Jump to content

MBAM Setup Not Running


wykdtron
 Share

Recommended Posts

I have appeared to recently become infected with one or more of the following: Antivirus/AntiSpyware/Internet Security 2010

I downloaded mbam-setup.exe on a clean laptop, placed on flash drive and copied to desktop of infected machine.

Upon running it, i get the message "The setup files are corrupted. Please obtain a new copy of the program" I have tried renaming the exe to just setup, my name, and random characters, keeping the exe extension. Same message.

Anti Virus Software I have is Avira Free version.

Here is a HJT Log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:52:39 AM, on 12/14/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

D:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

D:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\ASUS\Six Engine\SixEngine.exe

D:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\rundll32.exe

D:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\winupdate86.exe

C:\Program Files\InternetSecurity2010\IS2010.exe

D:\Program Files\Mozilla Firefox\firefox.exe

D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\winlogon86.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [six Engine] "C:\Program Files\ASUS\Six Engine\SixEngine.exe" -r

O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [notepad] rundll32.exe C:\WINDOWS\system32\notepad.dll,_IWMPEvents@0

O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [winupdate86.exe] C:\WINDOWS\system32\winupdate86.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [richtx64.exe] C:\DOCUME~1\Jory\LOCALS~1\Temp\richtx64.exe

O4 - HKCU\..\Run: [notepad] rundll32.exe C:\DOCUME~1\LOCALS~1\ntload.dll,_IWMPEvents@0

O4 - HKCU\..\Run: [internet Security 2010] C:\Program Files\InternetSecurity2010\IS2010.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1258603477046

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--

End of file - 4372 bytes

Thanks so much for any help or input!

Link to post
Share on other sites

Hi,

Please download exeHelper to your desktop.

Double-click on exeHelper.com to run the fix.

A black window should pop up, press any key to close once the fix is completed.

Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)

Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scan box paste this in

    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %SYSTEMDRIVE%\*.exe
    %systemroot%\*. /mp /s
    c:\$recycle.bin\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    explorer.exe
    svchost.exe
    userinit.exe
    qmgr.dll
    ws2_32.dll
    proquota.exe
    imm32.dll
    kernel32.dll
    ndis.sys
    autochk.exe
    spoolsv.exe
    xmlprov.dll
    ntmssvc.dll
    mswsock.dll
    Beep.SYS
    ntfs.sys
    termsrv.dll
    sfcfiles.dll
    st3shark.sys
    ahcix86.sys
    srsvc.dll
    /md5stop

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

Please download GMER from one of the following locations and save it to your desktop:

  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
    gmer_zip.gif
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.

-- If you encounter any problems, try running GMER in Safe Mode.

Link to post
Share on other sites

Thank You,

Here are my log files:

=====EXEHELPER======

exeHelper by Raktor

Build 20091204

Run at 08:17:04 on 12/14/09

Now searching...

Checking for numerical processes...

Checking for sysguard processes...

Checking for bad processes...

Killed process winupdate86.exe

Checking for bad files...

Deleting file C:\WINDOWS\system32\41.exe

Deleting file C:\WINDOWS\system32\critical_warning.html

Deleting file C:\WINDOWS\system32\winupdate86.exe

Deleting file C:\Documents and Settings\Jory\Start Menu\Programs\Startup\scandisk.dll

Deleting file C:\Documents and Settings\Jory\Start Menu\Programs\Startup\scandisk.lnk

Checking for bad registry entries...

Removing HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winupdate86.exe

Resetting filetype association for .exe

Resetting filetype association for .com

Resetting userinit and shell values...

Resetting policies...

--Finished--

=========OTL=========

Thank You,

Here are my log files:

=====EXEHELPER======

exeHelper by Raktor

Build 20091204

Run at 08:17:04 on 12/14/09

Now searching...

Checking for numerical processes...

Checking for sysguard processes...

Checking for bad processes...

Killed process winupdate86.exe

Checking for bad files...

Deleting file C:\WINDOWS\system32\41.exe

Deleting file C:\WINDOWS\system32\critical_warning.html

Deleting file C:\WINDOWS\system32\winupdate86.exe

Deleting file C:\Documents and Settings\Jory\Start Menu\Programs\Startup\scandisk.dll

Deleting file C:\Documents and Settings\Jory\Start Menu\Programs\Startup\scandisk.lnk

Checking for bad registry entries...

Removing HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winupdate86.exe

Resetting filetype association for .exe

Resetting filetype association for .com

Resetting userinit and shell values...

Resetting policies...

--Finished--

=====OTL=====

OTL logfile created on: 12/14/2009 8:21:08 AM - Run 1

OTL by OldTimer - Version 3.1.17.0 Folder = C:\Documents and Settings\Jory\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.54 Gb Available Physical Memory | 77.27% Memory free

3.85 Gb Paging File | 3.50 Gb Available in Paging File | 90.89% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 48.83 Gb Total Space | 40.65 Gb Free Space | 83.26% Space Free | Partition Type: NTFS

Drive D: | 249.25 Gb Total Space | 130.82 Gb Free Space | 52.48% Space Free | Partition Type: NTFS

Unable to calculate disk information.

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: BLUE

Current User Name: Jory

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Jory\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\InternetSecurity2010\IS2010.exe (Internet Security 2010)

PRC - D:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)

PRC - D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)

PRC - D:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - D:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - D:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)

PRC - C:\Program Files\ASUS\Six Engine\SixEngine.exe ()

PRC - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)

PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)

PRC - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE (Software 2000 Limited)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Jory\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\system32\notepad.dll (Microsoft)

MOD - C:\WINDOWS\system32\lz32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (MSDTC) -- C:\WINDOWS\system32\msdtc [2009/11/18 20:20:56 | 00,000,000 | ---D | M]

SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)

SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (AntiVirService) -- D:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (AntiVirSchedulerService) -- D:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)

========== Driver Services (SafeList) ==========

DRV - (nv) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)

DRV - (avgntflt) -- C:\WINDOWS\System32\DRIVERS\avgntflt.sys (Avira GmbH)

DRV - (GEARAspiWDM) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)

DRV - (ssmdrv) -- C:\WINDOWS\System32\DRIVERS\ssmdrv.sys (Avira GmbH)

DRV - (avipbb) -- C:\WINDOWS\System32\DRIVERS\avipbb.sys (Avira GmbH)

DRV - (avgio) -- D:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)

DRV - (L1e) -- C:\WINDOWS\System32\DRIVERS\l1e51x86.sys (Atheros Communications, Inc.)

DRV - (mv61xx) -- C:\WINDOWS\system32\DRIVERS\mv61xx.sys (Marvell Semiconductor, Inc.)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (Secdrv) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)

DRV - (HDAudBus) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)

DRV - (AsIO) -- C:\WINDOWS\System32\drivers\AsIO.sys ()

DRV - (MTsensor) -- C:\WINDOWS\System32\DRIVERS\ASACPI.sys ()

DRV - (Ptilink) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http:/google.com"

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2009/11/19 21:47:45 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2009/12/05 01:13:49 | 00,000,000 | ---D | M]

[2009/11/18 21:12:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jory\Application Data\Mozilla\Extensions

[2009/12/05 01:13:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jory\Application Data\Mozilla\Firefox\Profiles\tmkreyls.default\extensions

O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [avgnt] D:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [iTunesHelper] D:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

O4 - HKLM..\Run: [notepad] C:\WINDOWS\System32\notepad.DLL (Microsoft)

O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe File not found

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)

O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [six Engine] C:\Program Files\ASUS\Six Engine\SixEngine.exe ()

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKCU..\Run: [internet Security 2010] C:\Program Files\InternetSecurity2010\IS2010.exe (Internet Security 2010)

O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe File not found

O4 - HKCU..\Run: [notepad] C:\Documents and Settings\LocalService\ntload.dll (Microsoft)

O4 - HKCU..\Run: [richtx64.exe] C:\DOCUME~1\Jory\LOCALS~1\Temp\richtx64.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1258603477046 (WUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/11/18 20:23:38 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - comfile [open] -- "%1" %*

O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found

NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/11/18 13:06:31 | 00,000,000 | ---D | M]

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4

ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe

ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf

ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()

Link to post
Share on other sites

=======MORE OTL=========

========== Files/Folders - Created Within 30 Days ==========

[2009/12/14 08:18:36 | 00,538,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jory\Desktop\OTL.exe

[2009/12/14 00:28:33 | 00,000,000 | ---D | C] -- C:\Program Files\InternetSecurity2010

[2009/12/13 23:51:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe

[2009/12/13 23:46:18 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys

[2009/12/13 23:46:18 | 00,055,656 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys

[2009/12/13 23:46:18 | 00,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys

[2009/12/13 23:46:18 | 00,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys

[2009/12/13 23:46:17 | 00,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys

[2009/12/13 23:46:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira

[2009/12/13 23:42:37 | 00,000,000 | ---D | C] -- C:\Program Files\AntiMalware

[2009/12/13 23:31:40 | 04,844,296 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jory\Desktop\hmm.exe

[2009/12/13 21:23:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jory\Local Settings\Application Data\Identities

[2009/12/11 22:24:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles

[2009/12/11 20:32:41 | 00,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll

[2009/12/11 12:39:48 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Jory\Recent

[2009/12/04 23:44:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun

[2009/12/04 16:57:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jory\Local Settings\Application Data\Adobe

[2009/12/04 16:56:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe

[2009/12/04 16:56:39 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe

[2009/12/04 16:56:39 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe

[2009/12/02 09:05:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt

[2009/12/02 07:24:33 | 00,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll

[2009/12/02 07:24:33 | 00,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui

[2009/12/01 23:55:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jory\Tracing

[2009/12/01 23:54:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft

[2009/12/01 23:52:31 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live

[2009/11/30 00:43:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jory\Application Data\IObit

[2009/11/28 21:41:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jory\Application Data\Ventrilo

[2009/11/27 16:26:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jory\Application Data\WinRAR

[2009/11/21 18:36:19 | 00,000,000 | ---D | C] -- C:\Program Files\Avago-HP

[2009/11/21 18:36:12 | 00,252,928 | ---- | C] (Software 2000 Limited) -- C:\WINDOWS\System32\HP1006LM.DLL

[2009/11/21 18:34:28 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbprint.sys

[2009/11/21 09:56:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jory\Application Data\Move Networks

[2009/11/20 20:17:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jory\Local Settings\Application Data\Blizzard Entertainment

[2009/11/20 20:17:17 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment

[2009/11/20 20:11:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jory\Application Data\Acreon

[2009/11/20 20:11:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jory\Local Settings\Application Data\._Revolution_

[2009/11/20 20:10:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Blizzard

[2009/11/20 14:33:38 | 00,000,000 | ---D | C] -- C:\Work

[2009/11/20 10:38:52 | 00,512,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jscript.dll

[2009/11/20 00:38:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jory\Application Data\vlc

[2009/11/19 22:31:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jory\Application Data\uTorrent

[2009/11/19 22:20:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Last.fm

[2009/11/19 21:57:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jory\Local Settings\Application Data\Last.fm

[2009/11/19 21:48:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jory\Application Data\Apple Computer

[2009/11/19 21:48:13 | 00,107,368 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll

[2009/11/19 21:48:13 | 00,026,600 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\drivers\GEARAspiWDM.sys

[2009/11/19 21:47:57 | 00,000,000 | ---D | C] -- C:\Program Files\iPod

[2009/11/19 21:47:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2009/11/19 21:47:48 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour

[2009/11/19 21:47:33 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime

[2009/11/19 21:47:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer

[2009/11/19 21:47:29 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update

[2009/11/19 21:47:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jory\Local Settings\Application Data\Apple

[2009/11/19 21:47:00 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple

[2009/11/19 21:47:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple

[2009/11/19 21:46:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jory\Local Settings\Application Data\Apple Computer

[2009/11/19 21:45:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft

[2009/11/19 21:44:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch

[2009/11/19 20:51:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting

[2009/11/19 20:51:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas

[2009/11/19 20:51:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us

[2009/11/19 20:51:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en

[2009/11/19 20:51:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits

[2009/11/19 20:49:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic

[2009/11/19 20:47:45 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$

[2009/11/19 16:19:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jory\Local Settings\Application Data\Bomgar

[2009/11/19 14:14:29 | 00,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll

[2009/11/19 14:14:29 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll

[2009/11/19 00:47:31 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles

[2009/11/18 23:08:26 | 00,025,471 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv10nt.sys

[2009/11/18 23:08:26 | 00,022,271 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv06nt.sys

[2009/11/18 23:08:26 | 00,011,935 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv11nt.sys

[2009/11/18 23:08:26 | 00,011,871 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv09nt.sys

[2009/11/18 23:08:26 | 00,011,807 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv07nt.sys

[2009/11/18 23:08:26 | 00,011,295 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv08nt.sys

[2009/11/18 23:08:25 | 00,404,990 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slntamr.sys

[2009/11/18 23:08:25 | 00,166,912 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\drivers\s3gnbm.sys

[2009/11/18 23:08:25 | 00,129,535 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnt7554.sys

[2009/11/18 23:08:25 | 00,095,424 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnthal.sys

[2009/11/18 23:08:25 | 00,013,776 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\recagent.sys

[2009/11/18 23:08:25 | 00,013,240 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slwdmsup.sys

[2009/11/18 23:08:24 | 01,309,184 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlstrm.sys

[2009/11/18 23:08:24 | 00,452,736 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\drivers\mtxparhm.sys

[2009/11/18 23:08:24 | 00,180,360 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys

[2009/11/18 23:08:24 | 00,126,686 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys

[2009/11/18 23:08:23 | 01,041,536 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\hsfdpsp2.sys

[2009/11/18 23:08:23 | 00,685,056 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\hsfcxts2.sys

[2009/11/18 23:08:23 | 00,220,032 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\hsfbs2s2.sys

[2009/11/18 23:08:23 | 00,011,868 | ---- | C] (Conexant) -- C:\WINDOWS\System32\drivers\mdmxsdk.sys

[2009/11/18 23:08:13 | 00,701,440 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtag.sys

[2009/11/18 23:08:13 | 00,327,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtaa.sys

[2009/11/18 23:08:13 | 00,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinrvxx.sys

[2009/11/18 23:08:13 | 00,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atintuxx.sys

[2009/11/18 23:08:13 | 00,063,663 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1rvxx.sys

[2009/11/18 23:08:13 | 00,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxsxx.sys

[2009/11/18 23:08:13 | 00,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinbtxx.sys

[2009/11/18 23:08:13 | 00,056,623 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1btxx.sys

[2009/11/18 23:08:13 | 00,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinraxx.sys

[2009/11/18 23:08:13 | 00,036,463 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1tuxx.sys

[2009/11/18 23:08:13 | 00,034,735 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xsxx.sys

[2009/11/18 23:08:13 | 00,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxbxx.sys

[2009/11/18 23:08:13 | 00,030,671 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1raxx.sys

[2009/11/18 23:08:13 | 00,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xbxx.sys

[2009/11/18 23:08:13 | 00,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinsnxx.sys

[2009/11/18 23:08:13 | 00,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1snxx.sys

[2009/11/18 23:08:13 | 00,021,343 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1ttxx.sys

[2009/11/18 23:08:13 | 00,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinpdxx.sys

[2009/11/18 23:08:13 | 00,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinttxx.sys

[2009/11/18 23:08:13 | 00,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinmdxx.sys

[2009/11/18 23:08:13 | 00,012,047 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1pdxx.sys

[2009/11/18 23:08:13 | 00,011,615 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1mdxx.sys

[2009/11/18 22:52:29 | 00,455,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys

[2009/11/18 22:52:28 | 00,333,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys

[2009/11/18 22:51:46 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight

[2009/11/18 22:35:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jory\My Documents\Downloads

[2009/11/18 21:22:03 | 00,000,000 | -HSD | C] -- C:\RECYCLER

[2009/11/18 21:17:10 | 00,000,000 | ---D | C] -- C:\Program Files\JRE

[2009/11/18 21:17:08 | 00,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3

[2009/11/18 21:17:02 | 00,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll

[2009/11/18 21:17:02 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe

[2009/11/18 21:17:02 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe

[2009/11/18 21:17:02 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

[2009/11/18 21:17:02 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl

[2009/11/18 21:16:58 | 00,000,000 | ---D | C] -- C:\Program Files\Java

[2009/11/18 21:16:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jory\Application Data\Sun

[2009/11/18 21:11:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jory\Local Settings\Application Data\Mozilla

[2009/11/18 21:11:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jory\Application Data\Mozilla

[2009/11/18 21:08:09 | 00,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys

[2009/11/18 21:08:01 | 02,189,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe

[2009/11/18 21:08:01 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe

[2009/11/18 21:08:01 | 00,730,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll

[2009/11/18 21:08:00 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe

[2009/11/18 21:07:13 | 00,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys

[2009/11/18 21:07:06 | 00,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll

[2009/11/18 21:07:05 | 00,689,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp3res.dll

[2009/11/18 21:05:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage

[2009/11/18 21:05:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall

[2009/11/18 21:05:52 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$

[2009/11/18 21:04:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution

[2009/11/18 21:04:24 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Jory\UserData

[2009/11/18 21:02:23 | 00,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies

[2009/11/18 21:02:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\AGEIA

[2009/11/18 21:00:17 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard

[2009/11/18 21:00:04 | 00,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll

[2009/11/18 20:59:56 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$

[2009/11/18 20:59:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation

[2009/11/18 20:59:29 | 00,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation

[2009/11/18 20:49:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jory\Application Data\Adobe

[2009/11/18 20:49:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jory\Application Data\Macromedia

[2009/11/18 20:46:01 | 00,000,000 | ---D | C] -- C:\Program Files\ASUS

[2009/11/18 20:43:50 | 00,000,000 | ---D | C] -- C:\Program Files\Marvell

[2009/11/18 20:43:30 | 00,036,864 | R--- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\drivers\l1e51x86.sys

[2009/11/18 20:43:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Atheros_L1e

[2009/11/18 20:43:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Lang

[2009/11/18 20:41:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\RTCOM

[2009/11/18 20:41:48 | 00,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksproxy.ax

[2009/11/18 20:41:48 | 00,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys

[2009/11/18 20:41:48 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksuser.dll

[2009/11/18 20:41:25 | 00,026,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe

[2009/11/18 20:41:20 | 01,826,816 | R--- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SkyTel.exe

[2009/11/18 20:41:20 | 00,086,016 | R--- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SoundMan.exe

[2009/11/18 20:41:19 | 01,196,032 | R--- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RtlUpd.exe

[2009/11/18 20:41:19 | 00,266,240 | R--- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RTSndMgr.cpl

[2009/11/18 20:41:17 | 09,715,200 | R--- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTLCPL.exe

[2009/11/18 20:41:16 | 04,800,000 | R--- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys

[2009/11/18 20:41:13 | 16,862,720 | R--- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe

[2009/11/18 20:41:12 | 02,165,760 | R--- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\MicCal.exe

[2009/11/18 20:41:09 | 02,808,832 | R--- | C] (RealTek Semicoductor Corp.) -- C:\WINDOWS\alcwzrd.exe

[2009/11/18 20:41:09 | 00,069,632 | R--- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\Alcmtr.exe

[2009/11/18 20:41:08 | 00,299,008 | R--- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\ALSndMgr.cpl

[2009/11/18 20:41:08 | 00,000,000 | ---D | C] -- C:\Program Files\Realtek

[2009/11/18 20:41:07 | 00,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information

[2009/11/18 20:41:05 | 00,520,192 | R--- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RtlExUpd.dll

[2009/11/18 20:41:05 | 00,315,392 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\HideWin.exe

[2009/11/18 20:41:02 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield

[2009/11/18 20:33:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\ASUSInstAll

[2009/11/18 20:30:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups

[2009/11/18 20:30:12 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE

[2009/11/18 20:30:11 | 00,053,248 | R--- | C] (Windows XP Bundled build C-Centric Single User) -- C:\WINDOWS\System32\CSVer.dll

[2009/11/18 20:30:11 | 00,000,000 | ---D | C] -- C:\Program Files\Intel

[2009/11/18 20:29:58 | 00,000,000 | ---D | C] -- C:\Intel

[2009/11/18 20:27:11 | 00,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information

[2009/11/18 20:27:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jory\Application Data\Identities

[2009/11/18 20:27:09 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Jory\My Documents\My Pictures

[2009/11/18 20:27:09 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Jory\My Documents\My Music

[2009/11/18 20:27:01 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Jory\Application Data\Microsoft

[2009/11/18 20:27:01 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Jory\Cookies

[2009/11/18 20:27:01 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Jory\SendTo

[2009/11/18 20:27:01 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Jory\Application Data

[2009/11/18 20:27:01 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Jory\Start Menu

[2009/11/18 20:27:01 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Jory\My Documents

[2009/11/18 20:27:01 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Jory\Favorites

[2009/11/18 20:27:01 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Jory\Templates

[2009/11/18 20:27:01 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Jory\PrintHood

[2009/11/18 20:27:01 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Jory\NetHood

[2009/11/18 20:27:01 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Jory\Local Settings

[2009/11/18 20:27:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jory\Local Settings\Application Data\Microsoft

[2009/11/18 20:27:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jory\Desktop

[2009/11/18 20:26:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution

[2009/11/18 20:26:15 | 00,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft

[2009/11/18 20:25:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft

[2009/11/18 20:25:02 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winzm.ime

[2009/11/18 20:25:02 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsp.ime

[2009/11/18 20:25:02 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpy.ime

[2009/11/18 20:25:02 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wingb.ime

[2009/11/18 20:25:02 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winime.ime

[2009/11/18 20:25:01 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winar30.ime

[2009/11/18 20:25:01 | 00,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll

[2009/11/18 20:25:01 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys

[2009/11/18 20:25:01 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamps51.dll

[2009/11/18 20:25:00 | 00,426,041 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicepad.dll

[2009/11/18 20:25:00 | 00,086,073 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicesub.dll

[2009/11/18 20:25:00 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ext.dll

[2009/11/18 20:25:00 | 00,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll

[2009/11/18 20:25:00 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svapi.dll

[2009/11/18 20:25:00 | 00,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ctrs51.dll

[2009/11/18 20:24:59 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniime.dll

[2009/11/18 20:24:59 | 00,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unicdime.ime

[2009/11/18 20:24:59 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe

[2009/11/18 20:24:58 | 00,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime

[2009/11/18 20:24:58 | 00,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe

[2009/11/18 20:24:58 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll

[2009/11/18 20:24:58 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe

[2009/11/18 20:24:58 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll

[2009/11/18 20:24:57 | 00,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys

[2009/11/18 20:24:57 | 00,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys

[2009/11/18 20:24:57 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\status.dll

[2009/11/18 20:24:57 | 00,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys

[2009/11/18 20:24:56 | 00,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll

[2009/11/18 20:24:56 | 00,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll

[2009/11/18 20:24:55 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll

[2009/11/18 20:24:55 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll

[2009/11/18 20:24:54 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll

[2009/11/18 20:24:54 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll

[2009/11/18 20:24:54 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll

[2009/11/18 20:24:54 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll

[2009/11/18 20:24:53 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll

[2009/11/18 20:24:53 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll

[2009/11/18 20:24:53 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll

[2009/11/18 20:24:53 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll

[2009/11/18 20:24:53 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll

[2009/11/18 20:24:53 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll

[2009/11/18 20:24:53 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll

[2009/11/18 20:24:53 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll

[2009/11/18 20:24:53 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll

[2009/11/18 20:24:53 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll

[2009/11/18 20:24:53 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll

[2009/11/18 20:24:53 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll

[2009/11/18 20:24:53 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll

[2009/11/18 20:24:53 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll

[2009/11/18 20:24:52 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll

[2009/11/18 20:24:51 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll

[2009/11/18 20:24:51 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll

[2009/11/18 20:24:51 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll

[2009/11/18 20:24:50 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\romanime.ime

[2009/11/18 20:24:50 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe

[2009/11/18 20:24:50 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe

[2009/11/18 20:24:49 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quick.ime

[2009/11/18 20:24:49 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe

[2009/11/18 20:24:49 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe

[2009/11/18 20:24:48 | 00,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime

[2009/11/18 20:24:48 | 00,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll

[2009/11/18 20:24:48 | 00,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe

[2009/11/18 20:24:48 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll

[2009/11/18 20:24:48 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll

[2009/11/18 20:24:48 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll

[2009/11/18 20:24:47 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phon.ime

[2009/11/18 20:24:47 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlcsd.dll

[2009/11/18 20:24:47 | 00,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll

[2009/11/18 20:24:47 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pagecnt.dll

[2009/11/18 20:24:47 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\permchk.dll

[2009/11/18 20:24:47 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs804.dll

[2009/11/18 20:24:47 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll

[2009/11/18 20:24:46 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll

[2009/11/18 20:24:46 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs404.dll

[2009/11/18 20:24:45 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nextlink.dll

[2009/11/18 20:24:44 | 00,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll

[2009/11/18 20:24:43 | 01,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex

[2009/11/18 20:24:43 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll

[2009/11/18 20:24:41 | 00,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys

[2009/11/18 20:24:41 | 00,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll

[2009/11/18 20:24:40 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll

[2009/11/18 20:24:40 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mdsync.dll

[2009/11/18 20:24:39 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logscrpt.dll

[2009/11/18 20:24:38 | 00,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll

[2009/11/18 20:24:38 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll

[2009/11/18 20:24:38 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll

[2009/11/18 20:24:38 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll

[2009/11/18 20:24:38 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll

[2009/11/18 20:24:38 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll

[2009/11/18 20:24:38 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll

[2009/11/18 20:24:38 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll

[2009/11/18 20:24:38 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll

[2009/11/18 20:24:37 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll

[2009/11/18 20:24:37 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll

[2009/11/18 20:24:37 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll

[2009/11/18 20:24:37 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll

[2009/11/18 20:24:37 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll

[2009/11/18 20:24:37 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll

[2009/11/18 20:24:37 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll

[2009/11/18 20:24:37 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll

[2009/11/18 20:24:37 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll

[2009/11/18 20:24:37 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll

[2009/11/18 20:24:37 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll

[2009/11/18 20:24:37 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll

[2009/11/18 20:24:36 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll

[2009/11/18 20:24:36 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll

[2009/11/18 20:24:36 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll

[2009/11/18 20:24:36 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll

[2009/11/18 20:24:36 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll

[2009/11/18 20:24:36 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll

[2009/11/18 20:24:36 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll

[2009/11/18 20:24:36 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll

[2009/11/18 20:24:36 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll

[2009/11/18 20:24:36 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll

[2009/11/18 20:24:36 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll

[2009/11/18 20:24:36 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll

[2009/11/18 20:24:35 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iwrps.dll

[2009/11/18 20:24:35 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoctrs.dll

[2009/11/18 20:24:35 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isapips.dll

[2009/11/18 20:24:34 | 00,471,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll

[2009/11/18 20:24:34 | 00,315,455 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskf.dll

[2009/11/18 20:24:34 | 00,274,489 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputyc.dll

[2009/11/18 20:24:34 | 00,262,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputy.exe

[2009/11/18 20:24:34 | 00,102,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imlang.dll

[2009/11/18 20:24:34 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe

[2009/11/18 20:24:33 | 00,716,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcus.dll

[2009/11/18 20:24:33 | 00,307,257 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.exe

[2009/11/18 20:24:33 | 00,233,527 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjprw.exe

[2009/11/18 20:24:33 | 00,208,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpmig.exe

[2009/11/18 20:24:33 | 00,155,705 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdsvr.exe

[2009/11/18 20:24:33 | 00,081,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.dll

[2009/11/18 20:24:33 | 00,057,398 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe

[2009/11/18 20:24:33 | 00,045,109 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe

[2009/11/18 20:24:32 | 00,811,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81k.dll

[2009/11/18 20:24:32 | 00,368,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcic.dll

[2009/11/18 20:24:32 | 00,340,023 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81.ime

[2009/11/18 20:24:32 | 00,311,359 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe

[2009/11/18 20:24:32 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrcic.dll

[2009/11/18 20:24:32 | 00,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll

[2009/11/18 20:24:32 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekr61.ime

[2009/11/18 20:24:32 | 00,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmbx.dll

[2009/11/18 20:24:32 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe

[2009/11/18 20:24:31 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisclex4.dll

[2009/11/18 20:24:31 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iiscrmap.dll

[2009/11/18 20:24:31 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iissync.exe

[2009/11/18 20:24:31 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismui.dll

[2009/11/18 20:24:28 | 10,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll

[2009/11/18 20:24:23 | 10,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll

[2009/11/18 20:24:22 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll

[2009/11/18 20:24:21 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll

[2009/11/18 20:24:21 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe

[2009/11/18 20:24:20 | 00,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll

[2009/11/18 20:24:20 | 00,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll

[2009/11/18 20:24:20 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpctrs2.dll

[2009/11/18 20:24:20 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll

[2009/11/18 20:24:19 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll

[2009/11/18 20:24:19 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe

[2009/11/18 20:24:18 | 00,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll

[2009/11/18 20:24:18 | 00,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll

[2009/11/18 20:24:18 | 00,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll

[2009/11/18 20:24:18 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys

[2009/11/18 20:24:17 | 00,514,587 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\edb500.dll

[2009/11/18 20:24:16 | 00,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dayi.ime

[2009/11/18 20:24:15 | 00,057,399 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cplexe.exe

[2009/11/18 20:24:15 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\convlog.exe

[2009/11/18 20:24:15 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\controt.dll

[2009/11/18 20:24:15 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\counters.dll

[2009/11/18 20:24:15 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe

[2009/11/18 20:24:14 | 00,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe

[2009/11/18 20:24:14 | 00,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll

[2009/11/18 20:24:14 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime

[2009/11/18 20:24:13 | 01,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll

[2009/11/18 20:24:13 | 00,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll

[2009/11/18 20:24:13 | 00,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll

[2009/11/18 20:24:13 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll

[2009/11/18 20:24:13 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe

[2009/11/18 20:24:12 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chajei.ime

[2009/11/18 20:24:12 | 00,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys

[2009/11/18 20:24:12 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe

[2009/11/18 20:24:12 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe

[2009/11/18 20:24:12 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe

[2009/11/18 20:24:11 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll

[2009/11/18 20:24:11 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll

[2009/11/18 20:24:07 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browscap.dll

[2009/11/18 20:24:07 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\authfilt.dll

[2009/11/18 20:24:06 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll

[2009/11/18 20:24:06 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asptxn.dll

[2009/11/18 20:24:06 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aspperf.dll

[2009/11/18 20:24:05 | 00,049,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adrot.dll

[2009/11/18 20:24:05 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll

[2009/11/18 20:24:04 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admxprox.dll

[2009/11/18 20:24:03 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamregps.dll

[2009/11/18 20:24:00 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetsloc.dll

[2009/11/18 20:24:00 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.exe

[2009/11/18 20:23:59 | 00,169,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisui.dll

[2009/11/18 20:23:59 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisreset.exe

[2009/11/18 20:23:59 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsapi2.dll

[2009/11/18 20:23:59 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstap.dll

[2009/11/18 20:23:57 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certmap.ocx

[2009/11/18 20:23:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom

[2009/11/18 20:23:54 | 00,000,000 | ---D | C] -- C:\Program Files\xerox

Link to post
Share on other sites

=======MORE OTL======

[2009/11/18 20:23:54 | 00,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage

[2009/11/18 20:23:37 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft

[2009/11/18 20:23:37 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft

[2009/11/18 20:23:29 | 00,112,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mapi32.dll

[2009/11/18 20:23:03 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM

[2009/11/18 20:22:57 | 00,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files

[2009/11/18 20:22:57 | 00,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages

[2009/11/18 20:22:51 | 00,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate

[2009/11/18 20:22:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX

[2009/11/18 20:22:14 | 00,099,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helphost.exe

[2009/11/18 20:22:14 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\notiflag.exe

[2009/11/18 20:22:14 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\brpinfo.dll

[2009/11/18 20:22:14 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atrace.dll

[2009/11/18 20:22:14 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\atrace.dll

[2009/11/18 20:22:13 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hcappres.dll

[2009/11/18 20:22:05 | 00,047,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srdiag.exe

[2009/11/18 20:22:04 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wb32.exe

[2009/11/18 20:22:04 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmevtmsg.dll

[2009/11/18 20:22:04 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmevtmsg.dll

[2009/11/18 20:22:03 | 00,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\acctres.dll

[2009/11/18 20:22:03 | 00,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\acctres.dll

[2009/11/18 20:22:03 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msinfo32.exe

[2009/11/18 20:22:03 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cb32.exe

[2009/11/18 20:22:02 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Services

[2009/11/18 20:22:00 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icfgnt5.dll

[2009/11/18 20:22:00 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icfgnt5.dll

[2009/11/18 20:22:00 | 00,000,000 | --SD | C] -- C:\WINDOWS\Tasks

[2009/11/18 20:21:59 | 00,235,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mssoap1.dll

[2009/11/18 20:21:59 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwtutor.exe

[2009/11/18 20:21:59 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwres.dll

[2009/11/18 20:21:59 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\trialoc.dll

[2009/11/18 20:21:59 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wisc10.dll

[2009/11/18 20:21:59 | 00,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mssoapr.dll

[2009/11/18 20:21:59 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isignup.exe

[2009/11/18 20:21:59 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap

[2009/11/18 20:21:58 | 00,093,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieinfo5.ocx

[2009/11/18 20:21:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\srchasst

[2009/11/18 20:21:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed

[2009/11/18 20:21:53 | 00,774,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\setup_wm.exe

[2009/11/18 20:21:53 | 00,368,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpvis.dll

[2009/11/18 20:21:53 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpband.dll

[2009/11/18 20:21:52 | 00,786,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migrate.exe

[2009/11/18 20:21:52 | 00,226,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\npdrmv2.dll

[2009/11/18 20:21:52 | 00,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpns.dll

[2009/11/18 20:21:52 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmplayer.exe

[2009/11/18 20:21:52 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\custsat.dll

[2009/11/18 20:21:51 | 00,364,544 | ---- | C] (Microsoft Corporation (written by Digital Renaissance Inc.)) -- C:\WINDOWS\System32\dllcache\npdsplay.dll

[2009/11/18 20:21:51 | 00,327,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll

[2009/11/18 20:21:51 | 00,327,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wucltui.dll

[2009/11/18 20:21:51 | 00,209,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuweb.dll

[2009/11/18 20:21:51 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\npwmsdrm.dll

[2009/11/18 20:21:51 | 00,004,639 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mplayer2.exe

[2009/11/18 20:21:50 | 01,929,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaueng.dll

[2009/11/18 20:21:50 | 00,575,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll

[2009/11/18 20:21:50 | 00,575,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuapi.dll

[2009/11/18 20:21:50 | 00,217,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaucpl.cpl

[2009/11/18 20:21:50 | 00,183,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng1.dll

[2009/11/18 20:21:50 | 00,165,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauclt1.exe

[2009/11/18 20:21:50 | 00,053,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauclt.exe

[2009/11/18 20:21:50 | 00,035,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups.dll

[2009/11/18 20:21:50 | 00,035,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wups.dll

[2009/11/18 20:21:50 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx2.dll

[2009/11/18 20:21:50 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx3.dll

[2009/11/18 20:21:49 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qmgrprxy.dll

[2009/11/18 20:21:45 | 00,000,000 | ---D | C] -- C:\Program Files\Movie Maker

[2009/11/18 20:21:41 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrslv.dll

[2009/11/18 20:21:41 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrcdlg.dll

[2009/11/18 20:21:41 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\racpldlg.dll

[2009/11/18 20:21:41 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrdm.dll

[2009/11/18 20:21:38 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fltmc.exe

[2009/11/18 20:21:37 | 00,239,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srrstr.dll

[2009/11/18 20:21:37 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore

[2009/11/18 20:21:36 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ils.dll

[2009/11/18 20:21:36 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msconf.dll

[2009/11/18 20:21:36 | 00,034,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mnmdd.dll

[2009/11/18 20:21:36 | 00,032,768 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\isrdbg32.dll

[2009/11/18 20:21:36 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmmkcert.dll

[2009/11/18 20:21:33 | 00,252,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoeacct.dll

[2009/11/18 20:21:33 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoert2.dll

[2009/11/18 20:21:33 | 00,000,000 | ---D | C] -- C:\Program Files\NetMeeting

[2009/11/18 20:21:31 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetres.dll

[2009/11/18 20:21:29 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstinit.exe

[2009/11/18 20:21:29 | 00,000,000 | ---D | C] -- C:\Program Files\Outlook Express

[2009/11/18 20:21:28 | 00,274,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcfg.dll

[2009/11/18 20:21:28 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\isign32.dll

[2009/11/18 20:21:28 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwdial.dll

[2009/11/18 20:21:28 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwphbk.dll

[2009/11/18 20:21:22 | 00,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadce.dll

[2009/11/18 20:21:22 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\System

[2009/11/18 20:21:21 | 00,000,000 | ---D | C] -- C:\Program Files\Internet Explorer

[2009/11/18 20:21:20 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures

[2009/11/18 20:21:01 | 00,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications

[2009/11/18 20:20:56 | 00,000,000 | ---D | C] -- C:\WINDOWS\Registration

[2009/11/18 20:20:51 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music

[2009/11/18 20:20:51 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Media Player

[2009/11/18 20:20:51 | 00,000,000 | ---D | C] -- C:\Program Files\Online Services

[2009/11/18 20:20:47 | 00,042,577 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckgzm.exe

[2009/11/18 20:20:47 | 00,000,000 | ---D | C] -- C:\Program Files\Messenger

[2009/11/18 20:20:46 | 01,817,687 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckgres.dll

[2009/11/18 20:20:46 | 00,780,885 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkrres.dll

[2009/11/18 20:20:46 | 00,753,236 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvseres.dll

[2009/11/18 20:20:46 | 00,082,501 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckg.dll

[2009/11/18 20:20:46 | 00,048,706 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvse.dll

[2009/11/18 20:20:46 | 00,042,575 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkrzm.exe

[2009/11/18 20:20:46 | 00,042,574 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvsezm.exe

[2009/11/18 20:20:46 | 00,040,515 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkr.dll

[2009/11/18 20:20:45 | 02,178,131 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvlres.dll

[2009/11/18 20:20:45 | 01,175,635 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtzres.dll

[2009/11/18 20:20:45 | 00,066,113 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvl.dll

[2009/11/18 20:20:45 | 00,057,409 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtz.dll

[2009/11/18 20:20:45 | 00,042,573 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvlzm.exe

[2009/11/18 20:20:45 | 00,042,573 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtzzm.exe

[2009/11/18 20:20:45 | 00,041,029 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zcorem.dll

[2009/11/18 20:20:45 | 00,032,339 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniansi.dll

[2009/11/18 20:20:45 | 00,013,894 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zonelibm.dll

[2009/11/18 20:20:45 | 00,004,677 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zeeverm.dll

[2009/11/18 20:20:44 | 01,039,955 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmnresm.dll

[2009/11/18 20:20:44 | 00,217,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmnclim.dll

[2009/11/18 20:20:44 | 00,113,222 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zoneclim.dll

[2009/11/18 20:20:44 | 00,036,937 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zclientm.exe

[2009/11/18 20:20:44 | 00,029,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\znetm.dll

[2009/11/18 20:20:44 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\write.exe

[2009/11/18 20:20:44 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\write.exe

[2009/11/18 20:20:44 | 00,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone

[2009/11/18 20:20:34 | 00,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndvol32.exe

[2009/11/18 20:20:34 | 00,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sndvol32.exe

[2009/11/18 20:20:33 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avtapi.dll

[2009/11/18 20:20:33 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avtapi.dll

[2009/11/18 20:20:33 | 00,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avwav.dll

[2009/11/18 20:20:33 | 00,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avwav.dll

[2009/11/18 20:20:33 | 00,044,544 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\hticons.dll

[2009/11/18 20:20:33 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avmeter.dll

[2009/11/18 20:20:33 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avmeter.dll

[2009/11/18 20:20:33 | 00,013,312 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\dllcache\htrn_jis.dll

[2009/11/18 20:20:32 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winchat.exe

[2009/11/18 20:20:32 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winchat.exe

[2009/11/18 20:20:25 | 00,605,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\getuname.dll

[2009/11/18 20:20:25 | 00,605,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\getuname.dll

[2009/11/18 20:20:24 | 00,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winmine.exe

[2009/11/18 20:20:24 | 00,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmine.exe

[2009/11/18 20:20:24 | 00,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\calc.exe

[2009/11/18 20:20:24 | 00,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\calc.exe

[2009/11/18 20:20:24 | 00,080,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\charmap.exe

[2009/11/18 20:20:24 | 00,080,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\charmap.exe

[2009/11/18 20:20:24 | 00,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sol.exe

[2009/11/18 20:20:24 | 00,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sol.exe

[2009/11/18 20:20:23 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mshearts.exe

[2009/11/18 20:20:23 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshearts.exe

[2009/11/18 20:20:23 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\freecell.exe

[2009/11/18 20:20:23 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\freecell.exe

[2009/11/18 20:20:23 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsshutdn.exe

[2009/11/18 20:20:23 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsshutdn.exe

[2009/11/18 20:20:23 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tskill.exe

[2009/11/18 20:20:23 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tskill.exe

[2009/11/18 20:20:23 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsdiscon.exe

[2009/11/18 20:20:23 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsdiscon.exe

[2009/11/18 20:20:23 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\reset.exe

[2009/11/18 20:20:23 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\reset.exe

[2009/11/18 20:20:22 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\regini.exe

[2009/11/18 20:20:22 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\regini.exe

[2009/11/18 20:20:22 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qwinsta.exe

[2009/11/18 20:20:22 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qwinsta.exe

[2009/11/18 20:20:22 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msg.exe

[2009/11/18 20:20:22 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msg.exe

[2009/11/18 20:20:22 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qappsrv.exe

[2009/11/18 20:20:22 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qappsrv.exe

[2009/11/18 20:20:22 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwinsta.exe

[2009/11/18 20:20:22 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rwinsta.exe

[2009/11/18 20:20:22 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdmodem.dll

[2009/11/18 20:20:22 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cdmodem.dll

[2009/11/18 20:20:22 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\logoff.exe

[2009/11/18 20:20:22 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logoff.exe

[2009/11/18 20:20:22 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscon.exe

[2009/11/18 20:20:22 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tscon.exe

[2009/11/18 20:20:22 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\shadow.exe

[2009/11/18 20:20:22 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shadow.exe

[2009/11/18 20:20:22 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpcfgex.dll

[2009/11/18 20:20:22 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpcfgex.dll

[2009/11/18 20:20:21 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtsadmin.tlb

[2009/11/18 20:20:21 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dcomcnfg.exe

[2009/11/18 20:20:20 | 00,167,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsnap.dll

[2009/11/18 20:20:20 | 00,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comrepl.dll

[2009/11/18 20:20:20 | 00,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\stclient.dll

[2009/11/18 20:20:20 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmi2xml.dll

[2009/11/18 20:20:20 | 00,034,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxlegih.dll

[2009/11/18 20:20:20 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxdm.dll

[2009/11/18 20:20:20 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comaddin.dll

[2009/11/18 20:20:20 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxex.dll

[2009/11/18 20:20:16 | 00,116,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\updprov.dll

[2009/11/18 20:20:16 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipicmp.dll

[2009/11/18 20:20:16 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmimsg.dll

[2009/11/18 20:20:16 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemdisp.tlb

[2009/11/18 20:20:16 | 00,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmitimep.dll

[2009/11/18 20:20:16 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemads.tlb

[2009/11/18 20:20:16 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unsecapp.exe

[2009/11/18 20:20:16 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmgmtr.dll

[2009/11/18 20:20:16 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmgmt.exe

[2009/11/18 20:20:16 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemads.dll

[2009/11/18 20:20:15 | 00,273,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msiprov.dll

[2009/11/18 20:20:15 | 00,120,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsprov.dll

[2009/11/18 20:20:15 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmplprov.dll

[2009/11/18 20:20:15 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\trnsprov.dll

[2009/11/18 20:20:15 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fwdprov.dll

[2009/11/18 20:20:15 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpcons.dll

[2009/11/18 20:20:04 | 00,000,000 | ---D | C] -- C:\Program Files\MSN

[2009/11/18 20:20:03 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\accwiz.exe

[2009/11/18 20:20:03 | 00,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndrec32.exe

[2009/11/18 20:20:03 | 00,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mplay32.exe

[2009/11/18 20:20:03 | 00,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mplay32.exe

[2009/11/18 20:20:03 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\access.cpl

[2009/11/18 20:20:02 | 00,347,136 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\hypertrm.dll

[2009/11/18 20:20:02 | 00,343,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mspaint.exe

[2009/11/18 20:20:02 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clipbrd.exe

[2009/11/18 20:20:02 | 00,000,000 | ---D | C] -- C:\Program Files\Windows NT

[2009/11/18 20:20:01 | 00,538,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spider.exe

[2009/11/18 20:20:01 | 00,093,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscfgwmi.dll

[2009/11/18 20:20:00 | 02,066,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstscax.dll

[2009/11/18 20:20:00 | 00,677,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstsc.exe

[2009/11/18 20:20:00 | 00,407,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstsc.exe

[2009/11/18 20:20:00 | 00,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdchost.dll

[2009/11/18 20:20:00 | 00,067,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdshost.exe

[2009/11/18 20:20:00 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscupgrd.exe

[2009/11/18 20:20:00 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tscupgrd.exe

[2009/11/18 20:20:00 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdsaddin.exe

[2009/11/18 20:19:59 | 00,087,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpwsx.dll

[2009/11/18 20:19:59 | 00,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpclip.exe

[2009/11/18 20:19:59 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cfgbkend.dll

[2009/11/18 20:19:59 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpsnd.dll

[2009/11/18 20:19:59 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qprocess.exe

[2009/11/18 20:19:59 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icaapi.dll

[2009/11/18 20:19:58 | 00,956,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtctm.dll

[2009/11/18 20:19:58 | 00,428,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcprx.dll

[2009/11/18 20:19:58 | 00,161,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcuiu.dll

[2009/11/18 20:19:58 | 00,091,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxoci.dll

[2009/11/18 20:19:58 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xolehlp.dll

[2009/11/18 20:19:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc

[2009/11/18 20:19:57 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\colbact.dll

[2009/11/18 20:19:57 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtclog.dll

[2009/11/18 20:19:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Com

[2009/11/18 20:19:56 | 00,625,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrvut.dll

[2009/11/18 20:19:56 | 00,226,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrv.dll

[2009/11/18 20:19:56 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clbcatex.dll

[2009/11/18 20:19:56 | 00,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrvps.dll

[2009/11/18 20:19:55 | 01,267,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsvcs.dll

[2009/11/18 20:19:55 | 00,539,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comuid.dll

[2009/11/18 20:19:49 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmprops.dll

[2009/11/18 20:19:49 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\licwmi.dll

[2009/11/18 20:19:49 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\servdeps.dll

[2009/11/18 20:19:49 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmfutil.dll

[2009/11/18 20:19:47 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos

[2009/11/18 13:15:41 | 00,006,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\enum1394.sys

[2009/11/18 13:14:56 | 00,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\usbui.dll

[2009/11/18 13:14:19 | 00,000,000 | -HSD | C] -- C:\WINDOWS\Installer

[2009/11/18 13:14:19 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC

[2009/11/18 13:14:18 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spcommon.dll

[2009/11/18 13:14:18 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spcplui.dll

[2009/11/18 13:14:17 | 00,774,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spttseng.dll

[2009/11/18 13:14:16 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sapisvr.exe

[2009/11/18 13:14:16 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines

[2009/11/18 13:14:15 | 00,000,000 | R--D | C] -- C:\Program Files

[2009/11/18 13:14:15 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared

[2009/11/18 13:14:15 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files

[2009/11/18 13:14:13 | 00,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtuq.dll

[2009/11/18 13:14:13 | 00,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtuf.dll

[2009/11/18 13:14:13 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdtuq.dll

[2009/11/18 13:14:13 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdtuf.dll

[2009/11/18 13:14:13 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdazel.dll

[2009/11/18 13:14:13 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdazel.dll

[2009/11/18 13:14:11 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtat.dll

[2009/11/18 13:14:11 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdmon.dll

[2009/11/18 13:14:11 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkyr.dll

[2009/11/18 13:14:11 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdtat.dll

[2009/11/18 13:14:11 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdmon.dll

[2009/11/18 13:14:11 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkyr.dll

[2009/11/18 13:14:10 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdycc.dll

[2009/11/18 13:14:10 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbduzb.dll

[2009/11/18 13:14:10 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdur.dll

[2009/11/18 13:14:10 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdru1.dll

[2009/11/18 13:14:10 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdru.dll

[2009/11/18 13:14:10 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkaz.dll

[2009/11/18 13:14:10 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbu.dll

[2009/11/18 13:14:10 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdblr.dll

[2009/11/18 13:14:10 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdaze.dll

[2009/11/18 13:14:10 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdycc.dll

[2009/11/18 13:14:10 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbduzb.dll

[2009/11/18 13:14:10 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdur.dll

[2009/11/18 13:14:10 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdru1.dll

[2009/11/18 13:14:10 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdru.dll

[2009/11/18 13:14:10 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkaz.dll

[2009/11/18 13:14:10 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdbu.dll

[2009/11/18 13:14:10 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdblr.dll

[2009/11/18 13:14:10 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdaze.dll

[2009/11/18 13:14:08 | 00,008,192 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhept.dll

[2009/11/18 13:14:08 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhept.dll

[2009/11/18 13:14:08 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhela3.dll

[2009/11/18 13:14:08 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhela3.dll

[2009/11/18 13:14:08 | 00,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhela2.dll

[2009/11/18 13:14:08 | 00,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdgkl.dll

[2009/11/18 13:14:08 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhela2.dll

[2009/11/18 13:14:08 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgkl.dll

[2009/11/18 13:14:08 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe319.dll

[2009/11/18 13:14:08 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe220.dll

[2009/11/18 13:14:08 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe.dll

[2009/11/18 13:14:08 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhe319.dll

[2009/11/18 13:14:08 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhe220.dll

[2009/11/18 13:14:08 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhe.dll

[2009/11/18 13:14:06 | 00,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlv1.dll

[2009/11/18 13:14:06 | 00,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlv.dll

[2009/11/18 13:14:06 | 00,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdest.dll

[2009/11/18 13:14:06 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlv1.dll

[2009/11/18 13:14:06 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlv.dll

[2009/11/18 13:14:06 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdest.dll

[2009/11/18 13:14:06 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlt1.dll

[2009/11/18 13:14:06 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlt.dll

[2009/11/18 13:14:06 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlt1.dll

[2009/11/18 13:14:06 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlt.dll

[2009/11/18 13:14:04 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsl1.dll

[2009/11/18 13:14:04 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsl.dll

[2009/11/18 13:14:04 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpl.dll

[2009/11/18 13:14:04 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsl1.dll

[2009/11/18 13:14:04 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsl.dll

[2009/11/18 13:14:04 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdpl.dll

[2009/11/18 13:14:04 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdro.dll

[2009/11/18 13:14:04 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdro.dll

[2009/11/18 13:14:03 | 00,007,168 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz.dll

[2009/11/18 13:14:03 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcz.dll

[2009/11/18 13:14:03 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdycl.dll

[2009/11/18 13:14:03 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhu.dll

[2009/11/18 13:14:03 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz2.dll

[2009/11/18 13:14:03 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz1.dll

[2009/11/18 13:14:03 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcr.dll

[2009/11/18 13:14:03 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\KBDAL.DLL

[2009/11/18 13:14:03 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdycl.dll

[2009/11/18 13:14:03 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhu.dll

[2009/11/18 13:14:03 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcz2.dll

[2009/11/18 13:14:03 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcz1.dll

[2009/11/18 13:14:03 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcr.dll

[2009/11/18 13:14:03 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdal.dll

[2009/11/18 13:14:03 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpl1.dll

[2009/11/18 13:14:03 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhu1.dll

[2009/11/18 13:14:03 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdpl1.dll

[2009/11/18 13:14:03 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhu1.dll

[2009/11/18 13:14:01 | 00,176,157 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dllcache\dgrpsetu.dll

[2009/11/18 13:14:01 | 00,176,157 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dgrpsetu.dll

[2009/11/18 13:14:01 | 00,103,424 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\EqnClass.Dll

[2009/11/18 13:14:01 | 00,103,424 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqnclass.dll

[2009/11/18 13:14:01 | 00,085,020 | ---- | C] (Digi International) -- C:\WINDOWS\System32\dllcache\dgsetup.dll

[2009/11/18 13:14:01 | 00,085,020 | ---- | C] (Digi International) -- C:\WINDOWS\System32\dgsetup.dll

[2009/11/18 13:14:01 | 00,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll

[2009/11/18 13:14:01 | 00,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll

[2009/11/18 13:14:01 | 00,013,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\WFWNET.DRV

[2009/11/18 13:14:01 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll

[2009/11/18 13:14:01 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll

[2009/11/18 13:14:00 | 00,126,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MSVIDEO.DLL

[2009/11/18 13:14:00 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\OLECLI.DLL

[2009/11/18 13:14:00 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\OLESVR.DLL

[2009/11/18 13:14:00 | 00,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\TAPI.DLL

[2009/11/18 13:14:00 | 00,009,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VER.DLL

[2009/11/18 13:14:00 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SHELL.DLL

[2009/11/18 13:14:00 | 00,004,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\TIMER.DRV

[2009/11/18 13:14:00 | 00,003,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SYSTEM.DRV

[2009/11/18 13:14:00 | 00,002,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VGA.DRV

[2009/11/18 13:14:00 | 00,001,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SOUND.DRV

[2009/11/18 13:13:59 | 00,109,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\AVIFILE.DLL

[2009/11/18 13:13:59 | 00,073,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCIAVI.DRV

[2009/11/18 13:13:59 | 00,069,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\AVICAP.DLL

[2009/11/18 13:13:59 | 00,032,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\COMMDLG.DLL

[2009/11/18 13:13:59 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCIWAVE.DRV

[2009/11/18 13:13:59 | 00,025,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCISEQ.DRV

[2009/11/18 13:13:59 | 00,009,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\LZEXPAND.DLL

[2009/11/18 13:13:59 | 00,002,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MOUSE.DRV

[2009/11/18 13:13:59 | 00,002,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\KEYBOARD.DRV

[2009/11/18 13:13:59 | 00,001,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MMTASK.TSK

[2009/11/18 13:13:58 | 00,146,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\winspool.drv

[2009/11/18 13:13:58 | 00,068,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MMSYSTEM.DLL

[2009/11/18 13:13:58 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\TASKMAN.EXE

[2009/11/18 13:13:58 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\taskman.exe

[2009/11/18 13:13:58 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\batt.dll

[2009/11/18 13:13:56 | 00,074,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\storprop.dll

[2009/11/18 13:13:51 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu

[2009/11/18 13:13:51 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents

[2009/11/18 13:13:51 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates

[2009/11/18 13:13:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites

[2009/11/18 13:13:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop

[2009/11/18 13:12:02 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2

[2009/11/18 13:12:02 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot

[2009/11/18 13:11:56 | 00,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft

[2009/11/18 13:11:56 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data

[2009/11/18 13:11:36 | 00,000,000 | -HSD | C] -- C:\System Volume Information

[2009/11/18 13:11:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings

[2009/11/18 13:05:36 | 00,000,000 | R-SD | C] -- C:\WINDOWS\Fonts

[2009/11/18 13:05:36 | 00,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache

[2009/11/18 13:05:36 | 00,000,000 | R--D | C] -- C:\WINDOWS\Web

[2009/11/18 13:05:36 | 00,000,000 | -H-D | C] -- C:\WINDOWS\inf

[2009/11/18 13:05:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\WinSxS

[2009/11/18 13:05:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\wins

[2009/11/18 13:05:36 | 00,000,000 | ---D | C] -- C:\WINDOWS

[2009/11/18 13:05:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem

[2009/11/18 13:05:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt

[2009/11/18 13:05:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\twain_32

[2009/11/18 13:05:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\Temp

[2009/11/18 13:05:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\system32

[2009/11/18 13:05:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\system

[2009/11/18 13:05:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\spool

[2009/11/18 13:05:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt

[2009/11/18 13:05:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup

[2009/11/18 13:05:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\security

[2009/11/18 13:05:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\Resources

[2009/11/18 13:05:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\repair

[2009/11/18 13:05:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ras

[2009/11/18 13:05:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\Provisioning

[2009/11/18 13:05:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\PeerNet

[2009/11/18 13:05:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\pchealth

[2009/11/18 13:05:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe

[2009/11/18 13:05:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\npp

[2009/11/18 13:05:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\mui

[2009/11/18 13:05:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\mui

[2009/11/18 13:05:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\msapps

[2009/11/18 13:05:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\msagent

[2009/11/18 13:05:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\Media

[2009/11/18 13:05:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\java

[2009/11/18 13:05:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv

[2009/11/18 13:05:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\IME

[2009/11/18 13:05:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\ime

[2009/11/18 13:05:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml

[2009/11/18 13:05:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ias

[2009/11/18 13:05:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\Help

[2009/11/18 13:05:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\export

[2009/11/18 13:05:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc

[2009/11/18 13:05:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\ehome

[2009/11/18 13:05:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers

[2009/11/18 13:05:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache

[2009/11/18 13:05:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn

[2009/11/18 13:05:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp

[2009/11/18 13:05:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\Debug

[2009/11/18 13:05:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\Cursors

[2009/11/18 13:05:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard

[2009/11/18 13:05:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\config

[2009/11/18 13:05:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\Config

[2009/11/18 13:05:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\AppPatch

[2009/11/18 13:05:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\addins

[2009/11/18 13:05:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi

[2009/11/18 13:05:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\3076

[2009/11/18 13:05:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\2052

[2009/11/18 13:05:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1054

[2009/11/18 13:05:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1042

[2009/11/18 13:05:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1041

[2009/11/18 13:05:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1037

[2009/11/18 13:05:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1033

[2009/11/18 13:05:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1031

[2009/11/18 13:05:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1028

[2009/11/18 13:05:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1025

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\Documents and Settings\Jory\*.tmp files -> C:\Documents and Settings\Jory\*.tmp -> ]

Link to post
Share on other sites

========MORE OTL==========

========== Files - Modified Within 30 Days ==========

[2009/12/14 08:18:36 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jory\Desktop\OTL.exe

[2009/12/14 08:16:52 | 00,289,792 | ---- | M] () -- C:\Documents and Settings\Jory\Desktop\exeHelper.com

[2009/12/14 08:15:13 | 00,356,120 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2009/12/14 08:15:13 | 00,311,604 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2009/12/14 08:15:13 | 00,039,992 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2009/12/14 08:11:14 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009/12/14 08:10:57 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009/12/14 08:10:56 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009/12/14 00:59:40 | 01,572,864 | -H-- | M] () -- C:\Documents and Settings\Jory\NTUSER.DAT

[2009/12/14 00:59:40 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Jory\ntuser.ini

[2009/12/14 00:59:36 | 06,938,562 | -H-- | M] () -- C:\Documents and Settings\Jory\Local Settings\Application Data\IconCache.db

[2009/12/14 00:48:27 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\18467.exe

[2009/12/14 00:38:02 | 00,000,812 | ---- | M] () -- C:\Documents and Settings\Jory\Desktop\HijackThis.lnk

[2009/12/14 00:28:33 | 00,000,756 | ---- | M] () -- C:\Documents and Settings\Jory\Desktop\Internet Security 2010.lnk

[2009/12/14 00:27:56 | 00,019,968 | ---- | M] () -- C:\WINDOWS\System32\winlogon86.exe

[2009/12/13 23:46:25 | 00,000,791 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk

[2009/12/13 23:40:25 | 30,909,992 | ---- | M] () -- C:\Documents and Settings\Jory\Desktop\avira_antivir_personal_en.exe

[2009/12/13 23:30:40 | 04,844,296 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jory\Desktop\hmm.exe

[2009/12/12 12:46:28 | 00,001,854 | -H-- | M] () -- C:\Documents and Settings\Jory\My Documents\Default.rdp

[2009/12/11 17:09:27 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2009/12/05 09:56:57 | 00,036,864 | ---- | M] () -- C:\Documents and Settings\Jory\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/12/02 07:21:58 | 00,112,584 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2009/12/01 23:54:58 | 00,017,864 | ---- | M] () -- C:\Documents and Settings\Jory\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[2009/11/30 00:44:04 | 00,000,382 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job

[2009/11/28 21:41:25 | 00,000,528 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ventrilo.lnk

[2009/11/28 21:41:25 | 00,000,262 | ---- | M] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini

[2009/11/21 08:51:42 | 01,206,508 | ---- | M] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb

[2009/11/21 08:51:04 | 00,471,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll

[2009/11/20 20:16:50 | 00,000,472 | ---- | M] () -- C:\Documents and Settings\Jory\Desktop\Shortcut to WowMatrix.lnk

[2009/11/19 21:45:18 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx

[2009/11/19 20:49:38 | 00,250,048 | RHS- | M] () -- C:\ntldr

[2009/11/18 21:11:59 | 00,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat

[2009/11/18 20:46:06 | 00,037,628 | ---- | M] () -- C:\WINDOWS\Ascd_log.ini

[2009/11/18 20:45:51 | 00,000,670 | ---- | M] () -- C:\WINDOWS\setup.iss

[2009/11/18 20:43:11 | 00,940,794 | ---- | M] () -- C:\WINDOWS\System32\LoopyMusic.wav

[2009/11/18 20:43:11 | 00,146,650 | ---- | M] () -- C:\WINDOWS\System32\BuzzingBee.wav

[2009/11/18 20:41:05 | 00,315,392 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\HideWin.exe

[2009/11/18 20:29:19 | 00,037,237 | ---- | M] () -- C:\WINDOWS\Ascd_tmp.ini

[2009/11/18 20:25:58 | 00,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD

[2009/11/18 20:25:09 | 00,000,261 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf

[2009/11/18 20:23:38 | 00,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

[2009/11/18 20:23:38 | 00,000,477 | ---- | M] () -- C:\WINDOWS\win.ini

[2009/11/18 20:23:38 | 00,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2009/11/18 20:23:38 | 00,000,000 | RHS- | M] () -- C:\IO.SYS

[2009/11/18 20:23:38 | 00,000,000 | ---- | M] () -- C:\WINDOWS\control.ini

[2009/11/18 20:23:38 | 00,000,000 | ---- | M] () -- C:\CONFIG.SYS

[2009/11/18 20:23:38 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT

[2009/11/18 20:23:36 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb

[2009/11/18 20:23:36 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb

[2009/11/18 20:23:30 | 00,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI

[2009/11/18 20:22:57 | 00,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest

[2009/11/18 20:22:57 | 00,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest

[2009/11/18 20:22:54 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest

[2009/11/18 20:22:54 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest

[2009/11/18 20:22:54 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest

[2009/11/18 20:22:54 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest

[2009/11/18 20:22:54 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest

[2009/11/18 20:22:54 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest

[2009/11/18 20:21:08 | 00,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat

[2009/11/18 20:20:59 | 00,000,037 | ---- | M] () -- C:\WINDOWS\vbaddin.ini

[2009/11/18 20:20:59 | 00,000,036 | ---- | M] () -- C:\WINDOWS\vb.ini

[2009/11/18 20:18:44 | 00,000,211 | -HS- | M] () -- C:\boot.ini

[2009/11/18 13:14:15 | 00,000,231 | ---- | M] () -- C:\WINDOWS\system.ini

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\Documents and Settings\Jory\*.tmp files -> C:\Documents and Settings\Jory\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/14 08:16:52 | 00,289,792 | ---- | C] () -- C:\Documents and Settings\Jory\Desktop\exeHelper.com

[2009/12/14 00:48:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\18467.exe

[2009/12/14 00:38:02 | 00,000,812 | ---- | C] () -- C:\Documents and Settings\Jory\Desktop\HijackThis.lnk

[2009/12/14 00:28:33 | 00,000,756 | ---- | C] () -- C:\Documents and Settings\Jory\Desktop\Internet Security 2010.lnk

[2009/12/14 00:27:57 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\winlogon86.exe

[2009/12/13 23:46:25 | 00,000,791 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk

[2009/12/13 23:44:13 | 30,909,992 | ---- | C] () -- C:\Documents and Settings\Jory\Desktop\avira_antivir_personal_en.exe

[2009/11/30 00:44:03 | 00,000,382 | ---- | C] () -- C:\WINDOWS\tasks\SmartDefrag.job

[2009/11/28 21:41:25 | 00,000,528 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ventrilo.lnk

[2009/11/28 21:41:21 | 00,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini

[2009/11/21 18:36:13 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\HPPLVS.dll

[2009/11/20 20:16:50 | 00,000,472 | ---- | C] () -- C:\Documents and Settings\Jory\Desktop\Shortcut to WowMatrix.lnk

[2009/11/20 00:43:49 | 00,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2009/11/20 00:43:49 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2009/11/20 00:43:49 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\xvid.ax

[2009/11/19 16:20:29 | 00,001,854 | -H-- | C] () -- C:\Documents and Settings\Jory\My Documents\Default.rdp

[2009/11/19 12:41:52 | 00,036,864 | ---- | C] () -- C:\Documents and Settings\Jory\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/11/18 23:08:26 | 00,613,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm

[2009/11/18 23:08:26 | 00,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav

[2009/11/18 23:08:26 | 00,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav

[2009/11/18 23:08:26 | 00,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav

[2009/11/18 23:08:26 | 00,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv

[2009/11/18 23:08:26 | 00,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav

[2009/11/18 23:08:26 | 00,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav

[2009/11/18 23:08:26 | 00,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav

[2009/11/18 23:08:26 | 00,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav

[2009/11/18 23:08:26 | 00,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav

[2009/11/18 23:08:26 | 00,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav

[2009/11/18 23:08:26 | 00,067,374 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm

[2009/11/18 23:08:26 | 00,023,195 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm

[2009/11/18 23:08:26 | 00,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif

[2009/11/18 23:08:26 | 00,017,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf

[2009/11/18 23:08:26 | 00,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta

[2009/11/18 23:08:26 | 00,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif

[2009/11/18 23:08:26 | 00,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif

[2009/11/18 23:08:26 | 00,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif

[2009/11/18 23:08:26 | 00,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif

[2009/11/18 23:08:26 | 00,006,769 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf

[2009/11/18 23:08:26 | 00,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif

[2009/11/18 23:08:26 | 00,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif

[2009/11/18 23:08:26 | 00,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif

[2009/11/18 23:08:26 | 00,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif

[2009/11/18 23:08:26 | 00,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif

[2009/11/18 23:08:26 | 00,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif

[2009/11/18 23:08:26 | 00,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css

[2009/11/18 23:08:26 | 00,000,855 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf

[2009/11/18 23:08:26 | 00,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js

[2009/11/18 23:08:25 | 00,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv

[2009/11/18 23:08:25 | 00,077,307 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm

[2009/11/18 23:08:25 | 00,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif

[2009/11/18 23:08:25 | 00,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js

[2009/11/18 23:08:25 | 00,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif

[2009/11/18 23:08:25 | 00,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif

[2009/11/18 23:08:25 | 00,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif

[2009/11/18 23:08:25 | 00,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif

[2009/11/18 23:08:25 | 00,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif

[2009/11/18 23:08:25 | 00,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif

[2009/11/18 23:08:25 | 00,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif

[2009/11/18 23:08:25 | 00,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif

[2009/11/18 23:08:25 | 00,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm

[2009/11/18 23:08:25 | 00,000,908 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf

[2009/11/18 23:08:24 | 00,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv

[2009/11/18 23:08:24 | 00,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img

[2009/11/18 23:08:24 | 00,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip

[2009/11/18 23:08:24 | 00,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip

[2009/11/18 23:08:23 | 00,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv

[2009/11/18 23:08:23 | 00,097,117 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.hlp

[2009/11/18 23:08:23 | 00,018,286 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf

[2009/11/18 23:08:23 | 00,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js

[2009/11/18 23:08:23 | 00,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif

[2009/11/18 23:08:23 | 00,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif

[2009/11/18 23:08:23 | 00,001,885 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.cnt

[2009/11/18 23:08:21 | 00,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv

[2009/11/18 23:08:21 | 00,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty

[2009/11/18 23:08:21 | 00,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css

[2009/11/18 23:08:21 | 00,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm

[2009/11/18 23:08:21 | 00,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js

[2009/11/18 23:08:21 | 00,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif

[2009/11/18 23:08:21 | 00,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif

[2009/11/18 23:08:21 | 00,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif

[2009/11/18 23:08:21 | 00,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif

[2009/11/18 23:08:21 | 00,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif

[2009/11/18 23:08:21 | 00,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif

[2009/11/18 23:08:13 | 00,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod

[2009/11/18 21:11:59 | 00,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2009/11/18 20:46:03 | 00,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll

[2009/11/18 20:46:03 | 00,012,400 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys

[2009/11/18 20:46:01 | 00,011,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys

[2009/11/18 20:46:01 | 00,010,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys

[2009/11/18 20:45:51 | 00,000,670 | ---- | C] () -- C:\WINDOWS\setup.iss

[2009/11/18 20:43:11 | 00,940,794 | ---- | C] () -- C:\WINDOWS\System32\LoopyMusic.wav

[2009/11/18 20:43:11 | 00,146,650 | ---- | C] () -- C:\WINDOWS\System32\BuzzingBee.wav

[2009/11/18 20:42:04 | 00,000,553 | R--- | C] () -- C:\WINDOWS\USetup.iss

[2009/11/18 20:42:03 | 00,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe

[2009/11/18 20:29:28 | 00,037,628 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini

[2009/11/18 20:29:16 | 00,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys

[2009/11/18 20:29:09 | 00,037,237 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini

[2009/11/18 20:29:09 | 00,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS

[2009/11/18 20:27:02 | 00,000,178 | -HS- | C] () -- C:\Documents and Settings\Jory\ntuser.ini

[2009/11/18 20:27:01 | 01,572,864 | -H-- | C] () -- C:\Documents and Settings\Jory\NTUSER.DAT

[2009/11/18 20:25:58 | 00,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD

[2009/11/18 20:25:09 | 00,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2009/11/18 20:25:04 | 00,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls

[2009/11/18 20:24:48 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls

[2009/11/18 20:24:48 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls

[2009/11/18 20:24:47 | 00,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll

[2009/11/18 20:24:39 | 00,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls

[2009/11/18 20:24:38 | 01,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex

[2009/11/18 20:24:34 | 00,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe

[2009/11/18 20:24:33 | 00,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe

[2009/11/18 20:24:32 | 00,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex

[2009/11/18 20:24:25 | 13,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll

[2009/11/18 20:24:22 | 00,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex

[2009/11/18 20:24:14 | 00,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll

[2009/11/18 20:24:11 | 00,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls

[2009/11/18 20:24:11 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls

[2009/11/18 20:24:11 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls

[2009/11/18 20:24:11 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls

[2009/11/18 20:24:11 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls

[2009/11/18 20:24:11 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls

[2009/11/18 20:24:11 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls

[2009/11/18 20:24:11 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls

[2009/11/18 20:24:11 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls

[2009/11/18 20:24:11 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls

[2009/11/18 20:24:11 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls

[2009/11/18 20:24:10 | 00,180,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls

[2009/11/18 20:24:10 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls

[2009/11/18 20:24:10 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls

[2009/11/18 20:24:10 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls

[2009/11/18 20:24:10 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls

[2009/11/18 20:24:10 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls

[2009/11/18 20:24:10 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls

[2009/11/18 20:24:10 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls

[2009/11/18 20:24:10 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls

[2009/11/18 20:24:10 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls

[2009/11/18 20:24:10 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls

[2009/11/18 20:24:10 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls

[2009/11/18 20:24:10 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls

[2009/11/18 20:24:10 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls

[2009/11/18 20:24:10 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls

[2009/11/18 20:24:10 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls

[2009/11/18 20:24:10 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls

[2009/11/18 20:24:09 | 00,189,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls

[2009/11/18 20:24:09 | 00,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls

[2009/11/18 20:24:09 | 00,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls

[2009/11/18 20:24:09 | 00,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls

[2009/11/18 20:24:09 | 00,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls

[2009/11/18 20:24:09 | 00,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls

[2009/11/18 20:24:09 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls

[2009/11/18 20:24:09 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls

[2009/11/18 20:24:09 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls

[2009/11/18 20:24:09 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls

[2009/11/18 20:24:09 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls

[2009/11/18 20:24:09 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls

[2009/11/18 20:24:09 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls

[2009/11/18 20:24:09 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls

[2009/11/18 20:24:08 | 00,195,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls

[2009/11/18 20:24:08 | 00,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls

[2009/11/18 20:24:08 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls

[2009/11/18 20:24:08 | 00,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls

[2009/11/18 20:24:08 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls

[2009/11/18 20:24:08 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls

[2009/11/18 20:24:08 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls

[2009/11/18 20:24:08 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls

[2009/11/18 20:24:08 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls

[2009/11/18 20:24:08 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls

[2009/11/18 20:24:08 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls

[2009/11/18 20:24:08 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls

[2009/11/18 20:24:08 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls

[2009/11/18 20:24:08 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls

[2009/11/18 20:24:08 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls

[2009/11/18 20:24:08 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls

[2009/11/18 20:24:07 | 00,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls

[2009/11/18 20:24:07 | 00,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls

[2009/11/18 20:23:38 | 00,002,577 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT

[2009/11/18 20:23:38 | 00,000,000 | RHS- | C] () -- C:\MSDOS.SYS

[2009/11/18 20:23:38 | 00,000,000 | RHS- | C] () -- C:\IO.SYS

[2009/11/18 20:23:38 | 00,000,000 | ---- | C] () -- C:\CONFIG.SYS

[2009/11/18 20:23:38 | 00,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT

[2009/11/18 20:23:36 | 00,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx

[2009/11/18 20:23:36 | 00,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb

[2009/11/18 20:23:36 | 00,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb

[2009/11/18 20:22:57 | 00,000,488 | RH-- | C] () -- C:\WINDOWS\System32\WindowsLogon.manifest

[2009/11/18 20:22:57 | 00,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest

[2009/11/18 20:22:54 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest

[2009/11/18 20:22:54 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest

[2009/11/18 20:22:54 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest

[2009/11/18 20:22:54 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest

[2009/11/18 20:22:54 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest

[2009/11/18 20:22:54 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\cdplayer.exe.manifest

[2009/11/18 20:22:43 | 04,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex

[2009/11/18 20:22:11 | 00,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp

[2009/11/18 20:22:11 | 00,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp

[2009/11/18 20:22:05 | 00,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf

[2009/11/18 20:21:08 | 00,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2009/11/18 20:20:27 | 00,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp

[2009/11/18 20:20:27 | 00,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp

[2009/11/18 20:20:27 | 00,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp

[2009/11/18 20:20:27 | 00,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp

[2009/11/18 20:20:26 | 00,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp

[2009/11/18 20:20:26 | 00,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp

[2009/11/18 20:20:26 | 00,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp

[2009/11/18 20:20:26 | 00,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp

[2009/11/18 20:20:26 | 00,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp

[2009/11/18 20:20:26 | 00,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp

[2009/11/18 20:20:26 | 00,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp

[2009/11/18 20:20:25 | 00,093,702 | ---- | C] () -- C:\WINDOWS\System32\subrange.uce

[2009/11/18 20:20:25 | 00,060,458 | ---- | C] () -- C:\WINDOWS\System32\ideograf.uce

[2009/11/18 20:20:25 | 00,024,006 | ---- | C] () -- C:\WINDOWS\System32\gb2312.uce

[2009/11/18 20:20:25 | 00,022,984 | ---- | C] () -- C:\WINDOWS\System32\bopomofo.uce

[2009/11/18 20:20:25 | 00,016,740 | ---- | C] () -- C:\WINDOWS\System32\shiftjis.uce

[2009/11/18 20:20:25 | 00,012,876 | ---- | C] () -- C:\WINDOWS\System32\korean.uce

[2009/11/18 20:20:25 | 00,008,484 | ---- | C] () -- C:\WINDOWS\System32\kanji_2.uce

[2009/11/18 20:20:25 | 00,006,948 | ---- | C] () -- C:\WINDOWS\System32\kanji_1.uce

[2009/11/18 20:20:23 | 00,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h

[2009/11/18 20:20:23 | 00,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd

[2009/11/18 20:20:21 | 00,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h

[2009/11/18 20:20:14 | 00,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc

[2009/11/18 13:14:21 | 00,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK

[2009/11/18 13:14:17 | 01,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd

[2009/11/18 13:14:17 | 00,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa

[2009/11/18 13:14:17 | 00,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf

[2009/11/18 13:14:16 | 00,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa

[2009/11/18 13:14:15 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28603.nls

[2009/11/18 13:14:15 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28603.nls

[2009/11/18 13:14:13 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_857.nls

[2009/11/18 13:14:13 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_857.nls

[2009/11/18 13:14:13 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28599.nls

[2009/11/18 13:14:13 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28599.nls

[2009/11/18 13:14:12 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10081.nls

[2009/11/18 13:14:12 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10081.nls

[2009/11/18 13:14:10 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28595.nls

[2009/11/18 13:14:10 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28595.NLS

[2009/11/18 13:14:10 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10017.nls

[2009/11/18 13:14:10 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10017.nls

[2009/11/18 13:14:10 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10007.nls

[2009/11/18 13:14:10 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10007.nls

[2009/11/18 13:14:08 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28597.nls

[2009/11/18 13:14:08 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28597.NLS

[2009/11/18 13:14:08 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10006.nls

[2009/11/18 13:14:08 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10006.nls

[2009/11/18 13:14:07 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_869.nls

[2009/11/18 13:14:07 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_869.nls

[2009/11/18 13:14:07 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_737.nls

[2009/11/18 13:14:07 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_737.nls

[2009/11/18 13:14:07 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_875.nls

[2009/11/18 13:14:07 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_875.nls

[2009/11/18 13:14:06 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_866.nls

[2009/11/18 13:14:06 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_866.nls

[2009/11/18 13:14:06 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_855.nls

[2009/11/18 13:14:06 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_855.nls

[2009/11/18 13:14:06 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28594.nls

[2009/11/18 13:14:06 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28594.NLS

[2009/11/18 13:14:03 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_852.nls

[2009/11/18 13:14:03 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_852.nls

[2009/11/18 13:14:03 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10082.nls

[2009/11/18 13:14:03 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10082.nls

[2009/11/18 13:14:03 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10029.nls

[2009/11/18 13:14:03 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10029.nls

[2009/11/18 13:14:03 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10010.nls

[2009/11/18 13:14:03 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10010.nls

[2009/11/18 13:14:02 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20127.nls

[2009/11/18 13:14:02 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20127.nls

[2009/11/18 13:13:58 | 00,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT

[2009/11/18 13:12:12 | 00,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT

[2009/11/18 13:12:12 | 00,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT

[2009/11/18 13:12:12 | 00,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT

[2009/11/18 13:12:12 | 00,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT

[2009/11/18 13:12:12 | 00,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT

[2009/11/18 13:12:12 | 00,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat

[2009/11/18 13:12:11 | 01,042,903 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT

[2009/11/18 13:12:11 | 00,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT

[2009/11/18 13:11:35 | 00,112,584 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2009/11/18 13:10:40 | 00,000,211 | -HS- | C] () -- C:\boot.ini

[2009/11/18 13:10:37 | 00,000,261 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf

[2009/08/03 00:21:54 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll

[2009/08/03 00:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll

[2009/08/03 00:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll

[2009/08/03 00:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll

[2009/08/03 00:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll

[2009/08/03 00:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll

[2009/08/03 00:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll

[2009/08/03 00:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll

[2009/08/03 00:21:52 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll

[2009/08/03 00:21:52 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll

========== LOP Check ==========

[2009/11/19 22:20:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Last.fm

[2009/11/19 21:48:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2009/11/20 20:11:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jory\Application Data\Acreon

[2009/11/30 00:43:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jory\Application Data\IObit

[2009/11/20 00:07:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jory\Application Data\uTorrent

[2009/11/30 00:44:04 | 00,000,382 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< %systemroot%\*. /mp /s >

< c:\$recycle.bin\*.* /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2009-12-12 05:25:36

< MD5 for: AGP440.SYS >

[2008/04/13 11:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys

[2008/04/13 11:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\System32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >

[2008/04/13 11:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys

[2008/04/13 11:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\System32\drivers\atapi.sys

[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

[2004/08/04 05:00:00 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\System32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys

[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\System32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys

< MD5 for: AUTOCHK.EXE >

[2008/04/13 17:12:12 | 00,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\ServicePackFiles\i386\autochk.exe

[2008/04/13 17:12:12 | 00,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\System32\autochk.exe

[2004/08/04 05:00:00 | 00,588,800 | ---- | M] (Microsoft Corporation) MD5=B3415B9D6026F65E43089ABED096C38C -- C:\WINDOWS\$NtServicePackUninstall$\autochk.exe

< MD5 for: BEEP.SYS >

[2004/08/04 05:00:00 | 00,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\System32\dllcache\beep.sys

[2004/08/04 05:00:00 | 00,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\System32\drivers\beep.sys

< MD5 for: EVENTLOG.DLL >

[2008/04/13 17:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll

[2008/04/13 17:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

[2004/08/04 05:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >

[2008/04/13 17:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe

[2008/04/13 17:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe

[2004/08/04 05:00:00 | 01,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: IMM32.DLL >

[2008/04/13 17:11:54 | 00,110,080 | ---- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6A8BF8F -- C:\WINDOWS\ServicePackFiles\i386\imm32.dll

[2008/04/13 17:11:54 | 00,110,080 | ---- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6A8BF8F -- C:\WINDOWS\system32\imm32.dll

[2004/08/04 05:00:00 | 00,110,080 | ---- | M] (Microsoft Corporation) MD5=87CA7CE6469577F059297B9D6556D66D -- C:\WINDOWS\$NtServicePackUninstall$\imm32.dll

< MD5 for: KERNEL32.DLL >

[2009/03/21 06:54:07 | 00,989,184 | ---- | M] (Microsoft Corporation) MD5=80202858D245FF07DAA1739C57A3E19B -- C:\WINDOWS\$hf_mig$\KB959426\SP2QFE\kernel32.dll

[2004/08/04 05:00:00 | 00,983,552 | ---- | M] (Microsoft Corporation) MD5=888190E31455FAD793312F8D087146EB -- C:\WINDOWS\$NtUninstallKB959426_0$\kernel32.dll

[2009/03/21 07:18:57 | 00,986,112 | ---- | M] (Microsoft Corporation) MD5=B6ACAED7588295129791E0E6A2B0FADE -- C:\WINDOWS\$NtServicePackUninstall$\kernel32.dll

[2009/03/21 07:06:58 | 00,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\$hf_mig$\KB959426\SP3GDR\kernel32.dll

[2009/03/21 07:06:58 | 00,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\system32\dllcache\kernel32.dll

[2009/03/21 07:06:58 | 00,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\system32\kernel32.dll

[2008/04/13 17:11:56 | 00,989,696 | ---- | M] (Microsoft Corporation) MD5=C24B983D211C34DA8FCC1AC38477971D -- C:\WINDOWS\$NtUninstallKB959426$\kernel32.dll

[2008/04/13 17:11:56 | 00,989,696 | ---- | M] (Microsoft Corporation) MD5=C24B983D211C34DA8FCC1AC38477971D -- C:\WINDOWS\ServicePackFiles\i386\kernel32.dll

[2009/03/21 06:59:23 | 00,991,744 | ---- | M] (Microsoft Corporation) MD5=DA11D9D6ECBDF0F93436A4B7C13F7BEC -- C:\WINDOWS\$hf_mig$\KB959426\SP3QFE\kernel32.dll

< MD5 for: MSWSOCK.DLL >

[2008/06/20 10:41:10 | 00,245,248 | ---- | M] (Microsoft Corporation) MD5=097722F235A1FB698BF9234E01B52637 -- C:\WINDOWS\$NtServicePackUninstall$\mswsock.dll

[2008/06/20 10:36:11 | 00,245,248 | ---- | M] (Microsoft Corporation) MD5=1DFCA7713EA5A70D5D93B436AEA0317A -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\mswsock.dll

[2004/08/04 05:00:00 | 00,245,248 | ---- | M] (Microsoft Corporation) MD5=4E74AF063C3271FBEA20DD940CFD1184 -- C:\WINDOWS\$NtUninstallKB951748_0$\mswsock.dll

[2008/06/20 10:46:57 | 00,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\mswsock.dll

[2008/06/20 10:46:57 | 00,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\system32\dllcache\mswsock.dll

[2008/06/20 10:46:57 | 00,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\system32\mswsock.dll

[2008/04/13 17:12:01 | 00,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\$NtUninstallKB951748$\mswsock.dll

[2008/04/13 17:12:01 | 00,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\ServicePackFiles\i386\mswsock.dll

[2008/06/20 10:43:05 | 00,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll

< MD5 for: NDIS.SYS >

[2008/04/13 12:20:37 | 00,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys

[2008/04/13 12:20:37 | 00,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\System32\drivers\ndis.sys

[2004/08/04 05:00:00 | 00,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

< MD5 for: NETLOGON.DLL >

[2008/04/13 17:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll

[2008/04/13 17:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

[2009/02/06 11:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll

[2009/02/06 11:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll

[2004/08/04 05:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NTFS.SYS >

[2008/04/13 12:15:53 | 00,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\ServicePackFiles\i386\ntfs.sys

[2008/04/13 12:15:53 | 00,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\System32\drivers\ntfs.sys

[2004/08/04 05:00:00 | 00,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\WINDOWS\$NtServicePackUninstall$\ntfs.sys

< MD5 for: NTMSSVC.DLL >

[2008/04/13 17:12:02 | 00,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\ServicePackFiles\i386\ntmssvc.dll

[2008/04/13 17:12:02 | 00,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\system32\ntmssvc.dll

[2004/08/04 05:00:00 | 00,435,200 | ---- | M] (Microsoft Corporation) MD5=B62F29C00AC55A761B2E45877D85EA0F -- C:\WINDOWS\$NtServicePackUninstall$\ntmssvc.dll

< MD5 for: PROQUOTA.EXE >

[2004/08/04 05:00:00 | 00,050,176 | ---- | M] (Microsoft Corporation) MD5=4D9D45A4370E0C2AD00C362B7118E2A4 -- C:\WINDOWS\$NtServicePackUninstall$\proquota.exe

[2008/04/13 17:12:32 | 00,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\ServicePackFiles\i386\proquota.exe

[2008/04/13 17:12:32 | 00,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\System32\proquota.exe

< MD5 for: QMGR.DLL >

[2004/08/04 05:00:00 | 00,382,464 | ---- | M] (Microsoft Corporation) MD5=2C69EC7E5A311334D10DD95F338FCCEA -- C:\WINDOWS\$NtServicePackUninstall$\qmgr.dll

[2008/04/13 17:12:03 | 00,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\ServicePackFiles\i386\qmgr.dll

[2008/04/13 17:12:03 | 00,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\bits\qmgr.dll

[2008/04/13 17:12:03 | 00,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\qmgr.dll

< MD5 for: SCECLI.DLL >

[2004/08/04 05:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

[2008/04/13 17:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll

[2008/04/13 17:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SFCFILES.DLL >

[2004/08/04 05:00:00 | 01,580,544 | ---- | M] (Microsoft Corporation) MD5=30A609E00BD1D4FFC49D6B5A432BE7F2 -- C:\WINDOWS\$NtServicePackUninstall$\sfcfiles.dll

[2008/04/13 17:12:05 | 01,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\ServicePackFiles\i386\sfcfiles.dll

[2008/04/13 17:12:05 | 01,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\system32\sfcfiles.dll

< MD5 for: SPOOLSV.EXE >

[2004/08/04 05:00:00 | 00,057,856 | ---- | M] (Microsoft Corporation) MD5=7435B108B935E42EA92CA94F59C8E717 -- C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe

[2008/04/13 17:12:36 | 00,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe

[2008/04/13 17:12:36 | 00,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\System32\spoolsv.exe

< MD5 for: SRSVC.DLL >

[2008/04/13 17:12:07 | 00,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\ServicePackFiles\i386\srsvc.dll

[2008/04/13 17:12:07 | 00,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\system32\srsvc.dll

[2004/08/04 05:00:00 | 00,170,496 | ---- | M] (Microsoft Corporation) MD5=92BDF74F12D6CBEC43C94D4B7F804838 -- C:\WINDOWS\$NtServicePackUninstall$\srsvc.dll

< MD5 for: SVCHOST.EXE >

[2008/04/13 17:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe

[2008/04/13 17:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\System32\svchost.exe

[2004/08/04 05:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: TERMSRV.DLL >

[2004/08/04 05:00:00 | 00,295,424 | ---- | M] (Microsoft Corporation) MD5=B60C877D16D9C880B952FDA04ADF16E6 -- C:\WINDOWS\$NtServicePackUninstall$\termsrv.dll

[2008/04/13 17:12:07 | 00,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\ServicePackFiles\i386\termsrv.dll

[2008/04/13 17:12:07 | 00,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\system32\termsrv.dll

< MD5 for: USERINIT.EXE >

[2004/08/04 05:00:00 | 00,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

[2008/04/13 17:12:38 | 00,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe

[2008/04/13 17:12:38 | 00,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\System32\userinit.exe

< MD5 for: WS2_32.DLL >

[2008/04/13 17:12:10 | 00,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll

[2008/04/13 17:12:10 | 00,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll

[2004/08/04 05:00:00 | 00,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll

< MD5 for: XMLPROV.DLL >

[2008/04/13 17:12:11 | 00,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\ServicePackFiles\i386\xmlprov.dll

[2008/04/13 17:12:11 | 00,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\system32\xmlprov.dll

[2004/08/04 05:00:00 | 00,129,536 | ---- | M] (Microsoft Corporation) MD5=EEF46DAB68229A14DA3D8E73C99E2959 -- C:\WINDOWS\$NtServicePackUninstall$\xmlprov.dll

< End of report >

Link to post
Share on other sites

=======OTL EXTRAS========

OTL Extras logfile created on: 12/14/2009 8:21:08 AM - Run 1

OTL by OldTimer - Version 3.1.17.0 Folder = C:\Documents and Settings\Jory\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.54 Gb Available Physical Memory | 77.27% Memory free

3.85 Gb Paging File | 3.50 Gb Available in Paging File | 90.89% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 48.83 Gb Total Space | 40.65 Gb Free Space | 83.26% Space Free | Partition Type: NTFS

Drive D: | 249.25 Gb Total Space | 130.82 Gb Free Space | 52.48% Space Free | Partition Type: NTFS

Unable to calculate disk information.

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: BLUE

Current User Name: Jory

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 1

"UpdatesDisableNotify" = 1

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)

"D:\Program Files\iTunes\iTunes.exe" = D:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

"D:\Program Files\uTorrent\uTorrent.exe" = D:\Program Files\uTorrent\uTorrent.exe:*:Enabled:

Link to post
Share on other sites

  • Make sure to use Internet Explorer for this
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:
    • c:\windows\system32\userinit.exe

    [*]Click on the Upload button

    [*]If a pop-up appears saying the file has been scanned already, please select the ReScan button.

    [*]Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.

    [*]Paste the contents of the Clipboard in your next reply.

Can you also please scan these files,

C:\WINDOWS\explorer.exe

C:\WINDOWS\System32\svchost.exe

Link to post
Share on other sites

=====USERINIT=======

VirSCAN.org Scanned Report :

Scanned time : 2009/12/14 10:30:07 (MST)

Scanner results: Scanners did not find malware!

File Name : userinit.exe

File Size : 26112 byte

File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit

MD5 : a93aee1928a9d7ce3e16d24ec7380f89

SHA1 : 513f8bdf67a5a9e09803cfb61f590b39f2683853

Online report : http://virscan.org/report/9aa0129165b3b716...28678e663b.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result

a-squared 4.5.0.8 20091214220337 2009-12-14 4.10 -

AhnLab V3 2009.12.15.00 2009.12.15 2009-12-15 0.95 -

AntiVir 8.2.1.108 7.10.1.241 2009-12-14 0.06 -

Antiy 2.0.18 20091214.3483968 2009-12-14 0.12 -

Arcavir 2009 200912131409 2009-12-13 0.03 -

Authentium 5.1.1 200912141123 2009-12-14 1.21 -

AVAST! 4.7.4 091214-0 2009-12-14 0.01 -

AVG 8.5.288 270.14.107/2564 2009-12-14 0.30 -

BitDefender 7.81008.4728733 7.29452 2009-12-15 4.06 -

CA (VET) 35.1.0 7171 2009-12-11 7.55 -

ClamAV 0.95.2 10164 2009-12-14 0.01 -

Comodo 3.13 3242 2009-12-14 0.90 -

CP Secure 1.3.0.5 2009.12.14 2009-12-14 0.04 -

Dr.Web 4.44.0.9170 2009.12.14 2009-12-14 9.57 -

F-Prot 4.4.4.56 20091214 2009-12-14 1.21 -

F-Secure 7.02.73807 2009.12.14.13 2009-12-14 9.41 -

Fortinet 11.265- 11.265 2009-12-13 0.20 -

GData 19.9309/19.623 20091214 2009-12-14 5.74 -

ViRobot 20091214 2009.12.14 2009-12-14 0.42 -

Ikarus T3.1.01.74 2009.12.14.74758 2009-12-14 4.31 -

JiangMin 13.0.900 2009.12.14 2009-12-14 4.77 -

Kaspersky 5.5.10 2009.12.14 2009-12-14 0.11 -

KingSoft 2009.2.5.15 2009.12.14.22 2009-12-14 0.58 -

McAfee 5.3.00 5832 2009-12-14 3.38 -

Microsoft 1.5302 2009.12.14 2009-12-14 6.39 -

Norman 6.01.09 6.01.00 2009-12-14 4.01 -

Panda 9.05.01 2009.12.13 2009-12-13 2.02 -

Trend Micro 9.000-1003 6.692.05 2009-12-14 0.03 -

Quick Heal 10.00 2009.12.14 2009-12-14 1.35 -

Rising 20.0 22.26.00.04 2009-12-14 1.30 -

Sophos 3.02.0 4.48 2009-12-15 2.81 -

Sunbelt 3.9.2386.2 5560 2009-12-13 2.10 -

Symantec 1.3.0.24 20091214.004 2009-12-14 0.05 -

nProtect 20091210.02 6571400 2009-12-10 3.76 -

The Hacker 6.5.0.2 v00092 2009-12-12 0.82 -

VBA32 3.12.12.0 20091213.0730 2009-12-13 2.33 -

VirusBuster 4.5.11.10 10.116.5/2017534 2009-12-14 2.37 -

======EXPLORER.EXE========

VirSCAN.org Scanned Report :

Scanned time : 2009/12/14 10:34:02 (MST)

Scanner results: Scanners did not find malware!

File Name : explorer.exe

File Size : 1033728 byte

File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit

MD5 : 12896823fb95bfb3dc9b46bcaedc9923

SHA1 : 9d2bf84874abc5b6e9a2744b7865c193c08d362f

Online report : http://virscan.org/report/000727842757c3a5...b471a3ae91.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result

a-squared 4.5.0.8 20091214220337 2009-12-14 4.02 -

AhnLab V3 2009.12.15.00 2009.12.15 2009-12-15 1.06 -

AntiVir 8.2.1.108 7.10.1.241 2009-12-14 0.35 -

Antiy 2.0.18 20091214.3483968 2009-12-14 0.12 -

Arcavir 2009 200912131409 2009-12-13 0.07 -

Authentium 5.1.1 200912141123 2009-12-14 2.23 -

AVAST! 4.7.4 091214-0 2009-12-14 0.05 -

AVG 8.5.288 270.14.107/2564 2009-12-14 0.31 -

BitDefender 7.81008.4728733 7.29452 2009-12-15 4.08 -

CA (VET) 35.1.0 7171 2009-12-11 6.17 -

ClamAV 0.95.2 10164 2009-12-14 0.16 -

Comodo 3.13 3242 2009-12-14 0.93 -

CP Secure 1.3.0.5 2009.12.14 2009-12-14 0.11 -

Dr.Web 4.44.0.9170 2009.12.14 2009-12-14 7.96 -

F-Prot 4.4.4.56 20091214 2009-12-14 2.15 -

F-Secure 7.02.73807 2009.12.14.13 2009-12-14 1.54 -

Fortinet 11.265- 11.265 2009-12-13 0.27 -

GData 19.9309/19.623 20091214 2009-12-14 6.00 -

ViRobot 20091214 2009.12.14 2009-12-14 0.42 -

Ikarus T3.1.01.74 2009.12.14.74758 2009-12-14 4.19 -

JiangMin 13.0.900 2009.12.14 2009-12-14 5.84 -

Kaspersky 5.5.10 2009.12.14 2009-12-14 0.07 -

KingSoft 2009.2.5.15 2009.12.14.22 2009-12-14 0.58 -

McAfee 5.3.00 5832 2009-12-14 3.48 -

Microsoft 1.5302 2009.12.14 2009-12-14 6.91 -

Norman 6.01.09 6.01.00 2009-12-14 4.01 -

Panda 9.05.01 2009.12.14 2009-12-14 1.50 -

Trend Micro 9.000-1003 6.692.05 2009-12-14 0.04 -

Quick Heal 10.00 2009.12.14 2009-12-14 1.58 -

Rising 20.0 22.26.00.04 2009-12-14 0.96 -

Sophos 3.02.0 4.48 2009-12-15 2.91 -

Sunbelt 3.9.2386.2 5560 2009-12-13 1.98 -

Symantec 1.3.0.24 20091214.004 2009-12-14 0.08 -

nProtect 20091210.02 6571400 2009-12-10 3.90 -

The Hacker 6.5.0.2 v00092 2009-12-12 0.68 -

VBA32 3.12.12.0 20091213.0730 2009-12-13 2.36 -

VirusBuster 4.5.11.10 10.116.5/2017534 2009-12-14 2.63 -

=======SVCHOST.EXE=======

VirSCAN.org Scanned Report :

Scanned time : 2009/12/14 10:36:30 (MST)

Scanner results: Scanners did not find malware!

File Name : svchost.exe

File Size : 14336 byte

File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit

MD5 : 27c6d03bcdb8cfeb96b716f3d8be3e18

SHA1 : 49083ae3725a0488e0a8fbbe1335c745f70c4667

Online report : http://virscan.org/report/2512ed276d6dacc9...01fcdfd377.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result

a-squared 4.5.0.8 20091214220337 2009-12-14 4.02 -

AhnLab V3 2009.12.15.00 2009.12.15 2009-12-15 0.97 -

AntiVir 8.2.1.108 7.10.1.241 2009-12-14 0.08 -

Antiy 2.0.18 20091214.3483968 2009-12-14 0.12 -

Arcavir 2009 200912131409 2009-12-13 0.03 -

Authentium 5.1.1 200912141123 2009-12-14 1.21 -

AVAST! 4.7.4 091214-0 2009-12-14 0.00 -

AVG 8.5.288 270.14.107/2564 2009-12-14 0.30 -

BitDefender 7.81008.4728733 7.29452 2009-12-15 4.12 -

CA (VET) 35.1.0 7171 2009-12-11 9.16 -

ClamAV 0.95.2 10164 2009-12-14 0.01 -

Comodo 3.13 3242 2009-12-14 1.00 -

CP Secure 1.3.0.5 2009.12.14 2009-12-14 0.04 -

Dr.Web 4.44.0.9170 2009.12.14 2009-12-14 7.62 -

F-Prot 4.4.4.56 20091214 2009-12-14 1.20 -

F-Secure 7.02.73807 2009.12.14.13 2009-12-14 9.39 -

Fortinet 11.265- 11.265 2009-12-13 0.23 -

GData 19.9309/19.623 20091214 2009-12-14 5.75 -

ViRobot 20091214 2009.12.14 2009-12-14 0.41 -

Ikarus T3.1.01.74 2009.12.14.74758 2009-12-14 4.20 -

JiangMin 13.0.900 2009.12.14 2009-12-14 5.35 -

Kaspersky 5.5.10 2009.12.14 2009-12-14 0.07 -

KingSoft 2009.2.5.15 2009.12.14.22 2009-12-14 0.58 -

McAfee 5.3.00 5832 2009-12-14 3.37 -

Microsoft 1.5302 2009.12.14 2009-12-14 6.44 -

Norman 6.01.09 6.01.00 2009-12-14 4.01 -

Panda 9.05.01 2009.12.14 2009-12-14 3.97 -

Trend Micro 9.000-1003 6.692.05 2009-12-14 0.03 -

Quick Heal 10.00 2009.12.14 2009-12-14 1.28 -

Rising 20.0 22.26.00.04 2009-12-14 1.08 -

Sophos 3.02.0 4.48 2009-12-15 2.79 -

Sunbelt 3.9.2386.2 5560 2009-12-13 2.56 -

Symantec 1.3.0.24 20091214.004 2009-12-14 0.05 -

nProtect 20091210.02 6571400 2009-12-10 4.01 -

The Hacker 6.5.0.2 v00092 2009-12-12 0.81 -

VBA32 3.12.12.0 20091213.0730 2009-12-13 2.45 -

VirusBuster 4.5.11.10 10.116.5/2017534 2009-12-14 2.35 -

Link to post
Share on other sites

I could not fit the entire OTL log into one post with the file age set to 30 days, I reran with it set to 14 days, as this all started just last night. Just an attempt to make the log a little shorter and fit into one post. If you need the one for 30 days for sure, I can re-run but will have to split it into 2 posts.

Thanks for your help, below is a fresh OTL Log:

OTL logfile created on: 12/14/2009 3:19:40 PM - Run 2

OTL by OldTimer - Version 3.1.17.0 Folder = C:\Documents and Settings\Jory\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.37 Gb Available Physical Memory | 68.58% Memory free

3.85 Gb Paging File | 3.39 Gb Available in Paging File | 88.13% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 48.83 Gb Total Space | 40.65 Gb Free Space | 83.25% Space Free | Partition Type: NTFS

Drive D: | 249.25 Gb Total Space | 130.82 Gb Free Space | 52.48% Space Free | Partition Type: NTFS

Unable to calculate disk information.

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: BLUE

Current User Name: Jory

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 14 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Jory\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\InternetSecurity2010\IS2010.exe (Internet Security 2010)

PRC - D:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)

PRC - D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)

PRC - D:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - D:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - D:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)

PRC - C:\Program Files\ASUS\Six Engine\SixEngine.exe ()

PRC - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)

PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)

PRC - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE (Software 2000 Limited)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Jory\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\system32\notepad.dll (Microsoft)

MOD - C:\WINDOWS\system32\lz32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (MSDTC) -- C:\WINDOWS\system32\msdtc [2009/11/18 20:20:56 | 00,000,000 | ---D | M]

SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)

SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (AntiVirService) -- D:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (AntiVirSchedulerService) -- D:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)

========== Driver Services (SafeList) ==========

DRV - (nv) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)

DRV - (avgntflt) -- C:\WINDOWS\System32\DRIVERS\avgntflt.sys (Avira GmbH)

DRV - (GEARAspiWDM) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)

DRV - (ssmdrv) -- C:\WINDOWS\System32\DRIVERS\ssmdrv.sys (Avira GmbH)

DRV - (avipbb) -- C:\WINDOWS\System32\DRIVERS\avipbb.sys (Avira GmbH)

DRV - (avgio) -- D:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)

DRV - (L1e) -- C:\WINDOWS\System32\DRIVERS\l1e51x86.sys (Atheros Communications, Inc.)

DRV - (mv61xx) -- C:\WINDOWS\system32\DRIVERS\mv61xx.sys (Marvell Semiconductor, Inc.)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (Secdrv) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)

DRV - (HDAudBus) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)

DRV - (AsIO) -- C:\WINDOWS\System32\drivers\AsIO.sys ()

DRV - (MTsensor) -- C:\WINDOWS\System32\DRIVERS\ASACPI.sys ()

DRV - (Ptilink) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http:/google.com"

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2009/11/19 21:47:45 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2009/12/05 01:13:49 | 00,000,000 | ---D | M]

[2009/11/18 21:12:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jory\Application Data\Mozilla\Extensions

[2009/12/05 01:13:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jory\Application Data\Mozilla\Firefox\Profiles\tmkreyls.default\extensions

O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [avgnt] D:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [iTunesHelper] D:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

O4 - HKLM..\Run: [notepad] C:\WINDOWS\System32\notepad.DLL (Microsoft)

O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe File not found

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)

O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [six Engine] C:\Program Files\ASUS\Six Engine\SixEngine.exe ()

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKCU..\Run: [internet Security 2010] C:\Program Files\InternetSecurity2010\IS2010.exe (Internet Security 2010)

O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe File not found

O4 - HKCU..\Run: [notepad] C:\Documents and Settings\LocalService\ntload.dll (Microsoft)

O4 - HKCU..\Run: [richtx64.exe] C:\DOCUME~1\Jory\LOCALS~1\Temp\richtx64.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1258603477046 (WUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/11/18 20:23:38 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - comfile [open] -- "%1" %*

O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2009/12/14 08:18:36 | 00,538,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jory\Desktop\OTL.exe

[2009/12/14 00:28:33 | 00,000,000 | ---D | C] -- C:\Program Files\InternetSecurity2010

[2009/12/13 23:51:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe

[2009/12/13 23:46:18 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys

[2009/12/13 23:46:18 | 00,055,656 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys

[2009/12/13 23:46:18 | 00,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys

[2009/12/13 23:46:18 | 00,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys

[2009/12/13 23:46:17 | 00,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys

[2009/12/13 23:46:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira

[2009/12/13 23:42:37 | 00,000,000 | ---D | C] -- C:\Program Files\AntiMalware

[2009/12/13 23:31:40 | 04,844,296 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jory\Desktop\hmm.exe

[2009/12/13 21:23:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jory\Local Settings\Application Data\Identities

[2009/12/11 22:24:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles

[2009/12/11 20:32:41 | 00,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll

[2009/12/11 12:39:48 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Jory\Recent

[2009/12/04 23:44:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun

[2009/12/04 16:57:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jory\Local Settings\Application Data\Adobe

[2009/12/04 16:56:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe

[2009/12/04 16:56:39 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe

[2009/12/04 16:56:39 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe

[2009/12/02 09:05:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt

[2009/12/02 07:24:33 | 00,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll

[2009/12/02 07:24:33 | 00,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui

[2009/12/01 23:55:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jory\Tracing

[2009/12/01 23:54:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft

[2009/12/01 23:52:31 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live

[2009/11/19 21:45:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft

[2009/11/18 20:25:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft

[2009/11/18 20:23:37 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft

[2009/11/18 20:23:37 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\Documents and Settings\Jory\*.tmp files -> C:\Documents and Settings\Jory\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2009/12/14 08:34:00 | 00,292,864 | ---- | M] () -- C:\Documents and Settings\Jory\Desktop\70bgzb5k.exe

[2009/12/14 08:18:36 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jory\Desktop\OTL.exe

[2009/12/14 08:16:52 | 00,289,792 | ---- | M] () -- C:\Documents and Settings\Jory\Desktop\exeHelper.com

[2009/12/14 08:15:13 | 00,356,120 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2009/12/14 08:15:13 | 00,311,604 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2009/12/14 08:15:13 | 00,039,992 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2009/12/14 08:11:14 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009/12/14 08:10:57 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009/12/14 08:10:56 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009/12/14 00:59:40 | 01,572,864 | -H-- | M] () -- C:\Documents and Settings\Jory\NTUSER.DAT

[2009/12/14 00:59:40 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Jory\ntuser.ini

[2009/12/14 00:59:36 | 06,938,562 | -H-- | M] () -- C:\Documents and Settings\Jory\Local Settings\Application Data\IconCache.db

[2009/12/14 00:48:27 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\18467.exe

[2009/12/14 00:38:02 | 00,000,812 | ---- | M] () -- C:\Documents and Settings\Jory\Desktop\HijackThis.lnk

[2009/12/14 00:28:33 | 00,000,756 | ---- | M] () -- C:\Documents and Settings\Jory\Desktop\Internet Security 2010.lnk

[2009/12/14 00:27:56 | 00,019,968 | ---- | M] () -- C:\WINDOWS\System32\winlogon86.exe

[2009/12/13 23:46:25 | 00,000,791 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk

[2009/12/13 23:40:25 | 30,909,992 | ---- | M] () -- C:\Documents and Settings\Jory\Desktop\avira_antivir_personal_en.exe

[2009/12/13 23:30:40 | 04,844,296 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jory\Desktop\hmm.exe

[2009/12/12 12:46:28 | 00,001,854 | -H-- | M] () -- C:\Documents and Settings\Jory\My Documents\Default.rdp

[2009/12/11 17:09:27 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2009/12/05 09:56:57 | 00,036,864 | ---- | M] () -- C:\Documents and Settings\Jory\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/12/02 07:21:58 | 00,112,584 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2009/12/01 23:54:58 | 00,017,864 | ---- | M] () -- C:\Documents and Settings\Jory\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\Documents and Settings\Jory\*.tmp files -> C:\Documents and Settings\Jory\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/14 08:34:00 | 00,292,864 | ---- | C] () -- C:\Documents and Settings\Jory\Desktop\70bgzb5k.exe

[2009/12/14 08:16:52 | 00,289,792 | ---- | C] () -- C:\Documents and Settings\Jory\Desktop\exeHelper.com

[2009/12/14 00:48:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\18467.exe

[2009/12/14 00:38:02 | 00,000,812 | ---- | C] () -- C:\Documents and Settings\Jory\Desktop\HijackThis.lnk

[2009/12/14 00:28:33 | 00,000,756 | ---- | C] () -- C:\Documents and Settings\Jory\Desktop\Internet Security 2010.lnk

[2009/12/14 00:27:57 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\winlogon86.exe

[2009/12/13 23:46:25 | 00,000,791 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk

[2009/12/13 23:44:13 | 30,909,992 | ---- | C] () -- C:\Documents and Settings\Jory\Desktop\avira_antivir_personal_en.exe

[2009/11/28 21:41:21 | 00,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini

[2009/11/21 18:36:13 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\HPPLVS.dll

[2009/11/20 00:43:49 | 00,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2009/11/20 00:43:49 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2009/11/19 12:41:52 | 00,036,864 | ---- | C] () -- C:\Documents and Settings\Jory\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/11/18 20:46:03 | 00,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll

[2009/11/18 20:46:03 | 00,012,400 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys

[2009/11/18 20:46:01 | 00,011,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys

[2009/11/18 20:46:01 | 00,010,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys

[2009/11/18 20:29:28 | 00,037,628 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini

[2009/11/18 20:29:16 | 00,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys

[2009/11/18 20:29:09 | 00,037,237 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini

[2009/11/18 20:29:09 | 00,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS

[2009/08/03 00:21:54 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll

[2009/08/03 00:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll

[2009/08/03 00:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll

[2009/08/03 00:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll

[2009/08/03 00:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll

[2009/08/03 00:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll

[2009/08/03 00:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll

[2009/08/03 00:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll

[2009/08/03 00:21:52 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll

[2009/08/03 00:21:52 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll

========== LOP Check ==========

[2009/11/19 22:20:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Last.fm

[2009/11/19 21:48:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2009/11/20 20:11:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jory\Application Data\Acreon

[2009/11/30 00:43:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jory\Application Data\IObit

[2009/11/20 00:07:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jory\Application Data\uTorrent

[2009/11/30 00:44:04 | 00,000,382 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< %systemroot%\*. /mp /s >

< c:\$recycle.bin\*.* /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2009-12-12 05:25:36

< MD5 for: AGP440.SYS >

[2008/04/13 11:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys

[2008/04/13 11:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\System32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >

[2008/04/13 11:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys

[2008/04/13 11:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\System32\drivers\atapi.sys

[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

[2004/08/04 05:00:00 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\System32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys

[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\System32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys

< MD5 for: AUTOCHK.EXE >

[2008/04/13 17:12:12 | 00,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\ServicePackFiles\i386\autochk.exe

[2008/04/13 17:12:12 | 00,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\System32\autochk.exe

[2004/08/04 05:00:00 | 00,588,800 | ---- | M] (Microsoft Corporation) MD5=B3415B9D6026F65E43089ABED096C38C -- C:\WINDOWS\$NtServicePackUninstall$\autochk.exe

< MD5 for: BEEP.SYS >

[2004/08/04 05:00:00 | 00,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\System32\dllcache\beep.sys

[2004/08/04 05:00:00 | 00,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\System32\drivers\beep.sys

< MD5 for: EVENTLOG.DLL >

[2008/04/13 17:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll

[2008/04/13 17:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

[2004/08/04 05:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >

[2008/04/13 17:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe

[2008/04/13 17:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe

[2004/08/04 05:00:00 | 01,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: IMM32.DLL >

[2008/04/13 17:11:54 | 00,110,080 | ---- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6A8BF8F -- C:\WINDOWS\ServicePackFiles\i386\imm32.dll

[2008/04/13 17:11:54 | 00,110,080 | ---- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6A8BF8F -- C:\WINDOWS\system32\imm32.dll

[2004/08/04 05:00:00 | 00,110,080 | ---- | M] (Microsoft Corporation) MD5=87CA7CE6469577F059297B9D6556D66D -- C:\WINDOWS\$NtServicePackUninstall$\imm32.dll

< MD5 for: KERNEL32.DLL >

[2009/03/21 06:54:07 | 00,989,184 | ---- | M] (Microsoft Corporation) MD5=80202858D245FF07DAA1739C57A3E19B -- C:\WINDOWS\$hf_mig$\KB959426\SP2QFE\kernel32.dll

[2004/08/04 05:00:00 | 00,983,552 | ---- | M] (Microsoft Corporation) MD5=888190E31455FAD793312F8D087146EB -- C:\WINDOWS\$NtUninstallKB959426_0$\kernel32.dll

[2009/03/21 07:18:57 | 00,986,112 | ---- | M] (Microsoft Corporation) MD5=B6ACAED7588295129791E0E6A2B0FADE -- C:\WINDOWS\$NtServicePackUninstall$\kernel32.dll

[2009/03/21 07:06:58 | 00,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\$hf_mig$\KB959426\SP3GDR\kernel32.dll

[2009/03/21 07:06:58 | 00,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\system32\dllcache\kernel32.dll

[2009/03/21 07:06:58 | 00,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\system32\kernel32.dll

[2008/04/13 17:11:56 | 00,989,696 | ---- | M] (Microsoft Corporation) MD5=C24B983D211C34DA8FCC1AC38477971D -- C:\WINDOWS\$NtUninstallKB959426$\kernel32.dll

[2008/04/13 17:11:56 | 00,989,696 | ---- | M] (Microsoft Corporation) MD5=C24B983D211C34DA8FCC1AC38477971D -- C:\WINDOWS\ServicePackFiles\i386\kernel32.dll

[2009/03/21 06:59:23 | 00,991,744 | ---- | M] (Microsoft Corporation) MD5=DA11D9D6ECBDF0F93436A4B7C13F7BEC -- C:\WINDOWS\$hf_mig$\KB959426\SP3QFE\kernel32.dll

< MD5 for: MSWSOCK.DLL >

[2008/06/20 10:41:10 | 00,245,248 | ---- | M] (Microsoft Corporation) MD5=097722F235A1FB698BF9234E01B52637 -- C:\WINDOWS\$NtServicePackUninstall$\mswsock.dll

[2008/06/20 10:36:11 | 00,245,248 | ---- | M] (Microsoft Corporation) MD5=1DFCA7713EA5A70D5D93B436AEA0317A -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\mswsock.dll

[2004/08/04 05:00:00 | 00,245,248 | ---- | M] (Microsoft Corporation) MD5=4E74AF063C3271FBEA20DD940CFD1184 -- C:\WINDOWS\$NtUninstallKB951748_0$\mswsock.dll

[2008/06/20 10:46:57 | 00,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\mswsock.dll

[2008/06/20 10:46:57 | 00,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\system32\dllcache\mswsock.dll

[2008/06/20 10:46:57 | 00,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\system32\mswsock.dll

[2008/04/13 17:12:01 | 00,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\$NtUninstallKB951748$\mswsock.dll

[2008/04/13 17:12:01 | 00,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\ServicePackFiles\i386\mswsock.dll

[2008/06/20 10:43:05 | 00,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll

< MD5 for: NDIS.SYS >

[2008/04/13 12:20:37 | 00,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys

[2008/04/13 12:20:37 | 00,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\System32\drivers\ndis.sys

[2004/08/04 05:00:00 | 00,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

< MD5 for: NETLOGON.DLL >

[2008/04/13 17:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll

[2008/04/13 17:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

[2009/02/06 11:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll

[2009/02/06 11:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll

[2004/08/04 05:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NTFS.SYS >

[2008/04/13 12:15:53 | 00,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\ServicePackFiles\i386\ntfs.sys

[2008/04/13 12:15:53 | 00,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\System32\drivers\ntfs.sys

[2004/08/04 05:00:00 | 00,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\WINDOWS\$NtServicePackUninstall$\ntfs.sys

< MD5 for: NTMSSVC.DLL >

[2008/04/13 17:12:02 | 00,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\ServicePackFiles\i386\ntmssvc.dll

[2008/04/13 17:12:02 | 00,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\system32\ntmssvc.dll

[2004/08/04 05:00:00 | 00,435,200 | ---- | M] (Microsoft Corporation) MD5=B62F29C00AC55A761B2E45877D85EA0F -- C:\WINDOWS\$NtServicePackUninstall$\ntmssvc.dll

< MD5 for: PROQUOTA.EXE >

[2004/08/04 05:00:00 | 00,050,176 | ---- | M] (Microsoft Corporation) MD5=4D9D45A4370E0C2AD00C362B7118E2A4 -- C:\WINDOWS\$NtServicePackUninstall$\proquota.exe

[2008/04/13 17:12:32 | 00,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\ServicePackFiles\i386\proquota.exe

[2008/04/13 17:12:32 | 00,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\System32\proquota.exe

< MD5 for: QMGR.DLL >

[2004/08/04 05:00:00 | 00,382,464 | ---- | M] (Microsoft Corporation) MD5=2C69EC7E5A311334D10DD95F338FCCEA -- C:\WINDOWS\$NtServicePackUninstall$\qmgr.dll

[2008/04/13 17:12:03 | 00,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\ServicePackFiles\i386\qmgr.dll

[2008/04/13 17:12:03 | 00,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\bits\qmgr.dll

[2008/04/13 17:12:03 | 00,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\qmgr.dll

< MD5 for: SCECLI.DLL >

[2004/08/04 05:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

[2008/04/13 17:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll

[2008/04/13 17:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SFCFILES.DLL >

[2004/08/04 05:00:00 | 01,580,544 | ---- | M] (Microsoft Corporation) MD5=30A609E00BD1D4FFC49D6B5A432BE7F2 -- C:\WINDOWS\$NtServicePackUninstall$\sfcfiles.dll

[2008/04/13 17:12:05 | 01,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\ServicePackFiles\i386\sfcfiles.dll

[2008/04/13 17:12:05 | 01,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\system32\sfcfiles.dll

< MD5 for: SPOOLSV.EXE >

[2004/08/04 05:00:00 | 00,057,856 | ---- | M] (Microsoft Corporation) MD5=7435B108B935E42EA92CA94F59C8E717 -- C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe

[2008/04/13 17:12:36 | 00,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe

[2008/04/13 17:12:36 | 00,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\System32\spoolsv.exe

< MD5 for: SRSVC.DLL >

[2008/04/13 17:12:07 | 00,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\ServicePackFiles\i386\srsvc.dll

[2008/04/13 17:12:07 | 00,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\system32\srsvc.dll

[2004/08/04 05:00:00 | 00,170,496 | ---- | M] (Microsoft Corporation) MD5=92BDF74F12D6CBEC43C94D4B7F804838 -- C:\WINDOWS\$NtServicePackUninstall$\srsvc.dll

< MD5 for: SVCHOST.EXE >

[2008/04/13 17:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe

[2008/04/13 17:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\System32\svchost.exe

[2004/08/04 05:00:00 | 00,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: TERMSRV.DLL >

[2004/08/04 05:00:00 | 00,295,424 | ---- | M] (Microsoft Corporation) MD5=B60C877D16D9C880B952FDA04ADF16E6 -- C:\WINDOWS\$NtServicePackUninstall$\termsrv.dll

[2008/04/13 17:12:07 | 00,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\ServicePackFiles\i386\termsrv.dll

[2008/04/13 17:12:07 | 00,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\system32\termsrv.dll

< MD5 for: USERINIT.EXE >

[2004/08/04 05:00:00 | 00,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

[2008/04/13 17:12:38 | 00,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe

[2008/04/13 17:12:38 | 00,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\System32\userinit.exe

< MD5 for: WS2_32.DLL >

[2008/04/13 17:12:10 | 00,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll

[2008/04/13 17:12:10 | 00,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll

[2004/08/04 05:00:00 | 00,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll

< MD5 for: XMLPROV.DLL >

[2008/04/13 17:12:11 | 00,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\ServicePackFiles\i386\xmlprov.dll

[2008/04/13 17:12:11 | 00,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\system32\xmlprov.dll

[2004/08/04 05:00:00 | 00,129,536 | ---- | M] (Microsoft Corporation) MD5=EEF46DAB68229A14DA3D8E73C99E2959 -- C:\WINDOWS\$NtServicePackUninstall$\xmlprov.dll

< End of report >

Link to post
Share on other sites

Hi,

I need you to uninstall uTorrent.

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    MOD - C:\WINDOWS\system32\notepad.dll (Microsoft)
    O4 - HKCU..\Run: [Internet Security 2010] C:\Program Files\InternetSecurity2010\IS2010.exe (Internet Security 2010)
    O4 - HKCU..\Run: [notepad] C:\Documents and Settings\LocalService\ntload.dll (Microsoft)
    O4 - HKCU..\Run: [richtx64.exe] C:\DOCUME~1\Jory\LOCALS~1\Temp\richtx64.exe File not found
    [2009/12/14 00:48:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\18467.exe
    [2009/11/30 00:43:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jory\Application Data\IObit
    [2009/11/20 00:07:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jory\Application Data\uTorrent

    :Services

    :Reg

    :Files

    :Commands
    [purity]
    [emptytemp]
    [Reboot]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

mbamicontw5.gif Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

Link to post
Share on other sites

Thank you, i did get MBAM to install this time!

===========OTL LOG==========

OTL logfile created on: 12/15/2009 8:46:46 AM - Run 3

OTL by OldTimer - Version 3.1.17.0 Folder = C:\Documents and Settings\Jory\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.56 Gb Available Physical Memory | 77.81% Memory free

3.85 Gb Paging File | 3.52 Gb Available in Paging File | 91.39% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 48.83 Gb Total Space | 41.02 Gb Free Space | 84.02% Space Free | Partition Type: NTFS

Drive D: | 249.25 Gb Total Space | 130.79 Gb Free Space | 52.47% Space Free | Partition Type: NTFS

Unable to calculate disk information.

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: BLUE

Current User Name: Jory

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 14 Days

Output = Minimal

Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Jory\Desktop\OTL.exe (OldTimer Tools)

PRC - D:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)

PRC - D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)

PRC - D:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - D:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - D:\Program Files\Avira\AntiVir Desktop\guardgui.exe (Avira GmbH)

PRC - D:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)

PRC - D:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe (Adobe Systems Incorporated)

PRC - C:\Program Files\ASUS\Six Engine\SixEngine.exe ()

PRC - C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE (Software 2000 Limited)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Jory\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Documents and Settings\LocalService\ntload.dll (Microsoft)

MOD - C:\WINDOWS\system32\lz32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)

SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (AntiVirService) -- D:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (AntiVirSchedulerService) -- D:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http:/google.com"

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2009/11/19 21:47:45 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2009/12/05 01:13:49 | 00,000,000 | ---D | M]

[2009/11/18 21:12:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jory\Application Data\Mozilla\Extensions

[2009/12/05 01:13:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jory\Application Data\Mozilla\Firefox\Profiles\tmkreyls.default\extensions

O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [avgnt] D:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [iTunesHelper] D:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

O4 - HKLM..\Run: [notepad] C:\WINDOWS\System32\notepad.DLL ()

O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe File not found

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)

O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [six Engine] C:\Program Files\ASUS\Six Engine\SixEngine.exe ()

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe File not found

O4 - HKCU..\Run: [notepad] C:\Documents and Settings\LocalService\ntload.dll ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1258603477046 (WUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/11/18 20:23:38 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - comfile [open] -- "%1" %*

O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2009/12/15 08:36:53 | 00,000,000 | ---D | C] -- C:\_OTL

[2009/12/14 08:18:36 | 00,538,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jory\Desktop\OTL.exe

[2009/12/14 00:28:33 | 00,000,000 | ---D | C] -- C:\Program Files\InternetSecurity2010

[2009/12/13 23:51:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe

[2009/12/13 23:46:18 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys

[2009/12/13 23:46:18 | 00,056,816 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys

[2009/12/13 23:46:18 | 00,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys

[2009/12/13 23:46:18 | 00,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys

[2009/12/13 23:46:17 | 00,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys

[2009/12/13 23:46:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira

[2009/12/13 23:42:37 | 00,000,000 | ---D | C] -- C:\Program Files\AntiMalware

[2009/12/13 23:31:40 | 04,844,296 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jory\Desktop\hmm.exe

[2009/12/13 21:23:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jory\Local Settings\Application Data\Identities

[2009/12/11 22:24:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles

[2009/12/11 12:39:48 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Jory\Recent

[2009/12/04 23:44:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun

[2009/12/04 16:57:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jory\Local Settings\Application Data\Adobe

[2009/12/04 16:56:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe

[2009/12/04 16:56:39 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe

[2009/12/04 16:56:39 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe

[2009/12/02 09:05:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt

[2009/12/01 23:55:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jory\Tracing

[2009/12/01 23:54:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft

[2009/12/01 23:52:31 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live

[2009/11/19 21:45:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft

[2009/11/18 20:25:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft

[2009/11/18 20:23:37 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft

[2009/11/18 20:23:37 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft

[1 C:\Documents and Settings\Jory\*.tmp files -> C:\Documents and Settings\Jory\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2009/12/15 08:42:35 | 00,311,604 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2009/12/15 08:42:35 | 00,039,992 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2009/12/15 08:42:34 | 00,356,120 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2009/12/15 08:38:30 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009/12/15 08:38:16 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009/12/15 08:38:14 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009/12/15 08:37:22 | 01,572,864 | -H-- | M] () -- C:\Documents and Settings\Jory\NTUSER.DAT

[2009/12/15 08:37:22 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Jory\ntuser.ini

[2009/12/14 23:53:24 | 06,939,528 | -H-- | M] () -- C:\Documents and Settings\Jory\Local Settings\Application Data\IconCache.db

[2009/12/14 23:46:49 | 00,056,816 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys

[2009/12/14 21:04:54 | 00,005,702 | ---- | M] () -- C:\Documents and Settings\Jory\Desktop\Attach.zip

[2009/12/14 08:34:00 | 00,292,864 | ---- | M] () -- C:\Documents and Settings\Jory\Desktop\70bgzb5k.exe

[2009/12/14 08:18:36 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jory\Desktop\OTL.exe

[2009/12/14 08:16:52 | 00,289,792 | ---- | M] () -- C:\Documents and Settings\Jory\Desktop\exeHelper.com

[2009/12/14 00:38:02 | 00,000,812 | ---- | M] () -- C:\Documents and Settings\Jory\Desktop\HijackThis.lnk

[2009/12/14 00:28:33 | 00,000,756 | ---- | M] () -- C:\Documents and Settings\Jory\Desktop\Internet Security 2010.lnk

[2009/12/14 00:27:56 | 00,019,968 | ---- | M] () -- C:\WINDOWS\System32\winlogon86.exe

[2009/12/13 23:46:25 | 00,000,791 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk

[2009/12/13 23:40:25 | 30,909,992 | ---- | M] () -- C:\Documents and Settings\Jory\Desktop\avira_antivir_personal_en.exe

[2009/12/13 23:30:40 | 04,844,296 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jory\Desktop\hmm.exe

[2009/12/12 12:46:28 | 00,001,854 | -H-- | M] () -- C:\Documents and Settings\Jory\My Documents\Default.rdp

[2009/12/11 17:09:27 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2009/12/05 09:56:57 | 00,036,864 | ---- | M] () -- C:\Documents and Settings\Jory\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/12/02 07:21:58 | 00,112,584 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2009/12/01 23:54:58 | 00,017,864 | ---- | M] () -- C:\Documents and Settings\Jory\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[1 C:\Documents and Settings\Jory\*.tmp files -> C:\Documents and Settings\Jory\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/14 21:04:52 | 00,005,702 | ---- | C] () -- C:\Documents and Settings\Jory\Desktop\Attach.zip

[2009/12/14 08:34:00 | 00,292,864 | ---- | C] () -- C:\Documents and Settings\Jory\Desktop\70bgzb5k.exe

[2009/12/14 08:16:52 | 00,289,792 | ---- | C] () -- C:\Documents and Settings\Jory\Desktop\exeHelper.com

[2009/12/14 00:38:02 | 00,000,812 | ---- | C] () -- C:\Documents and Settings\Jory\Desktop\HijackThis.lnk

[2009/12/14 00:28:33 | 00,000,756 | ---- | C] () -- C:\Documents and Settings\Jory\Desktop\Internet Security 2010.lnk

[2009/12/14 00:27:57 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\winlogon86.exe

[2009/12/13 23:46:25 | 00,000,791 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk

[2009/12/13 23:44:13 | 30,909,992 | ---- | C] () -- C:\Documents and Settings\Jory\Desktop\avira_antivir_personal_en.exe

[2009/11/28 21:41:21 | 00,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini

[2009/11/21 18:36:13 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\HPPLVS.dll

[2009/11/20 00:43:49 | 00,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2009/11/20 00:43:49 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2009/11/19 12:41:52 | 00,036,864 | ---- | C] () -- C:\Documents and Settings\Jory\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/11/18 20:46:03 | 00,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll

[2009/11/18 20:46:03 | 00,012,400 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys

[2009/11/18 20:46:01 | 00,011,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys

[2009/11/18 20:46:01 | 00,010,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys

[2009/11/18 20:29:28 | 00,037,628 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini

[2009/11/18 20:29:16 | 00,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys

[2009/11/18 20:29:09 | 00,037,237 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini

[2009/11/18 20:29:09 | 00,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS

[2009/08/03 00:21:54 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll

[2009/08/03 00:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll

[2009/08/03 00:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll

[2009/08/03 00:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll

[2009/08/03 00:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll

[2009/08/03 00:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll

[2009/08/03 00:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll

[2009/08/03 00:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll

[2009/08/03 00:21:52 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll

[2009/08/03 00:21:52 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll

========== LOP Check ==========

[2009/11/19 22:20:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Last.fm

[2009/11/19 21:48:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2009/11/20 20:11:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jory\Application Data\Acreon

[2009/11/30 00:44:04 | 00,000,382 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag.job

========== Purity Check ==========

< End of report >

========MBAM LOG=======

Malwarebytes' Anti-Malware 1.42

Database version: 3365

Windows 5.1.2600 Service Pack 3

Internet Explorer 6.0.2900.5512

12/15/2009 8:54:05 AM

mbam-log-2009-12-15 (08-54-05).txt

Scan type: Quick Scan

Objects scanned: 102546

Time elapsed: 1 minute(s), 8 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 3

Registry Data Items Infected: 4

Folders Infected: 0

Files Infected: 8

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\notepad (Trojan.Agent) -> Delete on reboot.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\notepad (Trojan.Agent) -> Delete on reboot.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Documents and Settings\LocalService\ntload.dll (Trojan.Agent) -> Delete on reboot.

C:\WINDOWS\system32\notepad.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Jory\ntload.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Jory\Start Menu\Programs\Startup\scandisk.lnk (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Jory\Local Settings\Temp\nsrbgxod.bak (Trojan.Agent) -> Delete on reboot.

C:\Program Files\AntiMalware\help.ico (Rogue.AntiMalware) -> Quarantined and deleted successfully.

C:\Program Files\AntiMalware\malw.db (Rogue.AntiMalware) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\Winlogon86.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Link to post
Share on other sites

Hi,

How are things running?

Please download JavaRa to your desktop and unzip it to its own folder

  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:

  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.

3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.

Please be patient as this can take quite a long time to download.

  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases

    [*]Click on My Computer under the green Scan bar to the left to start the scan.

    [*]Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.

    [*]Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.

    [*]Click View report... at the bottom.

    [*] Click the Save report... button.

    KasReport.png

    [*] Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply

Link to post
Share on other sites

Thank you very much for your continued help. After the java utility and update, I did have a chance to run the scanner and will post the log below. Things are running MUCH better, no more antivirus 2010 popups and false windows about infections. The system is running quickly and the only lingering thing I see in general use is a desktop icon "Internet Security 2010" as well as a start menu item with the same name. Both are of course false. I think we're very close to having it handled. Here is the output from Kaspersky:

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7.0: scan report

Tuesday, December 15, 2009

Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)

Kaspersky Online Scanner version: 7.0.26.13

Last database update: Tuesday, December 15, 2009 18:08:21

Records in database: 3375547

--------------------------------------------------------------------------------

Scan settings:

scan using the following database: extended

Scan archives: yes

Scan e-mail databases: yes

Scan area - My Computer:

A:\

C:\

D:\

E:\

F:\

Scan statistics:

Objects scanned: 68205

Threats found: 1

Infected objects found: 1

Suspicious objects found: 0

Scan duration: 00:38:27

File name / Threat / Threats count

C:\_OTL\MovedFiles\12152009_083653\C_Program Files\InternetSecurity2010\IS2010.exe Infected: Trojan.Win32.FraudPack.adrr 1

Selected area has been scanned.

Link to post
Share on other sites

Good to know,

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    [2009/12/14 00:28:33 | 00,000,756 | ---- | M] () -- C:\Documents and Settings\Jory\Desktop\Internet Security 2010.lnk

    :Services

    :Reg

    :Files

    :Commands
    [purity]
    [emptytemp]
    [Reboot]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    *internet security*


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Link to post
Share on other sites

Upon running the OTL after the reboot, I got a warning from my Avira real time scanner. I have attached a BMP of that screen capture.

======OTL========

OTL logfile created on: 12/15/2009 12:59:49 PM - Run 4

OTL by OldTimer - Version 3.1.17.0 Folder = C:\Documents and Settings\Jory\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.55 Gb Available Physical Memory | 77.33% Memory free

3.85 Gb Paging File | 3.51 Gb Available in Paging File | 91.27% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 48.83 Gb Total Space | 40.93 Gb Free Space | 83.82% Space Free | Partition Type: NTFS

Drive D: | 249.25 Gb Total Space | 130.77 Gb Free Space | 52.47% Space Free | Partition Type: NTFS

Unable to calculate disk information.

Drive F: | 74.52 Gb Total Space | 72.20 Gb Free Space | 96.88% Space Free | Partition Type: NTFS

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: BLUE

Current User Name: Jory

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 14 Days

Output = Minimal

Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

PRC - C:\Documents and Settings\Jory\Desktop\OTL.exe (OldTimer Tools)

PRC - D:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)

PRC - D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)

PRC - D:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - D:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - D:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)

PRC - D:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe (Adobe Systems Incorporated)

PRC - C:\Program Files\ASUS\Six Engine\SixEngine.exe ()

PRC - C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE (Software 2000 Limited)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Jory\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)

SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (AntiVirService) -- D:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (AntiVirSchedulerService) -- D:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http:/google.com"

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2009/11/19 21:47:45 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2009/12/05 01:13:49 | 00,000,000 | ---D | M]

[2009/11/18 21:12:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jory\Application Data\Mozilla\Extensions

[2009/12/05 01:13:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jory\Application Data\Mozilla\Firefox\Profiles\tmkreyls.default\extensions

O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [avgnt] D:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [iTunesHelper] D:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe File not found

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)

O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [six Engine] C:\Program Files\ASUS\Six Engine\SixEngine.exe ()

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe File not found

O4 - Startup: C:\Documents and Settings\Jory\Start Menu\Programs\Startup\scandisk.dll ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1258603477046 (WUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/11/18 20:23:38 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2009/10/28 22:30:31 | 00,000,000 | ---D | M] - F:\autorun -- [ NTFS ]

O32 - AutoRun File - [2005/11/15 11:08:04 | 00,000,036 | -H-- | M] () - F:\autorun.inf -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - comfile [open] -- "%1" %*

O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2009/12/15 10:54:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jory\.SunDownloadManager

[2009/12/15 10:51:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jory\Desktop\JavaRa

[2009/12/15 08:52:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jory\Application Data\Malwarebytes

[2009/12/15 08:52:05 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009/12/15 08:52:04 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009/12/15 08:52:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2009/12/15 08:36:53 | 00,000,000 | ---D | C] -- C:\_OTL

[2009/12/14 08:18:36 | 00,538,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jory\Desktop\OTL.exe

[2009/12/14 00:28:33 | 00,000,000 | ---D | C] -- C:\Program Files\InternetSecurity2010

[2009/12/13 23:51:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe

[2009/12/13 23:46:18 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys

[2009/12/13 23:46:18 | 00,056,816 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys

[2009/12/13 23:46:18 | 00,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys

[2009/12/13 23:46:18 | 00,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys

[2009/12/13 23:46:17 | 00,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys

[2009/12/13 23:46:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira

[2009/12/13 23:42:37 | 00,000,000 | ---D | C] -- C:\Program Files\AntiMalware

[2009/12/13 21:23:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jory\Local Settings\Application Data\Identities

[2009/12/11 22:24:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles

[2009/12/11 12:39:48 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Jory\Recent

[2009/12/04 23:44:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun

[2009/12/04 16:57:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jory\Local Settings\Application Data\Adobe

[2009/12/04 16:56:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe

[2009/12/04 16:56:39 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe

[2009/12/04 16:56:39 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe

[2009/12/02 09:05:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt

[2009/12/01 23:55:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jory\Tracing

[2009/12/01 23:54:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft

[2009/12/01 23:52:31 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live

[2009/11/19 21:45:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft

[2009/11/18 20:25:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft

[2009/11/18 20:23:37 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft

[2009/11/18 20:23:37 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft

[1 C:\Documents and Settings\Jory\*.tmp files -> C:\Documents and Settings\Jory\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2009/12/15 12:58:50 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009/12/15 12:58:35 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009/12/15 12:58:34 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009/12/15 12:57:37 | 01,572,864 | -H-- | M] () -- C:\Documents and Settings\Jory\NTUSER.DAT

[2009/12/15 12:57:37 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Jory\ntuser.ini

[2009/12/15 10:51:33 | 00,073,281 | ---- | M] () -- C:\Documents and Settings\Jory\Desktop\JavaRa.zip

[2009/12/15 09:01:50 | 00,356,120 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2009/12/15 09:01:50 | 00,311,604 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2009/12/15 09:01:50 | 00,039,992 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2009/12/15 08:56:40 | 06,940,070 | -H-- | M] () -- C:\Documents and Settings\Jory\Local Settings\Application Data\IconCache.db

[2009/12/15 08:52:07 | 00,000,566 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2009/12/15 08:51:39 | 00,000,388 | ---- | M] () -- C:\Documents and Settings\Jory\Desktop\Shortcut to mbam-setup.exe.lnk

[2009/12/14 23:46:49 | 00,056,816 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys

[2009/12/14 21:04:54 | 00,005,702 | ---- | M] () -- C:\Documents and Settings\Jory\Desktop\Attach.zip

[2009/12/14 08:34:00 | 00,292,864 | ---- | M] () -- C:\Documents and Settings\Jory\Desktop\70bgzb5k.exe

[2009/12/14 08:18:36 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jory\Desktop\OTL.exe

[2009/12/14 08:16:52 | 00,289,792 | ---- | M] () -- C:\Documents and Settings\Jory\Desktop\exeHelper.com

[2009/12/14 00:38:02 | 00,000,812 | ---- | M] () -- C:\Documents and Settings\Jory\Desktop\HijackThis.lnk

[2009/12/13 23:46:25 | 00,000,791 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk

[2009/12/13 23:40:25 | 30,909,992 | ---- | M] () -- C:\Documents and Settings\Jory\Desktop\avira_antivir_personal_en.exe

[2009/12/12 12:46:28 | 00,001,854 | -H-- | M] () -- C:\Documents and Settings\Jory\My Documents\Default.rdp

[2009/12/11 17:09:27 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2009/12/05 09:56:57 | 00,036,864 | ---- | M] () -- C:\Documents and Settings\Jory\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009/12/02 07:21:58 | 00,112,584 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2009/12/01 23:54:58 | 00,017,864 | ---- | M] () -- C:\Documents and Settings\Jory\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[1 C:\Documents and Settings\Jory\*.tmp files -> C:\Documents and Settings\Jory\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/15 10:51:32 | 00,073,281 | ---- | C] () -- C:\Documents and Settings\Jory\Desktop\JavaRa.zip

[2009/12/15 08:52:07 | 00,000,566 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2009/12/15 08:51:39 | 00,000,388 | ---- | C] () -- C:\Documents and Settings\Jory\Desktop\Shortcut to mbam-setup.exe.lnk

[2009/12/14 21:04:52 | 00,005,702 | ---- | C] () -- C:\Documents and Settings\Jory\Desktop\Attach.zip

[2009/12/14 08:34:00 | 00,292,864 | ---- | C] () -- C:\Documents and Settings\Jory\Desktop\70bgzb5k.exe

[2009/12/14 08:16:52 | 00,289,792 | ---- | C] () -- C:\Documents and Settings\Jory\Desktop\exeHelper.com

[2009/12/14 00:38:02 | 00,000,812 | ---- | C] () -- C:\Documents and Settings\Jory\Desktop\HijackThis.lnk

[2009/12/13 23:46:25 | 00,000,791 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk

[2009/12/13 23:44:13 | 30,909,992 | ---- | C] () -- C:\Documents and Settings\Jory\Desktop\avira_antivir_personal_en.exe

[2009/11/28 21:41:21 | 00,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini

[2009/11/21 18:36:13 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\HPPLVS.dll

[2009/11/20 00:43:49 | 00,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2009/11/20 00:43:49 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2009/11/19 12:41:52 | 00,036,864 | ---- | C] () -- C:\Documents and Settings\Jory\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/11/18 20:46:03 | 00,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll

[2009/11/18 20:46:03 | 00,012,400 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys

[2009/11/18 20:46:01 | 00,011,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys

[2009/11/18 20:46:01 | 00,010,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys

[2009/11/18 20:29:28 | 00,037,628 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini

[2009/11/18 20:29:16 | 00,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys

[2009/11/18 20:29:09 | 00,037,237 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini

[2009/11/18 20:29:09 | 00,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS

[2009/08/03 00:21:54 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll

[2009/08/03 00:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll

[2009/08/03 00:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll

[2009/08/03 00:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll

[2009/08/03 00:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll

[2009/08/03 00:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll

[2009/08/03 00:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll

[2009/08/03 00:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll

[2009/08/03 00:21:52 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll

[2009/08/03 00:21:52 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll

========== LOP Check ==========

[2009/11/19 22:20:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Last.fm

[2009/11/19 21:48:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2009/11/20 20:11:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jory\Application Data\Acreon

[2009/11/30 00:44:04 | 00,000,382 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag.job

========== Purity Check ==========

< End of report >

======SYSTEMLOOK=======

SystemLook v1.0 by jpshortstuff (29.08.09)

Log created at 13:03 on 15/12/2009 by Jory (Administrator - Elevation successful)

========== filefind ==========

Searching for "*internet security*"

C:\Documents and Settings\Jory\Start Menu\Internet Security 2010.lnk --a--- 756 bytes [07:28 14/12/2009] [07:28 14/12/2009] BDB46F1C893E31EA97994A6519AF7367

C:\_OTL\MovedFiles\12152009_125718\C_Documents and Settings\Jory\Desktop\Internet Security 2010.lnk --a--- 756 bytes [07:28 14/12/2009] [07:28 14/12/2009] F2B90683C3629B3178F80F1767F99C44

-=End Of File=-

warning.bmp

Link to post
Share on other sites

Please download OTM

  • Save it to your desktop.
  • Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    :Processes

    :Services

    :Reg

    :Files
    C:\Documents and Settings\Jory\Start Menu\Internet Security 2010.lnk
    C:\Documents and Settings\Jory\Start Menu\Programs\Startup\scandisk.dl

    :Commands
    [purity]
    [emptytemp]
    [Reboot]


  • Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM and reboot your PC.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Link to post
Share on other sites

Thanks, I noticed those icons are now gone, here is the logfile created after the reboot it required:

All processes killed

========== PROCESSES ==========

========== SERVICES/DRIVERS ==========

========== REGISTRY ==========

========== FILES ==========

C:\Documents and Settings\Jory\Start Menu\Internet Security 2010.lnk moved successfully.

File/Folder C:\Documents and Settings\Jory\Start Menu\Programs\Startup\scandisk.dl not found.

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Jory

->Temp folder emptied: 588256 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 16168260 bytes

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

Windows Temp folder emptied: 483 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 16.08 mb

OTM by OldTimer - Version 3.1.2.2 log created on 12152009_131550

Files moved on Reboot...

Registry entries deleted on Reboot...

Link to post
Share on other sites

Download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Download Rooter.exe to your desktop.

  • Then double-click it to start the tool.
  • A Notepad file containing the report will open, also found at %systemdrive%\Rooter.txt. Post that here.

Link to post
Share on other sites

Things running pretty smoothly now, no popups or notifications from Avira

======Security Check======

Results of screen317's Security Check version 0.99.1

Windows XP Service Pack 3 (UAC is disabled!)

``````````````````````````````

Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!

Windows Firewall Disabled!

Avira AntiVir Personal - Free Antivirus

Antivirus out of date! (On Access scanning disabled!)

``````````````````````````````

Anti-malware/Other Utilities Check:

HijackThis 2.0.2

Java 6 Update 17

Adobe Flash Player 10

Adobe Reader 8.1.3

Out of date Adobe Reader installed!

``````````````````````````````

Process Check:

objlist.exe by Laurent

Avira Antivir avgnt.exe

Avira Antivir avguard.exe

``````````````````````````````

DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````

======Rooter=====

Rooter.exe (v1.0.2) by Eric_71

.

SeDebugPrivilege granted successfully ...

.

Windows XP . (5.1.2600) Service Pack 3

[32_bits] - x86 Family 6 Model 23 Stepping 10, GenuineIntel

.

[wscsvc] STOPPED (state:1) : Security Center -> Disabled !

[sharedAccess] RUNNING (state:4)

Windows Firewall -> Disabled !

.

Internet Explorer 6.0.2900.5512

Mozilla Firefox 3.5.5 (en-US)

.

A:\ [Removable]

C:\ [Fixed-NTFS] .. ( Total:48 Go - Free:40 Go )

D:\ [Fixed-NTFS] .. ( Total:249 Go - Free:130 Go )

E:\ [CD_Rom]

.

Scan : 14:06.48

Path : C:\Documents and Settings\Jory\Desktop\Rooter.exe

User : Jory ( Administrator -> YES )

.

----------------------\\ Processes

.

Locked [system Process] (0)

______ System (4)

______ \SystemRoot\System32\smss.exe (660)

______ \??\C:\WINDOWS\system32\csrss.exe (720)

______ \??\C:\WINDOWS\system32\winlogon.exe (744)

______ C:\WINDOWS\system32\services.exe (788)

______ C:\WINDOWS\system32\lsass.exe (800)

______ C:\WINDOWS\system32\svchost.exe (988)

______ C:\WINDOWS\system32\svchost.exe (1056)

______ C:\WINDOWS\System32\svchost.exe (1152)

______ C:\WINDOWS\system32\svchost.exe (1276)

______ C:\WINDOWS\system32\svchost.exe (1348)

______ C:\WINDOWS\system32\spoolsv.exe (1444)

______ D:\Program Files\Avira\AntiVir Desktop\sched.exe (1496)

______ D:\Program Files\Avira\AntiVir Desktop\avguard.exe (1588)

______ C:\WINDOWS\Explorer.EXE (1864)

______ C:\WINDOWS\system32\svchost.exe (1888)

______ C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (236)

______ C:\Program Files\Bonjour\mDNSResponder.exe (248)

______ C:\Program Files\Java\jre6\bin\jqs.exe (368)

______ C:\WINDOWS\system32\svchost.exe (532)

______ C:\WINDOWS\System32\alg.exe (1672)

______ C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE (492)

______ C:\WINDOWS\notepad.exe (512)

______ C:\WINDOWS\RTHDCPL.EXE (792)

______ C:\Program Files\ASUS\Six Engine\SixEngine.exe (1268)

______ D:\Program Files\iTunes\iTunesHelper.exe (1308)

______ D:\Program Files\Avira\AntiVir Desktop\avgnt.exe (1324)

______ C:\Program Files\Java\jre6\bin\jusched.exe (1236)

______ C:\Program Files\iPod\bin\iPodService.exe (2280)

______ C:\WINDOWS\System32\svchost.exe (2704)

______ C:\WINDOWS\system32\wuauclt.exe (2948)

______ D:\Program Files\Mozilla Firefox\firefox.exe (3132)

______ C:\Documents and Settings\Jory\Desktop\SecurityCheck.exe (1804)

______ C:\WINDOWS\system32\cmd.exe (3108)

______ C:\WINDOWS\system32\notepad.exe (2128)

______ C:\Documents and Settings\Jory\Desktop\Rooter.exe (1300)

.

----------------------\\ Device\Harddisk0\

.

\Device\Harddisk0 [sectors : 63 x 512 Bytes]

.

\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:32256 | Length:52427902464)

\Device\Harddisk0\Partition0 (Start_Offset:52427934720 | Length:267634160640)

\Device\Harddisk0\Partition2 (Start_Offset:52427966976 | Length:267634128384)

.

----------------------\\ Scheduled Tasks

.

C:\WINDOWS\Tasks\desktop.ini

C:\WINDOWS\Tasks\SA.DAT

C:\WINDOWS\Tasks\SmartDefrag.job

.

----------------------\\ Registry

.

.

----------------------\\ Files & Folders

.

----------------------\\ Scan completed at 14:06.49

.

C:\Rooter$\Rooter_1.txt - (15/12/2009 | 14:06.49)

Link to post
Share on other sites

Hi,

Couple of things to do,

Visit THIS website to obtain the latest update for Adobe reader, yours is quite out of date now.

uninstall the old version when complete.

Then,

Copy and paste the following into notepad.

@echo off

sc start wscsvc

sc config wscsvc start= auto

sc start SharedAccess

sc config SharedAccess start= auto

Del %0

Save this as fix.bat to your desktop and double click to run.

A small black box will open and close, this is normal.

Update you antivirus as well.

After that re run Security Check for me and post the log.

Link to post
Share on other sites

Got the Adobe Update accomplished as well as that fix.bat file executed.

I also got new definitions for my Anti Virus software by running an update, right before I ran security check.

Here is the new log:

Results of screen317's Security Check version 0.99.1

Windows XP Service Pack 3 (UAC is disabled!)

``````````````````````````````

Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!

Windows Firewall Disabled!

Avira AntiVir Personal - Free Antivirus

Antivirus out of date! (On Access scanning disabled!)

``````````````````````````````

Anti-malware/Other Utilities Check:

HijackThis 2.0.2

Java 6 Update 17

Adobe Flash Player 10

Adobe Reader 9.2

``````````````````````````````

Process Check:

objlist.exe by Laurent

Avira Antivir avgnt.exe

Avira Antivir avguard.exe

``````````````````````````````

DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.