Malware problem

DarkStorm490 · May 16, 2010

Hello,

Reading through some of the more recent topics it seems I have a few symptoms shared with other users on this forum. I originally had a fake anti virus popping up telling me to run scans etc and I was not allowed to run task manager and a lot of other programs; "the file *program-name*.exe is infected and must be scanned for viruses" or a message along those lines was given each time I attempted to run a program. Now it seems after running Malwarebytes, Spybot Search and Destroy, Kaspersky Rescue Disk and AVG Anti Virus most of the visible problems seem to be gone. I also had my searches in Internet Explorer being redirected to other sites, but that appears to be fixed now too... I have noticed that when I run a Spybot scan and find several problems. I choose to fix these problems, but upon restarting the computer if I run another Spybot scan it seems it finds these problems again. Malwarebytes also seems to find something called PRAGMAd.sys or something (I can't quite remember what it was called.). But that seems to come back too.

I've got a copy of the Spybot scan below, i'm not sure if it will help.

It's quite frustrating not being able to get rid of whatever it is!

Thanks,

Daniel

Spybot Search and Destroy

Fraud.MalwareDefense: [sBI $E7E827C2] Settings (Registry key, fixed)

HKEY_LOCAL_MACHINE\Software\Malware Defense

Fraud.MalwareDefense: [sBI $655F7E78] Settings (Registry key, fixed)

HKEY_USERS\S-1-5-21-1801674531-2049760794-839522115-1105\Software\Malware Defense

Fraud.MalwareDefense: [sBI $655F7E78] Settings (Registry key, fixed)

HKEY_USERS\S-1-5-21-484763869-1935655697-725345543-500\Software\Malware Defense

Fraud.PaladinAntivirus: [sBI $B2D62186] Settings (Registry key, fixed)

HKEY_LOCAL_MACHINE\SOFTWARE\Paladin Antivirus

SpySheriff: [sBI $9302253C] Settings (Registry change, fixed)

HKEY_USERS\S-1-5-21-484763869-1935655697-725345543-500\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceActiveDesktopOn

Fraud.PaladinAntivirus: [sBI $2135E99D] Settings (Registry key, fixed)

HKEY_USERS\S-1-5-21-1801674531-2049760794-839522115-1105\Software\Paladin Antivirus

Fraud.PaladinAntivirus: [sBI $2135E99D] Settings (Registry key, fixed)

HKEY_USERS\S-1-5-21-484763869-1935655697-725345543-500\Software\Paladin Antivirus

FunWebProducts: [sBI $561F0D2E] User settings (Registry value, fixed)

HKEY_USERS\S-1-5-21-484763869-1935655697-725345543-500\Software\Microsoft\Internet Explorer\MenuExt\&Search\=...http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml...

FunWebProducts: [sBI $8CC75C5A] Settings (Registry value, fixed)

HKEY_USERS\S-1-5-21-484763869-1935655697-725345543-500\Software\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44cf-8957-5838F569A31D}

MyWay.MyWebSearch: [sBI $6404C538] Settings (Registry key, fixed)

HKEY_USERS\S-1-5-21-484763869-1935655697-725345543-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}

MyWay.MyWebSearch: [sBI $B1C70274] Browser helper object (Registry key, fixed)

HKEY_USERS\S-1-5-21-484763869-1935655697-725345543-500\Software\MyWebSearch

Microsoft.WindowsSecurityCenter_disabled: [sBI $2E20C9A9] Settings (Registry change, fixed)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start

Right Media: Tracking cookie (Internet Explorer: jilly) (Cookie, fixed)

--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)

2009-01-26 SDFiles.exe (1.6.1.7)

2009-01-26 SDMain.exe (1.0.0.6)

2009-01-26 SDShred.exe (1.0.2.5)

2009-01-26 SDUpdate.exe (1.6.0.12)

2009-01-26 SpybotSD.exe (1.6.2.46)

2009-03-05 TeaTimer.exe (1.6.6.32)

2009-05-15 unins000.exe (51.49.0.0)

2009-01-26 Update.exe (1.6.0.7)

2009-11-04 advcheck.dll (1.6.5.20)

2007-04-02 aports.dll (2.1.0.0)

2008-06-14 DelZip179.dll (1.79.11.1)

2009-01-26 SDHelper.dll (1.6.2.14)

2008-06-19 sqlite3.dll

2009-01-26 Tools.dll (2.1.6.10)

2009-01-16 UninsSrv.dll (1.0.0.0)

2010-02-17 Includes\Adware.sbi (*)

2010-05-04 Includes\AdwareC.sbi (*)

2010-01-25 Includes\Cookies.sbi (*)

2009-11-03 Includes\Dialer.sbi (*)

2010-05-04 Includes\DialerC.sbi (*)

2010-01-25 Includes\HeavyDuty.sbi (*)

2009-05-26 Includes\Hijackers.sbi (*)

2010-05-04 Includes\HijackersC.sbi (*)

2010-01-20 Includes\Keyloggers.sbi (*)

2010-05-04 Includes\KeyloggersC.sbi (*)

2004-11-29 Includes\LSP.sbi (*)

2010-05-05 Includes\Malware.sbi (*)

2010-05-05 Includes\MalwareC.sbi (*)

2009-03-25 Includes\PUPS.sbi (*)

2010-04-13 Includes\PUPSC.sbi (*)

2010-01-25 Includes\Revision.sbi (*)

2009-01-13 Includes\Security.sbi (*)

2010-05-04 Includes\SecurityC.sbi (*)

2008-06-03 Includes\Spybots.sbi (*)

2008-06-03 Includes\SpybotsC.sbi (*)

2010-03-02 Includes\Spyware.sbi (*)

2010-05-04 Includes\SpywareC.sbi (*)

2010-03-08 Includes\Tracks.uti

2010-04-27 Includes\Trojans.sbi (*)

2010-05-04 Includes\TrojansC-02.sbi (*)

2010-05-04 Includes\TrojansC-03.sbi (*)

2010-05-04 Includes\TrojansC-04.sbi (*)

2010-05-04 Includes\TrojansC-05.sbi (*)

2010-05-04 Includes\TrojansC.sbi (*)

2008-03-04 Plugins\Chai.dll

2008-03-05 Plugins\Fennel.dll

2008-02-26 Plugins\Mate.dll

2007-12-24 Plugins\TCPIPAddress.dll

kahdah · May 16, 2010

Hello DarkStorm490

Welcome to Malwarebytes.

=====================

Please download OTH.scr to your desktop.
Download OTL to your desktop.
Double click the OTH file and select Kill All Processes, your desktop will go blank

Then select Start OTL OTL will now run
When the window appears, underneath Output at the top change it to Minimal Output.
Under the Standard Registry box change it to All.
Under Custom scan's and fixes section paste in the below in bold

netsvcs

%SYSTEMDRIVE%\*.*

%systemroot%\*. /mp /s

CREATERESTOREPOINT

%systemroot%\system32\*.dll /lockedfiles

%systemroot%\Tasks\*.job /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\system32\drivers\*.sys /90
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

====================

Download the following GMER Rootkit Scanner from Here

Download the randomly named EXE file to your Desktop. Remember what its name is since it is randomly named.
Double click on the new random named exe file you downloaded and run it. If prompted about the Security Warning and Unknown Publisher go ahead and click on Run
It may take a minute to load and become available.
If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED
IAT/EAT
Drives/Partition other than Systemdrive (typically only C:\ should be checked)
Show All (don't miss this one)
Then click the Scan button & wait for it to finish.
Once done click on the [save..] button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop
**Caution** Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Click OK and quit the GMER program.
Note: On Firefox you need to go to Tools/Options/Main then under the Downloads section, click on Always ask me where to save files so that you can choose the name and where to save to, in this case your Desktop.
Post that log in your next reply.

DarkStorm490 · May 17, 2010

Hello kahdah,

Thanks for your response. I was able to run OTH and OTL and I will paste below the contents requested. Running GMER however, resulted in a blue screen with a message saying "A problem has been detected and windows has been shut down to prevent damage to your cmputer: PFN_LIST_Corrupt" It then began a dump of physical memory to disk and was followed by a restart. I attempted to run the scan two times and each time the blue screen with the same message appeared. (Note: The scan would run for about 30-40 minutes before the blue screen appeared.)

Both Extras.txt and OTL.txt cannot fit so I have attached them as well. Sorry!

Extras.txt

OTL Extras logfile created on: 17/05/2010 10:08:34 AM - Run 1

OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\jilly.BLUE_MOUNTAINS.000\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 63.00% Memory free

3.00 Gb Paging File | 3.00 Gb Available in Paging File | 86.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 296.09 Gb Total Space | 150.63 Gb Free Space | 50.87% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: LITTLE_JILLYS

Current User Name: jilly

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\program files\microsoft office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found

"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)

"C:\Program Files\Steam\SteamApps\phunky_jill\half-life deathmatch source\hl2.exe" = C:\Program Files\Steam\SteamApps\phunky_jill\half-life deathmatch source\hl2.exe:*:Enabled:hl2 -- ()

"C:\SIERRA\Counter-Strike\cstrike.exe" = C:\SIERRA\Counter-Strike\cstrike.exe:*:Enabled:CounterStrike Launcher -- (Valve, L.L.C.)

"C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\SAGENT4.EXE" = C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\SAGENT4.EXE:*:Enabled:SAgent4 -- File not found

"C:\Program Files\DOOM Collector's Edition\Final Doom\Doom95.exe" = C:\Program Files\DOOM Collector's Edition\Final Doom\Doom95.exe:*:Enabled:doom95 -- (id Software)

"C:\Program Files\Lionhead Studios Ltd\Black & White\runblack.exe" = C:\Program Files\Lionhead Studios Ltd\Black & White\runblack.exe:*:Enabled:lh -- File not found

"C:\Program Files\EA GAMES\Ultima Online Gold\client 308j.exe" = C:\Program Files\EA GAMES\Ultima Online Gold\client 308j.exe:*:Enabled:client 308j -- File not found

"C:\Program Files\EA GAMES\Ultima Online Gold\client 3.0.8j.exe" = C:\Program Files\EA GAMES\Ultima Online Gold\client 3.0.8j.exe:*:Enabled:client 3.0.8j -- File not found

"C:\Program Files\EA GAMES\Ultima Online Gold\Client.exe" = C:\Program Files\EA GAMES\Ultima Online Gold\Client.exe:*:Enabled:Client -- File not found

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

"C:\Program Files\EA GAMES\uogold\client 3.0.8j.exe" = C:\Program Files\EA GAMES\uogold\client 3.0.8j.exe:*:Enabled:client 3.0.8j -- File not found

"C:\Program Files\EA GAMES\uogold\client 308j.exe" = C:\Program Files\EA GAMES\uogold\client 308j.exe:*:Enabled:client 308j -- File not found

"C:\Program Files\EA GAMES\Ultima Online Gold\client 4.0.11c.exe" = C:\Program Files\EA GAMES\Ultima Online Gold\client 4.0.11c.exe:*:Enabled:client 4.0.11c -- File not found

"C:\Program Files\Steam\SteamApps\phunky_jill\half-life 2 deathmatch\hl2.exe" = C:\Program Files\Steam\SteamApps\phunky_jill\half-life 2 deathmatch\hl2.exe:*:Enabled:hl2 -- ()

"C:\Program Files\Ultima Online\client.exe" = C:\Program Files\Ultima Online\client.exe:*:Enabled:Ultima Online Client -- (Electronic Arts)

"C:\Program Files\Ultima Online\cl6016.exe" = C:\Program Files\Ultima Online\cl6016.exe:*:Enabled:Ultima Online Client -- (Electronic Arts)

"C:\Program Files\Steam\SteamApps\phunky_jill\half-life\hl.exe" = C:\Program Files\Steam\SteamApps\phunky_jill\half-life\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)

"C:\Program Files\DOOM Collector's Edition\Final Doom\Doom95.exe" = C:\Program Files\DOOM Collector's Edition\Final Doom\Doom95.exe:*:Enabled:doom95 -- (id Software)

"%windir%\system32\ccapp.exe" = %windir%\system32\ccapp.exe:*:Enabled:System Process -- File not found

"C:\Program Files\Black Isle\BGII - SoA\BGMain.exe" = C:\Program Files\Black Isle\BGII - SoA\BGMain.exe:*:Enabled:Baldur's Gate II - Shadows of Amn - Throne of Bhaal -- (BioWare Corp.)

"C:\Program Files\Lionhead Studios Ltd\Black & White\runblack.exe" = C:\Program Files\Lionhead Studios Ltd\Black & White\runblack.exe:*:Enabled:lh -- File not found

"C:\SIERRA\Half-Life\hl.exe" = C:\SIERRA\Half-Life\hl.exe:*:Enabled:Half-Life Launcher -- (Valve, L.L.C.)

"C:\SIERRA\Counter-Strike\cstrike.exe" = C:\SIERRA\Counter-Strike\cstrike.exe:*:Enabled:CounterStrike Launcher -- (Valve, L.L.C.)

"C:\WINDOWS\SYSTEM32\dpvsetup.exe" = C:\WINDOWS\SYSTEM32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)

"C:\Program Files\Sierra On-Line\SIGSPat.exe" = C:\Program Files\Sierra On-Line\SIGSPat.exe:*:Enabled:SIGSPat -- (Havas Interactive)

"C:\Program Files\Steam\SteamApps\phunky_jill\half-life deathmatch source\hl2.exe" = C:\Program Files\Steam\SteamApps\phunky_jill\half-life deathmatch source\hl2.exe:*:Enabled:hl2 -- ()

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found

"C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe" = C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe:*:Enabled:VetMsg -- File not found

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

"C:\Program Files\Dragon Age\bin_ship\daorigins.exe" = C:\Program Files\Dragon Age\bin_ship\daorigins.exe:*:Enabled:Dragon Age Origins Game -- (BioWare)

"C:\Program Files\Dragon Age\DAOriginsLauncher.exe" = C:\Program Files\Dragon Age\DAOriginsLauncher.exe:*:Enabled:Dragon Age Origins Launcher -- (BioWare)

"C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe" = C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Enabled:Dragon Age Origins Updater -- (BioWare)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support

"{1A7F8DF6-5A3E-4CDF-BC82-BE26B407E21B}" = The Sims Superstar

"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{21289AE2-24FE-11D5-8F73-0050DA0F6297}" = The Sims Menu Editor

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 20

"{31ED8B29-7A73-440D-B3BA-E05ABDDA68DD}" = Delicious - Emilys Holiday Season

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth

"{40C03514-89C3-41BA-0090-3B440256DB87}" = The Sims 2

"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant

"{45FCADDB-0B29-457E-83A1-D245C62A716C}" = OLYMPUS Master 2

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{595A6662-6158-11D4-8F73-0050DA0F6297}" = The Sims Art Studio

"{5D5B9E6A-344C-4976-95AB-ABBDC648E5DA}" = Microsoft IntelliType Pro 5.2

"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0

"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{6D316D67-DA52-4659-9C98-F479963534D6}" = Audiosurf

"{6DE13770-01B7-4366-8DA6-48237793F445}" = VoiceOver Kit

"{70014586-7BBA-4A92-A610-CDC896C48F8F}" = NETGEAR WG311v3 PCI Adapter

"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK

"{71C97545-E547-4A8B-B0C8-61FF853270AC}" = PaperPort

"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9A0ED01E-FD18-457A-AB9C-0835DCDB17BB}" = Microsoft Platform SDK (R2) (3790.2075)

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9A912C12-A7DA-44D7-BD57-5CA85E2F33E1}" = Brother MFL-Pro Suite

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime

"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger

"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support

"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0

"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins

"{B3332FCA-3B51-4053-8C2D-9F7ACFE6065A}" = Wocarson Windows Genuine Advantage Validation v1.9.9.1 Cracked V2

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B8C3B479-1716-11D5-968A-0050BA84F5F7}" = Baldur's Gate II - Throne of Bhaal

"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims

Extras.Txt

OTL.Txt

DarkStorm490 · May 17, 2010

OTL logfile created on: 17/05/2010 10:08:34 AM - Run 1

OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\jilly.BLUE_MOUNTAINS.000\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 63.00% Memory free

3.00 Gb Paging File | 3.00 Gb Available in Paging File | 86.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 296.09 Gb Total Space | 150.63 Gb Free Space | 50.87% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: LITTLE_JILLYS

Current User Name: jilly

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\jilly.BLUE_MOUNTAINS.000\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Documents and Settings\jilly.BLUE_MOUNTAINS.000\Desktop\OTH.scr (OldTimer Tools)

PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\jilly.BLUE_MOUNTAINS.000\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\SYSTEM32\msscript.ocx (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (avg9emc) -- C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)

SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

SRV - (DAUpdaterSvc) -- C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare)

========== Driver Services (SafeList) ==========

DRV - (AvgTdiX) -- C:\WINDOWS\SYSTEM32\DRIVERS\avgtdix.sys (AVG Technologies CZ, s.r.o.)

DRV - (AvgLdx86) -- C:\WINDOWS\SYSTEM32\DRIVERS\avgldx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (AvgMfx86) -- C:\WINDOWS\SYSTEM32\DRIVERS\avgmfx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (qzanlkzy) -- C:\WINDOWS\SYSTEM32\DRIVERS\qzanlkzy.sys ()

DRV - (atksgt) -- C:\WINDOWS\SYSTEM32\DRIVERS\atksgt.sys ()

DRV - (lirsgt) -- C:\WINDOWS\SYSTEM32\DRIVERS\lirsgt.sys ()

DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys (Duplex Secure Ltd.)

DRV - (cpuz132) -- C:\WINDOWS\SYSTEM32\DRIVERS\cpuz132_x32.sys (Windows ® Codename Longhorn DDK provider)

DRV - (gameenum) -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys (Microsoft Corporation)

DRV - (SISNIC) -- C:\WINDOWS\SYSTEM32\DRIVERS\sisnic.sys (SiS Corporation)

DRV - (ati2mtag) -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)

DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\SYSTEM32\DRIVERS\alcxwdm.sys (Realtek Semiconductor Corp.)

DRV - (W8335XP) NETGEAR WG311v3 802.11g Wireless PCI Adapter for Windows XP (8335) -- C:\WINDOWS\SYSTEM32\DRIVERS\WG311v3XP.sys (Marvell Semiconductor, Inc)

DRV - (VIAudio) VIA AC'97 Enhanced Audio Controller (WDM) -- C:\WINDOWS\SYSTEM32\DRIVERS\viaudio.sys (VIA Technologies, Inc.)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\SYSTEM32\ieframe.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/05/19 21:04:03 | 000,000,000 | ---D | M]

[2009/05/19 21:05:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jilly.BLUE_MOUNTAINS.000\Application Data\Mozilla\Extensions

[2009/05/19 21:05:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jilly.BLUE_MOUNTAINS.000\Application Data\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2009/05/15 22:48:52 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll File not found

O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\SYSTEM32\ieframe.dll (Microsoft Corporation)

O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [indexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (ScanSoft, Inc.)

O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (rootkit-scan)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe (OLYMPUS IMAGING CORP.)

O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (ScanSoft, Inc.)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)

O4 - HKLM..\Run: [soundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [sSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)

O4 - HKLM..\Run: [type32] C:\Program Files\Microsoft IntelliType Pro\type32.exe (Microsoft Corporation)

O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O4 - HKCU..\Run: [MsnMsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)

O4 - HKCU..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.)

O4 - HKCU..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\NETGEAR WG311v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogOff = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogOff = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\SYSTEM32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\SYSTEM32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\SYSTEM32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0...heckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1273659687031 (WUWebControl Class)

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {BDEE1959-AB6B-4745-A29B-F492861102CC} Reg Error: Key error. (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photo...ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)

O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Blue_Mountains

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\SYSTEM32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SYSTEM32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\SYSTEM32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SYSTEM32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\SYSTEM32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\SYSTEM32\wiascr.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: GinaDLL - (MrvGINA.dll) - C:\WINDOWS\System32\MrvGINA.dll (Marvell®)

O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)

O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)

O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\SYSTEM32\dimsntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\RegCompact: DllName - RegCompact.dll - C:\WINDOWS\System32\RegCompact.dll (AMUST Software)

O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll ()

O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\SYSTEM32\stobject.dll (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\SYSTEM32\webcheck.dll (Microsoft Corporation)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\SYSTEM32\wpdshserviceobj.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\jilly.BLUE_MOUNTAINS.000\My Documents\My Pictures\desktop2.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\jilly.BLUE_MOUNTAINS.000\My Documents\My Pictures\desktop2.bmp

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2004/12/17 06:07:06 | 000,000,455 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2002/08/19 03:12:02 | 000,000,171 | ---- | M] () - C:\AUTOEXEC.PSS -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found

NetSvcs: Ias - C:\WINDOWS\SYSTEM32\ias [2010/05/12 13:58:33 | 000,000,000 | ---D | M]

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

DarkStorm490 · May 17, 2010

<OTL.txt continued>

CREATERESTOREPOINT

Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2020/02/19 22:06:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe

[2020/02/19 22:06:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe

[2020/02/19 19:44:41 | 000,000,000 | ---D | C] -- C:\Bin

[2020/02/19 19:26:38 | 000,000,000 | ---D | C] -- C:\Program Files\PowerArchiver

[2020/02/19 19:23:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC

[2020/02/19 19:19:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\forms

[2020/02/19 19:19:40 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Messaging

[2020/02/19 19:17:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office

[2020/02/19 18:20:21 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information

[2020/02/19 13:57:56 | 000,000,000 | ---D | C] -- C:\Program Files\Electronic Arts

[2020/02/19 13:52:43 | 000,000,000 | ---D | C] -- C:\Program Files\Maxis

[2020/02/19 13:05:57 | 000,000,000 | ---D | C] -- C:\Program Files\Bullfrog

[2020/02/19 11:32:00 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer

[2020/02/19 11:31:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield

[2020/02/19 11:29:16 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PrintHood

[2020/02/19 11:29:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Local Settings

[2020/02/19 11:21:49 | 000,000,000 | -H-D | C] -- C:\WINDOWS\NetHood

[2020/02/19 11:20:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System\CatRoot

[2020/02/19 11:20:24 | 000,000,000 | --SD | C] -- C:\WINDOWS\Temporary Internet Files

[2020/02/19 11:20:24 | 000,000,000 | --SD | C] -- C:\WINDOWS\History

[2020/02/19 11:20:24 | 000,000,000 | --SD | C] -- C:\WINDOWS\Cookies

[2020/02/19 11:20:22 | 000,000,000 | ---D | C] -- C:\Program Files\DirectX

[2020/02/19 11:19:21 | 000,000,000 | --SD | C] -- C:\WINDOWS\Favorites

[2020/02/19 11:19:15 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files

[2020/02/19 11:19:14 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages

[2020/02/19 11:18:32 | 000,000,000 | ---D | C] -- C:\Program Files\Uninstall Information

[2020/02/19 11:18:05 | 000,000,000 | -H-D | C] -- C:\WINDOWS\Recent

[2020/02/19 11:18:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\SendTo

[2020/02/19 11:18:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\Start Menu

[2020/02/19 11:17:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Desktop

[2020/02/19 11:17:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\All Users

[2019/02/20 11:11:43 | 000,000,000 | -H-D | C] -- C:\WINDOWS\spool

[2019/02/20 11:11:36 | 000,000,000 | -H-D | C] -- C:\WINDOWS\SYSBCKUP

[2019/02/20 11:11:34 | 000,000,000 | -H-D | C] -- C:\WINDOWS\APPLOG

[2019/02/20 11:10:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\SAMPLES

[2019/02/20 11:09:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\PIF

[2019/02/20 11:09:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System\IOSUBSYS

[2019/02/20 11:09:08 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ShellNew

[2019/02/20 11:08:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System\MACROMED

[2019/02/20 11:07:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\Application Data

[2019/02/20 11:07:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SERVICES

[2019/02/20 11:07:12 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services

[2019/02/20 11:07:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\CATROOT

[2019/02/20 11:06:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System\VMM32

[2019/02/20 11:06:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\MEDIA

[2019/02/20 11:06:04 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks

[2019/02/20 11:06:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\CONFIG

[2019/02/20 11:05:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System\COLOR

[2019/02/20 11:05:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\DRWATSON

[2019/02/20 11:05:50 | 000,000,000 | R--D | C] -- C:\WINDOWS\WEB

[2019/02/20 11:05:44 | 000,000,000 | R-SD | C] -- C:\WINDOWS\FONTS

[2019/02/20 11:03:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System\SHELLEXT

[2019/02/20 11:03:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System\OOBE

[2019/02/20 11:03:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\JAVA

[2019/02/20 11:03:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SYSTEM

[2019/02/20 11:03:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\CURSORS

[2019/02/20 11:03:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM32

[2019/02/20 11:03:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRIVERS

[2019/02/20 11:02:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\HELP

[2019/02/20 11:02:44 | 000,000,000 | -H-D | C] -- C:\WINDOWS\INF

[2019/02/20 11:02:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\COMMAND

[2019/02/20 10:54:28 | 000,000,000 | R--D | C] -- C:\Program Files\Windows Media Player

[2019/02/20 10:54:28 | 000,000,000 | R--D | C] -- C:\Program Files

[2019/02/20 10:54:28 | 000,000,000 | R--D | C] -- C:\Program Files\Outlook Express

[2019/02/20 10:54:28 | 000,000,000 | R--D | C] -- C:\Program Files\NetMeeting

[2019/02/20 10:54:28 | 000,000,000 | R--D | C] -- C:\Program Files\Common Files\Microsoft Shared

[2019/02/20 10:54:28 | 000,000,000 | R--D | C] -- C:\Program Files\Accessories

[2019/02/20 10:54:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\SYSTEM

[2019/02/20 10:54:28 | 000,000,000 | ---D | C] -- C:\Program Files\PLUS!

[2019/02/20 10:54:28 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer

[2019/02/20 10:54:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files

[2019/02/20 10:54:28 | 000,000,000 | ---D | C] -- C:\Program Files\CHAT

[2019/02/20 10:54:24 | 000,000,000 | ---D | C] -- C:\WINDOWS

[2010/05/17 10:05:20 | 000,571,392 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\jilly.BLUE_MOUNTAINS.000\Desktop\OTL.exe

[2010/05/17 10:04:53 | 000,258,560 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\jilly.BLUE_MOUNTAINS.000\Desktop\OTH.scr

[2010/05/15 10:52:59 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/05/15 10:52:58 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/05/15 09:47:53 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\jilly.BLUE_MOUNTAINS.000\Desktop\mbam-setup-1.46.exe

[2010/05/12 23:12:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\tmpcopy

[2010/05/12 20:52:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates

[2010/05/12 20:44:20 | 000,455,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys

[2010/05/12 20:44:12 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll

[2010/05/12 20:44:12 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll

[2010/05/12 20:44:10 | 001,985,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll

[2010/05/12 20:42:02 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iyuv_32.dll

[2010/05/12 20:42:02 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsbyuv.dll

[2010/05/12 20:41:45 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msyuv.dll

[2010/05/12 20:32:21 | 002,146,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe

[2010/05/12 20:32:20 | 002,189,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe

[2010/05/12 20:32:20 | 002,024,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe

[2010/05/12 20:28:49 | 000,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys

[2010/05/12 20:22:09 | 000,044,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups2.dll

[2010/05/12 20:22:08 | 000,015,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui

[2010/05/12 20:10:58 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\jilly.BLUE_MOUNTAINS.000\PrivacIE

[2010/05/12 20:08:22 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\jilly.BLUE_MOUNTAINS.000\IETldCache

[2010/05/12 19:43:25 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8

[2010/05/12 19:31:06 | 000,000,000 | -H-D | C] -- C:\$AVG

[2010/05/12 19:20:48 | 000,242,896 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys

[2010/05/12 19:20:48 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll

[2010/05/12 19:20:41 | 000,216,200 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys

[2010/05/12 19:20:39 | 000,029,512 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys

[2010/05/12 19:20:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg

[2010/05/12 19:20:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg9

[2010/05/12 19:20:18 | 000,000,000 | ---D | C] -- C:\Program Files\AVG

[2010/05/12 18:48:52 | 000,000,000 | ---D | C] -- C:\RRTVAULT

[2010/05/12 18:24:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works

[2010/05/12 18:24:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio

[2010/05/12 18:24:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync

[2010/05/12 18:23:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET

[2010/05/12 16:40:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Sun

[2010/05/12 16:40:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2010/05/12 16:40:16 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll

[2010/05/12 16:40:16 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe

[2010/05/12 16:40:16 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe

[2010/05/12 16:40:16 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

[2010/05/12 16:22:21 | 000,000,000 | -H-D | C] -- C:\Config.msi

[2010/05/12 15:42:43 | 000,000,000 | ---D | C] -- C:\Program Files\Digital Protection

[2010/05/12 14:06:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch

[2010/05/12 14:02:32 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winzm.ime

[2010/05/12 14:02:32 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsp.ime

[2010/05/12 14:02:32 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpy.ime

[2010/05/12 14:02:31 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wingb.ime

[2010/05/12 14:02:31 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winime.ime

[2010/05/12 14:02:30 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winar30.ime

[2010/05/12 14:02:30 | 000,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll

[2010/05/12 14:02:30 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys

[2010/05/12 14:02:29 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamreg51.dll

[2010/05/12 14:02:29 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamps51.dll

[2010/05/12 14:02:28 | 000,364,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svc.dll

[2010/05/12 14:02:28 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wam51.dll

[2010/05/12 14:02:28 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ext.dll

[2010/05/12 14:02:28 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svapi.dll

[2010/05/12 14:02:28 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ctrs51.dll

[2010/05/12 14:02:27 | 000,426,041 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicepad.dll

[2010/05/12 14:02:27 | 000,086,073 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicesub.dll

[2010/05/12 14:02:27 | 000,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll

[2010/05/12 14:02:24 | 000,103,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uihelper.dll

[2010/05/12 14:02:24 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniime.dll

[2010/05/12 14:02:24 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unicdime.ime

[2010/05/12 14:02:23 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe

[2010/05/12 14:02:22 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tools.dll

[2010/05/12 14:02:22 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll

[2010/05/12 14:02:21 | 000,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime

[2010/05/12 14:02:21 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe

[2010/05/12 14:02:21 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll

[2010/05/12 14:02:21 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe

[2010/05/12 14:02:20 | 000,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys

[2010/05/12 14:02:20 | 000,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys

[2010/05/12 14:02:20 | 000,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys

[2010/05/12 14:02:18 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\svcext51.dll

[2010/05/12 14:02:17 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sspifilt.dll

[2010/05/12 14:02:17 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ssinc51.dll

[2010/05/12 14:02:17 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\status.dll

[2010/05/12 14:02:16 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll

[2010/05/12 14:02:15 | 000,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll

[2010/05/12 14:02:14 | 000,188,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpsmir.dll

[2010/05/12 14:02:14 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpthrd.dll

[2010/05/12 14:02:14 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll

[2010/05/12 14:02:14 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmptrap.exe

[2010/05/12 14:02:14 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll

[2010/05/12 14:02:13 | 000,456,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsvc.dll

[2010/05/12 14:02:13 | 000,358,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpincl.dll

[2010/05/12 14:02:13 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpcl.dll

[2010/05/12 14:02:13 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmp.exe

[2010/05/12 14:02:13 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpmib.dll

[2010/05/12 14:02:12 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll

[2010/05/12 14:02:12 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpapi.dll

[2010/05/12 14:02:12 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll

[2010/05/12 14:02:12 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll

[2010/05/12 14:02:11 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smi2smir.exe

[2010/05/12 14:02:11 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll

[2010/05/12 14:02:11 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll

[2010/05/12 14:02:11 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll

[2010/05/12 14:02:11 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll

[2010/05/12 14:02:11 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll

[2010/05/12 14:02:11 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll

[2010/05/12 14:02:10 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll

[2010/05/12 14:02:10 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll

[2010/05/12 14:02:10 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll

[2010/05/12 14:02:10 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll

[2010/05/12 14:02:10 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll

[2010/05/12 14:02:10 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll

[2010/05/12 14:02:10 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll

[2010/05/12 14:02:10 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll

[2010/05/12 14:02:09 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll

[2010/05/12 14:02:06 | 000,221,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\seo.dll

[2010/05/12 14:02:06 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll

[2010/05/12 14:02:06 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll

[2010/05/12 14:02:05 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll

[2010/05/12 14:02:05 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll

[2010/05/12 14:02:05 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rwnh.dll

[2010/05/12 14:02:04 | 000,029,184 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll

[2010/05/12 14:02:04 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rw001ext.dll

[2010/05/12 14:02:03 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\romanime.ime

[2010/05/12 14:02:03 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcref.dll

[2010/05/12 14:02:02 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe

[2010/05/12 14:02:02 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe

[2010/05/12 14:02:01 | 000,020,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ramdisk.sys

[2010/05/12 14:02:00 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quick.ime

[2010/05/12 14:02:00 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe

[2010/05/12 14:02:00 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe

[2010/05/12 14:01:59 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pwsdata.dll

[2010/05/12 14:01:58 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll

[2010/05/12 14:01:58 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll

[2010/05/12 14:01:58 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll

[2010/05/12 14:01:57 | 000,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime

[2010/05/12 14:01:57 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe

[2010/05/12 14:01:57 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll

[2010/05/12 14:01:57 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlcsd.dll

[2010/05/12 14:01:56 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phon.ime

[2010/05/12 14:01:56 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\permchk.dll

[2010/05/12 14:01:55 | 000,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll

[2010/05/12 14:01:55 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pagecnt.dll

[2010/05/12 14:01:55 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs404.dll

[2010/05/12 14:01:55 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs804.dll

[2010/05/12 14:01:55 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll

[2010/05/12 14:01:52 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll

[2010/05/12 14:01:51 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nextlink.dll

[2010/05/12 14:01:51 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nsepm.dll

[2010/05/12 14:01:48 | 000,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll

[2010/05/12 14:01:48 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtstocom.exe

[2010/05/12 14:01:44 | 001,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex

[2010/05/12 14:01:44 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll

[2010/05/12 14:01:38 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migregdb.exe

[2010/05/12 14:01:37 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys

[2010/05/12 14:01:37 | 000,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll

[2010/05/12 14:01:37 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\metada51.dll

[2010/05/12 14:01:37 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mdsync.dll

[2010/05/12 14:01:36 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll

[2010/05/12 14:01:36 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\md5filt.dll

[2010/05/12 14:01:35 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lpdsvc.dll

[2010/05/12 14:01:35 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logscrpt.dll

[2010/05/12 14:01:35 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lprmon.dll

[2010/05/12 14:01:35 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lonsint.dll

[2010/05/12 14:01:34 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lmmib2.dll

[2010/05/12 14:01:33 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll

[2010/05/12 14:01:32 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll

[2010/05/12 14:01:32 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll

[2010/05/12 14:01:32 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll

[2010/05/12 14:01:31 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll

[2010/05/12 14:01:31 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll

[2010/05/12 14:01:31 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll

[2010/05/12 14:01:31 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll

[2010/05/12 14:01:31 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll

[2010/05/12 14:01:31 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll

[2010/05/12 14:01:31 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll

[2010/05/12 14:01:30 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll

[2010/05/12 14:01:30 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll

[2010/05/12 14:01:30 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41a.dll

[2010/05/12 14:01:30 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41j.dll

[2010/05/12 14:01:30 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll

[2010/05/12 14:01:30 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll

[2010/05/12 14:01:29 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdibm02.dll

[2010/05/12 14:01:29 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll

[2010/05/12 14:01:29 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll

[2010/05/12 14:01:29 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll

[2010/05/12 14:01:29 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll

[2010/05/12 14:01:29 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll

[2010/05/12 14:01:29 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll

[2010/05/12 14:01:29 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll

[2010/05/12 14:01:28 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdax2.dll

[2010/05/12 14:01:28 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll

[2010/05/12 14:01:28 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll

[2010/05/12 14:01:28 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll

[2010/05/12 14:01:28 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll

[2010/05/12 14:01:27 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106n.dll

[2010/05/12 14:01:27 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll

[2010/05/12 14:01:27 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll

[2010/05/12 14:01:27 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll

[2010/05/12 14:01:27 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll

[2010/05/12 14:01:27 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll

[2010/05/12 14:01:27 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll

[2010/05/12 14:01:26 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iscomlog.dll

[2010/05/12 14:01:26 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll

[2010/05/12 14:01:26 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iwrps.dll

[2010/05/12 14:01:26 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isapips.dll

[2010/05/12 14:01:26 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101.dll

[2010/05/12 14:01:25 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iprip.dll

[2010/05/12 14:01:24 | 000,315,455 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskf.dll

[2010/05/12 14:01:24 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infocomm.dll

[2010/05/12 14:01:24 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoctrs.dll

[2010/05/12 14:01:23 | 000,471,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll

[2010/05/12 14:01:23 | 000,102,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imlang.dll

[2010/05/12 14:01:23 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe

[2010/05/12 14:01:22 | 000,274,489 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputyc.dll

[2010/05/12 14:01:22 | 000,262,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputy.exe

[2010/05/12 14:01:22 | 000,233,527 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjprw.exe

[2010/05/12 14:01:22 | 000,208,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpmig.exe

[2010/05/12 14:01:22 | 000,045,109 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe

[2010/05/12 14:01:21 | 000,716,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcus.dll

[2010/05/12 14:01:21 | 000,307,257 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.exe

[2010/05/12 14:01:21 | 000,155,705 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdsvr.exe

[2010/05/12 14:01:21 | 000,081,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.dll

[2010/05/12 14:01:21 | 000,057,398 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe

[2010/05/12 14:01:20 | 000,811,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81k.dll

[2010/05/12 14:01:20 | 000,368,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcic.dll

[2010/05/12 14:01:20 | 000,340,023 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81.ime

[2010/05/12 14:01:20 | 000,311,359 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe

[2010/05/12 14:01:20 | 000,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll

[2010/05/12 14:01:19 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrcic.dll

[2010/05/12 14:01:19 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekr61.ime

[2010/05/12 14:01:19 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmbx.dll

[2010/05/12 14:01:19 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe

[2010/05/12 14:01:19 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iissync.exe

[2010/05/12 14:01:18 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iische51.dll

[2010/05/12 14:01:18 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iislog51.dll

[2010/05/12 14:01:18 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisclex4.dll

[2010/05/12 14:01:18 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iiscrmap.dll

[2010/05/12 14:01:18 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisfecnv.dll

[2010/05/12 14:01:18 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismui.dll

[2010/05/12 14:01:17 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisadmin.dll

[2010/05/12 14:01:14 | 010,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll

[2010/05/12 14:01:07 | 010,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll

[2010/05/12 14:01:06 | 000,268,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpext.dll

[2010/05/12 14:01:06 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpod51.dll

[2010/05/12 14:01:06 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpmb51.dll

[2010/05/12 14:01:05 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hostmib.dll

[2010/05/12 14:01:05 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll

[2010/05/12 14:01:04 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gzip.dll

[2010/05/12 14:01:03 | 000,400,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsxp32.dll

[2010/05/12 14:01:03 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxstiff.dll

[2010/05/12 14:01:03 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxst30.dll

[2010/05/12 14:01:03 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxswzrd.dll

[2010/05/12 14:01:03 | 000,154,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsui.dll

[2010/05/12 14:01:02 | 000,562,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsst.dll

[2010/05/12 14:01:02 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssvc.exe

[2010/05/12 14:01:02 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll

[2010/05/12 14:01:02 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsmon.dll

[2010/05/12 14:01:02 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe

[2010/05/12 14:01:02 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsperf.dll

[2010/05/12 14:01:02 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsres.dll

[2010/05/12 14:01:01 | 000,285,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscomex.dll

[2010/05/12 14:01:01 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscover.exe

[2010/05/12 14:01:01 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll

[2010/05/12 14:01:01 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscom.dll

[2010/05/12 14:01:01 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsevent.dll

[2010/05/12 14:01:01 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsdrv.dll

[2010/05/12 14:01:01 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsext32.dll

[2010/05/12 14:01:00 | 000,451,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsapi.dll

[2010/05/12 14:01:00 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclnt.exe

[2010/05/12 14:01:00 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsv251.dll

[2010/05/12 14:01:00 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll

[2010/05/12 14:00:59 | 000,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmdll.dll

[2010/05/12 14:00:59 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpctrs2.dll

[2010/05/12 14:00:59 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpmib.dll

[2010/05/12 14:00:59 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll

[2010/05/12 14:00:58 | 000,024,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmcgi.exe

[2010/05/12 14:00:58 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe

[2010/05/12 14:00:57 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll

[2010/05/12 14:00:57 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\f3ahvoas.dll

[2010/05/12 14:00:56 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntagnt.dll

[2010/05/12 14:00:56 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntwin.exe

[2010/05/12 14:00:56 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntcmd.exe

[2010/05/12 14:00:56 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\exstrace.dll

[2010/05/12 14:00:55 | 000,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll

[2010/05/12 14:00:55 | 000,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll

[2010/05/12 14:00:55 | 000,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll

[2010/05/12 14:00:55 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys

[2010/05/12 14:00:49 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dayi.ime

[2010/05/12 14:00:49 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\davcdata.exe

[2010/05/12 14:00:47 | 000,057,399 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cplexe.exe

[2010/05/12 14:00:47 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\convlog.exe

[2010/05/12 14:00:47 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\counters.dll

[2010/05/12 14:00:47 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe

[2010/05/12 14:00:46 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\controt.dll

[2010/05/12 14:00:46 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\compfilt.dll

[2010/05/12 14:00:45 | 000,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe

[2010/05/12 14:00:44 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll

[2010/05/12 14:00:44 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll

[2010/05/12 14:00:44 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll

[2010/05/12 14:00:44 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime

[2010/05/12 14:00:43 | 001,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll

[2010/05/12 14:00:43 | 000,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll

[2010/05/12 14:00:42 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chajei.ime

[2010/05/12 14:00:42 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe

[2010/05/12 14:00:42 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe

[2010/05/12 14:00:42 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe

[2010/05/12 14:00:42 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe

[2010/05/12 14:00:41 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys

[2010/05/12 14:00:41 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll

[2010/05/12 14:00:40 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_g18030.dll

[2010/05/12 14:00:40 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll

[2010/05/12 14:00:31 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browscap.dll

[2010/05/12 14:00:29 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\authfilt.dll

[2010/05/12 14:00:27 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asp51.dll

[2010/05/12 14:00:27 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asptxn.dll

[2010/05/12 14:00:27 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aspperf.dll

[2010/05/12 14:00:26 | 000,331,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aqueue.dll

[2010/05/12 14:00:26 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\appconf.dll

[2010/05/12 14:00:26 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll

[2010/05/12 14:00:25 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0804.dll

[2010/05/12 14:00:25 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0412.dll

[2010/05/12 14:00:25 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0411.dll

[2010/05/12 14:00:25 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040d.dll

[2010/05/12 14:00:25 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0404.dll

[2010/05/12 14:00:25 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0401.dll

[2010/05/12 14:00:23 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adrot.dll

[2010/05/12 14:00:23 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admexs.dll

[2010/05/12 14:00:23 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admxprox.dll

[2010/05/12 14:00:23 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll

[2010/05/12 14:00:19 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptsat.dll

[2010/05/12 14:00:19 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamregps.dll

[2010/05/12 14:00:18 | 000,032,827 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptest.exe

[2010/05/12 14:00:18 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\staxmem.dll

[2010/05/12 14:00:17 | 002,134,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsnap.dll

[2010/05/12 14:00:17 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpadm.dll

[2010/05/12 14:00:17 | 000,016,437 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.exe

[2010/05/12 14:00:16 | 000,020,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.dll

[2010/05/12 14:00:13 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logui.ocx

[2010/05/12 14:00:12 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isatq.dll

[2010/05/12 14:00:12 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetsloc.dll

[2010/05/12 14:00:12 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoadmn.dll

[2010/05/12 14:00:12 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.exe

[2010/05/12 14:00:11 | 000,829,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.dll

[2010/05/12 14:00:11 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisui.dll

[2010/05/12 14:00:11 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrtl.dll

[2010/05/12 14:00:11 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstas.exe

[2010/05/12 14:00:11 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstap.dll

[2010/05/12 14:00:10 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisext51.dll

[2010/05/12 14:00:10 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismap.dll

[2010/05/12 14:00:10 | 000,020,538 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpremadm.exe

[2010/05/12 14:00:10 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisreset.exe

[2010/05/12 14:00:10 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsapi2.dll

[2010/05/12 14:00:09 | 000,598,071 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmc.dll

[2010/05/12 14:00:09 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmcsat.dll

[2010/05/12 14:00:09 | 000,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpexedll.dll

[2010/05/12 14:00:08 | 000,876,653 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awel.dll

[2010/05/12 14:00:08 | 000,188,494 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpcount.exe

[2010/05/12 14:00:08 | 000,109,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98swin.exe

[2010/05/12 14:00:08 | 000,049,212 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awebs.dll

[2010/05/12 14:00:08 | 000,014,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98sadm.exe

[2010/05/12 14:00:07 | 000,147,513 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4apws.dll

[2010/05/12 14:00:07 | 000,102,509 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4atxt.dll

[2010/05/12 14:00:07 | 000,049,210 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4areg.dll

[2010/05/12 14:00:07 | 000,041,020 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avnb.dll

[2010/05/12 14:00:07 | 000,032,826 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avss.dll

[2010/05/12 14:00:06 | 000,184,435 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4amsft.dll

[2010/05/12 14:00:06 | 000,082,035 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4anscp.dll

[2010/05/12 14:00:05 | 000,275,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certwiz.ocx

[2010/05/12 14:00:05 | 000,188,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cfgwiz.exe

[2010/05/12 14:00:05 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cnfgprts.ocx

[2010/05/12 14:00:05 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\coadmin.dll

[2010/05/12 14:00:04 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certmap.ocx

[2010/05/12 14:00:04 | 000,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.dll

[2010/05/12 14:00:04 | 000,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.exe

[2010/05/12 14:00:03 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adsiis51.dll

[2010/05/12 14:00:03 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admwprox.dll

[2010/05/12 14:00:03 | 000,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.exe

[2010/05/12 14:00:02 | 000,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.dll

[2010/05/12 13:35:24 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll

[2010/05/12 13:35:24 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll

[2010/05/12 13:35:24 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll

[2010/05/12 13:35:24 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll

[2010/05/12 11:56:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\dllcache

[2010/05/12 11:55:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\CatRoot2

[2010/05/10 21:48:30 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0

[2010/05/08 23:11:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/05/05 09:11:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\PRAGMAvrpvccimuw

[2010/05/05 09:10:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jilly.BLUE_MOUNTAINS.000\Local Settings\Application Data\nlfofeppu

[2010/05/05 09:10:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jilly.BLUE_MOUNTAINS.000\Local Settings\Application Data\mbwlfsffy

[2010/04/27 16:49:49 | 000,000,000 | R--D | C] -- C:\Documents and Settings\jilly.BLUE_MOUNTAINS.000\Application Data\Brother

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2020/02/19 19:36:44 | 000,000,030 | ---- | M] () -- C:\CONFIG.SYS

[2020/02/19 18:01:40 | 000,006,792 | ---- | M] () -- C:\SPIN_LOG.C

[2020/02/19 18:01:40 | 000,000,572 | -HS- | M] () -- C:\SPINRITE.FIF

[2020/02/19 12:16:16 | 000,272,054 | -HS- | M] () -- C:\SCDOS.BAK

[2020/02/19 11:19:24 | 000,011,079 | -H-- | M] () -- C:\Program Files\folder.htt

[2019/02/20 11:16:56 | 000,001,676 | ---- | M] () -- C:\MSDOS.SYS

[2019/02/20 11:10:50 | 000,005,166 | -HS- | M] () -- C:\SUHDLOG.DAT

[2019/02/20 10:54:02 | 000,000,022 | -HS- | M] () -- C:\MSDOS.---

[2010/05/17 10:05:25 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jilly.BLUE_MOUNTAINS.000\Desktop\OTL.exe

[2010/05/17 10:04:53 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jilly.BLUE_MOUNTAINS.000\Desktop\OTH.scr

[2010/05/16 15:41:29 | 060,032,049 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm

[2010/05/16 15:39:40 | 000,438,918 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010/05/16 15:39:40 | 000,378,264 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/05/16 15:39:40 | 000,054,096 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010/05/16 15:35:44 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/05/16 15:35:05 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/05/16 15:35:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/05/16 02:43:43 | 011,534,336 | ---- | M] () -- C:\Documents and Settings\jilly.BLUE_MOUNTAINS.000\ntuser.dat

[2010/05/16 02:43:43 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\jilly.BLUE_MOUNTAINS.000\ntuser.ini

[2010/05/15 10:53:01 | 000,000,703 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/05/15 09:47:53 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\jilly.BLUE_MOUNTAINS.000\Desktop\mbam-setup-1.46.exe

[2010/05/15 09:41:20 | 000,001,697 | ---- | M] () -- C:\WINDOWS\WININIT.INI

[2010/05/13 21:52:51 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2010/05/13 08:58:41 | 000,000,269 | ---- | M] () -- C:\Fold.reg

[2010/05/13 08:58:41 | 000,000,115 | ---- | M] () -- C:\Reg.bat

[2010/05/12 21:05:07 | 000,266,208 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/05/12 20:57:11 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010/05/12 19:31:09 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\jilly.BLUE_MOUNTAINS.000\Desktop\Word 2003.lnk

[2010/05/12 19:20:48 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys

[2010/05/12 19:20:48 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll

[2010/05/12 19:20:48 | 000,001,514 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\AVG Free 9.0.lnk

[2010/05/12 19:20:41 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys

[2010/05/12 19:20:39 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm

[2010/05/12 19:20:39 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys

[2010/05/12 18:25:36 | 000,016,244 | ---- | M] () -- C:\WINDOWS\System32\rrt_is.wav

[2010/05/12 18:25:36 | 000,007,302 | ---- | M] () -- C:\WINDOWS\System32\rrt_vf.wav

[2010/05/12 18:25:36 | 000,007,148 | ---- | M] () -- C:\WINDOWS\System32\rrt_tv.wav

[2010/05/12 18:25:36 | 000,006,282 | ---- | M] () -- C:\WINDOWS\System32\rrt_tn.wav

[2010/05/12 18:24:04 | 000,000,737 | ---- | M] () -- C:\WINDOWS\ODBC.INI

[2010/05/12 16:25:41 | 000,001,555 | ---- | M] () -- C:\Documents and Settings\jilly.BLUE_MOUNTAINS.000\Desktop\CCleaner.lnk

[2010/05/12 16:21:58 | 000,000,292 | ---- | M] () -- C:\WINDOWS\SYSTEM.INI

[2010/05/12 16:13:32 | 000,070,008 | ---- | M] () -- C:\Documents and Settings\jilly.BLUE_MOUNTAINS.000\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[2010/05/12 16:12:10 | 000,000,648 | ---- | M] () -- C:\WINDOWS\win.ini

[2010/05/12 16:12:10 | 000,000,292 | ---- | M] () -- C:\WINDOWS\SYSTEM.UNV

[2010/05/12 16:12:10 | 000,000,282 | -HS- | M] () -- C:\boot.ini

[2010/05/12 14:03:39 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf

[2010/05/12 13:59:20 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx

[2010/05/12 13:59:19 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb

[2010/05/12 13:59:19 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb

[2010/05/12 13:59:06 | 000,004,346 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI

[2010/05/12 13:58:00 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest

[2010/05/12 13:58:00 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest

[2010/05/12 13:57:54 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest

[2010/05/12 13:57:54 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest

[2010/05/12 13:57:54 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest

[2010/05/12 13:57:54 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest

[2010/05/12 13:57:54 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest

[2010/05/12 13:57:54 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest

[2010/05/12 13:56:35 | 000,022,748 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat

[2010/05/12 13:53:59 | 000,004,444 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF

[2010/05/05 09:39:07 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\qzanlkzy.sys

[2010/04/30 16:54:47 | 000,000,153 | ---- | M] () -- C:\Documents and Settings\jilly.BLUE_MOUNTAINS.000\webct_upload_applet.properties

[2010/04/30 14:39:36 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\iTunes.lnk

[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/04/18 11:40:47 | 008,015,121 | ---- | M] () -- C:\Documents and Settings\jilly.BLUE_MOUNTAINS.000\Desktop\XTC_-_Senses_Working_Overtime.mp3

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2020/02/19 19:36:44 | 000,000,030 | ---- | C] () -- C:\CONFIG.SYS

[2020/02/19 19:36:26 | 000,272,054 | -HS- | C] () -- C:\SCDOS.BAK

[2020/02/19 18:01:40 | 000,006,792 | ---- | C] () -- C:\SPIN_LOG.C

[2020/02/19 18:01:40 | 000,000,572 | -HS- | C] () -- C:\SPINRITE.FIF

[2020/02/19 12:16:14 | 000,272,054 | -HS- | C] () -- C:\SCDOS.SYS

[2020/02/19 12:16:03 | 000,032,768 | -HS- | C] () -- C:\SYSIOMGR.SYS

[2020/02/19 11:19:22 | 000,011,079 | -H-- | C] () -- C:\Program Files\folder.htt

[2019/02/20 11:16:56 | 000,001,676 | ---- | C] () -- C:\MSDOS.SYS

[2019/02/20 11:10:50 | 000,005,166 | -HS- | C] () -- C:\SUHDLOG.DAT

[2019/02/20 10:54:02 | 000,000,022 | -HS- | C] () -- C:\MSDOS.---

[2010/05/15 10:53:01 | 000,000,703 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/05/13 21:52:51 | 000,000,000 | RHS- | C] () -- C:\IO.SYS

[2010/05/13 08:58:41 | 000,000,269 | ---- | C] () -- C:\Fold.reg

[2010/05/13 08:58:41 | 000,000,115 | ---- | C] () -- C:\Reg.bat

[2010/05/12 19:20:48 | 000,001,514 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\AVG Free 9.0.lnk

[2010/05/12 19:20:39 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm

[2010/05/12 19:20:35 | 060,032,049 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm

[2010/05/12 18:25:36 | 000,016,244 | ---- | C] () -- C:\WINDOWS\System32\rrt_is.wav

[2010/05/12 18:25:36 | 000,007,302 | ---- | C] () -- C:\WINDOWS\System32\rrt_vf.wav

[2010/05/12 18:25:36 | 000,007,148 | ---- | C] () -- C:\WINDOWS\System32\rrt_tv.wav

[2010/05/12 18:25:36 | 000,006,282 | ---- | C] () -- C:\WINDOWS\System32\rrt_tn.wav

[2010/05/12 16:25:41 | 000,001,555 | ---- | C] () -- C:\Documents and Settings\jilly.BLUE_MOUNTAINS.000\Desktop\CCleaner.lnk

[2010/05/12 14:02:38 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls

[2010/05/12 14:01:58 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls

[2010/05/12 14:01:58 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls

[2010/05/12 14:01:56 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll

[2010/05/12 14:01:34 | 000,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls

[2010/05/12 14:01:33 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex

[2010/05/12 14:01:23 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe

[2010/05/12 14:01:22 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe

[2010/05/12 14:01:19 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex

[2010/05/12 14:01:10 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll

[2010/05/12 14:01:05 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex

[2010/05/12 14:00:59 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll

[2010/05/12 14:00:44 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll

[2010/05/12 14:00:40 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls

[2010/05/12 14:00:40 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls

[2010/05/12 14:00:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls

[2010/05/12 14:00:39 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls

[2010/05/12 14:00:39 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls

[2010/05/12 14:00:39 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls

[2010/05/12 14:00:39 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls

[2010/05/12 14:00:38 | 000,180,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls

[2010/05/12 14:00:38 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls

[2010/05/12 14:00:38 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls

[2010/05/12 14:00:38 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls

[2010/05/12 14:00:38 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls

[2010/05/12 14:00:38 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls

[2010/05/12 14:00:38 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls

[2010/05/12 14:00:38 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls

[2010/05/12 14:00:37 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls

[2010/05/12 14:00:37 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls

[2010/05/12 14:00:37 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls

[2010/05/12 14:00:37 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls

[2010/05/12 14:00:37 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls

[2010/05/12 14:00:37 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls

[2010/05/12 14:00:37 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls

[2010/05/12 14:00:37 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls

[2010/05/12 14:00:36 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls

[2010/05/12 14:00:36 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls

[2010/05/12 14:00:36 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls

[2010/05/12 14:00:36 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls

[2010/05/12 14:00:36 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls

[2010/05/12 14:00:36 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls

[2010/05/12 14:00:36 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls

[2010/05/12 14:00:35 | 000,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls

[2010/05/12 14:00:35 | 000,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls

[2010/05/12 14:00:35 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls

[2010/05/12 14:00:35 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls

[2010/05/12 14:00:35 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls

[2010/05/12 14:00:35 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls

[2010/05/12 14:00:35 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls

[2010/05/12 14:00:34 | 000,189,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls

[2010/05/12 14:00:34 | 000,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls

[2010/05/12 14:00:34 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls

[2010/05/12 14:00:34 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls

[2010/05/12 14:00:33 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls

[2010/05/12 14:00:33 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls

[2010/05/12 14:00:33 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls

[2010/05/12 14:00:33 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls

[2010/05/12 14:00:33 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls

[2010/05/12 14:00:33 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls

[2010/05/12 14:00:33 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls

[2010/05/12 14:00:33 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls

[2010/05/12 14:00:32 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls

[2010/05/12 14:00:32 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls

[2010/05/12 14:00:32 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls

[2010/05/12 14:00:32 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls

[2010/05/12 14:00:32 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls

[2010/05/12 14:00:32 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls

[2010/05/12 14:00:32 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls

[2010/05/12 14:00:31 | 000,195,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls

[2010/05/12 14:00:31 | 000,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls

[2010/05/12 14:00:31 | 000,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls

[2010/05/12 14:00:30 | 000,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls

[2010/05/12 13:58:00 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest

[2010/05/12 13:57:54 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest

[2010/05/12 13:57:54 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest

[2010/05/12 13:57:54 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest

[2010/05/12 13:57:54 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest

[2010/05/12 13:57:54 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest

[2010/05/12 13:35:02 | 000,144,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat

[2010/05/12 13:35:02 | 000,112,918 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat

[2010/05/12 13:35:02 | 000,034,747 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat

[2010/05/12 13:35:02 | 000,026,991 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat

[2010/05/12 13:35:02 | 000,014,433 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat

[2010/05/12 13:35:02 | 000,010,027 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT

[2010/05/12 13:35:02 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT

[2010/05/12 13:35:02 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT

[2010/05/12 13:35:02 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat

[2010/05/12 13:35:01 | 001,296,669 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP3.CAT

[2010/05/12 13:35:01 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT

[2010/05/12 13:35:01 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT

[2010/05/12 13:35:01 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT

[2010/05/12 13:35:01 | 000,034,063 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT

[2010/05/12 13:35:01 | 000,016,535 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT

[2010/05/12 13:35:01 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT

[2010/05/12 13:35:01 | 000,012,363 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT

[2010/05/12 13:35:00 | 002,144,487 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT

[2010/05/12 13:35:00 | 000,522,220 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT

[2010/05/05 09:11:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\qzanlkzy.sys

[2010/04/18 11:39:46 | 008,015,121 | ---- | C] () -- C:\Documents and Settings\jilly.BLUE_MOUNTAINS.000\Desktop\XTC_-_Senses_Working_Overtime.mp3

[2010/04/13 19:18:16 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI

[2010/04/13 19:18:16 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI

[2010/04/13 19:17:51 | 000,000,226 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini

[2010/04/13 19:17:51 | 000,000,094 | ---- | C] () -- C:\WINDOWS\brpcfx.ini

[2010/04/13 19:16:28 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll

[2010/04/13 19:12:29 | 000,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini

[2010/04/05 13:23:56 | 000,279,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys

[2010/04/05 13:23:55 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys

[2009/05/11 20:47:52 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini

[2009/05/11 20:47:45 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll

[2009/05/04 02:37:22 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2009/02/12 07:30:02 | 000,190,976 | ---- | C] () -- C:\WINDOWS\System32\WgaLogon.dll

[2009/01/06 17:50:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI

[2008/12/07 14:08:04 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2008/10/07 08:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll

[2008/10/07 08:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll

[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll

[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll

[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll

[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll

[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll

[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll

[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll

[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll

[2008/09/12 16:21:02 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest

[2008/09/11 10:50:56 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll

[2008/04/27 10:33:36 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2008/01/19 12:41:56 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll

[2007/10/15 12:59:15 | 000,001,697 | ---- | C] () -- C:\WINDOWS\WININIT.INI

[2007/09/04 12:56:10 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2007/02/05 20:05:26 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI

[2006/01/13 15:41:33 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll

[2006/01/13 15:41:33 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll

[2006/01/13 15:41:33 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll

[2006/01/05 18:47:37 | 000,000,643 | ---- | C] () -- C:\WINDOWS\SIERRA.INI

[2005/12/30 15:20:54 | 000,063,488 | ---- | C] () -- C:\WINDOWS\xobglu16.dll

[2005/12/30 15:20:54 | 000,023,552 | ---- | C] () -- C:\WINDOWS\xobglu32.dll

[2005/05/20 20:36:10 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll

[2005/04/15 08:44:23 | 000,000,073 | ---- | C] () -- C:\WINDOWS\entpack.ini

[2005/03/04 15:09:34 | 000,000,512 | ---- | C] () -- C:\WINDOWS\System32\st41t4jj.dll

[2005/03/02 18:08:18 | 000,000,882 | ---- | C] () -- C:\WINDOWS\DC.ini

[2004/12/31 13:22:51 | 000,000,737 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2003/02/19 01:26:28 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll

[2002/03/04 10:16:34 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll

[1996/11/20 23:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL

========== LOP Check ==========

[2010/05/12 19:20:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg9

[2009/06/02 00:06:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Azureus

[2009/05/20 17:22:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DAEMON Tools Lite

[2009/05/09 14:54:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\EPSON

[2010/02/28 08:29:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\GameHouse

[2006/12/16 16:35:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Ideas From the Deep

[2010/04/13 19:12:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\ScanSoft

[2008/08/01 17:49:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Synthetic Reality

[2006/05/18 18:46:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\VideoEgg1

[2009/05/12 15:59:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\VistaCodecs

[2008/01/19 15:43:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\WinZip

[2009/10/19 19:31:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2009/07/18 19:01:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

[2006/05/14 14:48:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\~0

[2006/09/29 02:34:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jilly.BLUE_MOUNTAINS.000\Application Data\.limewire

[2010/03/08 11:43:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jilly.BLUE_MOUNTAINS.000\Application Data\Azureus

[2009/05/20 17:32:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jilly.BLUE_MOUNTAINS.000\Application Data\DAEMON Tools Lite

[2008/05/28 19:25:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jilly.BLUE_MOUNTAINS.000\Application Data\Dev-Cpp

[2006/12/16 16:35:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jilly.BLUE_MOUNTAINS.000\Application Data\Ideas From the Deep

[2008/01/03 14:24:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jilly.BLUE_MOUNTAINS.000\Application Data\ImgBurn

[2010/03/29 21:07:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jilly.BLUE_MOUNTAINS.000\Application Data\LimeWire

[2009/05/21 18:28:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jilly.BLUE_MOUNTAINS.000\Application Data\Nokia

[2009/05/09 14:51:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jilly.BLUE_MOUNTAINS.000\Application Data\Seven Zip

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2004/12/17 06:07:06 | 000,000,455 | ---- | M] () -- C:\AUTOEXEC.BAT

[2002/08/19 03:12:02 | 000,000,171 | ---- | M] () -- C:\AUTOEXEC.PSS

[2009/05/14 20:01:15 | 000,000,211 | -HS- | M] () -- C:\Boot.bak

[2010/05/12 16:12:10 | 000,000,282 | -HS- | M] () -- C:\boot.ini

[2004/12/12 23:33:26 | 000,072,868 | -HS- | M] () -- C:\BOOTLOG.PRV

[2004/12/12 23:53:58 | 000,072,998 | -HS- | M] () -- C:\BOOTLOG.TXT

[2004/12/27 05:17:00 | 000,000,512 | -HS- | M] () -- C:\bootsect.dos

[2010/05/12 16:31:23 | 000,175,804 | ---- | M] () -- C:\caisslog.txt

[2000/06/14 15:04:00 | 000,015,125 | ---- | M] () -- C:\CHECKMBR.EXE

[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr

[2002/08/19 03:12:02 | 000,000,032 | ---- | M] () -- C:\CONFIG.PSS

[2020/02/19 19:36:44 | 000,000,030 | ---- | M] () -- C:\CONFIG.SYS

[2004/12/08 20:20:24 | 000,000,464 | ---- | M] () -- C:\CTPNP.CFG

[2005/02/26 10:23:58 | 000,000,824 | ---- | M] () -- C:\debugInstaller.txt

[2008/06/06 17:57:49 | 003,692,090 | ---- | M] () -- C:\defs.zip

[2004/12/12 23:53:58 | 000,002,491 | ---- | M] () -- C:\FETNDI.LOG

[2010/05/13 08:58:41 | 000,000,269 | ---- | M] () -- C:\Fold.reg

[2019/02/20 11:12:44 | 000,001,010 | ---- | M] () -- C:\FRUNLOG.TXT

[2003/10/20 23:27:32 | 000,004,767 | ---- | M] () -- C:\GAMES.BAT

[2002/09/02 01:26:06 | 000,000,967 | ---- | M] () -- C:\GAMES.PIF

[1999/04/24 08:22:00 | 000,222,390 | RHS- | M] () -- C:\IO.SY0

[2010/05/13 21:52:51 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2003/06/15 18:31:38 | 000,000,004 | ---- | M] () -- C:\lotr.txt

[2004/12/27 05:04:52 | 000,000,512 | -H-- | M] () -- C:\MBR_BOOT.DAT

[2019/02/20 10:54:02 | 000,000,022 | -HS- | M] () -- C:\MSDOS.---

[2019/02/20 11:16:56 | 000,001,676 | ---- | M] () -- C:\MSDOS.SYS

[2002/03/04 00:24:28 | 000,000,194 | ---- | M] () -- C:\MSINPUT.INI

[2004/12/18 22:27:12 | 010,979,154 | ---- | M] () -- C:\My Documents.zip

[2002/05/06 04:57:30 | 000,021,937 | -HS- | M] () -- C:\NETLOG.TXT

[2009/06/04 10:04:15 | 000,452,976 | ---- | M] () -- C:\new_log.html

[2009/06/05 21:21:19 | 000,000,154 | ---- | M] () -- C:\nslookup.txt

[2008/04/14 22:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM

[2008/04/14 22:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr

[2010/05/16 15:34:56 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys

[2010/05/13 08:58:41 | 000,000,115 | ---- | M] () -- C:\Reg.bat

[2003/10/02 21:40:16 | 000,004,944 | ---- | M] () -- C:\Rescued Document.txt

[2004/12/26 08:30:44 | 000,158,183 | ---- | M] () -- C:\SCANDISK.LOG

[2020/02/19 12:16:16 | 000,272,054 | -HS- | M] () -- C:\SCDOS.BAK

[2001/10/30 17:01:16 | 000,272,054 | -HS- | M] () -- C:\SCDOS.SYS

[2000/06/14 15:04:00 | 000,077,584 | -HS- | M] () -- C:\SCEDIT.SYS

[2003/06/08 04:39:14 | 000,000,369 | -HS- | M] () -- C:\SCOSW.DAT

[2003/06/08 04:29:44 | 000,014,726 | -HS- | M] () -- C:\SCOSW.LOG

[2001/10/30 17:01:16 | 000,015,845 | -HS- | M] () -- C:\SCOSW_A.SYS

[2001/10/30 17:01:16 | 000,059,333 | -HS- | M] () -- C:\SCOSW_B.SYS

[2001/10/30 17:01:16 | 000,045,115 | ---- | M] () -- C:\SCOSW_D.SYS

[1980/01/02 00:36:08 | 000,000,307 | ---- | M] () -- C:\SCTEMP.BAT

[2004/12/12 05:19:28 | 000,002,788 | ---- | M] () -- C:\SETUPXLG.TXT

[2020/02/19 18:01:40 | 000,000,572 | -HS- | M] () -- C:\SPINRITE.FIF

[2020/02/19 18:01:40 | 000,006,792 | ---- | M] () -- C:\SPIN_LOG.C

[2019/02/20 11:10:50 | 000,005,166 | -HS- | M] () -- C:\SUHDLOG.DAT

[2001/12/19 23:27:52 | 000,311,652 | -HS- | M] () -- C:\SYSCMNDR.HLP

[2002/08/19 03:37:36 | 000,439,909 | ---- | M] () -- C:\SYSCMNDR.SYS

[2001/08/28 20:51:38 | 000,032,768 | -HS- | M] () -- C:\SYSIOMGR.SYS

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\SYSTEM32\dxtmsft.dll

[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\SYSTEM32\dxtrans.dll

[2010/02/25 16:24:35 | 000,184,320 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\SYSTEM32\iepeers.dll

[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

[2010/05/12 23:32:36 | 003,555,328 | ---- | M] () -- C:\WINDOWS\SYSTEM32\config\default.sav

[2010/05/04 22:01:42 | 000,053,248 | ---- | M] () -- C:\WINDOWS\SYSTEM32\config\security.sav

[2010/05/12 23:32:36 | 031,780,864 | ---- | M] () -- C:\WINDOWS\SYSTEM32\config\software.sav

[2010/05/12 23:32:36 | 012,058,624 | ---- | M] () -- C:\WINDOWS\SYSTEM32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >

[2010/04/05 13:23:56 | 000,279,712 | ---- | M] () -- C:\WINDOWS\SYSTEM32\DRIVERS\atksgt.sys

[2010/05/12 19:20:41 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\SYSTEM32\DRIVERS\avgldx86.sys

[2010/05/12 19:20:39 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\SYSTEM32\DRIVERS\avgmfx86.sys

[2010/05/12 19:20:48 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\SYSTEM32\DRIVERS\avgtdix.sys

[2010/04/05 13:23:55 | 000,025,888 | ---- | M] () -- C:\WINDOWS\SYSTEM32\DRIVERS\lirsgt.sys

[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys

[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys

[2010/02/24 23:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\mrxsmb.sys

[2010/05/05 09:39:07 | 000,000,000 | ---- | M] () -- C:\WINDOWS\SYSTEM32\DRIVERS\qzanlkzy.sys

< End of report >

kahdah · May 17, 2010

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

DarkStorm490 · May 18, 2010

I was able to run GMER completely and successfully in safe mode. I have the ark.txt file posted below. I also downloaded and ran combofix and the log.txt file will also be posted below. Thanks for your responses!!!

GMER

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-05-18 08:10:44

Windows 5.1.2600 Service Pack 3

Running: 5j8yovhi.exe; Driver: C:\DOCUME~1\JILLYB~1.000\LOCALS~1\Temp\fwldyuow.sys

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[1180] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1180] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDAC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1180] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E473F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1180] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4671 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1180] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E46DC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1180] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4542 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1180] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E45A4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1180] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E47A2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1180] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4606 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1180] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E4AA7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x2B 0xB5 0x0B 0x74 ...

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x73 0x2B 0x08 0xB6 ...

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x35 0x96 0x11 0x8D ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x2B 0xB5 0x0B 0x74 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x73 0x2B 0x08 0xB6 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x35 0x96 0x11 0x8D ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x2B 0xB5 0x0B 0x74 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x73 0x2B 0x08 0xB6 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xBD 0x11 0x13 0x37 ...

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x2B 0xB5 0x0B 0x74 ...

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x73 0x2B 0x08 0xB6 ...

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xBD 0x11 0x13 0x37 ...

Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\

Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x2B 0xB5 0x0B 0x74 ...

Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x73 0x2B 0x08 0xB6 ...

Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xBD 0x11 0x13 0x37 ...

Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\

Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x2B 0xB5 0x0B 0x74 ...

Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x73 0x2B 0x08 0xB6 ...

Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xBD 0x11 0x13 0x37 ...

---- EOF - GMER 1.0.15 ----

ComboFix

ComboFix 10-05-16.02 - jilly 18/05/2010 8:30.3.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.928 [GMT 10:00]

Running from: c:\documents and settings\jilly.BLUE_MOUNTAINS.000\Desktop\ComboFix.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users.WINDOWS\Favorites\_favdata.dat

c:\program files\Digital Protection

c:\windows\command

c:\windows\desktop

c:\windows\Fonts\acrsec.fon

c:\windows\PRAGMAvrpvccimuw

c:\windows\PRAGMAvrpvccimuw\PRAGMAcfg.ini

c:\windows\system\Color

c:\windows\system\Drivers

c:\windows\system32\driVERs\qzanlkzy.sys

c:\windows\system32\system.dat

c:\windows\system32\Vb40032.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_PRAGMAVRPVCCIMUW

-------\Service_PRAGMAvrpvccimuw

-------\Legacy_qzanlkzy

-------\Service_qzanlkzy

((((((((((((((((((((((((( Files Created from 2010-04-18 to 2010-05-18 )))))))))))))))))))))))))))))))

.

2020-02-19 12:06 . 2009-01-19 00:15 -------- d-----w- c:\windows\system32\Adobe

2020-02-19 12:06 . 2007-10-14 20:18 -------- d-----w- c:\program files\Common Files\Adobe

2020-02-19 09:44 . 2006-12-06 01:49 -------- d-----w- C:\Bin

2020-02-19 09:26 . 2004-12-27 05:52 -------- d-----w- c:\program files\PowerArchiver

2020-02-19 09:19 . 2004-12-31 13:08 -------- d-----w- c:\windows\forms

2020-02-19 09:19 . 2007-06-15 01:50 -------- d-----w- c:\program files\Windows Messaging

2020-02-19 08:20 . 2010-04-13 09:16 -------- d--h--w- c:\program files\InstallShield Installation Information

2020-02-19 03:57 . 2009-06-30 00:10 -------- d-----w- c:\program files\Electronic Arts

2020-02-19 03:52 . 2008-11-26 12:10 -------- d-----w- c:\program files\Maxis

2020-02-19 03:05 . 2020-02-19 03:05 -------- d-----w- c:\program files\Bullfrog

2020-02-19 02:16 . 2001-10-30 07:01 272054 --sha-w- C:\SCDOS.SYS

2020-02-19 02:16 . 2001-08-28 10:51 32768 --sha-w- C:\SYSIOMGR.SYS

2020-02-19 01:32 . 2010-05-12 11:01 -------- d-sh--w- c:\windows\Installer

2020-02-19 01:31 . 2010-04-13 09:16 -------- d-----w- c:\program files\Common Files\InstallShield

2020-02-19 01:29 . 2020-02-19 01:29 -------- d--h--w- c:\windows\PrintHood

2020-02-19 01:29 . 2020-02-19 01:29 -------- d-----w- c:\windows\Local Settings

2020-02-19 01:21 . 2020-02-19 01:21 -------- d--h--w- c:\windows\NetHood

2020-02-19 01:20 . 2020-02-19 01:20 -------- d-----w- c:\windows\system\CatRoot

2020-02-19 01:20 . 2020-02-19 01:20 -------- d-s---w- c:\windows\Cookies

2020-02-19 01:20 . 2020-02-19 01:20 -------- d-----w- c:\program files\DirectX

2020-02-19 01:19 . 2020-02-19 01:19 -------- d-s---w- c:\windows\Favorites

2020-02-19 01:19 . 2010-05-12 10:21 -------- d-s---w- c:\windows\Downloaded Program Files

2020-02-19 01:18 . 2020-02-19 01:18 -------- d--h--w- c:\windows\Recent

2020-02-19 01:18 . 2004-12-31 13:08 -------- d-----w- c:\windows\SendTo

2020-02-19 01:18 . 2020-02-19 01:18 -------- d-----w- c:\windows\Start Menu

2020-02-19 01:17 . 2020-02-19 01:17 -------- d-----w- c:\windows\All Users

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2020-02-19 01:19 . 2020-02-19 01:19 11079 ---ha-w- c:\program files\folder.htt

2019-02-20 01:10 . 2019-02-20 01:10 5166 --sh--w- C:\SUHDLOG.DAT

2019-02-20 00:54 . 2019-02-20 00:54 -------- d-----w- c:\program files\PLUS!

2019-02-20 00:54 . 2019-02-20 00:54 -------- d-----w- c:\program files\CHAT

2019-02-20 00:54 . 2019-02-20 00:54 -------- d-----r- c:\program files\Accessories

2010-05-15 00:53 . 2010-05-08 13:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-05-12 22:58 . 2010-05-12 22:58 269 ----a-w- C:\Fold.reg

2010-05-12 22:58 . 2010-05-12 22:58 115 ----a-w- C:\Reg.bat

2010-05-12 11:14 . 2008-01-03 04:21 -------- d-----w- c:\program files\ImgBurn

2010-05-12 09:20 . 2010-05-12 09:20 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-05-12 09:20 . 2010-05-12 09:20 12464 ----a-w- c:\windows\system32\avgrsstx.dll

2010-05-12 09:20 . 2010-05-12 09:20 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-05-12 09:20 . 2010-05-12 09:20 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2010-05-12 09:20 . 2010-05-12 09:20 -------- d-----w- c:\program files\AVG

2010-05-12 09:20 . 2010-05-12 09:20 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\avg9

2010-05-12 08:24 . 2010-05-12 08:24 -------- d-----w- c:\program files\Microsoft Works

2010-05-12 08:24 . 2010-05-12 08:24 -------- d-----w- c:\program files\Microsoft ActiveSync

2010-05-12 08:23 . 2010-05-12 08:23 -------- d-----w- c:\program files\Microsoft.NET

2010-05-12 06:40 . 2010-05-12 06:40 -------- d-----w- c:\program files\Common Files\Java

2010-05-12 06:40 . 2010-05-12 06:40 503808 ----a-w- c:\documents and settings\jilly.BLUE_MOUNTAINS.000\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3638c153-n\msvcp71.dll

2010-05-12 06:40 . 2010-05-12 06:40 499712 ----a-w- c:\documents and settings\jilly.BLUE_MOUNTAINS.000\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3638c153-n\jmc.dll

2010-05-12 06:40 . 2010-05-12 06:40 348160 ----a-w- c:\documents and settings\jilly.BLUE_MOUNTAINS.000\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3638c153-n\msvcr71.dll

2010-05-12 06:40 . 2010-05-12 06:40 61440 ----a-w- c:\documents and settings\jilly.BLUE_MOUNTAINS.000\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-1f9f565f-n\decora-sse.dll

2010-05-12 06:40 . 2010-05-12 06:40 12800 ----a-w- c:\documents and settings\jilly.BLUE_MOUNTAINS.000\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-1f9f565f-n\decora-d3d.dll

2010-05-12 06:39 . 2005-07-23 07:14 -------- d-----w- c:\program files\Java

2010-05-12 06:30 . 2009-05-15 01:04 -------- d-----w- c:\program files\Spybot - Search & Destroy

2010-05-12 06:25 . 2008-06-06 08:18 -------- d-----w- c:\program files\CCleaner

2010-05-12 06:13 . 2006-11-12 08:46 70008 ----a-w- c:\documents and settings\jilly.BLUE_MOUNTAINS.000\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-05-12 06:08 . 2006-08-04 09:01 -------- d-----w- c:\program files\Steam

2010-05-12 06:08 . 2006-07-23 03:18 -------- d-----w- c:\program files\Google

2010-05-12 03:56 . 2004-12-31 02:48 22748 ----a-w- c:\windows\system32\emptyregdb.dat

2010-05-10 21:18 . 2006-04-21 00:37 -------- d-----w- c:\program files\MyEmoticons

2010-04-29 05:39 . 2010-05-15 00:52 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-29 05:39 . 2010-05-15 00:52 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-04-27 06:49 . 2010-04-27 06:49 -------- d-----r- c:\documents and settings\jilly.BLUE_MOUNTAINS.000\Application Data\Brother

2010-04-14 21:08 . 2010-02-08 01:36 79488 ----a-w- c:\documents and settings\jilly.BLUE_MOUNTAINS.000\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll

2010-04-13 09:26 . 2010-04-13 09:11 57 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Brother\BrLog\BrCollectDir\BR_cat.bat

2010-04-13 09:17 . 2010-04-13 09:17 50 ----a-w- c:\windows\system32\bridf06a.dat

2010-04-13 09:16 . 2010-04-13 09:16 -------- d-----w- c:\program files\Brother

2010-04-13 09:12 . 2010-04-13 09:12 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\InstallShield

2010-04-13 09:12 . 2010-04-13 09:12 -------- d-----w- c:\program files\Common Files\ScanSoft Shared

2010-04-13 09:12 . 2010-04-13 09:12 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\ScanSoft

2010-04-13 09:12 . 2010-04-13 09:12 -------- d-----w- c:\program files\ScanSoft

2010-04-13 09:10 . 2010-04-13 09:10 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Brother

2010-04-12 07:29 . 2010-05-12 06:40 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-04-05 08:19 . 2010-04-05 08:19 -------- d-----w- c:\program files\GameHouse

2010-04-05 03:23 . 2010-04-05 02:39 -------- d-----w- c:\program files\The Witcher Enhanced Edition

2010-04-05 03:23 . 2010-04-05 03:23 279712 ----a-w- c:\windows\system32\drivers\atksgt.sys

2010-04-05 03:23 . 2010-04-05 03:23 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys

2010-03-29 11:07 . 2006-11-14 07:42 -------- d-----w- c:\documents and settings\jilly.BLUE_MOUNTAINS.000\Application Data\LimeWire

2010-03-27 23:48 . 2008-11-27 02:37 -------- d-----w- c:\program files\Razor

2010-03-10 06:15 . 2008-04-14 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll

2010-02-25 06:24 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2010-02-24 13:11 . 2008-04-14 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2005-04-05 09:27 . 2005-04-05 09:27 10493 ------w- c:\program files\Chefs

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-09-04 95536]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 172032]

"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2007-09-04 54576]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-04 417792]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]

"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]

"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]

"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]

"SoundMan"="SOUNDMAN.EXE" [2006-08-02 577536]

"Malwarebytes Anti-Malware (rootkit-scan)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"_nltide_2"="shell32" [X]

"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\

NETGEAR WG311v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG311v3\wlancfg5.exe [2006-1-26 1486848]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSetActiveDesktop"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-05-12 09:20 12464 ----a-w- c:\windows\SYSTEM32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\RegCompact]

2008-04-16 04:24 165368 ----a-w- c:\windows\SYSTEM32\RegCompact.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]

path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk

backup=c:\windows\pss\MyWebSearch Email Plugin.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^jilly.BLUE_MOUNTAINS^Start Menu^Programs^Startup^Microsoft Find Fast.lnk]

path=c:\documents and settings\jilly.BLUE_MOUNTAINS\Start Menu\Programs\Startup\Microsoft Find Fast.lnk

backup=c:\windows\pss\Microsoft Find Fast.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^jilly.BLUE_MOUNTAINS^Start Menu^Programs^Startup^Office Startup.lnk]

path=c:\documents and settings\jilly.BLUE_MOUNTAINS\Start Menu\Programs\Startup\Office Startup.lnk

backup=c:\windows\pss\Office Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]

2006-06-27 21:46 622592 ------w- c:\program files\Brother\Brmfcmon\BrMfcWnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]

2006-06-29 02:18 77824 ----a-w- c:\program files\Brother\ControlCenter3\BrCtrCen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

2008-04-14 12:00 15360 ----a-w- c:\windows\SYSTEM32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2009-09-04 14:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

2009-06-11 01:04 1217784 ----a-w- c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"WMPNetworkSvc"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\DOOM Collector's Edition\\Final Doom\\Doom95.exe"=

"%windir%\\system32\\ccapp.exe"=

"c:\\Program Files\\Black Isle\\BGII - SoA\\BGMain.exe"=

"c:\\SIERRA\\Half-Life\\hl.exe"=

"c:\\SIERRA\\Counter-Strike\\cstrike.exe"=

"c:\\WINDOWS\\SYSTEM32\\dpvsetup.exe"=

"c:\\Program Files\\Sierra On-Line\\SIGSPat.exe"=

"c:\\Program Files\\Steam\\SteamApps\\phunky_jill\\half-life deathmatch source\\hl2.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Dragon Age\\bin_ship\\daorigins.exe"=

"c:\\Program Files\\Dragon Age\\DAOriginsLauncher.exe"=

"c:\\Program Files\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [12/05/2010 7:20 PM 216200]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [12/05/2010 7:20 PM 242896]

R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [12/05/2010 7:20 PM 916760]

R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [12/05/2010 7:20 PM 308064]

S0 sptd;sptd;c:\windows\SYSTEM32\DRIVERS\sptd.sys [20/05/2009 5:15 PM 721904]

S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\daupdatersvc.service.exe [26/02/2010 2:25 PM 25832]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com.au/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyServer = http=127.0.0.1:5555

uInternet Settings,ProxyOverride = <local>

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &Search

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

DPF: {BDEE1959-AB6B-4745-A29B-F492861102CC}

.

- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-morezoyeti - c:\windows\system32\vamodimu.dll

MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.5.0_08\bin\jusched.exe

AddRemove-Icy Tower v1.3.1_is1 - c:\games\icytower1.3\unins000.exe

AddRemove-{40C03514-89C3-41BA-0090-3B440256DB87} - c:\program files\EA GAMES\The Sims 2\EAUninstall.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-05-18 11:14

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(712)

c:\windows\system32\MrvGINA.dll

c:\windows\system32\Ati2evxx.dll

c:\windows\system32\RegCompact.dll

- - - - - - - > 'Explorer.exe'(3212)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\wpdshserviceobj.dll

c:\windows\system32\portabledevicetypes.dll

c:\windows\system32\portabledeviceapi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files\AVG\AVG9\avgnsx.exe

c:\program files\AVG\AVG9\avgcsrvx.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\AVG\AVG9\avgchsvx.exe

c:\program files\AVG\AVG9\avgrsx.exe

c:\program files\AVG\AVG9\avgcsrvx.exe

c:\windows\SOUNDMAN.EXE

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Completion time: 2010-05-18 11:24:41 - machine was rebooted

ComboFix-quarantined-files.txt 2010-05-18 01:24

Pre-Run: 161,855,956,480 bytes free

Post-Run: 161,885,716,992 bytes free

Current=3 Default=3 Failed=0 LastKnownGood=6 Sets=1,2,3,4,5,6

- - End Of File - - 6D870A527BB56ECB08958B77F5D0BD5E

kahdah · May 18, 2010

Looks good.

Update Run Malwarebytes

Please update\run Malwarebytes' Anti-Malware.

Double Click the Malwarebytes Anti-Malware icon to run the application.

Click on the update tab then click on Check for updates.
If an update is found, it will download and install the latest version.
Once the update has loaded, go to the Scanner tab and select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.

=====

* Go here to run an online scannner from ESET.

Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Check next options: Remove found threats and Scan unwanted applications.
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt
Copy and paste that log as a reply to this topic

DarkStorm490 · May 19, 2010

Hi,

I was not able to successfully run the online scanner from ESET. I could tick "Yes" to accept the conditions and clicked the start button. The window would then load, but nothing would appear (perhaps i'm missing something?). After a while of waiting the window and internet explorer browser closes. I did complete the MBAM scan after updating. Here is the results:

MBAM

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4111

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

18/05/2010 11:04:40 PM

mbam-log-2010-05-18 (23-04-40).txt

Scan type: Quick scan

Objects scanned: 172826

Time elapsed: 6 minute(s), 38 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

kahdah · May 19, 2010

No probably just wasn't working right.

Try to do the following one instead.

Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.

The program will install and then begin downloading the latest definition files.
After the files have been downloaded on the left side of the page in the Scan section select My Computer
This will start the program and scan your system.
The scan will take a while, so be patient and let it run.
Once the scan is complete, click on View scan report
Now, click on the Save Report as button.
Save the file to your desktop.
Copy and paste that information in your next post.

DarkStorm490 · May 20, 2010

Hello,

Here is the scan results. Thanks.

KASPERSKY ONLINE SCANNER 7.0: scan report

Friday, May 21, 2010

Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)

Kaspersky Online Scanner version: 7.0.26.13

Last database update: Wednesday, May 19, 2010 22:30:03

Records in database: 4139978

Scan settings

scan using the following database extended

Scan archives yes

Scan e-mail databases yes

Scan area My Computer

A:\

C:\

D:\

F:\

Scan statistics

Objects scanned 196417

Threats found 2

Infected objects found 1

Suspicious objects found 1

Scan duration 07:10:25

File name Threat Threats count

C:\Documents and Settings\jilly\Local Settings\Application Data\Identities\{B076055B-E877-4EDF-95F0-7E8268D06877}\Microsoft\Outlook Express\Copy of Inbox.db Suspicious: Exploit.HTML.Iframe.FileDownload 1

C:\Documents and Settings\jilly\Local Settings\Application Data\Identities\{B076055B-E877-4EDF-95F0-7E8268D06877}\Microsoft\Outlook Express\Copy of Inbox.db Infected: Email-Worm.Win32.Klez.h 1

Selected area has been scanned.

kahdah · May 21, 2010

From within Outlook Express see if there is a folder called Copy of Inbox empty out any suspicious looking email's that you see.

Let me know if things are back to normal.

Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Under the Standard Registry box change it to All.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

DarkStorm490 · May 21, 2010

Hello,

Things seem to have been running normal, which is great. Anti-virus isn't picking anything up like it used to. As for Outlook Express. I cannot remember the last time it was used (would have been years ago). I opened it and checked for a folder titled "copy of inbox" but could not find anything. There were was one email from microsoft welcoming me to outlook express in the inbox folder. I deleted that. There was also an email in the drafts or sent box (forgive me, I just forgot where it was) that seemed a bit weird, but I deleted that as well.

I will run OTL right now and post the results.

Thanks for your help!

DarkStorm490 · May 21, 2010

OTL.txt

OTL logfile created on: 21/05/2010 11:46:50 PM - Run 2

OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\jilly.BLUE_MOUNTAINS.000\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 54.00% Memory free

3.00 Gb Paging File | 2.00 Gb Available in Paging File | 75.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 296.09 Gb Total Space | 150.70 Gb Free Space | 50.90% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: LITTLE_JILLYS

Current User Name: jilly

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\jilly.BLUE_MOUNTAINS.000\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

PRC - C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)

PRC - C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe ()

PRC - C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (ScanSoft, Inc.)

PRC - C:\Program Files\Microsoft IntelliType Pro\type32.exe (Microsoft Corporation)