Jump to content

Recommended Posts

Im having hard time with this virus. I format my pc couple of times already but it keeps coming back from my other hard disk when opened I guess. The virus will make my .exe file corrupt or unrunnable and I cant install any anti virus nor visit any site with online scan.

My HJT log

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:04:25 PM, on 10/10/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\system32\spoolsv.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\Explorer.EXE

D:\WINDOWS\system32\msiexec.exe

D:\WINDOWS\VistaDrive\VistaDrive.exe

D:\Program Files\Unlocker\UnlockerAssistant.exe

D:\Program Files\LClock\LClock.exe

D:\WINDOWS\system32\CTFMON.EXE

D:\WINDOWS\system32\wuauclt.exe

D:\Program Files\AutorunRemover\AutorunRemover.exe

D:\Program Files\Opera\opera.exe

D:\DOCUME~1\Overload\LOCALS~1\Temp\cbncyj.exe

D:\Program Files\Internet Download Manager\IEMonitor.exe

D:\Program Files\Garena Messenger\GarenaMessenger.exe

D:\Program Files\Internet Download Manager\IDMan.exe

D:\Documents and Settings\Overload\My Documents\Downloads\Programs\OTL.exe

D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files\Internet Download Manager\IDMIECC.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] "D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [VistaDrive] D:\WINDOWS\VistaDrive\VistaDrive.exe

O4 - HKLM\..\Run: [unlockerAssistant] D:\Program Files\Unlocker\UnlockerAssistant.exe -H

O4 - HKLM\..\Run: [LClock] D:\Program Files\LClock\LClock.exe

O4 - HKLM\..\Run: [AutorunRemover.exe] D:\Program Files\AutorunRemover\AutorunRemover.exe -Hide

O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE

O4 - HKCU\..\Run: [iDMan] D:\Program Files\Internet Download Manager\IDMan.exe /onboot

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O8 - Extra context menu item: Download all links with IDM - D:\Program Files\Internet Download Manager\IEGetAll.htm

O8 - Extra context menu item: Download FLV video content with IDM - D:\Program Files\Internet Download Manager\IEGetVL.htm

O8 - Extra context menu item: Download with IDM - D:\Program Files\Internet Download Manager\IEExt.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O10 - Unknown file in Winsock LSP: d:\windows\system32\nwprovau.dll

--

End of file - 3669 bytes

OTL FILE

OTL logfile created on: 10/10/2010 10:06:00 PM - Run 1

OTL by OldTimer - Version 3.2.14.1 Folder = D:\Documents and Settings\Overload\My Documents\Downloads\Programs

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00003409 | Country: Republic of the Philippines | Language: ENP | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 621.00 Mb Available Physical Memory | 61.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 87.00% Paging File free

Paging file location(s): D:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files

Drive C: | 30.78 Gb Total Space | 4.40 Gb Free Space | 14.29% Space Free | Partition Type: NTFS

Drive D: | 29.00 Gb Total Space | 24.63 Gb Free Space | 84.93% Space Free | Partition Type: NTFS

Drive E: | 14.73 Gb Total Space | 1.99 Gb Free Space | 13.51% Space Free | Partition Type: FAT32

Drive F: | 37.27 Gb Total Space | 1.75 Gb Free Space | 4.70% Space Free | Partition Type: NTFS

G: Drive not present or media not loaded

Drive H: | 700.15 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

I: Drive not present or media not loaded

Computer Name: DARKEDITION

Current User Name: Overload

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - D:\Program Files\Trend Micro\HijackThis\HijackThis.exe (Trend Micro Inc.)

PRC - D:\Documents and Settings\Overload\My Documents\Downloads\Programs\OTL.exe (OldTimer Tools)

PRC - D:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)

PRC - D:\Documents and Settings\Overload\Local Settings\Temp\cbncyj.exe ()

PRC - D:\Program Files\Garena Messenger\GarenaMessenger.exe ()

PRC - D:\Program Files\Internet Download Manager\IEMonitor.exe (Tonec Inc.)

PRC - D:\Program Files\AutorunRemover\AutorunRemover.exe ()

PRC - D:\Program Files\Opera\opera.exe (Opera Software)

PRC - D:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - D:\Program Files\Unlocker\UnlockerAssistant.exe ()

PRC - D:\WINDOWS\VistaDrive\VistaDrive.exe ()

PRC - D:\Program Files\LClock\LClock.exe ()

========== Modules (SafeList) ==========

MOD - D:\Documents and Settings\Overload\My Documents\Downloads\Programs\OTL.exe (OldTimer Tools)

MOD - D:\Program Files\Internet Download Manager\idmmkb.dll (Tonec Inc.)

MOD - D:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)

MOD - D:\Program Files\Unlocker\UnlockerHook.dll ()

========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- D:\WINDOWS\System32\hidserv.dll File not found

========== Driver Services (SafeList) ==========

DRV - (amsint32) -- D:\WINDOWS\System32\drivers\lkksk.sys File not found

DRV - (IDMTDI) -- D:\WINDOWS\system32\drivers\idmtdi.sys (Tonec Inc.)

DRV - (NwlnkIpx) -- D:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)

DRV - (NwlnkNb) -- D:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)

DRV - (NwlnkSpx) -- D:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)

DRV - (rtl8139) Realtek RTL8139(A/B/C) -- D:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)

DRV - (AN983) -- D:\WINDOWS\system32\drivers\an983.sys (ADMtek Incorporated.)

DRV - (nv) -- D:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)

DRV - (vcdrom) -- D:\Program Files\System\CPL Bonus\vcdrom.sys (Microsoft Corporation)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = D:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - D:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: ([2009/02/24 19:00:00 | 000,000,734 | ---- | M]) - D:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.)

O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - D:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O4 - HKLM..\Run: [AutorunRemover.exe] D:\Program Files\AutorunRemover\AutorunRemover.exe ()

O4 - HKLM..\Run: [iMJPMIG8.1] D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [LClock] D:\Program Files\LClock\LClock.exe ()

O4 - HKLM..\Run: [PHIME2002A] D:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [PHIME2002ASync] D:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [unlockerAssistant] D:\Program Files\Unlocker\UnlockerAssistant.exe ()

O4 - HKLM..\Run: [VistaDrive] D:\WINDOWS\VistaDrive\VistaDrive.exe ()

O4 - HKCU..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)

O4 - HKCU..\Run: [iDMan] D:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1

O8 - Extra context menu item: Download all links with IDM - D:\Program Files\Internet Download Manager\IEGetAll.htm ()

O8 - Extra context menu item: Download FLV video content with IDM - D:\Program Files\Internet Download Manager\IEGetVL.htm ()

O8 - Extra context menu item: Download with IDM - D:\Program Files\Internet Download Manager\IEExt.htm ()

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - D:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - D:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - D:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - D:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 121.1.3.81 121.1.3.16 121.1.3.66

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - D:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - D:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - D:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - D:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - D:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - D:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - D:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)

O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - D:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (D:\WINDOWS\system32\userinit.exe) - D:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UIHost - (logonui.exe) - D:\WINDOWS\System32\logonui.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - D:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - D:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - D:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - D:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - D:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)

O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - D:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - D:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - D:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - D:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - D:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - D:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - D:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - D:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - D:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - D:\WINDOWS\system32\stobject.dll (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - D:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\wpdshserviceobj.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - D:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - D:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O24 - Desktop WallPaper: D:\WINDOWS\Resources\Themes\Da7kStyle\wall\WinDENS.bmp

O24 - Desktop BackupWallPaper: D:\WINDOWS\Resources\Themes\Da7kStyle\wall\WinDENS.bmp

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - D:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msapsspc.dll) - D:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (schannel.dll) - D:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (digest.dll) - D:\WINDOWS\System32\digest.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msnsspc.dll) - D:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - D:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - D:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - D:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - D:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - D:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/11 04:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2010/10/10 14:16:26 | 000,000,000 | ---D | M] - C:\Autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2010/10/10 21:48:50 | 000,000,313 | ---- | M] () - D:\autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2008/12/01 20:21:30 | 000,000,000 | ---D | M] - E:\autorun.inf -- [ FAT32 ]

O32 - AutoRun File - [2010/10/10 14:16:35 | 000,000,000 | ---D | M] - F:\autorun.inf -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found

NetSvcs: HidServ - D:\WINDOWS\System32\hidserv.dll File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/10/11 04:32:38 | 000,036,224 | ---- | C] (ADMtek Incorporated.) -- D:\WINDOWS\System32\drivers\an983.sys

[2010/10/11 04:32:06 | 004,274,816 | ---- | C] (NVIDIA Corporation) -- D:\WINDOWS\System32\nv4_disp.dll

[2010/10/11 04:32:06 | 001,897,408 | ---- | C] (NVIDIA Corporation) -- D:\WINDOWS\System32\drivers\nv4_mini.sys

[2010/10/11 04:32:01 | 000,020,992 | ---- | C] (Realtek Semiconductor Corporation) -- D:\WINDOWS\System32\drivers\RTL8139.sys

[2010/10/11 04:31:57 | 000,086,016 | ---- | C] (Conexant) -- D:\WINDOWS\System32\mdmxsdk.dll

[2010/10/11 04:31:57 | 000,032,285 | ---- | C] (Conexant Systems, Inc.) -- D:\WINDOWS\System32\HSFCISP2.dll

[2010/10/11 04:31:40 | 000,074,240 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\usbui.dll

[2010/10/11 04:29:56 | 000,000,000 | -HSD | C] -- D:\WINDOWS\Installer

[2010/10/11 04:29:55 | 000,000,000 | ---D | C] -- D:\Program Files\Common Files\ODBC

[2010/10/11 04:29:51 | 000,000,000 | ---D | C] -- D:\Program Files\Common Files\SpeechEngines

[2010/10/11 04:29:50 | 000,000,000 | R--D | C] -- D:\Program Files

[2010/10/11 04:29:50 | 000,000,000 | ---D | C] -- D:\Program Files\Common Files\Microsoft Shared

[2010/10/11 04:29:50 | 000,000,000 | ---D | C] -- D:\Program Files\Common Files

[2010/10/11 04:29:44 | 000,021,504 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\CINTLGNT.IME

[2010/10/11 04:29:43 | 000,571,392 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\TINTLGNT.IME

[2010/10/11 04:29:43 | 000,079,360 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\winar30.ime

[2010/10/11 04:29:43 | 000,077,824 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\quick.ime

[2010/10/11 04:29:42 | 000,079,360 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\phon.ime

[2010/10/11 04:29:42 | 000,078,848 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dayi.ime

[2010/10/11 04:29:42 | 000,076,288 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\uniime.dll

[2010/10/11 04:29:42 | 000,065,536 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\winime.ime

[2010/10/11 04:29:42 | 000,065,024 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\unicdime.ime

[2010/10/11 04:29:42 | 000,026,112 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\romanime.ime

[2010/10/11 04:29:42 | 000,011,776 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\miniime.tpl

[2010/10/11 04:29:41 | 000,078,336 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\chajei.ime

[2010/10/11 04:29:33 | 000,482,304 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\PINTLGNT.IME

[2010/10/11 04:29:30 | 000,156,672 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\WINZM.IME

[2010/10/11 04:29:29 | 000,218,112 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\c_g18030.dll

[2010/10/11 04:29:29 | 000,156,672 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\WINSP.IME

[2010/10/11 04:29:29 | 000,156,672 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\WINPY.IME

[2010/10/11 04:29:29 | 000,072,704 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\WINGB.IME

[2010/10/11 04:29:28 | 000,006,656 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\kbdlk41a.dll

[2010/10/11 04:29:28 | 000,006,144 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\kbdlk41j.dll

[2010/10/11 04:29:27 | 000,811,064 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\imjp81k.dll

[2010/10/11 04:29:27 | 000,340,023 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\imjp81.ime

[2010/10/11 04:29:27 | 000,007,168 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\kbdibm02.dll

[2010/10/11 04:29:27 | 000,007,168 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\f3ahvoas.dll

[2010/10/11 04:29:27 | 000,006,144 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\kbdax2.dll

[2010/10/11 04:29:27 | 000,006,144 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\kbd106n.dll

[2010/10/11 04:29:27 | 000,006,144 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\kbd101.dll

[2010/10/11 04:29:19 | 000,185,344 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\Thawbrkr.dll

[2010/10/11 04:29:19 | 000,005,120 | R--- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\kbdarmw.dll

[2010/10/11 04:29:19 | 000,005,120 | R--- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\kbdarme.dll

[2010/10/11 04:29:18 | 000,005,120 | R--- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\kbdgeo.dll

[2010/10/11 04:29:17 | 000,006,144 | R--- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\kbdinpun.dll

[2010/10/11 04:29:17 | 000,005,632 | R--- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\kbdintel.dll

[2010/10/11 04:29:17 | 000,005,632 | R--- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\kbdinkan.dll

[2010/10/11 04:29:17 | 000,005,632 | R--- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\kbdinhin.dll

[2010/10/11 04:29:17 | 000,005,632 | R--- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\kbdinguj.dll

[2010/10/11 04:29:16 | 000,010,752 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\c_iscii.dll

[2010/10/11 04:29:16 | 000,005,632 | R--- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\kbdvntc.dll

[2010/10/11 04:29:16 | 000,005,632 | R--- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\kbdintam.dll

[2010/10/11 04:29:16 | 000,005,632 | R--- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\kbdinmar.dll

[2010/10/11 04:29:16 | 000,005,632 | R--- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\kbdindev.dll

[2010/10/11 04:29:13 | 000,005,632 | R--- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\kbdsyr2.dll

[2010/10/11 04:29:13 | 000,005,632 | R--- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\kbdsyr1.dll

[2010/10/11 04:29:13 | 000,005,632 | R--- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\kbddiv2.dll

[2010/10/11 04:29:13 | 000,005,632 | R--- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\kbddiv1.dll

[2010/10/11 04:29:12 | 000,005,632 | R--- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\kbdurdu.dll

[2010/10/11 04:29:12 | 000,005,632 | R--- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\kbdfa.dll

[2010/10/11 04:29:12 | 000,005,632 | R--- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\kbda3.dll

[2010/10/11 04:29:12 | 000,005,632 | R--- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\kbda2.dll

[2010/10/11 04:29:12 | 000,005,632 | R--- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\kbda1.dll

[2010/10/11 04:29:12 | 000,005,632 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\kbdusa.dll

[2010/10/11 04:29:08 | 000,005,632 | R--- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\kbdheb.dll

[2010/10/11 04:29:00 | 000,006,144 | R--- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\kbdth3.dll

[2010/10/11 04:29:00 | 000,006,144 | R--- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\kbdth2.dll

[2010/10/11 04:29:00 | 000,005,632 | R--- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\kbdth1.dll

[2010/10/11 04:29:00 | 000,005,632 | R--- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\kbdth0.dll

[2010/10/11 04:28:59 | 001,677,824 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\chsbrkr.dll

[2010/10/11 04:28:59 | 000,006,144 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\ftlx041e.dll

[2010/10/11 04:28:58 | 000,838,144 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\chtbrkr.dll

[2010/10/11 04:28:57 | 000,070,656 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\korwbrkr.dll

[2010/10/11 04:28:56 | 001,875,968 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\msir3jp.lex

[2010/10/11 04:28:56 | 000,098,304 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\msir3jp.dll

[2010/10/11 04:28:33 | 000,006,144 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\kbd101a.dll

[2010/10/11 04:28:20 | 000,009,216 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\kbdnecAT.dll

[2010/10/11 04:28:20 | 000,007,680 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\kbdnecNT.dll

[2010/10/11 04:28:20 | 000,007,168 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\kbdnec95.dll

[2010/10/11 04:27:53 | 000,006,656 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\c_is2022.dll

[2010/10/11 04:27:52 | 000,008,704 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\kbdjpn.dll

[2010/10/11 04:27:52 | 000,008,192 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\kbdkor.dll

[2010/10/11 04:27:52 | 000,006,144 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\kbd106.dll

[2010/10/11 04:27:52 | 000,006,144 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\kbd101c.dll

[2010/10/11 04:27:52 | 000,006,144 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\kbd101b.dll

[2010/10/11 04:27:52 | 000,005,632 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\kbd103.dll

[2010/10/11 04:27:49 | 000,006,144 | R--- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\kbdtuq.dll

[2010/10/11 04:27:49 | 000,005,632 | R--- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\kbdazel.dll

[2010/10/11 04:27:48 | 000,006,144 | R--- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\kbdtuf.dll

[2010/10/11 04:27:47 | 000,005,632 | R--- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\kbdtat.dll

[2010/10/11 04:27:47 | 000,005,632 | R--- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\kbdmon.dll

[2010/10/11 04:27:47 | 000,005,632 | R--- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\kbdkyr.dll

[2010/10/11 04:27:46 | 000,005,632 | R--- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\kbdycc.dll

[2010/10/11 04:27:46 | 000,005,632 | R--- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\kbduzb.dll

[2010/10/11 04:27:46 | 000,005,632 | R--- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\kbdur.dll

[2010/10/11 04:27:46 | 000,005,632 | R--- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\kbdru1.dll

[2010/10/11 04:27:46 | 000,005,632 | R--- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\kbdru.dll

[2010/10/11 04:27:46 | 000,005,632 | R--- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\kbdkaz.dll

[2010/10/11 04:27:46 | 000,005,632 | R--- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\kbdbu.dll

[2010/10/11 04:27:46 | 000,005,632 | R--- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\kbdblr.dll

[2010/10/11 04:27:46 | 000,005,632 | R--- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\kbdaze.dll

[2010/10/11 04:27:44 | 000,008,192 | R--- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\kbdhept.dll

[2010/10/11 04:27:44 | 000,006,656 | R--- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\kbdhela3.dll

[2010/10/11 04:27:44 | 000,006,144 | R--- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\kbdhela2.dll

[2010/10/11 04:27:44 | 000,006,144 | R--- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\kbdgkl.dll

[2010/10/11 04:27:44 | 000,005,632 | R--- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\kbdhe319.dll

[2010/10/11 04:27:44 | 000,005,632 | R--- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\kbdhe220.dll

[2010/10/11 04:27:44 | 000,005,632 | R--- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\kbdhe.dll

[2010/10/11 04:27:43 | 000,005,632 | R--- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\kbdlt1.dll

[2010/10/11 04:27:43 | 000,005,632 | R--- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\kbdlt.dll

[2010/10/11 04:27:42 | 000,006,144 | R--- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\kbdlv1.dll

[2010/10/11 04:27:42 | 000,006,144 | R--- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\kbdlv.dll

[2010/10/11 04:27:42 | 000,006,144 | R--- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\kbdest.dll

[2010/10/11 04:27:41 | 000,006,656 | R--- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\kbdsl1.dll

[2010/10/11 04:27:41 | 000,006,656 | R--- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\kbdsl.dll

[2010/10/11 04:27:41 | 000,006,656 | R--- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\kbdpl.dll

[2010/10/11 04:27:41 | 000,006,656 | R--- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\kbdhu.dll

[2010/10/11 04:27:41 | 000,005,632 | R--- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\kbdro.dll

[2010/10/11 04:27:41 | 000,005,632 | R--- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\kbdpl1.dll

[2010/10/11 04:27:41 | 000,005,632 | R--- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\kbdhu1.dll

[2010/10/11 04:27:40 | 000,007,168 | R--- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\kbdcz.dll

[2010/10/11 04:27:40 | 000,006,656 | R--- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\kbdycl.dll

[2010/10/11 04:27:40 | 000,006,656 | R--- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\kbdcz2.dll

[2010/10/11 04:27:40 | 000,006,656 | R--- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\kbdcz1.dll

[2010/10/11 04:27:40 | 000,006,656 | R--- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\kbdcr.dll

[2010/10/11 04:27:40 | 000,006,656 | R--- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\KBDAL.DLL

[2010/10/11 04:27:39 | 000,000,000 | ---D | C] -- D:\WINDOWS\LastGood.Tmp

[2010/10/11 04:27:34 | 000,176,157 | ---- | C] (Digi International, Inc.) -- D:\WINDOWS\System32\dgrpsetu.dll

[2010/10/11 04:27:34 | 000,103,424 | ---- | C] (Equinox Systems Inc.) -- D:\WINDOWS\System32\EqnClass.Dll

[2010/10/11 04:27:34 | 000,085,020 | ---- | C] (Digi International) -- D:\WINDOWS\System32\dgsetup.dll

[2010/10/11 04:27:34 | 000,037,376 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\irclass.dll

[2010/10/11 04:27:34 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- D:\WINDOWS\System32\spxcoins.dll

[2010/10/11 04:27:34 | 000,013,600 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System\WFWNET.DRV

[2010/10/11 04:27:33 | 000,126,912 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System\MSVIDEO.DLL

[2010/10/11 04:27:33 | 000,082,944 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System\OLECLI.DLL

[2010/10/11 04:27:33 | 000,024,064 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System\OLESVR.DLL

[2010/10/11 04:27:33 | 000,019,200 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System\TAPI.DLL

[2010/10/11 04:27:33 | 000,009,008 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System\VER.DLL

[2010/10/11 04:27:33 | 000,005,120 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System\SHELL.DLL

[2010/10/11 04:27:33 | 000,004,048 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System\TIMER.DRV

[2010/10/11 04:27:33 | 000,003,360 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System\SYSTEM.DRV

[2010/10/11 04:27:33 | 000,002,176 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System\VGA.DRV

[2010/10/11 04:27:33 | 000,001,744 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System\SOUND.DRV

[2010/10/11 04:27:32 | 000,109,456 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System\AVIFILE.DLL

[2010/10/11 04:27:32 | 000,073,376 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System\MCIAVI.DRV

[2010/10/11 04:27:32 | 000,069,584 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System\AVICAP.DLL

[2010/10/11 04:27:32 | 000,032,816 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System\COMMDLG.DLL

[2010/10/11 04:27:32 | 000,028,160 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System\MCIWAVE.DRV

[2010/10/11 04:27:32 | 000,025,264 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System\MCISEQ.DRV

[2010/10/11 04:27:32 | 000,009,936 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System\LZEXPAND.DLL

[2010/10/11 04:27:32 | 000,002,032 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System\MOUSE.DRV

[2010/10/11 04:27:32 | 000,002,000 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System\KEYBOARD.DRV

[2010/10/11 04:27:32 | 000,001,152 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System\MMTASK.TSK

[2010/10/11 04:27:31 | 000,146,432 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System\WINSPOOL.DRV

[2010/10/11 04:27:31 | 000,033,280 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\batt.dll

[2010/10/11 04:27:31 | 000,015,360 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\TASKMAN.EXE

[2010/10/11 04:27:30 | 000,074,752 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\storprop.dll

[2010/10/11 04:27:30 | 000,068,768 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System\MMSYSTEM.DLL

[2010/10/11 04:27:22 | 000,000,000 | R--D | C] -- D:\Documents and Settings\All Users\Start Menu

[2010/10/11 04:27:22 | 000,000,000 | R--D | C] -- D:\Documents and Settings\All Users\Documents

[2010/10/11 04:27:22 | 000,000,000 | -H-D | C] -- D:\Documents and Settings\All Users\Templates

[2010/10/11 04:27:22 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Favorites

[2010/10/11 04:27:22 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Desktop

[2010/10/11 04:27:02 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\CatRoot2

[2010/10/11 04:27:02 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\CatRoot

[2010/10/11 04:26:56 | 000,000,000 | --SD | C] -- D:\Documents and Settings\All Users\Application Data\Microsoft

[2010/10/11 04:26:56 | 000,000,000 | RH-D | C] -- D:\Documents and Settings\All Users\Application Data

[2010/10/11 04:26:27 | 000,000,000 | ---D | C] -- D:\Documents and Settings

[2010/10/11 04:26:26 | 000,000,000 | -HSD | C] -- D:\System Volume Information

[2010/10/11 04:20:48 | 000,000,000 | R-SD | C] -- D:\WINDOWS\Fonts

[2010/10/11 04:20:48 | 000,000,000 | R--D | C] -- D:\WINDOWS\Web

[2010/10/11 04:20:48 | 000,000,000 | -H-D | C] -- D:\WINDOWS\inf

[2010/10/11 04:20:48 | 000,000,000 | ---D | C] -- D:\WINDOWS\WinSxS

[2010/10/11 04:20:48 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\wins

[2010/10/11 04:20:48 | 000,000,000 | ---D | C] -- D:\WINDOWS

[2010/10/11 04:20:48 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\wbem

[2010/10/11 04:20:48 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\usmt

[2010/10/11 04:20:48 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\drivers\UMDF

[2010/10/11 04:20:48 | 000,000,000 | ---D | C] -- D:\WINDOWS\twain_32

[2010/10/11 04:20:48 | 000,000,000 | ---D | C] -- D:\WINDOWS\Temp

[2010/10/11 04:20:48 | 000,000,000 | ---D | C] -- D:\WINDOWS\system32

[2010/10/11 04:20:48 | 000,000,000 | ---D | C] -- D:\WINDOWS\system

[2010/10/11 04:20:48 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\spool

[2010/10/11 04:20:48 | 000,000,000 | ---D | C] -- D:\WINDOWS\SoftwareDistribution

[2010/10/11 04:20:48 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\ShellExt

[2010/10/11 04:20:48 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\Setup

[2010/10/11 04:20:48 | 000,000,000 | ---D | C] -- D:\WINDOWS\security

[2010/10/11 04:20:48 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\scripting

[2010/10/11 04:20:48 | 000,000,000 | ---D | C] -- D:\WINDOWS\Resources

[2010/10/11 04:20:48 | 000,000,000 | ---D | C] -- D:\WINDOWS\repair

[2010/10/11 04:20:48 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\ras

[2010/10/11 04:20:48 | 000,000,000 | ---D | C] -- D:\WINDOWS\Provisioning

[2010/10/11 04:20:48 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\PreInstall

[2010/10/11 04:20:48 | 000,000,000 | ---D | C] -- D:\WINDOWS\PeerNet

[2010/10/11 04:20:48 | 000,000,000 | ---D | C] -- D:\WINDOWS\pchealth

[2010/10/11 04:20:48 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\oobe

[2010/10/11 04:20:48 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\npp

[2010/10/11 04:20:48 | 000,000,000 | ---D | C] -- D:\WINDOWS\Network Diagnostic

[2010/10/11 04:20:48 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\mui

[2010/10/11 04:20:48 | 000,000,000 | ---D | C] -- D:\WINDOWS\mui

[2010/10/11 04:20:48 | 000,000,000 | ---D | C] -- D:\WINDOWS\msapps

[2010/10/11 04:20:48 | 000,000,000 | ---D | C] -- D:\WINDOWS\msagent

[2010/10/11 04:20:48 | 000,000,000 | ---D | C] -- D:\WINDOWS\Media

[2010/10/11 04:20:48 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\Macromed

[2010/10/11 04:20:48 | 000,000,000 | ---D | C] -- D:\WINDOWS\L2Schemas

[2010/10/11 04:20:48 | 000,000,000 | ---D | C] -- D:\WINDOWS\java

[2010/10/11 04:20:48 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\inetsrv

[2010/10/11 04:20:48 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\IME

[2010/10/11 04:20:48 | 000,000,000 | ---D | C] -- D:\WINDOWS\ime

[2010/10/11 04:20:48 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\icsxml

[2010/10/11 04:20:48 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\ias

[2010/10/11 04:20:48 | 000,000,000 | ---D | C] -- D:\WINDOWS\Help

[2010/10/11 04:20:48 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\export

[2010/10/11 04:20:48 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\drivers\etc

[2010/10/11 04:20:48 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\en

[2010/10/11 04:20:48 | 000,000,000 | ---D | C] -- D:\WINDOWS\ehome

[2010/10/11 04:20:48 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\drivers

[2010/10/11 04:20:48 | 000,000,000 | ---D | C] -- D:\WINDOWS\Driver Cache

[2010/10/11 04:20:48 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\drivers\disdn

[2010/10/11 04:20:48 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\dhcp

[2010/10/11 04:20:48 | 000,000,000 | ---D | C] -- D:\WINDOWS\Debug

[2010/10/11 04:20:48 | 000,000,000 | ---D | C] -- D:\WINDOWS\Cursors

[2010/10/11 04:20:48 | 000,000,000 | ---D | C] -- D:\WINDOWS\Connection Wizard

[2010/10/11 04:20:48 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\config

[2010/10/11 04:20:48 | 000,000,000 | ---D | C] -- D:\WINDOWS\Config

[2010/10/11 04:20:48 | 000,000,000 | ---D | C] -- D:\WINDOWS\AppPatch

[2010/10/11 04:20:48 | 000,000,000 | ---D | C] -- D:\WINDOWS\addins

[2010/10/11 04:20:48 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\3com_dmi

[2010/10/11 04:20:48 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\3076

[2010/10/11 04:20:48 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\2052

[2010/10/11 04:20:48 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\1054

[2010/10/11 04:20:48 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\1042

[2010/10/11 04:20:48 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\1041

[2010/10/11 04:20:48 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\1037

[2010/10/11 04:20:48 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\1033

[2010/10/11 04:20:48 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\1031

[2010/10/11 04:20:48 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\1028

[2010/10/11 04:20:48 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\1025

[2010/10/10 22:04:19 | 000,000,000 | ---D | C] -- D:\Program Files\Trend Micro

[2010/10/10 22:00:12 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Overload\My Documents\GarenaMessenger

[2010/10/10 21:59:31 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Overload\Application Data\IDM

[2010/10/10 21:59:31 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Overload\My Documents\Downloads

[2010/10/10 21:59:31 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Overload\Application Data\DMCache

[2010/10/10 21:59:28 | 000,000,000 | ---D | C] -- D:\Program Files\Internet Download Manager

[2010/10/10 21:56:52 | 000,000,000 | ---D | C] -- D:\WINDOWS\LastGood

[2010/10/10 21:56:31 | 000,000,000 | ---D | C] -- D:\WINDOWS\Logs

[2010/10/10 21:54:49 | 000,000,000 | ---D | C] -- D:\Program Files\Garena Messenger

[2010/10/10 21:52:58 | 010,897,552 | ---- | C] (Opera Software ASA) -- D:\Documents and Settings\Overload\My Documents\Opera_1062_en_Setup.exe

[2010/10/10 21:52:25 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Overload\Local Settings\Application Data\Opera

[2010/10/10 21:52:25 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Overload\Application Data\Opera

[2010/10/10 21:52:21 | 000,000,000 | ---D | C] -- D:\Program Files\Opera

[2010/10/10 21:50:24 | 000,000,000 | ---D | C] -- D:\Program Files\AutorunRemover

[2010/10/10 21:49:10 | 000,000,000 | ---D | C] -- D:\Program Files\WinRAR

[2010/10/10 21:46:19 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Overload\Application Data\Identities

[2010/10/10 21:46:17 | 000,000,000 | -H-D | C] -- D:\Program Files\Uninstall Information

[2010/10/10 21:46:16 | 000,000,000 | R--D | C] -- D:\Documents and Settings\Overload\My Documents\My Pictures

[2010/10/10 21:46:16 | 000,000,000 | R--D | C] -- D:\Documents and Settings\Overload\My Documents\My Music

[2010/10/10 21:46:05 | 000,000,000 | --SD | C] -- D:\Documents and Settings\Overload\Application Data\Microsoft

[2010/10/10 21:46:05 | 000,000,000 | --SD | C] -- D:\Documents and Settings\Overload\Cookies

[2010/10/10 21:46:05 | 000,000,000 | RH-D | C] -- D:\Documents and Settings\Overload\Application Data

[2010/10/10 21:46:05 | 000,000,000 | R--D | C] -- D:\Documents and Settings\Overload\Favorites

[2010/10/10 21:46:05 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Overload\Local Settings\Application Data\Microsoft

[2010/10/10 21:46:05 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Overload\Desktop

[2010/10/10 21:46:04 | 000,000,000 | RH-D | C] -- D:\Documents and Settings\Overload\SendTo

[2010/10/10 21:46:04 | 000,000,000 | RH-D | C] -- D:\Documents and Settings\Overload\Recent

[2010/10/10 21:46:04 | 000,000,000 | R--D | C] -- D:\Documents and Settings\Overload\Start Menu

[2010/10/10 21:46:04 | 000,000,000 | R--D | C] -- D:\Documents and Settings\Overload\My Documents

[2010/10/10 21:46:04 | 000,000,000 | -H-D | C] -- D:\Documents and Settings\Overload\Templates

[2010/10/10 21:46:04 | 000,000,000 | -H-D | C] -- D:\Documents and Settings\Overload\PrintHood

[2010/10/10 21:46:04 | 000,000,000 | -H-D | C] -- D:\Documents and Settings\Overload\NetHood

[2010/10/10 21:46:04 | 000,000,000 | -H-D | C] -- D:\Documents and Settings\Overload\Local Settings

[2010/10/10 21:44:49 | 000,000,000 | --SD | C] -- D:\Documents and Settings\LocalService\Application Data\Microsoft

[2010/10/10 21:44:49 | 000,000,000 | ---D | C] -- D:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft

[2010/10/10 21:44:15 | 000,000,000 | --SD | C] -- D:\WINDOWS\System32\Microsoft

[2010/10/10 21:44:15 | 000,000,000 | ---D | C] -- D:\WINDOWS\Prefetch

[2010/10/10 21:44:04 | 000,000,000 | ---D | C] -- D:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft

[2010/10/10 21:44:03 | 000,000,000 | --SD | C] -- D:\Documents and Settings\NetworkService\Application Data\Microsoft

[2010/10/10 21:41:49 | 000,198,144 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\mapi32.dll

[2010/10/10 21:41:48 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\dllcache

[2010/10/10 21:40:41 | 000,000,000 | -HSD | C] -- D:\Documents and Settings\All Users\DRM

[2010/10/10 21:40:28 | 000,000,000 | --SD | C] -- D:\WINDOWS\Downloaded Program Files

[2010/10/10 21:40:28 | 000,000,000 | R--D | C] -- D:\WINDOWS\Offline Web Pages

[2010/10/10 21:40:20 | 000,000,000 | R--D | C] -- D:\Documents and Settings\All Users\Documents\My Music

[2010/10/10 21:40:14 | 000,000,000 | -H-D | C] -- D:\Program Files\WindowsUpdate

[2010/10/10 21:40:08 | 000,000,000 | ---D | C] -- D:\Program Files\Online Services

[2010/10/10 21:39:58 | 000,000,000 | ---D | C] -- D:\Program Files\Windows Media Connect 2

[2010/10/10 21:39:41 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\DirectX

[2010/10/10 21:39:32 | 000,011,264 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\atrace.dll

[2010/10/10 21:39:23 | 000,012,288 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\nmevtmsg.dll

[2010/10/10 21:39:21 | 000,109,568 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\acctres.dll

[2010/10/10 21:39:21 | 000,000,000 | ---D | C] -- D:\Program Files\Common Files\Services

[2010/10/10 21:39:18 | 000,016,384 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\icfgnt5.dll

[2010/10/10 21:39:18 | 000,000,000 | --SD | C] -- D:\WINDOWS\Tasks

[2010/10/10 21:39:17 | 000,000,000 | ---D | C] -- D:\Program Files\Common Files\MSSoap

[2010/10/10 21:39:12 | 000,000,000 | ---D | C] -- D:\WINDOWS\srchasst

[2010/10/10 21:39:08 | 000,340,504 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\wucltui.dll

[2010/10/10 21:39:08 | 000,194,520 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\wuaueng1.dll

[2010/10/10 21:39:07 | 000,619,032 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\wuapi.dll

[2010/10/10 21:39:07 | 000,351,704 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\wuauclt1.exe

[2010/10/10 21:39:07 | 000,034,328 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\wups.dll

[2010/10/10 21:39:06 | 000,018,944 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\qmgrprxy.dll

[2010/10/10 21:39:06 | 000,008,192 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\bitsprx2.dll

[2010/10/10 21:39:06 | 000,007,168 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\bitsprx4.dll

[2010/10/10 21:39:06 | 000,007,168 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\bitsprx3.dll

[2010/10/10 21:39:02 | 000,000,000 | ---D | C] -- D:\Program Files\Movie Maker

[2010/10/10 21:38:39 | 000,045,568 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\safrslv.dll

[2010/10/10 21:38:39 | 000,043,520 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\safrcdlg.dll

[2010/10/10 21:38:39 | 000,029,696 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\safrdm.dll

[2010/10/10 21:38:38 | 000,043,520 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\racpldlg.dll

[2010/10/10 21:38:33 | 000,306,176 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\srrstr.dll

[2010/10/10 21:38:33 | 000,023,040 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\fltMc.exe

[2010/10/10 21:38:33 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\Restore

[2010/10/10 21:38:32 | 000,081,920 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\ils.dll

[2010/10/10 21:38:32 | 000,032,768 | ---- | C] (Intel Corporation) -- D:\WINDOWS\System32\isrdbg32.dll

[2010/10/10 21:38:31 | 000,131,072 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\msconf.dll

[2010/10/10 21:38:31 | 000,034,560 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\mnmdd.dll

[2010/10/10 21:38:31 | 000,028,672 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\nmmkcert.dll

[2010/10/10 21:38:27 | 000,252,928 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\msoeacct.dll

[2010/10/10 21:38:27 | 000,105,984 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\msoert2.dll

[2010/10/10 21:38:27 | 000,000,000 | ---D | C] -- D:\Program Files\NetMeeting

[2010/10/10 21:38:25 | 000,048,128 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\inetres.dll

[2010/10/10 21:38:22 | 000,012,288 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\mstinit.exe

[2010/10/10 21:38:22 | 000,000,000 | ---D | C] -- D:\Program Files\Outlook Express

[2010/10/10 21:38:21 | 000,151,552 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\isign32.dll

[2010/10/10 21:38:21 | 000,126,976 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\icwdial.dll

[2010/10/10 21:38:21 | 000,065,536 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\icwphbk.dll

[2010/10/10 21:38:20 | 000,274,432 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\inetcfg.dll

[2010/10/10 21:38:14 | 000,000,000 | ---D | C] -- D:\Program Files\Common Files\System

[2010/10/10 21:38:12 | 000,000,000 | ---D | C] -- D:\Program Files\Internet Explorer

[2010/10/10 21:38:09 | 000,000,000 | R--D | C] -- D:\Documents and Settings\All Users\Documents\My Pictures

[2010/10/10 21:37:24 | 000,000,000 | ---D | C] -- D:\Program Files\ComPlus Applications

[2010/10/10 21:37:16 | 000,000,000 | ---D | C] -- D:\WINDOWS\Registration

[2010/10/10 21:37:08 | 000,000,000 | ---D | C] -- D:\Program Files\Windows Media Player

[2010/10/10 21:36:57 | 000,000,000 | ---D | C] -- D:\WINDOWS\VistaDrive

[2010/10/10 21:36:53 | 000,000,000 | ---D | C] -- D:\Program Files\LClock

[2010/10/10 21:36:28 | 000,000,000 | ---D | C] -- D:\Program Files\System

[2010/10/10 21:36:27 | 000,000,000 | ---D | C] -- D:\Program Files\Unlocker

[2010/10/10 21:36:27 | 000,000,000 | ---D | C] -- D:\Program Files\Microsoft PowerToys

[2010/10/10 21:36:27 | 000,000,000 | ---D | C] -- D:\Program Files\HashTab Shell Extension

[2010/10/10 21:36:26 | 000,034,816 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\write.exe

[2010/10/10 21:36:17 | 000,279,552 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\sndvol32.exe

[2010/10/10 21:36:17 | 000,046,592 | ---- | C] (Hilgraeve, Inc.) -- D:\WINDOWS\System32\hticons.dll

[2010/10/10 21:36:16 | 000,227,840 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\avtapi.dll

[2010/10/10 21:36:16 | 000,073,216 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\avwav.dll

[2010/10/10 21:36:16 | 000,016,384 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\avmeter.dll

[2010/10/10 21:36:15 | 000,072,704 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\winchat.exe

[2010/10/10 21:36:08 | 000,605,696 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\getuname.dll

[2010/10/10 21:36:08 | 000,081,920 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\charmap.exe

[2010/10/10 21:36:07 | 000,947,984 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\calc.exe

[2010/10/10 21:36:07 | 000,058,368 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\sol.exe

[2010/10/10 21:36:06 | 000,129,024 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\mshearts.exe

[2010/10/10 21:36:06 | 000,121,344 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\winmine.exe

[2010/10/10 21:36:06 | 000,056,832 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\freecell.exe

[2010/10/10 21:36:05 | 000,033,792 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\regini.exe

[2010/10/10 21:36:05 | 000,022,016 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\qwinsta.exe

[2010/10/10 21:36:05 | 000,016,896 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\tsshutdn.exe

[2010/10/10 21:36:05 | 000,016,384 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\tskill.exe

[2010/10/10 21:36:05 | 000,015,872 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\rwinsta.exe

[2010/10/10 21:36:05 | 000,014,848 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\tsdiscon.exe

[2010/10/10 21:36:05 | 000,014,848 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\tscon.exe

[2010/10/10 21:36:05 | 000,014,848 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\shadow.exe

[2010/10/10 21:36:05 | 000,009,728 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\reset.exe

[2010/10/10 21:36:05 | 000,004,096 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\rdpcfgex.dll

[2010/10/10 21:36:04 | 000,020,992 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\msg.exe

[2010/10/10 21:36:04 | 000,016,896 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\qappsrv.exe

[2010/10/10 21:36:04 | 000,015,872 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\cdmodem.dll

[2010/10/10 21:36:04 | 000,015,360 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\logoff.exe

[2010/10/10 21:35:56 | 000,447,488 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\accwiz.exe

[2010/10/10 21:35:56 | 000,347,136 | ---- | C] (Hilgraeve, Inc.) -- D:\WINDOWS\System32\hypertrm.dll

[2010/10/10 21:35:56 | 000,272,384 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\mplay32.exe

[2010/10/10 21:35:56 | 000,180,736 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\sndrec32.exe

[2010/10/10 21:35:56 | 000,068,608 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\access.cpl

[2010/10/10 21:35:55 | 000,000,000 | ---D | C] -- D:\Program Files\Windows NT

[2010/10/10 21:35:54 | 000,438,272 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\mspaint.exe

[2010/10/10 21:35:54 | 000,206,848 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\clipbrd.exe

[2010/10/10 21:35:53 | 001,564,672 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\spider.exe

[2010/10/10 21:35:52 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\en-US

[2010/10/10 21:35:51 | 000,290,304 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\rhttpaa.dll

[2010/10/10 21:35:51 | 000,136,192 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\aaclient.dll

[2010/10/10 21:35:51 | 000,093,696 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\tscfgwmi.dll

[2010/10/10 21:35:51 | 000,053,248 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\tsgqec.dll

[2010/10/10 21:35:49 | 000,147,968 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\rdchost.dll

[2010/10/10 21:35:49 | 000,087,176 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\rdpwsx.dll

[2010/10/10 21:35:49 | 000,067,072 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\rdshost.exe

[2010/10/10 21:35:49 | 000,062,976 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\rdpclip.exe

[2010/10/10 21:35:49 | 000,019,968 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\rdpsnd.dll

[2010/10/10 21:35:49 | 000,013,824 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\rdsaddin.exe

[2010/10/10 21:35:48 | 000,427,008 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\msdtcprx.dll

[2010/10/10 21:35:48 | 000,161,792 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\msdtcuiu.dll

[2010/10/10 21:35:48 | 000,091,648 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\mtxoci.dll

[2010/10/10 21:35:48 | 000,038,912 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\cfgbkend.dll

[2010/10/10 21:35:48 | 000,019,968 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\qprocess.exe

[2010/10/10 21:35:48 | 000,011,264 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\icaapi.dll

[2010/10/10 21:35:48 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\MsDtc

[2010/10/10 21:35:47 | 000,956,928 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\msdtctm.dll

[2010/10/10 21:35:47 | 000,058,880 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\msdtclog.dll

[2010/10/10 21:35:47 | 000,011,776 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\xolehlp.dll

[2010/10/10 21:35:46 | 000,034,304 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\mtxlegih.dll

[2010/10/10 21:35:46 | 000,030,720 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\mtxdm.dll

[2010/10/10 21:35:46 | 000,006,144 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dcomcnfg.exe

[2010/10/10 21:35:46 | 000,004,096 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\mtxex.dll

[2010/10/10 21:35:45 | 000,097,792 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\comrepl.dll

[2010/10/10 21:35:45 | 000,085,504 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\catsrvps.dll

[2010/10/10 21:35:45 | 000,060,416 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\colbact.dll

[2010/10/10 21:35:45 | 000,059,392 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\stclient.dll

[2010/10/10 21:35:45 | 000,028,160 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\comaddin.dll

[2010/10/10 21:35:45 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\Com

[2010/10/10 21:35:44 | 001,267,200 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\comsvcs.dll

[2010/10/10 21:35:44 | 000,625,664 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\catsrvut.dll

[2010/10/10 21:35:44 | 000,226,304 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\catsrv.dll

[2010/10/10 21:35:44 | 000,110,592 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\clbcatex.dll

[2010/10/10 21:35:42 | 000,539,648 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\comuid.dll

[2010/10/10 21:35:42 | 000,167,424 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\comsnap.dll

[2010/10/10 21:35:33 | 000,141,312 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\servdeps.dll

[2010/10/10 21:35:33 | 000,058,880 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\licwmi.dll

[2010/10/10 21:35:33 | 000,017,408 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\mmfutil.dll

[2010/10/10 21:35:32 | 000,308,736 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\cmprops.dll

[2010/10/10 21:35:29 | 000,000,000 | R--D | C] -- D:\Documents and Settings\All Users\Documents\My Videos

[4 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]

[1 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/11 04:30:01 | 000,004,444 | ---- | M] () -- D:\WINDOWS\System32\pid.PNF

[2010/10/10 22:06:56 | 001,048,576 | -H-- | M] () -- D:\Documents and Settings\Overload\NTUSER.DAT

[2010/10/10 22:04:19 | 000,001,734 | ---- | M] () -- D:\Documents and Settings\Overload\Desktop\HijackThis.lnk

[2010/10/10 21:56:30 | 000,001,663 | ---- | M] () -- D:\Documents and Settings\Overload\Desktop\HoN.lnk

[2010/10/10 21:56:30 | 000,000,773 | ---- | M] () -- D:\Documents and Settings\Overload\Desktop\GarenaMessenger.lnk

[2010/10/10 21:54:30 | 000,103,140 | ---- | M] () -- D:\cfje.exe

[2010/10/10 21:52:22 | 000,000,610 | ---- | M] () -- D:\Documents and Settings\Overload\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk

[2010/10/10 21:52:22 | 000,000,592 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Opera.lnk

[2010/10/10 21:50:25 | 000,000,690 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\AutorunRemover.lnk

[2010/10/10 21:48:50 | 000,000,313 | ---- | M] () -- D:\autorun.inf

[2010/10/10 21:48:06 | 000,000,266 | ---- | M] () -- D:\WINDOWS\system.ini

[2010/10/10 21:46:27 | 000,000,779 | ---- | M] () -- D:\Documents and Settings\Overload\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2010/10/10 21:46:26 | 000,000,079 | ---- | M] () -- D:\Documents and Settings\Overload\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

[2010/10/10 21:46:16 | 000,305,454 | ---- | M] () -- D:\WINDOWS\System32\perfh009.dat

[2010/10/10 21:46:16 | 000,037,896 | ---- | M] () -- D:\WINDOWS\System32\perfc009.dat

[2010/10/10 21:46:15 | 000,347,268 | ---- | M] () -- D:\WINDOWS\System32\PerfStringBackup.INI

[2010/10/10 21:46:06 | 000,000,020 | -HS- | M] () -- D:\Documents and Settings\Overload\ntuser.ini

[2010/10/10 21:46:01 | 000,002,206 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl

[2010/10/10 21:46:00 | 1072,746,496 | -HS- | M] () -- D:\hiberfil.sys

[2010/10/10 21:44:15 | 000,000,006 | -H-- | M] () -- D:\WINDOWS\tasks\SA.DAT

[2010/10/10 21:44:07 | 000,008,192 | ---- | M] () -- D:\WINDOWS\REGLOCS.OLD

[2010/10/10 21:44:00 | 000,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat

[2010/10/10 21:43:50 | 000,169,896 | ---- | M] () -- D:\WINDOWS\System32\FNTCACHE.DAT

[2010/10/10 21:43:00 | 000,001,771 | ---- | M] () -- D:\WINDOWS\System32\$winnt$.inf

[2010/10/10 21:42:19 | 000,001,651 | ---- | M] () -- D:\WINDOWS\System32\oeminfo.ini

[2010/10/10 21:42:11 | 000,002,577 | ---- | M] () -- D:\WINDOWS\System32\CONFIG.NT

[2010/10/10 21:42:11 | 000,000,000 | ---- | M] () -- D:\WINDOWS\control.ini

[2010/10/10 21:42:08 | 000,023,392 | ---- | M] () -- D:\WINDOWS\System32\nscompat.tlb

[2010/10/10 21:42:08 | 000,016,832 | ---- | M] () -- D:\WINDOWS\System32\amcompat.tlb

[2010/10/10 21:42:07 | 000,000,507 | ---- | M] () -- D:\WINDOWS\win.ini

[2010/10/10 21:41:59 | 000,316,640 | ---- | M] () -- D:\WINDOWS\WMSysPr9.prx

[2010/10/10 21:41:49 | 000,004,161 | ---- | M] () -- D:\WINDOWS\ODBCINST.INI

[2010/10/10 21:40:28 | 000,000,488 | RH-- | M] () -- D:\WINDOWS\System32\WindowsLogon.manifest

[2010/10/10 21:40:28 | 000,000,488 | RH-- | M] () -- D:\WINDOWS\System32\logonui.exe.manifest

[2010/10/10 21:40:20 | 000,000,749 | RH-- | M] () -- D:\WINDOWS\System32\wuaucpl.cpl.manifest

[2010/10/10 21:40:20 | 000,000,749 | RH-- | M] () -- D:\WINDOWS\WindowsShell.Manifest

[2010/10/10 21:40:20 | 000,000,749 | RH-- | M] () -- D:\WINDOWS\System32\sapi.cpl.manifest

[2010/10/10 21:40:20 | 000,000,749 | RH-- | M] () -- D:\WINDOWS\System32\nwc.cpl.manifest

[2010/10/10 21:40:20 | 000,000,749 | RH-- | M] () -- D:\WINDOWS\System32\ncpa.cpl.manifest

[2010/10/10 21:40:20 | 000,000,749 | RH-- | M] () -- D:\WINDOWS\System32\cdplayer.exe.manifest

[2010/10/10 21:37:33 | 000,021,640 | ---- | M] () -- D:\WINDOWS\System32\emptyregdb.dat

[2010/10/10 21:37:21 | 000,000,037 | ---- | M] () -- D:\WINDOWS\vbaddin.ini

[2010/10/10 21:37:21 | 000,000,036 | ---- | M] () -- D:\WINDOWS\vb.ini

[4 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]

[1 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/11 04:31:56 | 000,129,045 | ---- | C] () -- D:\WINDOWS\System32\drivers\cxthsfS2.cty

[2010/10/11 04:30:01 | 000,004,444 | ---- | C] () -- D:\WINDOWS\System32\pid.PNF

[2010/10/11 04:29:12 | 000,066,594 | ---- | C] () -- D:\WINDOWS\System32\c_864.nls

[2010/10/11 04:29:12 | 000,066,594 | ---- | C] () -- D:\WINDOWS\System32\c_720.nls

[2010/10/11 04:29:12 | 000,066,082 | ---- | C] () -- D:\WINDOWS\System32\c_708.nls

[2010/10/11 04:29:12 | 000,066,082 | ---- | C] () -- D:\WINDOWS\System32\C_28596.NLS

[2010/10/11 04:29:12 | 000,066,082 | ---- | C] () -- D:\WINDOWS\System32\c_10004.nls

[2010/10/11 04:29:08 | 000,066,082 | ---- | C] () -- D:\WINDOWS\System32\c_10005.nls

[2010/10/11 04:29:07 | 000,066,594 | ---- | C] () -- D:\WINDOWS\System32\c_862.nls

[2010/10/11 04:29:00 | 000,066,082 | ---- | C] () -- D:\WINDOWS\System32\c_10021.nls

[2010/10/11 04:28:58 | 000,001,486 | ---- | C] () -- D:\WINDOWS\System32\noise.kor

[2010/10/11 04:28:57 | 001,158,818 | ---- | C] () -- D:\WINDOWS\System32\korwbrkr.lex

[2010/10/11 04:28:57 | 000,002,060 | ---- | C] () -- D:\WINDOWS\System32\noise.jpn

[2010/10/11 04:28:43 | 000,211,938 | ---- | C] () -- D:\WINDOWS\System32\lcphrase.tbl

[2010/10/11 04:28:43 | 000,146,126 | ---- | C] () -- D:\WINDOWS\System32\array30.tab

[2010/10/11 04:28:43 | 000,110,566 | ---- | C] () -- D:\WINDOWS\System32\arphr.tbl

[2010/10/11 04:28:43 | 000,024,114 | ---- | C] () -- D:\WINDOWS\System32\lcptr.tbl

[2010/10/11 04:28:43 | 000,018,600 | ---- | C] () -- D:\WINDOWS\System32\arrayhw.tab

[2010/10/11 04:28:43 | 000,016,312 | ---- | C] () -- D:\WINDOWS\System32\arptr.tbl

[2010/10/11 04:28:42 | 000,116,285 | ---- | C] () -- D:\WINDOWS\System32\msdayi.tbl

[2010/10/11 04:28:42 | 000,044,370 | ---- | C] () -- D:\WINDOWS\System32\acode.tbl

[2010/10/11 04:28:42 | 000,044,370 | ---- | C] () -- D:\WINDOWS\System32\a234.tbl

[2010/10/11 04:28:42 | 000,043,242 | ---- | C] () -- D:\WINDOWS\System32\phoncode.tbl

[2010/10/11 04:28:42 | 000,004,071 | ---- | C] () -- D:\WINDOWS\System32\phon.tbl

[2010/10/11 04:28:42 | 000,002,714 | ---- | C] () -- D:\WINDOWS\System32\phonptr.tbl

[2010/10/11 04:28:42 | 000,001,460 | ---- | C] () -- D:\WINDOWS\System32\a15.tbl

[2010/10/11 04:28:42 | 000,000,700 | ---- | C] () -- D:\WINDOWS\System32\dayiptr.tbl

[2010/10/11 04:28:42 | 000,000,520 | ---- | C] () -- D:\WINDOWS\System32\dayiphr.tbl

[2010/10/11 04:28:41 | 000,195,618 | ---- | C] () -- D:\WINDOWS\System32\c_10002.nls

[2010/10/11 04:28:41 | 000,082,172 | ---- | C] () -- D:\WINDOWS\System32\bopomofo.nls

[2010/10/11 04:28:41 | 000,066,728 | ---- | C] () -- D:\WINDOWS\System32\big5.nls

[2010/10/11 04:28:41 | 000,016,254 | ---- | C] () -- D:\WINDOWS\System32\PINTLPAE.HLP

[2010/10/11 04:28:41 | 000,014,821 | ---- | C] () -- D:\WINDOWS\System32\PINTLPAD.HLP

[2010/10/11 04:28:35 | 001,223,500 | ---- | C] () -- D:\WINDOWS\System32\WINZM.MB

[2010/10/11 04:28:34 | 001,783,864 | ---- | C] () -- D:\WINDOWS\System32\WINPY.MB

[2010/10/11 04:28:34 | 001,564,868 | ---- | C] () -- D:\WINDOWS\System32\WINSP.MB

[2010/10/11 04:28:33 | 000,173,602 | ---- | C] () -- D:\WINDOWS\System32\c_10008.nls

[2010/10/11 04:28:33 | 000,083,748 | ---- | C] () -- D:\WINDOWS\System32\prcp.nls

[2010/10/11 04:28:33 | 000,083,748 | ---- | C] () -- D:\WINDOWS\System32\prc.nls

[2010/10/11 04:28:21 | 000,189,986 | ---- | C] () -- D:\WINDOWS\System32\c_1361.nls

[2010/10/11 04:28:21 | 000,177,698 | ---- | C] () -- D:\WINDOWS\System32\c_10003.nls

[2010/10/11 04:28:21 | 000,047,066 | ---- | C] () -- D:\WINDOWS\System32\ksc.nls

[2010/10/11 04:27:53 | 000,180,770 | ---- | C] () -- D:\WINDOWS\System32\c_20932.nls

[2010/10/11 04:27:53 | 000,177,698 | ---- | C] () -- D:\WINDOWS\System32\c_20949.nls

[2010/10/11 04:27:53 | 000,173,602 | ---- | C] () -- D:\WINDOWS\System32\c_20936.nls

[2010/10/11 04:27:52 | 000,180,258 | ---- | C] () -- D:\WINDOWS\System32\c_20000.nls

[2010/10/11 04:27:52 | 000,162,850 | ---- | C] () -- D:\WINDOWS\System32\c_10001.nls

[2010/10/11 04:27:52 | 000,066,082 | ---- | C] () -- D:\WINDOWS\System32\c_21027.nls

[2010/10/11 04:27:52 | 000,066,082 | ---- | C] () -- D:\WINDOWS\System32\c_20290.nls

[2010/10/11 04:27:52 | 000,028,288 | ---- | C] () -- D:\WINDOWS\System32\xjis.nls

[2010/10/11 04:27:51 | 000,066,082 | ---- | C] () -- D:\WINDOWS\System32\c_28603.nls

[2010/10/11 04:27:48 | 000,066,594 | ---- | C] () -- D:\WINDOWS\System32\c_857.nls

[2010/10/11 04:27:48 | 000,066,082 | ---- | C] () -- D:\WINDOWS\System32\c_28599.nls

[2010/10/11 04:27:48 | 000,066,082 | ---- | C] () -- D:\WINDOWS\System32\c_10081.nls

[2010/10/11 04:27:46 | 000,066,082 | ---- | C] () -- D:\WINDOWS\System32\C_28595.NLS

[2010/10/11 04:27:46 | 000,066,082 | ---- | C] () -- D:\WINDOWS\System32\c_10017.nls

[2010/10/11 04:27:46 | 000,066,082 | ---- | C] () -- D:\WINDOWS\System32\c_10007.nls

[2010/10/11 04:27:44 | 000,066,594 | ---- | C] () -- D:\WINDOWS\System32\c_869.nls

[2010/10/11 04:27:44 | 000,066,594 | ---- | C] () -- D:\WINDOWS\System32\c_737.nls

[2010/10/11 04:27:44 | 000,066,082 | ---- | C] () -- D:\WINDOWS\System32\c_875.nls

[2010/10/11 04:27:44 | 000,066,082 | ---- | C] () -- D:\WINDOWS\System32\C_28597.NLS

[2010/10/11 04:27:44 | 000,066,082 | ---- | C] () -- D:\WINDOWS\System32\c_10006.nls

[2010/10/11 04:27:42 | 000,066,594 | ---- | C] () -- D:\WINDOWS\System32\c_866.nls

[2010/10/11 04:27:42 | 000,066,594 | ---- | C] () -- D:\WINDOWS\System32\c_855.nls

[2010/10/11 04:27:42 | 000,066,082 | ---- | C] () -- D:\WINDOWS\System32\C_28594.NLS

[2010/10/11 04:27:40 | 000,066,594 | ---- | C] () -- D:\WINDOWS\System32\c_852.nls

[2010/10/11 04:27:40 | 000,066,082 | ---- | C] () -- D:\WINDOWS\System32\c_10082.nls

[2010/10/11 04:27:40 | 000,066,082 | ---- | C] () -- D:\WINDOWS\System32\c_10029.nls

[2010/10/11 04:27:40 | 000,066,082 | ---- | C] () -- D:\WINDOWS\System32\c_10010.nls

[2010/10/11 04:27:36 | 000,066,082 | ---- | C] () -- D:\WINDOWS\System32\c_20127.nls

[2010/10/11 04:27:31 | 000,001,688 | ---- | C] () -- D:\WINDOWS\System32\AUTOEXEC.NT

[2010/10/11 04:26:25 | 000,169,896 | ---- | C] () -- D:\WINDOWS\System32\FNTCACHE.DAT

[2010/10/11 04:25:35 | 000,001,771 | ---- | C] () -- D:\WINDOWS\System32\$winnt$.inf

[2010/10/10 22:04:19 | 000,001,734 | ---- | C] () -- D:\Documents and Settings\Overload\Desktop\HijackThis.lnk

[2010/10/10 21:56:30 | 000,001,663 | ---- | C] () -- D:\Documents and Settings\Overload\Desktop\HoN.lnk

[2010/10/10 21:56:30 | 000,000,773 | ---- | C] () -- D:\Documents and Settings\Overload\Desktop\GarenaMessenger.lnk

[2010/10/10 21:52:22 | 000,000,610 | ---- | C] () -- D:\Documents and Settings\Overload\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk

[2010/10/10 21:52:22 | 000,000,592 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Opera.lnk

[2010/10/10 21:50:25 | 000,000,690 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\AutorunRemover.lnk

[2010/10/10 21:48:50 | 000,103,140 | ---- | C] () -- D:\cfje.exe

[2010/10/10 21:48:21 | 000,000,313 | ---- | C] () -- D:\autorun.inf

[2010/10/10 21:46:26 | 000,000,079 | ---- | C] () -- D:\Documents and Settings\Overload\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

[2010/10/10 21:46:17 | 000,000,779 | ---- | C] () -- D:\Documents and Settings\Overload\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2010/10/10 21:46:06 | 000,000,020 | -HS- | C] () -- D:\Documents and Settings\Overload\ntuser.ini

[2010/10/10 21:46:04 | 001,048,576 | -H-- | C] () -- D:\Documents and Settings\Overload\NTUSER.DAT

[2010/10/10 21:46:04 | 000,073,728 | -H-- | C] () -- D:\Documents and Settings\Overload\NTUSER.DAT.LOG

[2010/10/10 21:46:00 | 1072,746,496 | -HS- | C] () -- D:\hiberfil.sys

[2010/10/10 21:44:07 | 000,008,192 | ---- | C] () -- D:\WINDOWS\REGLOCS.OLD

[2010/10/10 21:42:50 | 000,002,048 | --S- | C] () -- D:\WINDOWS\bootstat.dat

[2010/10/10 21:42:19 | 000,019,256 | ---- | C] () -- D:\WINDOWS\System32\OEMLogo.bmp

[2010/10/10 21:42:18 | 000,001,651 | ---- | C] () -- D:\WINDOWS\System32\oeminfo.ini

[2010/10/10 21:42:11 | 000,002,577 | ---- | C] () -- D:\WINDOWS\System32\CONFIG.NT

[2010/10/10 21:42:01 | 000,023,392 | ---- | C] () -- D:\WINDOWS\System32\nscompat.tlb

[2010/10/10 21:42:01 | 000,016,832 | ---- | C] () -- D:\WINDOWS\System32\amcompat.tlb

[2010/10/10 21:41:59 | 000,316,640 | ---- | C] () -- D:\WINDOWS\WMSysPr9.prx

[2010/10/10 21:40:28 | 000,000,488 | RH-- | C] () -- D:\WINDOWS\System32\WindowsLogon.manifest

[2010/10/10 21:40:28 | 000,000,488 | RH-- | C] () -- D:\WINDOWS\System32\logonui.exe.manifest

[2010/10/10 21:40:20 | 000,000,749 | RH-- | C] () -- D:\WINDOWS\System32\wuaucpl.cpl.manifest

[2010/10/10 21:40:20 | 000,000,749 | RH-- | C] () -- D:\WINDOWS\WindowsShell.Manifest

[2010/10/10 21:40:20 | 000,000,749 | RH-- | C] () -- D:\WINDOWS\System32\sapi.cpl.manifest

[2010/10/10 21:40:20 | 000,000,749 | RH-- | C] () -- D:\WINDOWS\System32\nwc.cpl.manifest

[2010/10/10 21:40:20 | 000,000,749 | RH-- | C] () -- D:\WINDOWS\System32\ncpa.cpl.manifest

[2010/10/10 21:40:20 | 000,000,749 | RH-- | C] () -- D:\WINDOWS\System32\cdplayer.exe.manifest

[2010/10/10 21:39:30 | 000,048,680 | -HS- | C] () -- D:\WINDOWS\winnt256.bmp

[2010/10/10 21:39:30 | 000,048,680 | -HS- | C] () -- D:\WINDOWS\winnt.bmp

[2010/10/10 21:37:33 | 000,021,640 | ---- | C] () -- D:\WINDOWS\System32\emptyregdb.dat

[2010/10/10 21:36:54 | 000,172,032 | ---- | C] () -- D:\WINDOWS\System32\LClock.cpl

[2010/10/10 21:36:54 | 000,000,661 | ---- | C] () -- D:\WINDOWS\System32\LClock.cpl.manifest

[2010/10/10 21:36:33 | 000,208,896 | ---- | C] () -- D:\WINDOWS\System32\cttune.cpl

[2010/10/10 21:36:31 | 000,110,592 | ---- | C] () -- D:\WINDOWS\System32\Startup.cpl

[2010/10/10 21:36:10 | 000,065,954 | ---- | C] () -- D:\WINDOWS\Prairie Wind.bmp

[2010/10/10 21:36:10 | 000,065,832 | ---- | C] () -- D:\WINDOWS\Santa Fe Stucco.bmp

[2010/10/10 21:36:10 | 000,026,680 | ---- | C] () -- D:\WINDOWS\River Sumida.bmp

[2010/10/10 21:36:10 | 000,017,362 | ---- | C] () -- D:\WINDOWS\Rhododendron.bmp

[2010/10/10 21:36:10 | 000,009,522 | ---- | C] () -- D:\WINDOWS\Zapotec.bmp

[2010/10/10 21:36:09 | 000,093,702 | ---- | C] () -- D:\WINDOWS\System32\subrange.uce

[2010/10/10 21:36:09 | 000,065,978 | ---- | C] () -- D:\WINDOWS\Soap Bubbles.bmp

[2010/10/10 21:36:09 | 000,026,582 | ---- | C] () -- D:\WINDOWS\Greenstone.bmp

[2010/10/10 21:36:09 | 000,017,336 | ---- | C] () -- D:\WINDOWS\Gone Fishing.bmp

[2010/10/10 21:36:09 | 000,017,062 | ---- | C] () -- D:\WINDOWS\Coffee Bean.bmp

[2010/10/10 21:36:09 | 000,016,730 | ---- | C] () -- D:\WINDOWS\FeatherTexture.bmp

[2010/10/10 21:36:09 | 000,001,272 | ---- | C] () -- D:\WINDOWS\Blue Lace 16.bmp

[2010/10/10 21:36:08 | 000,060,458 | ---- | C] () -- D:\WINDOWS\System32\ideograf.uce

[2010/10/10 21:36:08 | 000,024,006 | ---- | C] () -- D:\WINDOWS\System32\gb2312.uce

[2010/10/10 21:36:08 | 000,022,984 | ---- | C] () -- D:\WINDOWS\System32\bopomofo.uce

[2010/10/10 21:36:08 | 000,016,740 | ---- | C] () -- D:\WINDOWS\System32\shiftjis.uce

[2010/10/10 21:36:08 | 000,012,876 | ---- | C] () -- D:\WINDOWS\System32\korean.uce

[2010/10/10 21:36:08 | 000,008,484 | ---- | C] () -- D:\WINDOWS\System32\kanji_2.uce

[2010/10/10 21:36:08 | 000,006,948 | ---- | C] () -- D:\WINDOWS\System32\kanji_1.uce

[2010/10/10 21:36:05 | 000,003,286 | ---- | C] () -- D:\WINDOWS\System32\tslabels.h

[2010/10/10 21:36:05 | 000,001,161 | ---- | C] () -- D:\WINDOWS\System32\usrlogon.cmd

[2010/10/10 21:36:04 | 000,000,768 | ---- | C] () -- D:\WINDOWS\System32\msdtcprf.h

[2010/10/10 21:35:58 | 000,062,694 | ---- | C] () -- D:\WINDOWS\System32\wmimgmt.msc

[2009/02/24 19:00:00 | 000,394,240 | ---- | C] () -- D:\WINDOWS\System32\HMTCD.dll

[2009/02/24 19:00:00 | 000,061,440 | ---- | C] () -- D:\WINDOWS\System32\CopyToSendTo.dll

========== LOP Check ==========

[2010/10/10 21:59:47 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Overload\Application Data\DMCache

[2010/10/10 22:03:39 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Overload\Application Data\IDM

[2010/10/10 21:52:25 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Overload\Application Data\Opera

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2010/10/10 21:48:50 | 000,000,313 | ---- | M] () -- D:\autorun.inf

[2010/10/10 21:54:30 | 000,103,140 | ---- | M] () -- D:\cfje.exe

[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- D:\eula.1028.txt

[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- D:\eula.1031.txt

[2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- D:\eula.1033.txt

[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- D:\eula.1036.txt

[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- D:\eula.1040.txt

[2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- D:\eula.1041.txt

[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- D:\eula.1042.txt

[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- D:\eula.2052.txt

[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- D:\eula.3082.txt

[2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- D:\globdata.ini

[2010/10/10 21:46:00 | 1072,746,496 | -HS- | M] () -- D:\hiberfil.sys

[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- D:\install.exe

[2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- D:\install.ini

[2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- D:\install.res.1028.dll

[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- D:\install.res.1031.dll

[2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- D:\install.res.1033.dll

[2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- D:\install.res.1036.dll

[2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- D:\install.res.1040.dll

[2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- D:\install.res.1041.dll

[2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- D:\install.res.1042.dll

[2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- D:\install.res.2052.dll

[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- D:\install.res.3082.dll

[2010/10/10 21:43:49 | 1610,612,736 | -HS- | M] () -- D:\pagefile.sys

[2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- D:\vcredist.bmp

[2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- D:\VC_RED.cab

[2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- D:\VC_RED.MSI

< %systemroot%\system32\*.dll /lockedfiles >

[2009/02/24 19:00:00 | 001,384,479 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- D:\WINDOWS\system32\msvbvm60.dll

[1 D:\WINDOWS\system32\*.tmp files -> D:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /90 >

[2010/08/25 21:36:56 | 000,076,768 | ---- | M] (Tonec Inc.) -- D:\WINDOWS\system32\drivers\idmtdi.sys

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

< End of report >

OTL extras

OTL Extras logfile created on: 10/10/2010 10:06:00 PM - Run 1

OTL by OldTimer - Version 3.2.14.1 Folder = D:\Documents and Settings\Overload\My Documents\Downloads\Programs

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00003409 | Country: Republic of the Philippines | Language: ENP | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 621.00 Mb Available Physical Memory | 61.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 87.00% Paging File free

Paging file location(s): D:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files

Drive C: | 30.78 Gb Total Space | 4.40 Gb Free Space | 14.29% Space Free | Partition Type: NTFS

Drive D: | 29.00 Gb Total Space | 24.63 Gb Free Space | 84.93% Space Free | Partition Type: NTFS

Drive E: | 14.73 Gb Total Space | 1.99 Gb Free Space | 13.51% Space Free | Partition Type: FAT32

Drive F: | 37.27 Gb Total Space | 1.75 Gb Free Space | 4.70% Space Free | Partition Type: NTFS

G: Drive not present or media not loaded

Drive H: | 700.15 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

I: Drive not present or media not loaded

Computer Name: DARKEDITION

Current User Name: Overload

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html [@ = Opera.HTML] -- D:\Program Files\Opera\opera.exe (Opera Software)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

http [open] -- "D:\Program Files\Opera\opera.exe" (Opera Software)

https [open] -- "D:\Program Files\Opera\opera.exe" (Opera Software)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [Command Prompt Here] -- cmd.exe /k cd %1 (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Find.Target] -- "explorer.exe" /select,"%1" (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 1

"FirewallDisableNotify" = 1

"UpdatesDisableNotify" = 1

"AntiVirusOverride" = 1

"FirewallOverride" = 1

"UacDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 1

"AntiVirusDisableNotify" = 1

"FirewallDisableNotify" = 1

"FirewallOverride" = 1

"UpdatesDisableNotify" = 1

"UacDisableNotify" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"F:\Installer\WinRar 4.1.65.exe" = F:\Installer\WinRar 4.1.65.exe:*:Enabled:ipsec -- ()

"D:\WINDOWS\Explorer.EXE" = D:\WINDOWS\Explorer.EXE:*:Enabled:ipsec -- (Microsoft Corporation)

"D:\DOCUME~1\Overload\LOCALS~1\Temp\cbncyj.exe" = D:\DOCUME~1\Overload\LOCALS~1\Temp\cbncyj.exe:*:Enabled:ipsec -- ()

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{A2A60894-E3ED-46FE-9A6A-7CF7A87572A0}" = Opera 9.64

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"Autorun Virus Remover_is1" = Autorun Virus Remover 2.3

"CPLBonus" = Kels' CPL Bonus Pack!

"Garena Messenger" = Garena Messenger and Heroes of Newerth

"HijackThis" = HijackThis 2.0.2

"Internet Download Manager" = Internet Download Manager

"LClock" = LClock

"VDrive" = Vista Drive Indicator!

"WinRAR archiver" = WinRAR archiver

========== Last 10 Event Log Errors ==========

[ System Events ]

Error - 10/10/2010 11:00:44 AM | Computer Name = DARKEDITION | Source = SideBySide | ID = 16842784

Description = Dependent Assembly Microsoft.VC80.CRT could not be found and Last

Error was The referenced assembly is not installed on your system.

Error - 10/10/2010 11:00:44 AM | Computer Name = DARKEDITION | Source = SideBySide | ID = 16842811

Description = Resolve Partial Assembly failed for Microsoft.VC80.CRT. Reference error

message: The referenced assembly is not installed on your system. .

Error - 10/10/2010 11:00:44 AM | Computer Name = DARKEDITION | Source = SideBySide | ID = 16842811

Description = Generate Activation Context failed for D:\Program Files\Garena Messenger\Apps\HoN\hon.exe.

Reference

error message: The operation completed successfully. .

< End of report >

Link to post
Share on other sites

Hello uchizenmaru

Welcome to Malwarebytes.

=====================

First temporarily disable any antivirus program or any real time shields that are present:

If you do not know how then you can refer to this link:

http://www.bleepingcomputer.com/forums/topic114351.html

================

Then Download Combofix from any of the links below. You must rename it before saving it. Rename it to kahdah.com then save it to your desktop.

Link 1

Link 2

--------------------------------------------------------------------

Double click on kahdah.com & follow the prompts.

  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt

Link to post
Share on other sites

Here is the report sir

I found Alman virus also that keeps coming back.

ComboFix 10-10-09.06 - Overload 10/11/2010 7:47.1.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.874.63.1033.18.1023.715 [GMT 7:00]

Running from: d:\documents and settings\Overload\My Documents\Downloads\Programs\kahdah.exe

AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\install.exe

C:\mngoi.pif

D:\autorun.inf

D:\elhn.pif

D:\tfqkqx.exe

D:\undc.exe

D:\vflcvd.exe

D:\yhax.pif

D:\ytuda.pif

E:\resycled

F:\resycled

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_AMSINT32

-------\Service_amsint32

((((((((((((((((((((((((( Files Created from 2010-09-11 to 2010-10-11 )))))))))))))))))))))))))))))))

.

No new files created in this timespan

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

------- Sigcheck -------

[-] 2009-02-24 . C64E97CC32E4662F2972FE7E8FA9B6CE . 557056 . . [5.1.2600.5512] . . d:\windows\system32\winlogon.exe

[-] 2009-02-24 . 616456475A04FF53735495F10142CC45 . 643072 . . [5.82] . . d:\windows\system32\comctl32.dll

[7] 2009-02-24 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . d:\windows\WinSxS\InstallTemp\20005\comctl32.dll

[7] 2009-02-24 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . d:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll

[7] 2009-02-24 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . d:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

[-] 2009-02-24 . 741D41BDE7203271F3505347ADE897BC . 3776000 . . [6.00.2900.5726] . . d:\windows\system32\mshtml.dll

[-] 2009-02-24 . 751ABD419E85B6C0B34CCA132280B37A . 2350336 . . [5.1.2600.5657] . . d:\windows\system32\ntoskrnl.exe

[-] 2009-02-24 . 894B313C52589628BB996E175B581E3A . 578048 . . [5.1.2600.5512] . . d:\windows\system32\user32.dll

[-] 2009-02-24 . 69C8F8E2E7B659DA32A5556670006067 . 777216 . . [6.00.2900.5694] . . d:\windows\system32\wininet.dll

[-] 2009-02-24 . B8129BACB446D8CE8B083EC0728C2132 . 1641472 . . [6.00.2900.5634] . . d:\windows\explorer.exe

[-] 2009-02-24 . C1D50243355A290CB3AA684FD8B38170 . 40448 . . [5.1.2600.5512] . . d:\windows\system32\ctfmon.exe

[-] 2009-02-24 . 56F4867BAE6FD78E5365A3A7AFA59C82 . 295424 . . [5.1.2600.5512] . . d:\windows\system32\termsrv.dll

[-] 2009-02-24 . 1FFDA2D5735EFB53F21BB115EB84AC33 . 2227200 . . [5.1.2600.5657] . . d:\windows\system32\ntkrnlpa.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]

@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"

[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]

2010-08-25 14:36 70264 ----a-w- d:\program files\Internet Download Manager\IDMShellExt.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IDMan"="d:\program files\Internet Download Manager\IDMan.exe" [2010-10-11 3241312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IMJPMIG8.1"="d:\windows\IME\imjp8_1\IMJPMIG.EXE" [2009-02-24 290872]

"PHIME2002ASync"="d:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2009-02-24 528896]

"PHIME2002A"="d:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2009-02-24 528896]

"VistaDrive"="d:\windows\VistaDrive\VistaDrive.exe" [2006-10-05 280779]

"UnlockerAssistant"="d:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-01 85504]

"LClock"="d:\program files\LClock\LClock.exe" [2004-09-19 65536]

"AutorunRemover.exe"="d:\program files\AutorunRemover\AutorunRemover.exe" [2009-10-21 1360896]

"egui"="d:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-11 2054360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2009-02-24 40448]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"_nltide_3"="advpack.dll" [2009-02-24 99840]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"SynchronousMachineGroupPolicy"= 0 (0x0)

"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusOverride"=dword:00000001

"AntiVirusDisableNotify"=dword:00000001

"FirewallDisableNotify"=dword:00000001

"FirewallOverride"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"e:\\wrar393.exe"=

"d:\\WINDOWS\\system32\\wscntfy.exe"=

"d:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE"=

"d:\\Program Files\\Unlocker\\UnlockerAssistant.exe"=

"d:\\kahdah\\CF4051.cfxxe"=

"d:\\WINDOWS\\VistaDrive\\VistaDrive.exe"=

R1 ehdrv;ehdrv;d:\windows\system32\drivers\ehdrv.sys [9/11/2009 7:23 AM 108792]

R1 epfwtdir;epfwtdir;d:\windows\system32\drivers\epfwtdir.sys [9/11/2009 7:26 AM 96408]

R1 IDMTDI;IDMTDI;d:\windows\system32\drivers\idmtdi.sys [8/25/2010 9:40 PM 76768]

R1 vcdrom;Virtual CD-ROM Device Driver;d:\program files\System\CPL Bonus\vcdrom.sys [10/11/2010 7:01 AM 8576]

R2 ekrn;ESET Service;d:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [9/11/2009 7:24 AM 735960]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - VCDROM

.

.

------- Supplementary Scan -------

.

uStart Page = about:blank

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

IE: Download all links with IDM - d:\program files\Internet Download Manager\IEGetAll.htm

IE: Download FLV video content with IDM - d:\program files\Internet Download Manager\IEGetVL.htm

IE: Download with IDM - d:\program files\Internet Download Manager\IEExt.htm

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\amsint32]

"ImagePath"="\??\d:\windows\system32\drivers\jnlls.sys"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(408)

d:\windows\system32\SETUPAPI.dll

d:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(464)

d:\windows\system32\SETUPAPI.dll

- - - - - - - > 'explorer.exe'(3296)

d:\windows\system32\SHDOCVW.dll

d:\windows\system32\msctfime.ime

d:\windows\system32\COMRes.dll

d:\program files\Internet Download Manager\IDMShellExt.dll

d:\windows\System32\cscui.dll

d:\windows\system32\SETUPAPI.dll

d:\windows\system32\WPDShServiceObj.dll

d:\program files\LClock\LC.dll

d:\windows\system32\NETSHELL.dll

d:\windows\system32\credui.dll

d:\windows\system32\MSVCP60.dll

d:\windows\system32\PortableDeviceTypes.dll

d:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

d:\docume~1\Overload\LOCALS~1\Temp\jhfi.exe

.

**************************************************************************

.

Completion time: 2010-10-11 08:01:39 - machine was rebooted

ComboFix-quarantined-files.txt 2010-10-11 01:01

Pre-Run: 26,435,956,736 bytes free

Post-Run: 26,611,994,624 bytes free

- - End Of File - - C3E031C269A510C1EC31BB0215A2A6FC

Link to post
Share on other sites

Please submit the following files to one of these online file scanners.

(All you have to do is copy and paste the file path into the box when you click on Browse then once you have done that click on the open button then submit)

d:\windows\system32\winlogon.exe

d:\windows\system32\ntoskrnl.exe

d:\windows\explorer.exe

d:\windows\system32\user32.dll

Jotti File Scan
VirusTotal File Scan

This will produce a report after the scan is complete, please copy and paste those results in your next post.

Link to post
Share on other sites

  • 2 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.