Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    North Korea's Elites Are Ditching Facebook for Chinese Social Networks

Featured Deal: Pay What You Want: The 2018 Machine Learning Bundle Deal

Photo

goingonearth virus / rootkit and possible other infections...

Started by nicoladastra , Apr 01 2011 05:41 PM

  • This topic is locked This topic is locked
13 replies to this topic

#1 nicoladastra

nicoladastra

  • Members
  • 9 posts
  • OFFLINE
    •  
  • Local time:01:32 AM

Posted 01 April 2011 - 05:41 PM

Hi there,

This is my first time in this forum, but it seems that here are competent people that can help me to remove the infections I have...

I found out some partial solutions on the Internet which made me somehow make my virus less strong (hopefully I have 2 partitions, the Windows 7 (installed on C) is really badly infected. First I had a blue screen at the start. Then with the help of my second partition and thanks to Antivir / Spybot / TDSSKiller and some other AntiSpyware software and also hijackthis (which is not update anymore it seems :(() I could access Windows 7 again, but with many issues. Now I am so far: I can use my Windows 7 partition, but I just cant get rid of the redirections from google into "goingonearth"... Also, I can not start Windows Security Center (this is just not there in services.msc anymore Oo)

Added to that, I found a topic on this forum where such a problem was being treated. Unfortunately the methods in use don't seem to apply in my case :(

I followed the guide and generated the required logs. First I post the DDS logs (including attachment); in my second post I will publish the gmer logs.

DDS :

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by KAOS at 0:20:36,14 on 02.04.2011
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_24
Microsoft Windows 7 Édition Intégrale 6.1.7601.1.1252.49.1033.18.3326.1290 [GMT 2:00]
.
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Programs\AV\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Translated.net\TAVUtility.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Voipwise.com\Voipwise\Voipwise.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe
C:\Windows\explorer.exe
C:\Program Files\Webroot\Security\current\plugins\antimalware\AEI.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\Jnidea.exe
C:\Users\KAOS\AppData\Local\Temp\Jlh.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\KAOS\Desktop\Defogger.exe
C:\Windows\system32\conhost.exe
C:\Users\KAOS\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.msn.fr/
mStart Page = about:blank
uURLSearchHooks: H - No File
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\programs\av\spybot~1\SDHelper.dll
BHO: NXIECatcher Class: {83b80a9c-d91a-4f22-8dcf-ea7204039f79} - c:\program files\xi\netxfer\NXIEHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
TB: NetXfer: {c16cbaac-a75c-4db5-a0dd-cdf5cafcdd3a} - c:\program files\xi\netxfer\NXToolBar.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [SpybotSD TeaTimer] "c:\programs\av\spybot - search & destroy\TeaTimer.exe"
uRun: [Sidebar] "c:\program files\windows sidebar\sidebar.exe" /autoRun
uRun: [ISUSPM Startup] "c:\progra~1\common~1\instal~1\update~1\isuspm.exe" -startup
uRun: [Tav] "c:\program files\translated.net\TAVUtility.exe"
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [Voipwise] "c:\program files\voipwise.com\voipwise\Voipwise.exe" -nosplash -minimized
mRun: [<NO NAME>]
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [lxdnmon.exe] "c:\program files\lexmark 2600 series\lxdnmon.exe"
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [WinampAgent] "c:\program files\audio\winamp\winampa.exe"
mRun: [InstantSpywareRemoval.exe] "c:\program files\instant spyware removal\InstantSpywareRemoval.exe"
mRun: [ISRHelper.exe] "c:\program files\instant spyware removal\ISRHelper.exe" -0
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [WebrootTrayApp] "c:\program files\webroot\security\current\framework\WRTray.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Alles mit NetXfer herunterladen - c:\program files\xi\netxfer\NXAddList.html
IE: An vorhandene PDF-Datei anfügen - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Consulter les dictionnaires (SYSTRAN) - c:\program files\systran\6\\GUIres.dll/lookup.js
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Herunterladen mit NetXfer - c:\program files\xi\netxfer\NXAddLink.html
IE: In Adobe PDF konvertieren - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Traduire (SYSTRAN) - c:\program files\systran\6\\GUIres.dll/translate.js
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\programs\av\spybot~1\SDHelper.dll
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/fr/scan8/oscan8.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15109/CTPID.cab
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\kaos\appdata\roaming\mozilla\firefox\profiles\txexgf62.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.fr
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60129.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\users\kaos\appdata\roaming\mozilla\firefox\profiles\txexgf62.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-3-30 239168]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-3-30 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2011-3-30 656320]
R2 ssfmonm;ssfmonm;c:\windows\system32\drivers\ssfmonm.sys [2011-4-1 45072]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-10-16 369256]
R2 WebrootSpySweeperService;Webroot Spy Sweeper-Engine;c:\program files\webroot\security\current\plugins\antimalware\AEI.exe [2011-4-1 3899008]
R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\security\current\framework\WRConsumerService.exe [2011-4-1 3251928]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-2 139776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SBSDWSCService;SBSD Security Center Service;c:\programs\av\spybot - search & destroy\SDWinSec.exe [2009-11-16 1153368]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 288112]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2009-11-16 79360]
S3 hcw95bda;Hauppauge MOD7700 Tuner Driver;c:\windows\system32\drivers\hcw95bda.sys [2011-3-12 573440]
S3 hcw95rc;Hauppauge MOD7700 IR Driver;c:\windows\system32\drivers\hcw95rc.sys [2011-3-12 15616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-3-16 15872]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2011-3-30 366840]
S3 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2011-3-30 1150936]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-3-16 52224]
S3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\wat\WatAdminSvc.exe [2011-3-16 1343400]
S4 AMService;AMService;c:\windows\temp\iumc\setup.exe run --> c:\windows\temp\iumc\setup.exe run [?]
S4 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
S4 NewServiceInstall1;NewServiceInstall1;c:\program files\sdl international\t2007\tt\lng\Dialogs1031.lng [2007-4-23 11264]
S4 SDL FLEXlm License Server;SDL FLEXlm License Server;c:\program files\sdl international\license server\lmgrd.exe [2007-2-22 1339392]
SUnknown tsusbhub;tsusbhub; [x]
.
=============== Created Last 30 ================
.
2011-04-01 22:14:09 164352 ----a-w- c:\windows\Jnidea.exe
2011-04-01 21:26:41 45072 ----a-w- c:\windows\system32\drivers\ssfmonm.sys
2011-04-01 21:26:41 24496 ----a-w- c:\windows\system32\drivers\sshrmd.sys
2011-04-01 21:26:41 182056 ----a-w- c:\windows\system32\drivers\ssidrv.sys
2011-04-01 21:24:25 -------- dc-h--w- c:\progra~2\{3140EA8C-7399-4EC4-819C-16996F38FCFC}
2011-04-01 21:24:14 -------- d-----w- c:\program files\Webroot
2011-04-01 21:23:39 -------- d-----w- c:\progra~2\Webroot
2011-04-01 21:23:38 -------- d-----w- c:\users\kaos\appdata\local\PackageAware
2011-03-31 23:53:08 -------- d-----w- c:\users\kaos\appdata\roaming\Malwarebytes
2011-03-31 23:53:02 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-31 23:53:02 -------- d-----w- c:\progra~2\Malwarebytes
2011-03-31 23:52:58 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-31 23:52:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-31 23:37:31 46928 ----a-r- c:\windows\system32\AdobePDF.dll
2011-03-31 23:37:31 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2011-03-31 22:22:22 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-03-31 22:20:36 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-31 22:20:36 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-03-30 22:43:03 -------- d-----w- c:\progra~2\isr_startup_backup
2011-03-29 23:32:43 -------- d-----w- c:\program files\Instant Spyware Removal
2011-03-29 23:09:42 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2011-03-29 23:09:42 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-03-29 23:09:42 249616 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-03-29 23:09:42 102184 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2011-03-29 23:09:39 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-03-29 23:09:39 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-03-29 23:09:33 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-03-29 23:09:18 -------- d-----w- c:\users\kaos\appdata\roaming\PC Tools
2011-03-29 23:09:18 -------- d-----w- c:\program files\PC Tools Security
2011-03-29 23:09:18 -------- d-----w- c:\program files\common files\PC Tools
2011-03-29 22:16:52 -------- d-----w- c:\progra~2\PC Tools
2011-03-29 20:34:44 -------- d-----w- c:\progra~2\Kaspersky Lab
2011-03-29 19:26:55 -------- d-----w- c:\users\kaos\appdata\roaming\5013
2011-03-27 18:42:59 -------- d-----w- c:\users\kaos\appdata\roaming\UAs
2011-03-24 23:33:06 236496 ----a-w- c:\users\kaos\appdata\roaming\AcroIEHelpe.dll
2011-03-24 23:33:06 -------- d-----w- c:\users\kaos\appdata\roaming\5012
2011-03-24 23:33:02 112 ----a-w- c:\users\kaos\appdata\roaming\srvblck2.tmp
2011-03-24 23:32:57 -------- d-----w- c:\users\kaos\appdata\roaming\xmldm
2011-03-24 23:32:57 -------- d-----w- c:\users\kaos\appdata\roaming\kock
2011-03-24 21:03:03 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-03-24 21:03:02 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-03-24 21:03:02 728024 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-03-24 21:03:02 1975768 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
2011-03-24 21:03:02 1893336 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll
2011-03-24 21:03:02 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-03-24 21:03:02 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-03-24 21:03:02 142296 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-03-20 11:00:10 -------- d-----w- C:\Hijackthis
2011-03-20 00:52:02 -------- d-----w- c:\progra~2\mAoEoLc12803
2011-03-19 23:07:12 -------- d-----w- c:\users\kaos\appdata\roaming\OfferBox
2011-03-19 23:07:12 -------- d-----w- c:\program files\OfferBox
2011-03-17 21:29:56 117248 --sha-r- c:\windows\system32\raschap4.dll
2011-03-16 21:35:09 -------- d-----w- c:\windows\system32\Wat
2011-03-16 19:59:43 5943120 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{54c7c56a-5671-4979-b1cd-98bd16ff93c4}\mpengine.dll
2011-03-16 19:49:23 -------- d-----w- c:\windows\system32\SPReview
2011-03-16 19:48:05 -------- d-----w- c:\windows\system32\EventProviders
2011-03-16 19:44:47 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-03-16 19:42:59 373248 ----a-w- c:\program files\internet explorer\ieinstal.exe
2011-03-16 19:41:59 859648 ----a-w- c:\windows\system32\OobeFldr.dll
2011-03-16 19:37:05 2330624 ----a-w- c:\windows\system32\win32k.sys
2011-03-16 19:14:00 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-03-16 19:14:00 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-03-16 19:14:00 107520 ----a-w- c:\windows\system32\cdd.dll
2011-03-15 20:53:08 -------- d-----w- c:\program files\WinTV
2011-03-12 17:41:28 38672 ----a-w- c:\windows\system32\pcleUtil.dll
2011-03-12 17:41:27 142337 ----a-w- c:\windows\system32\Wait.exe
2011-03-12 17:40:38 831554 ----a-w- c:\windows\system32\hcwtvwnd.dll
2011-03-12 17:40:38 36921 ----a-w- c:\windows\system32\hcwutl32.dll
2011-03-12 17:40:38 323640 ----a-w- c:\windows\system32\hcwpnp32.dll
2011-03-12 17:40:38 118849 ----a-w- c:\windows\system32\hcwi2c32.dll
2011-03-12 17:38:28 573440 ----a-w- c:\windows\system32\drivers\hcw95bda.sys
2011-03-12 17:38:28 15616 ----a-w- c:\windows\system32\hcw95rc.sys
2011-03-12 17:38:28 15616 ----a-w- c:\windows\system32\drivers\hcw95rc.sys
.
==================== Find3M ====================
.
2011-03-16 21:35:33 409088 ----a-w- c:\windows\system32\systemcpl.dll
2011-03-16 21:35:33 13824 ----a-w- c:\windows\system32\slwga.dll
2011-03-16 21:35:31 811520 ----a-w- c:\windows\system32\user32.dll
2011-03-16 20:22:12 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-02-23 06:27:00 941160 ----a-w- c:\windows\system32\nvdispco322090.dll
2011-02-23 06:27:00 837736 ----a-w- c:\windows\system32\nvgenco322040.dll
2011-02-23 06:27:00 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-02-23 06:27:00 5654120 ----a-w- c:\windows\system32\nvwgf2um.dll
2011-02-23 06:27:00 4942952 ----a-w- c:\windows\system32\nvcuda.dll
2011-02-23 06:27:00 2895976 ----a-w- c:\windows\system32\nvcuvid.dll
2011-02-23 06:27:00 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-02-23 06:27:00 1965672 ----a-w- c:\windows\system32\nvapi.dll
2011-02-23 06:27:00 15047272 ----a-w- c:\windows\system32\nvoglv32.dll
2011-02-23 06:27:00 13011560 ----a-w- c:\windows\system32\nvcompiler.dll
2011-02-23 06:27:00 10079336 ----a-w- c:\windows\system32\nvd3dum.dll
2011-02-19 06:30:54 805376 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 06:30:51 1076736 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 06:30:50 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-02-02 17:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-07 07:46:34 870912 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-07 07:46:34 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-07 07:45:57 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-07 05:43:36 294400 ----a-w- c:\windows\system32\atmfd.dll
2011-01-05 05:55:55 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-01-04 14:24:48 421552 ----a-w- c:\windows\system32\SpoonUninstall.exe
.
============= FINISH: 0:21:43,95 ===============

So, finally got the gmer, I couldn't do it until the end, because it ended up crashing after 4 hours (!), but I made a save the second time after 3 hours.


GMER 1.0.15.15570 - http://www.gmer.net
Rootkit scan 2011-04-02 03:28:29
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 WDC_WD5000AACS-00ZUB0 rev.01.01B01
Running: gmer.exe; Driver: C:\Users\KAOS\AppData\Local\Temp\kxldqpoc.sys


---- System - GMER 1.0.15 ----

SSDT 89C7AD88 ZwAllocateVirtualMemory
SSDT 8A3666C0 ZwCreateProcess
SSDT 85AE9BA8 ZwCreateProcessEx
SSDT 8A3DC468 ZwCreateThread
SSDT 8A33C578 ZwCreateThreadEx
SSDT 8A4466C0 ZwCreateUserProcess
SSDT 8A3CB020 ZwQueueApcThread
SSDT 8A350370 ZwReadVirtualMemory
SSDT 89FD6170 ZwSetContextThread
SSDT 8A3F9818 ZwSetDefaultHardErrorPort
SSDT 8A23B368 ZwSetInformationProcess
SSDT 8A294F18 ZwSetInformationThread
SSDT 8A0FA628 ZwSuspendProcess
SSDT 86126628 ZwSuspendThread
SSDT 8A3E8548 ZwTerminateProcess
SSDT 8A179A20 ZwTerminateThread
SSDT 882CC120 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKey + 13C1 82C8A339 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CC3D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 82CCADE8 4 Bytes [88, AD, C7, 89]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11E3 82CCAED8 8 Bytes [C0, 66, 36, 8A, A8, 9B, AE, ...]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1203 82CCAEF8 8 Bytes [68, C4, 3D, 8A, 78, C5, 33, ...]
.text ntkrnlpa.exe!KeRemoveQueueEx + 121B 82CCAF10 4 Bytes [C0, 66, 44, 8A] {SHL BYTE [ESI+0x44], 0x8a}
.text ntkrnlpa.exe!KeRemoveQueueEx + 14DB 82CCB1D0 4 Bytes JMP 3CB02082
.text ...
? C:\Users\KAOS\AppData\Local\Temp\mbr.sys Le fichier spécifié est introuvable. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[2272] USER32.dll!CreateWindowExW 764A0E51 5 Bytes JMP 6C3A3834 C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2272] USER32.dll!DrawTextExW 764A7BDD 5 Bytes JMP 01E0C8DF
.text C:\Program Files\Internet Explorer\iexplore.exe[2272] USER32.dll!DrawTextW 764A8220 5 Bytes JMP 01E0C71B
.text C:\Program Files\Internet Explorer\iexplore.exe[2272] USER32.dll!SetClipboardData 764B4979 5 Bytes JMP 01E0C392
.text C:\Program Files\Internet Explorer\iexplore.exe[2272] USER32.dll!DrawTextA 764BA482 5 Bytes JMP 01E0C63F
.text C:\Program Files\Internet Explorer\iexplore.exe[2272] USER32.dll!DrawTextExA 764BA4B9 5 Bytes JMP 01E0C7F7
.text C:\Program Files\Internet Explorer\iexplore.exe[2272] USER32.dll!DialogBoxIndirectParamW 764C4AA7 5 Bytes JMP 6C4DDCD8 C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2272] USER32.dll!DialogBoxParamW 764C564A 5 Bytes JMP 01E0B9F5
.text C:\Program Files\Internet Explorer\iexplore.exe[2272] USER32.dll!DialogBoxParamA 764DCF6A 5 Bytes JMP 6C4DDC75 C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2272] USER32.dll!DialogBoxIndirectParamA 764DD29C 5 Bytes JMP 6C4DDD3B C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2272] USER32.dll!MessageBoxIndirectA 764EE8C9 5 Bytes JMP 6C4DDC0A C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2272] USER32.dll!MessageBoxIndirectW 764EE9C3 5 Bytes JMP 6C4DDB9F C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2272] USER32.dll!MessageBoxExA 764EEA29 5 Bytes JMP 6C4DDB3D C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2272] USER32.dll!MessageBoxExW 764EEA4D 5 Bytes JMP 6C4DDADB C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2272] GDI32.dll!ExtTextOutW 77D48192 5 Bytes JMP 01E0CAAC
.text C:\Program Files\Internet Explorer\iexplore.exe[2272] GDI32.dll!GetGlyphIndicesW 77D4B78F 5 Bytes JMP 01E0CF2D
.text C:\Program Files\Internet Explorer\iexplore.exe[2272] GDI32.dll!TextOutW 77D4FDE4 5 Bytes JMP 01E0C572
.text C:\Program Files\Internet Explorer\iexplore.exe[2272] GDI32.dll!ExtTextOutA 77D503F9 5 Bytes JMP 01E0C9C7
.text C:\Program Files\Internet Explorer\iexplore.exe[2272] GDI32.dll!TextOutA 77D5077D 5 Bytes JMP 01E0C4A5
.text C:\Program Files\Internet Explorer\iexplore.exe[2272] GDI32.dll!GetGlyphIndicesA 77D6BB6A 5 Bytes JMP 01E0CE63
.text C:\Program Files\Internet Explorer\iexplore.exe[2272] ws2_32.DLL!closesocket 763D3918 5 Bytes JMP 01E0C304
.text C:\Program Files\Internet Explorer\iexplore.exe[2272] ws2_32.DLL!getaddrinfo 763D4296 5 Bytes JMP 01E0B5B6
.text C:\Program Files\Internet Explorer\iexplore.exe[2272] ws2_32.DLL!WSASend 763D4406 5 Bytes JMP 01E0C13D
.text C:\Program Files\Internet Explorer\iexplore.exe[2272] ws2_32.DLL!GetAddrInfoW 763D4889 5 Bytes JMP 01E0B696
.text C:\Program Files\Internet Explorer\iexplore.exe[2272] ws2_32.DLL!recv 763D6B0E 2 Bytes JMP 01E0C093
.text C:\Program Files\Internet Explorer\iexplore.exe[2272] ws2_32.DLL!recv + 3 763D6B11 2 Bytes [A3, 8B]
.text C:\Program Files\Internet Explorer\iexplore.exe[2272] ws2_32.DLL!send 763D6F01 5 Bytes JMP 01E0BFED
.text C:\Program Files\Internet Explorer\iexplore.exe[2272] ws2_32.DLL!WSARecv 763D7089 5 Bytes JMP 01E0C20E
.text C:\Program Files\Internet Explorer\iexplore.exe[2272] ws2_32.DLL!WSAAsyncGetHostByName 763E726A 5 Bytes JMP 01E0B91A
.text C:\Program Files\Internet Explorer\iexplore.exe[2272] ws2_32.DLL!gethostbyname 763E7673 5 Bytes JMP 01E0B4F9
.text C:\Program Files\Internet Explorer\iexplore.exe[4844] USER32.dll!UnhookWindowsHookEx 7649CC7B 5 Bytes JMP 6C3CD963 C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4844] USER32.dll!CallNextHookEx 7649CC8F 5 Bytes JMP 6C313C96 C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4844] USER32.dll!CreateWindowExW 764A0E51 5 Bytes JMP 6C3A3834 C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4844] USER32.dll!SetWindowsHookExW 764A210A 5 Bytes JMP 6C367DF9 C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4844] USER32.dll!DrawTextExW 764A7BDD 5 Bytes JMP 019DC8DF
.text C:\Program Files\Internet Explorer\iexplore.exe[4844] USER32.dll!DrawTextW 764A8220 5 Bytes JMP 019DC71B
.text C:\Program Files\Internet Explorer\iexplore.exe[4844] USER32.dll!SetClipboardData 764B4979 5 Bytes JMP 019DC392
.text C:\Program Files\Internet Explorer\iexplore.exe[4844] USER32.dll!DrawTextA 764BA482 5 Bytes JMP 019DC63F
.text C:\Program Files\Internet Explorer\iexplore.exe[4844] USER32.dll!DrawTextExA 764BA4B9 5 Bytes JMP 019DC7F7
.text C:\Program Files\Internet Explorer\iexplore.exe[4844] USER32.dll!DialogBoxIndirectParamW 764C4AA7 5 Bytes JMP 6C4DDCD8 C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4844] USER32.dll!DialogBoxParamW 764C564A 5 Bytes JMP 019DB9F5
.text C:\Program Files\Internet Explorer\iexplore.exe[4844] USER32.dll!DialogBoxParamA 764DCF6A 5 Bytes JMP 6C4DDC75 C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4844] USER32.dll!DialogBoxIndirectParamA 764DD29C 5 Bytes JMP 6C4DDD3B C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4844] USER32.dll!MessageBoxIndirectA 764EE8C9 5 Bytes JMP 6C4DDC0A C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4844] USER32.dll!MessageBoxIndirectW 764EE9C3 5 Bytes JMP 6C4DDB9F C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4844] USER32.dll!MessageBoxExA 764EEA29 5 Bytes JMP 6C4DDB3D C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4844] USER32.dll!MessageBoxExW 764EEA4D 5 Bytes JMP 6C4DDADB C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4844] GDI32.dll!ExtTextOutW 77D48192 5 Bytes JMP 019DCAAC
.text C:\Program Files\Internet Explorer\iexplore.exe[4844] GDI32.dll!GetGlyphIndicesW 77D4B78F 5 Bytes JMP 019DCF2D
.text C:\Program Files\Internet Explorer\iexplore.exe[4844] GDI32.dll!TextOutW 77D4FDE4 5 Bytes JMP 019DC572
.text C:\Program Files\Internet Explorer\iexplore.exe[4844] GDI32.dll!ExtTextOutA 77D503F9 5 Bytes JMP 019DC9C7
.text C:\Program Files\Internet Explorer\iexplore.exe[4844] GDI32.dll!TextOutA 77D5077D 5 Bytes JMP 019DC4A5
.text C:\Program Files\Internet Explorer\iexplore.exe[4844] GDI32.dll!GetGlyphIndicesA 77D6BB6A 5 Bytes JMP 019DCE63
.text C:\Program Files\Internet Explorer\iexplore.exe[4844] ole32.dll!OleLoadFromStream 76886143 5 Bytes JMP 6C4DE036 C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4844] ole32.dll!CoCreateInstance 768C9D0B 5 Bytes JMP 6C3A33C2 C:\Windows\system32\IEFRAME.dll (Navigateur Internet/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4844] WS2_32.dll!closesocket 763D3918 5 Bytes JMP 019DC304
.text C:\Program Files\Internet Explorer\iexplore.exe[4844] WS2_32.dll!getaddrinfo 763D4296 5 Bytes JMP 019DB5B6
.text C:\Program Files\Internet Explorer\iexplore.exe[4844] WS2_32.dll!WSASend 763D4406 5 Bytes JMP 019DC13D
.text C:\Program Files\Internet Explorer\iexplore.exe[4844] WS2_32.dll!GetAddrInfoW 763D4889 5 Bytes JMP 019DB696
.text C:\Program Files\Internet Explorer\iexplore.exe[4844] WS2_32.dll!recv 763D6B0E 2 Bytes JMP 019DC093
.text C:\Program Files\Internet Explorer\iexplore.exe[4844] WS2_32.dll!recv + 3 763D6B11 2 Bytes [60, 8B]
.text C:\Program Files\Internet Explorer\iexplore.exe[4844] WS2_32.dll!send 763D6F01 5 Bytes JMP 019DBFED
.text C:\Program Files\Internet Explorer\iexplore.exe[4844] WS2_32.dll!WSARecv 763D7089 5 Bytes JMP 019DC20E
.text C:\Program Files\Internet Explorer\iexplore.exe[4844] WS2_32.dll!WSAAsyncGetHostByName 763E726A 5 Bytes JMP 019DB91A
.text C:\Program Files\Internet Explorer\iexplore.exe[4844] WS2_32.dll!gethostbyname 763E7673 5 Bytes JMP 019DB4F9
.text C:\Program Files\Mozilla Firefox\firefox.exe[4904] ntdll.dll!NtQueryInformationProcess 77BD6048 5 Bytes JMP 02610C82
.text C:\Program Files\Mozilla Firefox\firefox.exe[4904] ntdll.dll!LdrLoadDll 77BF22B8 5 Bytes JMP 01091410 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4904] WS2_32.dll!closesocket 763D3918 5 Bytes JMP 025FC304
.text C:\Program Files\Mozilla Firefox\firefox.exe[4904] WS2_32.dll!getaddrinfo 763D4296 5 Bytes JMP 025FB5B6
.text C:\Program Files\Mozilla Firefox\firefox.exe[4904] WS2_32.dll!WSASend 763D4406 5 Bytes JMP 025FC13D
.text C:\Program Files\Mozilla Firefox\firefox.exe[4904] WS2_32.dll!GetAddrInfoW 763D4889 5 Bytes JMP 025FB696
.text C:\Program Files\Mozilla Firefox\firefox.exe[4904] WS2_32.dll!recv 763D6B0E 2 Bytes JMP 025FC093
.text C:\Program Files\Mozilla Firefox\firefox.exe[4904] WS2_32.dll!recv + 3 763D6B11 2 Bytes [22, 8C]
.text C:\Program Files\Mozilla Firefox\firefox.exe[4904] WS2_32.dll!send 763D6F01 5 Bytes JMP 025FBFED
.text C:\Program Files\Mozilla Firefox\firefox.exe[4904] WS2_32.dll!WSARecv 763D7089 5 Bytes JMP 025FC20E
.text C:\Program Files\Mozilla Firefox\firefox.exe[4904] WS2_32.dll!WSAAsyncGetHostByName 763E726A 5 Bytes JMP 025FB91A
.text C:\Program Files\Mozilla Firefox\firefox.exe[4904] WS2_32.dll!gethostbyname 763E7673 5 Bytes JMP 025FB4F9
.text C:\Program Files\Mozilla Firefox\firefox.exe[4904] USER32.dll!DrawTextExW 764A7BDD 5 Bytes JMP 025FC8DF
.text C:\Program Files\Mozilla Firefox\firefox.exe[4904] USER32.dll!DrawTextW 764A8220 5 Bytes JMP 025FC71B
.text C:\Program Files\Mozilla Firefox\firefox.exe[4904] USER32.dll!SetClipboardData 764B4979 5 Bytes JMP 025FC392
.text C:\Program Files\Mozilla Firefox\firefox.exe[4904] USER32.dll!DrawTextA 764BA482 5 Bytes JMP 025FC63F
.text C:\Program Files\Mozilla Firefox\firefox.exe[4904] USER32.dll!DrawTextExA 764BA4B9 5 Bytes JMP 025FC7F7
.text C:\Program Files\Mozilla Firefox\firefox.exe[4904] USER32.dll!DialogBoxParamW 764C564A 5 Bytes JMP 025FB9F5
.text C:\Program Files\Mozilla Firefox\firefox.exe[4904] GDI32.dll!ExtTextOutW 77D48192 3 Bytes JMP 025FCAAC
.text C:\Program Files\Mozilla Firefox\firefox.exe[4904] GDI32.dll!ExtTextOutW + 4 77D48196 1 Byte [8A]
.text C:\Program Files\Mozilla Firefox\firefox.exe[4904] GDI32.dll!GetGlyphIndicesW 77D4B78F 5 Bytes JMP 025FCF2D
.text C:\Program Files\Mozilla Firefox\firefox.exe[4904] GDI32.dll!TextOutW 77D4FDE4 5 Bytes JMP 025FC572
.text C:\Program Files\Mozilla Firefox\firefox.exe[4904] GDI32.dll!ExtTextOutA 77D503F9 5 Bytes JMP 025FC9C7
.text C:\Program Files\Mozilla Firefox\firefox.exe[4904] GDI32.dll!TextOutA 77D5077D 5 Bytes JMP 025FC4A5
.text C:\Program Files\Mozilla Firefox\firefox.exe[4904] GDI32.dll!GetGlyphIndicesA 77D6BB6A 5 Bytes JMP 025FCE63
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5552] USER32.dll!SetWindowLongA 7649B1E3 5 Bytes JMP 5FBC9777 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5552] USER32.dll!SetWindowLongW 764A6614 5 Bytes JMP 5FBC9709 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5552] USER32.dll!GetWindowInfo 764A6A82 5 Bytes JMP 5F9F7C37 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5552] USER32.dll!TrackPopupMenu 764C4B3B 5 Bytes JMP 5F9F823A C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\0000004e halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Gestionnaire de filtres de système de fichiers Microsoft/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures@{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job.fp 1924080718
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CF406B11-B2F5-4AC6-BA40-7922F258D9EF}
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CF406B11-B2F5-4AC6-BA40-7922F258D9EF}
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CF406B11-B2F5-4AC6-BA40-7922F258D9EF}@Path \{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CF406B11-B2F5-4AC6-BA40-7922F258D9EF}@Hash 0xBB 0xBB 0x97 0xC7 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CF406B11-B2F5-4AC6-BA40-7922F258D9EF}@Triggers 0x15 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CF406B11-B2F5-4AC6-BA40-7922F258D9EF}@DynamicInfo 0x03 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}@Id {CF406B11-B2F5-4AC6-BA40-7922F258D9EF}
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Superfetch@VirtualStoreSize 900

---- Files - GMER 1.0.15 ----

File C:\Users\KAOS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FXXW2NT4\st[7] 4537 bytes
File C:\Users\KAOS\AppData\Local\Temp\~DF9E9C6550FA15CFD8.TMP 0 bytes
File C:\Users\KAOS\AppData\Roaming\Microsoft\Windows\Cookies\kaos@metaffiliation[1].txt 420 bytes
File C:\Users\KAOS\AppData\Roaming\Microsoft\Windows\Cookies\kaos@ad.yieldmanager[2].txt 0 bytes
File C:\Users\KAOS\AppData\Roaming\Microsoft\Windows\Cookies\kaos@adfarm1.adition[1].txt 387 bytes
File C:\Users\KAOS\AppData\Roaming\Microsoft\Windows\Cookies\kaos@adnxs[1].txt 783 bytes
File C:\Users\KAOS\AppData\Roaming\Microsoft\Windows\Cookies\kaos@tracking.quisma[2].txt 258 bytes
File C:\Users\KAOS\AppData\Roaming\Microsoft\Windows\Cookies\kaos@ads.creative-serving[1].txt 588 bytes

EDIT: Posts merged ~BP

Edited by Budapest, 03 April 2011 - 04:14 PM.

BC AdBot (Login to Remove)

 

#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:32 PM

Posted 05 April 2011 - 06:20 PM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days     failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

Rootkit UnHooker (RkU)
Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".



NEXT:



Running OTL

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized


NEXT:


Please provide an update on how things are running in your next reply.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.

#3 nicoladastra

nicoladastra
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
    •  
  • Local time:01:32 AM

Posted 05 April 2011 - 07:23 PM

Thanks a lot for your help, I'll do as you ask! First post: Report from RKUnhookerLE (the 2 other reports will follow shortly!)




RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows 7
Version 6.1.7601 (Service Pack 1)
Number of processors #2
==============================================
>Drivers
==============================================
0x92400000 C:\Windows\system32\DRIVERS\nvlddmkm.sys 10465280 bytes (NVIDIA Corporation, NVIDIA Windows Kernel Mode Driver, Version 267.24 )
0x82C38000 C:\Windows\system32\ntkrnlpa.exe 4268032 bytes (Microsoft Corporation, NT Kernel & System)
0x82C38000 PnpManager 4268032 bytes
0x82C38000 RAW 4268032 bytes
0x82C38000 WMIxWDM 4268032 bytes
0x82540000 Win32k 2412544 bytes
0x82540000 C:\Windows\System32\win32k.sys 2412544 bytes (Microsoft Corporation, Pilote Win32 multi-utilisateurs)
0x93439000 C:\Windows\system32\drivers\P17.sys 1429504 bytes (Creative Technology Ltd., WDM Audio Miniport (Basic) Driver)
0x8C266000 C:\Windows\System32\drivers\tcpip.sys 1351680 bytes (Microsoft Corporation, Pilote TCP/IP)
0x8C030000 C:\Windows\System32\Drivers\Ntfs.sys 1241088 bytes (Microsoft Corporation, Pilote du système de fichiers NT)
0x91C64000 C:\Windows\System32\drivers\dxgkrnl.sys 749568 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8BF46000 C:\Windows\system32\drivers\ndis.sys 749568 bytes (Microsoft Corporation, Pilote NDIS 6.20)
0x8331B000 C:\Windows\system32\CI.dll 700416 bytes (Microsoft Corporation, Module d’intégrité du code)
0x8BE97000 C:\Windows\system32\drivers\pctEFA.sys 675840 bytes (PC Tools, PC Tools Extended File Attributes)
0xA2885000 C:\Windows\system32\drivers\peauth.sys 618496 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x96902000 C:\Windows\system32\drivers\HTTP.sys 544768 bytes (Microsoft Corporation, HTTP Pile du protocole)
0x8323B000 C:\Windows\system32\mcupdate_GenuineIntel.dll 544768 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x8BC15000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Runtime de l’infrastructure de pilotes en mode noyau)
0x91960000 C:\Windows\system32\drivers\csc.sys 409600 bytes (Microsoft Corporation, Windows Client Side Caching Driver)
0x8C19D000 C:\Windows\System32\Drivers\cng.sys 380928 bytes (Microsoft Corporation, Kernel Cryptography, Next Generation)
0x9180C000 C:\Windows\system32\drivers\afd.sys 368640 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x8BE40000 C:\Windows\system32\drivers\pctDS.sys 356352 bytes (PC Tools, PC Tools Data Store)
0xA29A3000 C:\Windows\System32\DRIVERS\srv.sys 331776 bytes (Microsoft Corporation, Server driver)
0x9552A000 C:\Windows\system32\drivers\HdAudio.sys 327680 bytes (Microsoft Corporation, High Definition Audio Function Driver)
0xA2954000 C:\Windows\System32\DRIVERS\srv2.sys 323584 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x82400000 C:\Windows\System32\ATMFD.DLL 315392 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x91DA3000 C:\Windows\system32\DRIVERS\USBPORT.SYS 307200 bytes (Microsoft Corporation, Pilote de port USB 1.1 & 2.0)
0x8BD77000 C:\Windows\System32\drivers\volmgrx.sys 307200 bytes (Microsoft Corporation, Pilote d’extension du gestionnaire de volumes)
0x8BC94000 C:\Windows\system32\drivers\ACPI.sys 294912 bytes (Microsoft Corporation, Pilote ACPI pour NT)
0x954CB000 C:\Windows\system32\drivers\usbhub.sys 278528 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x832D9000 C:\Windows\system32\CLFS.SYS 270336 bytes (Microsoft Corporation, Common Log File System Driver)
0x918FF000 C:\Windows\system32\DRIVERS\rdbss.sys 266240 bytes (Microsoft Corporation, Pilote du sous-système de mise en mémoire tampon de lecteur redirigé)
0x96823000 C:\Windows\system32\DRIVERS\udfs.sys 262144 bytes (Microsoft Corporation, UDF File System Driver)
0x8C430000 C:\Windows\system32\drivers\volsnap.sys 258048 bytes (Microsoft Corporation, Pilote de cliché instantané du volume)
0x8C203000 C:\Windows\system32\drivers\NETIO.SYS 253952 bytes (Microsoft Corporation, Network I/O Subsystem)
0x8BE03000 C:\Windows\system32\drivers\PCTCore.sys 249856 bytes (PC Tools, PC Tools KDS Core Driver)
0xA2806000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 241664 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x91D1B000 C:\Windows\System32\drivers\dxgmms1.sys 233472 bytes (Microsoft Corporation, DirectX Graphics MMS)
0x82C01000 ACPI_HAL 225280 bytes
0x82C01000 C:\Windows\system32\halmacpi.dll 225280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x8BCE5000 C:\Windows\system32\drivers\fltmgr.sys 212992 bytes (Microsoft Corporation, Gestionnaire de filtres de système de fichiers Microsoft)
0x93400000 C:\Windows\system32\drivers\ks.sys 212992 bytes (Microsoft Corporation, Kernel CSA Library)
0x8C4BC000 C:\Windows\System32\DRIVERS\fvevol.sys 204800 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)
0x91866000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8C3B0000 C:\Windows\System32\drivers\fwpkclnt.sys 200704 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x93596000 C:\Windows\system32\drivers\portcls.sys 192512 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x8C477000 C:\Windows\System32\drivers\rdyboost.sys 184320 bytes (Microsoft Corporation, ReadyBoost Driver)
0x8C15F000 C:\Windows\System32\Drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x969D5000 C:\Windows\System32\Drivers\fastfat.SYS 172032 bytes (Microsoft Corporation, Fast FAT File System Driver)
0x8BD2C000 C:\Windows\system32\drivers\pci.sys 172032 bytes (Microsoft Corporation, Énumérateur Plug-and-Play PCI pour NT)
0x833C6000 C:\Windows\system32\drivers\vmbus.sys 172032 bytes (Microsoft Corporation, Virtual Machine Bus)
0x91C0B000 C:\Windows\system32\DRIVERS\avipbb.sys 155648 bytes (Avira GmbH, Avira Driver for Security Enhancement)
0x8C4FF000 C:\Windows\system32\DRIVERS\CLASSPNP.SYS 151552 bytes (Microsoft Corporation, SCSI Class System Dll)
0x8C241000 C:\Windows\System32\Drivers\ksecpkg.sys 151552 bytes (Microsoft Corporation, Kernel Security Support Provider Interface Packages)
0x91D73000 C:\Windows\system32\DRIVERS\Rt86win7.sys 151552 bytes (Realtek Corporation , Realtek 8101E/8168/8169 NDIS 6.20 32-bit Driver )
0x83200000 C:\Windows\system32\drivers\ataport.SYS 143360 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x969B2000 C:\Windows\system32\DRIVERS\mrxsmb.sys 143360 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x9542F000 C:\Windows\system32\DRIVERS\ndiswan.sys 139264 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA2926000 C:\Windows\System32\DRIVERS\srvnet.sys 135168 bytes (Microsoft Corporation, Server Network driver)
0x91C31000 C:\Windows\system32\DRIVERS\tunnel.sys 135168 bytes (Microsoft Corporation, Pilote d’interface de tunnel Microsoft)
0x8C58F000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x8C556000 C:\Windows\system32\drivers\cdrom.sys 126976 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x91D54000 C:\Windows\system32\drivers\HDAudBus.sys 126976 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x918A8000 C:\Windows\system32\DRIVERS\pacer.sys 126976 bytes (Microsoft Corporation, Planificateur de paquets QoS)
0x827D0000 C:\Windows\System32\cdd.dll 122880 bytes (Microsoft Corporation, Canonical Display Driver)
0x968AA000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, Pilote de filtre de virtualisation de fichier LUA)
0xA2841000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 110592 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x968C5000 C:\Windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x96987000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x935C5000 C:\Windows\system32\drivers\drmk.sys 102400 bytes (Microsoft Corporation, Microsoft Trusted Audio Drivers)
0x919C4000 C:\Windows\System32\Drivers\dfsc.sys 98304 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x8C017000 C:\Windows\system32\DRIVERS\rasl2tp.sys 98304 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x95451000 C:\Windows\system32\DRIVERS\raspppoe.sys 98304 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x95469000 C:\Windows\system32\DRIVERS\raspptp.sys 94208 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x95480000 C:\Windows\system32\DRIVERS\rassstp.sys 94208 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x8C400000 C:\Windows\system32\DRIVERS\tdx.sys 94208 bytes (Microsoft Corporation, TDI Translation Driver)
0x9557A000 C:\Windows\system32\drivers\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0x8BDD7000 C:\Windows\System32\drivers\mountmgr.sys 90112 bytes (Microsoft Corporation, Gestionnaire des points de montage)
0x96895000 C:\Windows\system32\DRIVERS\avgntflt.sys 86016 bytes (Avira GmbH, Avira Minifilter Driver)
0x955CF000 C:\Windows\system32\drivers\usbaudio.sys 81920 bytes (Microsoft Corporation, USB Audio Class Driver)
0x9559E000 C:\Windows\system32\drivers\HIDCLASS.SYS 77824 bytes (Microsoft Corporation, Hid Class Library)
0x8C18A000 C:\Windows\System32\Drivers\ksecdd.sys 77824 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x968EF000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x918D5000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x8BDED000 00000077 73728 bytes
0x919EA000 C:\Windows\system32\DRIVERS\AgileVpn.sys 73728 bytes (Microsoft Corporation, RAS Agile Vpn Miniport Call Manager)
0x91C52000 C:\Windows\system32\DRIVERS\intelppm.sys 73728 bytes (Microsoft Corporation, Processor Device Driver)
0x969A0000 C:\Windows\System32\drivers\mpsdrv.sys 73728 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8BDED000 C:\Windows\system32\drivers\winhv.sys 73728 bytes (Microsoft Corporation, Windows Hypervisor Interface Driver)
0xA2874000 C:\Windows\System32\Drivers\adfs.SYS 69632 bytes (Adobe Systems, Inc., Adobe Drive File System Driver)
0x8C4EE000 C:\Windows\system32\DRIVERS\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x96884000 C:\Windows\System32\Drivers\dump_dumpfve.sys 69632 bytes
0x83223000 C:\Windows\system32\drivers\fileinfo.sys 69632 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x95519000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x8BD56000 C:\Windows\System32\drivers\partmgr.sys 69632 bytes (Microsoft Corporation, Partition Management Driver)
0x832C0000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Pilote d’erreurs matérielles spécifiques à une plateforme)
0x918E8000 C:\Windows\system32\drivers\termdd.sys 69632 bytes (Microsoft Corporation, Remote Desktop Server Driver)
0x968DF000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x8C4A4000 C:\Windows\System32\Drivers\mup.sys 65536 bytes (Microsoft Corporation, Multiple UNC Provider Driver)
0x8BD67000 C:\Windows\system32\drivers\volmgr.sys 65536 bytes (Microsoft Corporation, Volume Manager Driver)
0x91DEE000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x919DC000 C:\Windows\system32\DRIVERS\blbdrive.sys 57344 bytes (Microsoft Corporation, BLB Drive Driver)
0x918C7000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8C5E0000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x8BDC9000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x8C000000 C:\Windows\System32\drivers\pcw.sys 57344 bytes (Microsoft Corporation, Performance Counters for Windows Driver)
0x954BD000 C:\Windows\system32\DRIVERS\umbus.sys 57344 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x8BC86000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0x935E9000 C:\Windows\system32\drivers\CompositeBus.sys 53248 bytes (Microsoft Corporation, Multi-Transport Composite Bus Enumerator)
0x96863000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x954A1000 C:\Windows\system32\drivers\kbdclass.sys 53248 bytes (Microsoft Corporation, Pilote de la classe Clavier)
0x954AE000 C:\Windows\system32\drivers\mouclass.sys 53248 bytes (Microsoft Corporation, Pilote de la classe Souris)
0xA2947000 C:\Windows\System32\drivers\tcpipreg.sys 53248 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x8C5B0000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x91954000 C:\Windows\System32\drivers\discache.sys 49152 bytes (Microsoft Corporation, System Indexer/Cache Driver)
0x955C3000 C:\Windows\system32\drivers\kbdhid.sys 49152 bytes (Microsoft Corporation, Pilote de filtre clavier HID)
0x8C417000 C:\Windows\system32\DRIVERS\TDI.SYS 49152 bytes (Microsoft Corporation, TDI Wrapper)
0x8C583000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x96870000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x935DE000 C:\Windows\system32\DRIVERS\fdc.sys 45056 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0x95593000 C:\Windows\system32\drivers\hidusb.sys 45056 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x955ED000 C:\Windows\system32\DRIVERS\monitor.sys 45056 bytes (Microsoft Corporation, Monitor Driver)
0x955B8000 C:\Windows\system32\DRIVERS\mouhid.sys 45056 bytes (Microsoft Corporation, Pilote de filtre souris HID)
0x8C5D5000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x91C00000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x91D98000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x8BD21000 C:\Windows\system32\drivers\vdrvroot.sys 45056 bytes (Microsoft Corporation, Énumérateur racine de lecteur virtuel)
0x955E3000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x9550F000 C:\Windows\system32\DRIVERS\flpydisk.sys 40960 bytes (Microsoft Corporation, Floppy Driver)
0x9194A000 C:\Windows\system32\drivers\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x91940000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x8BF3C000 C:\Windows\System32\Drivers\PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0x95497000 C:\Windows\system32\DRIVERS\rdpbus.sys 40960 bytes (Microsoft Corporation, Microsoft RDP Bus Device driver)
0xA291C000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x8BC09000 C:\Windows\system32\drivers\amdxata.sys 36864 bytes (Advanced Micro Devices, Storage Filter Driver)
0x8BC00000 C:\Windows\system32\drivers\atapi.sys 36864 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x9687B000 C:\Windows\System32\Drivers\dump_atapi.sys 36864 bytes
0x8C00E000 C:\Windows\System32\Drivers\Fs_Rec.sys 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0xA29F4000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x827A0000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8C3E1000 C:\Windows\system32\drivers\vmstorfl.sys 36864 bytes (Microsoft Corporation, Virtual Storage Filter Driver)
0x8BCDC000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x91898000 C:\Windows\system32\drivers\ws2ifsl.sys 36864 bytes (Microsoft Corporation, Couche IFS Winsock2)
0x832D1000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x8C4B4000 C:\Windows\System32\drivers\hwpolicy.sys 32768 bytes (Microsoft Corporation, Hardware Policy Driver)
0x80B9E000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Serial Kernel Debugger)
0x8BD19000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8C5BD000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8C5C5000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Encoder Miniport)
0x8C5CD000 C:\Windows\system32\drivers\rdprefmp.sys 32768 bytes (Microsoft Corporation, RDP Reflector Driver Miniport)
0x8C46F000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x8C57C000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x955B1000 C:\Windows\system32\drivers\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x8BDC2000 C:\Windows\system32\drivers\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0x8C575000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x918A1000 C:\Windows\system32\DRIVERS\wfplwf.sys 28672 bytes (Microsoft Corporation, WFP NDIS 6.20 Lightweight Filter Driver)
0x918F9000 C:\Windows\system32\DRIVERS\ssmdrv.sys 24576 bytes (Avira GmbH, AVIRA SnapShot Driver)
0x92DFB000 C:\Windows\System32\Drivers\nvBridge.kmd 8192 bytes (NVIDIA Corporation, NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 267.24 )
0x954BB000 C:\Windows\system32\drivers\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x95591000 C:\Windows\system32\drivers\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================

#4 nicoladastra

nicoladastra
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
    •  
  • Local time:01:32 AM

Posted 05 April 2011 - 07:25 PM

////////////////// Extra.txt /////////////////


OTL Extras logfile created on: 4/6/2011 2:20:41 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\KAOS\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 65.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 270.44 Gb Total Space | 7.17 Gb Free Space | 2.65% Space Free | Partition Type: NTFS
Drive D: | 195.31 Gb Total Space | 58.17 Gb Free Space | 29.78% Space Free | Partition Type: NTFS

Computer Name: KAOS-PC | User Name: KAOS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- %SystemRoot%\System32\winhlp32.exe %1

[HKEY_USERS\S-1-5-21-3353558458-3503704950-1621384714-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{09F56A49-A7B1-4AAB-95B9-D13094254AD1}" = Windows Live UX Platform Language Pack
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 24
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{36E71ED6-AC20-4AED-8C51-0030EE7FB55B}" = SDLX
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{465B20FE-0674-4399-AA03-98E1FDA47CA9}" = SDL FLEXlm License Server
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4C2CEEBA-A5EB-496E-B24D-C26D93157EB7}" = DSound GT Player Express
"{4C94F105-81D0-4AFC-8F0A-38949DC07F65}" = SYSTRAN
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{511808B1-7114-43C7-8D6F-44FEBD7AC7B2}" = Labtec Keyboard-Desktop Software
"{51AC53CA-6D26-459A-9BDF-53BAEB3E11A3}" = Cubase 5
"{5546F4E9-B0F4-4F54-B949-2AB006C9284F}" = DJ_AIO_06_F2400_SW_Min
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{5C474A83-A45F-470C-9AC8-2BD1C251BF9A}" = Skype™ 4.2
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69C76448-D4B8-4886-A848-61CD4EB4B2C7}" = SDL Trados 2007
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{79A65475-2F7F-491C-BF2F-8D5C0AF0775C}" = DUNGEONS
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7E62742F-1EEF-4532-B7FF-2D58004BDEAE}" = SDL Trados Synergy 2007
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{819CA3BC-2FF8-4811-B42F-421F7BFD3559}" = HP Deskjet F2400 All-in-One Driver 14.0 Rel. 6
"{819E24AA-DB15-4BA8-8D76-92BDF710610B}" = Adobe Setup
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B287B75-DF8D-40C8-9620-8E4492C38EF1}" = Webroot Software
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
"{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{0B9EAEAC-F271-45DC-BDCB-06ABEEF19825}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007
"{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007
"{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F8FDE1A-FA91-43F2-887B-CF080156D57E}" = Adobe Setup
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_920" = Adobe Acrobat 9.2.0 - CPSID_50026
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.1 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA Pilote 3D Vision 260.99
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panneau de configuration NVIDIA 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Pilote graphique 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Logiciel système PhysX 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CE98383B-7BB4-457C-AEAB-D89E9537628F}" = SDLX
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EC68232E-C74E-4F1A-B296-DFD2E1944E10}" = Adobe Setup
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FC053571-8507-44E4-8B6D-AACEAB8CA57C}" = Sansa Media Converter
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE0ED5B9-F79D-45E6-A8EE-F037F60BE8A0}" = M-Audio JamLab Driver 6.0.1 (x86)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_5eba9bbdf1514a06b1a4c79a2920188" = Adobe Media Encoder CS4 Exporter
"Adobe_6e02d32c7e5a9d9fc86bc91618cafda" = Adobe Premiere Pro CS4 Third Party Content
"Adobe_7774cb1e022c49962995a9014500066" = Adobe Media Encoder CS4 Importer
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"ApSIC Xbench" = ApSIC Xbench 2.8
"AudioCS" = Creative Audio-Systemsteuerung
"Avira AntiVir Desktop" = Avira AntiVir Premium
"BitTorrent" = BitTorrent
"CCleaner" = CCleaner
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties" = Eigenschaften von Creative Sound Blaster
"dBpoweramp Monkeys Audio Codec" = dBpoweramp Monkeys Audio Codec
"dBpowerAMP Music Converter" = dBpowerAMP Music Converter
"Dungeon Keeper 2" = Dungeon Keeper 2
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free Video Converter_is1" = Free Video Converter V 2.7
"HijackThis" = HijackThis 2.0.2
"InstallShield_{4C94F105-81D0-4AFC-8F0A-38949DC07F65}" = SYSTRAN
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 4.0 (x86 fr)" = Mozilla Firefox 4.0 (x86 fr)
"Mumble" = Mumble and Murmur
"NetXfer Vista(x86) (Multilingual)_is1" = NetXfer 2.82.450
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch
"RegexBuddy 3" = JGsoft RegexBuddy 3 v.3.2.1
"S4Uninst" = The Settlers IV
"SMAC 2.7" = SMAC 2.7
"Spyware Doctor" = Spyware Doctor 8.0
"StarCraft II" = StarCraft II
"TAV" = TAV
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Voipwise_is1" = Voipwise
"WampServer 2_is1" = WampServer 2.0
"Warcraft III" = Warcraft III
"Webroot Software" = Webroot Software
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"World of Warcraft" = World of Warcraft
"ZoomPlayer" = Zoom Player (remove only)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3353558458-3503704950-1621384714-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"Sansa Updater" = Sansa Updater
"Warcraft III" = Warcraft III: All Products

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >



///////////////////////// OTL.txt ///////////////////////////////////////////////


OTL logfile created on: 4/6/2011 2:20:41 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\KAOS\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 65.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 270.44 Gb Total Space | 7.17 Gb Free Space | 2.65% Space Free | Partition Type: NTFS
Drive D: | 195.31 Gb Total Space | 58.17 Gb Free Space | 29.78% Space Free | Partition Type: NTFS

Computer Name: KAOS-PC | User Name: KAOS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/06 02:19:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\KAOS\Desktop\OTL.exe
PRC - [2011/04/03 17:16:26 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/04/03 17:16:04 | 000,421,032 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2011/04/03 17:16:03 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/04/03 17:16:00 | 000,339,624 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
PRC - [2011/04/03 17:15:59 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/04/03 17:15:58 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/03/18 19:58:47 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/12/21 12:09:52 | 012,900,144 | ---- | M] (Voipwise) -- C:\Program Files\Voipwise.com\Voipwise\Voipwise.exe
PRC - [2010/11/20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 14:17:00 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2010/11/20 14:16:54 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2010/10/16 13:42:12 | 000,792,680 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2010/10/16 12:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009/03/05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Programs\AV\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/11/18 14:15:30 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2007/11/15 17:20:26 | 005,828,608 | ---- | M] () -- C:\Program Files\Translated.net\TAVUtility.exe


========== Modules (SafeList) ==========

MOD - [2011/04/06 02:19:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\KAOS\Desktop\OTL.exe
MOD - [2010/11/20 13:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - File not found [Disabled | Stopped] -- -- (AMService)
SRV - [2011/04/03 17:16:26 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/04/03 17:16:04 | 000,421,032 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2011/04/03 17:16:00 | 000,339,624 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2011/04/03 17:15:59 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/01 23:24:23 | 003,251,928 | ---- | M] (Webroot Software, Inc. ) [Disabled | Stopped] -- C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe -- (WRConsumerService)
SRV - [2011/04/01 02:22:18 | 000,288,112 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2011/03/16 23:35:07 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/11/19 06:57:14 | 001,150,936 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2010/10/16 12:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2010/02/02 14:02:07 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/11/16 22:36:36 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/06/17 11:18:42 | 006,582,912 | ---- | M] () [On_Demand | Stopped] -- c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe -- (wampmysqld)
SRV - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Programs\AV\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/12/10 01:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe -- (wampapache)
SRV - [2008/11/18 14:15:30 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2007/04/23 15:20:02 | 000,011,264 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\SDL International\T2007\TT\Lng\Dialogs1031.lng -- (NewServiceInstall1)
SRV - [2007/02/22 08:04:02 | 001,339,392 | R--- | M] (Macrovision Corporation) [Disabled | Stopped] -- C:\Program Files\SDL International\License Server\lmgrd.exe -- (SDL FLEXlm License Server)


========== Driver Services (SafeList) ==========

DRV - [2011/04/03 17:16:44 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/04/03 17:16:44 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2011/04/03 17:16:43 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/02/23 08:27:00 | 010,468,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/11/25 10:43:00 | 000,239,168 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/11/20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 12:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/07/16 14:59:54 | 000,656,320 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\Windows\system32\drivers\pctEFA.sys -- (pctEFA)
DRV - [2010/07/16 14:59:54 | 000,338,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\pctDS.sys -- (pctDS)
DRV - [2010/03/18 11:02:08 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2010/03/18 11:01:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/10/16 03:11:56 | 001,168,896 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\P17.sys -- (P17)
DRV - [2009/07/06 16:33:40 | 000,015,616 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hcw95rc.sys -- (hcw95rc)
DRV - [2009/07/06 16:30:58 | 000,573,440 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hcw95bda.sys -- (hcw95bda)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3353558458-3503704950-1621384714-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.fr/
IE - HKU\S-1-5-21-3353558458-3503704950-1621384714-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3353558458-3503704950-1621384714-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3353558458-3503704950-1621384714-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 82 9A CB 5A 43 66 CA 01 [binary data]
IE - HKU\S-1-5-21-3353558458-3503704950-1621384714-1001\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3353558458-3503704950-1621384714-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.fr"
FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:4.0.1
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.77
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\{E5886C91-CDD7-4832-B32D-0830705A9C60}: C:\Users\KAOS\AppData\Roaming\5013 [2011/03/29 21:26:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/24 23:03:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/01 00:20:36 | 000,000,000 | ---D | M]

[2010/11/21 17:20:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KAOS\AppData\Roaming\mozilla\Extensions
[2010/11/21 17:20:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KAOS\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2011/03/26 16:37:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KAOS\AppData\Roaming\mozilla\Firefox\Profiles\txexgf62.default\extensions
[2011/03/16 12:19:01 | 000,000,000 | ---D | M] (Fast Video Download (with SearchMenu)) -- C:\Users\KAOS\AppData\Roaming\mozilla\Firefox\Profiles\txexgf62.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
[2011/03/26 16:37:41 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Users\KAOS\AppData\Roaming\mozilla\Firefox\Profiles\txexgf62.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010/05/25 22:16:05 | 000,002,252 | ---- | M] () -- C:\Users\KAOS\AppData\Roaming\Mozilla\Firefox\Profiles\txexgf62.default\searchplugins\askcom.xml
[2010/04/03 19:38:36 | 000,002,055 | ---- | M] () -- C:\Users\KAOS\AppData\Roaming\Mozilla\Firefox\Profiles\txexgf62.default\searchplugins\daemon-search.xml
[2011/04/01 00:20:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/01 00:20:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
[2011/03/29 21:26:56 | 000,000,000 | ---D | M] (Java String Helper) -- C:\USERS\KAOS\APPDATA\ROAMING\5013
[2011/03/18 19:58:47 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/04/01 00:20:27 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/01 10:00:00 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/01/01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2010/01/01 10:00:00 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/01/01 10:00:00 | 000,001,154 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2010/01/01 10:00:00 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/01/01 10:00:00 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2010/07/09 21:54:57 | 000,411,980 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 123haustiereundmehr.com
O1 - Hosts: 14234 more lines...
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programs\AV\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (NXIECatcher Class) - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer\NXIEHelper.dll (Xi)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (NetXfer) - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Xi\NetXfer\NXToolBar.dll (Xi)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-3353558458-3503704950-1621384714-1001\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\S-1-5-21-3353558458-3503704950-1621384714-1001\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [EvtMgr6] File not found
O4 - HKLM..\Run: [WinampAgent] File not found
O4 - HKU\S-1-5-21-3353558458-3503704950-1621384714-1001..\Run: [SpybotSD TeaTimer] C:\Programs\AV\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-3353558458-3503704950-1621384714-1001..\Run: [Tav] C:\Program Files\Translated.net\TAVUtility.exe ()
O4 - HKU\S-1-5-21-3353558458-3503704950-1621384714-1001..\Run: [Voipwise] C:\Program Files\Voipwise.com\Voipwise\Voipwise.exe (Voipwise)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-3353558458-3503704950-1621384714-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3353558458-3503704950-1621384714-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWinKeys = 0
O8 - Extra context menu item: Alles mit NetXfer herunterladen - C:\Program Files\Xi\NetXfer\NXAddList.html ()
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Consulter les dictionnaires (SYSTRAN) - C:\Program Files\SYSTRAN\6\GUIres.dll ()
O8 - Extra context menu item: Herunterladen mit NetXfer - C:\Program Files\Xi\NetXfer\NXAddLink.html ()
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Traduire (SYSTRAN) - C:\Program Files\SYSTRAN\6\GUIres.dll ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programs\AV\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O13 - gopher Prefix: missing
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/fr/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15109/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5e124b7a-0c05-11df-ab26-00c09fbd25de}\Shell - "" = AutoRun
O33 - MountPoints2\{5e124b7a-0c05-11df-ab26-00c09fbd25de}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{5e124b7e-0c05-11df-ab26-00c09fbd25de}\Shell - "" = AutoRun
O33 - MountPoints2\{5e124b7e-0c05-11df-ab26-00c09fbd25de}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{7f332672-fefa-11de-ab9c-00c09fbd25de}\Shell - "" = AutoRun
O33 - MountPoints2\{7f332672-fefa-11de-ab9c-00c09fbd25de}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{7f332682-fefa-11de-ab9c-00c09fbd25de}\Shell - "" = AutoRun
O33 - MountPoints2\{7f332682-fefa-11de-ab9c-00c09fbd25de}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{9b798b97-0281-11df-abd7-00c09fbd25de}\Shell - "" = AutoRun
O33 - MountPoints2\{9b798b97-0281-11df-abd7-00c09fbd25de}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{a2f2bef4-118e-11df-92d3-00c09fbd25de}\Shell - "" = AutoRun
O33 - MountPoints2\{a2f2bef4-118e-11df-92d3-00c09fbd25de}\Shell\AutoRun\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{a2f2bef4-118e-11df-92d3-00c09fbd25de}\Shell\configure\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{a2f2bef4-118e-11df-92d3-00c09fbd25de}\Shell\install\command - "" = F:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/06 02:19:51 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\KAOS\Desktop\OTL.exe
[2011/04/04 23:50:48 | 000,000,000 | ---D | C] -- C:\Users\KAOS\AppData\Roaming\Kalypso Media
[2011/04/04 23:50:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kalypso Media
[2011/04/04 23:43:24 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_43.dll
[2011/04/04 23:43:24 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_43.dll
[2011/04/04 23:43:24 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_7.dll
[2011/04/04 23:43:24 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_43.dll
[2011/04/04 23:43:24 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_7.dll
[2011/04/04 23:43:24 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_5.dll
[2011/04/04 23:43:23 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_43.dll
[2011/04/04 23:43:23 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_6.dll
[2011/04/04 23:43:23 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_43.dll
[2011/04/04 23:43:23 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_6.dll
[2011/04/04 23:43:23 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_4.dll
[2011/04/04 23:43:23 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_7.dll
[2011/04/04 23:43:20 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll
[2011/04/04 23:43:20 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll
[2011/04/04 23:43:20 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll
[2011/04/03 17:26:44 | 000,000,000 | ---D | C] -- C:\Users\KAOS\AppData\Roaming\Avira
[2011/04/03 17:24:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011/04/03 17:23:58 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011/04/03 17:23:57 | 000,137,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011/04/03 17:23:57 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011/04/03 17:23:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011/04/03 17:23:56 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/04/02 00:23:53 | 000,000,000 | ---D | C] -- C:\Users\KAOS\Desktop\KILLVIRUS
[2011/04/01 23:24:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot
[2011/04/01 23:24:25 | 000,000,000 | -H-D | C] -- C:\ProgramData\{3140EA8C-7399-4EC4-819C-16996F38FCFC}
[2011/04/01 23:24:14 | 000,000,000 | ---D | C] -- C:\Program Files\Webroot
[2011/04/01 23:23:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Webroot
[2011/04/01 23:23:38 | 000,000,000 | ---D | C] -- C:\Users\KAOS\AppData\Local\PackageAware
[2011/04/01 01:53:08 | 000,000,000 | ---D | C] -- C:\Users\KAOS\AppData\Roaming\Malwarebytes
[2011/04/01 01:53:02 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/04/01 01:53:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/01 01:53:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/04/01 01:52:58 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/04/01 01:52:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/01 01:51:47 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\KAOS\Desktop\mbam-setup.exe
[2011/04/01 01:37:31 | 000,046,928 | R--- | C] (Adobe Systems Inc) -- C:\Windows\System32\AdobePDF.dll
[2011/04/01 01:37:31 | 000,022,872 | R--- | C] (Adobe Systems Inc.) -- C:\Windows\System32\AdobePDFUI.dll
[2011/04/01 00:22:22 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011/04/01 00:20:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/04/01 00:20:36 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/04/01 00:20:36 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/04/01 00:20:36 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/04/01 00:20:36 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/04/01 00:20:26 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/04/01 00:19:36 | 000,885,024 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\KAOS\Desktop\jxpiinstall.exe
[2011/03/31 00:43:03 | 000,000,000 | ---D | C] -- C:\ProgramData\isr_startup_backup
[2011/03/30 01:32:19 | 002,096,424 | ---- | C] (InstantSpywareRemoval.com, Inc. ) -- C:\Users\KAOS\Desktop\InstantSpywareRemoval_Setup.exe
[2011/03/30 01:09:42 | 000,656,320 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctEFA.sys
[2011/03/30 01:09:42 | 000,338,880 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctDS.sys
[2011/03/30 01:09:42 | 000,249,616 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2011/03/30 01:09:42 | 000,102,184 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2011/03/30 01:09:39 | 000,239,168 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2011/03/30 01:09:39 | 000,160,448 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2011/03/30 01:09:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security
[2011/03/30 01:09:33 | 000,070,536 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2011/03/30 01:09:18 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2011/03/30 01:09:18 | 000,000,000 | ---D | C] -- C:\Users\KAOS\AppData\Roaming\PC Tools
[2011/03/30 01:09:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/03/30 01:08:23 | 000,000,000 | ---D | C] -- C:\Users\KAOS\Desktop\Crack
[2011/03/30 00:19:00 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/03/30 00:16:52 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/03/29 22:34:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/03/29 22:05:59 | 095,870,976 | ---- | C] ( ) -- C:\Users\KAOS\Desktop\setup_9.0.0.722_29.03.2011_22-25.exe
[2011/03/29 21:26:55 | 000,000,000 | ---D | C] -- C:\Users\KAOS\AppData\Roaming\5013
[2011/03/27 21:35:21 | 000,000,000 | ---D | C] -- C:\Users\KAOS\Desktop\Torrent
[2011/03/27 20:42:59 | 000,000,000 | ---D | C] -- C:\Users\KAOS\AppData\Roaming\UAs
[2011/03/25 01:33:06 | 000,236,496 | ---- | C] (Adobe Systems, Incorporated) -- C:\Users\KAOS\AppData\Roaming\AcroIEHelpe.dll
[2011/03/25 01:33:06 | 000,000,000 | ---D | C] -- C:\Users\KAOS\AppData\Roaming\5012
[2011/03/25 01:32:57 | 000,000,000 | ---D | C] -- C:\Users\KAOS\AppData\Roaming\xmldm
[2011/03/25 01:32:57 | 000,000,000 | ---D | C] -- C:\Users\KAOS\AppData\Roaming\kock
[2011/03/20 13:00:10 | 000,000,000 | ---D | C] -- C:\Hijackthis
[2011/03/20 02:52:02 | 000,000,000 | ---D | C] -- C:\ProgramData\mAoEoLc12803
[2011/03/20 01:07:12 | 000,000,000 | ---D | C] -- C:\Users\KAOS\AppData\Roaming\OfferBox
[2011/03/20 01:07:12 | 000,000,000 | ---D | C] -- C:\Program Files\OfferBox
[2011/03/17 01:00:07 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/03/16 23:54:39 | 000,000,000 | ---D | C] -- C:\Users\KAOS\Desktop\AHK
[2011/03/16 23:35:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat
[2011/03/16 23:00:41 | 000,000,000 | ---D | C] -- C:\Users\KAOS\Desktop\Windows.7.Loader.v1.9.6-DAZ
[2011/03/16 21:49:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2011/03/16 21:48:05 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011/03/16 21:44:47 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/03/16 21:43:08 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\LSCSHostPolicy.dll
[2011/03/16 21:43:08 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\TsUsbFlt.sys
[2011/03/16 21:43:08 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
[2011/03/16 21:43:04 | 001,171,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011/03/16 21:43:04 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2011/03/16 21:43:04 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2011/03/16 21:43:03 | 000,915,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorets.dll
[2011/03/16 21:43:03 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tssrvlic.dll
[2011/03/16 21:43:02 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2011/03/16 21:43:01 | 000,327,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2011/03/16 21:43:00 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2011/03/16 21:43:00 | 000,322,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2011/03/16 21:42:58 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizui.dll
[2011/03/16 21:42:57 | 003,966,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/03/16 21:42:57 | 003,207,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011/03/16 21:42:56 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2011/03/16 21:42:56 | 001,334,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2011/03/16 21:42:56 | 000,520,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcupdate_GenuineIntel.dll
[2011/03/16 21:42:55 | 001,698,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\esent.dll
[2011/03/16 21:42:55 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2011/03/16 21:42:55 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2011/03/16 21:42:54 | 003,911,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/03/16 21:42:54 | 001,548,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2011/03/16 21:42:53 | 005,066,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuthFWSnapin.dll
[2011/03/16 21:42:53 | 001,115,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RacEngn.dll
[2011/03/16 21:42:52 | 000,134,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpudd.dll
[2011/03/16 21:42:51 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2011/03/16 21:42:49 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2011/03/16 21:42:49 | 001,828,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d9.dll
[2011/03/16 21:42:49 | 000,505,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2011/03/16 21:42:48 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PushPrinterConnections.exe
[2011/03/16 21:42:47 | 001,038,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2011/03/16 21:42:47 | 000,456,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spinstall.exe
[2011/03/16 21:42:47 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wer.dll
[2011/03/16 21:42:47 | 000,342,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certcli.dll
[2011/03/16 21:42:47 | 000,280,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spreview.exe
[2011/03/16 21:42:46 | 001,371,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dwmcore.dll
[2011/03/16 21:42:46 | 000,863,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diagperf.dll
[2011/03/16 21:42:46 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2011/03/16 21:42:45 | 003,367,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSAT.exe
[2011/03/16 21:42:45 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2011/03/16 21:42:45 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/03/16 21:42:45 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSWorkspace.dll
[2011/03/16 21:42:45 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scavengeui.dll
[2011/03/16 21:42:44 | 000,768,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll
[2011/03/16 21:42:44 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/03/16 21:42:44 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/03/16 21:42:44 | 000,270,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsmf.dll
[2011/03/16 21:42:44 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3api.dll
[2011/03/16 21:42:43 | 002,522,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dbgeng.dll
[2011/03/16 21:42:43 | 000,563,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netlogon.dll
[2011/03/16 21:42:43 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2011/03/16 21:42:42 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2011/03/16 21:42:42 | 000,406,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcfgx.dll
[2011/03/16 21:42:42 | 000,260,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpshell.exe
[2011/03/16 21:42:41 | 001,363,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Query.dll
[2011/03/16 21:42:41 | 000,584,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpprefcl.dll
[2011/03/16 21:42:41 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wbemcomn.dll
[2011/03/16 21:42:41 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll
[2011/03/16 21:42:40 | 002,151,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcndmgr.dll
[2011/03/16 21:42:40 | 000,252,928 | ---- | C] (Microsoft) -- C:\Windows\System32\DShowRdpFilter.dll
[2011/03/16 21:42:40 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\upnp.dll
[2011/03/16 21:42:40 | 000,049,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2011/03/16 21:42:39 | 001,792,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2011/03/16 21:42:39 | 000,974,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppobjs.dll
[2011/03/16 21:42:39 | 000,732,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2fs.dll
[2011/03/16 21:42:39 | 000,341,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2011/03/16 21:42:38 | 001,555,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certmgr.dll
[2011/03/16 21:42:38 | 000,547,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2011/03/16 21:42:38 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcbuilder.exe
[2011/03/16 21:42:37 | 001,712,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2011/03/16 21:42:37 | 000,508,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2011/03/16 21:42:37 | 000,412,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppwinob.dll
[2011/03/16 21:42:37 | 000,323,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvstore.dll
[2011/03/16 21:42:37 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011/03/16 21:42:36 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
[2011/03/16 21:42:36 | 000,206,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\framedynos.dll
[2011/03/16 21:42:35 | 000,551,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\samsrv.dll
[2011/03/16 21:42:35 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll
[2011/03/16 21:42:35 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfds.dll
[2011/03/16 21:42:35 | 000,140,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpendp.dll
[2011/03/16 21:42:34 | 002,414,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2011/03/16 21:42:34 | 001,063,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\werconcpl.dll
[2011/03/16 21:42:34 | 000,762,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\azroles.dll
[2011/03/16 21:42:34 | 000,442,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2011/03/16 21:42:34 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2011/03/16 21:42:34 | 000,240,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2011/03/16 21:42:34 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpclip.exe
[2011/03/16 21:42:34 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncsi.dll
[2011/03/16 21:42:33 | 000,339,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\appmgr.dll
[2011/03/16 21:42:33 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\credui.dll
[2011/03/16 21:42:33 | 000,148,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\storport.sys
[2011/03/16 21:42:32 | 000,854,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dbghelp.dll
[2011/03/16 21:42:32 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2011/03/16 21:42:32 | 000,508,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2011/03/16 21:42:32 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011/03/16 21:42:32 | 000,144,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\basecsp.dll
[2011/03/16 21:42:31 | 000,776,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\calc.exe
[2011/03/16 21:42:31 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\evr.dll
[2011/03/16 21:42:31 | 000,335,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSATAPI.dll
[2011/03/16 21:42:31 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2011/03/16 21:42:31 | 000,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpinit.exe
[2011/03/16 21:42:30 | 002,983,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2011/03/16 21:42:30 | 000,778,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlsrv32.dll
[2011/03/16 21:42:30 | 000,242,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vpnike.dll
[2011/03/16 21:42:29 | 000,477,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lpksetup.exe
[2011/03/16 21:42:29 | 000,380,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sxs.dll
[2011/03/16 21:42:29 | 000,271,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fveapi.dll
[2011/03/16 21:42:29 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/03/16 21:42:29 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tspubwmi.dll
[2011/03/16 21:42:28 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hgprint.dll
[2011/03/16 21:42:28 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetpp.dll
[2011/03/16 21:42:28 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prncache.dll
[2011/03/16 21:42:27 | 000,690,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
[2011/03/16 21:42:27 | 000,458,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2011/03/16 21:42:27 | 000,352,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2011/03/16 21:42:27 | 000,321,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aepdu.dll
[2011/03/16 21:42:27 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\net1.exe
[2011/03/16 21:42:27 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpchttp.dll
[2011/03/16 21:42:27 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aitagent.exe
[2011/03/16 21:42:26 | 001,163,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011/03/16 21:42:26 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scansetting.dll
[2011/03/16 21:42:26 | 000,175,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\vmbus.sys
[2011/03/16 21:42:25 | 002,504,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2011/03/16 21:42:25 | 001,750,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnidui.dll
[2011/03/16 21:42:25 | 000,411,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlangpui.dll
[2011/03/16 21:42:25 | 000,213,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MMDevAPI.dll
[2011/03/16 21:42:25 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QSHVHOST.DLL
[2011/03/16 21:42:25 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2011/03/16 21:42:25 | 000,101,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2011/03/16 21:42:25 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll
[2011/03/16 21:42:24 | 002,146,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SyncCenter.dll
[2011/03/16 21:42:24 | 000,782,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webservices.dll
[2011/03/16 21:42:24 | 000,464,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrptadm.dll
[2011/03/16 21:42:24 | 000,225,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netdiagfx.dll
[2011/03/16 21:42:24 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tscfgwmi.dll
[2011/03/16 21:42:24 | 000,124,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fde.dll
[2011/03/16 21:42:24 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2011/03/16 21:42:23 | 000,907,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdengin2.dll
[2011/03/16 21:42:23 | 000,802,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WFS.exe
[2011/03/16 21:42:23 | 000,560,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2011/03/16 21:42:23 | 000,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vmicsvc.exe
[2011/03/16 21:42:23 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll
[2011/03/16 21:42:23 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbGDCoInstaller.dll
[2011/03/16 21:42:22 | 000,830,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPEG2ENC.DLL
[2011/03/16 21:42:22 | 000,826,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcore.dll
[2011/03/16 21:42:22 | 000,727,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcmde.dll
[2011/03/16 21:42:22 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsta.dll
[2011/03/16 21:42:22 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscobj.dll
[2011/03/16 21:42:22 | 000,134,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSCard.dll
[2011/03/16 21:42:22 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdpvideominiport.sys
[2011/03/16 21:42:21 | 000,630,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DXPTaskRingtone.dll
[2011/03/16 21:42:21 | 000,392,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2.dll
[2011/03/16 21:42:21 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll
[2011/03/16 21:42:21 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2011/03/16 21:42:21 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/03/16 21:42:21 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupcl.exe
[2011/03/16 21:42:21 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2011/03/16 21:42:20 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2011/03/16 21:42:20 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dwmredir.dll
[2011/03/16 21:42:19 | 001,624,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPEncEn.dll
[2011/03/16 21:42:19 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2011/03/16 21:42:19 | 000,658,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autofmt.exe
[2011/03/16 21:42:19 | 000,199,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\onex.dll
[2011/03/16 21:42:19 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vaultsvc.dll
[2011/03/16 21:42:19 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hbaapi.dll
[2011/03/16 21:42:18 | 002,217,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bootres.dll
[2011/03/16 21:42:18 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Narrator.exe
[2011/03/16 21:42:18 | 000,679,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoconv.exe
[2011/03/16 21:42:18 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AudioSes.dll
[2011/03/16 21:42:18 | 000,194,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\halmacpi.dll
[2011/03/16 21:42:18 | 000,194,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hal.dll
[2011/03/16 21:42:18 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msutb.dll
[2011/03/16 21:42:18 | 000,166,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2011/03/16 21:42:18 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IPHLPAPI.DLL
[2011/03/16 21:42:18 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
[2011/03/16 21:42:18 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\proquota.exe
[2011/03/16 21:42:17 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powercpl.dll
[2011/03/16 21:42:17 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsmsnap.dll
[2011/03/16 21:42:17 | 000,303,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msinfo32.exe
[2011/03/16 21:42:17 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll
[2011/03/16 21:42:17 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapphost.dll
[2011/03/16 21:42:17 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\framedyn.dll
[2011/03/16 21:42:17 | 000,181,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2011/03/16 21:42:17 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
[2011/03/16 21:42:17 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\regapi.dll
[2011/03/16 21:42:17 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll
[2011/03/16 21:42:16 | 001,466,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/03/16 21:42:16 | 000,665,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayCpl.dll
[2011/03/16 21:42:16 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2011/03/16 21:42:16 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msihnd.dll
[2011/03/16 21:42:16 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSCOVER.exe
[2011/03/16 21:42:16 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QAGENT.DLL
[2011/03/16 21:42:16 | 000,155,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2011/03/16 21:42:15 | 001,227,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdc.dll
[2011/03/16 21:42:15 | 000,399,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DXP.dll
[2011/03/16 21:42:15 | 000,307,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scesrv.dll
[2011/03/16 21:42:15 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2011/03/16 21:42:15 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netid.dll
[2011/03/16 21:42:14 | 001,326,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanpref.dll
[2011/03/16 21:42:14 | 001,131,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2011/03/16 21:42:14 | 000,933,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Vault.dll
[2011/03/16 21:42:14 | 000,372,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll
[2011/03/16 21:42:14 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\untfs.dll
[2011/03/16 21:42:14 | 000,132,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2011/03/16 21:42:14 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nci.dll
[2011/03/16 21:42:13 | 001,003,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2011/03/16 21:42:13 | 000,187,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2011/03/16 21:42:13 | 000,098,816 | ---- | C] (Microsoft) -- C:\Windows\System32\Robocopy.exe
[2011/03/16 21:42:13 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/03/16 21:42:12 | 001,400,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DxpTaskSync.dll
[2011/03/16 21:42:12 | 001,040,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Display.dll
[2011/03/16 21:42:12 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll
[2011/03/16 21:42:12 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\puiobj.dll
[2011/03/16 21:42:12 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mtxclu.dll
[2011/03/16 21:42:12 | 000,316,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sharemediacpl.dll
[2011/03/16 21:42:12 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2011/03/16 21:42:12 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011/03/16 21:42:11 | 001,188,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DiagCpl.dll
[2011/03/16 21:42:11 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\termmgr.dll
[2011/03/16 21:42:11 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eudcedit.exe
[2011/03/16 21:42:11 | 000,140,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\scsiport.sys
[2011/03/16 21:42:11 | 000,043,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\winhv.sys
[2011/03/16 21:42:10 | 001,066,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtctm.dll
[2011/03/16 21:42:10 | 000,856,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FirewallControlPanel.dll
[2011/03/16 21:42:10 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\biocpl.dll
[2011/03/16 21:42:10 | 000,416,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiadefui.dll
[2011/03/16 21:42:10 | 000,233,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msconfig.exe
[2011/03/16 21:42:10 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppcomapi.dll
[2011/03/16 21:42:10 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasppp.dll
[2011/03/16 21:42:10 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logoncli.dll
[2011/03/16 21:42:10 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shsetup.dll
[2011/03/16 21:42:10 | 000,040,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\vmstorfl.sys
[2011/03/16 21:42:09 | 002,202,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SensorsCpl.dll
[2011/03/16 21:42:09 | 002,157,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\themecpl.dll
[2011/03/16 21:42:09 | 000,766,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpccpl.dll
[2011/03/16 21:42:09 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
[2011/03/16 21:42:09 | 000,028,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\storvsc.sys
[2011/03/16 21:42:08 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoScreensaver.scr
[2011/03/16 21:42:08 | 000,312,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hgcpl.dll
[2011/03/16 21:42:08 | 000,175,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scecli.dll
[2011/03/16 21:42:08 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscmmc.dll
[2011/03/16 21:42:07 | 000,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscms.dll
[2011/03/16 21:42:07 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localsec.dll
[2011/03/16 21:42:07 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2011/03/16 21:42:07 | 000,268,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mprddm.dll
[2011/03/16 21:42:07 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SndVolSSO.dll
[2011/03/16 21:42:07 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011/03/16 21:42:07 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcdsrv.dll
[2011/03/16 21:42:07 | 000,080,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2011/03/16 21:42:07 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasacct.dll
[2011/03/16 21:42:06 | 001,644,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcenter.dll
[2011/03/16 21:42:06 | 000,941,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mblctr.exe
[2011/03/16 21:42:06 | 000,740,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\batmeter.dll
[2011/03/16 21:42:06 | 000,638,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VAN.dll
[2011/03/16 21:42:06 | 000,600,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PerfCenterCPL.dll
[2011/03/16 21:42:06 | 000,600,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usercpl.dll
[2011/03/16 21:42:06 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2011/03/16 21:42:06 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2011/03/16 21:42:06 | 000,410,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanui.dll
[2011/03/16 21:42:06 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SndVol.exe
[2011/03/16 21:42:06 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prntvpt.dll
[2011/03/16 21:42:06 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\w32tm.exe
[2011/03/16 21:42:05 | 003,727,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\accessibilitycpl.dll
[2011/03/16 21:42:05 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizeng.dll
[2011/03/16 21:42:05 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\azroleui.dll
[2011/03/16 21:42:05 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSAC3ENC.DLL
[2011/03/16 21:42:05 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprt.exe
[2011/03/16 21:42:05 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2011/03/16 21:42:05 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdeploy.dll
[2011/03/16 21:42:04 | 002,130,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkmap.dll
[2011/03/16 21:42:04 | 000,516,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\main.cpl
[2011/03/16 21:42:04 | 000,414,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mspbda.dll
[2011/03/16 21:42:04 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll
[2011/03/16 21:42:04 | 000,186,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsldp.dll
[2011/03/16 21:42:04 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netjoin.dll
[2011/03/16 21:42:03 | 000,755,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sud.dll
[2011/03/16 21:42:03 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ActionCenter.dll
[2011/03/16 21:42:03 | 000,395,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prnfldr.dll
[2011/03/16 21:42:03 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wusa.exe
[2011/03/16 21:42:03 | 000,312,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MCEWMDRMNDBootstrap.dll
[2011/03/16 21:42:03 | 000,266,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MediaMetadataHandler.dll
[2011/03/16 21:42:03 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskbarcpl.dll
[2011/03/16 21:42:03 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OnLineIDCpl.dll
[2011/03/16 21:42:02 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysmon.ocx
[2011/03/16 21:42:02 | 000,325,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slui.exe
[2011/03/16 21:42:02 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iprtrmgr.dll
[2011/03/16 21:42:02 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\defaultlocationcpl.dll
[2011/03/16 21:42:02 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrad.dll
[2011/03/16 21:42:02 | 000,137,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\halacpi.dll
[2011/03/16 21:42:02 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll
[2011/03/16 21:42:02 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3cfg.dll
[2011/03/16 21:42:02 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidclass.sys
[2011/03/16 21:42:02 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
[2011/03/16 21:42:02 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ftp.exe
[2011/03/16 21:42:01 | 000,750,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdcpl.dll
[2011/03/16 21:42:01 | 000,692,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthprops.cpl
[2011/03/16 21:42:01 | 000,577,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2011/03/16 21:42:01 | 000,537,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ActionCenterCPL.dll
[2011/03/16 21:42:01 | 000,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shwebsvc.dll
[2011/03/16 21:42:01 | 000,345,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\intl.cpl
[2011/03/16 21:42:01 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcjt32.dll
[2011/03/16 21:42:01 | 000,205,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\efscore.dll
[2011/03/16 21:42:01 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ifsutil.dll
[2011/03/16 21:42:01 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/03/16 21:42:01 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\recovery.dll
[2011/03/16 21:42:01 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/03/16 21:42:01 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sisbkup.dll
[2011/03/16 21:42:00 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2011/03/16 21:42:00 | 000,600,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TabletPC.cpl
[2011/03/16 21:42:00 | 000,484,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DeviceCenter.dll
[2011/03/16 21:42:00 | 000,295,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcdedit.exe
[2011/03/16 21:42:00 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoplay.dll
[2011/03/16 21:42:00 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppnp.dll
[2011/03/16 21:42:00 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntlanman.dll
[2011/03/16 21:42:00 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2011/03/16 21:41:59 | 000,859,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OobeFldr.dll
[2011/03/16 21:41:59 | 000,656,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshwfp.dll
[2011/03/16 21:41:59 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\systemcpl.dll.bak
[2011/03/16 21:41:59 | 000,409,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\systemcpl.dll
[2011/03/16 21:41:59 | 000,297,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.dll
[2011/03/16 21:41:59 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\recdisc.exe
[2011/03/16 21:41:59 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fvecpl.dll
[2011/03/16 21:41:59 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmartcardCredentialProvider.dll
[2011/03/16 21:41:59 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsutil.dll
[2011/03/16 21:41:59 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcdboot.exe
[2011/03/16 21:41:59 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSTPager.ax
[2011/03/16 21:41:59 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpsign.exe
[2011/03/16 21:41:59 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2011/03/16 21:41:58 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\blackbox.dll
[2011/03/16 21:41:58 | 000,473,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\riched20.dll
[2011/03/16 21:41:58 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sethc.exe
[2011/03/16 21:41:58 | 000,262,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe
[2011/03/16 21:41:58 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\activeds.dll
[2011/03/16 21:41:58 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ksproxy.ax
[2011/03/16 21:41:58 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpsrcwp.dll
[2011/03/16 21:41:58 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NAPHLPR.DLL
[2011/03/16 21:41:58 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\migisol.dll
[2011/03/16 21:41:58 | 000,093,696 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\System32\fms.dll
[2011/03/16 21:41:57 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdosys.dll
[2011/03/16 21:41:57 | 000,592,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msftedit.dll
[2011/03/16 21:41:57 | 000,346,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshipsec.dll
[2011/03/16 21:41:57 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpx.dll
[2011/03/16 21:41:57 | 000,254,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsqmcons.exe
[2011/03/16 21:41:57 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayServices.dll
[2011/03/16 21:41:57 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\isoburn.exe
[2011/03/16 21:41:57 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2011/03/16 21:41:57 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2011/03/16 21:41:56 | 000,586,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfrgui.exe
[2011/03/16 21:41:56 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2011/03/16 21:41:56 | 000,333,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3ui.dll
[2011/03/16 21:41:56 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ReAgent.dll
[2011/03/16 21:41:56 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wavemsp.dll
[2011/03/16 21:41:56 | 000,198,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysclass.dll
[2011/03/16 21:41:56 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ocsetup.exe
[2011/03/16 21:41:56 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2011/03/16 21:41:56 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzutil.exe
[2011/03/16 21:41:56 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wtsapi32.dll
[2011/03/16 21:41:55 | 000,444,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wvc.dll
[2011/03/16 21:41:55 | 000,438,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AdmTmpl.dll
[2011/03/16 21:41:55 | 000,406,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wimgapi.dll
[2011/03/16 21:41:55 | 000,281,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unimdm.tsp
[2011/03/16 21:41:55 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PkgMgr.exe
[2011/03/16 21:41:55 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qcap.dll
[2011/03/16 21:41:55 | 000,113,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupugc.exe
[2011/03/16 21:41:55 | 000,051,200 | ---- | C] (Twain Working Group) -- C:\Windows\twain_32.dll
[2011/03/16 21:41:54 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmiEngine.dll
[2011/03/16 21:41:54 | 000,293,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ssText3d.scr
[2011/03/16 21:41:54 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srrstr.dll
[2011/03/16 21:41:54 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qasf.dll
[2011/03/16 21:41:54 | 000,195,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011/03/16 21:41:54 | 000,170,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationSettings.exe
[2011/03/16 21:41:54 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\uxlib.dll
[2011/03/16 21:41:54 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/03/16 21:41:54 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll.bak
[2011/03/16 21:41:54 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
[2011/03/16 21:41:53 | 000,616,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmsdk.dll
[2011/03/16 21:41:53 | 000,230,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\clusapi.dll
[2011/03/16 21:41:53 | 000,211,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingFolder.dll
[2011/03/16 21:41:53 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanconn.dll
[2011/03/16 21:41:53 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2011/03/16 21:41:53 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nslookup.exe
[2011/03/16 21:41:53 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2011/03/16 21:41:53 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011/03/16 21:41:52 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscp.dll
[2011/03/16 21:41:52 | 000,327,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wimserv.exe
[2011/03/16 21:41:52 | 000,318,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll
[2011/03/16 21:41:52 | 000,276,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskraid.exe
[2011/03/16 21:41:52 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2011/03/16 21:41:52 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perfmon.exe
[2011/03/16 21:41:52 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\acppage.dll
[2011/03/16 21:41:51 | 000,402,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmmgrtn.dll
[2011/03/16 21:41:51 | 000,202,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\input.dll
[2011/03/16 21:41:51 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QUTIL.DLL
[2011/03/16 21:41:51 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NAPCRYPT.DLL
[2011/03/16 21:41:50 | 001,111,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\onexui.dll
[2011/03/16 21:41:50 | 000,327,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nltest.exe
[2011/03/16 21:41:50 | 000,292,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsAnytimeUpgradeResults.exe
[2011/03/16 21:41:50 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iTVData.dll
[2011/03/16 21:41:50 | 000,198,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpdwcn.dll
[2011/03/16 21:41:50 | 000,174,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ocsetapi.dll
[2011/03/16 21:41:50 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsbas.dll
[2011/03/16 21:41:50 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll
[2011/03/16 21:41:50 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UserAccountControlSettings.dll
[2011/03/16 21:41:50 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\bfsvc.exe
[2011/03/16 21:41:50 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vpnikeapi.dll
[2011/03/16 21:41:49 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2011/03/16 21:41:49 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011/03/16 21:41:49 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2011/03/16 21:41:49 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011/03/16 21:41:49 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\runonce.exe
[2011/03/16 21:41:49 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll
[2011/03/16 21:41:48 | 000,507,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmdev.dll
[2011/03/16 21:41:48 | 000,489,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2011/03/16 21:41:48 | 000,242,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapp3hst.dll
[2011/03/16 21:41:48 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bitsadmin.exe
[2011/03/16 21:41:48 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFPlay.dll
[2011/03/16 21:41:48 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2011/03/16 21:41:48 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shacct.dll
[2011/03/16 21:41:48 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPUnattend.exe
[2011/03/16 21:41:47 | 001,160,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2011/03/16 21:41:47 | 000,878,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Bubbles.scr
[2011/03/16 21:41:47 | 000,350,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2011/03/16 21:41:47 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlcese30.dll
[2011/03/16 21:41:47 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pdh.dll
[2011/03/16 21:41:47 | 000,183,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceSyncProvider.dll
[2011/03/16 21:41:47 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mprapi.dll
[2011/03/16 21:41:47 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2011/03/16 21:41:47 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kstvtune.ax
[2011/03/16 21:41:47 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logman.exe
[2011/03/16 21:41:47 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tabcal.exe
[2011/03/16 21:41:47 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncryptui.dll
[2011/03/16 21:41:47 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\djoin.exe
[2011/03/16 21:41:47 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unimdmat.dll
[2011/03/16 21:41:47 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpd3d.dll
[2011/03/16 21:41:47 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsium.dll
[2011/03/16 21:41:47 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsmproxy.dll
[2011/03/16 21:41:46 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceStatus.dll
[2011/03/16 21:41:46 | 000,318,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2011/03/16 21:41:46 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mystify.scr
[2011/03/16 21:41:46 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Ribbons.scr
[2011/03/16 21:41:46 | 000,179,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ActionQueue.dll
[2011/03/16 21:41:46 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbctrac.dll
[2011/03/16 21:41:46 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll
[2011/03/16 21:41:46 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powercfg.cpl
[2011/03/16 21:41:46 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MdSched.exe
[2011/03/16 21:41:46 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CscMig.dll
[2011/03/16 21:41:46 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QSVRMGMT.DLL
[2011/03/16 21:41:46 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\olethk32.dll
[2011/03/16 21:41:46 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mapistub.dll
[2011/03/16 21:41:46 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mapi32.dll
[2011/03/16 21:41:46 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
[2011/03/16 21:41:46 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lpremove.exe
[2011/03/16 21:41:46 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanprotdim.dll
[2011/03/16 21:41:46 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2011/03/16 21:41:46 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\utildll.dll
[2011/03/16 21:41:45 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMADMOD.DLL
[2011/03/16 21:41:45 | 000,541,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVSDECD.DLL
[2011/03/16 21:41:45 | 000,436,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmnet.dll
[2011/03/16 21:41:45 | 000,283,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdv.dll
[2011/03/16 21:41:45 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqmapi.dll
[2011/03/16 21:41:45 | 000,153,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VBICodec.ax
[2011/03/16 21:41:45 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorAPI.dll
[2011/03/16 21:41:45 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3msm.dll
[2011/03/16 21:41:45 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiavideo.dll
[2011/03/16 21:41:45 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Kswdmcap.ax
[2011/03/16 21:41:45 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fphc.dll
[2011/03/16 21:41:45 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2011/03/16 21:41:45 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2011/03/16 21:41:45 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\takeown.exe
[2011/03/16 21:41:45 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
[2011/03/16 21:41:44 | 000,739,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2011/03/16 21:41:44 | 000,567,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll
[2011/03/16 21:41:44 | 000,265,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msnetobj.dll
[2011/03/16 21:41:44 | 000,202,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unattend.dll
[2011/03/16 21:41:44 | 000,182,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RelPost.exe
[2011/03/16 21:41:44 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppinst.dll
[2011/03/16 21:41:44 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmstp.exe
[2011/03/16 21:41:44 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QCLIPROV.DLL
[2011/03/16 21:41:44 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MuiUnattend.exe
[2011/03/16 21:41:44 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cca.dll
[2011/03/16 21:41:44 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vfwwdm32.dll
[2011/03/16 21:41:44 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsnmp32.dll
[2011/03/16 21:41:44 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pdhui.dll
[2011/03/16 21:41:44 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qprocess.exe
[2011/03/16 21:41:43 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msorcl32.dll
[2011/03/16 21:41:43 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\desk.cpl
[2011/03/16 21:41:43 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2011/03/16 21:41:43 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupcln.dll
[2011/03/16 21:41:43 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\umb.dll
[2011/03/16 21:41:43 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\basesrv.dll
[2011/03/16 21:41:43 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\relog.exe
[2011/03/16 21:41:43 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PrintIsolationProxy.dll
[2011/03/16 21:41:43 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AzSqlExt.dll
[2011/03/16 21:41:43 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qwinsta.exe
[2011/03/16 21:41:43 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msg.exe
[2011/03/16 21:41:43 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chglogon.exe
[2011/03/16 21:41:42 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\itircl.dll
[2011/03/16 21:41:42 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsicli.exe
[2011/03/16 21:41:42 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskpart.exe
[2011/03/16 21:41:42 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BdeHdCfg.exe
[2011/03/16 21:41:42 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2011/03/16 21:41:42 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2011/03/16 21:41:42 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\resutils.dll
[2011/03/16 21:41:42 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amstream.dll
[2011/03/16 21:41:42 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastapi.dll
[2011/03/16 21:41:42 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spbcd.dll
[2011/03/16 21:41:42 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MultiDigiMon.exe
[2011/03/16 21:41:42 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wkscli.dll
[2011/03/16 21:41:42 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WavDest.dll
[2011/03/16 21:41:42 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe
[2011/03/16 21:41:42 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netbtugc.exe
[2011/03/16 21:41:42 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quser.exe
[2011/03/16 21:41:42 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nrpsrv.dll
[2011/03/16 21:41:41 | 001,027,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10.IME
[2011/03/16 21:41:41 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSTIFF.dll
[2011/03/16 21:41:41 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2011/03/16 21:41:41 | 000,278,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2011/03/16 21:41:41 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpps.dll
[2011/03/16 21:41:41 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappgnui.dll
[2011/03/16 21:41:41 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tlscsp.dll
[2011/03/16 21:41:41 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertPolEng.dll
[2011/03/16 21:41:41 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\findstr.exe
[2011/03/16 21:41:41 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setbcdlocale.dll
[2011/03/16 21:41:41 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ksxbar.ax
[2011/03/16 21:41:41 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2011/03/16 21:41:41 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFaultSecure.exe
[2011/03/16 21:41:41 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tskill.exe
[2011/03/16 21:41:41 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chgport.exe
[2011/03/16 21:41:41 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsdiscon.exe
[2011/03/16 21:41:41 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ReAgentc.exe
[2011/03/16 21:41:41 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tscon.exe
[2011/03/16 21:41:41 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qappsrv.exe
[2011/03/16 21:41:41 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logoff.exe
[2011/03/16 21:41:41 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rwinsta.exe
[2011/03/16 21:41:41 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chgusr.exe
[2011/03/16 21:41:41 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\syssetup.dll
[2011/03/16 21:41:40 | 000,121,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppc.dll
[2011/03/16 21:41:40 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2011/03/16 21:41:40 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cabinet.dll
[2011/03/16 21:41:40 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2011/03/16 21:41:40 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciqtz32.dll
[2011/03/16 21:41:40 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiarpc.dll
[2011/03/16 21:41:40 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prevhost.exe
[2011/03/16 21:41:40 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011/03/16 21:41:40 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdi.sys
[2011/03/16 21:41:40 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shadow.exe
[2011/03/16 21:41:40 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spopk.dll
[2011/03/16 21:41:40 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\muifontsetup.dll
[2011/03/16 21:41:39 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\manage-bde.exe
[2011/03/16 21:41:39 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\repair-bde.exe
[2011/03/16 21:41:39 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vmicres.dll
[2011/03/16 21:41:39 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetmib1.dll
[2011/03/16 21:41:39 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\g711codc.ax
[2011/03/16 21:41:39 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\luainstall.dll
[2011/03/16 21:41:39 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vmstorfltres.dll
[2011/03/16 21:41:39 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unlodctr.exe
[2011/03/16 21:41:39 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbisurf.ax
[2011/03/16 21:41:39 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdiasqmmodule.dll
[2011/03/16 21:41:39 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdmo.dll
[2011/03/16 21:41:39 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbrpm.sys
[2011/03/16 21:41:39 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcfg.exe
[2011/03/16 21:41:39 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HotStartUserAgent.dll
[2011/03/16 21:41:39 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdprefdrvapi.dll
[2011/03/16 21:41:39 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\reset.exe
[2011/03/16 21:41:39 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\change.exe
[2011/03/16 21:41:39 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\query.exe
[2011/03/16 21:41:38 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2011/03/16 21:41:38 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vmbusres.dll
[2011/03/16 21:41:38 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browcli.dll
[2011/03/16 21:41:38 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcconf.dll
[2011/03/16 21:41:38 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll
[2011/03/16 21:41:38 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\profprov.dll
[2011/03/16 21:41:38 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2011/03/16 21:41:38 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perfts.dll
[2011/03/16 21:41:37 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RDPENCDD.dll
[2011/03/16 21:41:37 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSMON.dll
[2011/03/16 21:41:37 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\elsTrans.dll
[2011/03/16 21:41:37 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TRAPI.dll
[2011/03/16 21:41:37 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icaapi.dll
[2011/03/16 21:41:37 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/03/16 21:41:36 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\napdsnap.dll
[2011/03/16 21:41:36 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsauth.dll
[2011/03/16 21:41:36 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bitsperf.dll
[2011/03/16 21:41:36 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schedcli.dll
[2011/03/16 21:41:35 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imkr80.ime
[2011/03/16 21:41:35 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2011/03/16 21:41:35 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsdchngr.dll
[2011/03/16 21:41:35 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shgina.dll
[2011/03/16 21:41:35 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sscore.dll
[2011/03/16 21:41:35 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\riched32.dll
[2011/03/16 21:41:34 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\VMBusHID.sys
[2011/03/16 21:41:34 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcfgex.dll
[2011/03/16 21:41:33 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/03/16 21:41:33 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshirda.dll
[2011/03/16 21:41:32 | 000,116,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VmbusCoinstaller.dll
[2011/03/16 21:41:32 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VmdCoinstall.dll
[2011/03/16 21:41:32 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IcCoinstall.dll
[2011/03/16 21:41:32 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vmictimeprovider.dll
[2011/03/16 21:41:32 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RDPREFDD.dll
[2011/03/16 21:41:32 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD2.sys
[2011/03/16 21:41:32 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD.sys
[2011/03/16 21:41:32 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vmbuspipe.dll
[2011/03/16 21:41:32 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\C_ISCII.DLL
[2011/03/16 21:41:32 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2011/03/16 21:41:31 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2011/03/16 21:41:31 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shunimpl.dll
[2011/03/16 21:41:31 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2011/03/16 21:41:31 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2011/03/16 21:41:30 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlsbres.dll
[2011/03/16 21:41:30 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BlbEvents.dll
[2011/03/16 21:41:30 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pifmgr.dll
[2011/03/16 21:41:30 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizres.dll
[2011/03/16 21:41:30 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDSG.DLL
[2011/03/16 21:41:30 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kbdlk41a.dll
[2011/03/16 21:41:30 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDCZ1.DLL
[2011/03/16 21:41:30 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDTUQ.DLL
[2011/03/16 21:41:30 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDTUF.DLL
[2011/03/16 21:41:30 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDSF.DLL
[2011/03/16 21:41:30 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDPO.DLL
[2011/03/16 21:41:30 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDNEPR.DLL
[2011/03/16 21:41:30 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINBEN.DLL
[2011/03/16 21:41:30 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDGR1.DLL
[2011/03/16 21:41:30 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDGKL.DLL
[2011/03/16 21:41:30 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDUS.DLL
[2011/03/16 21:41:30 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDUGHR1.DLL
[2011/03/16 21:41:30 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDTURME.DLL
[2011/03/16 21:41:30 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDTAJIK.DLL
[2011/03/16 21:41:30 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDMON.DLL
[2011/03/16 21:41:30 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDMAORI.DLL
[2011/03/16 21:41:30 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDLT1.DLL
[2011/03/16 21:41:30 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINTEL.DLL
[2011/03/16 21:41:30 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINTAM.DLL
[2011/03/16 21:41:30 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINORI.DLL
[2011/03/16 21:41:30 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINMAR.DLL
[2011/03/16 21:41:30 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINKAN.DLL
[2011/03/16 21:41:30 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINHIN.DLL
[2011/03/16 21:41:30 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDBULG.DLL
[2011/03/16 21:41:30 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDBLR.DLL
[2011/03/16 21:41:30 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDBASH.DLL
[2011/03/16 21:41:30 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\vms3cap.sys
[2011/03/16 21:41:30 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDGEO.DLL
[2011/03/16 21:41:30 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnaddr.dll
[2011/03/16 21:41:30 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/03/16 21:41:11 | 000,266,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lzhfldr2.dll
[2011/03/16 21:41:04 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdscore.dll
[2011/03/16 21:37:05 | 002,330,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/03/16 21:36:32 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011/03/16 21:36:32 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll
[2011/03/16 21:36:32 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/03/16 21:36:31 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011/03/16 21:36:29 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/03/16 21:36:29 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/03/16 21:36:25 | 001,076,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011/03/16 21:36:25 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011/03/16 21:36:23 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/03/16 21:36:22 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/03/16 21:36:21 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/03/16 21:36:21 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2011/03/16 21:36:21 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/03/16 21:14:00 | 000,219,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2011/03/16 21:14:00 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011/03/15 22:53:08 | 000,000,000 | ---D | C] -- C:\Program Files\WinTV
[2011/03/12 19:41:28 | 000,038,672 | ---- | C] (PCTV Systems S.à r.l.) -- C:\Windows\System32\pcleUtil.dll
[2011/03/12 19:40:38 | 000,831,554 | ---- | C] (Hauppauge Computer Works) -- C:\Windows\System32\hcwtvwnd.dll
[2011/03/12 19:40:38 | 000,323,640 | ---- | C] (Hauppauge Computer Works) -- C:\Windows\System32\hcwpnp32.dll
[2011/03/12 19:40:38 | 000,118,849 | ---- | C] (Hauppauge Computer Works, Inc.) -- C:\Windows\System32\hcwi2c32.dll
[2011/03/12 19:40:38 | 000,036,921 | ---- | C] (Hauppauge Computer Works) -- C:\Windows\System32\hcwutl32.dll
[2011/03/12 19:38:28 | 000,573,440 | ---- | C] (Hauppauge Computer Works, Inc.) -- C:\Windows\System32\drivers\hcw95bda.sys
[2011/03/12 19:38:28 | 000,015,616 | ---- | C] (Hauppauge Computer Works, Inc.) -- C:\Windows\System32\hcw95rc.sys
[2011/03/12 19:38:28 | 000,015,616 | ---- | C] (Hauppauge Computer Works, Inc.) -- C:\Windows\System32\drivers\hcw95rc.sys
[2011/03/11 09:56:06 | 000,000,000 | ---D | C] -- C:\Users\KAOS\Desktop\Borat[2006]DvDrip.AC3[Eng]-aXXo
[2011/03/10 12:27:50 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\KAOS\Desktop\TDSSKiller.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\KAOS\AppData\Roaming\*.tmp files -> C:\Users\KAOS\AppData\Roaming\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/06 02:23:06 | 000,000,244 | -H-- | M] () -- C:\Windows\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011/04/06 02:19:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\KAOS\Desktop\OTL.exe
[2011/04/06 00:15:08 | 000,000,304 | -HS- | M] () -- C:\Windows\tasks\CKZZCMI.job
[2011/04/06 00:14:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/06 00:14:41 | 2615,812,096 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/04 09:17:38 | 000,706,988 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2011/04/04 09:17:38 | 000,665,140 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011/04/04 09:17:38 | 000,627,482 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/04/04 09:17:38 | 000,395,690 | ---- | M] () -- C:\Windows\System32\perfh011.dat
[2011/04/04 09:17:38 | 000,135,648 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2011/04/04 09:17:38 | 000,111,060 | ---- | M] () -- C:\Windows\System32\perfc011.dat
[2011/04/04 09:17:38 | 000,111,060 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/04/04 09:17:38 | 000,004,018 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011/04/04 01:30:03 | 000,016,384 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/04 01:30:03 | 000,016,384 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/03 17:24:11 | 000,001,976 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011/04/03 17:16:44 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011/04/03 17:16:44 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011/04/03 17:16:43 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011/04/03 16:52:39 | 000,825,040 | ---- | M] () -- C:\Users\KAOS\Desktop\avira_antivir_premium.exe
[2011/04/02 00:19:39 | 000,000,000 | ---- | M] () -- C:\Users\KAOS\defogger_reenable
[2011/04/02 00:18:59 | 000,050,477 | ---- | M] () -- C:\Users\KAOS\Desktop\Defogger.exe
[2011/04/01 01:53:02 | 000,001,055 | ---- | M] () -- C:\Users\KAOS\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/04/01 01:53:02 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/01 01:51:52 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\KAOS\Desktop\mbam-setup.exe
[2011/04/01 00:24:28 | 002,060,902 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2011/04/01 00:20:27 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/04/01 00:20:27 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/04/01 00:20:27 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/04/01 00:20:27 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/04/01 00:19:46 | 000,885,024 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\KAOS\Desktop\jxpiinstall.exe
[2011/03/30 01:33:09 | 000,000,042 | ---- | M] () -- C:\Windows\System32\scud.udf
[2011/03/30 01:32:24 | 002,096,424 | ---- | M] (InstantSpywareRemoval.com, Inc. ) -- C:\Users\KAOS\Desktop\InstantSpywareRemoval_Setup.exe
[2011/03/30 01:09:38 | 000,001,970 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2011/03/30 01:08:25 | 065,317,960 | ---- | M] (PC Tools ) -- C:\Users\KAOS\Desktop\sdsetup_dl.exe
[2011/03/30 00:16:48 | 000,512,992 | ---- | M] () -- C:\Users\KAOS\Desktop\sdsetup_revwire207.exe
[2011/03/29 22:30:17 | 001,377,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\KAOS\Desktop\TDSSKiller.exe
[2011/03/29 22:06:32 | 095,870,976 | ---- | M] ( ) -- C:\Users\KAOS\Desktop\setup_9.0.0.722_29.03.2011_22-25.exe
[2011/03/29 22:05:15 | 000,000,245 | RHS- | M] () -- C:\boot.ini
[2011/03/28 23:28:39 | 162,615,296 | ---- | M] () -- C:\Users\KAOS\Desktop\[SJSUBS] BLEACH - 311 [480p].mp4
[2011/03/26 15:29:05 | 000,079,616 | ---- | M] () -- C:\Windows\War3Unin.dat
[2011/03/25 01:33:06 | 000,236,496 | ---- | M] (Adobe Systems, Incorporated) -- C:\Users\KAOS\AppData\Roaming\AcroIEHelpe.dll
[2011/03/24 23:03:35 | 000,001,998 | ---- | M] () -- C:\Users\KAOS\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/03/24 23:03:04 | 000,001,056 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/03/23 23:45:52 | 000,000,311 | ---- | M] () -- C:\cdanslair_20110323.wmv
[2011/03/23 20:08:40 | 453,062,042 | ---- | M] () -- C:\cdanslair_20110323(1).wmv
[2011/03/17 23:29:56 | 000,117,248 | RHS- | M] () -- C:\Windows\System32\raschap4.dll
[2011/03/17 00:00:31 | 000,001,269 | ---- | M] () -- C:\Users\KAOS\Documents\AutoHotkey.ahk
[2011/03/16 23:35:33 | 000,409,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\systemcpl.dll
[2011/03/16 23:35:33 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
[2011/03/16 23:13:49 | 000,000,020 | RHS- | M] () -- C:\win7.ld
[2011/03/16 23:13:48 | 000,283,672 | RHS- | M] () -- C:\FRHMT
[2011/03/16 22:29:54 | 005,229,472 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/03/16 22:22:12 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msclmd.dll
[2011/03/15 23:15:39 | 000,007,281 | ---- | M] () -- C:\Windows\HCWPNP.INI
[2011/03/15 22:53:26 | 000,000,209 | ---- | M] () -- C:\Windows\ODBCINST.INI
[2011/03/15 22:53:26 | 000,000,135 | ---- | M] () -- C:\Windows\ODBC.INI
[2011/03/15 22:53:08 | 000,037,513 | ---- | M] () -- C:\Windows\Irremote.ini
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\KAOS\AppData\Roaming\*.tmp files -> C:\Users\KAOS\AppData\Roaming\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/03 17:24:11 | 000,001,976 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011/04/03 16:52:38 | 000,825,040 | ---- | C] () -- C:\Users\KAOS\Desktop\avira_antivir_premium.exe
[2011/04/02 00:19:39 | 000,000,000 | ---- | C] () -- C:\Users\KAOS\defogger_reenable
[2011/04/02 00:18:59 | 000,050,477 | ---- | C] () -- C:\Users\KAOS\Desktop\Defogger.exe
[2011/04/02 00:14:02 | 000,000,244 | -H-- | C] () -- C:\Windows\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011/04/01 01:53:02 | 000,001,055 | ---- | C] () -- C:\Users\KAOS\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/04/01 01:53:02 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/30 01:33:09 | 000,000,042 | ---- | C] () -- C:\Windows\System32\scud.udf
[2011/03/30 01:09:38 | 000,001,970 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2011/03/30 00:23:09 | 002,060,902 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2011/03/30 00:16:37 | 000,512,992 | ---- | C] () -- C:\Users\KAOS\Desktop\sdsetup_revwire207.exe
[2011/03/28 23:25:00 | 162,615,296 | ---- | C] () -- C:\Users\KAOS\Desktop\[SJSUBS] BLEACH - 311 [480p].mp4
[2011/03/24 23:03:04 | 000,001,068 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/03/24 23:03:04 | 000,001,056 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/03/23 23:45:53 | 453,062,042 | ---- | C] () -- C:\cdanslair_20110323(1).wmv
[2011/03/23 23:45:52 | 000,000,311 | ---- | C] () -- C:\cdanslair_20110323.wmv
[2011/03/17 23:29:56 | 000,117,248 | RHS- | C] () -- C:\Windows\System32\raschap4.dll
[2011/03/17 23:29:56 | 000,000,304 | -HS- | C] () -- C:\Windows\tasks\CKZZCMI.job
[2011/03/16 23:55:03 | 000,001,269 | ---- | C] () -- C:\Users\KAOS\Documents\AutoHotkey.ahk
[2011/03/16 23:13:49 | 000,000,020 | RHS- | C] () -- C:\win7.ld
[2011/03/16 23:13:48 | 000,283,672 | RHS- | C] () -- C:\FRHMT
[2011/03/16 21:43:03 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/03/16 21:42:52 | 000,146,852 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2011/03/16 21:41:41 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/03/16 21:41:37 | 000,010,429 | ---- | C] () -- C:\Windows\System32\ScavengeSpace.xml
[2011/03/16 21:41:29 | 000,105,559 | ---- | C] () -- C:\Windows\System32\RacRules.xml
[2011/03/15 22:53:08 | 000,037,513 | ---- | C] () -- C:\Windows\Irremote.ini
[2011/03/15 22:47:24 | 000,007,281 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2011/03/12 19:41:41 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011/03/12 19:41:41 | 000,000,135 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/03/12 19:41:27 | 000,142,337 | ---- | C] () -- C:\Windows\System32\Wait.exe
[2011/01/04 16:22:55 | 000,003,143 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp Monkeys Audio Codec.dat
[2010/10/23 23:53:58 | 000,146,815 | ---- | C] () -- C:\Windows\hpoins44.dat
[2010/10/23 23:53:58 | 000,000,512 | ---- | C] () -- C:\Windows\hpomdl44.dat
[2010/10/23 19:08:13 | 000,146,681 | ---- | C] () -- C:\Windows\hpoins44.dat.temp
[2010/10/23 19:08:13 | 000,000,512 | ---- | C] () -- C:\Windows\hpomdl44.dat.temp
[2010/10/14 23:47:54 | 000,001,162 | ---- | C] () -- C:\Windows\CDPlayer.ini
[2010/10/14 23:42:09 | 000,017,872 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpowerAMP Music Converter.dat
[2010/10/14 23:06:15 | 000,421,552 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe
[2010/10/11 00:22:18 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/08/05 00:29:05 | 000,000,092 | ---- | C] () -- C:\Users\KAOS\AppData\Local\fusioncache.dat
[2010/08/05 00:25:45 | 000,878,080 | ---- | C] () -- C:\Windows\System32\iconv.dll
[2010/08/05 00:25:45 | 000,721,920 | ---- | C] () -- C:\Windows\System32\libxml2.dll
[2010/08/05 00:25:45 | 000,150,016 | ---- | C] () -- C:\Windows\System32\libxslt.dll
[2010/08/05 00:25:45 | 000,051,200 | ---- | C] () -- C:\Windows\System32\libexslt.dll
[2010/07/09 22:41:56 | 000,000,036 | ---- | C] () -- C:\Users\KAOS\AppData\Local\housecall.guid.cache
[2010/06/30 00:41:17 | 000,036,352 | ---- | C] () -- C:\Windows\System32\SX32W.DLL
[2010/03/27 02:40:20 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/02/05 15:08:16 | 000,395,690 | ---- | C] () -- C:\Windows\System32\perfh011.dat
[2010/02/05 15:08:16 | 000,141,988 | ---- | C] () -- C:\Windows\System32\perfi011.dat
[2010/02/05 15:08:16 | 000,111,060 | ---- | C] () -- C:\Windows\System32\perfc011.dat
[2010/02/05 15:08:16 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd011.dat
[2009/12/22 23:32:24 | 000,079,616 | ---- | C] () -- C:\Windows\War3Unin.dat
[2009/11/21 18:10:46 | 000,706,988 | ---- | C] () -- C:\Windows\System32\perfh00C.dat
[2009/11/21 18:10:46 | 000,344,522 | ---- | C] () -- C:\Windows\System32\perfi00C.dat
[2009/11/21 18:10:46 | 000,135,648 | ---- | C] () -- C:\Windows\System32\perfc00C.dat
[2009/11/21 18:10:46 | 000,038,160 | ---- | C] () -- C:\Windows\System32\perfd00C.dat
[2009/11/16 23:09:09 | 000,665,140 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009/11/16 23:09:09 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009/11/16 23:09:09 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009/11/16 23:09:09 | 000,004,018 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009/11/16 02:03:50 | 000,166,912 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2009/11/16 02:03:50 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2009/10/28 14:29:40 | 000,000,940 | ---- | C] () -- C:\Windows\bdoscandellang.ini
[2009/10/16 07:50:54 | 000,003,930 | ---- | C] () -- C:\Windows\System32\ludap17.ini
[2009/07/14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 06:33:53 | 005,229,472 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 04:05:48 | 000,627,482 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 04:05:48 | 000,111,060 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/01/05 14:44:10 | 000,053,248 | ---- | C] () -- C:\Windows\bdoscandel.exe
[2008/12/09 17:23:13 | 000,047,336 | RHS- | C] () -- C:\Users\KAOS\AppData\Roaming\appconf32.exe
[2008/11/13 07:07:24 | 000,002,177 | ---- | C] () -- C:\Windows\P17EP.ini
[2007/12/04 06:20:30 | 000,001,489 | ---- | C] () -- C:\Windows\P17EP51.ini
[2007/06/07 06:25:42 | 000,001,578 | ---- | C] () -- C:\Windows\P17EPLS.ini
[2005/03/08 07:17:00 | 000,000,054 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 225 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

#5 nicoladastra

nicoladastra
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
    •  
  • Local time:01:32 AM

Posted 05 April 2011 - 07:28 PM

So, I added the logs that you requested. Things aren't improving at the moment, but are not getting worse either... (not that I know at least)

I still have the goingonearth virus / rootkit thing, my system is being constantly corrupted but AntiVir blocks most of the attempt as it seems...

#6 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:32 PM

Posted 05 April 2011 - 07:35 PM

Hi,

I am looking through your OTL log now.

Do this:

Disable SpyBot TeaTimer
We need to disable Spybot S&D's "TeaTimer"
TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.
  • Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  • If prompted with a legal dialog, accept the warning.
  • Click Posted Image and then on "Advanced Mode"
    Posted Image
  • You may be presented with a warning dialog. If so, press Posted Image
  • Click on Posted Image
  • Click on Posted Image
  • Uncheck this checkbox:
    Posted Image
  • Close/Exit Spybot Search and Destroy


NEXT:


GooredFix
Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.

#7 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:32 PM

Posted 05 April 2011 - 07:47 PM

Hi,

What's this folder on your desktop?

C:\Users\KAOS\Desktop\Windows.7.Loader.v1.9.6-DAZ

Do you recognize these files?

[2011/03/16 23:13:49 | 000,000,020 | RHS- | M] () -- C:\win7.ld
[2011/03/16 23:13:48 | 000,283,672 | RHS- | M] () -- C:\FRHMT


Please download ZipIt from here:
Download Link
  • Double-click ZipIt! to run it. (Windows Vista & 7 users need to right click and Run as Administrator)
  • Then copy the content of the following codebox into the textfield:

    ::bleeping::72
C:\Users\KAOS\AppData\Roaming\5012
  • Then, just click the Zip button.
  • When finished, and if successful, a new file will have been created on your Desktop. You will be notified of what the file name is when the process has been completed.

OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :Services
:OTL
SRV - File not found [On_Demand | Stopped] -- -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - File not found [Disabled | Stopped] -- -- (AMService)
IE - HKU\S-1-5-21-3353558458-3503704950-1621384714-1001\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
FF - HKLM\software\mozilla\Firefox\Extensions\\{E5886C91-CDD7-4832-B32D-0830705A9C60}: C:\Users\KAOS\AppData\Roaming\5013 [2011/03/29 21:26:56 | 000,000,000 | ---D | M]
O3 - HKU\S-1-5-21-3353558458-3503704950-1621384714-1001\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [EvtMgr6] File not found
O4 - HKLM..\Run: [WinampAgent] File not found
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O33 - MountPoints2\{5e124b7a-0c05-11df-ab26-00c09fbd25de}\Shell - "" = AutoRun
O33 - MountPoints2\{5e124b7a-0c05-11df-ab26-00c09fbd25de}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{5e124b7e-0c05-11df-ab26-00c09fbd25de}\Shell - "" = AutoRun
O33 - MountPoints2\{5e124b7e-0c05-11df-ab26-00c09fbd25de}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{7f332672-fefa-11de-ab9c-00c09fbd25de}\Shell - "" = AutoRun
O33 - MountPoints2\{7f332672-fefa-11de-ab9c-00c09fbd25de}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{7f332682-fefa-11de-ab9c-00c09fbd25de}\Shell - "" = AutoRun
O33 - MountPoints2\{7f332682-fefa-11de-ab9c-00c09fbd25de}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{9b798b97-0281-11df-abd7-00c09fbd25de}\Shell - "" = AutoRun
O33 - MountPoints2\{9b798b97-0281-11df-abd7-00c09fbd25de}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{a2f2bef4-118e-11df-92d3-00c09fbd25de}\Shell - "" = AutoRun
O33 - MountPoints2\{a2f2bef4-118e-11df-92d3-00c09fbd25de}\Shell\AutoRun\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{a2f2bef4-118e-11df-92d3-00c09fbd25de}\Shell\configure\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{a2f2bef4-118e-11df-92d3-00c09fbd25de}\Shell\install\command - "" = F:\SETUP.EXE
[2011/04/01 23:24:25 | 000,000,000 | -H-D | C] -- C:\ProgramData\{3140EA8C-7399-4EC4-819C-16996F38FCFC}
[2011/03/25 01:33:06 | 000,000,000 | ---D | C] -- C:\Users\KAOS\AppData\Roaming\5012
[2011/03/25 01:32:57 | 000,000,000 | ---D | C] -- C:\Users\KAOS\AppData\Roaming\xmldm
[2011/03/25 01:32:57 | 000,000,000 | ---D | C] -- C:\Users\KAOS\AppData\Roaming\kock
[2011/03/20 02:52:02 | 000,000,000 | ---D | C] -- C:\ProgramData\mAoEoLc12803
[2011/03/20 01:07:12 | 000,000,000 | ---D | C] -- C:\Users\KAOS\AppData\Roaming\OfferBox
[2011/03/20 01:07:12 | 000,000,000 | ---D | C] -- C:\Program Files\OfferBox
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\KAOS\AppData\Roaming\*.tmp files -> C:\Users\KAOS\AppData\Roaming\*.tmp -> ]
[2011/04/06 02:23:06 | 000,000,244 | -H-- | M] () -- C:\Windows\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011/04/06 00:15:08 | 000,000,304 | -HS- | M] () -- C:\Windows\tasks\CKZZCMI.job
[2011/03/17 23:29:56 | 000,117,248 | RHS- | M] () -- C:\Windows\System32\raschap4.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\KAOS\AppData\Roaming\*.tmp files -> C:\Users\KAOS\AppData\Roaming\*.tmp -> ]
[2011/04/02 00:14:02 | 000,000,244 | -H-- | C] () -- C:\Windows\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011/03/17 23:29:56 | 000,117,248 | RHS- | C] () -- C:\Windows\System32\raschap4.dll
[2011/03/17 23:29:56 | 000,000,304 | -HS- | C] () -- C:\Windows\tasks\CKZZCMI.job

:Reg

:Files
C:\Users\KAOS\AppData\Roaming\5012
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[CreateRestorePoint]
[emptytemp]
[EMPTYFLASH]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.

#8 nicoladastra

nicoladastra
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
    •  
  • Local time:01:32 AM

Posted 05 April 2011 - 08:02 PM

I disabled TeaTimer

The GooredFix logs:


GooredFix by jpshortstuff (04.04.11.1)
Log created at 03:01 on 06/04/2011 (KAOS)
Firefox version 4.0 (fr)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [21:03 24/03/2011]
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [22:20 31/03/2011]

C:\Users\KAOS\Application Data\Mozilla\Firefox\Profiles\txexgf62.default\extensions\
{c50ca3c4-5656-43c2-a061-13e717f73fc8} [10:19 16/03/2011]
{e001c731-5e37-4538-a5cb-8168736a2360} [14:37 26/03/2011]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{E5886C91-CDD7-4832-B32D-0830705A9C60}"="C:\Users\KAOS\AppData\Roaming\5013" [19:26 29/03/2011]

---------- Old Logs ----------
GooredFix[01.00.14_06-04-2011].txt

-=E.O.F=-

#9 nicoladastra

nicoladastra
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
    •  
  • Local time:01:32 AM

Posted 05 April 2011 - 08:04 PM

/////
What's this folder on your desktop?

C:\Users\KAOS\Desktop\Windows.7.Loader.v1.9.6-DAZ
////

-> Sorry, I have been using this loader, because I don't have a genuine Win 7 version...


////
Do you recognize these files?

[2011/03/16 23:13:49 | 000,000,020 | RHS- | M] () -- C:\win7.ld
[2011/03/16 23:13:48 | 000,283,672 | RHS- | M] () -- C:\FRHMT
////

-> I don't know these files...



* I have been using ZipIt as requested.


* Here are the OTL logs after reboot:


All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Error: No service named rpcapd) Remote Packet Capture Protocol v.0 (experimental was found to stop!
Service\Driver key rpcapd) Remote Packet Capture Protocol v.0 (experimental not found.
Service AMService stopped successfully!
Service AMService deleted successfully!
Registry value HKEY_USERS\S-1-5-21-3353558458-3503704950-1621384714-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{472734EA-242A-422b-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422b-ADF8-83D1E48CC825}\ not found.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{E5886C91-CDD7-4832-B32D-0830705A9C60} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E5886C91-CDD7-4832-B32D-0830705A9C60}\ not found.
C:\Users\KAOS\AppData\Roaming\5013\components folder moved successfully.
C:\Users\KAOS\AppData\Roaming\5013 folder moved successfully.
Registry value HKEY_USERS\S-1-5-21-3353558458-3503704950-1621384714-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\EvtMgr6 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\WinampAgent deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5e124b7a-0c05-11df-ab26-00c09fbd25de}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5e124b7a-0c05-11df-ab26-00c09fbd25de}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5e124b7a-0c05-11df-ab26-00c09fbd25de}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5e124b7a-0c05-11df-ab26-00c09fbd25de}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5e124b7e-0c05-11df-ab26-00c09fbd25de}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5e124b7e-0c05-11df-ab26-00c09fbd25de}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5e124b7e-0c05-11df-ab26-00c09fbd25de}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5e124b7e-0c05-11df-ab26-00c09fbd25de}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7f332672-fefa-11de-ab9c-00c09fbd25de}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7f332672-fefa-11de-ab9c-00c09fbd25de}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7f332672-fefa-11de-ab9c-00c09fbd25de}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7f332672-fefa-11de-ab9c-00c09fbd25de}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7f332682-fefa-11de-ab9c-00c09fbd25de}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7f332682-fefa-11de-ab9c-00c09fbd25de}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7f332682-fefa-11de-ab9c-00c09fbd25de}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7f332682-fefa-11de-ab9c-00c09fbd25de}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9b798b97-0281-11df-abd7-00c09fbd25de}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9b798b97-0281-11df-abd7-00c09fbd25de}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9b798b97-0281-11df-abd7-00c09fbd25de}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9b798b97-0281-11df-abd7-00c09fbd25de}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a2f2bef4-118e-11df-92d3-00c09fbd25de}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a2f2bef4-118e-11df-92d3-00c09fbd25de}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a2f2bef4-118e-11df-92d3-00c09fbd25de}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a2f2bef4-118e-11df-92d3-00c09fbd25de}\ not found.
File F:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a2f2bef4-118e-11df-92d3-00c09fbd25de}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a2f2bef4-118e-11df-92d3-00c09fbd25de}\ not found.
File F:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a2f2bef4-118e-11df-92d3-00c09fbd25de}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a2f2bef4-118e-11df-92d3-00c09fbd25de}\ not found.
File F:\SETUP.EXE not found.
C:\ProgramData\{3140EA8C-7399-4EC4-819C-16996F38FCFC}\OFFLINE\mIDEFunc.dll folder moved successfully.
C:\ProgramData\{3140EA8C-7399-4EC4-819C-16996F38FCFC}\OFFLINE\E97AD801\DE0A17F3 folder moved successfully.
C:\ProgramData\{3140EA8C-7399-4EC4-819C-16996F38FCFC}\OFFLINE\E97AD801 folder moved successfully.
C:\ProgramData\{3140EA8C-7399-4EC4-819C-16996F38FCFC}\OFFLINE\BBB548A0\DE0A17F3 folder moved successfully.
C:\ProgramData\{3140EA8C-7399-4EC4-819C-16996F38FCFC}\OFFLINE\BBB548A0 folder moved successfully.
C:\ProgramData\{3140EA8C-7399-4EC4-819C-16996F38FCFC}\OFFLINE folder moved successfully.
C:\ProgramData\{3140EA8C-7399-4EC4-819C-16996F38FCFC} folder moved successfully.
C:\Users\KAOS\AppData\Roaming\5012\components folder moved successfully.
C:\Users\KAOS\AppData\Roaming\5012 folder moved successfully.
C:\Users\KAOS\AppData\Roaming\xmldm folder moved successfully.
C:\Users\KAOS\AppData\Roaming\kock folder moved successfully.
Folder C:\ProgramData\mAoEoLc12803\ not found.
C:\Users\KAOS\AppData\Roaming\OfferBox folder moved successfully.
C:\Program Files\OfferBox\offerboxffx@offerbox.com\components folder moved successfully.
C:\Program Files\OfferBox\offerboxffx@offerbox.com folder moved successfully.
C:\Program Files\OfferBox folder moved successfully.
C:\Windows\msdownld.tmp folder deleted successfully.
C:\Users\KAOS\AppData\Roaming\srvblck2.tmp deleted successfully.
C:\Windows\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job moved successfully.
File move failed. C:\Windows\Tasks\CKZZCMI.job scheduled to be moved on reboot.
File move failed. C:\Windows\System32\raschap4.dll scheduled to be moved on reboot.
File C:\Windows\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job not found.
File move failed. C:\Windows\System32\raschap4.dll scheduled to be moved on reboot.
File move failed. C:\Windows\Tasks\CKZZCMI.job scheduled to be moved on reboot.
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\Users\KAOS\AppData\Roaming\5012 not found.
< ipconfig /flushdns /c >
Configuration IP de Windows
Cache de r‚solution DNS vid‚.
C:\Users\KAOS\Desktop\cmd.bat deleted successfully.
C:\Users\KAOS\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully


[EMPTYTEMP]

User: Administrator

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: KAOS
->Temp folder emptied: 169109177 bytes
->Temporary Internet Files folder emptied: 30090715 bytes
->Java cache emptied: 86323 bytes
->FireFox cache emptied: 53551412 bytes
->Flash cache emptied: 50736766 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 337641 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 2923265499 bytes

Total Files Cleaned = 3,078.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default

User: Default User

User: KAOS
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 04062011_030907

Files\Folders moved on Reboot...
File move failed. C:\Windows\Tasks\CKZZCMI.job scheduled to be moved on reboot.
File move failed. C:\Windows\System32\raschap4.dll scheduled to be moved on reboot.

Registry entries deleted on Reboot...














//////////////////


Malware Byte logs(one item found and deleted)



Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Version de la base de données: 6282

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

06.04.2011 03:21:16
mbam-log-2011-04-06 (03-21-16).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 181644
Temps écoulé: 5 minute(s), 26 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Q8PS7ZCLN6 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

Edited by nicoladastra, 05 April 2011 - 08:25 PM.

#10 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:32 PM

Posted 06 April 2011 - 08:37 AM

-> Sorry, I have been using this loader, because I don't have a genuine Win 7 version...

This is a problem for me. Why don't you have a legal version of Windows 7?

I have a feeling that these two files:

[2011/03/16 23:13:49 | 000,000,020 | RHS- | M] () -- C:\win7.ld
[2011/03/16 23:13:48 | 000,283,672 | RHS- | M] () -- C:\FRHMT

are related to the loader that you used to get Windows 7 on there.

Many of the tools we use can detect cracks and keygens, and they will be removed which can cause a whole bunch of issues. I recall not finding out about a version of Windows that was not genuine until I removed a couple of malicious files that were installed with the loader, and it caused the users machine to not boot.

I'd highly suggest you purchase a legal version of Windows, and if not then install a free operating system like Linux.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.

#11 nicoladastra

nicoladastra
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
    •  
  • Local time:01:32 AM

Posted 06 April 2011 - 09:09 AM

I understand, but I can also get rid of the loader if you want... I just don't want to reinstall the whole system :(

But I understand if you don't want to help because of the fact that I don't have a legal version...

#12 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:32 PM

Posted 06 April 2011 - 09:13 AM

It's my personal policy to not assist users who do not have a legal version of there operating system.

I can check to see if one of my colleagues would be willing to continue assisting you with cleaning up your computer?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.

#13 nicoladastra

nicoladastra
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
    •  
  • Local time:01:32 AM

Posted 06 April 2011 - 09:14 AM

This would be great!

#14 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:32 PM

Posted 07 April 2011 - 02:45 PM

nicoladastra,

I've had a chance to look into finding someone else to assist you with this issue, but I'm afraid I have not found anyone to continue assisting you.

Many helpers will not assist users who have obtained their version of Windows illegally.

My suggestion to you is to purchase a legal version of Windows or switch to a operating system that is free. An example is Ubuntu.

Once you've obtained a legal version of Windows you can create another thread and continue to receive assistance removing the malware from your computer. Until then I'm afraid we can't be of much assistance to you.

This thread is now closed.

Kindest Regards,
SweetTech.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.

Back to Virus, Trojan, Spyware, and Malware Removal Logs


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Logs
  4. Privacy Policy
  5. Rules ·