Search engines links are being redirected
-
Search engines links are being redirected
Hey,
My problem started happening recently and I read many of the other threads
involving redirecting search engine links, but I didn't want to try anything that could mess up my computer.
I'd appreciate any help I can get, Thank You.
HiJackThis Log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:16:26 AM, on 8/4/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe
C:\Program Files\Dell Photo AIO Printer 942\memcard.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Photo AIO Printer 942\dlbubmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\WINDOWS\system32\dlbucoms.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\s wg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Dell Photo AIO Printer 942] "C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe"
O4 - HKLM\..\Run: [DellMCM] "C:\Program Files\Dell Photo AIO Printer 942\memcard.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe"
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8 574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: dlbu_device - Dell - C:\WINDOWS\system32\dlbucoms.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
--
End of file - 6969 bytes
-
Please, read HERE, and post all required logs.
-
Hello,
Thank you for replying.
Malwarebytes' Anti-Malware log:
Malwarebytes' Anti-Malware 1.46
Malwarebytes
Database version: 4390
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702
8/4/2010 3:18:34 PM
mbam-log-2010-08-04 (15-18-34).txt
Scan type: Quick scan
Objects scanned: 154741
Time elapsed: 13 minute(s), 42 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Documents and Settings\Administrator\Local Settings\Application Data\Windows Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully.
GMER Log:
GMER 1.0.15.15281 - GMER - Rootkit Detector and Remover
Rootkit scan 2010-08-04 15:43:39
Windows 5.1.2600 Service Pack 2
Running: fi8tcq1n[1].exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kfgyyfog.sys
---- Kernel code sections - GMER 1.0.15 ----
? ekvapnvb.sys The system cannot find the file specified. !
init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xF8062F80]
---- EOF - GMER 1.0.15 ----
MBRCheck Log:
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x0000003c
Kernel Drivers (total 124):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806ED000 \WINDOWS\system32\hal.dll
0xF8A37000 \WINDOWS\system32\KDCOM.DLL
0xF8947000 \WINDOWS\system32\BOOTVID.dll
0xF8537000 ekvapnvb.sys
0xF84E8000 ACPI.sys
0xF8A39000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF84D7000 pci.sys
0xF8547000 isapnp.sys
0xF87B7000 \WINDOWS\System32\Drivers\PCIIDEX.SYS
0xF8A3B000 intelide.sys
0xF8557000 MountMgr.sys
0xF84B8000 ftdisk.sys
0xF8A3D000 dmload.sys
0xF8492000 dmio.sys
0xF87BF000 PartMgr.sys
0xF8567000 VolSnap.sys
0xF847A000 atapi.sys
0xF87C7000 cercsr6.sys
0xF8462000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xF8577000 disk.sys
0xF8587000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF8443000 fltMgr.sys
0xF8431000 sr.sys
0xF841A000 KSecDD.sys
0xF8407000 WudfPf.sys
0xF837A000 Ntfs.sys
0xF834D000 NDIS.sys
0xF8332000 Mup.sys
0xF8677000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF8224000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xF8210000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF887F000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF81ED000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF8887000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF8118000 \SystemRoot\system32\DRIVERS\BCMDM.sys
0xF80F5000 \SystemRoot\system32\DRIVERS\ks.sys
0xF888F000 \SystemRoot\System32\Drivers\Modem.SYS
0xF8687000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys
0xF8697000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF86A7000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF86B7000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF80B5000 \SystemRoot\system32\drivers\smwdm.sys
0xF8091000 \SystemRoot\system32\drivers\portcls.sys
0xF86C7000 \SystemRoot\system32\drivers\drmk.sys
0xF7FDE000 \SystemRoot\system32\drivers\senfilt.sys
0xF86D7000 \SystemRoot\system32\DRIVERS\serial.sys
0xF89FB000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF7F9B000 \SystemRoot\system32\DRIVERS\parport.sys
0xF86E7000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF8897000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF8BD2000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF86F7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF89FF000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF7F84000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF8707000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF8717000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF88A7000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF7F73000 \SystemRoot\system32\DRIVERS\psched.sys
0xF8727000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF88AF000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF88B7000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF7CBA000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF8737000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF88BF000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF8A53000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF7BE6000 \SystemRoot\system32\DRIVERS\update.sys
0xF8A23000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF8747000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF8767000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF8A57000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF82FE000 \SystemRoot\system32\drivers\MODEMCSA.sys
0xF8A5F000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF8B38000 \SystemRoot\System32\Drivers\Null.SYS
0xF8A61000 \SystemRoot\System32\Drivers\Beep.SYS
0xF88DF000 \SystemRoot\System32\drivers\vga.sys
0xF8A63000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF8A65000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF88E7000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF88EF000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF82EE000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xEECEB000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xEEC93000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xEEC59000 \SystemRoot\System32\Drivers\avgtdix.sys
0xEEC38000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF8787000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF89D3000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF8797000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF88F7000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xEEBE8000 \SystemRoot\system32\DRIVERS\netbt.sys
0xEEBC6000 \SystemRoot\System32\drivers\afd.sys
0xF87A7000 \SystemRoot\system32\DRIVERS\netbios.sys
0xEEB9A000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xEEB2B000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF85B7000 \SystemRoot\System32\Drivers\Fips.SYS
0xF88FF000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF89DF000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF890F000 \SystemRoot\System32\Drivers\avgmfx86.sys
0xEEAF7000 \SystemRoot\System32\Drivers\avgldx86.sys
0xF89EF000 \SystemRoot\system32\DRIVERS\usbscan.sys
0xF8917000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xF891F000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xF85D7000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xEEADF000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF8A7B000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF8A13000 \SystemRoot\System32\drivers\Dxapi.sys
0xF892F000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF8BF8000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF020000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF03F000 \SystemRoot\System32\ialmdev5.DLL
0xBF06B000 \SystemRoot\System32\ialmdd5.DLL
0xEE8D3000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xEE5DA000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF8ABB000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xEE4E3000 \SystemRoot\system32\DRIVERS\srv.sys
0xEDF2E000 \SystemRoot\system32\drivers\wdmaud.sys
0xEE22B000 \SystemRoot\system32\drivers\sysaudio.sys
0xEDB78000 \SystemRoot\System32\Drivers\HTTP.sys
0xED6D7000 \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kfgyyfog.sy s
0xED6AD000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll
Processes (total 45):
0 System Idle Process
4 System
560 C:\WINDOWS\system32\smss.exe
624 csrss.exe
648 C:\WINDOWS\system32\winlogon.exe
696 C:\WINDOWS\system32\services.exe
708 C:\WINDOWS\system32\lsass.exe
868 C:\WINDOWS\system32\svchost.exe
932 svchost.exe
1028 C:\WINDOWS\system32\svchost.exe
1064 C:\WINDOWS\system32\svchost.exe
1120 C:\Program Files\AVG\AVG9\avgchsvx.exe
1128 C:\Program Files\AVG\AVG9\avgrsx.exe
1216 C:\Program Files\AVG\AVG9\avgcsrvx.exe
1288 svchost.exe
1568 svchost.exe
1744 C:\WINDOWS\system32\spoolsv.exe
1888 svchost.exe
1920 C:\Program Files\AVG\AVG9\avgwdsvc.exe
2024 C:\Program Files\Java\jre6\bin\jqs.exe
188 C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
436 C:\WINDOWS\system32\svchost.exe
360 C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
604 C:\Program Files\AVG\AVG9\avgnsx.exe
672 C:\Program Files\AVG\AVG9\avgemc.exe
1344 C:\Program Files\AVG\AVG9\avgcsrvx.exe
2608 alg.exe
2960 C:\WINDOWS\explorer.exe
3340 C:\Program Files\Analog Devices\Core\smax4pnp.exe
3356 C:\WINDOWS\system32\igfxtray.exe
3376 C:\WINDOWS\system32\hkcmd.exe
3384 C:\PROGRA~1\AVG\AVG9\avgtray.exe
3440 C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe
3472 C:\Program Files\Dell Photo AIO Printer 942\memcard.exe
3492 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3576 C:\Program Files\Dell Photo AIO Printer 942\dlbubmon.exe
3604 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
3672 C:\WINDOWS\system32\ctfmon.exe
3712 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
3848 C:\Program Files\LimeWire\LimeWire.exe
2224 C:\Program Files\Internet Explorer\iexplore.exe
2424 C:\WINDOWS\system32\wuauclt.exe
2632 C:\Program Files\Internet Explorer\iexplore.exe
3132 C:\Program Files\Common Files\Java\Java Update\jucheck.exe
260 C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MOPWHUB2\MBRCheck[1].exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
PhysicalDrive0 Model Number: IC35L030AVV207-0, Rev: V21OA66A
Size Device Name MBR Status
--------------------------------------------
27 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
Done!
-
OTL.txt
OTL logfile created on: 8/4/2010 3:51:29 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
510.00 Mb Total Physical Memory | 57.00 Mb Available Physical Memory | 11.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 56.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.93 Gb Total Space | 17.91 Gb Free Space | 64.13% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: USER-25DB6E0305
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/08/04 15:50:29 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2010/07/29 12:32:10 | 000,503,808 | ---- | M] (Lime Wire, LLC) -- C:\Program Files\LimeWire\LimeWire.exe
PRC - [2010/07/21 11:57:42 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/07/15 12:42:27 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/07/15 12:42:21 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/15 12:42:20 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/07/15 12:42:12 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/15 12:38:36 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/07/15 12:36:51 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/07/13 18:58:22 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
PRC - [2010/06/24 10:41:38 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2010/01/11 15
52 | 000,490,216 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2006/08/15 11:47:58 | 001,404,928 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2005/12/16 06:57:56 | 000,094,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2004/08/31 10:34:08 | 000,102,400 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 942\dlbubmon.exe
PRC - [2004/08/31 10:18:44 | 000,294,912 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe
PRC - [2004/08/04 06:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/07/27 10:08:22 | 000,262,144 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 942\memcard.exe
========== Modules (SafeList) ==========
MOD - [2010/08/04 15:50:29 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2004/08/04 06:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2004/08/04 06:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/07/21 11:57:42 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/07/15 12:42:12 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/06/24 10:41:38 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2004/07/01 16:45:46 | 000,421,888 | ---- | M] (Dell) [On_Demand | Stopped] -- C:\WINDOWS\System32\dlbucoms.exe -- (dlbu_device)
SRV - [2002/12/17 20:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlagent.EXE -- (SQLAgent$MICROSOFTBCM)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\InCDRm.sys -- (InCDRm)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\InCDPass.sys -- (InCDPass)
DRV - File not found [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\InCDFs.sys -- (InCDFs)
DRV - [2010/07/15 12:42:24 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/15 12:38:38 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/07/12 18:51:38 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2007/01/30 13:12:06 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/08/15 11:48:00 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2001/08/17 09:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 09:28:00 | 000,871,388 | ---- | M] (BCM) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMDM.sys -- (BCMModem)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0
[2010/08/01 17:58:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/07/26 22:53:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\home2@tomtom.com
[2010/08/01 17:58:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\mozswing@mozswing.org
O1 HOSTS File: ([2004/08/04 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\s wg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Dell Photo AIO Printer 942] C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe ()
O4 - HKLM..\Run: [DellMCM] C:\Program Files\Dell Photo AIO Printer 942\memcard.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8 574934B26AC4.dll (Google Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/07/12 16:14:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{7a7b18e6-8e2a-11df-9d3d-000bdb2dbb9c}\Shell\AutoRun\command - "" = rhwhin.exe
O33 - MountPoints2\{7a7b18e6-8e2a-11df-9d3d-000bdb2dbb9c}\Shell\open\Command - "" = rhwhin.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (56590081070202880)
========== Files/Folders - Created Within 90 Days ==========
[2010/08/04 15:50:23 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/08/04 15:00:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2010/08/04 15:00:09 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/08/04 15:00:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/08/04 15:00:06 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/08/04 15:00:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/04 14:09:10 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\TFC.exe
[2010/08/04 00:13:42 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/08/03 21:59:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Windows Server
[2010/08/03 21:59:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010/08/01 17:59:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\LimeWire
[2010/08/01 17
55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\LimeWire
[2010/08/01 17:53:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/08/01 17:53:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/08/01 17:52:06 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/08/01 17:50:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Sun
[2010/08/01 17:50:14 | 000,000,000 | ---D | C] -- C:\Program Files\LimeWire
[2010/07/26 22:55:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\TomTom
[2010/07/26 22:55:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2010/07/26 22:52:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[2010/07/26 22:52:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\TomTom
[2010/07/26 22:52:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\TomTom
[2010/07/26 22:51:53 | 000,000,000 | ---D | C] -- C:\Program Files\TomTom International B.V
[2010/07/26 22:51:13 | 000,000,000 | ---D | C] -- C:\Program Files\TomTom HOME 2
[2010/07/26 22:43:16 | 000,000,000 | ---D | C] -- C:\Program Files\TomTom DesktopSuite
[2010/07/25 00:11:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Temp
[2010/07/19 16:08:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\school
[2010/07/19 16:06:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\TeamViewer
[2010/07/19 16:05:34 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2010/07/15 20:45:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2010/07/15 12:42:20 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/07/14 2158 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory
[2010/07/14 16:09:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities
[2010/07/13 22:55:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2010/07/13 21:24:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/07/13 21:22:41 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/07/13 20:58:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Backup
[2010/07/13 20:57:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\SQLHotfix
[2010/07/13 20:55:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio .NET 2003
[2010/07/13 20:55:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Crystal Decisions
[2010/07/13 20:54:32 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2010/07/13 20:51:26 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2010/07/13 20:51:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2010/07/13 20:51:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTemp
[2010/07/13 20:44:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/07/13 20:44:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync
[2010/07/13 20:44:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/07/13 20:43:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2010/07/13 20:43:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/07/13 20:38:33 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010/07/13 20:27:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
[2010/07/13 19:28:45 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Videos
[2010/07/13 19:26:36 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2010/07/13 19:24:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2010/07/13 19:24:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2010/07/13 19:22:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010/07/13 18:47:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My PSP8 Files
[2010/07/13 18:47:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc
[2010/07/13 18:46:08 | 000,000,000 | ---D | C] -- C:\Program Files\Jasc Software Inc
[2010/07/13 18:46:08 | 000,000,000 | ---D | C] -- C:\Program Files\Dell Computer
[2010/07/13 18:44:41 | 000,000,000 | ---D | C] -- C:\Program Files\ABBYY FineReader 5.0 Sprint
[2010/07/13 18:39:15 | 000,471,040 | ---- | C] (Dell) -- C:\WINDOWS\System32\dlbupmui.dll
[2010/07/13 18:39:14 | 000,344,064 | ---- | C] (Dell) -- C:\WINDOWS\System32\dlbucfg.exe
[2010/07/13 18:39:14 | 000,114,688 | ---- | C] (Dell) -- C:\WINDOWS\System32\dlbupplc.dll
[2010/07/13 18:39:13 | 001,040,384 | ---- | C] (Dell) -- C:\WINDOWS\System32\dlbuusb1.dll
[2010/07/13 18:39:13 | 000,495,616 | ---- | C] (Dell) -- C:\WINDOWS\System32\dlbuhbn1.dll
[2010/07/13 18:39:13 | 000,450,560 | ---- | C] (Dell) -- C:\WINDOWS\System32\dlbulmpm.dll
[2010/07/13 18:39:13 | 000,421,888 | ---- | C] (Dell) -- C:\WINDOWS\System32\dlbucoms.exe
[2010/07/13 18:39:13 | 000,385,024 | ---- | C] (Dell) -- C:\WINDOWS\System32\dlbucomm.dll
[2010/07/13 18:39:12 | 001,048,576 | ---- | C] (Dell) -- C:\WINDOWS\System32\dlbuserv.dll
[2010/07/13 18:39:12 | 000,520,192 | ---- | C] (Dell) -- C:\WINDOWS\System32\dlbucomc.dll
[2010/07/13 18:39:12 | 000,126,976 | ---- | C] (Dell) -- C:\WINDOWS\System32\dlbuprox.dll
[2010/07/13 18:38:52 | 000,000,000 | ---D | C] -- C:\Program Files\Dell Photo AIO Printer 942
[2010/07/13 18:38:29 | 000,000,000 | ---D | C] -- C:\Temp
[2010/07/13 18:25:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\K
[2010/07/13 1854 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[2010/07/13 1832 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2010/07/13 18:07:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/07/13 17:58:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2010/07/13 17:54:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/07/13 17:52:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2010/07/13 17:52:14 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/07/13 17:51:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/07/13 17:44:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010/07/13 02:23:29 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/07/13 00:40:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2010/07/12 2346 | 055,777,304 | ---- | C] (Adobe ) -- C:\Documents and Settings\Administrator\My Documents\pscs4micro.exe
[2010/07/12 22:40:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/07/12 22:35:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/07/12 18:50:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2010/07/12 18:49:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2010/07/12 18:49:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
[2010/07/12 18:49:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Google
[2010/07/12 18:43:47 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010/07/12 18:33:23 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IECompatCache
[2010/07/12 18:32:50 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\PrivacIE
[2010/07/12 18:31:05 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2010/07/12 18:27:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010/07/12 18:25:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2010/07/12 16:44:17 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/07/12 16:44:07 | 000,243,024 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/07/12 16:43:57 | 000,216,400 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/07/12 16:43:55 | 000,029,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/07/12 16:43:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010/07/12 16:43:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/07/12 16:43:37 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/07/12 16:43:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/07/12 16:28:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Ahead
[2010/07/12 16:25:08 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/07/12 16:24:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2010/07/12 16:24:34 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2010/07/12 16:24:34 | 000,000,000 | ---D | C] -- C:\Program Files\CyberLink
[2010/07/12 16:24:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010/07/12 16:23:57 | 000,000,000 | ---D | C] -- C:\Program Files\Analog Devices
[2010/07/12 16:23:28 | 000,311,296 | ---- | C] (Analog Devices Incorporated) -- C:\WINDOWS\System32\Edcrypt.dll
[2010/07/12 16:23:27 | 000,000,000 | ---D | C] -- C:\Program Files\Nero
[2010/07/12 16:23:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Ahead
[2010/07/12 16:22:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2010/07/12 16:19:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Identities
[2010/07/12 16:19:56 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2010/07/12 16:19:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Pictures
[2010/07/12 16:19:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Music
[2010/07/12 16:19:45 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2010/07/12 16:19:45 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\SendTo
[2010/07/12 16:19:45 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2010/07/12 16:19:45 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Application Data
[2010/07/12 16:19:45 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents
[2010/07/12 16:19:45 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Favorites
[2010/07/12 16:19:45 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\Cookies
[2010/07/12 16:19:45 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\PrintHood
[2010/07/12 16:19:45 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\NetHood
[2010/07/12 16:19:45 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings
[2010/07/12 16:19:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2010/07/12 16:19:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop
[2010/07/12 16:19:44 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu
[2010/07/12 16:19:44 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Templates
[2010/07/12 16:19:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2010/07/12 16:19:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/07/12 16:19:32 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2010/07/12 16:19:31 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/07/12 16:19:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/07/12 16:19:22 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/07/12 16:19:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/07/12 16:17:44 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2010/07/12 16:17:44 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2010/07/12 16:17:44 | 000,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2010/07/12 16:16:12 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2010/07/12 16:15:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2010/07/12 16:15:34 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2010/07/12 16:15:34 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2010/07/12 16:15:15 | 000,000,000 | ---D | C] -- C:\DELL
[2010/07/12 16:15:04 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2010/07/12 16:13:14 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2010/07/12 16:12:58 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2010/07/12 16:12:58 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2010/07/12 16:12:43 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2010/07/12 16:12:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2010/07/12 16:11:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2010/07/12 16:11:44 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2010/07/12 16:11:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2010/07/12 16:11:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2010/07/12 16:11:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2010/07/12 16:11:31 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2010/07/12 16:11:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2010/07/12 16:11:20 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2010/07/12 16:11:17 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2010/07/12 16:11:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2010/07/12 16:11:09 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2010/07/12 16:11:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2010/07/12 16:10:18 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2010/07/12 16:10:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2010/07/12 16:10:01 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2010/07/12 16:10:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2010/07/12 16:10:00 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2010/07/12 16:09:53 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger
[2010/07/12 16:09:49 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2010/07/12 16:09:14 | 000,000,000 | ---D | C] -- C:\Program Files\MSN
[2010/07/12 16:09:13 | 000,281,088 | ---- | C] (Cinematronics) -- C:\WINDOWS\System32\dllcache\pinball.exe
[2010/07/12 16:09:12 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2010/07/12 16:09:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2010/07/12 16:09:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2010/07/12 16:08:55 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2010/07/12 09:04:41 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\drivers\BCMDM.sys
[2010/07/12 09:02:24 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2010/07/12 09:02:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2010/07/12 09:02:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2010/07/12 09:02:19 | 000,000,000 | R--D | C] -- C:\Program Files
[2010/07/12 09:02:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2010/07/12 09:02:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2010/07/12 09:01:50 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2010/07/12 09:01:50 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2010/07/12 09:01:50 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates
[2010/07/12 09:01:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2010/07/12 09:01:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop
[2010/07/12 09:01:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2010/07/12 09:01:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2010/07/12 09:01:28 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2010/07/12 09:01:28 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2010/07/12 09:01:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings
[2010/07/12 09:01:05 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010/07/12 08:53:25 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2010/07/12 08:53:25 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2010/07/12 08:53:25 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
[2010/07/12 08:53:25 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2010/07/12 08:53:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2010/07/12 08:53:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2010/07/12 08:53:25 | 000,000,000 | ---D | C] -- C:\WINDOWS
[2010/07/12 08:53:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2010/07/12 08:53:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2010/07/12 08:53:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2010/07/12 08:53:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2010/07/12 08:53:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
[2010/07/12 08:53:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
[2010/07/12 08:53:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2010/07/12 08:53:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2010/07/12 08:53:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2010/07/12 08:53:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
[2010/07/12 08:53:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2010/07/12 08:53:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
[2010/07/12 08:53:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2010/07/12 08:53:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2010/07/12 08:53:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2010/07/12 08:53:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\pchealth
[2010/07/12 08:53:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2010/07/12 08:53:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2010/07/12 08:53:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2010/07/12 08:53:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2010/07/12 08:53:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2010/07/12 08:53:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2010/07/12 08:53:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
[2010/07/12 08:53:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
[2010/07/12 08:53:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2010/07/12 08:53:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2010/07/12 08:53:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
[2010/07/12 08:53:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2010/07/12 08:53:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2010/07/12 08:53:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
[2010/07/12 08:53:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2010/07/12 08:53:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2010/07/12 08:53:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\ehome
[2010/07/12 08:53:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2010/07/12 08:53:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2010/07/12 08:53:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2010/07/12 08:53:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2010/07/12 08:53:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\dell
[2010/07/12 08:53:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2010/07/12 08:53:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2010/07/12 08:53:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2010/07/12 08:53:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2010/07/12 08:53:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2010/07/12 08:53:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2010/07/12 08:53:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2010/07/12 08:53:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2010/07/12 08:53:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2010/07/12 08:53:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2010/07/12 08:53:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2010/07/12 08:53:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2010/07/12 08:53:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2010/07/12 08:53:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2010/07/12 08:53:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2010/07/12 08:53:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2010/07/12 08:53:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2010/07/12 08:53:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
-
========== Files - Modified Within 90 Days ==========
[2010/08/04 15:50:29 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/08/04 15:27:17 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/04 15:27:16 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/04 15:26:49 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/04 15:26:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/04 15:25:00 | 002,621,440 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/08/04 15:24:52 | 005,348,288 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010/08/04 15:15:08 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/04 15:00:21 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/04 14:40:31 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\TFC.exe
[2010/08/04 10:00:17 | 062,925,267 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/08/04 00:16:18 | 000,002,463 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk
[2010/08/03 19:22:05 | 000,000,530 | ---- | M] () -- C:\WINDOWS\dellstat.ini
[2010/08/02 01:01:38 | 000,398,510 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/02 01:01:38 | 000,060,618 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/02 01:01:36 | 000,465,790 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/02 00:10:13 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\AP lit.doc
[2010/08/01 18:00:08 | 000,001,538 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\LimeWire On Startup.lnk
[2010/08/01 17:55:29 | 000,001,580 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\LimeWire 5.5.13.lnk
[2010/07/29 05:10:37 | 001,124,862 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\07-29-2010 02;10;31AM.tif
[2010/07/22 20:44:31 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/07/22 20:27:15 | 000,916,910 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\2369_001Prabhjot[1].pdf
[2010/07/22 11:46:58 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/07/19 16:05:51 | 000,000,879 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 5.lnk
[2010/07/15 17:49:08 | 000,043,336 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/07/15 17:47:49 | 000,000,806 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Photoshop CS4.lnk
[2010/07/15 12:42:24 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/07/15 12:42:20 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/07/15 12:38:38 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/07/14 19:18:11 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/07/13 23:07:43 | 000,190,592 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/13 22:54:21 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpD r_01_00_00.Wdf
[2010/07/13 21:38:38 | 000,043,851 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Toothy.wmz
[2010/07/13 21:38:15 | 000,107,591 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\springflower.wmz
[2010/07/13 2051 | 000,000,466 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2010/07/13 20:45:30 | 000,000,603 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/13 19:28:35 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/07/13 19:28:35 | 000,000,788 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Windows Media Player.lnk
[2010/07/13 19:27:02 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/07/13 19:27:02 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/07/13 19:24:19 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_0 0_00.Wdf
[2010/07/13 19:16:16 | 000,001,645 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Internet Explorer.lnk
[2010/07/13 14:02:21 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/07/12 18:51:38 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/07/12 18:48:51 | 000,142,495 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/07/12 18:31:37 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/07/12 16:44:08 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/07/12 16:43:55 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/07/12 16:43:49 | 006,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2010/07/12 16:43:49 | 000,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2010/07/12 16:24:45 | 000,001,684 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PowerDVD.lnk
[2010/07/12 16:20:09 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2010/07/12 16:19:26 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2010/07/12 16:18:42 | 000,000,261 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/07/12 16:14:49 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/07/12 16:14:49 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/07/12 16:14:49 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/07/12 16:14:49 | 000,000,000 | ---- | M] () -- C:\WINDOWS\control.ini
[2010/07/12 16:14:49 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/07/12 16:14:49 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/07/12 16:14:39 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/07/12 16:14:24 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010/07/12 16:12:58 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2010/07/12 16:12:58 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/07/12 16:12:49 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/07/12 16:12:49 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/07/12 16:12:49 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/07/12 16:12:49 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/07/12 16:12:49 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/07/12 16:12:49 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010/07/12 16:10:31 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/07/12 16:10:16 | 000,000,037 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2010/07/12 16:10:16 | 000,000,036 | ---- | M] () -- C:\WINDOWS\vb.ini
[2010/07/12 16:07:56 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/07/12 09:02:19 | 000,000,231 | ---- | M] () -- C:\WINDOWS\system.ini
========== Files Created - No Company Name ==========
[2010/08/04 15:00:21 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/04 00:13:43 | 000,002,463 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk
[2010/08/02 00:10:12 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\AP lit.doc
[2010/08/01 18:00:08 | 000,001,538 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\LimeWire On Startup.lnk
[2010/08/01 17:55:29 | 000,001,580 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\LimeWire 5.5.13.lnk
[2010/07/29 05:10:36 | 001,124,862 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\07-29-2010 02;10;31AM.tif
[2010/07/22 20:27:15 | 000,916,910 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\2369_001Prabhjot[1].pdf
[2010/07/19 16:05:51 | 000,000,879 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 5.lnk
[2010/07/15 17:47:49 | 000,000,806 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Photoshop CS4.lnk
[2010/07/13 22:54:21 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpD r_01_00_00.Wdf
[2010/07/13 21:38:35 | 000,043,851 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Toothy.wmz
[2010/07/13 21:38:13 | 000,107,591 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\springflower.wmz
[2010/07/13 21:36:28 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Windows Media Player.lnk
[2010/07/13 2050 | 000,000,466 | ---- | C] () -- C:\WINDOWS\System32\mapisvc.inf
[2010/07/13 20:46:07 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/07/13 19:24:19 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_0 0_00.Wdf
[2010/07/13 18:59:00 | 000,000,900 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/13 18:58:59 | 000,000,896 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/13 18:42:17 | 000,000,530 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2010/07/13 18:40:38 | 000,143,360 | R--- | C] () -- C:\WINDOWS\System32\dlbucoin.dll
[2010/07/13 18:40:38 | 000,131,072 | R--- | C] () -- C:\WINDOWS\System32\dlbusnls.dll
[2010/07/13 18:39:14 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\dlbuih.exe
[2010/07/13 18:39:14 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbuvs.dll
[2010/07/13 18:39:14 | 000,001,028 | ---- | C] () -- C:\WINDOWS\System32\dlbu.loc
[2010/07/13 18:39:10 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlbucur.dll
[2010/07/13 18:39:10 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlbucu.dll
[2010/07/13 18:39:07 | 000,002,194 | ---- | C] () -- C:\WINDOWS\System32\dlbulpa.cnt
[2010/07/13 18:39:07 | 000,001,603 | ---- | C] () -- C:\WINDOWS\System32\dlbudrv.cnt
[2010/07/13 18:39:07 | 000,000,282 | ---- | C] () -- C:\WINDOWS\System32\dlbuma.cnt
[2010/07/13 18:39:06 | 000,676,307 | ---- | C] () -- C:\WINDOWS\System32\dlbulpa.hlp
[2010/07/13 18:39:06 | 000,378,688 | ---- | C] () -- C:\WINDOWS\System32\dlbudrv.hlp
[2010/07/13 18:39:02 | 000,557,056 | ---- | C] () -- C:\WINDOWS\System32\dlbujswr.dll
[2010/07/13 18:38:53 | 000,401,408 | ---- | C] () -- C:\WINDOWS\System32\dlbuutil.dll
[2010/07/13 17:55:31 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/07/12 22:36:39 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/07/12 16:44:08 | 000,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/07/12 16:43:55 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/07/12 16:43:49 | 062,925,267 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/07/12 16:43:49 | 006,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2010/07/12 16:43:49 | 000,492,629 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2010/07/12 16:43:49 | 000,142,495 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/07/12 16:26:26 | 000,057,801 | ---- | C] () -- C:\WINDOWS\System32\igfxhenu.lhp
[2010/07/12 16:26:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\igfxrtrk.lrc
[2010/07/12 16:26:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\igfxrtha.lrc
[2010/07/12 16:26:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\igfxrsve.lrc
[2010/07/12 16:26:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\igfxrkor.lrc
[2010/07/12 16:26:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\igfxrjpn.lrc
[2010/07/12 16:26:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\igfxrita.lrc
[2010/07/12 16:26:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\igfxrheb.lrc
[2010/07/12 16:26:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\igfxrfra.lrc
[2010/07/12 16:26:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\igfxrdan.lrc
[2010/07/12 16:26:25 | 000,061,414 | ---- | C] () -- C:\WINDOWS\System32\igfxhrus.lhp
[2010/07/12 16:26:25 | 000,058,623 | ---- | C] () -- C:\WINDOWS\System32\igfxheng.lhp
[2010/07/12 16:26:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\igfxrptg.lrc
[2010/07/12 16:26:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\igfxrptb.lrc
[2010/07/12 16:26:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\igfxrplk.lrc
[2010/07/12 16:26:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\igfxrnor.lrc
[2010/07/12 16:26:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\igfxrnld.lrc
[2010/07/12 16:26:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\igfxrhun.lrc
[2010/07/12 16:26:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\igfxrfrc.lrc
[2010/07/12 16:26:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\igfxrfin.lrc
[2010/07/12 16:26:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\igfxresp.lrc
[2010/07/12 16:26:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\igfxrell.lrc
[2010/07/12 16:26:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\igfxrdeu.lrc
[2010/07/12 16:26:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\igfxrcsy.lrc
[2010/07/12 16:26:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\igfxrcht.lrc
[2010/07/12 16:26:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\igfxrchs.lrc
[2010/07/12 16:26:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\igfxrarb.lrc
[2010/07/12 16:26:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\igfxrara.lrc
[2010/07/12 16:26:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\igfxhtrk.lhp
[2010/07/12 16:26:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\igfxhtha.lhp
[2010/07/12 16:26:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\igfxhsve.lhp
[2010/07/12 16:26:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\igfxhptg.lhp
[2010/07/12 16:26:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\igfxhptb.lhp
[2010/07/12 16:26:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\igfxhplk.lhp
[2010/07/12 16:26:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\igfxhnor.lhp
[2010/07/12 16:26:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\igfxhnld.lhp
[2010/07/12 16:26:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\igfxhkor.lhp
[2010/07/12 16:26:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\igfxhjpn.lhp
[2010/07/12 16:26:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\igfxhita.lhp
[2010/07/12 16:26:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\igfxhhun.lhp
[2010/07/12 16:26:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\igfxhheb.lhp
[2010/07/12 16:26:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\igfxhfrc.lhp
[2010/07/12 16:26:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\igfxhfra.lhp
[2010/07/12 16:26:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\igfxhfin.lhp
[2010/07/12 16:26:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\igfxhesp.lhp
[2010/07/12 16:26:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\igfxhell.lhp
[2010/07/12 16:26:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\igfxhdeu.lhp
[2010/07/12 16:26:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\igfxhdan.lhp
[2010/07/12 16:26:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\igfxhcsy.lhp
[2010/07/12 16:26:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\igfxhcht.lhp
[2010/07/12 16:26:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\igfxhchs.lhp
[2010/07/12 16:26:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\igfxharb.lhp
[2010/07/12 16:26:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\igfxhara.lhp
[2010/07/12 16:24:45 | 000,001,684 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PowerDVD.lnk
[2010/07/12 16:20:43 | 000,001,645 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Internet Explorer.lnk
[2010/07/12 16:20:09 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2010/07/12 16:19:56 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/07/12 16:19:48 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/07/12 16:19:47 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\Administrator\ntuser.dat.LOG
[2010/07/12 16:19:44 | 002,621,440 | -H-- | C] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/07/12 16:19:26 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2010/07/12 16:18:34 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/07/12 16:18:20 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls
[2010/07/12 16:17:37 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls
[2010/07/12 16:17:37 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls
[2010/07/12 16:17:35 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2010/07/12 16:17:09 | 000,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls
[2010/07/12 16:17:08 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2010/07/12 16:16:58 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2010/07/12 16:16:57 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2010/07/12 16:16:54 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2010/07/12 16:16:43 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2010/07/12 16:16:37 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2010/07/12 16:16:31 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2010/07/12 16:16:15 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2010/07/12 16:16:11 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls
[2010/07/12 16:16:10 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls
[2010/07/12 16:16:10 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls
[2010/07/12 16:16:10 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls
[2010/07/12 16:16:10 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2010/07/12 16:16:10 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls
[2010/07/12 16:16:09 | 000,180,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls
[2010/07/12 16:16:09 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls
[2010/07/12 16:16:09 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls
[2010/07/12 16:16:09 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls
[2010/07/12 16:16:09 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls
[2010/07/12 16:16:09 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls
[2010/07/12 16:16:09 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls
[2010/07/12 16:16:08 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls
[2010/07/12 16:16:08 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls
[2010/07/12 16:16:08 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls
[2010/07/12 16:16:08 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls
[2010/07/12 16:16:08 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls
[2010/07/12 16:16:08 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls
[2010/07/12 16:16:08 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls
[2010/07/12 16:16:08 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls
[2010/07/12 16:16:07 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls
[2010/07/12 16:16:07 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls
[2010/07/12 16:16:07 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls
[2010/07/12 16:16:07 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls
[2010/07/12 16:16:07 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls
[2010/07/12 16:16:07 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls
[2010/07/12 16:16:07 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls
[2010/07/12 16:16:07 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls
[2010/07/12 16:16:07 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls
[2010/07/12 16:16:06 | 000,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls
[2010/07/12 16:16:06 | 000,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls
[2010/07/12 16:16:06 | 000,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls
[2010/07/12 16:16:06 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls
[2010/07/12 16:16:06 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls
[2010/07/12 16:16:06 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls
[2010/07/12 16:16:06 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls
[2010/07/12 16:16:06 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls
[2010/07/12 16:16:05 | 000,189,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls
[2010/07/12 16:16:05 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls
[2010/07/12 16:16:05 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls
[2010/07/12 16:16:05 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls
[2010/07/12 16:16:05 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls
[2010/07/12 16:16:05 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls
[2010/07/12 16:16:04 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls
[2010/07/12 16:16:04 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls
[2010/07/12 16:16:04 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls
[2010/07/12 16:16:04 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls
[2010/07/12 16:16:04 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls
[2010/07/12 16:16:04 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls
[2010/07/12 16:16:04 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls
[2010/07/12 16:16:04 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls
[2010/07/12 16:16:03 | 000,195,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls
[2010/07/12 16:16:03 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls
[2010/07/12 16:16:03 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls
[2010/07/12 16:16:03 | 000,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls
[2010/07/12 16:16:03 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls
[2010/07/12 16:16:03 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls
[2010/07/12 16:16:02 | 000,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls
[2010/07/12 16:16:02 | 000,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls
[2010/07/12 16:14:49 | 000,002,577 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/07/12 16:14:49 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010/07/12 16:14:49 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010/07/12 16:14:49 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2010/07/12 16:14:49 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2010/07/12 16:14:38 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/07/12 16:14:38 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/07/12 16:14:36 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2010/07/12 16:12:58 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2010/07/12 16:12:58 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/07/12 16:12:49 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/07/12 16:12:49 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/07/12 16:12:49 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/07/12 16:12:49 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/07/12 16:12:49 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/07/12 16:12:49 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010/07/12 16:12:25 | 004,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2010/07/12 16:11:55 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2010/07/12 16:11:54 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2010/07/12 16:11:49 | 000,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2010/07/12 16:11:37 | 000,004,639 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.exe
[2010/07/12 16:11:25 | 000,376,320 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msinfo.dll
[2010/07/12 16:10:31 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/07/12 16:09:34 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2010/07/12 16:09:34 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2010/07/12 16:09:34 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2010/07/12 16:09:34 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2010/07/12 16:09:34 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2010/07/12 16:09:34 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2010/07/12 16:09:34 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2010/07/12 16:09:34 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2010/07/12 16:09:34 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2010/07/12 16:09:34 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2010/07/12 16:09:34 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2010/07/12 16:09:33 | 000,093,702 | ---- | C] () -- C:\WINDOWS\System32\subrange.uce
[2010/07/12 16:09:33 | 000,060,458 | ---- | C] () -- C:\WINDOWS\System32\ideograf.uce
[2010/07/12 16:09:33 | 000,024,006 | ---- | C] () -- C:\WINDOWS\System32\gb2312.uce
[2010/07/12 16:09:33 | 000,022,984 | ---- | C] () -- C:\WINDOWS\System32\bopomofo.uce
[2010/07/12 16:09:33 | 000,016,740 | ---- | C] () -- C:\WINDOWS\System32\shiftjis.uce
[2010/07/12 16:09:33 | 000,012,876 | ---- | C] () -- C:\WINDOWS\System32\korean.uce
[2010/07/12 16:09:33 | 000,008,484 | ---- | C] () -- C:\WINDOWS\System32\kanji_2.uce
[2010/07/12 16:09:33 | 000,006,948 | ---- | C] () -- C:\WINDOWS\System32\kanji_1.uce
[2010/07/12 16:09:31 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2010/07/12 16:09:31 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2010/07/12 16:09:30 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2010/07/12 16:09:24 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2010/07/12 09:02:28 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/07/12 09:02:21 | 001,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd
[2010/07/12 09:02:21 | 000,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf
[2010/07/12 09:02:20 | 000,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa
[2010/07/12 09:02:20 | 000,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa
[2010/07/12 09:02:18 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28603.nls
[2010/07/12 09:02:18 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28603.nls
[2010/07/12 09:02:16 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_857.nls
[2010/07/12 09:02:16 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_857.nls
[2010/07/12 09:02:16 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28599.nls
[2010/07/12 09:02:16 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28599.nls
[2010/07/12 09:02:16 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10081.nls
[2010/07/12 09:02:16 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10081.nls
[2010/07/12 09:02:14 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28595.nls
[2010/07/12 09:02:14 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28595.NLS
[2010/07/12 09:02:14 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10017.nls
[2010/07/12 09:02:14 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10017.nls
[2010/07/12 09:02:14 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10007.nls
[2010/07/12 09:02:14 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10007.nls
[2010/07/12 09:02:12 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_869.nls
[2010/07/12 09:02:12 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_869.nls
[2010/07/12 09:02:12 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_737.nls
[2010/07/12 09:02:12 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_737.nls
[2010/07/12 09:02:12 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_875.nls
[2010/07/12 09:02:12 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_875.nls
[2010/07/12 09:02:12 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28597.nls
[2010/07/12 09:02:12 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28597.NLS
[2010/07/12 09:02:12 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10006.nls
[2010/07/12 09:02:12 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10006.nls
[2010/07/12 09:02:10 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_866.nls
[2010/07/12 09:02:10 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_866.nls
[2010/07/12 09:02:10 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_855.nls
[2010/07/12 09:02:10 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_855.nls
[2010/07/12 09:02:10 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28594.nls
[2010/07/12 09:02:10 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28594.NLS
[2010/07/12 09:02:08 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_852.nls
[2010/07/12 09:02:08 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_852.nls
[2010/07/12 09:02:08 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10082.nls
[2010/07/12 09:02:08 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10082.nls
[2010/07/12 09:02:08 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10029.nls
[2010/07/12 09:02:08 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10029.nls
[2010/07/12 09:02:08 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10010.nls
[2010/07/12 09:02:08 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10010.nls
[2010/07/12 09:02:06 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20127.nls
[2010/07/12 09:02:06 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20127.nls
[2010/07/12 09:02:03 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2010/07/12 09:01:49 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2010/07/12 09:01:49 | 000,141,702 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2010/07/12 09:01:49 | 000,110,116 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2010/07/12 09:01:49 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2010/07/12 09:01:49 | 000,031,965 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2010/07/12 09:01:49 | 000,031,281 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2010/07/12 09:01:49 | 000,024,209 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2010/07/12 09:01:49 | 000,013,753 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2010/07/12 09:01:49 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2010/07/12 09:01:49 | 000,011,651 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2010/07/12 09:01:49 | 000,009,581 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2010/07/12 09:01:49 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2010/07/12 09:01:49 | 000,007,710 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2010/07/12 09:01:49 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2010/07/12 09:01:49 | 000,007,245 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2010/07/12 09:01:48 | 002,012,670 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2010/07/12 09:01:48 | 001,042,903 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2010/07/12 09:01:48 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2010/07/12 09:01:47 | 000,502,724 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2010/07/12 09:01:05 | 000,190,592 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/12 09:00:15 | 000,000,211 | -HS- | C] () -- C:\boot.ini
[2010/07/12 09:00:10 | 000,000,261 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/06/27 20:28:14 | 000,021,290 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\ScanLines.psd
[2004/08/04 06:00:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2004/08/04 06:00:00 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2004/08/04 06:00:00 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2004/08/04 06:00:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2004/08/04 06:00:00 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2004/08/04 06:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2003/01/07 18:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
========== LOP Check ==========
[2010/08/04 15:30:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\LimeWire
[2010/07/19 16:15:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TeamViewer
[2010/07/26 22:52:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TomTom
[2010/07/12 18:27:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/07/12 16:43:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/07/26 22:55:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< MD5 for: AGP440.SYS >
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57a bdc0ea2f5d4e132d055ba4e\agp440.sys
< MD5 for: ATAPI.SYS >
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57a bdc0ea2f5d4e132d055ba4e\atapi.sys
[2004/08/04 06:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57a bdc0ea2f5d4e132d055ba4e\eventlog.dll
[2004/08/04 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004/08/04 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll
< MD5 for: EXPLORER.EXE >
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57a bdc0ea2f5d4e132d055ba4e\explorer.exe
[2004/08/04 06:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\explorer.exe
[2004/08/04 06:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\system32\dllcache\explorer.exe
< MD5 for: IASTOR.SYS >
[2006/02/21 18:44:30 | 000,250,368 | ---- | M] (Intel Corporation) MD5=88B1943ECFF661F765228099138CF6AB -- C:\WINDOWS\dell\iastor\iastor.sys
< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57a bdc0ea2f5d4e132d055ba4e\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$NtUninstallKB975467$\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtUninstallKB968389$\netlogon.dll
< MD5 for: NVATABUS.SYS >
[2006/03/16 20:51:32 | 000,099,840 | ---- | M] (NVIDIA Corporation) MD5=B7FB72492B753930EC70A0F49D04F12F -- C:\WINDOWS\dell\nvraid\NvAtaBus.sys
[2006/03/16 20:51:32 | 000,099,840 | ---- | M] (NVIDIA Corporation) MD5=B7FB72492B753930EC70A0F49D04F12F -- C:\WINDOWS\system32\drivers\NvAtaBus.sys
< MD5 for: SCECLI.DLL >
[2004/08/04 06:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004/08/04 06:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57a bdc0ea2f5d4e132d055ba4e\scecli.dll
< MD5 for: SYMMPI.SYS >
[2005/11/17 14:58:16 | 000,092,672 | ---- | M] (LSI Logic) MD5=1FD5249D5103125D2DA63F68D7BE1D35 -- C:\WINDOWS\dell\symmpi\symmpi.sys
[2005/11/17 14:58:16 | 000,092,672 | ---- | M] (LSI Logic) MD5=1FD5249D5103125D2DA63F68D7BE1D35 -- C:\WINDOWS\system32\drivers\symmpi.sys
< MD5 for: USERINIT.EXE >
[2004/08/04 06:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\dllcache\userinit.exe
[2004/08/04 06:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57a bdc0ea2f5d4e132d055ba4e\userinit.exe
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 07:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 07:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2010/07/12 09:00:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010/07/12 09:00:14 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010/07/12 09:00:14 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< End of report >
Extras.txt:
OTL Extras logfile created on: 8/4/2010 3:51:29 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
510.00 Mb Total Physical Memory | 57.00 Mb Available Physical Memory | 11.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 56.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.93 Gb Total Space | 17.91 Gb Free Space | 64.13% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: USER-25DB6E0305
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]
"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe" = C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled :Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{13E7F4A4-33A0-16B0-6486-FAA38C2A7067}" = Nero 7
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{66563AD8-637B-407F-BCA7-0233A16891AB}" = Business Contact Manager for Outlook 2003
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{75AE638F-750A-11DF-96D5-005056806466}" = Google Earth Plug-in
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint Plus
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop CS4_is1" = Adobe Photoshop CS4
"AVG9Uninstall" = AVG Free 9.0
"Dell Photo AIO Printer 942" = Dell Photo AIO Printer 942
"ie8" = Windows Internet Explorer 8
"LimeWire" = LimeWire 5.5.13
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"TeamViewer 5" = TeamViewer 5
"TomTom HOME" = TomTom HOME 2.7.5.2014
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 8/4/2010 8:20:41 AM | Computer Name = USER-25DB6E0305 | Source = Userenv | ID = 1502
Description = Windows cannot load the locally stored profile. Possible causes of
this error include insufficient security rights or a corrupt local profile. If
this problem persists, contact your network administrator. DETAIL - The process
cannot access the file because it is being used by another process.
Error - 8/4/2010 8:20:41 AM | Computer Name = USER-25DB6E0305 | Source = Userenv | ID = 1515
Description = Windows has backed up this user's profile. Windows will automatically
try to use the backed up profile the next time this user logs on.
Error - 8/4/2010 812 AM | Computer Name = USER-25DB6E0305 | Source = Userenv | ID = 1511
Description = Windows cannot find the local profile and is logging you on with a
temporary profile. Changes you make to this profile will be lost when you log off.
Error - 8/4/2010 11:01:04 AM | Computer Name = USER-25DB6E0305 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 8/4/2010 11:01:04 AM | Computer Name = USER-25DB6E0305 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 8/4/2010 2:35:26 PM | Computer Name = USER-25DB6E0305 | Source = NTBackup | ID = 8019
Description = End Operation: Warnings or errors were encountered. Consult the backup
report for more details.
Error - 8/4/2010 2:50:40 PM | Computer Name = USER-25DB6E0305 | Source = Userenv | ID = 1509
Description = Windows cannot copy file C:\Documents and Settings\Administrator\Start
Menu\Programs\WinRAR to location K\Start Menu\Programs\WinRAR. Possible causes
of this error include network problems or insufficient security rights. If this
problem persists, contact your network administrator. DETAIL - The system cannot
find the path specified.
Error - 8/4/2010 2:50:40 PM | Computer Name = USER-25DB6E0305 | Source = Userenv | ID = 1504
Description = Windows cannot update your roaming profile. Possible causes of this
error include network problems or insufficient security rights. If this problem
persists, contact your network administrator. DETAIL - The system cannot find the
path specified.
Error - 8/4/2010 3:25:20 PM | Computer Name = USER-25DB6E0305 | Source = Userenv | ID = 1509
Description = Windows cannot copy file C:\Documents and Settings\Administrator\Start
Menu\Programs\WinRAR to location K\Start Menu\Programs\WinRAR. Possible causes
of this error include network problems or insufficient security rights. If this
problem persists, contact your network administrator. DETAIL - The system cannot
find the path specified.
Error - 8/4/2010 3:25:20 PM | Computer Name = USER-25DB6E0305 | Source = Userenv | ID = 1504
Description = Windows cannot update your roaming profile. Possible causes of this
error include network problems or insufficient security rights. If this problem
persists, contact your network administrator. DETAIL - The system cannot find the
path specified.
[ System Events ]
Error - 7/13/2010 6:51:13 PM | Computer Name = USER-25DB6E0305 | Source = Print | ID = 6161
Description = The document Test Page owned by Administrator failed to print on printer
Dell Photo AIO Printer 942. Data type: LEMF. Size of the spool file in bytes: 509617.
Number of bytes printed: 509617. Total number of pages in the document: 1. Number
of pages printed: 0. Client machine: \\USER-25DB6E0305. Win32 error code returned
by the print processor: 535 (0x217).
Error - 7/13/2010 11:36:09 PM | Computer Name = USER-25DB6E0305 | Source = WPDMTPDriver | ID = 80836
Description = MTP WPD Driver has failed to start. Error 0x80070005.
Error - 7/18/2010 4:30:16 AM | Computer Name = USER-25DB6E0305 | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.1 on
the Network Card with network address 000BDB2DBB9C.
Error - 7/18/2010 4:36:33 AM | Computer Name = USER-25DB6E0305 | Source = Service Control Manager | ID = 7034
Description = The Windows Image Acquisition (WIA) service terminated unexpectedly.
It has done this 1 time(s).
Error - 7/29/2010 4:46:38 AM | Computer Name = USER-25DB6E0305 | Source = Service Control Manager | ID = 7034
Description = The Windows Image Acquisition (WIA) service terminated unexpectedly.
It has done this 1 time(s).
< End of report >
-
Please download ComboFix from Here or Here to your Desktop.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
- Please, never rename Combofix unless instructed.
- Close any open browsers.
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
- Double click on combofix.exe & follow the prompts.
- When finished, it will produce a report for you.
- Please post the "C:\ComboFix.txt"
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
Make sure, you re-enable your security programs, when you're done with Combofix.
DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
-
Hello, here is the combofix log:
ComboFix 10-08-05.01 - Administrator 08/05/2010 16:07:19.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.510.240 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\ADMINI~1\LOCALS~1\Temp\jna830214609639 9967197.dll
c:\documents and settings\Administrator\Local Settings\Application Data\Windows Server
c:\documents and settings\Administrator\Local Settings\Application Data\Windows Server\flags.ini
c:\documents and settings\Administrator\Local Settings\Application Data\Windows Server\server.dat
c:\documents and settings\Administrator\Local Settings\Application Data\Windows Server\uses32.dat
c:\documents and settings\Administrator\Local Settings\Temp\jna8302146096399967197.dll
c:\windows\system32\winlogon.exe . . . is infected!!
.
((((((((((((((((((((((((( Files Created from 2010-07-05 to 2010-08-05 )))))))))))))))))))))))))))))))
.
2010-08-04 19:00 . 2010-08-04 19:00 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-08-04 19:00 . 2010-08-04 19:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-04 04:13 . 2010-08-04 04:13 -------- d-----w- c:\program files\Trend Micro
2010-08-04 01:59 . 2010-08-04 01:59 -------- d-----w- c:\windows\Sun
2010-08-02 20:28 . 2010-08-02 20:28 503808 ------w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6a e-4a6e1765-n\msvcp71.dll
2010-08-02 20:28 . 2010-08-02 20:28 499712 ------w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6a e-4a6e1765-n\jmc.dll
2010-08-02 20:28 . 2010-08-02 20:28 348160 ------w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6a e-4a6e1765-n\msvcr71.dll
2010-08-02 20:28 . 2010-08-02 20:28 61440 ------w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab 32-2431d39c-n\decora-sse.dll
2010-08-02 20:28 . 2010-08-02 20:28 12800 ------w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab 32-2431d39c-n\decora-d3d.dll
2010-08-01 21:56 . 2010-08-05 20:25 -------- d-----w- c:\documents and settings\Administrator\Application Data\LimeWire
2010-08-01 21:53 . 2010-08-01 21:53 -------- d-----w- c:\program files\Common Files\Java
2010-08-01 21:52 . 2010-08-01 21:52 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-08-01 21:52 . 2010-08-01 21:52 -------- d-----w- c:\program files\Java
2010-08-01 21:50 . 2010-08-01 21:56 -------- d-----w- c:\program files\LimeWire
2010-07-27 02:55 . 2010-07-27 02:55 -------- d-----w- c:\documents and settings\All Users\Application Data\TomTom
2010-07-27 02:52 . 2010-07-27 02:52 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\TomTom
2010-07-27 02:52 . 2010-07-27 02:52 -------- d-----w- c:\documents and settings\Administrator\Application Data\TomTom
2010-07-27 02:51 . 2010-07-27 02:51 -------- d-----w- c:\program files\TomTom International B.V
2010-07-27 02:51 . 2010-07-27 02:51 -------- d-----w- c:\program files\TomTom HOME 2
2010-07-27 02:43 . 2010-07-27 02:43 -------- d-----w- c:\program files\TomTom DesktopSuite
2010-07-25 04:11 . 2010-07-25 04:12 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Temp
2010-07-23 00:35 . 2010-07-23 00:35 77184 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-07-21 15:57 . 2010-07-21 15:57 1615200 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll
2010-07-21 15:57 . 2010-07-21 15:57 1107296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgxpl.dll
2010-07-21 15:57 . 2010-07-21 15:57 921440 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgemc.exe
2010-07-21 15:57 . 2010-07-21 15:57 4368224 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-07-20 21:06 . 2010-07-20 21:06 -------- d-----w- c:\documents and settings\vinny\Local Settings\Application Data\Yahoo!
2010-07-19 20:06 . 2010-07-19 20:15 -------- d-----w- c:\documents and settings\Administrator\Application Data\TeamViewer
2010-07-19 20:05 . 2010-07-19 20:05 -------- d-----w- c:\program files\TeamViewer
2010-07-16 00:45 . 2010-07-16 01:20 -------- d-----w- c:\windows\system32\CatRoot_bak
2010-07-15 16:42 . 2010-07-15 16:42 242896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-07-15 16:42 . 2010-07-15 16:42 216200 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys
2010-07-15 16:42 . 2010-07-15 16:42 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-15 16:31 . 2010-07-15 16:31 1038688 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-07-15 16:31 . 2010-07-15 16:31 1690464 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-07-15 16:31 . 2010-07-15 16:31 624920 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
2010-07-15 16:31 . 2010-07-15 16:31 813336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll
2010-07-15 01:21 . 2010-07-16 08:34 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory
2010-07-14 20:09 . 2010-07-14 20:09 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Identities
2010-07-14 16:20 . 2010-07-14 16:20 -------- d-----w- c:\documents and settings\vinny\Local Settings\Application Data\Google
2010-07-14 02:55 . 2010-07-14 02:55 -------- d-----w- c:\windows\ServicePackFiles
2010-07-14 01:24 . 2010-07-14 02:57 -------- d-----w- c:\windows\ie8updates
2010-07-14 01:22 . 2010-07-14 01:23 -------- dc-h--w- c:\windows\ie8
2010-07-14 01:18 . 2010-05-06 10:41 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-07-14 01:18 . 2010-05-06 10:41 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-07-14 01:18 . 2010-05-06 10:41 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-07-14 01:18 . 2010-05-06 10:41 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-07-14 01:18 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-07-14 01:18 . 2010-05-06 10:41 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-07-14 01:18 . 2010-05-06 10:41 11076096 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-07-14 01:17 . 2010-04-16 11:43 41984 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-07-14 00:58 . 2010-07-14 00:58 -------- d-----w- c:\windows\system32\Backup
2010-07-14 00:57 . 2010-07-14 01:01 -------- d-----w- c:\windows\SQLHotfix
2010-07-14 00:56 . 2002-12-17 23:23 33340 ------w- c:\windows\system32\dbmsqlgc.dll
2010-07-14 00:56 . 2002-10-20 21:05 24576 ------w- c:\windows\system32\dbmsgnet.dll
2010-07-14 00:56 . 1998-10-29 22:45 306688 ----a-w- c:\windows\IsUninst.exe
2010-07-14 00:55 . 2010-07-14 00:55 -------- d-----w- c:\program files\Microsoft Visual Studio .NET 2003
2010-07-14 00:55 . 2010-07-14 00:55 -------- d-----w- c:\program files\Common Files\Crystal Decisions
2010-07-14 00:54 . 2010-07-14 00:54 -------- d-----w- c:\program files\Microsoft SQL Server
2010-07-14 00:51 . 2010-07-14 00:52 -------- d-----w- c:\windows\system32\URTTemp
2010-07-14 00:47 . 2010-07-14 00:47 -------- d-----w- c:\documents and settings\kippy\Local Settings\Application Data\Google
2010-07-14 00:46 . 2003-06-19 00:31 18944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.d ll
2010-07-14 00:46 . 2003-06-19 00:31 17920 ----a-w- c:\windows\system32\mdimon.dll
2010-07-14 00:44 . 2010-07-14 00:44 -------- d-----w- c:\program files\Microsoft.NET
2010-07-14 00:44 . 2010-07-14 00:44 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-07-14 00:43 . 2010-07-14 00:44 -------- d-----w- c:\windows\SHELLNEW
2010-07-14 00:38 . 2010-07-14 00:38 -------- d-----r- C:\MSOCache
2010-07-14 00:27 . 2010-07-23 00:41 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2010-07-13 23:28 . 2004-08-04 10:00 25600 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2010-07-13 23:26 . 2010-07-13 23:26 -------- d-----w- c:\program files\Windows Media Connect 2
2010-07-13 23:24 . 2010-07-13 23:25 -------- d-----w- c:\windows\system32\drivers\UMDF
2010-07-13 23:24 . 2010-07-13 23:24 -------- d-----w- c:\windows\system32\LogFiles
2010-07-13 22:49 . 2010-07-13 22:49 57344 ------r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{81A34902-9D0B-4920-A25C-4CDC5D14B328}\DPS_SMLink.CAA7B2BB_F373_4C0B_8C62_D 4147E5C816B.exe
2010-07-13 22:49 . 2010-07-13 22:49 57344 ------r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{81A34902-9D0B-4920-A25C-4CDC5D14B328}\DPS_DTLink.CAA7B2BB_F373_4C0B_8C62_D 4147E5C816B.exe
2010-07-13 22:49 . 2010-07-13 22:49 49152 ------r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{81A34902-9D0B-4920-A25C-4CDC5D14B328}\NewShortcut6_81A349029D0B4920A25C4CD C5D14B328.exe
2010-07-13 22:49 . 2010-07-13 22:49 14278 ------r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{81A34902-9D0B-4920-A25C-4CDC5D14B328}\PaintShopPro8_TryAndBuy.exe
2010-07-13 22:49 . 2010-07-13 22:49 14278 ------r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{81A34902-9D0B-4920-A25C-4CDC5D14B328}\ARPPRODUCTICON.exe
2010-07-13 22:47 . 2010-07-13 22:47 -------- d-----w- c:\documents and settings\Administrator\Application Data\Jasc Software Inc
2010-07-13 22:47 . 2008-06-13 13:10 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-07-13 22:47 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-07-13 22:46 . 2010-07-13 22:46 57344 ------r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}\DPS_SMLink.CAA7B2BB_F373_4C0B_8C62_D 4147E5C816B.exe
2010-07-13 22:46 . 2010-07-13 22:46 57344 ------r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}\DPS_DTLink.CAA7B2BB_F373_4C0B_8C62_D 4147E5C816B.exe
2010-07-13 22:46 . 2010-07-13 22:46 4598 ------r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}\NewShortcut2.exe
2010-07-13 22:46 . 2010-07-13 22:46 4598 ------r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}\ARPPRODUCTICON.exe
2010-07-13 22:46 . 2010-07-13 22:47 -------- d-----w- c:\program files\Jasc Software Inc
2010-07-13 22:46 . 2010-07-13 22:46 -------- d-----w- c:\program files\Dell Computer
2010-07-13 22:44 . 2010-07-13 22:45 -------- d-----w- c:\program files\ABBYY FineReader 5.0 Sprint
2010-07-13 22:44 . 2010-02-24 12:31 454016 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-07-13 22:40 . 2004-08-23 14:42 131072 ----a-r- c:\windows\system32\dlbusnls.dll
2010-07-13 22:40 . 2004-08-23 14:40 143360 ----a-r- c:\windows\system32\dlbucoin.dll
2010-07-13 22:40 . 2004-08-04 05:58 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-07-13 22:40 . 2004-08-04 05:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-07-13 22:38 . 2004-08-06 18:01 401408 ----a-w- c:\windows\system32\dlbuutil.dll
2010-07-13 22:38 . 2003-10-21 22:40 983101 ----a-w- c:\windows\system32\dlbugf.dll
2010-07-13 22:38 . 2010-07-13 22:40 -------- d-----w- c:\program files\Dell Photo AIO Printer 942
2010-07-13 22:38 . 2010-07-14 00:34 -------- d-----w- c:\temp\{9F5FBC24-EFE2-4f90-B498-EC0FB7D47D15}
2010-07-13 22:38 . 2010-07-13 22:38 -------- d-----w- C:\Temp
2010-07-13 22:36 . 2010-02-16 17:35 2143744 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-07-13 22:36 . 2010-02-16 17:37 2186880 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-07-13 22:36 . 2010-02-16 16:57 2021888 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-07-13 22:36 . 2010-02-17 18:57 2063744 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-07-13 22:25 . 2010-08-05 06:07 -------- d-----w- c:\windows\system32\K
2010-07-13 22:10 . 2010-07-13 22:10 -------- d-sh--w- c:\documents and settings\kippy\PrivacIE
2010-07-13 22:07 . 2010-08-04 18:36 -------- d-----w- c:\windows\system32\NtmsData
2010-07-13 22:03 . 2010-07-13 22:03 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\Ahead
2010-07-13 21:59 . 2010-07-13 22:05 -------- d-----w- c:\documents and settings\kippy\Local Settings\Application Data\Ahead
2010-07-13 21:59 . 2010-07-13 21:59 -------- d-sh--w- c:\documents and settings\kippy\IETldCache
2010-07-13 21:56 . 2010-07-13 21:56 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Adobe
2010-07-13 21:54 . 2010-07-15 21:46 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-13 21:51 . 2010-07-13 21:51 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-07-13 21:44 . 2010-07-22 16:38 -------- d-----w- c:\documents and settings\vinny\Local Settings\Application Data\Adobe
2010-07-13 21:44 . 2010-07-23 21:02 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-07-13 18:04 . 2010-07-13 18:04 -------- d-sh--w- c:\documents and settings\vinny\PrivacIE
2010-07-13 18:03 . 2010-07-13 18:03 -------- d-----w- c:\documents and settings\vinny\Local Settings\Application Data\Ahead
2010-07-13 02:40 . 2010-07-13 02:40 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-07-13 02:35 . 2010-07-13 02:35 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-07-12 22:52 . 2010-07-12 22:52 28424 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys
2010-07-12 22:49 . 2010-08-05 00:58 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google
2010-07-12 22:43 . 2010-07-25 04:12 -------- d-----w- c:\program files\Google
2010-07-12 22:33 . 2010-07-12 22:33 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2010-07-12 22:32 . 2010-07-12 22:32 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-07-12 22:31 . 2010-07-12 22:31 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-07-12 22:26 . 2009-01-08 01:21 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2010-07-12 22:18 . 2009-10-16 19:12 1119488 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2010-07-12 22:16 . 2004-08-04 06:08 26496 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-07-15 21:49 . 2010-07-12 20:21 43336 ------w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-15 16:42 . 2010-07-12 20:44 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-15 16:38 . 2010-07-12 20:43 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-14 22:07 . 2010-07-12 20:13 87263 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-07-12 22:51 . 2010-07-12 20:43 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-07-12 22:27 . 2010-07-12 20:43 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-07-12 20:43 . 2010-07-12 20:43 -------- d-----w- c:\program files\AVG
2010-07-12 20:43 . 2010-07-12 20:43 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-07-12 20:24 . 2010-07-12 20:24 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2010-07-12 20:24 . 2010-07-12 20:24 -------- d-----w- c:\program files\CyberLink
2010-07-12 20:24 . 2010-07-12 20:24 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-12 20:24 . 2010-07-12 20:24 -------- d-----w- c:\program files\Common Files\InstallShield
2010-07-12 20:23 . 2010-07-12 20:23 -------- d-----w- c:\program files\Analog Devices
2010-07-12 20:23 . 2010-07-12 20:23 29926 ------r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{13E7F4A4-33A0-16B0-6486-FAA38C2A7067}\ARPPRODUCTICON.exe
2010-07-12 20:23 . 2010-07-12 20:23 -------- d-----w- c:\program files\Nero
2010-07-12 20:23 . 2010-07-12 20:23 -------- d-----w- c:\program files\Common Files\Ahead
2010-07-12 20:15 . 2010-07-12 20:15 -------- d-----w- c:\program files\microsoft frontpage
2010-07-12 20:10 . 2010-07-12 20:10 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-06-14 14:30 . 2010-07-12 20:11 743936 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
.
------- Sigcheck -------
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57a bdc0ea2f5d4e132d055ba4e\winlogon.exe
[-] 2004-08-04 . C983FFFAB63FDA0A3069A1DC3B1DF30B . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-10-16 19:12 1119488 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-12-16 94208]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2010-07-13 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.e xe" [2001-07-09 155648]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-08-15 1404928]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-21 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-21 126976]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-15 2065760]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"Dell Photo AIO Printer 942"="c:\program files\Dell Photo AIO Printer 942\dlbubmgr.exe" [2004-08-31 294912]
"DellMCM"="c:\program files\Dell Photo AIO Printer 942\memcard.exe" [2004-07-27 262144]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-7-29 503808]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-15 16:42 12536 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7/12/2010 4:43 PM 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [7/12/2010 4:44 PM 243024]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [7/15/2010 12:38 PM 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/15/2010 12:42 PM 308136]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [6/24/2010 10:41 AM 92008]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/13/2010 6:58 PM 136176]
.
Contents of the 'Scheduled Tasks' folder
2010-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-13 22:58]
2010-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-13 22:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8 574934B26AC4.dll/cmsidewiki.html
.
************************************************** ************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-08-05 16:24
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-343818398-1637723038-682003330-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:0 1,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,95,8e,6f ,19,63,8a,4f,49,8e,0c,5e,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:0 1,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,95,8e,6f ,19,63,8a,4f,49,8e,0c,5e,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:0 1,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,95,8e,6f ,19,63,8a,4f,49,8e,0c,5e,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macrome d\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUt il10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2912)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\msi.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Dell Photo AIO Printer 942\dlbubmon.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
.
************************************************** ************************
.
Completion time: 2010-08-05 16:34:23 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-05 20:34
Pre-Run: 18,728,824,832 bytes free
Post-Run: 18,935,332,864 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - CA21F1B8C411274CDAC28233AB3CAC9E
-
Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders.
Upload following files to VirusTotal - Free Online Virus and Malware Scan for security check:
- c:\windows\system32\winlogon.exe
IMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.
Post scan results.
-
Antivirus Version Last Update Result
AhnLab-V3 2010.08.06.00 2010.08.05 -
AntiVir 8.2.4.32 2010.08.05 TR/Spy.502272.7
Antiy-AVL 2.0.3.7 2010.08.03 -
Authentium 5.2.0.5 2010.08.06 -
Avast 4.8.1351.0 2010.08.05 -
Avast5 5.0.332.0 2010.08.05 -
AVG 9.0.0.851 2010.08.05 -
BitDefender 7.2 2010.08.06 Gen:Trojan.Heur.TP.Em0@baeVMhi
CAT-QuickHeal 11.00 2010.08.05 -
ClamAV 0.96.0.3-git 2010.08.06 -
Comodo 5660 2010.08.06 -
DrWeb 5.0.2.03300 2010.08.06 -
Emsisoft 5.0.0.36 2010.08.06 -
eSafe 7.0.17.0 2010.08.05 -
eTrust-Vet 36.1.7769 2010.08.06 -
F-Prot 4.6.1.107 2010.08.05 -
F-Secure 9.0.15370.0 2010.08.06 Gen:Trojan.Heur.TP.Em0@baeVMhi
Fortinet 4.1.143.0 2010.08.05 -
GData 21 2010.08.06 Gen:Trojan.Heur.TP.Em0@baeVMhi
Ikarus T3.1.1.84.0 2010.08.06 -
Jiangmin 13.0.900 2010.08.03 -
Kaspersky 7.0.0.125 2010.08.05 -
McAfee 5.400.0.1158 2010.08.06 -
McAfee-GW-Edition 2010.1 2010.08.05 -
Microsoft 1.6004 2010.08.05 -
NOD32 5345 2010.08.05 -
Norman 6.05.11 2010.08.05 -
nProtect 2010-08-05.01 2010.08.05 -
Panda 10.0.2.7 2010.08.06 -
PCTools 7.0.3.5 2010.08.04 -
Prevx 3.0 2010.08.06 -
Rising 22.59.03.04 2010.08.05 Trojan.Win32.Generic.52223C15
Sophos 4.56.0 2010.08.06 Troj/Patched-O
Sunbelt 6692 2010.08.06 Trojan.Win32.Generic!BT
SUPERAntiSpyware 4.40.0.1006 2010.08.06 -
Symantec 20101.1.1.7 2010.08.06 -
TheHacker 6.5.2.1.334 2010.08.05 -
TrendMicro 9.120.0.1004 2010.08.05 -
TrendMicro-HouseCall 9.120.0.1004 2010.08.06 -
VBA32 3.12.12.8 2010.08.04 -
ViRobot 2010.8.4.3971 2010.08.05 -
VirusBuster 5.0.27.0 2010.08.05 -
Additional information
File size: 502272 bytes
MD5...: c983fffab63fda0a3069a1dc3b1df30b
SHA1..: f5b6c7579cf3c4731bdde021291c31e6cc27eae0
SHA256: 11335f9a5239b3f3ea93f80d009930ae3788903e9aacc1d527 fa138bdd5f2d6f
ssdeep: 6144:MYuZlm8LRlBw662R1pqrc7FmxSqVw/T+SN1TrSnqhPnpdcrFIzdFz/N5Wjy
fTNQK:MVLBhic7Qy1vSn6JFDNhp8
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x3d353
timedatestamp.....: 0x41107edc (Wed Aug 04 06:14:52 2004)
machinetype.......: 0x14c (I386)
( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x6f352 0x6f400 6.82 24eefa7823791a082e67cfe5ddb42d44
.data 0x71000 0x4d90 0x2000 6.20 baa64d00a5f8a540a38a60d2aff66f30
.rsrc 0x76000 0x9030 0x9200 3.62 b93cbbc049130e1bad3ea13d7512c074
( 20 imports )
> ADVAPI32.dll: ConvertStringSecurityDescriptorToSecurityDescripto rA, A_SHAInit, A_SHAUpdate, A_SHAFinal, LsaStorePrivateData, LsaRetrievePrivateData, LsaNtStatusToWinError, CryptGetUserKey, CryptGetKeyParam, CryptEncrypt, CryptSetProvParam, CryptSignHashW, CryptDeriveKey, CryptGetProvParam, RegOpenCurrentUser, RegDeleteKeyW, AddAccessAllowedAceEx, RegSetKeySecurity, I_ScSendTSMessage, MD5Init, MD5Update, MD5Final, SetFileSecurityA, AllocateLocallyUniqueId, LsaOpenPolicy, LsaQueryInformationPolicy, LsaFreeMemory, LsaClose, RegNotifyChangeKeyValue, QueryServiceConfigW, SetKernelObjectSecurity, ConvertStringSecurityDescriptorToSecurityDescripto rW, RegEnumKeyExW, GetCurrentHwProfileW, RegCloseKey, RegQueryValueExW, RegOpenKeyW, FreeSid, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, AddAccessAllowedAce, InitializeAcl, GetLengthSid, AllocateAndInitializeSid, RegOpenKeyExW, CreateProcessAsUserW, DuplicateTokenEx, CloseServiceHandle, ControlService, StartServiceW, QueryServiceStatus, OpenServiceW, OpenSCManagerW, EqualSid, GetTokenInformation, RegSetValueExW, RegCreateKeyExW, CryptGenRandom, CryptDestroyHash, CryptVerifySignatureW, CryptSetHashParam, CryptGetHashParam, CryptHashData, CryptCreateHash, CryptDecrypt, ReportEventW, RegisterEventSourceW, CryptImportKey, CryptAcquireContextW, CryptReleaseContext, CryptDestroyKey, RegEnumValueW, RegQueryInfoKeyW, RegDeleteValueW, CredFree, CredDeleteW, CredEnumerateW, CopySid, GetSidLengthRequired, GetSidSubAuthority, GetSidSubAuthorityCount, GetUserNameW, OpenThreadToken, EnumServicesStatusW, ImpersonateLoggedOnUser, RegQueryValueExA, CheckTokenMembership, DeregisterEventSource, LsaGetUserName, RevertToSelf, LookupAccountSidW, IsValidSid, SetTokenInformation, LogonUserW, LookupAccountNameW, OpenProcessToken, SynchronizeWindows31FilesAndWindowsNTRegistry, QueryWindows31FilesMigration, AdjustTokenPrivileges, RegQueryInfoKeyA
> AUTHZ.dll: AuthzInitializeResourceManager, AuthzAccessCheck, AuthziFreeAuditEventType, AuthziInitializeAuditEvent, AuthziInitializeAuditParams, AuthziInitializeAuditEventType, AuthziLogAuditEvent, AuthzFreeAuditEvent, AuthzFreeResourceManager, AuthzFreeHandle
> CRYPT32.dll: CryptImportPublicKeyInfo, CryptVerifyMessageSignature, CertCreateCertificateContext, CertSetCertificateContextProperty, CertVerifyCertificateChainPolicy, CryptSignMessage, CertCloseStore, CertComparePublicKeyInfo, CryptExportPublicKeyInfo, CertFindExtension, CryptDecryptMessage, CertGetCertificateContextProperty, CertAddCertificateContextToStore, CertOpenStore, CertVerifySubjectCertificateContext, CertGetIssuerCertificateFromStore, CertDuplicateCertificateContext, CertFreeCertificateContext, CertEnumCertificatesInStore, CryptImportPublicKeyInfoEx
> GDI32.dll: RemoveFontResourceW, AddFontResourceW
> KERNEL32.dll: WTSGetActiveConsoleSessionId, GetTimeFormatW, GetUserDefaultLCID, FileTimeToSystemTime, FileTimeToLocalFileTime, GetProcAddress, LoadLibraryW, GetModuleHandleW, SystemTimeToFileTime, GetSystemTime, SetLastError, TerminateProcess, GetCurrentProcess, CreateTimerQueueTimer, CreateThread, lstrcpynW, GetShortPathNameW, GetProfileStringW, FreeLibrary, ReleaseSemaphore, CreateSemaphoreW, GetSystemInfo, GetComputerNameW, GetEnvironmentVariableW, WaitForSingleObjectEx, LoadResource, FindResourceW, SetThreadExecutionState, DeleteTimerQueueTimer, ResetEvent, GetSystemDirectoryW, TransactNamedPipe, SetNamedPipeHandleState, GetTickCount, CreateFileW, GlobalGetAtomNameW, VirtualLock, VirtualQuery, GetDriveTypeW, Beep, OpenMutexW, QueueUserWorkItem, LeaveCriticalSection, EnterCriticalSection, DisconnectNamedPipe, SearchPathW, lstrcatW, LocalReAlloc, ExpandEnvironmentStringsW, TerminateThread, ResumeThread, GetDiskFreeSpaceExW, GlobalMemoryStatusEx, DeleteFileW, WriteProfileStringW, ReadFile, FindVolumeClose, FindNextVolumeW, FindFirstVolumeW, FormatMessageW, SetPriorityClass, MoveFileExW, WaitForMultipleObjectsEx, GetExitCodeProcess, SleepEx, InterlockedExchange, FindClose, FindFirstFileW, GetWindowsDirectoryW, SetTimerQueueTimer, GetComputerNameA, GetVersionExW, VerSetConditionMask, WriteFile, WaitNamedPipeW, WaitForMultipleObjects, ConnectNamedPipe, DuplicateHandle, OpenProcess, GetOverlappedResult, GetVersionExA, lstrcmpW, SetEnvironmentVariableW, UnregisterWait, CreateNamedPipeW, CreateRemoteThread, CreateActCtxW, GetModuleFileNameW, ExitProcess, LoadLibraryExW, SetErrorMode, SetUnhandledExceptionFilter, GetPrivateProfileStringW, LocalSize, VirtualAlloc, VirtualQueryEx, DebugBreak, CreateFileA, InitializeCriticalSection, ProcessIdToSessionId, SetInformationJobObject, AssignProcessToJobObject, TerminateJobObject, PostQueuedCompletionStatus, PulseEvent, GetQueuedCompletionStatus, CreateIoCompletionPort, CreateJobObjectW, ActivateActCtx, DeactivateActCtx, InterlockedCompareExchange, LoadLibraryA, QueryPerformanceCounter, GetSystemTimeAsFileTime, UnhandledExceptionFilter, GetModuleHandleA, GetStartupInfoA, GetCurrentProcessId, SetThreadPriority, GetCurrentThreadId, lstrcmpiW, GetProfileIntW, LoadLibraryExA, lstrcpyW, lstrlenW, Sleep, LocalAlloc, CreateEventW, GetExitCodeThread, SetThreadAffinityMask, GetProcessAffinityMask, CreateWaitableTimerW, CreateMutexW, OpenEventW, RegisterWaitForSingleObject, WaitForSingleObject, CreateProcessW, SetWaitableTimer, ReleaseMutex, SetEvent, UnregisterWaitEx, CloseHandle, lstrlenA, lstrcpyA, MultiByteToWideChar, GetACP, WideCharToMultiByte, HeapAlloc, GetProcessHeap, HeapFree, lstrcpynA, UnmapViewOfFile, MapViewOfFile, CreateFileMappingW, lstrcmpiA, GetFileSize, SetFilePointer, GlobalAlloc, GlobalFree, GetLastError, LocalFree, lstrcatA, lstrcmpA, GetLogicalDriveStringsA, GetDriveTypeA, GetVolumeInformationW, GlobalMemoryStatus, CreateMutexA, FindResourceExW, LockResource, SizeofResource, VerifyVersionInfoW, GetSystemDirectoryA, GetCurrentThread, DelayLoadFailureHook, BaseInitAppcompatCacheSupport, OpenProfileUserMapping, CloseProfileUserMapping, BaseCleanupAppcompatCacheSupport, InitializeCriticalSectionAndSpinCount, VirtualProtect, CreateEventA, TlsSetValue, DeleteCriticalSection, TlsGetValue, TlsAlloc, VirtualFree, TlsFree
> msvcrt.dll: _vsnwprintf, wcslen, wcsncpy, wcsstr, atoi, wcstok, memmove, wcschr, swprintf, swscanf, _local_unwind2, _wcslwr, wcscmp, _snwprintf, malloc, _c_exit, _exit, _XcptFilter, _cexit, exit, _acmdln, __getmainargs, _initterm, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __3@YAXPAX@Z, __2@YAPAXI@Z, __CxxFrameHandler, _itow, _snprintf, _wtol, _strnicmp, sscanf, wcstombs, sprintf, strchr, strncmp, atof, _ftol, isspace, __set_app_type, wcscpy, _controlfp, wcsncmp, _wcsupr, ceil, wcscat, _except_handler3, free, _wcsicmp
> NDdeApi.dll: -, -, -, -
> ntdll.dll: RtlAllocateHeap, NtPowerInformation, NtSetSystemPowerState, NtRaiseHardError, RtlDeleteCriticalSection, NtOpenSymbolicLinkObject, NtReplyPort, NtCompleteConnectPort, NtReplyWaitReceivePort, NtAcceptConnectPort, NtCreatePort, RtlConvertSidToUnicodeString, RtlFreeUnicodeString, NtLockProductActivationKeys, RtlTimeToTimeFields, NtUnmapViewOfSection, NtMapViewOfSection, NtOpenSection, NtQuerySymbolicLinkObject, NtQueryVolumeInformationFile, NtSetSecurityObject, RtlAdjustPrivilege, NtOpenFile, NtFsControlFile, RtlAllocateAndInitializeSid, RtlDestroyEnvironment, RtlFreeHeap, NtQueryInformationToken, NtShutdownSystem, RtlEnterCriticalSection, RtlLeaveCriticalSection, RtlInitializeCriticalSection, RtlCreateEnvironment, RtlQueryEnvironmentVariable_U, RtlSetEnvironmentVariable, RtlInitUnicodeString, NtOpenKey, NtQueryValueKey, RtlSubAuthoritySid, RtlInitializeSid, RtlLengthRequiredSid, NtAllocateLocallyUniqueId, RtlGetDaclSecurityDescriptor, RtlCopySid, RtlLengthSid, NtSetInformationThread, NtDuplicateToken, NtDuplicateObject, RtlEqualSid, RtlSetDaclSecurityDescriptor, NtClose, RtlOpenCurrentUser, RtlCreateSecurityDescriptor, RtlAddAce, RtlCreateAcl, RtlNtStatusToDosError, NtOpenDirectoryObject, NtQuerySystemInformation, NtCreateEvent, NtCreatePagingFile, RtlDosPathNameToNtPathName_U, RtlRegisterWait, NtSetValueKey, NtCreateKey, RtlTimeToSecondsSince1980, NtQuerySystemTime, NtPrivilegeObjectAuditAlarm, NtPrivilegeCheck, NtOpenThreadToken, NtOpenProcessToken, RtlUnhandledExceptionFilter, NtQueryInformationProcess, DbgBreakPoint, RtlCheckProcessParameters, RtlSetThreadIsCritical, RtlSetProcessIsCritical, RtlInitString, NtInitiatePowerAction, DbgPrint, NtFilterToken, NtQueryInformationJobObject, NtOpenEvent, RtlGetAce, RtlQueryInformationAcl, NtQuerySecurityObject, RtlCompareUnicodeString, NtSetInformationProcess
> PROFMAP.dll: InitializeProfileMappingApi, RemapAndMoveUserW
> PSAPI.DLL: EnumProcesses, EnumProcessModules, GetModuleBaseNameW
> REGAPI.dll: RegDefaultUserConfigQueryW, RegUserConfigQuery
> RPCRT4.dll: RpcServerRegisterIfEx, RpcServerUseProtseqEpW, RpcImpersonateClient, I_RpcMapWin32Status, RpcServerRegisterIf, RpcGetAuthorizationContextForClient, RpcFreeAuthorizationContext, RpcServerListen, RpcRevertToSelf, NdrServerCall2, UuidCreate
> Secur32.dll: GetUserNameExW, LsaLookupAuthenticationPackage, LsaRegisterLogonProcess, LsaCallAuthenticationPackage
> SETUPAPI.dll: SetupDiDestroyDeviceInfoList, SetupDiEnumDeviceInfo, SetupDiGetClassDevsW, SetupDiGetDeviceRegistryPropertyW
> USER32.dll: SetFocus, EnumWindows, CreateWindowStationW, RegisterLogonProcess, RecordShutdownReason, LoadLocalFonts, UnhookWindowsHook, SetWindowsHookW, GetWindowTextW, CallNextHookEx, DialogBoxParamW, GetWindowPlacement, GetSystemMenu, DeleteMenu, SetWindowPlacement, SetUserObjectInformationW, GetAsyncKeyState, PostThreadMessageW, SetUserObjectSecurity, CreateDesktopW, KillTimer, GetMessageTime, SetLogonNotifyWindow, UnlockWindowStation, SetTimer, ReplyMessage, UnregisterHotKey, RegisterHotKey, OpenInputDesktop, GetUserObjectInformationW, CloseDesktop, RegisterDeviceNotificationW, SetThreadDesktop, CreateWindowExW, GetMessageW, TranslateMessage, RegisterWindowMessageW, SetCursor, DefWindowProcW, FindWindowW, MessageBoxW, SendNotifyMessageW, PostQuitMessage, MsgWaitForMultipleObjects, GetWindowRect, GetSystemMetrics, PeekMessageW, DispatchMessageW, SetProcessWindowStation, UpdateWindow, ShowWindow, SetWindowPos, PostMessageW, ExitWindowsEx, EnumDisplayMonitors, SystemParametersInfoW, GetDlgItem, SendMessageW, CreateDialogParamW, DestroyWindow, GetWindowLongW, GetDlgItemTextW, EndDialog, SetWindowLongW, LoadStringW, SetWindowTextW, SetDlgItemTextW, wsprintfW, wsprintfA, LockWindowStation, MBToWCSEx, SetWindowStationUser, UpdatePerUserSystemParameters, DialogBoxIndirectParamW, wvsprintfW, SetLastErrorEx, LoadCursorW, CheckDlgButton, IsDlgButtonChecked, RegisterClassW, CloseWindowStation, LoadImageW, GetParent, GetKeyState, GetDesktopWindow, SetForegroundWindow, SwitchDesktop, OpenDesktopW
> USERENV.dll: WaitForUserPolicyForegroundProcessing, GetAllUsersProfileDirectoryW, -, -, -, -, WaitForMachinePolicyForegroundProcessing, -, -, -, UnloadUserProfile, LoadUserProfileW, GetUserProfileDirectoryW, RegisterGPNotification, CreateEnvironmentBlock, DestroyEnvironmentBlock, UnregisterGPNotification, -
> VERSION.dll: GetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW
> WINSTA.dll: WinStationRequestSessionsList, WinStationQueryLogonCredentialsW, WinStationIsHelpAssistantSession, WinStationAutoReconnect, _WinStationWaitForConnect, WinStationDisconnect, _WinStationCallback, WinStationNameFromLogonIdW, _WinStationFUSCanRemoteUserDisconnect, WinStationEnumerate_IndexedW, WinStationGetMachinePolicy, WinStationQueryInformationW, WinStationFreeMemory, WinStationReset, _WinStationNotifyDisconnectPipe, WinStationConnectW, WinStationSetInformationW, WinStationShutdownSystem, WinStationCheckLoopBack, _WinStationNotifyLogon, _WinStationNotifyLogoff
> WINTRUST.dll: CryptCATCatalogInfoFromContext, CryptCATAdminCalcHashFromFileHandle, CryptCATAdminAcquireContext, CryptCATAdminEnumCatalogFromHash, CryptCATAdminReleaseCatalogContext, WTHelperProvDataFromStateData, WinVerifyTrust, WTHelperGetProvSignerFromChain, CryptCATAdminReleaseContext
> WS2_32.dll: -, getaddrinfo, -
( 0 exports )
RDS...: NSRL Reference Data Set
-
trid..: Win64 Executable Generic (80.9%)
Win32 Executable Generic (8.0%)
Win32 Dynamic Link Library (generic) (7.1%)
Generic Win/DOS Executable (1.8%)
DOS Executable Generic (1.8%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: Windows NT Logon Application
original name: WINLOGON.EXE
internal name: winlogon
file version.: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
Symantec Reputation Network: Suspicious.Insight Suspicious.Insight | Symantec
pdfid.: -
-
OK, that file doesn't look good.
We'll have to find a replacement...
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
- Double-click SystemLook.exe to run it.
- Vista users:: Right click on SystemLook.exe, click Run As Administrator
- Copy the content of the following box into the main textfield:
Code:
:filefind
winlogon.exe
- Click the Look button to start the scan.
- When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
Newbie
