:10:15 ----A---- C:\WINDOWS\system32\rdshost.exe
2010-12-16 21:10:15 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2010-12-16 21:10:15 ----A---- C:\WINDOWS\system32\rdchost.dll
2010-12-16 21:10:15 ----A---- C:\WINDOWS\system32\mstscax.dll
2010-12-16 21:10:15 ----A---- C:\WINDOWS\system32\mstsc.exe
2010-12-16 21:10:15 ----A---- C:\WINDOWS\system32\drivers\rdpwd.sys
2010-12-16 21:10:14 ----D---- C:\WINDOWS\system32\MsDtc
2010-12-16 21:10:14 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2010-12-16 21:10:14 ----A---- C:\WINDOWS\system32\termsrv.dll
2010-12-16 21:10:14 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2010-12-16 21:10:14 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2010-12-16 21:10:14 ----A---- C:\WINDOWS\system32\rdpclip.exe
2010-12-16 21:10:14 ----A---- C:\WINDOWS\system32\qprocess.exe
2010-12-16 21:10:14 ----A---- C:\WINDOWS\system32\mtxoci.dll
2010-12-16 21:10:14 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2010-12-16 21:10:14 ----A---- C:\WINDOWS\system32\icaapi.dll
2010-12-16 21:10:14 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2010-12-16 21:10:13 ----A---- C:\WINDOWS\system32\xolehlp.dll
2010-12-16 21:10:13 ----A---- C:\WINDOWS\system32\msdtctm.dll
2010-12-16 21:10:13 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2010-12-16 21:10:13 ----A---- C:\WINDOWS\system32\msdtclog.dll
2010-12-16 21:10:13 ----A---- C:\WINDOWS\system32\msdtc.exe
2010-12-16 21:10:12 ----D---- C:\WINDOWS\system32\Com
2010-12-16 21:10:12 ----A---- C:\WINDOWS\system32\comuid.dll
2010-12-16 21:10:12 ----A---- C:\WINDOWS\system32\comsvcs.dll
2010-12-16 21:10:12 ----A---- C:\WINDOWS\system32\colbact.dll
2010-12-16 21:10:12 ----A---- C:\WINDOWS\system32\clbcatex.dll
2010-12-16 21:10:12 ----A---- C:\WINDOWS\system32\catsrvut.dll
2010-12-16 21:10:12 ----A---- C:\WINDOWS\system32\catsrvps.dll
2010-12-16 21:10:12 ----A---- C:\WINDOWS\system32\catsrv.dll
2010-12-16 21:10:11 ----A---- C:\WINDOWS\system32\clbcatq.dll
2010-12-16 21:10:06 ----A---- C:\WINDOWS\system32\servdeps.dll
2010-12-16 21:10:06 ----A---- C:\WINDOWS\system32\mmfutil.dll
2010-12-16 21:10:06 ----A---- C:\WINDOWS\system32\licwmi.dll
2010-12-16 21:10:06 ----A---- C:\WINDOWS\system32\cmprops.dll
2010-12-16 21:10:03 ----A---- C:\WINDOWS\system32\drivers\rdpdr.sys
2010-12-16 21:10:02 ----A---- C:\WINDOWS\system32\drivers\termdd.sys
2010-12-08 04:12:38 ----A---- C:\WINDOWS\system32\drivers\avgldx86.sys

======List of files/folders modified in the last 1 months======

2010-12-16 22:08:27 ----A---- C:\WINDOWS\system.ini
2010-12-16 21:13:54 ----A---- C:\WINDOWS\win.ini
2010-12-16 21:13:37 ----ASH---- C:\WINDOWS\fonts\desktop.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AVGIDSEH;AVGIDSEH; C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys [2010-09-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver; C:\WINDOWS\system32\DRIVERS\avgrkx86.sys [2010-09-07 26064]
R0 giveio;giveio; C:\WINDOWS\system32\giveio.sys [1996-04-03 5248]
R0 ohci1394;Texas Instruments OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 speedfan;speedfan; C:\WINDOWS\system32\speedfan.sys [2006-09-24 5248]
R1 Avgldx86;AVG AVI Loader Driver; C:\WINDOWS\system32\DRIVERS\avgldx86.sys [2010-12-08 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield; C:\WINDOWS\system32\DRIVERS\avgmfx86.sys [2010-09-07 34384]
R1 Avgtdix;AVG TDI Driver; C:\WINDOWS\system32\DRIVERS\avgtdix.sys [2010-11-12 299984]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R2 cpuz135;cpuz135; \??\C:\WINDOWS\system32\drivers\cpuz135_x32.sys []
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-12-21 2843136]
R3 AVGIDSDriver;AVGIDSDriver; C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys [2010-08-19 123472]
R3 AVGIDSFilter;AVGIDSFilter; C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys [2010-08-19 30288]
R3 AVGIDSShim;AVGIDSShim; C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys [2010-08-19 26192]
R3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2007-09-26 254872]
R3 HdAudAddService;ATI Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\AtiHdAud.sys [2006-12-28 84992]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HECI;Intel® Management Engine Interface; C:\WINDOWS\system32\DRIVERS\HECI.sys [2007-03-13 44672]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 STHDA;IDT High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2009-03-12 1550613]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys []
S3 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2009-11-12 7168]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-12-21 512000]
R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2010-11-23 6128208]
R2 avgwd;AVG WatchDog; C:\Program Files\AVG\AVG10\avgwdsvc.exe [2010-10-22 265400]
R2 NMSAccess;NMSAccess; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2010-03-04 71096]
R2 PSI_SVC_2;Protexis Licensing V2; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2010-03-10 189728]
R2 STacSV;Audio Service; c:\program files\idt\intelxpv_v103\wdm\STacSV.exe [2009-03-12 254036]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2007-12-20 593920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 SwitchBoard;SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 wampapache;wampapache; D:\ratko\wamp\bin\apache\apache2.2.11\bin\httpd.exe [2008-12-10 24636]
S3 wampmysqld;wampmysqld; D:\ratko\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe [2009-06-17 6582912]
S4 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

info.txt

info.txt logfile of random's system information tool 1.08 2010-12-29 19:29:05

======Uninstall list======

-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent-->"C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Community Help-->msiexec /qb /x {0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}
Adobe Community Help-->MsiExec.exe /I{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}
Adobe Flash Player 10 ActiveX-->MsiExec.exe /X{6E9EF98E-259E-416D-B5F8-0ABDB99942CE}
Adobe Flash Player 10 Plugin-->MsiExec.exe /X{BC41C09D-FAA9-4346-9FE6-1E0017BC551A}
Adobe Media Player-->msiexec /qb /x {DE3A9DC5-9A5D-6485-9662-347162C7E4CA}
Adobe Media Player-->MsiExec.exe /I{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}
Adobe Reader X-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AA0000000001}
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI AVIVO Codecs-->MsiExec.exe /I{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI Problem Report Wizard-->MsiExec.exe /X{5DA6F06A-B389-407B-BF8C-1548767914D8}
AVG 2011-->"C:\Program Files\AVG\AVG10\avgmfapx.exe" /AppMode=SETUP /Uninstall
AVG 2011-->MsiExec.exe /I{04E7A3BB-DB38-481C-A809-35FA60C78EDF}
AVG 2011-->MsiExec.exe /I{F4C68898-EBA5-46A9-82B3-2D30426086BF}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
CDBurnerXP-->"C:\Program Files\CDBurnerXP\unins000.exe"
Corel Graphics - Windows Shell Extension-->c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellUninst.exe -ProductCode {B922902F-E9E9-4AD9-B87D-7F62FA9EA1AD} -arp
Corel Graphics - Windows Shell Extension-->MsiExec.exe /X{B922902F-E9E9-4AD9-B87D-7F62FA9EA1AD}
CorelDRAW Graphics Suite X5 - IPM-->MsiExec.exe /I{DE6CBC04-8673-4DBA-BA81-07F1639CEB5F}
CorelDRAW Graphics Suite X5 - WT-->MsiExec.exe /I{9244E956-5939-4B88-930C-0699D4AB2B95}
CorelDRAW® Graphics Suite X5-->c:\Program Files\Corel\CorelDRAW Graphics Suite X5\Setup\SetupARP.exe /arp
CPUID HWMonitor 1.17-->"C:\Program Files\CPUID\HWMonitor\unins000.exe"
FileZilla Client 3.3.5.1-->C:\Program Files\FileZilla FTP Client\uninstall.exe
GOM Player-->"C:\Program Files\GRETECH\GomPlayer\Uninstall.exe"
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)-->C:\WINDOWS\system32\msiexec.exe /package {AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)-->C:\WINDOWS\system32\msiexec.exe /package {AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)-->C:\WINDOWS\system32\msiexec.exe /package {AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)-->C:\WINDOWS\system32\msiexec.exe /package {AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)-->C:\WINDOWS\system32\msiexec.exe /package {AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Windows XP (KB942288-v3)-->"C:\WINDOWS\$NtUninstallKB942288-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB958655-v2)-->"C:\WINDOWS\$NtUninstallKB958655-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB969084)-->"C:\WINDOWS\$NtUninstallKB969084$\spuninst\spuninst.exe"
IDT Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}\setup.exe" -remove -removeonly
Intel® Management Engine Interface-->C:\WINDOWS\system32\heciudlg.exe -uninstall
Intel® PRO Network Connections 12.1.12.0-->MsiExec.exe /i{777CA40C-0206-4EF6-A0FC-618BF06BF8D0} ARPREMOVE=1
K-Lite Codec Pack 6.6.0 (Standard)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual Studio Tools for Applications 2.0 - ENU-->MsiExec.exe /X{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}
Microsoft Visual Studio Tools for Applications 2.0 Runtime-->MsiExec.exe /X{299C0434-4F4E-341F-A916-4E07AEB35E79}
Microsoft_VC80_ATL_x86-->MsiExec.exe /I{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}
Microsoft_VC80_CRT_x86-->MsiExec.exe /I{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}
Microsoft_VC80_MFC_x86-->MsiExec.exe /I{D1A19B02-817E-4296-A45B-07853FD74D57}
Microsoft_VC80_MFCLOC_x86-->MsiExec.exe /I{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}
Microsoft_VC90_ATL_x86-->MsiExec.exe /I{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}
Microsoft_VC90_CRT_x86-->MsiExec.exe /I{08D2E121-7F6A-43EB-97FD-629B44903403}
Microsoft_VC90_MFC_x86-->MsiExec.exe /I{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}
Mozilla Firefox (3.6.13)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML 4.0 SP3 Parser (KB973685)-->MsiExec.exe /I{859DFA95-E4A6-48CD-B88E-A3E483E89B44}
PDF Settings CS5-->MsiExec.exe /I{A78FE97A-C0C8-49CE-89D0-EDD524A17392}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Media Player (KB2378111)-->"C:\WINDOWS\$NtUninstallKB2378111_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB975558)-->"C:\WINDOWS\$NtUninstallKB975558_WM8$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2079403)-->"C:\WINDOWS\$NtUninstallKB2079403$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2115168)-->"C:\WINDOWS\$NtUninstallKB2115168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2121546)-->"C:\WINDOWS\$NtUninstallKB2121546$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2124261)-->"C:\WINDOWS\$NtUninstallKB2124261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2229593)-->"C:\WINDOWS\$NtUninstallKB2229593$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2259922)-->"C:\WINDOWS\$NtUninstallKB2259922$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2279986)-->"C:\WINDOWS\$NtUninstallKB2279986$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2286198)-->"C:\WINDOWS\$NtUninstallKB2286198$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2290570)-->"C:\WINDOWS\$NtUninstallKB2290570$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2296011)-->"C:\WINDOWS\$NtUninstallKB2296011$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2347290)-->"C:\WINDOWS\$NtUninstallKB2347290$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2360131)-->"C:\WINDOWS\$NtUninstallKB2360131$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2360937)-->"C:\WINDOWS\$NtUninstallKB2360937$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2387149)-->"C:\WINDOWS\$NtUninstallKB2387149$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953155)-->"C:\WINDOWS\$NtUninstallKB953155$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970483)-->"C:\WINDOWS\$NtUninstallKB970483$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975254)-->"C:\WINDOWS\$NtUninstallKB975254$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979687)-->"C:\WINDOWS\$NtUninstallKB979687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980436)-->"C:\WINDOWS\$NtUninstallKB980436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981322)-->"C:\WINDOWS\$NtUninstallKB981322$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981852)-->"C:\WINDOWS\$NtUninstallKB981852$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981957)-->"C:\WINDOWS\$NtUninstallKB981957$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981997)-->"C:\WINDOWS\$NtUninstallKB981997$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982132)-->"C:\WINDOWS\$NtUninstallKB982132$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982665)-->"C:\WINDOWS\$NtUninstallKB982665$\spuninst\spuninst.exe"
SpeedFan (remove only)-->"C:\Program Files\SpeedFan\uninstall.exe"
Update for Windows XP (KB2345886)-->"C:\WINDOWS\$NtUninstallKB2345886$\spuninst\spuninst.exe"
Update for Windows XP (KB958752)-->"C:\WINDOWS\$NtUninstallKB958752$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971029)-->"C:\WINDOWS\$NtUninstallKB971029$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
WampServer 2.0-->"D:\ratko\wamp\unins000.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR 4.00 beta 2 (32-bit)-->C:\Program Files\WinRAR\uninstall.exe

======Hosts File======


======Security center information======

AV: AVG Anti-Virus Free Edition 2011

======System event log======

Computer Name: HOME-419A041E07
Event Code: 7001
Message: The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error:
A device attached to the system is not functioning.


Record Number: 730
Source Name: Service Control Manager
Time Written: 20101217172448.000000+060
Event Type: error
User:

Computer Name: HOME-419A041E07
Event Code: 10005
Message: DCOM got error "%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Record Number: 729
Source Name: DCOM
Time Written: 20101217172341.000000+060
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: HOME-419A041E07
Event Code: 10005
Message: DCOM got error "%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Record Number: 207
Source Name: DCOM
Time Written: 20101216214337.000000+060
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: HOME-419A041E07
Event Code: 10005
Message: DCOM got error "%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Record Number: 206
Source Name: DCOM
Time Written: 20101216214322.000000+060
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: HOME-419A041E07
Event Code: 10005
Message: DCOM got error "%1084" attempting to start the service MSIServer with arguments ""
in order to run the server:
{000C101C-0000-0000-C000-000000000046}

Record Number: 205
Source Name: DCOM
Time Written: 20101216214320.000000+060
Event Type: error
User: HOME-419A041E07\Nemo

=====Application event log=====

Computer Name: HOME-419A041E07
Event Code: 5603
Message: A provider, Rsop Planning Mode Provider, has been registered in the WMI namespace, root\RSOP, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality.

Record Number: 18
Source Name: WinMgmt
Time Written: 20101216211338.000000+060
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: HOME-419A041E07
Event Code: 5603
Message: A provider, Rsop Planning Mode Provider, has been registered in the WMI namespace, root\RSOP, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality.

Record Number: 17
Source Name: WinMgmt
Time Written: 20101216211338.000000+060
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: HOME-419A041E07
Event Code: 63
Message: A provider, CmdTriggerConsumer, has been registered in the WMI namespace, Root\cimv2, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Record Number: 13
Source Name: WinMgmt
Time Written: 20101216211131.000000+060
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: HOME-419A041E07
Event Code: 63
Message: A provider, CmdTriggerConsumer, has been registered in the WMI namespace, Root\cimv2, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Record Number: 12
Source Name: WinMgmt
Time Written: 20101216211131.000000+060
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: HOME-419A041E07
Event Code: 63
Message: A provider, HiPerfCooker_v1, has been registered in the WMI namespace, Root\WMI, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Record Number: 11
Source Name: WinMgmt
Time Written: 20101216211130.000000+060
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Intel\DMIX;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=1706
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

Edited by Nemo_one, 29 December 2010 - 01:34 PM.


#9 Judicandus

Judicandus

    Bleepin' Pasta


  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Around the world
  • Local time:04:13 AM

Posted 30 December 2010 - 09:44 AM

Hi Nemo,

It seems like your problem isn't caused by malware.

Were your connection slow also when you had Kaspersky installed?

#10 Nemo_one

Nemo_one
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 31 December 2010 - 01:53 AM

Hi,

Yes, connection was slow when i had Kaspersky installed (Kaspersky Internet Security 2011 trial), but after the uninstall - it still had some slow downs and Firefox opened really slow. Also, there was a slowdown in disk performance while browsing files. This happened only when network connection was enabled.

Its strange, because this slowdown wasnt present before that thermaltake.com aspx web page background said "Hacked by Coiff" ... something. Could the problem / malware be on my second partition D:/ ?

#11 Judicandus

Judicandus

    Bleepin' Pasta


  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Around the world
  • Local time:04:13 AM

Posted 02 January 2011 - 07:33 PM

hi nemo,

Please try running gmer again and do a scan.
Right click the .text entries and select "restore code".

After you did that, please run rootkit unhooker:

Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

#12 Nemo_one

Nemo_one
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 03 January 2011 - 03:12 AM

Hi Judicandus,

Happy New Year!

I will run gmer and Rootkit Unhooker today in the afternoon, and post the report here. Thanks for the help!

#13 Nemo_one

Nemo_one
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 03 January 2011 - 02:59 PM

I have done gmer scan again, and restored .text entries, but after that winXP just froze - so i had to restart.
This is a Rootkit Unhooker report:

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xB9AA0000 C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 3174400 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)
0xBF16B000 C:\WINDOWS\System32\ati3duag.dll 3121152 bytes (ATI Technologies Inc. , ati3duag.dll)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2150400 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2150400 bytes
0x804D7000 RAW 2150400 bytes
0x804D7000 WMIxWDM 2150400 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xBF465000 C:\WINDOWS\System32\ativvaxx.dll 1662976 bytes (ATI Technologies Inc. , Radeon Video Acceleration Universal Driver)
0xAD273000 C:\WINDOWS\system32\drivers\sthda.sys 1490944 bytes (IDT, Inc., IDT PC Audio)
0xB9E47000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xBF058000 C:\WINDOWS\System32\ati2cqag.dll 499712 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)
0xACFCC000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xBF0D2000 C:\WINDOWS\System32\atikvmag.dll 450560 bytes (ATI Technologies Inc., Virtual Command And Memory Manager)
0xB985E000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xAD1BF000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xAA397000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xAD177000 C:\WINDOWS\system32\DRIVERS\avgtdix.sys 294912 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)
0xBF012000 C:\WINDOWS\System32\ati2dvag.dll 286720 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xB9A23000 C:\WINDOWS\system32\DRIVERS\e1e5132.sys 266240 bytes (Intel Corporation, Intel® PRO/1000 Adapter NDIS 5.2 deserialized driver)
0xA9F1E000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xACF68000 C:\WINDOWS\system32\DRIVERS\avgldx86.sys 245760 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)
0xB995C000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xB9F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xAA4DF000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB9E1A000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xBF140000 C:\WINDOWS\System32\atiok3x2.dll 176128 bytes (ATI Technologies Inc., Ring 0 x2 component)
0xAD03C000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xAA2F7000 C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys 163840 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Driver.)
0xB9A64000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xAD089000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB9F23000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xAD151000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xAD7D6000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB99FF000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB99DC000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xAD067000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806E4000 ACPI_HAL 134400 bytes
0x806E4000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB9EEB000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB9F49000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xAD7FA000 C:\WINDOWS\system32\drivers\AtiHdAud.sys 106496 bytes (ATI Research Inc., Ati High Definition Audio Function Driver)
0xB9E00000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB9F0B000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xACED8000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xB9ED4000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB99C5000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xAA87A000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB9A8C000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xAD218000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xB9F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB998C000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xBA278000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xBA2D8000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xBA2A8000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xBA0B8000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xBA2B8000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xBA1F8000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xBA188000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xBA2E8000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xB992C000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xBA198000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBA0C8000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xBA108000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xBA2F8000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xBA0E8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xBA1C8000 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys 49152 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)
0xBA318000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xBA228000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xBA298000 C:\WINDOWS\system32\DRIVERS\HECI.sys 45056 bytes (Intel Corporation, Intel® Management Engine Interface)
0xBA2C8000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xBA0D8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xBA308000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xAA66C000 C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys 40960 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Filter Driver.)
0xAA574000 C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys 40960 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Loader Driver.)
0xBA0A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xBA158000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xBA148000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xBA118000 AVGIDSEH.Sys 36864 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Helper Driver.)
0xAA544000 C:\WINDOWS\system32\drivers\cpuz135_x32.sys 36864 bytes (CPUID, CPUID Driver)
0xBA0F8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xBA208000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xBA288000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xBA138000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xBA218000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xA9C93000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xBA1E8000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xBA418000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xBA3B8000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xBA3C0000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xBA400000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xBA328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xBA3E0000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xBA3E8000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xBA3B0000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xBA408000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xBA338000 avgrkx86.sys 20480 bytes (AVG Technologies CZ, s.r.o., AVG Anti-Rootkit Driver)
0xBA410000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xBA3D0000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xBA3D8000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xBA3C8000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xBA430000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xB99AD000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xBA588000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xAABA3000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xBA564000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xACF54000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xB99BD000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xB99B9000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xBA56C000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xBA54C000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xBA5C2000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xBA5AC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xBA600000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xBA5C0000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xBA5C4000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xBA5C6000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xBA5AE000 speedfan.sys 8192 bytes
0xBA5B8000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xBA5BC000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xBA5AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xBA725000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xBA6E0000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xBA671000 giveio.sys 4096 bytes
0xBA7F3000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================
0x05460000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Wizard.DLL [ EPROCESS 0x8A1ECA48 ] PID: 476, 102400 bytes
0x00D10000 Hidden Image-->MOM.Implementation.DLL [ EPROCESS 0x8A2406A0 ] PID: 292, 110592 bytes
0x03940000 Hidden Image-->MOM.Implementation.DLL [ EPROCESS 0x8A1ECA48 ] PID: 476, 110592 bytes
0x05AC0000 Hidden Image-->CLI.Aspect.VPURecover.Graphics.Dashboard.DLL [ EPROCESS 0x8A1ECA48 ] PID: 476, 110592 bytes
0x053E0000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Dashboard.DLL [ EPROCESS 0x8A1ECA48 ] PID: 476, 126976 bytes
0x05370000 Hidden Image-->CLI.Aspect.Welcome.Graphics.Dashboard.DLL [ EPROCESS 0x8A1ECA48 ] PID: 476, 143360 bytes
0x05EF0000 Hidden Image-->CLI.Component.Dashboard.DLL [ EPROCESS 0x8A1ECA48 ] PID: 476, 1519616 bytes
0x057B0000 Hidden Image-->CLI.Aspect.DisplaysManager.Graphics.Wizard.DLL [ EPROCESS 0x8A1ECA48 ] PID: 476, 1683456 bytes
0x05950000 Hidden Image-->CLI.Aspect.InfoCentre.Graphics.Wizard.DLL [ EPROCESS 0x8A1ECA48 ] PID: 476, 208896 bytes
0x053A0000 Hidden Image-->CLI.Aspect.InfoCentre.Graphics.Dashboard.DLL [ EPROCESS 0x8A1ECA48 ] PID: 476, 225280 bytes
0x04560000 Hidden Image-->CLI.Caste.Graphics.Runtime.DLL [ EPROCESS 0x8A1ECA48 ] PID: 476, 266240 bytes
0x00EE0000 Hidden Image-->MOM.Foundation.DLL [ EPROCESS 0x8A2406A0 ] PID: 292, 28672 bytes
0x01170000 Hidden Image-->LOG.Foundation.Implementation.Private.DLL [ EPROCESS 0x8A2406A0 ] PID: 292, 28672 bytes
0x052E0000 Hidden Image-->CLI.Component.Client.Shared.DLL [ EPROCESS 0x8A1ECA48 ] PID: 476, 28672 bytes
0x04610000 Hidden Image-->AEM.Plugin.GD.Shared.DLL [ EPROCESS 0x8A1ECA48 ] PID: 476, 28672 bytes
0x03BE0000 Hidden Image-->AEM.Plugin.Hotkeys.Shared.DLL [ EPROCESS 0x8A1ECA48 ] PID: 476, 28672 bytes
0x03A50000 Hidden Image-->CLI.Component.Runtime.Extension.EEU.DLL [ EPROCESS 0x8A1ECA48 ] PID: 476, 28672 bytes
0x00DD0000 Hidden Image-->LOG.Foundation.Implementation.Private.DLL [ EPROCESS 0x8A1ECA48 ] PID: 476, 28672 bytes
0x00DB0000 Hidden Image-->MOM.Foundation.DLL [ EPROCESS 0x8A1ECA48 ] PID: 476, 28672 bytes
0x03A00000 Hidden Image-->CLI.Component.Runtime.Shared.DLL [ EPROCESS 0x8A1ECA48 ] PID: 476, 28672 bytes
0x03A90000 Hidden Image-->AEM.Plugin.EEU.Shared.DLL [ EPROCESS 0x8A1ECA48 ] PID: 476, 28672 bytes
0x03BA0000 Hidden Image-->AEM.Server.Shared.DLL [ EPROCESS 0x8A1ECA48 ] PID: 476, 28672 bytes
0x03BC0000 Hidden Image-->AEM.Plugin.DPPE.Shared.DLL [ EPROCESS 0x8A1ECA48 ] PID: 476, 28672 bytes
0x03C20000 Hidden Image-->DEM.Graphics.DLL [ EPROCESS 0x8A1ECA48 ] PID: 476, 28672 bytes
0x03C10000 Hidden Image-->DEM.Foundation.DLL [ EPROCESS 0x8A1ECA48 ] PID: 476, 28672 bytes
0x04440000 Hidden Image-->AEM.Actions.CCAA.Shared.DLL [ EPROCESS 0x8A1ECA48 ] PID: 476, 28672 bytes
0x045D0000 Hidden Image-->DEM.OS.DLL [ EPROCESS 0x8A1ECA48 ] PID: 476, 28672 bytes
0x045C0000 Hidden Image-->DEM.OS.I0602.DLL [ EPROCESS 0x8A1ECA48 ] PID: 476, 28672 bytes
0x045E0000 Hidden Image-->DEM.Graphics.I0709.dll [ EPROCESS 0x8A1ECA48 ] PID: 476, 28672 bytes
0x04680000 Hidden Image-->CLI.Aspect.HotkeysHandling.Graphics.Runtime.DLL [ EPROCESS 0x8A1ECA48 ] PID: 476, 28672 bytes
0x04690000 Hidden Image-->CLI.Caste.Graphics.Runtime.Shared.Private.DLL [ EPROCESS 0x8A1ECA48 ] PID: 476, 28672 bytes
0x047B0000 Hidden Image-->CLI.Aspect.HotkeysHandling.Graphics.Shared.DLL [ EPROCESS 0x8A1ECA48 ] PID: 476, 28672 bytes
0x04820000 Hidden Image-->DEM.Graphics.I0706.DLL [ EPROCESS 0x8A1ECA48 ] PID: 476, 28672 bytes
0x049E0000 Hidden Image-->CLI.Aspect.VPURecover.Graphics.Shared.DLL [ EPROCESS 0x8A1ECA48 ] PID: 476, 28672 bytes
0x04A20000 Hidden Image-->DEM.Graphics.I0703.DLL [ EPROCESS 0x8A1ECA48 ] PID: 476, 28672 bytes
0x04C60000 Hidden Image-->APM.Foundation.DLL [ EPROCESS 0x8A1ECA48 ] PID: 476, 28672 bytes
0x052F0000 Hidden Image-->CLI.Component.Wizard.Shared.DLL [ EPROCESS 0x8A1ECA48 ] PID: 476, 28672 bytes
0x05300000 Hidden Image-->LOCALIZATION.Foundation.Private.DLL [ EPROCESS 0x8A1ECA48 ] PID: 476, 28672 bytes
0x05350000 Hidden Image-->CLI.Caste.Graphics.Dashboard.Shared.DLL [ EPROCESS 0x8A1ECA48 ] PID: 476, 28672 bytes
0x05450000 Hidden Image-->CLI.Caste.Graphics.Wizard.Shared.DLL [ EPROCESS 0x8A1ECA48 ] PID: 476, 28672 bytes
0x059B0000 Hidden Image-->atixclib.DLL [ EPROCESS 0x8A1ECA48 ] PID: 476, 28672 bytes
0x05A40000 Hidden Image-->CLI.Component.Dashboard.Shared.DLL [ EPROCESS 0x8A1ECA48 ] PID: 476, 28672 bytes
0x05A50000 Hidden Image-->CLI.Component.Dashboard.Shared.Private.DLL [ EPROCESS 0x8A1ECA48 ] PID: 476, 28672 bytes
0x01190000 Hidden Image-->System.Runtime.Remoting.dll [ EPROCESS 0x8A2406A0 ] PID: 292, 307200 bytes
0x00E10000 Hidden Image-->System.Runtime.Remoting.dll [ EPROCESS 0x8A1ECA48 ] PID: 476, 307200 bytes
0x065E0000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Dashboard.DLL [ EPROCESS 0x8A1ECA48 ] PID: 476, 339968 bytes
0x06640000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Dashboard.DLL [ EPROCESS 0x8A1ECA48 ] PID: 476, 364544 bytes
0x03AF0000 Hidden Image-->NEWAEM.Foundation.DLL [ EPROCESS 0x8A2406A0 ] PID: 292, 36864 bytes
0x04900000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Shared.DLL [ EPROCESS 0x8A1ECA48 ] PID: 476, 36864 bytes
0x03960000 Hidden Image-->CLI.Foundation.XManifest.DLL [ EPROCESS 0x8A1ECA48 ] PID: 476, 36864 bytes
0x03A30000 Hidden Image-->NEWAEM.Foundation.DLL [ EPROCESS 0x8A1ECA48 ] PID: 476, 36864 bytes
0x03A60000 Hidden Image-->AEM.Foundation.DLL [ EPROCESS 0x8A1ECA48 ] PID: 476, 36864 bytes
0x045B0000 Hidden Image-->ACE.Graphics.DisplaysManager.Shared.DLL [ EPROCESS 0x8A1ECA48 ] PID: 476, 36864 bytes
0x047F0000 Hidden Image-->CLI.Aspect.CustomFormats.Graphics.Shared.DLL [ EPROCESS 0x8A1ECA48 ] PID: 476, 36864 bytes
0x048E0000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Shared.DLL [ EPROCESS 0x8A1ECA48 ] PID: 476, 36864 bytes
0x04960000 Hidden Image-->CLI.Aspect.DeviceLCD.Graphics.Shared.DLL [ EPROCESS 0x8A1ECA48 ] PID: 476, 36864 bytes
0x049D0000 Hidden Image-->CLI.Aspect.VPURecover.Graphics.Runtime.DLL [ EPROCESS 0x8A1ECA48 ] PID: 476, 36864 bytes
0x05310000 Hidden Image-->CLI.Component.Wizard.Shared.Private.DLL [ EPROCESS 0x8A1ECA48 ] PID: 476, 36864 bytes
0x05320000 Hidden Image-->LOCALIZATION.Foundation.Implementation.DLL [ EPROCESS 0x8A1ECA48 ] PID: 476, 36864 bytes
0x05BB0000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Wizard.DLL [ EPROCESS 0x8A1ECA48 ] PID: 476, 372736 bytes
0x03C40000 Hidden Image-->ATIDEMGX.dll [ EPROCESS 0x8A1ECA48 ] PID: 476, 380928 bytes
0x05B30000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Wizard.DLL [ EPROCESS 0x8A1ECA48 ] PID: 476, 413696 bytes
0x050C0000 Hidden Image-->CLI.Component.Systemtray.DLL [ EPROCESS 0x8A1ECA48 ] PID: 476, 421888 bytes
0x06170000 Hidden Image-->CLI.Aspect.DisplaysManager.Graphics.Dashboard.DLL [ EPROCESS 0x8A1ECA48 ] PID: 476, 446464 bytes
0x00D40000 Hidden Image-->LOG.Foundation.DLL [ EPROCESS 0x8A2406A0 ] PID: 292, 45056 bytes
0x00DB0000 Hidden Image-->LOG.Foundation.Private.DLL [ EPROCESS 0x8A2406A0 ] PID: 292, 45056 bytes
0x04950000 Hidden Image-->CLI.Aspect.DeviceLCD.Graphics.Runtime.DLL [ EPROCESS 0x8A1ECA48 ] PID: 476, 45056 bytes
0x00D80000 Hidden Image-->CCC.Implementation.DLL [ EPROCESS 0x8A1ECA48 ] PID: 476, 45056 bytes
0x00DA0000 Hidden Image-->LOG.Foundation.DLL [ EPROCESS 0x8A1ECA48 ] PID: 476, 45056 bytes
0x00E70000 Hidden Image-->LOG.Foundation.Private.DLL [ EPROCESS 0x8A1ECA48 ] PID: 476, 45056 bytes
0x03A10000 Hidden Image-->ATICCCom.DLL [ EPROCESS 0x8A1ECA48 ] PID: 476, 45056 bytes
0x04800000 Hidden Image-->CLI.Aspect.DeviceProperty.Graphics.Runtime.DLL [ EPROCESS 0x8A1ECA48 ] PID: 476, 45056 bytes
0x04830000 Hidden Image-->CLI.Aspect.DeviceProperty.Graphics.Shared.DLL [ EPROCESS 0x8A1ECA48 ] PID: 476, 45056 bytes
0x048F0000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Runtime.DLL [ EPROCESS 0x8A1ECA48 ] PID: 476, 45056 bytes
0x069E0000 Hidden Image-->CLI.Aspect.OverDrive5.Graphics.Dashboard.DLL [ EPROCESS 0x8A1ECA48 ] PID: 476, 454656 bytes
0x061E0000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Dashboard.DLL [ EPROCESS 0x8A1ECA48 ] PID: 476, 487424 bytes
0x05590000 Hidden Image-->CLI.Aspect.TransCode.Graphics.Wizard.DLL [ EPROCESS 0x8A1ECA48 ] PID: 476, 495616 bytes
0x05250000 Hidden Image-->CLI.Component.Wizard.DLL [ EPROCESS 0x8A1ECA48 ] PID: 476, 503808 bytes
0x012C0000 Hidden Image-->AEM.Server.DLL [ EPROCESS 0x8A2406A0 ] PID: 292, 53248 bytes
0x047E0000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Shared.DLL [ EPROCESS 0x8A1ECA48 ] PID: 476, 53248 bytes
0x039F0000 Hidden Image-->CLI.Foundation.Private.DLL [ EPROCESS 0x8A1ECA48 ] PID: 476, 53248 bytes
0x039E0000 Hidden Image-->CLI.Component.Runtime.Shared.Private.DLL [ EPROCESS 0x8A1ECA48 ] PID: 476, 53248 bytes
0x03A20000 Hidden Image-->AEM.Server.DLL [ EPROCESS 0x8A1ECA48 ] PID: 476, 53248 bytes
0x03BB0000 Hidden Image-->AEM.Plugin.Source.Kit.Server.DLL [ EPROCESS 0x8A1ECA48 ] PID: 476, 53248 bytes
0x03C00000 Hidden Image-->DEM.Graphics.I0601.DLL [ EPROCESS 0x8A1ECA48 ] PID: 476, 53248 bytes
0x048A0000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Runtime.DLL [ EPROCESS 0x8A1ECA48 ] PID: 476, 53248 bytes
0x04910000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Runtime.DLL [ EPROCESS 0x8A1ECA48 ] PID: 476, 53248 bytes
0x049B0000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Shared.DLL [ EPROCESS 0x8A1ECA48 ] PID: 476, 53248 bytes
0x04B40000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Shared.DLL [ EPROCESS 0x8A1ECA48 ] PID: 476, 53248 bytes
0x05130000 Hidden Image-->CLI.Component.Client.Shared.Private.DLL [ EPROCESS 0x8A1ECA48 ] PID: 476, 53248 bytes
0x05430000 Hidden Image-->CLI.Caste.Graphics.Wizard.DLL [ EPROCESS 0x8A1ECA48 ] PID: 476, 53248 bytes
0x05990000 Hidden Image-->CLI.Aspect.TransCode.Graphics.Shared.DLL [ EPROCESS 0x8A1ECA48 ] PID: 476, 53248 bytes
0x066A0000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Dashboard.DLL [ EPROCESS 0x8A1ECA48 ] PID: 476, 593920 bytes
0x00DC0000 Hidden Image-->CLI.Foundation.DLL [ EPROCESS 0x8A1ECA48 ] PID: 476, 61440 bytes
0x04210000 Hidden Image-->CLI.Caste.Graphics.Shared.DLL [ EPROCESS 0x8A1ECA48 ] PID: 476, 61440 bytes
0x04930000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Shared.DLL [ EPROCESS 0x8A1ECA48 ] PID: 476, 61440 bytes
0x04AD0000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Shared.DLL [ EPROCESS 0x8A1ECA48 ] PID: 476, 61440 bytes
0x04C50000 Hidden Image-->APM.Server.DLL [ EPROCESS 0x8A1ECA48 ] PID: 476, 61440 bytes
0x06310000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Dashboard.DLL [ EPROCESS 0x8A1ECA48 ] PID: 476, 675840 bytes
0x00DC0000 Hidden Image-->LOG.Foundation.Implementation.DLL [ EPROCESS 0x8A2406A0 ] PID: 292, 69632 bytes
0x04A40000 Hidden Image-->CLI.Aspect.OverDrive5.Graphics.Shared.DLL [ EPROCESS 0x8A1ECA48 ] PID: 476, 69632 bytes
0x00DE0000 Hidden Image-->LOG.Foundation.Implementation.DLL [ EPROCESS 0x8A1ECA48 ] PID: 476, 69632 bytes
0x04980000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Runtime.DLL [ EPROCESS 0x8A1ECA48 ] PID: 476, 69632 bytes
0x04AB0000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Runtime.DLL [ EPROCESS 0x8A1ECA48 ] PID: 476, 69632 bytes
0x05CC0000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Wizard.DLL [ EPROCESS 0x8A1ECA48 ] PID: 476, 700416 bytes
0x04880000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Shared.DLL [ EPROCESS 0x8A1ECA48 ] PID: 476, 77824 bytes
0x04640000 Hidden Image-->ATIDEMOS.DLL [ EPROCESS 0x8A1ECA48 ] PID: 476, 77824 bytes
0x047C0000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Runtime.DLL [ EPROCESS 0x8A1ECA48 ] PID: 476, 77824 bytes
0x049F0000 Hidden Image-->CLI.Aspect.OverDrive5.Graphics.Runtime.DLL [ EPROCESS 0x8A1ECA48 ] PID: 476, 77824 bytes
0x06810000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Dashboard.DLL [ EPROCESS 0x8A1ECA48 ] PID: 476, 806912 bytes
0x05330000 Hidden Image-->CLI.Caste.Graphics.Dashboard.DLL [ EPROCESS 0x8A1ECA48 ] PID: 476, 86016 bytes
0x04B20000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Runtime.DLL [ EPROCESS 0x8A1ECA48 ] PID: 476, 86016 bytes
0x039C0000 Hidden Image-->CLI.Component.Runtime.DLL [ EPROCESS 0x8A1ECA48 ] PID: 476, 86016 bytes
0x04850000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Runtime.DLL [ EPROCESS 0x8A1ECA48 ] PID: 476, 86016 bytes
0x06500000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Dashboard.DLL [ EPROCESS 0x8A1ECA48 ] PID: 476, 913408 bytes

#14 Nemo_one

Nemo_one
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 07 January 2011 - 01:58 PM

Hi, any info?

#15 Judicandus

Judicandus

    Bleepin' Pasta


  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Around the world
  • Local time:04:13 AM

Posted 07 January 2011 - 09:06 PM

Hi nemo,

I'm sorry for the delay. I lost track of some logs :)

Your logs all look ok.

please do this:

1. Uninstall AVG
2. Download and run the AVGremover tool:http://download.avg.com/filedir/util/support/avg_remover_stf_x86_2011_1184.exe
3. Restart your computer and reinstall AVG

Do the problems persist?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users