View Full Version : ABnow.com Google redirect infection
rockmypunkk
2012-04-03, 02:43
As stated in the sticky thread, I cannot run DDS on the infected computer to upload the logs but I need help
rockmypunkk
2012-04-03, 19:43
Update, along with the redirect infection I ran a scan with spybot and malware bytes which found nothing then ran STOPzilla and found 161 infections of GASF
Rogue.Win32.AntiVirus8 Rootkit.Win32.Sirefef Appconf32 Trojan.Win32.Mouse.Gen DesktopVirii Boot Alexmo Cookies (not restorable)
Hi and welcome to Safer-Networking, sorry for any delay in answering your request for help.
My name is Diver79, and I will be helping you with your malware problems.
Before we start please note the following important guidelines.
The instructions given are for THIS computer only! Using these instructions on a different computer, can make it inoperable!
Please DO NOT run any other software or scans whilst I am helping you.
Note: If you haven't done so already, please ensure you have read the following article. "BEFORE You POST"(Please read this Procedure Before Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288) where the conditions for receiving help here are explained.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.Because of this, I advise you to backup any personal files and folders before you start.
How do I backup my files and folders in XP? (http://www.winxptutor.com/ntbackup.htm)
How to backup your data - Vista/Win7 (http://www.vista4beginners.com/How-to-backup-your-data)
Will post instructions soon...
diver79.
Hi rockmypunkk
Note: If you are running Vista\Win7 you will need to run all tools I ask you to use as Administrator. You can do this by Right clicking the icon and selecting Run as Administrator.
Download/run Rkill:
Please download Rkill from one of the following links and save to your Desktop:
One (http://download.bleepingcomputer.com/grinler/rkill.exe), Two (http://download.bleepingcomputer.com/grinler/rkill.com),Three (http://download.bleepingcomputer.com/grinler/rkill.scr) or Four (http://download.bleepingcomputer.com/grinler/rkill.pif)
Double click on Rkill to run it.
A command window will open then disappear upon completion, this is normal.
When finished, Notepad will open with a log called, "rkill.log".
Please copy and paste the contents of the rkill.log in your next reply.
The file is automatically saved... located at C:\rkill.log.
Please leave Rkill on the Desktop until otherwise advised.
Note: If your security software warns about Rkill, please ignore and allow the download to continue.
Run DDS
Run DDS again using the instructions here (http://forums.spybot.info/showpost.php?p=1150&postcount=2).
OTL Scan
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Under the Standard Registry box change it to All.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
rockmypunkk
2012-04-09, 21:48
Sorry but I can't run rkill, I keep getting the error windows cannot find file h/explorer.exe and h/iexplore.exe which it eventually crashed and blue screened
rockmypunkk
2012-04-09, 22:35
OTL logfile created on: 4/9/2012 3:22:52 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Chris\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1011.88 Mb Total Physical Memory | 328.19 Mb Available Physical Memory | 32.43% Memory free
2.37 Gb Paging File | 1.83 Gb Available in Paging File | 77.27% Paging File free
Paging file location(s): C:\pagefile.sys 1512 3024 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.17 Gb Total Space | 21.64 Gb Free Space | 15.01% Space Free | Partition Type: NTFS
Computer Name: SNOWSAKURA | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Chris\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe (iS3, Inc.)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
PRC - C:\Documents and Settings\Chris\Local Settings\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)
PRC - C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
PRC - C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
========== Modules (No Company Name) ==========
MOD - C:\Program Files\Common Files\iS3\Anti-Spyware\SZEngine.dll ()
MOD - c:\Program Files\McAfee\SiteAdvisor\mcfrmwk.dll ()
MOD - c:\Program Files\McAfee\SiteAdvisor\cntscan.dll ()
MOD - c:\Program Files\McAfee\SiteAdvisor\apengine.dll ()
MOD - C:\Acer\Empowering Technology\eRecovery\it41.dll ()
MOD - C:\Acer\Empowering Technology\eRecovery\imagefile.dll ()
========== Win32 Services (SafeList) ==========
SRV - (vclone) -- \.\globalroot\C:\WINDOWS\system32\svchost.exe File not found
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (szserver) -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe (iS3, Inc.)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
========== Driver Services (SafeList) ==========
DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (Changer) -- File not found
DRV - (szkgfs) -- C:\WINDOWS\system32\drivers\SZKGFS.sys (iS3, Inc.)
DRV - (szkg5) -- C:\WINDOWS\system32\drivers\SZKG.sys (iS3 Inc.)
DRV - (is3srv) -- C:\WINDOWS\system32\drivers\is3srv.sys (iS3 Inc.)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (STEC3) -- C:\WINDOWS\system32\STEC3.sys (AntiCracking)
DRV - (cpuz135) -- C:\WINDOWS\system32\drivers\cpuz135_x32.sys (CPUID)
DRV - (ISODrive) -- C:\Program Files\UltraISO\drivers\ISODrive.sys (EZB Systems, Inc.)
DRV - (cpudrv) -- C:\Program Files\SystemRequirementsLab\cpudrv.sys ()
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (JMCR) -- C:\WINDOWS\system32\drivers\jmcr.sys (JMicron Technology Corporation)
DRV - (AR5416) -- C:\WINDOWS\system32\drivers\athw.sys (Atheros Communications, Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (FsVga) -- C:\WINDOWS\system32\drivers\fsvga.sys (Microsoft Corporation)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\WINDOWS\system32\drivers\snp2uvc.sys ()
DRV - ({09BB444F-B2E2-4009-BAF2-7B727681223E}) -- C:\Program Files\VMLaunch\BuddyVM.sys (Interlex Inc.)
DRV - (int15.sys) -- C:\Acer\Empowering Technology\eRecovery\int15.sys ()
DRV - (prohlp02) -- C:\WINDOWS\system32\drivers\prohlp02.sys (Protection Technology)
DRV - (prodrv06) -- C:\WINDOWS\system32\drivers\prodrv06.sys (Protection Technology)
DRV - (sfhlp01) -- C:\WINDOWS\system32\drivers\sfhlp01.sys (Protection Technology)
rockmypunkk
2012-04-09, 22:36
========== Standard Registry (All) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = {2E7703FB-5DFE-4E08-9D08-57A81D3BDE20}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&query={searchTerms}&invocationType=tb50trie7
IE - HKCU\..\SearchScopes\{2E7703FB-5DFE-4E08-9D08-57A81D3BDE20}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MS8TDF&pc=MS8TDF&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Yahoo-FlvTube"
FF - prefs.js..browser.search.defaultenginename: "Yahoo-FlvTube"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query="
FF - prefs.js..browser.search.order.1: "Yahoo-FlvTube"
FF - prefs.js..browser.search.selectedEngine: "Yahoo-FlvTube"
FF - prefs.js..browser.search.selectedEngineURL: "http://flvtubesearch.co/?tmp=toolbar_flvtube_results&prt=flvtubetb01ff&clid=2db3f0a4ecf046bd8cfb0529940a054a&subid=3067&Keywords={searchTerms}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}:6.0.19
FF - prefs.js..extensions.enabledItems: anttoolbar@ant.com:2.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {A5DCA3F5-ED5A-4ed3-9671-DBB0C68FA469}:1.0
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17
FF - prefs.js..keyword.URL: "http://flvtubesearch.co/?prt=02ff&clid=&subid=&Keywords="
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/10/24 09:39:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/04/14 23:10:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/04/14 23:10:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012/03/25 12:35:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2012/04/04 16:49:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/25 01:16:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/06 17:47:29 | 000,000,000 | ---D | M]
[2009/02/23 09:37:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Extensions
[2009/02/23 09:37:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2012/03/25 12:38:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\lrp7h7bg.default\extensions
[2010/06/28 13:07:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\lrp7h7bg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/09 13:24:50 | 000,000,000 | ---D | M] (Web Enhancements) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\lrp7h7bg.default\extensions\{A5DCA3F5-ED5A-4ed3-9671-DBB0C68FA469}
[2011/09/18 16:04:34 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\lrp7h7bg.default\extensions\anttoolbar@ant(2).com
[2012/03/25 12:38:11 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\lrp7h7bg.default\extensions\anttoolbar@ant.com
[2011/09/18 16:03:30 | 000,000,000 | ---D | M] (Microsoft Choice Guard) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\lrp7h7bg.default\extensions\ChoiceGuard@Microsoft
[2009/02/23 09:53:34 | 000,001,739 | ---- | M] () -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\lrp7h7bg.default\searchplugins\aim-search.xml
[2012/04/04 16:50:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/25 01:16:42 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/01/03 13:04:02 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2012/04/04 16:50:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/03/25 12:35:22 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2012/03/12 23:39:39 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/04/04 16:49:50 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/11/13 19:47:38 | 000,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2008/09/26 11:40:34 | 000,053,248 | ---- | M] (AOL LLC) -- C:\Program Files\mozilla firefox\plugins\npdnu.dll
[2012/01/03 08:22:02 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2008/09/10 14:56:44 | 000,144,960 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2008/09/10 14:37:54 | 000,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2012/03/12 23:38:32 | 000,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2012/03/12 23:38:32 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/03/12 23:38:32 | 000,001,131 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2012/03/12 23:38:32 | 000,002,364 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2012/03/12 23:38:32 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/03/12 23:38:32 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2012/03/12 23:38:32 | 000,001,096 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml
rockmypunkk
2012-04-09, 22:36
O1 HOSTS File: ([2012/04/03 01:34:23 | 000,000,021 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - No CLSID value found.
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - No CLSID value found.
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (STOPzilla Browser Helper Object) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll (iS3, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [PLFSetL] C:\WINDOWS\PLFSetL.exe (sonix)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)
O4 - Startup: C:\Documents and Settings\Chris\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - mswsock.dll File not found
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FC95DAB5-2C4C-4702-8CED-AD0C49E9A417}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\TPSvc: DllName - (TPSvc.dll) - File not found
rockmypunkk
2012-04-09, 22:37
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Chris\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Chris\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/15 12:37:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: autoycfg - (C:\WINDOWS\system32\comprsh.dll) - C:\WINDOWS\system32\comprsh.dll (Malwarebytes Corporation)
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
========== Files/Folders - Created Within 30 Days ==========
[2012/04/04 16:50:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/04/04 16:50:06 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/04/04 16:50:06 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/04/04 16:50:06 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/04/04 16:50:06 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012/04/03 10:21:35 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Chris\Recent
[2012/04/03 01:29:47 | 000,101,112 | R--- | C] (GFI Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2012/04/03 01:29:47 | 000,042,864 | R--- | C] (GFI Software) -- C:\WINDOWS\System32\SBBD.EXE
[2012/04/03 01:29:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\STOPzilla
[2012/04/03 01:29:38 | 000,000,000 | ---D | C] -- C:\Program Files\STOPzilla!
[2012/04/03 01:29:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2012/04/03 01:29:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2012/04/03 01:25:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2012/04/03 01:25:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2012/04/03 01:25:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\TestApp
[2012/04/03 01:05:35 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/04/03 00:54:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Chris\Start Menu\Programs\Administrative Tools
[2012/04/03 00:54:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2012/04/03 00:51:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Start Menu\Programs\NOMAD
[2012/04/03 00:51:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ぴんくはてな
[2012/04/03 00:51:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\あかべぇそふとつぅTRY
[2012/04/03 00:51:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Start Menu\Programs\DO
[2012/04/03 00:49:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Start Menu\Programs\アイル
[2012/04/03 00:48:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Vanadis
[2012/04/03 00:48:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Start Menu\Programs\DualMage
[2012/04/02 19:02:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/04/02 19:02:24 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/04/02 16:59:33 | 000,361,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcpip.sys
[2012/04/02 11:59:25 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\ad7217cf
[2012/04/02 01:46:29 | 000,000,000 | ---D | C] -- C:\UTSUSEMI
[2012/04/01 21:31:02 | 000,000,000 | ---D | C] -- C:\NOMAD
[2012/04/01 14:18:06 | 000,000,000 | ---D | C] -- C:\Program Files\ぴんくはてな
[2012/04/01 14:09:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\俺サマのラグナRock
[2012/04/01 14:07:44 | 000,000,000 | ---D | C] -- C:\Program Files\あかべぇそふとつぅTRY
[2012/03/31 22:46:15 | 000,000,000 | ---D | C] -- C:\Program Files\アークシェル
[2012/03/31 18:40:13 | 000,000,000 | ---D | C] -- C:\Program Files\DO
[2012/03/31 17:13:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\AIL
[2012/03/31 10:31:03 | 000,000,000 | ---D | C] -- C:\アイル
[2012/03/31 01:26:39 | 000,000,000 | ---D | C] -- C:\Program Files\教えてっ!おねてぃー
[2012/03/30 23:41:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\Vanadis
[2012/03/30 23:36:39 | 000,000,000 | ---D | C] -- C:\Program Files\Vanadis
[2012/03/30 21:58:20 | 000,000,000 | ---D | C] -- C:\Program Files\DualMage
[2012/03/30 21:28:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\Euphoria
[2012/03/30 21:22:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ユーフォリア
[2012/03/30 21:22:04 | 000,000,000 | ---D | C] -- C:\Program Files\euphoria
[2012/03/30 21:17:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\蠱惑の刻
[2012/03/30 21:13:10 | 000,000,000 | ---D | C] -- C:\Program Files\蠱惑の刻
[2012/03/30 16:46:33 | 000,000,000 | ---D | C] -- C:\Program Files\Acmeholic
[2012/03/30 16:34:55 | 000,000,000 | ---D | C] -- C:\Program Files\SPEED
[2012/03/30 15:40:02 | 000,000,000 | ---D | C] -- C:\Program Files\ドキドキ母娘レッスン
[2012/03/30 15:12:38 | 000,000,000 | ---D | C] -- C:\萌♂
[2012/03/30 15:01:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\maika_savedata
[2012/03/30 15:01:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\maika
[2012/03/30 14:53:25 | 000,000,000 | ---D | C] -- C:\maika
[2012/03/30 14:15:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Start Menu\Programs\TOUCHABLE
[2012/03/30 14:13:04 | 000,000,000 | ---D | C] -- C:\Program Files\touchable
[2012/03/29 23:23:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Start Menu\Programs\『乙女蹂躙遊戯』
[2012/03/29 23:21:50 | 000,000,000 | ---D | C] -- C:\Program Files\Guilty
[2012/03/29 21:41:47 | 000,000,000 | ---D | C] -- C:\Program Files\CLOCKUP
[2012/03/29 20:53:23 | 000,000,000 | ---D | C] -- C:\Program Files\Atheros
[2012/03/29 18:58:08 | 000,058,368 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smiminib.sys
[2012/03/29 18:57:48 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smi2smir.exe
[2012/03/29 18:57:48 | 000,147,200 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smidispb.dll
[2012/03/29 18:57:41 | 000,025,034 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smcpwr2n.sys
[2012/03/29 18:57:34 | 000,035,913 | ---- | C] (SMC) -- C:\WINDOWS\System32\dllcache\smcirda.sys
[2012/03/29 18:57:27 | 000,024,576 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smc8000n.sys
[2012/03/29 18:57:20 | 000,006,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbhc.sys
[2012/03/29 18:57:19 | 000,006,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbclass.sys
[2012/03/29 18:57:18 | 000,016,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbbatt.sys
[2012/03/29 18:57:17 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbali.sys
[2012/03/29 18:57:16 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll
[2012/03/29 18:57:09 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb3w.dll
[2012/03/29 18:57:02 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb0w.dll
[2012/03/29 18:57:02 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll
[2012/03/29 18:56:55 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll
[2012/03/29 18:56:55 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma0w.dll
[2012/03/29 18:56:54 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll
[2012/03/29 18:56:54 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll
[2012/03/29 18:56:46 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm91w.dll
[2012/03/29 18:56:46 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll
[2012/03/29 18:56:45 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll
[2012/03/29 18:56:45 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll
[2012/03/29 18:56:44 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll
[2012/03/29 18:56:43 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll
[2012/03/29 18:56:43 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll
[2012/03/29 18:56:43 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll
[2012/03/29 18:56:35 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll
[2012/03/29 18:56:31 | 000,073,796 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\dllcache\slserv.exe
[2012/03/29 18:56:31 | 000,013,240 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\dllcache\slwdmsup.sys
[2012/03/29 18:56:30 | 000,095,424 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\dllcache\slnthal.sys
[2012/03/29 18:56:30 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\dllcache\slrundll.exe
[2012/03/29 18:56:29 | 000,404,990 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\dllcache\slntamr.sys
[2012/03/29 18:56:29 | 000,129,535 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\dllcache\slnt7554.sys
[2012/03/29 18:56:28 | 000,286,792 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\dllcache\slextspk.dll
[2012/03/29 18:56:28 | 000,188,508 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\dllcache\slgen.dll
[2012/03/29 18:56:28 | 000,073,832 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\dllcache\slcoinst.dll
[2012/03/29 18:56:26 | 000,063,547 | ---- | C] (Symbol Technologies) -- C:\WINDOWS\System32\dllcache\sla30nd5.sys
[2012/03/29 18:56:20 | 000,091,294 | ---- | C] (SysKonnect, a business unit of Schneider & Koch & Co. Datensysteme GmbH.) -- C:\WINDOWS\System32\dllcache\skfpwin.sys
[2012/03/29 18:56:13 | 000,094,698 | ---- | C] (SysKonnect GmbH.) -- C:\WINDOWS\System32\dllcache\sk98xwin.sys
[2012/03/29 18:56:06 | 000,157,696 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sisv256.dll
[2012/03/29 18:55:59 | 000,050,432 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sisv.sys
[2012/03/29 18:55:57 | 000,032,768 | ---- | C] (SiS Corporation) -- C:\WINDOWS\System32\dllcache\sisnic.sys
[2012/03/29 18:55:50 | 000,238,592 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sisgrv.dll
[2012/03/29 18:55:43 | 000,104,064 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sisgrp.sys
[2012/03/29 18:55:36 | 000,150,144 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sis6306v.dll
[2012/03/29 18:55:29 | 000,068,608 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sis6306p.sys
[2012/03/29 18:55:22 | 000,252,032 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sis300iv.dll
[2012/03/29 18:55:15 | 000,101,760 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sis300ip.sys
[2012/03/29 18:55:14 | 000,003,901 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\siint5.dll
[2012/03/29 18:55:13 | 000,000,000 | ---D | C] -- C:\temp
[2012/03/29 18:55:03 | 000,161,568 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmusb.sys
[2012/03/29 18:54:56 | 000,018,400 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmld.sys
[2012/03/29 18:54:50 | 000,098,080 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiulnt5.sys
[2012/03/29 18:54:43 | 000,386,560 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiul50.dll
[2012/03/29 18:54:36 | 000,036,480 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\sfmanm.sys
[2012/03/29 18:54:28 | 000,006,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\serscan.sys
[2012/03/29 18:54:22 | 000,017,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sermouse.sys
[2012/03/29 18:54:21 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll
[2012/03/29 18:54:14 | 000,006,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\seaddsmc.sys
[2012/03/29 18:54:13 | 000,011,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scsiscan.sys
[2012/03/29 18:54:06 | 000,011,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scsiprnt.sys
[2012/03/29 18:54:05 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
[2012/03/29 18:53:58 | 000,017,280 | ---- | C] (SCM Microsystems) -- C:\WINDOWS\System32\dllcache\scr111.sys
[2012/03/29 18:53:51 | 000,016,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scmstcs.sys
[2012/03/29 18:53:44 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmusbm.sys
[2012/03/29 18:53:37 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmn50m.sys
[2012/03/29 18:53:36 | 000,043,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sbp2port.sys
[2012/03/29 18:53:29 | 000,495,616 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\sblfx.dll
[2012/03/29 18:53:21 | 000,075,392 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\dllcache\s3savmxm.sys
[2012/03/29 18:53:15 | 000,245,632 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\dllcache\s3savmx.dll
[2012/03/29 18:53:08 | 000,077,824 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4m.sys
[2012/03/29 18:53:01 | 000,198,400 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4.dll
[2012/03/29 18:52:54 | 000,061,504 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3dm.sys
[2012/03/29 18:52:47 | 000,179,264 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3d.dll
[2012/03/29 18:52:41 | 000,210,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mvirge.dll
[2012/03/29 18:52:34 | 000,062,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mtrio.dll
[2012/03/29 18:52:27 | 000,041,216 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.sys
[2012/03/29 18:52:21 | 000,182,272 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.dll
[2012/03/29 18:52:14 | 000,166,720 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3m.sys
[2012/03/29 18:52:07 | 000,065,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\s3legacy.sys
[2012/03/29 18:52:06 | 000,166,912 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\dllcache\s3gnbm.sys
[2012/03/29 18:52:05 | 000,397,056 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\dllcache\s3gnb.dll
[2012/03/29 18:51:58 | 000,082,432 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia450.dll
[2012/03/29 18:51:52 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia430.dll
[2012/03/29 18:51:52 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2012/03/29 18:51:51 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2012/03/29 18:51:49 | 000,029,696 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw450ext.dll
[2012/03/29 18:51:47 | 000,027,648 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw430ext.dll
[2012/03/29 18:51:46 | 000,029,184 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2012/03/29 18:51:46 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rw001ext.dll
[2012/03/29 18:51:44 | 000,020,992 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\rtl8139.sys
[2012/03/29 18:51:37 | 000,019,017 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\rtl8029.sys
[2012/03/29 18:51:30 | 000,030,720 | ---- | C] (Conexant Systems Inc.) -- C:\WINDOWS\System32\dllcache\rthwcls.sys
[2012/03/29 18:51:23 | 000,009,216 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\rsmgrstr.dll
[2012/03/29 18:51:16 | 000,003,840 | ---- | C] (Conexant Systems Inc.) -- C:\WINDOWS\System32\dllcache\rpfun.sys
[2012/03/29 18:51:12 | 000,079,104 | ---- | C] (Comtrol Corporation) -- C:\WINDOWS\System32\dllcache\rocket.sys
[2012/03/29 18:51:12 | 000,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rndismpx.sys
[2012/03/29 18:51:05 | 000,037,563 | ---- | C] (RadioLAN) -- C:\WINDOWS\System32\dllcache\rlnet5.sys
[2012/03/29 18:51:04 | 000,059,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rfcomm.sys
[2012/03/29 18:50:57 | 000,086,097 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\reslog32.dll
[2012/03/29 18:50:56 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
[2012/03/29 18:50:56 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
[2012/03/29 18:50:55 | 000,013,776 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\dllcache\recagent.sys
[2012/03/29 18:50:46 | 000,019,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rasirda.sys
[2012/03/29 18:50:44 | 000,020,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ramdisk.sys
[2012/03/29 18:50:38 | 000,714,762 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdmkxx.sys
[2012/03/29 18:50:31 | 000,899,146 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdkxga.sys
[2012/03/29 18:50:24 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qvusd.dll
[2012/03/29 18:50:18 | 000,003,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qv2kux.sys
[2012/03/29 18:50:17 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe
[2012/03/29 18:50:17 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe
[2012/03/29 18:50:14 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qic157.sys
[2012/03/29 18:50:06 | 000,130,942 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlv.sys
[2012/03/29 18:49:59 | 000,112,574 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlp.sys
[2012/03/29 18:49:52 | 000,128,286 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserli.sys
[2012/03/29 18:49:50 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ptpusd.dll
[2012/03/29 18:49:44 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ptpusb.dll
[2012/03/29 18:49:37 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\psisload.dll
[2012/03/29 18:49:28 | 000,016,128 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\pscr.sys
[2012/03/29 18:49:27 | 000,017,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ppa3.sys
[2012/03/29 18:49:21 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ppa.sys
[2012/03/29 18:49:20 | 000,008,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\powerfil.sys
[2012/03/29 18:49:13 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll
[2012/03/29 18:49:13 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pnrmc.sys
[2012/03/29 18:49:12 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll
[2012/03/29 18:49:12 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll
rockmypunkk
2012-04-09, 22:38
[2012/03/29 18:49:04 | 000,121,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phvfwext.dll
[2012/03/29 18:48:57 | 000,019,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philtune.sys
[2012/03/29 18:48:51 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phildec.sys
[2012/03/29 18:48:45 | 000,173,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philcam2.sys
[2012/03/29 18:48:38 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philcam1.sys
[2012/03/29 18:48:32 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philcam1.dll
[2012/03/29 18:48:25 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phdsext.ax
[2012/03/29 18:48:24 | 000,259,328 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm3dd.dll
[2012/03/29 18:48:23 | 000,028,032 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm3.sys
[2012/03/29 18:48:22 | 000,211,584 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm2dll.dll
[2012/03/29 18:48:21 | 000,027,904 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm2.sys
[2012/03/29 18:48:19 | 000,169,984 | ---- | C] (Cisco Systems) -- C:\WINDOWS\System32\dllcache\pcx500.sys
[2012/03/29 18:48:12 | 000,086,016 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\pctspk.exe
[2012/03/29 18:48:06 | 000,035,328 | ---- | C] (AMD Inc.) -- C:\WINDOWS\System32\dllcache\pcntpci5.sys
[2012/03/29 18:47:59 | 000,029,769 | ---- | C] (AMD Inc.) -- C:\WINDOWS\System32\dllcache\pcntn5m.sys
[2012/03/29 18:47:53 | 000,030,282 | ---- | C] (AMD Inc.) -- C:\WINDOWS\System32\dllcache\pcntn5hl.sys
[2012/03/29 18:47:46 | 000,026,153 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pcmlm56.sys
[2012/03/29 18:47:45 | 000,029,502 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\pca200e.sys
[2012/03/29 18:47:39 | 000,030,495 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pc100nds.sys
[2012/03/29 18:47:31 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovui2rc.dll
[2012/03/29 18:47:25 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovui2.dll
[2012/03/29 18:47:18 | 000,025,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovsound2.sys
[2012/03/29 18:47:12 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcoms.exe
[2012/03/29 18:47:05 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcomc.dll
[2012/03/29 18:46:59 | 000,351,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcodek2.sys
[2012/03/29 18:46:52 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcodec2.dll
[2012/03/29 18:46:46 | 000,031,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovce.sys
[2012/03/29 18:46:40 | 000,028,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcd.sys
[2012/03/29 18:46:33 | 000,048,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcam2.sys
[2012/03/29 18:46:27 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovca.sys
[2012/03/29 18:46:20 | 000,054,186 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otcsercb.sys
[2012/03/29 18:46:14 | 000,043,689 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otceth5.sys
[2012/03/29 18:46:07 | 000,027,209 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otc06x5.sys
[2012/03/29 18:46:01 | 000,054,528 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\opl3sax.sys
[2012/03/29 18:45:59 | 000,061,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ohci1394.sys
[2012/03/29 18:45:54 | 001,897,408 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv4_mini.sys
[2012/03/29 18:45:53 | 004,274,816 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv4_disp.dll
[2012/03/29 18:45:46 | 000,198,144 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv3.sys
[2012/03/29 18:45:40 | 000,123,776 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv3.dll
[2012/03/29 18:45:39 | 000,180,360 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\dllcache\ntmtlfax.sys
[2012/03/29 18:45:31 | 000,051,552 | ---- | C] (Kensington Technology Group) -- C:\WINDOWS\System32\dllcache\ntgrip.sys
[2012/03/29 18:45:30 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
[2012/03/29 18:45:23 | 000,009,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntapm.sys
[2012/03/29 18:45:17 | 000,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nsmmc.sys
[2012/03/29 18:45:14 | 000,028,672 | ---- | C] (National Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\nscirda.sys
[2012/03/29 18:45:07 | 000,087,040 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm6wdm.sys
[2012/03/29 18:45:00 | 000,126,080 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm5a2wdm.sys
[2012/03/29 18:44:53 | 000,032,840 | ---- | C] (NETGEAR Corporation.) -- C:\WINDOWS\System32\dllcache\ngrpci.sys
[2012/03/29 18:44:51 | 000,132,695 | ---- | C] (802.11b) -- C:\WINDOWS\System32\dllcache\netwlan5.sys
[2012/03/29 18:44:42 | 000,065,278 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\netflx3.sys
[2012/03/29 18:44:34 | 000,039,264 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.sys
[2012/03/29 18:44:28 | 000,060,480 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.dll
[2012/03/29 18:44:21 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ne2000.sys
[2012/03/29 18:44:13 | 000,091,488 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3disp.dll
[2012/03/29 18:44:07 | 000,027,936 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3d.sys
[2012/03/29 18:44:01 | 000,033,088 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.sys
[2012/03/29 18:43:55 | 000,059,104 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.dll
[2012/03/29 18:43:48 | 000,013,664 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.sys
[2012/03/29 18:43:43 | 000,035,392 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.dll
[2012/03/29 18:43:37 | 000,128,000 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\n100325.sys
[2012/03/29 18:43:31 | 000,052,255 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\n1000nt5.sys
[2012/03/29 18:43:25 | 000,075,520 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxport.sys
[2012/03/29 18:43:18 | 000,007,168 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxport.dll
[2012/03/29 18:43:13 | 000,019,968 | ---- | C] (Macronix International Co., Ltd. ) -- C:\WINDOWS\System32\dllcache\mxnic.sys
[2012/03/29 18:43:08 | 000,019,968 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxicfg.dll
[2012/03/29 18:43:02 | 000,021,888 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxcard.sys
[2012/03/29 18:43:01 | 000,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mutohpen.sys
[2012/03/29 18:42:56 | 000,103,296 | ---- | C] (Matrox Graphics Inc) -- C:\WINDOWS\System32\dllcache\mtxvideo.sys
[2012/03/29 18:42:55 | 000,452,736 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\mtxparhm.sys
[2012/03/29 18:42:53 | 001,737,856 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\mtxparhd.dll
[2012/03/29 18:42:52 | 001,309,184 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\dllcache\mtlstrm.sys
[2012/03/29 18:42:52 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtstocom.exe
[2012/03/29 18:42:51 | 000,126,686 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\dllcache\mtlmnt5.sys
[2012/03/29 18:42:45 | 000,049,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstape.sys
[2012/03/29 18:42:39 | 000,012,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msriffwv.sys
[2012/03/29 18:42:24 | 000,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msmpu401.sys
[2012/03/29 18:42:23 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msiregmv.exe
[2012/03/29 18:42:22 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msircomm.sys
[2012/03/29 18:42:13 | 000,035,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msgame.sys
[2012/03/29 18:42:07 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfsio.sys
[2012/03/29 18:42:03 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdv.sys
[2012/03/29 18:41:58 | 000,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpe.sys
[2012/03/29 18:41:38 | 000,016,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\modemcsa.sys
[2012/03/29 18:41:30 | 000,006,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\miniqic.sys
[2012/03/29 18:41:29 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migregdb.exe
[2012/03/29 18:41:28 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migisol.exe
[2012/03/29 18:41:22 | 000,320,384 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\mgaum.sys
[2012/03/29 18:41:16 | 000,235,648 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\mgaud.dll
[2012/03/29 18:41:15 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys
[2012/03/29 18:41:15 | 000,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll
[2012/03/29 18:41:14 | 000,026,112 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\memstpci.sys
[2012/03/29 18:41:08 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\memgrp.dll
[2012/03/29 18:41:02 | 000,008,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\memcard.sys
[2012/03/29 18:40:55 | 000,164,586 | ---- | C] (Madge Networks Ltd) -- C:\WINDOWS\System32\dllcache\mdgndis5.sys
[2012/03/29 18:40:48 | 000,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mammoth.sys
[2012/03/29 18:40:47 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
[2012/03/29 18:40:41 | 000,048,768 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\maestro.sys
[2012/03/29 18:40:35 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\m3092dc.dll
[2012/03/29 18:40:29 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\m3091dc.dll
[2012/03/29 18:40:23 | 000,022,848 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\dllcache\lwusbhid.sys
[2012/03/29 18:40:22 | 000,020,864 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\dllcache\lwadihid.sys
[2012/03/29 18:40:16 | 000,797,500 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltsmt.sys
[2012/03/29 18:40:10 | 000,802,683 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\ltsm.sys
[2012/03/29 18:40:08 | 000,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ltotape.sys
[2012/03/29 18:40:07 | 000,420,992 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntt.sys
[2012/03/29 18:40:01 | 000,576,746 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntl.sys
[2012/03/29 18:40:00 | 000,606,684 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmnt.sys
[2012/03/29 18:39:55 | 000,727,786 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ltck000c.sys
[2012/03/29 18:39:49 | 000,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\loop.sys
[2012/03/29 18:39:42 | 000,070,730 | ---- | C] (Linksys Group, Inc.) -- C:\WINDOWS\System32\dllcache\lne100tx.sys
[2012/03/29 18:39:37 | 000,020,573 | ---- | C] (The Linksts Group ) -- C:\WINDOWS\System32\dllcache\lne100.sys
[2012/03/29 18:39:31 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lmmib2.dll
[2012/03/29 18:39:31 | 000,025,065 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\lmndis3.sys
[2012/03/29 18:39:25 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\dllcache\lbrtfdc.sys
[2012/03/29 18:39:25 | 000,015,744 | ---- | C] (Litronic Industries) -- C:\WINDOWS\System32\dllcache\lit220p.sys
[2012/03/29 18:39:19 | 000,026,442 | ---- | C] (SMSC) -- C:\WINDOWS\System32\dllcache\lanepic5.sys
[2012/03/29 18:39:13 | 000,019,016 | ---- | C] (Kingston Technology Company ) -- C:\WINDOWS\System32\dllcache\ktc111.sys
[2012/03/29 18:39:07 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kousd.dll
[2012/03/29 18:39:05 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kdsusd.dll
[2012/03/29 18:39:03 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kdsui.dll
[2012/03/29 18:38:57 | 000,014,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhid.sys
[2012/03/29 18:38:54 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll
[2012/03/29 18:38:48 | 000,026,624 | ---- | C] (SigmaTel, Inc.) -- C:\WINDOWS\System32\dllcache\irstusb.sys
[2012/03/29 18:38:43 | 000,018,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irsir.sys
[2012/03/29 18:38:41 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irmon.dll
[2012/03/29 18:38:36 | 000,023,552 | ---- | C] (MKNet Corporation) -- C:\WINDOWS\System32\dllcache\irmk7.sys
[2012/03/29 18:38:35 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irftp.exe
[2012/03/29 18:38:33 | 000,088,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irda.sys
[2012/03/29 18:38:32 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iprip.dll
[2012/03/29 18:38:26 | 000,045,632 | ---- | C] (Interphase (R) Corporation a Windows (R) 2000 DDK Driver Provider) -- C:\WINDOWS\System32\dllcache\ip5515.sys
[2012/03/29 18:38:20 | 000,090,200 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\io8ports.dll
[2012/03/29 18:38:15 | 000,038,784 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\io8.sys
[2012/03/29 18:38:09 | 000,013,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inport.sys
[2012/03/29 18:37:59 | 000,372,824 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\iconf32.dll
[2012/03/29 18:37:53 | 000,100,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam5usb.sys
[2012/03/29 18:37:48 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam5ext.dll
[2012/03/29 18:37:43 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam5com.dll
[2012/03/29 18:37:37 | 000,154,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam4usb.sys
[2012/03/29 18:37:32 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam4ext.dll
[2012/03/29 18:37:27 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam4com.dll
[2012/03/29 18:37:21 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam3ext.dll
[2012/03/29 18:37:16 | 000,141,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam3.sys
[2012/03/29 18:37:11 | 000,038,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ibmvcap.sys
[2012/03/29 18:37:06 | 000,109,085 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\ibmtrp.sys
[2012/03/29 18:37:01 | 000,100,936 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\ibmtok.sys
[2012/03/29 18:36:56 | 000,009,216 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\ibmsgnet.dll
[2012/03/29 18:36:51 | 000,028,700 | ---- | C] (IBM Corp.) -- C:\WINDOWS\System32\dllcache\ibmexmp.sys
[2012/03/29 18:36:49 | 000,161,020 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\i81xnt5.sys
[2012/03/29 18:36:48 | 000,702,845 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\i81xdnt5.dll
[2012/03/29 18:36:43 | 000,058,592 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\i740nt5.sys
[2012/03/29 18:36:37 | 000,353,184 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\i740dnt5.dll
[2012/03/29 18:36:32 | 001,041,536 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\dllcache\hsfdpsp2.sys
[2012/03/29 18:36:32 | 000,685,056 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\dllcache\hsfcxts2.sys
[2012/03/29 18:36:31 | 000,220,032 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\dllcache\hsfbs2s2.sys
[2012/03/29 18:36:31 | 000,032,285 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\dllcache\hsfcisp2.dll
[2012/03/29 18:36:26 | 000,488,383 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_v124.sys
[2012/03/29 18:36:21 | 000,050,751 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_tone.sys
[2012/03/29 18:36:16 | 000,073,279 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_spkp.sys
[2012/03/29 18:36:11 | 000,044,863 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_soar.sys
[2012/03/29 18:36:06 | 000,057,471 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_samp.sys
[2012/03/29 18:36:00 | 000,542,879 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_msft.sys
[2012/03/29 18:35:55 | 000,391,199 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_k56k.sys
[2012/03/29 18:35:51 | 000,009,759 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_inst.dll
[2012/03/29 18:35:46 | 000,115,807 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_fsks.sys
[2012/03/29 18:35:41 | 000,199,711 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_faxx.sys
[2012/03/29 18:35:35 | 000,289,887 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_fall.sys
[2012/03/29 18:35:30 | 000,067,167 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_bsc2.sys
[2012/03/29 18:35:25 | 000,150,239 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_amos.sys
[2012/03/29 18:35:20 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hr1w.dll
[2012/03/29 18:35:15 | 000,005,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpt4qic.sys
[2012/03/29 18:35:10 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpsjmcro.dll
[2012/03/29 18:35:06 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpojwia.dll
[2012/03/29 18:35:01 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpgtmcro.dll
[2012/03/29 18:34:56 | 000,068,608 | ---- | C] (Avisioin) -- C:\WINDOWS\System32\dllcache\hpgt53tk.dll
[2012/03/29 18:34:46 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpgt42tk.dll
[2012/03/29 18:34:36 | 000,126,976 | ---- | C] (Hewlett Packard) -- C:\WINDOWS\System32\dllcache\hpgt34tk.dll
[2012/03/29 18:34:27 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpgt33tk.dll
[2012/03/29 18:34:18 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpgt21tk.dll
[2012/03/29 18:34:08 | 000,119,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpdigwia.dll
[2012/03/29 18:34:08 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hostmib.dll
[2012/03/29 18:34:03 | 000,002,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidswvd.sys
[2012/03/29 18:34:01 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll
[2012/03/29 18:34:01 | 000,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidir.sys
[2012/03/29 18:33:56 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidbth.sys
[2012/03/29 18:33:56 | 000,008,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidgame.sys
[2012/03/29 18:33:55 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidbatt.sys
[2012/03/29 18:33:49 | 000,907,456 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hcf_msft.sys
[2012/03/29 18:33:47 | 000,028,288 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grserial.sys
[2012/03/29 18:33:43 | 000,082,304 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grclass.sys
[2012/03/29 18:33:39 | 000,017,408 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\gpr400.sys
[2012/03/29 18:33:36 | 000,059,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gckernel.sys
[2012/03/29 18:33:35 | 000,010,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gameenum.sys
[2012/03/29 18:33:33 | 000,046,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gagp30kx.sys
[2012/03/29 18:33:28 | 000,322,432 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\g400m.sys
[2012/03/29 18:33:24 | 001,733,120 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\g400d.dll
[2012/03/29 18:33:20 | 000,320,384 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\g200m.sys
[2012/03/29 18:33:15 | 000,470,144 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\g200d.dll
[2012/03/29 18:33:11 | 000,454,912 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fxusbase.sys
[2012/03/29 18:33:05 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fuusd.dll
[2012/03/29 18:33:01 | 000,455,296 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fusbbase.sys
[2012/03/29 18:32:57 | 000,455,680 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fus2base.sys
[2012/03/29 18:32:52 | 000,442,240 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpnpbase.sys
[2012/03/29 18:32:48 | 000,441,728 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcmbase.sys
[2012/03/29 18:32:44 | 000,444,416 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcibase.sys
[2012/03/29 18:32:43 | 000,024,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmcgi.exe
[2012/03/29 18:32:43 | 000,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmdll.dll
[2012/03/29 18:32:41 | 000,034,173 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\forehe.sys
[2012/03/29 18:32:37 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fnfilter.dll
[2012/03/29 18:32:36 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe
[2012/03/29 18:32:31 | 000,027,165 | ---- | C] (VIA Technologies, Inc. ) -- C:\WINDOWS\System32\dllcache\fetnd5.sys
[2012/03/29 18:32:20 | 000,022,090 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\fem556n5.sys
[2012/03/29 18:32:19 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll
[2012/03/29 18:32:15 | 000,024,618 | ---- | C] (NETGEAR) -- C:\WINDOWS\System32\dllcache\fa410nd5.sys
[2012/03/29 18:32:11 | 000,016,074 | ---- | C] (NETGEAR Corp.) -- C:\WINDOWS\System32\dllcache\fa312nd5.sys
[2012/03/29 18:32:07 | 000,011,850 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xj.sys
[2012/03/29 18:32:03 | 000,012,362 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xi.sys
[2012/03/29 18:31:58 | 000,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\exabyte2.sys
[2012/03/29 18:31:55 | 000,016,998 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\ex10.sys
[2012/03/29 18:31:54 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntwin.exe
[2012/03/29 18:31:54 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntcmd.exe
[2012/03/29 18:31:53 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntagnt.dll
[2012/03/29 18:31:52 | 000,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2012/03/29 18:31:52 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys
[2012/03/29 18:31:48 | 000,045,568 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunib.dll
[2012/03/29 18:31:44 | 000,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2012/03/29 18:31:44 | 000,045,568 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuni.dll
[2012/03/29 18:31:40 | 000,034,816 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimg.dll
[2012/03/29 18:31:39 | 000,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2012/03/29 18:31:36 | 000,043,008 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucm.dll
[2012/03/29 18:31:35 | 000,137,088 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\essm2e.sys
[2012/03/29 18:31:31 | 000,063,360 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\ess.sys
[2012/03/29 18:31:27 | 000,347,550 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\es56tpi.sys
[2012/03/29 18:31:23 | 000,594,238 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\es56hpi.sys
[2012/03/29 18:31:19 | 000,595,647 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\es56cvmp.sys
[2012/03/29 18:31:15 | 000,174,464 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\es198x.sys
rockmypunkk
2012-04-09, 22:39
[2012/03/29 18:31:11 | 000,072,192 | ---- | C] (ESS Technology Inc.) -- C:\WINDOWS\System32\dllcache\es1969.sys
[2012/03/29 18:31:07 | 000,040,704 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\es1371mp.sys
[2012/03/29 18:31:03 | 000,037,120 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\es1370mp.sys
[2012/03/29 18:30:59 | 000,061,952 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqnloop.exe
[2012/03/29 18:30:56 | 000,051,200 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqnlogr.exe
[2012/03/29 18:30:52 | 000,053,248 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqndiag.exe
[2012/03/29 18:30:48 | 000,629,952 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqn.sys
[2012/03/29 18:30:44 | 000,114,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\epstw2k.sys
[2012/03/29 18:30:40 | 000,018,503 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\epro4.sys
[2012/03/29 18:30:37 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\epcfw2k.sys
[2012/03/29 18:30:35 | 000,006,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\enum1394.sys
[2012/03/29 18:30:32 | 000,283,904 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\emu10k1m.sys
[2012/03/29 18:30:24 | 000,019,996 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\em556n4.sys
[2012/03/29 18:30:21 | 000,025,159 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\elnk3.sys
[2012/03/29 18:30:18 | 000,007,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\elmsmc.sys
[2012/03/29 18:30:16 | 000,171,520 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el99xn51.sys
[2012/03/29 18:30:13 | 000,070,174 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el98xn5.sys
[2012/03/29 18:30:10 | 000,455,199 | ---- | C] (3Com Corporation.) -- C:\WINDOWS\System32\dllcache\el985n51.sys
[2012/03/29 18:30:07 | 000,153,631 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el90xnd5.sys
[2012/03/29 18:30:05 | 000,066,591 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el90xbc5.sys
[2012/03/29 18:30:03 | 000,241,206 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el656se5.sys
[2012/03/29 18:30:00 | 000,077,386 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el656nd5.sys
[2012/03/29 18:29:57 | 000,634,134 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el656ct5.sys
[2012/03/29 18:29:54 | 000,069,194 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el656cd5.sys
[2012/03/29 18:29:52 | 000,026,141 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el589nd5.sys
[2012/03/29 18:29:49 | 000,069,692 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el575nd5.sys
[2012/03/29 18:29:47 | 000,024,653 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el574nd4.sys
[2012/03/29 18:29:45 | 000,055,999 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el556nd5.sys
[2012/03/29 18:29:43 | 000,044,103 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el515.sys
[2012/03/29 18:29:42 | 000,514,587 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\edb500.dll
[2012/03/29 18:29:39 | 000,019,594 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\e100isa4.sys
[2012/03/29 18:29:37 | 000,117,760 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\e100b325.sys
[2012/03/29 18:29:34 | 000,050,719 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\e1000nt5.sys
[2012/03/29 18:29:30 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dshowext.ax
[2012/03/29 18:29:28 | 000,334,208 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\ds1wdm.sys
[2012/03/29 18:29:23 | 000,028,062 | ---- | C] (National Semiconductor Coproration) -- C:\WINDOWS\System32\dllcache\dp83820.sys
[2012/03/29 18:29:21 | 000,023,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4usb.sys
[2012/03/29 18:29:19 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4scan.sys
[2012/03/29 18:29:16 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4prt.sys
[2012/03/29 18:29:15 | 000,206,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4.sys
[2012/03/29 18:29:11 | 000,029,696 | ---- | C] (CNet Technology, Inc. ) -- C:\WINDOWS\System32\dllcache\dm9pci5.sys
[2012/03/29 18:29:09 | 000,008,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dlttape.sys
[2012/03/29 18:29:07 | 000,026,698 | ---- | C] (D-Link Corporation) -- C:\WINDOWS\System32\dllcache\dlh5xnd5.sys
[2012/03/29 18:29:04 | 000,952,007 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diwan.sys
[2012/03/29 18:28:55 | 000,236,060 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\ditrace.exe
[2012/03/29 18:28:52 | 000,038,985 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvsu.dll
[2012/03/29 18:28:50 | 000,031,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvpp.dll
[2012/03/29 18:28:48 | 000,006,729 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvci.dll
[2012/03/29 18:28:45 | 000,091,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\dimaint.sys
[2012/03/29 18:28:42 | 000,614,429 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiview.exe
[2012/03/29 18:28:40 | 000,042,432 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dllcache\digirlpt.sys
[2012/03/29 18:28:38 | 000,110,621 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dllcache\digirlpt.dll
[2012/03/29 18:28:35 | 000,021,606 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiisdn.sys
[2012/03/29 18:28:33 | 000,041,046 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiisdn.dll
[2012/03/29 18:28:31 | 000,102,484 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiinf.dll
[2012/03/29 18:28:29 | 000,159,828 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digihlc.dll
[2012/03/29 18:28:27 | 000,229,462 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digifwrk.dll
[2012/03/29 18:28:25 | 000,090,525 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digifep5.sys
[2012/03/29 18:28:22 | 000,103,044 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digidxb.sys
[2012/03/29 18:28:20 | 000,131,156 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digidbp.dll
[2012/03/29 18:28:18 | 000,037,735 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiasyn.sys
[2012/03/29 18:28:16 | 000,065,622 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiasyn.dll
[2012/03/29 18:28:12 | 000,419,357 | ---- | C] (Digi International) -- C:\WINDOWS\System32\dllcache\dgconfig.dll
[2012/03/29 18:28:10 | 000,029,531 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\dgapci.sys
[2012/03/29 18:28:08 | 000,024,649 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650d.sys
[2012/03/29 18:28:06 | 000,024,648 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650.sys
[2012/03/29 18:28:04 | 000,024,064 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\devldr32.exe
[2012/03/29 18:28:02 | 000,256,512 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\devcon32.dll
[2012/03/29 18:28:00 | 000,020,928 | ---- | C] (Digital Networks, LLC) -- C:\WINDOWS\System32\dllcache\defpa.sys
[2012/03/29 18:27:57 | 000,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ddsmc.sys
[2012/03/29 18:27:55 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc260usd.dll
[2012/03/29 18:27:52 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc240usd.dll
[2012/03/29 18:27:50 | 000,063,208 | ---- | C] (Intel Corporation.) -- C:\WINDOWS\System32\dllcache\dc21x4.sys
[2012/03/29 18:27:48 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc210usd.dll
[2012/03/29 18:27:46 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc210_32.dll
[2012/03/29 18:27:42 | 000,117,760 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\d100ib5.sys
[2012/03/29 18:27:40 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyzports.dll
[2012/03/29 18:27:38 | 000,049,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyzport.sys
[2012/03/29 18:27:36 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyzcoins.dll
[2012/03/29 18:27:34 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyyports.dll
[2012/03/29 18:27:32 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyyport.sys
[2012/03/29 18:27:29 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyycoins.dll
[2012/03/29 18:27:27 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyclom-y.sys
[2012/03/29 18:27:25 | 000,017,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyclad-z.sys
[2012/03/29 18:27:24 | 000,048,640 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwrwdm.sys
[2012/03/29 18:27:22 | 000,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcwdm.sys
[2012/03/29 18:27:20 | 000,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcspud.sys
[2012/03/29 18:27:18 | 000,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcosnt5.sys
[2012/03/29 18:27:16 | 000,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbwdm.sys
[2012/03/29 18:27:14 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbmidi.sys
[2012/03/29 18:27:12 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbase.sys
[2012/03/29 18:27:10 | 000,004,096 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\ctwdm32.dll
[2012/03/29 18:27:09 | 000,249,856 | ---- | C] (Comtrol® Corporation) -- C:\WINDOWS\System32\dllcache\ctmasetp.dll
[2012/03/29 18:27:07 | 000,096,256 | ---- | C] (Copyright (C) Creative Technology Ltd. 1994-2001) -- C:\WINDOWS\System32\dllcache\ctlsb16.sys
[2012/03/29 18:27:05 | 000,003,712 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\ctljystk.sys
[2012/03/29 18:27:02 | 000,006,912 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\ctlfacem.sys
[2012/03/29 18:27:00 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\csamsp.dll
[2012/03/29 18:26:58 | 000,042,112 | ---- | C] (Conexant Systems Inc.) -- C:\WINDOWS\System32\dllcache\crtaud.sys
[2012/03/29 18:26:56 | 000,216,064 | ---- | C] (COMPAQ Inc.) -- C:\WINDOWS\System32\dllcache\cpscan.dll
[2012/03/29 18:26:56 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe
[2012/03/29 18:26:54 | 000,060,970 | ---- | C] (Compaq Computer Corp.) -- C:\WINDOWS\System32\dllcache\cpqtrnd5.sys
[2012/03/29 18:26:52 | 000,021,533 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\cpqndis5.sys
[2012/03/29 18:26:46 | 000,039,936 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\dllcache\cnxt1803.sys
[2012/03/29 18:26:44 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cnusd.dll
[2012/03/29 18:26:42 | 000,020,736 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\cmbp0wdm.sys
[2012/03/29 18:26:40 | 000,248,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cl546xm.sys
[2012/03/29 18:26:38 | 000,170,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cl546x.dll
[2012/03/29 18:26:37 | 000,111,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cl5465.dll
[2012/03/29 18:26:36 | 000,045,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cirrus.sys
[2012/03/29 18:26:34 | 000,091,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cirrus.dll
[2012/03/29 18:26:33 | 000,272,640 | ---- | C] (RAVISENT Technologies Inc.) -- C:\WINDOWS\System32\dllcache\cinemclc.sys
[2012/03/29 18:26:30 | 000,980,034 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\cicap.sys
[2012/03/29 18:26:25 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe
[2012/03/29 18:26:25 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe
[2012/03/29 18:26:25 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe
[2012/03/29 18:26:23 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys
[2012/03/29 18:26:22 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe
[2012/03/29 18:26:21 | 000,015,423 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\ch7xxnt5.dll
[2012/03/29 18:26:19 | 000,049,182 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem56n5.sys
[2012/03/29 18:26:18 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem33n5.sys
[2012/03/29 18:26:17 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem28n5.sys
[2012/03/29 18:26:16 | 000,027,164 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce3n5.sys
[2012/03/29 18:26:15 | 000,021,530 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce2n5.sys
[2012/03/29 18:26:12 | 000,714,698 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cbmdmkxx.sys
[2012/03/29 18:26:11 | 000,046,108 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cben5.sys
[2012/03/29 18:26:10 | 000,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINDOWS\System32\dllcache\cb325.sys
[2012/03/29 18:26:09 | 000,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- C:\WINDOWS\System32\dllcache\cb102.sys
[2012/03/29 18:26:07 | 000,032,256 | ---- | C] (Eicon Technology Corporation) -- C:\WINDOWS\System32\dllcache\diapi2NT.dll
[2012/03/29 18:26:05 | 000,164,923 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diapi2.sys
[2012/03/29 18:26:04 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2012/03/29 18:26:02 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext30.dll
[2012/03/29 18:26:01 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext30.ax
[2012/03/29 18:26:00 | 000,236,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext20.dll
[2012/03/29 18:25:59 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext20.ax
[2012/03/29 18:25:58 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camexo20.dll
[2012/03/29 18:25:56 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camexo20.ax
[2012/03/29 18:25:55 | 000,171,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camdrv30.sys
[2012/03/29 18:25:54 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camdrv21.sys
[2012/03/29 18:25:53 | 000,314,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camdro21.sys
[2012/03/29 18:25:31 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bulltlp3.sys
[2012/03/29 18:25:30 | 000,036,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthprint.sys
[2012/03/29 18:25:30 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthusb.sys
[2012/03/29 18:25:29 | 000,101,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthpan.sys
[2012/03/29 18:25:29 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthmodem.sys
[2012/03/29 18:25:28 | 000,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthenum.sys
[2012/03/29 18:25:27 | 000,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
[2012/03/29 18:25:26 | 000,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys
[2012/03/29 18:25:25 | 000,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys
[2012/03/29 18:25:24 | 000,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
[2012/03/29 18:25:24 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
[2012/03/29 18:25:23 | 000,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
[2012/03/29 18:25:21 | 000,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
[2012/03/29 18:25:20 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
[2012/03/29 18:25:18 | 000,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
[2012/03/29 18:25:17 | 000,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
[2012/03/29 18:25:16 | 000,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
[2012/03/29 18:25:15 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\brmfcwia.dll
[2012/03/29 18:25:14 | 000,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
[2012/03/29 18:25:12 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
[2012/03/29 18:25:11 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
[2012/03/29 18:25:10 | 000,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
[2012/03/29 18:25:09 | 000,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
[2012/03/29 18:25:08 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
[2012/03/29 18:25:07 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
[2012/03/29 18:25:06 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\binlsvc.dll
[2012/03/29 18:25:05 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdaplgin.ax
[2012/03/29 18:25:05 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdasup.sys
[2012/03/29 18:25:04 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
[2012/03/29 18:25:03 | 000,026,568 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm4e5.sys
[2012/03/29 18:25:02 | 000,054,271 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm42xx5.sys
[2012/03/29 18:25:01 | 000,066,557 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm42u.sys
[2012/03/29 18:25:00 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
[2012/03/29 18:24:59 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
[2012/03/29 18:24:58 | 000,096,640 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\b57xp32.sys
[2012/03/29 18:24:57 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
[2012/03/29 18:24:56 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
[2012/03/29 18:24:55 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
[2012/03/29 18:24:54 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
[2012/03/29 18:24:53 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
[2012/03/29 18:24:51 | 000,013,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcstrm.sys
[2012/03/29 18:24:50 | 000,036,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcaudio.sys
[2012/03/29 18:24:49 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avc.sys
[2012/03/29 18:24:46 | 000,017,279 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\atv10nt5.dll
[2012/03/29 18:24:45 | 000,014,143 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\atv06nt5.dll
[2012/03/29 18:24:43 | 000,025,471 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\atv04nt5.dll
[2012/03/29 18:24:42 | 000,011,359 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\atv02nt5.dll
[2012/03/29 18:24:39 | 000,021,183 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\atv01nt5.dll
[2012/03/29 18:24:35 | 000,516,768 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\dllcache\ativvaxx.dll
[2012/03/29 18:24:32 | 000,032,768 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ativtmxx.dll
[2012/03/29 18:24:30 | 000,023,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ativmvxx.ax
[2012/03/29 18:24:28 | 000,009,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ativdaxx.ax
[2012/03/29 18:24:24 | 000,070,528 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atiragem.sys
[2012/03/29 18:24:23 | 000,104,832 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atiraged.dll
[2012/03/29 18:24:21 | 000,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinxsxx.sys
[2012/03/29 18:24:19 | 000,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinxbxx.sys
[2012/03/29 18:24:17 | 000,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atintuxx.sys
[2012/03/29 18:24:17 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinttxx.sys
[2012/03/29 18:24:15 | 000,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinsnxx.sys
[2012/03/29 18:24:13 | 000,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinrvxx.sys
[2012/03/29 18:24:12 | 000,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinraxx.sys
[2012/03/29 18:24:11 | 000,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinpdxx.sys
[2012/03/29 18:24:11 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinmdxx.sys
[2012/03/29 18:24:09 | 000,281,600 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimtai.sys
[2012/03/29 18:24:09 | 000,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinbtxx.sys
[2012/03/29 18:24:08 | 000,075,136 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimpae.sys
[2012/03/29 18:24:07 | 000,289,664 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimpab.sys
[2012/03/29 18:24:07 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atievxx.exe
[2012/03/29 18:24:06 | 000,268,160 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidvai.dll
[2012/03/29 18:24:05 | 000,137,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidrae.dll
[2012/03/29 18:24:04 | 000,382,592 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidrab.dll
[2012/03/29 18:24:02 | 001,888,992 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\dllcache\ati3duag.dll
[2012/03/29 18:24:01 | 000,870,784 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\dllcache\ati3d1ag.dll
[2012/03/29 18:24:00 | 000,701,440 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2mtag.sys
[2012/03/29 18:23:59 | 000,327,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2mtaa.sys
[2012/03/29 18:23:58 | 000,201,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2dvag.dll
[2012/03/29 18:23:57 | 000,377,984 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2dvaa.dll
[2012/03/29 18:23:56 | 000,229,376 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2cqag.dll
[2012/03/29 18:23:55 | 000,034,735 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1xsxx.sys
[2012/03/29 18:23:54 | 000,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1xbxx.sys
[2012/03/29 18:23:52 | 000,036,463 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1tuxx.sys
[2012/03/29 18:23:52 | 000,021,343 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1ttxx.sys
[2012/03/29 18:23:51 | 000,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1snxx.sys
[2012/03/29 18:23:50 | 000,063,663 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1rvxx.sys
[2012/03/29 18:23:49 | 000,030,671 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1raxx.sys
[2012/03/29 18:23:48 | 000,012,047 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1pdxx.sys
[2012/03/29 18:23:48 | 000,011,615 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1mdxx.sys
[2012/03/29 18:23:46 | 000,056,623 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1btxx.sys
[2012/03/29 18:23:45 | 000,096,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ati.dll
[2012/03/29 18:23:45 | 000,077,568 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ati.sys
[2012/03/29 18:23:44 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
[2012/03/29 18:23:43 | 000,331,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aqueue.dll
[2012/03/29 18:23:42 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
[2012/03/29 18:23:41 | 000,006,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\apmbatt.sys
[2012/03/29 18:23:40 | 000,036,224 | ---- | C] (ADMtek Incorporated.) -- C:\WINDOWS\System32\dllcache\an983.sys
[2012/03/29 18:23:39 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
[2012/03/29 18:23:38 | 000,026,624 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\alifir.sys
[2012/03/29 18:23:37 | 000,027,678 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\ali5261.sys
[2012/03/29 18:23:34 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agcgauge.ax
[2012/03/29 18:23:31 | 000,003,775 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\adv11nt5.dll
[2012/03/29 18:23:31 | 000,003,711 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\adv09nt5.dll
[2012/03/29 18:23:29 | 000,003,135 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\adv08nt5.dll
[2012/03/29 18:23:28 | 000,003,647 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\adv07nt5.dll
[2012/03/29 18:23:26 | 000,003,967 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\adv02nt5.dll
[2012/03/29 18:23:26 | 000,003,615 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\adv05nt5.dll
[2012/03/29 18:23:25 | 000,004,255 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\adv01nt5.dll
[2012/03/29 18:23:24 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2012/03/29 18:23:23 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2012/03/29 18:23:22 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2012/03/29 18:23:22 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
[2012/03/29 18:23:21 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2012/03/29 18:23:21 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2012/03/29 18:23:20 | 000,020,160 | ---- | C] (ADMtek Incorporated) -- C:\WINDOWS\System32\dllcache\adm8511.sys
[2012/03/29 18:23:20 | 000,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adicvls.sys
[2012/03/29 18:23:18 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2012/03/29 18:23:16 | 000,084,480 | ---- | C] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ac97via.sys
[2012/03/29 18:23:15 | 000,297,728 | ---- | C] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\System32\dllcache\ac97sis.sys
[2012/03/29 18:23:15 | 000,096,256 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\ac97intc.sys
[2012/03/29 18:23:13 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2012/03/29 18:23:13 | 000,231,552 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\ac97ali.sys
[2012/03/29 18:23:12 | 000,098,304 | ---- | C] (Aureal Semiconductor) -- C:\WINDOWS\System32\dllcache\a3d.dll
[2012/03/29 18:23:12 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\8514a.dll
[2012/03/29 18:23:11 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\61883.sys
[2012/03/29 18:23:09 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2012/03/29 18:23:09 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\4mmdat.sys
[2012/03/29 18:23:08 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2012/03/29 18:23:08 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2012/03/29 18:23:08 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\1394vdbg.sys
[2012/03/29 18:23:07 | 000,053,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\1394bus.sys
[2012/03/29 18:22:57 | 000,032,827 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptest.exe
[2012/03/29 18:22:57 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptsat.dll
[2012/03/29 18:22:56 | 000,020,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.dll
[2012/03/29 18:22:56 | 000,016,437 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.exe
[2012/03/29 18:22:49 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\s3legacy.dll
[2012/03/29 18:22:41 | 000,020,538 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpremadm.exe
[2012/03/29 18:22:40 | 000,598,071 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmc.dll
[2012/03/29 18:22:40 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmcsat.dll
[2012/03/29 18:22:40 | 000,188,494 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpcount.exe
[2012/03/29 18:22:40 | 000,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpexedll.dll
[2012/03/29 18:22:39 | 000,876,653 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awel.dll
[2012/03/29 18:22:39 | 000,109,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98swin.exe
[2012/03/29 18:22:39 | 000,049,212 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awebs.dll
[2012/03/29 18:22:39 | 000,014,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98sadm.exe
[2012/03/29 18:22:38 | 000,147,513 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4apws.dll
[2012/03/29 18:22:38 | 000,102,509 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4atxt.dll
[2012/03/29 18:22:38 | 000,049,210 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4areg.dll
[2012/03/29 18:22:38 | 000,041,020 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avnb.dll
[2012/03/29 18:22:38 | 000,032,826 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avss.dll
[2012/03/29 18:22:37 | 000,184,435 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4amsft.dll
[2012/03/29 18:22:37 | 000,082,035 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4anscp.dll
[2012/03/29 18:22:35 | 000,188,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cfgwiz.exe
[2012/03/29 18:22:35 | 000,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.exe
[2012/03/29 18:22:34 | 000,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.dll
[2012/03/29 18:22:33 | 000,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.dll
[2012/03/29 18:22:33 | 000,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.exe
[2012/03/29 18:13:24 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\simptcp.dll
[2012/03/29 18:13:24 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2012/03/29 18:12:32 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\lprmon.dll
[2012/03/29 18:12:32 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lprmon.dll
[2012/03/29 18:12:31 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\lpdsvc.dll
[2012/03/29 18:12:31 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lpdsvc.dll
[2012/03/29 17:46:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Start Menu\Programs\CLOCKUP
[2012/03/29 17:15:45 | 000,000,000 | ---D | C] -- C:\CLOCKUP
rockmypunkk
2012-04-09, 22:39
[2012/03/29 16:59:36 | 000,023,376 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZIO5.dll
[2012/03/29 16:59:24 | 000,546,640 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZComp5.dll
[2012/03/29 16:59:18 | 000,481,104 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZBase5.dll
[2012/03/29 16:36:48 | 000,072,080 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\drivers\SZKGFS.sys
[2012/03/29 15:57:43 | 000,000,000 | ---D | C] -- C:\Program Files\eclipse
[2012/03/29 13:35:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\UAs
[2012/03/29 13:35:43 | 000,090,112 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\comprsh.dll
[2012/03/25 22:07:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Start Menu\Programs\TinkerBell
[2012/03/25 22:07:01 | 000,000,000 | ---D | C] -- C:\Program Files\TinkerBell
[2012/03/25 02:16:23 | 000,066,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\NSCMPS.dll
[2012/03/25 02:16:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Media
[2012/03/25 02:16:22 | 000,424,960 | ---- | C] (Voxware, Inc.) -- C:\WINDOWS\System32\MSMS001.vwp
[2012/03/25 02:16:22 | 000,281,600 | ---- | C] (Voxware, Inc.) -- C:\WINDOWS\System32\Mvoice.vwp
[2012/03/25 02:16:22 | 000,278,016 | ---- | C] (Voxware, Inc.) -- C:\WINDOWS\System32\VCT3216.dll
[2012/03/25 02:16:22 | 000,082,944 | ---- | C] (Voxware, Inc.) -- C:\WINDOWS\System32\vct3216.acm
[2012/03/25 02:16:22 | 000,077,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nscomdlg.ocx
[2012/03/25 02:16:22 | 000,056,320 | ---- | C] (Voxware, Inc.) -- C:\WINDOWS\System32\VoxMVDec.ax
[2012/03/25 02:16:22 | 000,056,320 | ---- | C] (Voxware, Inc.) -- C:\WINDOWS\System32\VoxMSDec.ax
[2012/03/25 02:16:21 | 000,261,632 | ---- | C] (AccuSoft Corporation) -- C:\WINDOWS\System32\accuimr5.dll
[2012/03/25 02:16:20 | 000,104,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\wavtoasf.exe
[2012/03/25 02:16:20 | 000,078,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\vidtoasf.exe
[2012/03/25 02:16:20 | 000,068,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\asfcheck.exe
[2012/03/25 02:16:20 | 000,034,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nserror.dll
[2012/03/25 02:16:20 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\asfchop.exe
[2012/03/25 02:16:18 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Components
[2012/03/25 02:15:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ソニア
[2012/03/25 02:04:30 | 000,000,000 | ---D | C] -- C:\Program Files\ソニア
[2010/06/02 05:22:02 | 001,801,048 | ---- | C] (Microsoft Corporation) -- C:\Program Files\dsetup32.dll
[2010/06/02 05:22:02 | 000,537,432 | ---- | C] (Microsoft Corporation) -- C:\Program Files\DXSETUP.exe
[2010/06/02 05:22:02 | 000,089,944 | ---- | C] (Microsoft Corporation) -- C:\Program Files\DSETUP.dll
[11 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/04/09 14:47:25 | 000,001,320 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2012/04/09 14:43:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/09 14:43:52 | 1061,105,664 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/09 14:37:35 | 001,008,141 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\rkill.exe
[2012/04/09 13:52:39 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2012/04/09 10:24:02 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/07 23:14:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2012/04/07 17:15:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2012/04/04 16:49:49 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/04/04 16:49:49 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/04/04 16:49:49 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/04/04 16:49:49 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012/04/04 16:49:48 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2012/04/04 16:45:34 | 000,001,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2012/04/03 11:43:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/04/03 01:34:23 | 000,000,021 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120404-181840.backup
[2012/04/03 01:34:23 | 000,000,021 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120404-181731.backup
[2012/04/03 01:34:23 | 000,000,021 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/04/03 01:26:49 | 000,587,761 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2012/04/02 21:20:14 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/02 19:02:30 | 000,000,771 | ---- | M] () -- C:\Documents and Settings\Chris\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/04/02 19:02:25 | 000,000,596 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\ERUNT.lnk
[2012/04/02 18:55:33 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_log_ad13.cmd
[2012/04/02 17:58:13 | 000,000,788 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/02 02:11:10 | 000,000,103 | ---- | M] () -- C:\WINDOWS\SeraphInstall.INI
[2012/04/01 14:23:06 | 000,000,713 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\姫∽神1/2~.lnk
[2012/04/01 14:09:20 | 000,000,845 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\俺サマのラグナRock.lnk
[2012/03/31 18:45:13 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\永劫回帰.LNK
[2012/03/31 10:32:59 | 000,000,638 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\魔ヲ受胎セシ処女ノ苦悦.LNK
[2012/03/30 22:02:07 | 000,000,751 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\ショクシュリアン.lnk
[2012/03/30 21:25:23 | 000,000,807 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\それでもオレはやってやる!vol.2.lnk
[2012/03/30 21:23:00 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\それオレ!vol.1.lnk
[2012/03/30 21:15:19 | 000,000,638 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\蠱惑の刻.lnk
[2012/03/30 17:19:05 | 000,000,905 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\極楽バイパー ランジェリー 黒.lnk
[2012/03/30 16:54:13 | 000,000,657 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\Acmeholic.lnk
[2012/03/30 16:38:00 | 000,000,776 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\姦染~淫欲の連鎖~.lnk
[2012/03/30 16:31:09 | 000,002,048 | ---- | M] () -- C:\WINDOWS\System32\alsign.sig
[2012/03/30 15:42:54 | 000,196,616 | ---- | M] () -- C:\WINDOWS\System32\SARCheck.dll
[2012/03/30 15:42:06 | 000,000,671 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\ドキドキ母娘レッスン.lnk
[2012/03/30 14:16:36 | 000,131,072 | ---- | M] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/29 20:08:07 | 000,000,162 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2012/03/29 18:13:32 | 000,494,060 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/29 18:13:32 | 000,094,576 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/03/29 18:12:48 | 000,004,566 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/03/29 17:19:46 | 000,000,610 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\凛辱の城 傀儡の王.lnk
[2012/03/29 16:59:36 | 000,023,376 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZIO5.dll
[2012/03/29 16:59:24 | 000,546,640 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZComp5.dll
[2012/03/29 16:59:18 | 000,481,104 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZBase5.dll
[2012/03/29 16:36:48 | 000,072,080 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\drivers\SZKGFS.sys
[2012/03/29 13:35:43 | 000,090,112 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\comprsh.dll
[2012/03/28 23:45:49 | 000,424,104 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\fhbu6rts.jpg
[2012/03/26 22:00:53 | 000,000,910 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\極楽バイパー ランジェリー 紫.lnk
[2012/03/25 23:41:30 | 000,001,522 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\魔界天使ジブリール4.lnk
[2012/03/25 12:35:34 | 000,250,288 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/25 02:16:26 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsrex.INI
[2012/03/25 02:15:58 | 000,000,895 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\極楽バイパー ランジェリー 赤.lnk
[2012/03/25 01:16:44 | 000,000,746 | ---- | M] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/03/25 01:16:44 | 000,000,728 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[11 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/04/09 14:46:51 | 000,001,320 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2012/04/09 14:37:32 | 001,008,141 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\rkill.exe
[2012/04/04 16:45:33 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2012/04/03 01:26:02 | 000,587,761 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2012/04/02 19:02:30 | 000,000,771 | ---- | C] () -- C:\Documents and Settings\Chris\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/04/02 19:02:25 | 000,000,596 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\ERUNT.lnk
[2012/04/02 17:58:13 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/02 12:01:39 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\dds_log_ad13.cmd
[2012/04/02 01:45:56 | 000,000,103 | ---- | C] () -- C:\WINDOWS\SeraphInstall.INI
[2012/04/01 14:21:36 | 000,000,713 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\姫∽神1/2~.lnk
[2012/04/01 14:09:20 | 000,000,845 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\俺サマのラグナRock.lnk
[2012/03/31 18:45:13 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\永劫回帰.LNK
[2012/03/31 10:32:59 | 000,000,638 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\魔ヲ受胎セシ処女ノ苦悦.LNK
[2012/03/31 01:28:15 | 000,000,744 | ---- | C] () -- C:\Documents and Settings\Chris\Start Menu\Programs\教えてっ!おねてぃー.lnk
[2012/03/30 22:02:07 | 000,000,751 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\ショクシュリアン.lnk
[2012/03/30 21:25:23 | 000,000,807 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\それでもオレはやってやる!vol.2.lnk
[2012/03/30 21:23:00 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\それオレ!vol.1.lnk
[2012/03/30 21:15:19 | 000,000,638 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\蠱惑の刻.lnk
[2012/03/30 17:19:05 | 000,000,905 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\極楽バイパー ランジェリー 黒.lnk
[2012/03/30 16:54:11 | 000,000,657 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\Acmeholic.lnk
[2012/03/30 16:38:00 | 000,000,776 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\姦染~淫欲の連鎖~.lnk
[2012/03/30 15:42:54 | 000,196,616 | ---- | C] () -- C:\WINDOWS\System32\SARCheck.dll
[2012/03/30 15:42:06 | 000,000,671 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\ドキドキ母娘レッスン.lnk
[2012/03/29 20:08:06 | 000,000,162 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2012/03/29 18:49:43 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
[2012/03/29 18:49:35 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
[2012/03/29 18:42:05 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
[2012/03/29 18:34:51 | 000,165,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt53.dll
[2012/03/29 18:34:41 | 000,093,696 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt42.dll
[2012/03/29 18:34:32 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt34.dll
[2012/03/29 18:34:23 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt33.dll
[2012/03/29 18:34:13 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt21.dll
[2012/03/29 18:32:52 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2012/03/29 18:29:02 | 000,029,768 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divasu.dll
[2012/03/29 18:28:59 | 000,037,962 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaprop.dll
[2012/03/29 18:28:57 | 000,006,216 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaci.dll
[2012/03/29 18:24:38 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2012/03/29 18:24:37 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2012/03/29 18:24:34 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2012/03/29 18:24:29 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2012/03/29 18:24:27 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2012/03/29 18:24:27 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2012/03/29 18:24:26 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2012/03/29 18:24:25 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2012/03/29 18:24:22 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2012/03/29 18:24:04 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2012/03/29 17:19:46 | 000,000,610 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\凛辱の城 傀儡の王.lnk
[2012/03/28 23:45:48 | 000,424,104 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\fhbu6rts.jpg
[2012/03/26 22:00:53 | 000,000,910 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\極楽バイパー ランジェリー 紫.lnk
[2012/03/25 23:41:29 | 000,001,522 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\魔界天使ジブリール4.lnk
[2012/03/25 02:16:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsrex.INI
[2012/03/25 02:15:58 | 000,000,895 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\極楽バイパー ランジェリー 赤.lnk
[2012/03/25 01:16:44 | 000,000,746 | ---- | C] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/03/25 01:16:44 | 000,000,734 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/03/25 01:16:44 | 000,000,728 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/03/25 01:13:51 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/09/23 08:34:16 | 000,000,056 | ---- | C] () -- C:\WINDOWS\kgt2k.INI
[2011/08/28 15:24:37 | 000,000,047 | ---- | C] () -- C:\WINDOWS\chichimiko.ini
[2011/08/18 12:42:46 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2011/07/12 12:19:13 | 000,000,045 | ---- | C] () -- C:\WINDOWS\haregaku_m.ini
[2011/05/31 00:03:24 | 000,001,320 | -HS- | C] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\q5knv24l11k4
[2011/05/31 00:03:24 | 000,001,320 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\q5knv24l11k4
[2011/05/28 10:28:55 | 000,001,340 | -HS- | C] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\44j4q8wwpfb410883qqbg2rj0y62f3288u78160
[2011/05/28 10:28:55 | 000,001,340 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\44j4q8wwpfb410883qqbg2rj0y62f3288u78160
[2011/05/25 01:12:22 | 000,001,516 | -HS- | C] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\t2342bpnbb47w8
[2011/05/25 01:12:22 | 000,001,516 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\t2342bpnbb47w8
[2011/05/19 19:51:02 | 000,001,404 | -HS- | C] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\8037qims01b053x2e7521t65425
[2011/05/19 19:51:02 | 000,001,404 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\8037qims01b053x2e7521t65425
[2011/05/19 19:25:59 | 000,001,112 | -HS- | C] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\7hn5e2f7f5qufoh8wiu4258
[2011/05/19 19:25:59 | 000,001,112 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\7hn5e2f7f5qufoh8wiu4258
[2011/04/18 08:10:30 | 000,001,144 | -HS- | C] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\ln54jmg5d0c0
[2011/04/18 08:10:30 | 000,001,144 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\ln54jmg5d0c0
[2011/04/17 16:40:02 | 000,001,364 | -HS- | C] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\c2586eytb848m0i4r58qet44y16hqva8r3f
[2011/04/17 16:40:02 | 000,001,364 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\c2586eytb848m0i4r58qet44y16hqva8r3f
[2011/04/09 13:38:04 | 000,001,372 | -HS- | C] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\178748ryx4
[2011/04/09 13:38:04 | 000,001,372 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\178748ryx4
[2011/04/07 17:23:57 | 000,012,876 | -HS- | C] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\o0117nc2nv5tpb633d15bq765wo1
[2011/04/07 17:23:57 | 000,012,876 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\o0117nc2nv5tpb633d15bq765wo1
[2011/03/21 20:40:28 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/02/20 11:30:55 | 000,000,043 | ---- | C] () -- C:\WINDOWS\anetea.ini
[2011/02/10 04:07:11 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2011/02/09 00:43:54 | 000,057,344 | ---- | C] () -- C:\WINDOWS\UNINSTCP.EXE
[2011/01/03 05:17:13 | 000,095,070 | ---- | C] () -- C:\WINDOWS\System32\Autorun.ini
[2011/01/03 04:30:20 | 001,749,376 | ---- | C] () -- C:\WINDOWS\System32\snp2uvc.sys
[2011/01/03 04:30:19 | 000,028,032 | ---- | C] () -- C:\WINDOWS\System32\sncduvc.sys
[2011/01/03 04:30:17 | 000,000,131 | ---- | C] () -- C:\WINDOWS\System32\PidList.ini
[2011/01/02 00:58:08 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/12/26 18:51:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat
[2010/12/26 18:51:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2010/06/02 05:22:54 | 001,412,902 | ---- | C] () -- C:\Program Files\OCT2006_d3dx9_31_x64.cab
[2010/06/02 05:22:54 | 001,127,217 | ---- | C] () -- C:\Program Files\OCT2006_d3dx9_31_x86.cab
[2010/06/02 05:22:54 | 000,273,960 | ---- | C] () -- C:\Program Files\Nov2008_XAudio_x64.cab
[2010/06/02 05:22:54 | 000,272,611 | ---- | C] () -- C:\Program Files\Nov2008_XAudio_x86.cab
[2010/06/02 05:22:54 | 000,182,361 | ---- | C] () -- C:\Program Files\OCT2006_XACT_x64.cab
[2010/06/02 05:22:54 | 000,138,017 | ---- | C] () -- C:\Program Files\OCT2006_XACT_x86.cab
[2010/06/02 05:22:54 | 000,086,037 | ---- | C] () -- C:\Program Files\Oct2005_xinput_x64.cab
[2010/06/02 05:22:54 | 000,045,359 | ---- | C] () -- C:\Program Files\Oct2005_xinput_x86.cab
[2010/06/02 05:22:52 | 001,906,878 | ---- | C] () -- C:\Program Files\Nov2008_d3dx9_40_x64.cab
[2010/06/02 05:22:52 | 001,550,796 | ---- | C] () -- C:\Program Files\Nov2008_d3dx9_40_x86.cab
[2010/06/02 05:22:52 | 000,965,421 | ---- | C] () -- C:\Program Files\Nov2008_d3dx10_40_x86.cab
[2010/06/02 05:22:52 | 000,121,794 | ---- | C] () -- C:\Program Files\Nov2008_XACT_x64.cab
[2010/06/02 05:22:52 | 000,092,684 | ---- | C] () -- C:\Program Files\Nov2008_XACT_x86.cab
[2010/06/02 05:22:52 | 000,054,522 | ---- | C] () -- C:\Program Files\Nov2008_X3DAudio_x64.cab
[2010/06/02 05:22:52 | 000,021,851 | ---- | C] () -- C:\Program Files\Nov2008_X3DAudio_x86.cab
[2010/06/02 05:22:50 | 000,994,154 | ---- | C] () -- C:\Program Files\Nov2008_d3dx10_40_x64.cab
[2010/06/02 05:22:50 | 000,196,762 | ---- | C] () -- C:\Program Files\NOV2007_XACT_x64.cab
[2010/06/02 05:22:50 | 000,148,264 | ---- | C] () -- C:\Program Files\NOV2007_XACT_x86.cab
[2010/06/02 05:22:50 | 000,046,144 | ---- | C] () -- C:\Program Files\NOV2007_X3DAudio_x64.cab
[2010/06/02 05:22:50 | 000,018,496 | ---- | C] () -- C:\Program Files\NOV2007_X3DAudio_x86.cab
[2010/06/02 05:22:48 | 001,802,058 | ---- | C] () -- C:\Program Files\Nov2007_d3dx9_36_x64.cab
[2010/06/02 05:22:48 | 001,709,360 | ---- | C] () -- C:\Program Files\Nov2007_d3dx9_36_x86.cab
[2010/06/02 05:22:48 | 000,864,600 | ---- | C] () -- C:\Program Files\Nov2007_d3dx10_36_x64.cab
[2010/06/02 05:22:48 | 000,803,884 | ---- | C] () -- C:\Program Files\Nov2007_d3dx10_36_x86.cab
[2010/06/02 05:22:48 | 000,273,018 | ---- | C] () -- C:\Program Files\Mar2009_XAudio_x86.cab
[2010/06/02 05:22:46 | 000,275,044 | ---- | C] () -- C:\Program Files\Mar2009_XAudio_x64.cab
[2010/06/02 05:22:46 | 000,121,506 | ---- | C] () -- C:\Program Files\Mar2009_XACT_x64.cab
[2010/06/02 05:22:46 | 000,092,740 | ---- | C] () -- C:\Program Files\Mar2009_XACT_x86.cab
[2010/06/02 05:22:38 | 000,054,600 | ---- | C] () -- C:\Program Files\Mar2009_X3DAudio_x64.cab
[2010/06/02 05:22:38 | 000,021,298 | ---- | C] () -- C:\Program Files\Mar2009_X3DAudio_x86.cab
[2010/06/02 05:22:36 | 001,973,702 | ---- | C] () -- C:\Program Files\Mar2009_d3dx9_41_x64.cab
[2010/06/02 05:22:36 | 001,612,446 | ---- | C] () -- C:\Program Files\Mar2009_d3dx9_41_x86.cab
[2010/06/02 05:22:36 | 001,067,160 | ---- | C] () -- C:\Program Files\Mar2009_d3dx10_41_x64.cab
[2010/06/02 05:22:36 | 001,040,745 | ---- | C] () -- C:\Program Files\Mar2009_d3dx10_41_x86.cab
[2010/06/02 05:22:36 | 000,251,194 | ---- | C] () -- C:\Program Files\Mar2008_XAudio_x64.cab
[2010/06/02 05:22:36 | 000,226,250 | ---- | C] () -- C:\Program Files\Mar2008_XAudio_x86.cab
[2010/06/02 05:22:36 | 000,122,336 | ---- | C] () -- C:\Program Files\Mar2008_XACT_x64.cab
[2010/06/02 05:22:36 | 000,093,734 | ---- | C] () -- C:\Program Files\Mar2008_XACT_x86.cab
[2010/06/02 05:22:34 | 001,769,862 | ---- | C] () -- C:\Program Files\Mar2008_d3dx9_37_x64.cab
[2010/06/02 05:22:34 | 001,443,282 | ---- | C] () -- C:\Program Files\Mar2008_d3dx9_37_x86.cab
[2010/06/02 05:22:34 | 000,818,260 | ---- | C] () -- C:\Program Files\Mar2008_d3dx10_37_x86.cab
[2010/06/02 05:22:34 | 000,055,058 | ---- | C] () -- C:\Program Files\Mar2008_X3DAudio_x64.cab
[2010/06/02 05:22:34 | 000,021,867 | ---- | C] () -- C:\Program Files\Mar2008_X3DAudio_x86.cab
[2010/06/02 05:22:32 | 000,937,246 | ---- | C] () -- C:\Program Files\Jun2010_d3dx9_43_x64.cab
[2010/06/02 05:22:32 | 000,844,884 | ---- | C] () -- C:\Program Files\Mar2008_d3dx10_37_x64.cab
[2010/06/02 05:22:32 | 000,768,036 | ---- | C] () -- C:\Program Files\Jun2010_d3dx9_43_x86.cab
[2010/06/02 05:22:32 | 000,278,060 | ---- | C] () -- C:\Program Files\Jun2010_XAudio_x86.cab
[2010/06/02 05:22:32 | 000,277,338 | ---- | C] () -- C:\Program Files\Jun2010_XAudio_x64.cab
[2010/06/02 05:22:32 | 000,124,596 | ---- | C] () -- C:\Program Files\Jun2010_XACT_x64.cab
[2010/06/02 05:22:32 | 000,093,686 | ---- | C] () -- C:\Program Files\Jun2010_XACT_x86.cab
[2010/06/02 05:22:30 | 000,762,188 | ---- | C] () -- C:\Program Files\Jun2010_d3dcsx_43_x86.cab
[2010/06/02 05:22:30 | 000,235,955 | ---- | C] () -- C:\Program Files\Jun2010_d3dx10_43_x64.cab
[2010/06/02 05:22:30 | 000,197,283 | ---- | C] () -- C:\Program Files\Jun2010_d3dx10_43_x86.cab
[2010/06/02 05:22:30 | 000,138,205 | ---- | C] () -- C:\Program Files\Jun2010_d3dx11_43_x64.cab
[2010/06/02 05:22:30 | 000,109,445 | ---- | C] () -- C:\Program Files\Jun2010_d3dx11_43_x86.cab
[2010/06/02 05:22:28 | 000,944,460 | ---- | C] () -- C:\Program Files\Jun2010_D3DCompiler_43_x64.cab
[2010/06/02 05:22:28 | 000,931,471 | ---- | C] () -- C:\Program Files\Jun2010_D3DCompiler_43_x86.cab
[2010/06/02 05:22:28 | 000,752,783 | ---- | C] () -- C:\Program Files\Jun2010_d3dcsx_43_x64.cab
[2010/06/02 05:22:20 | 000,269,024 | ---- | C] () -- C:\Program Files\JUN2008_XAudio_x86.cab
[2010/06/02 05:22:18 | 001,792,608 | ---- | C] () -- C:\Program Files\JUN2008_d3dx9_38_x64.cab
[2010/06/02 05:22:18 | 001,463,878 | ---- | C] () -- C:\Program Files\JUN2008_d3dx9_38_x86.cab
[2010/06/02 05:22:18 | 000,867,828 | ---- | C] () -- C:\Program Files\JUN2008_d3dx10_38_x64.cab
[2010/06/02 05:22:18 | 000,849,919 | ---- | C] () -- C:\Program Files\JUN2008_d3dx10_38_x86.cab
[2010/06/02 05:22:18 | 000,269,628 | ---- | C] () -- C:\Program Files\JUN2008_XAudio_x64.cab
[2010/06/02 05:22:18 | 000,152,909 | ---- | C] () -- C:\Program Files\JUN2007_XACT_x86.cab
[2010/06/02 05:22:18 | 000,121,054 | ---- | C] () -- C:\Program Files\JUN2008_XACT_x64.cab
[2010/06/02 05:22:18 | 000,093,128 | ---- | C] () -- C:\Program Files\JUN2008_XACT_x86.cab
[2010/06/02 05:22:18 | 000,055,154 | ---- | C] () -- C:\Program Files\JUN2008_X3DAudio_x64.cab
[2010/06/02 05:22:18 | 000,021,905 | ---- | C] () -- C:\Program Files\JUN2008_X3DAudio_x86.cab
[2010/06/02 05:22:16 | 001,607,774 | ---- | C] () -- C:\Program Files\JUN2007_d3dx9_34_x64.cab
[2010/06/02 05:22:16 | 001,607,286 | ---- | C] () -- C:\Program Files\JUN2007_d3dx9_34_x86.cab
[2010/06/02 05:22:16 | 001,064,925 | ---- | C] () -- C:\Program Files\Jun2005_d3dx9_26_x86.cab
[2010/06/02 05:22:16 | 000,699,044 | ---- | C] () -- C:\Program Files\JUN2007_d3dx10_34_x64.cab
[2010/06/02 05:22:16 | 000,698,472 | ---- | C] () -- C:\Program Files\JUN2007_d3dx10_34_x86.cab
[2010/06/02 05:22:16 | 000,197,122 | ---- | C] () -- C:\Program Files\JUN2007_XACT_x64.cab
[2010/06/02 05:22:16 | 000,180,785 | ---- | C] () -- C:\Program Files\JUN2006_XACT_x64.cab
[2010/06/02 05:22:16 | 000,133,671 | ---- | C] () -- C:\Program Files\JUN2006_XACT_x86.cab
[2010/06/02 05:22:14 | 001,336,002 | ---- | C] () -- C:\Program Files\Jun2005_d3dx9_26_x64.cab
[2010/06/02 05:22:14 | 000,277,191 | ---- | C] () -- C:\Program Files\Feb2010_XAudio_x86.cab
[2010/06/02 05:22:14 | 000,276,960 | ---- | C] () -- C:\Program Files\Feb2010_XAudio_x64.cab
[2010/06/02 05:22:14 | 000,122,446 | ---- | C] () -- C:\Program Files\Feb2010_XACT_x64.cab
[2010/06/02 05:22:14 | 000,093,180 | ---- | C] () -- C:\Program Files\Feb2010_XACT_x86.cab
[2010/06/02 05:22:12 | 000,194,675 | ---- | C] () -- C:\Program Files\FEB2007_XACT_x64.cab
[2010/06/02 05:22:12 | 000,147,983 | ---- | C] () -- C:\Program Files\FEB2007_XACT_x86.cab
[2010/06/02 05:22:12 | 000,054,678 | ---- | C] () -- C:\Program Files\Feb2010_X3DAudio_x64.cab
[2010/06/02 05:22:12 | 000,020,713 | ---- | C] () -- C:\Program Files\Feb2010_X3DAudio_x86.cab
[2010/06/02 05:22:10 | 000,178,359 | ---- | C] () -- C:\Program Files\Feb2006_XACT_x64.cab
[2010/06/02 05:22:10 | 000,132,409 | ---- | C] () -- C:\Program Files\Feb2006_XACT_x86.cab
[2010/06/02 05:22:04 | 001,084,720 | ---- | C] () -- C:\Program Files\Feb2006_d3dx9_29_x86.cab
[2010/06/02 05:22:02 | 001,574,376 | ---- | C] () -- C:\Program Files\DEC2006_d3dx9_32_x86.cab
[2010/06/02 05:22:02 | 001,362,796 | ---- | C] () -- C:\Program Files\Feb2006_d3dx9_29_x64.cab
[2010/06/02 05:22:02 | 001,247,499 | ---- | C] () -- C:\Program Files\Feb2005_d3dx9_24_x64.cab
[2010/06/02 05:22:02 | 001,013,225 | ---- | C] () -- C:\Program Files\Feb2005_d3dx9_24_x86.cab
[2010/06/02 05:22:02 | 000,192,475 | ---- | C] () -- C:\Program Files\DEC2006_XACT_x64.cab
[2010/06/02 05:22:02 | 000,145,599 | ---- | C] () -- C:\Program Files\DEC2006_XACT_x86.cab
[2010/06/02 05:22:02 | 000,094,011 | ---- | C] () -- C:\Program Files\dxupdate.cab
[2010/06/02 05:22:02 | 000,042,410 | ---- | C] () -- C:\Program Files\dxdllreg_x86.cab
[2010/06/02 05:22:00 | 001,571,154 | ---- | C] () -- C:\Program Files\DEC2006_d3dx9_32_x64.cab
[2010/06/02 05:22:00 | 001,357,976 | ---- | C] () -- C:\Program Files\Dec2005_d3dx9_28_x64.cab
[2010/06/02 05:22:00 | 001,079,456 | ---- | C] () -- C:\Program Files\Dec2005_d3dx9_28_x86.cab
[2010/06/02 05:22:00 | 000,273,264 | ---- | C] () -- C:\Program Files\Aug2009_XAudio_x64.cab
[2010/06/02 05:22:00 | 000,272,642 | ---- | C] () -- C:\Program Files\Aug2009_XAudio_x86.cab
[2010/06/02 05:22:00 | 000,212,807 | ---- | C] () -- C:\Program Files\DEC2006_d3dx10_00_x64.cab
[2010/06/02 05:22:00 | 000,191,720 | ---- | C] () -- C:\Program Files\DEC2006_d3dx10_00_x86.cab
[2010/06/02 05:22:00 | 000,122,408 | ---- | C] () -- C:\Program Files\Aug2009_XACT_x64.cab
[2010/06/02 05:22:00 | 000,093,106 | ---- | C] () -- C:\Program Files\Aug2009_XACT_x86.cab
[2010/06/02 05:21:58 | 000,930,116 | ---- | C] () -- C:\Program Files\Aug2009_d3dx9_42_x64.cab
[2010/06/02 05:21:58 | 000,728,456 | ---- | C] () -- C:\Program Files\Aug2009_d3dx9_42_x86.cab
[2010/06/02 05:21:58 | 000,232,635 | ---- | C] () -- C:\Program Files\Aug2009_d3dx10_42_x64.cab
[2010/06/02 05:21:58 | 000,192,131 | ---- | C] () -- C:\Program Files\Aug2009_d3dx10_42_x86.cab
[2010/06/02 05:21:58 | 000,136,301 | ---- | C] () -- C:\Program Files\Aug2009_d3dx11_42_x64.cab
[2010/06/02 05:21:58 | 000,105,044 | ---- | C] () -- C:\Program Files\Aug2009_d3dx11_42_x86.cab
[2010/06/02 05:21:56 | 003,319,740 | ---- | C] () -- C:\Program Files\Aug2009_d3dcsx_42_x86.cab
[2010/06/02 05:21:56 | 003,112,111 | ---- | C] () -- C:\Program Files\Aug2009_d3dcsx_42_x64.cab
[2010/06/02 05:21:56 | 000,900,598 | ---- | C] () -- C:\Program Files\Aug2009_D3DCompiler_42_x86.cab
[2010/06/02 05:21:46 | 000,919,044 | ---- | C] () -- C:\Program Files\Aug2009_D3DCompiler_42_x64.cab
[2010/06/02 05:21:46 | 000,271,412 | ---- | C] () -- C:\Program Files\Aug2008_XAudio_x64.cab
[2010/06/02 05:21:46 | 000,271,038 | ---- | C] () -- C:\Program Files\Aug2008_XAudio_x86.cab
[2010/06/02 05:21:44 | 001,794,084 | ---- | C] () -- C:\Program Files\Aug2008_d3dx9_39_x64.cab
[2010/06/02 05:21:44 | 001,464,672 | ---- | C] () -- C:\Program Files\Aug2008_d3dx9_39_x86.cab
[2010/06/02 05:21:44 | 000,849,167 | ---- | C] () -- C:\Program Files\Aug2008_d3dx10_39_x86.cab
[2010/06/02 05:21:44 | 000,198,096 | ---- | C] () -- C:\Program Files\AUG2007_XACT_x64.cab
[2010/06/02 05:21:44 | 000,153,012 | ---- | C] () -- C:\Program Files\AUG2007_XACT_x86.cab
[2010/06/02 05:21:44 | 000,121,772 | ---- | C] () -- C:\Program Files\Aug2008_XACT_x64.cab
[2010/06/02 05:21:44 | 000,092,996 | ---- | C] () -- C:\Program Files\Aug2008_XACT_x86.cab
[2010/06/02 05:21:42 | 001,800,160 | ---- | C] () -- C:\Program Files\AUG2007_d3dx9_35_x64.cab
[2010/06/02 05:21:42 | 001,708,152 | ---- | C] () -- C:\Program Files\AUG2007_d3dx9_35_x86.cab
[2010/06/02 05:21:42 | 000,867,612 | ---- | C] () -- C:\Program Files\Aug2008_d3dx10_39_x64.cab
[2010/06/02 05:21:42 | 000,852,286 | ---- | C] () -- C:\Program Files\AUG2007_d3dx10_35_x64.cab
[2010/06/02 05:21:42 | 000,796,867 | ---- | C] () -- C:\Program Files\AUG2007_d3dx10_35_x86.cab
[2010/06/02 05:21:40 | 001,350,542 | ---- | C] () -- C:\Program Files\Aug2005_d3dx9_27_x64.cab
[2010/06/02 05:21:40 | 001,077,644 | ---- | C] () -- C:\Program Files\Aug2005_d3dx9_27_x86.cab
[2010/06/02 05:21:40 | 000,182,903 | ---- | C] () -- C:\Program Files\AUG2006_XACT_x64.cab
[2010/06/02 05:21:40 | 000,137,235 | ---- | C] () -- C:\Program Files\AUG2006_XACT_x86.cab
[2010/06/02 05:21:40 | 000,087,142 | ---- | C] () -- C:\Program Files\AUG2006_xinput_x64.cab
[2010/06/02 05:21:40 | 000,053,302 | ---- | C] () -- C:\Program Files\APR2007_xinput_x86.cab
[2010/06/02 05:21:40 | 000,046,058 | ---- | C] () -- C:\Program Files\AUG2006_xinput_x86.cab
[2010/06/02 05:21:38 | 001,606,039 | ---- | C] () -- C:\Program Files\APR2007_d3dx9_33_x86.cab
[2010/06/02 05:21:38 | 000,195,766 | ---- | C] () -- C:\Program Files\APR2007_XACT_x64.cab
[2010/06/02 05:21:38 | 000,151,225 | ---- | C] () -- C:\Program Files\APR2007_XACT_x86.cab
[2010/06/02 05:21:38 | 000,096,817 | ---- | C] () -- C:\Program Files\APR2007_xinput_x64.cab
[2010/06/02 05:21:36 | 001,607,358 | ---- | C] () -- C:\Program Files\APR2007_d3dx9_33_x64.cab
[2010/06/02 05:21:36 | 000,698,612 | ---- | C] () -- C:\Program Files\APR2007_d3dx10_33_x64.cab
[2010/06/02 05:21:36 | 000,695,865 | ---- | C] () -- C:\Program Files\APR2007_d3dx10_33_x86.cab
[2010/06/02 05:21:34 | 000,046,010 | ---- | C] () -- C:\Program Files\Apr2006_xinput_x86.cab
[2010/06/02 05:21:20 | 000,087,101 | ---- | C] () -- C:\Program Files\Apr2006_xinput_x64.cab
[2010/06/02 05:21:18 | 004,162,630 | ---- | C] () -- C:\Program Files\Apr2006_MDX1_x86_Archive.cab
[2010/06/02 05:21:18 | 000,916,430 | ---- | C] () -- C:\Program Files\Apr2006_MDX1_x86.cab
[2010/06/02 05:21:18 | 000,179,133 | ---- | C] () -- C:\Program Files\Apr2006_XACT_x64.cab
[2010/06/02 05:21:18 | 000,133,103 | ---- | C] () -- C:\Program Files\Apr2006_XACT_x86.cab
[2010/06/02 05:21:16 | 001,397,830 | ---- | C] () -- C:\Program Files\Apr2006_d3dx9_30_x64.cab
[2010/06/02 05:21:16 | 001,347,354 | ---- | C] () -- C:\Program Files\Apr2005_d3dx9_25_x64.cab
[2010/06/02 05:21:16 | 001,115,221 | ---- | C] () -- C:\Program Files\Apr2006_d3dx9_30_x86.cab
[2010/06/02 05:21:16 | 001,078,962 | ---- | C] () -- C:\Program Files\Apr2005_d3dx9_25_x86.cab
========== LOP Check ==========
[2012/03/30 14:24:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ASign
[2009/03/22 20:32:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2011/04/10 20:38:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eNc31002kAdKb31002
[2011/01/03 04:49:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2012/04/09 15:22:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2009/12/22 18:38:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/03/24 01:31:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2012/03/25 23:41:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\フロントウイング
[2009/08/08 12:28:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Any Video Converter
[2011/05/19 20:39:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\BDL+D
[2009/03/22 20:33:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\DAEMON Tools
[2009/03/22 20:44:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\DAEMON Tools Lite
[2011/02/28 17:32:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\DAEMON Tools Pro
[2011/04/08 00:34:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\DDMSettings
[2009/06/16 04:59:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\EATCAM
[2009/07/26 01:38:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\EurekaLog
[2010/05/24 16:30:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\GameTuts
[2010/06/23 14:17:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\RadLight Company
[2011/01/29 14:46:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Raptr
[2011/01/29 14:46:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Raptr(2)
[2011/02/09 14:50:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\RenPy
[2010/02/11 18:52:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Software Defender
[2010/09/07 01:37:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\SystemRequirementsLab
[2012/04/03 01:25:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\TestApp
[2011/01/03 04:24:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Uniblue
[2011/06/02 21:43:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\uTorrent
[2011/07/31 15:03:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Waffle
[2010/04/14 05:06:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\WebCam Recorder
[2012/03/25 23:42:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\フロントウイング
[2011/07/12 23:52:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\懲罰指導
[2012/03/30 21:18:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\蠱惑の刻
[2012/04/07 23:14:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2011/12/25 22:21:48 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2012/04/09 13:52:39 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2012/04/07 17:15:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
========== Alternate Data Streams ==========
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AC6124CA
< End of report >
rockmypunkk
2012-04-09, 22:41
OTL Extras logfile created on: 4/9/2012 3:22:52 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Chris\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1011.88 Mb Total Physical Memory | 328.19 Mb Available Physical Memory | 32.43% Memory free
2.37 Gb Paging File | 1.83 Gb Available in Paging File | 77.27% Paging File free
Paging file location(s): C:\pagefile.sys 1512 3024 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.17 Gb Total Space | 21.64 Gb Free Space | 15.01% Space Free | Partition Type: NTFS
Computer Name: SNOWSAKURA | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\Warcraft III\Warcraft III.exe" = C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent
"C:\Program Files\eMule\emule.exe" = C:\Program Files\eMule\emule.exe:*:Enabled:eMule
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Program Files\Raptr\raptr.exe" = C:\Program Files\Raptr\raptr.exe:*:Enabled:Raptr Client
"C:\Program Files\Raptr\raptr_im.exe" = C:\Program Files\Raptr\raptr_im.exe:*:Enabled:Raptr IM
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:μTorrent
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\ソニア\極楽バイパー ランジェリー 赤\Bin\VPLanRed.exe" = C:\Program Files\ソニア\極楽バイパー ランジェリー 赤\Bin\VPLanRed.exe:*:Disabled:VPLanRed -- ()
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" = C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware -- (Malwarebytes Corporation)
"C:\Documents and Settings\Chris\Local Settings\Temp\Rar$EX01.437\TDSSKiller.exe" = C:\Documents and Settings\Chris\Local Settings\Temp\Rar$EX01.437\TDSSKiller.exe:*:Enabled:TDSS rootkit removing tool
"C:\Documents and Settings\Chris\My Documents\Downloads\SDAV_Online_aff_GenericRevenueWire_207.exe" = C:\Documents and Settings\Chris\My Documents\Downloads\SDAV_Online_aff_GenericRevenueWire_207.exe:*:Enabled:PC Tools Installer
"C:\Documents and Settings\Chris\My Documents\Downloads\STOPzilla_Setup.exe" = C:\Documents and Settings\Chris\My Documents\Downloads\STOPzilla_Setup.exe:*:Enabled:STOPzilla_Setup -- (iS3, Inc.)
"C:\Program Files\STOPzilla!\distro-amzn-is3.exe" = C:\Program Files\STOPzilla!\distro-amzn-is3.exe:*:Enabled:Amazon Browser Bar -- (iS3)
"C:\Program Files\Common Files\Java\Java Update\jucheck.exe" = C:\Program Files\Common Files\Java\Java Update\jucheck.exe:*:Enabled:Java(TM) Update Checker -- (Sun Microsystems, Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{09332B53-1E54-4B68-88AC-25598F3DCA14}" = 裏教師~背徳の淫悦授業~
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{25136D99-7F99-4861-B7B2-B2430D4297F4}" = relations sister×sister
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros for Acer Driver v7.6.0.224_Foxconn Installation Program
"{2C587856-4545-4ABC-9BB2-87D8636B02F4}" = 鋼鉄の魔女アンネローゼDL版
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Acer Crystal Eye Webcam Video Class Camera
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4304DAF2-0EE3-48B5-A4D7-D10A4F79F2FE}" = おっぱいハート~彼女はケダモノ発情期ッ!?~
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E1D975D-9BF3-43CF-AA30-7186CEE3D9DE}" = STOPzilla
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{56C64E81-FC93-4cb9-9EBF-953662950D3B}_is1" = Delete Virtual-Mate Launcher
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype?5.5
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4658131-9D1A-4395-876D-968E38FE8ED5}" = Universe at War Earth Assault
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F7FC9307-374E-4017-8E9D-DE1154780480}" = System Requirements Lab for Intel
"『乙女蹂躙遊戯』" = 『乙女蹂躙遊戯』
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AIL-MAJUTAI2" = 魔ヲ受胎セシ処女ノ苦悦2
"anetea_is1" = あねてぃ!?
"BHT" = ボクのヒミツたいけん
"chichimiko_is1" = ちちみこ!! アンインストーラー
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-07-30
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.56
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivXセットアップ
"EBGDGNGFGIGPGMGJGD" = Acmeholic
"eclipse" = ECLIPSE ~絶対隷奴計画・喪失少女~
"ERUNT_is1" = ERUNT 1.1j
"FW_Djibril5" = 戦国天使ジブリール
"FW_Makai-Tenshi_Djibril4" = 魔界天使ジブリール4
"haregaku_m_is1" = はれがく!アンインストーラー
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HSHINTAI" = 炎の孕ませおっぱい身体測定
"IDFEIDHNIBFLIBJJICKLICOBICPBICNF" = サマー☆きゃんぷ
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ILLDICKGICMEICMBIBEJICKIICMLICMEICKBIBFL" = 教えてっ!おねてぃー
"InstallShield_{D4658131-9D1A-4395-876D-968E38FE8ED5}" = Universe at War Earth Assault
"inyou_shock" = 淫妖蟲 蝕
"IrfanView" = IrfanView (remove only)
"JCAGE" = じゅーしぃエイジ
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.2.5 Standard
"kowakunotoki" = 蠱惑の刻
"KURONOUTAHIME" = 黒の歌姫
"LManager" = Launch Manager
"MAJUTAI" = 魔ヲ受胎セシ処女ノ苦悦
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"MATTY" = まってぃ
"MHT" = もっとヒミツたいけん
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft NetShow Tools 2.0" = Windows Media ツール 4.1
"MINAMI" = みなみくんの受難 ~強制性転換ご乱交~
"MNATU" = もうすぐ夏休み!
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"MP4 Player" = MP4 Player
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NTFS Undelete_is1" = NTFS Undelete 3.0.2.1214
"oyakolesson" = ドキドキ母娘レッスン
"PAITOUCH" = ぱいタッチ!
"Plants vs. Zombies" = Plants vs. Zombies
"RadLight 4.0" = RadLight 4.0 FINAL
"RealAlt_is1" = Real Alternative 1.9.0 Lite
"Recuva" = Recuva
"RINJOKU" = 凛辱の城 傀儡の王
"Snow Sakura" = Snow Sakura
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"solfa28" = 麦わら帽子と水辺の妖精
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"titininja" = 乳忍者~摩天楼へ乳ボンバー~
"Twin_Knight" = 碧眼の双騎士フェリルとリリカ
"UltraISO_is1" = UltraISO Premium V9.36
"ViewpointMediaPlayer" = Viewpoint Media Player
"VPLanBlack" = 極楽バイパー ランジェリー 黒
"VPLanRed" = 極楽バイパー ランジェリー 赤
"VPLanViolet" = 極楽バイパー ランジェリー 紫
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger
"アイドル★ハーレム" = アイドル★ハーレム
"おっぱい小さくて何が悪いのさ!_is1" = おっぱい小さくて何が悪いのさ!
"ゴニン!?" = ゴニン!?
"それでもオレはやってやる!vol.1_is1" = それでもオレはやってやる!vol.1
"それでもオレはやってやる!vol.2_is1" = それでもオレはやってやる!vol.2
"俺サマのラグナRock_is1" = 俺サマのラグナRock ver.1.00
"口唇包柔~うさみみ調教 白く濡れる女体たち~" = 口唇包柔~うさみみ調教 白く濡れる女体たち~
"姦染~淫欲の連鎖~" = 姦染~淫欲の連鎖~
"姫∽神1/2~_is1" = 姫∽神1/2~
"超光戦隊ジャスティスブレイドZERO_is1" = 超光戦隊ジャスティスブレイドZERO
"魔界天使ジブリール -episode3-" = 『魔界天使ジブリール -episode3-』の削除
"魔界天使ジブリール Vista対応版" = 『魔界天使ジブリール Vista対応版』の削除
"魔界天使ジブリールEPISODE2" = 『魔界天使ジブリールEPISODE2』の削除
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"1637b7d79495554c" = Streak Saver
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 3/31/2012 10:27:56 PM | Computer Name = SNOWSAKURA | Source = MsiInstaller | ID = 1013
Description = ? : ???????????? -- ??翌衝?? MSI ?笆側????N?????????setup.exe ?????????
Error - 3/31/2012 10:28:37 PM | Computer Name = SNOWSAKURA | Source = MsiInstaller | ID = 11324
Description = ? : ???????????? -- ??? 1324? ???? ?? '????????????' ?????????????????
Error - 3/31/2012 10:31:54 PM | Computer Name = SNOWSAKURA | Source = MsiInstaller | ID = 11324
Description = ? : ???????????? -- ??? 1324? ???? ?? '????????????' ?????????????????
Error - 3/31/2012 10:42:32 PM | Computer Name = SNOWSAKURA | Source = MsiInstaller | ID = 11324
Description = ? : ???????????? -- ??? 1324? ???? ?? '????????????' ?????????????????
Error - 4/2/2012 2:58:56 AM | Computer Name = SNOWSAKURA | Source = Application Error | ID = 1000
Description = Faulting application seraph.exe, version 1.0.0.1, faulting module
user32.dll, version 5.1.2600.5512, fault address 0x000187aa.
Error - 4/2/2012 3:03:12 AM | Computer Name = SNOWSAKURA | Source = Application Error | ID = 1000
Description = Faulting application seraph.exe, version 1.0.0.1, faulting module
user32.dll, version 5.1.2600.5512, fault address 0x000187aa.
Error - 4/2/2012 3:04:50 AM | Computer Name = SNOWSAKURA | Source = Application Error | ID = 1000
Description = Faulting application seraph.exe, version 1.0.0.1, faulting module
user32.dll, version 5.1.2600.5512, fault address 0x000187aa.
Error - 4/2/2012 3:06:43 AM | Computer Name = SNOWSAKURA | Source = Application Error | ID = 1000
Description = Faulting application seraph.exe, version 1.0.0.1, faulting module
user32.dll, version 5.1.2600.5512, fault address 0x000187aa.
Error - 4/2/2012 3:10:27 AM | Computer Name = SNOWSAKURA | Source = Application Error | ID = 1000
Description = Faulting application seraph.exe, version 1.0.0.1, faulting module
user32.dll, version 5.1.2600.5512, fault address 0x000187aa.
Error - 4/9/2012 11:31:36 AM | Computer Name = SNOWSAKURA | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 11.0.0.4454, faulting
module mozalloc.dll, version 11.0.0.4454, fault address 0x0000195d.
[ System Events ]
Error - 4/8/2012 12:36:59 AM | Computer Name = SNOWSAKURA | Source = PSched | ID = 14103
Description = QoS [Adapter {FC95DAB5-2C4C-4702-8CED-AD0C49E9A417}]: The netcard driver
failed the query for OID_GEN_LINK_SPEED.
Error - 4/8/2012 12:43:14 AM | Computer Name = SNOWSAKURA | Source = AR5416 | ID = 262187
Description =
Error - 4/8/2012 12:43:14 AM | Computer Name = SNOWSAKURA | Source = PSched | ID = 14103
Description = QoS [Adapter {FC95DAB5-2C4C-4702-8CED-AD0C49E9A417}]: The netcard driver
failed the query for OID_GEN_LINK_SPEED.
Error - 4/8/2012 12:49:15 AM | Computer Name = SNOWSAKURA | Source = AR5416 | ID = 262187
Description =
Error - 4/8/2012 12:49:15 AM | Computer Name = SNOWSAKURA | Source = PSched | ID = 14103
Description = QoS [Adapter {FC95DAB5-2C4C-4702-8CED-AD0C49E9A417}]: The netcard driver
failed the query for OID_GEN_LINK_SPEED.
Error - 4/9/2012 11:25:23 AM | Computer Name = SNOWSAKURA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p
asc3550
cbidf
cd20xrnt
CmdIde
Cpqarray
dac2w2k
dac960nt
dpti2o
hpn
i2omp
ini910u
IntelIde
mraid35x
perc2
perc2hib
ql1080
Ql10wnt
ql12160
ql1240
ql1280
sisagp
Sparrow
symc810
symc8xx
sym_hi
sym_u3
TosIde
ultra
viaagp
ViaIde
Error - 4/9/2012 11:35:03 AM | Computer Name = SNOWSAKURA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p
asc3550
cbidf
cd20xrnt
CmdIde
Cpqarray
dac2w2k
dac960nt
dpti2o
hpn
i2omp
ini910u
IntelIde
mraid35x
perc2
perc2hib
ql1080
Ql10wnt
ql12160
ql1240
ql1280
sisagp
Sparrow
symc810
symc8xx
sym_hi
sym_u3
TosIde
ultra
viaagp
ViaIde
Error - 4/9/2012 2:52:39 PM | Computer Name = SNOWSAKURA | Source = Schedule | ID = 7901
Description = The At3.job command failed to start due to the following error: %%2147942402
Error - 4/9/2012 3:45:24 PM | Computer Name = SNOWSAKURA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p
asc3550
cbidf
cd20xrnt
CmdIde
Cpqarray
dac2w2k
dac960nt
dpti2o
hpn
i2omp
ini910u
IntelIde
mraid35x
perc2
perc2hib
ql1080
Ql10wnt
ql12160
ql1240
ql1280
sisagp
Sparrow
symc810
symc8xx
sym_hi
sym_u3
TosIde
ultra
viaagp
ViaIde
Error - 4/9/2012 3:45:41 PM | Computer Name = SNOWSAKURA | Source = System Error | ID = 1003
Description = Error code 1000008e, parameter1 c0000005, parameter2 f74b3c48, parameter3
a9e2bb38, parameter4 00000000.
< End of report >
rockmypunkk
2012-04-09, 22:49
Finally got DDS to run
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_31
Run by Chris at 15:43:38 on 2012-04-09
Microsoft Windows XP Home Edition 5.1.2600.3.932.81.1033.18.1012.223 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\DOCUME~1\Chris\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
c:\PROGRA~1\mcafee\SITEAD~1\saui.exe
C:\WINDOWS\system32\conime.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.msn.com
uDefault_Page_URL = hxxp://www.msn.com
uWindow Title = Internet Explorer, optimized for Bing and MSN
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - No File
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - No File
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: STOPzilla Browser Helper Object: {e3215f20-3212-11d6-9f8b-00d0b743919d} - c:\program files\stopzilla!\SZIEBHO.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [ctfmon.exe] c:\windows\system32\CTFMON.EXE
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [LaunchApp] Alaunch
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [AzMixerSel] c:\program files\realtek\audio\installshield\AzMixerSel.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [LManager] c:\progra~1\launch~1\QtZgAcer.EXE
mRun: [PLFSetL] c:\windows\PLFSetL.exe
mRun: [eRecoveryService] c:\acer\empowering technology\erecovery\eRAgent.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\docume~1\chris\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\interv~1.lnk - c:\program files\intervideo\common\bin\WinCinemaMgr.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: mswsock.dll
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{FC95DAB5-2C4C-4702-8CED-AD0C49E9A417} : DhcpNameServer = 75.75.75.75 75.75.76.76
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: igfxcui - igfxdev.dll
Notify: TPSvc - TPSvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\chris\application data\mozilla\firefox\profiles\lrp7h7bg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Yahoo-FlvTube
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://flvtubesearch.co/?prt=02ff&clid=&subid=&Keywords=
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\browser\nppdf32(2).dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
.
============= SERVICES / DRIVERS ===============
.
R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [2012-2-24 99728]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [2012-3-29 72080]
R2 {09BB444F-B2E2-4009-BAF2-7B727681223E};BuddyVM;c:\program files\vmlaunch\BuddyVM.sys [2009-3-25 15488]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-1-3 21992]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-2-23 652360]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-10-13 95200]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-2-23 24652]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-2-23 20464]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [2012-2-24 99728]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-2-23 96856]
.
=============== Created Last 30 ================
.
2012-04-04 21:50:06 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-03 06:29:47 42864 ----a-r- c:\windows\system32\SBBD.EXE
2012-04-03 06:29:47 101112 ----a-r- c:\windows\system32\drivers\SBREDrv.sys
2012-04-03 06:29:38 -------- d-----w- c:\program files\STOPzilla!
2012-04-03 06:29:36 -------- d-----w- c:\program files\common files\iS3
2012-04-03 06:29:35 -------- d-----w- c:\documents and settings\all users\application data\STOPzilla!
2012-04-03 06:25:39 -------- d-----w- c:\program files\common files\PC Tools
2012-04-03 06:25:03 -------- d-----w- c:\documents and settings\all users\application data\PC Tools
2012-04-03 06:25:02 -------- d-----w- c:\documents and settings\chris\application data\TestApp
2012-04-03 06:05:35 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-03 05:54:22 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-04-03 05:54:22 -------- d-----w- c:\windows\system32\wbem\Repository
2012-04-02 21:59:33 361600 -c----w- c:\windows\system32\dllcache\tcpip.sys
2012-04-02 17:01:39 0 --sha-w- c:\windows\system32\dds_log_ad13.cmd
2012-04-02 16:59:25 -------- d-sh--w- c:\documents and settings\chris\local settings\application data\ad7217cf
2012-04-02 06:46:29 -------- d-----w- C:\UTSUSEMI
2012-04-02 02:31:02 -------- d-----w- C:\NOMAD
2012-04-01 19:18:06 -------- d-----w- c:\program files\ぴんくはてな
2012-04-01 19:07:44 -------- d-----w- c:\program files\あかべぇそふとつぅTRY
2012-04-01 03:46:15 -------- d-----w- c:\program files\アークシェル
2012-03-31 23:40:13 -------- d-----w- c:\program files\DO
2012-03-31 15:31:03 -------- d-----w- C:\アイル
2012-03-31 06:26:39 -------- d-----w- c:\program files\教えてっ!おねてぃー
2012-03-31 04:36:39 -------- d-----w- c:\program files\Vanadis
2012-03-31 02:58:20 -------- d-----w- c:\program files\DualMage
2012-03-31 02:22:04 -------- d-----w- c:\program files\euphoria
2012-03-31 02:17:36 -------- d-----w- c:\documents and settings\chris\application data\蠱惑の刻
2012-03-31 02:13:10 -------- d-----w- c:\program files\蠱惑の刻
2012-03-30 21:46:33 -------- d-----w- c:\program files\Acmeholic
2012-03-30 21:34:55 -------- d-----w- c:\program files\SPEED
2012-03-30 20:42:54 196616 ----a-w- c:\windows\system32\SARCheck.dll
2012-03-30 20:40:02 -------- d-----w- c:\program files\ドキドキ母娘レッスン
2012-03-30 20:12:38 -------- d-----w- C:\萌♂
2012-03-30 19:53:25 -------- d-----w- C:\maika
2012-03-30 19:13:04 -------- d-----w- c:\program files\touchable
2012-03-30 04:21:50 -------- d-----w- c:\program files\Guilty
2012-03-30 02:41:47 -------- d-----w- c:\program files\CLOCKUP
2012-03-30 01:53:23 -------- d-----w- c:\program files\Atheros
2012-03-29 23:58:08 58368 -c--a-w- c:\windows\system32\dllcache\smiminib.sys
2012-03-29 23:56:55 38912 -c--a-w- c:\windows\system32\dllcache\sm9aw.dll
2012-03-29 23:55:59 50432 -c--a-w- c:\windows\system32\dllcache\sisv.sys
2012-03-29 23:55:57 32768 -c--a-w- c:\windows\system32\dllcache\sisnic.sys
2012-03-29 23:55:50 238592 -c--a-w- c:\windows\system32\dllcache\sisgrv.dll
2012-03-29 23:55:43 104064 -c--a-w- c:\windows\system32\dllcache\sisgrp.sys
2012-03-29 23:55:36 150144 -c--a-w- c:\windows\system32\dllcache\sis6306v.dll
2012-03-29 23:55:29 68608 -c--a-w- c:\windows\system32\dllcache\sis6306p.sys
2012-03-29 23:55:22 252032 -c--a-w- c:\windows\system32\dllcache\sis300iv.dll
2012-03-29 23:55:15 101760 -c--a-w- c:\windows\system32\dllcache\sis300ip.sys
2012-03-29 23:55:14 3901 -c--a-w- c:\windows\system32\dllcache\siint5.dll
2012-03-29 23:55:13 -------- d-----w- C:\temp
2012-03-29 23:55:03 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys
2012-03-29 23:54:56 18400 -c--a-w- c:\windows\system32\dllcache\sgsmld.sys
2012-03-29 23:54:50 98080 -c--a-w- c:\windows\system32\dllcache\sgiulnt5.sys
2012-03-29 23:54:43 386560 -c--a-w- c:\windows\system32\dllcache\sgiul50.dll
2012-03-29 23:54:36 36480 -c--a-w- c:\windows\system32\dllcache\sfmanm.sys
2012-03-29 23:54:28 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2012-03-29 23:54:22 17664 -c--a-w- c:\windows\system32\dllcache\sermouse.sys
2012-03-29 23:54:21 26112 -c--a-w- c:\windows\system32\dllcache\EXCH_seos.dll
2012-03-29 23:54:14 6912 -c--a-w- c:\windows\system32\dllcache\seaddsmc.sys
2012-03-29 23:54:13 11520 -c--a-w- c:\windows\system32\dllcache\scsiscan.sys
2012-03-29 23:54:06 11648 -c--a-w- c:\windows\system32\dllcache\scsiprnt.sys
2012-03-29 23:54:05 57856 -c--a-w- c:\windows\system32\dllcache\EXCH_scripto.dll
2012-03-29 23:53:58 17280 -c--a-w- c:\windows\system32\dllcache\scr111.sys
2012-03-29 23:53:51 16640 -c--a-w- c:\windows\system32\dllcache\scmstcs.sys
2012-03-29 23:53:44 23936 -c--a-w- c:\windows\system32\dllcache\sccmusbm.sys
2012-03-29 23:53:37 23936 -c--a-w- c:\windows\system32\dllcache\sccmn50m.sys
2012-03-29 23:53:36 43904 -c--a-w- c:\windows\system32\dllcache\sbp2port.sys
2012-03-29 23:53:29 495616 -c--a-w- c:\windows\system32\dllcache\sblfx.dll
2012-03-29 23:53:21 75392 -c--a-w- c:\windows\system32\dllcache\s3savmxm.sys
2012-03-29 23:53:15 245632 -c--a-w- c:\windows\system32\dllcache\s3savmx.dll
2012-03-29 23:53:08 77824 -c--a-w- c:\windows\system32\dllcache\s3sav4m.sys
2012-03-29 23:53:01 198400 -c--a-w- c:\windows\system32\dllcache\s3sav4.dll
2012-03-29 23:52:54 61504 -c--a-w- c:\windows\system32\dllcache\s3sav3dm.sys
2012-03-29 23:52:47 179264 -c--a-w- c:\windows\system32\dllcache\s3sav3d.dll
2012-03-29 23:52:41 210496 -c--a-w- c:\windows\system32\dllcache\s3mvirge.dll
2012-03-29 23:52:34 62496 -c--a-w- c:\windows\system32\dllcache\s3mtrio.dll
2012-03-29 23:52:27 41216 -c--a-w- c:\windows\system32\dllcache\s3mt3d.sys
2012-03-29 23:52:21 182272 -c--a-w- c:\windows\system32\dllcache\s3mt3d.dll
2012-03-29 23:52:14 166720 -c--a-w- c:\windows\system32\dllcache\s3m.sys
2012-03-29 23:52:07 65664 -c--a-w- c:\windows\system32\dllcache\s3legacy.sys
2012-03-29 23:52:06 166912 -c--a-w- c:\windows\system32\dllcache\s3gnbm.sys
2012-03-29 23:52:05 397056 -c--a-w- c:\windows\system32\dllcache\s3gnb.dll
2012-03-29 23:50:57 86097 -c--a-w- c:\windows\system32\dllcache\reslog32.dll
2012-03-29 23:49:59 112574 -c--a-w- c:\windows\system32\dllcache\ptserlp.sys
2012-03-29 23:48:57 19840 -c--a-w- c:\windows\system32\dllcache\philtune.sys
2012-03-29 23:48:51 92416 -c--a-w- c:\windows\system32\dllcache\phildec.sys
2012-03-29 23:48:45 173696 -c--a-w- c:\windows\system32\dllcache\philcam2.sys
2012-03-29 23:48:38 75776 -c--a-w- c:\windows\system32\dllcache\philcam1.sys
2012-03-29 23:48:32 16384 -c--a-w- c:\windows\system32\dllcache\philcam1.dll
2012-03-29 23:48:24 259328 -c--a-w- c:\windows\system32\dllcache\perm3dd.dll
2012-03-29 23:48:23 28032 -c--a-w- c:\windows\system32\dllcache\perm3.sys
2012-03-29 23:48:22 211584 -c--a-w- c:\windows\system32\dllcache\perm2dll.dll
2012-03-29 23:48:21 27904 -c--a-w- c:\windows\system32\dllcache\perm2.sys
2012-03-29 23:48:19 169984 -c--a-w- c:\windows\system32\dllcache\pcx500.sys
2012-03-29 23:48:12 86016 -c--a-w- c:\windows\system32\dllcache\pctspk.exe
2012-03-29 23:48:06 35328 -c--a-w- c:\windows\system32\dllcache\pcntpci5.sys
2012-03-29 23:47:59 29769 -c--a-w- c:\windows\system32\dllcache\pcntn5m.sys
2012-03-29 23:47:53 30282 -c--a-w- c:\windows\system32\dllcache\pcntn5hl.sys
2012-03-29 23:47:46 26153 -c--a-w- c:\windows\system32\dllcache\pcmlm56.sys
2012-03-29 23:47:45 29502 -c--a-w- c:\windows\system32\dllcache\pca200e.sys
2012-03-29 23:47:39 30495 -c--a-w- c:\windows\system32\dllcache\pc100nds.sys
2012-03-29 23:47:31 41984 -c--a-w- c:\windows\system32\dllcache\ovui2rc.dll
2012-03-29 23:47:25 44544 -c--a-w- c:\windows\system32\dllcache\ovui2.dll
2012-03-29 23:47:18 25216 -c--a-w- c:\windows\system32\dllcache\ovsound2.sys
2012-03-29 23:47:12 39424 -c--a-w- c:\windows\system32\dllcache\ovcoms.exe
2012-03-29 23:47:05 20480 -c--a-w- c:\windows\system32\dllcache\ovcomc.dll
2012-03-29 23:46:59 351616 -c--a-w- c:\windows\system32\dllcache\ovcodek2.sys
2012-03-29 23:46:52 116736 -c--a-w- c:\windows\system32\dllcache\ovcodec2.dll
2012-03-29 23:46:46 31872 -c--a-w- c:\windows\system32\dllcache\ovce.sys
2012-03-29 23:46:40 28032 -c--a-w- c:\windows\system32\dllcache\ovcd.sys
2012-03-29 23:46:33 48000 -c--a-w- c:\windows\system32\dllcache\ovcam2.sys
2012-03-29 23:46:27 25088 -c--a-w- c:\windows\system32\dllcache\ovca.sys
2012-03-29 23:46:20 54186 -c--a-w- c:\windows\system32\dllcache\otcsercb.sys
2012-03-29 23:46:14 43689 -c--a-w- c:\windows\system32\dllcache\otceth5.sys
2012-03-29 23:46:07 27209 -c--a-w- c:\windows\system32\dllcache\otc06x5.sys
2012-03-29 23:46:01 54528 -c--a-w- c:\windows\system32\dllcache\opl3sax.sys
2012-03-29 23:44:53 32840 -c--a-w- c:\windows\system32\dllcache\ngrpci.sys
2012-03-29 23:44:51 132695 -c--a-w- c:\windows\system32\dllcache\netwlan5.sys
2012-03-29 23:44:42 65278 -c--a-w- c:\windows\system32\dllcache\netflx3.sys
2012-03-29 23:44:34 39264 -c--a-w- c:\windows\system32\dllcache\neo20xx.sys
2012-03-29 23:44:28 60480 -c--a-w- c:\windows\system32\dllcache\neo20xx.dll
2012-03-29 23:44:21 15872 -c--a-w- c:\windows\system32\dllcache\ne2000.sys
2012-03-29 23:44:13 91488 -c--a-w- c:\windows\system32\dllcache\n9i3disp.dll
2012-03-29 23:44:07 27936 -c--a-w- c:\windows\system32\dllcache\n9i3d.sys
2012-03-29 23:44:01 33088 -c--a-w- c:\windows\system32\dllcache\n9i128v2.sys
2012-03-29 23:43:55 59104 -c--a-w- c:\windows\system32\dllcache\n9i128v2.dll
2012-03-29 23:43:48 13664 -c--a-w- c:\windows\system32\dllcache\n9i128.sys
2012-03-29 23:43:43 35392 -c--a-w- c:\windows\system32\dllcache\n9i128.dll
2012-03-29 23:43:37 128000 -c--a-w- c:\windows\system32\dllcache\n100325.sys
2012-03-29 23:43:31 52255 -c--a-w- c:\windows\system32\dllcache\n1000nt5.sys
2012-03-29 23:43:25 75520 -c--a-w- c:\windows\system32\dllcache\mxport.sys
2012-03-29 23:43:18 7168 -c--a-w- c:\windows\system32\dllcache\mxport.dll
2012-03-29 23:43:13 19968 -c--a-w- c:\windows\system32\dllcache\mxnic.sys
2012-03-29 23:43:08 19968 -c--a-w- c:\windows\system32\dllcache\mxicfg.dll
2012-03-29 23:43:02 21888 -c--a-w- c:\windows\system32\dllcache\mxcard.sys
2012-03-29 23:43:01 12672 -c--a-w- c:\windows\system32\dllcache\mutohpen.sys
2012-03-29 23:41:58 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2012-03-29 23:41:38 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
2012-03-29 23:41:30 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys
2012-03-29 23:41:29 7680 -c--a-w- c:\windows\system32\dllcache\migregdb.exe
2012-03-29 23:41:28 34304 -c--a-w- c:\windows\system32\dllcache\migisol.exe
2012-03-29 23:41:22 320384 -c--a-w- c:\windows\system32\dllcache\mgaum.sys
2012-03-29 23:41:16 235648 -c--a-w- c:\windows\system32\dllcache\mgaud.dll
2012-03-29 23:41:15 92416 -c--a-w- c:\windows\system32\dllcache\mga.sys
2012-03-29 23:41:15 92032 -c--a-w- c:\windows\system32\dllcache\mga.dll
2012-03-29 23:41:14 26112 -c--a-w- c:\windows\system32\dllcache\memstpci.sys
2012-03-29 23:41:08 47616 -c--a-w- c:\windows\system32\dllcache\memgrp.dll
2012-03-29 23:41:02 8320 -c--a-w- c:\windows\system32\dllcache\memcard.sys
2012-03-29 23:39:55 727786 -c--a-w- c:\windows\system32\dllcache\ltck000c.sys
2012-03-29 23:39:49 4992 -c--a-w- c:\windows\system32\dllcache\loop.sys
2012-03-29 23:39:42 70730 -c--a-w- c:\windows\system32\dllcache\lne100tx.sys
2012-03-29 23:39:37 20573 -c--a-w- c:\windows\system32\dllcache\lne100.sys
2012-03-29 23:39:31 33792 -c--a-w- c:\windows\system32\dllcache\lmmib2.dll
2012-03-29 23:39:31 25065 -c--a-w- c:\windows\system32\dllcache\lmndis3.sys
2012-03-29 23:39:25 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2012-03-29 23:39:25 15744 -c--a-w- c:\windows\system32\dllcache\lit220p.sys
2012-03-29 23:39:19 26442 -c--a-w- c:\windows\system32\dllcache\lanepic5.sys
2012-03-29 23:39:13 19016 -c--a-w- c:\windows\system32\dllcache\ktc111.sys
2012-03-29 23:39:07 37376 -c--a-w- c:\windows\system32\dllcache\kousd.dll
2012-03-29 23:39:05 253952 -c--a-w- c:\windows\system32\dllcache\kdsusd.dll
2012-03-29 23:39:03 48640 -c--a-w- c:\windows\system32\dllcache\kdsui.dll
2012-03-29 23:37:59 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll
2012-03-29 23:37:53 100992 -c--a-w- c:\windows\system32\dllcache\icam5usb.sys
2012-03-29 23:37:48 20480 -c--a-w- c:\windows\system32\dllcache\icam5ext.dll
2012-03-29 23:37:43 45056 -c--a-w- c:\windows\system32\dllcache\icam5com.dll
2012-03-29 23:37:37 154496 -c--a-w- c:\windows\system32\dllcache\icam4usb.sys
2012-03-29 23:37:32 61952 -c--a-w- c:\windows\system32\dllcache\icam4ext.dll
2012-03-29 23:37:27 91136 -c--a-w- c:\windows\system32\dllcache\icam4com.dll
2012-03-29 23:37:21 26624 -c--a-w- c:\windows\system32\dllcache\icam3ext.dll
2012-03-29 23:37:16 141056 -c--a-w- c:\windows\system32\dllcache\icam3.sys
2012-03-29 23:37:11 38528 -c--a-w- c:\windows\system32\dllcache\ibmvcap.sys
2012-03-29 23:37:06 109085 -c--a-w- c:\windows\system32\dllcache\ibmtrp.sys
2012-03-29 23:37:01 100936 -c--a-w- c:\windows\system32\dllcache\ibmtok.sys
2012-03-29 23:35:55 391199 -c--a-w- c:\windows\system32\dllcache\hsf_k56k.sys
2012-03-29 23:35:51 9759 -c--a-w- c:\windows\system32\dllcache\hsf_inst.dll
2012-03-29 23:35:46 115807 -c--a-w- c:\windows\system32\dllcache\hsf_fsks.sys
2012-03-29 23:35:41 199711 -c--a-w- c:\windows\system32\dllcache\hsf_faxx.sys
2012-03-29 23:35:35 289887 -c--a-w- c:\windows\system32\dllcache\hsf_fall.sys
2012-03-29 23:35:30 67167 -c--a-w- c:\windows\system32\dllcache\hsf_bsc2.sys
2012-03-29 23:35:25 150239 -c--a-w- c:\windows\system32\dllcache\hsf_amos.sys
2012-03-29 23:35:20 19456 -c--a-w- c:\windows\system32\dllcache\hr1w.dll
2012-03-29 23:35:15 5760 -c--a-w- c:\windows\system32\dllcache\hpt4qic.sys
2012-03-29 23:35:10 13312 -c--a-w- c:\windows\system32\dllcache\hpsjmcro.dll
2012-03-29 23:35:06 324608 -c--a-w- c:\windows\system32\dllcache\hpojwia.dll
2012-03-29 23:35:01 32768 -c--a-w- c:\windows\system32\dllcache\hpgtmcro.dll
2012-03-29 23:33:56 8576 -c--a-w- c:\windows\system32\dllcache\hidgame.sys
2012-03-29 23:32:57 455680 -c--a-w- c:\windows\system32\dllcache\fus2base.sys
2012-03-29 23:31:58 7040 -c--a-w- c:\windows\system32\dllcache\exabyte2.sys
2012-03-29 23:30:59 61952 -c--a-w- c:\windows\system32\dllcache\eqnloop.exe
2012-03-29 23:29:57 634134 -c--a-w- c:\windows\system32\dllcache\el656ct5.sys
2012-03-29 23:28:59 37962 -c--a-w- c:\windows\system32\dllcache\divaprop.dll
2012-03-29 23:27:57 7424 -c--a-w- c:\windows\system32\dllcache\ddsmc.sys
2012-03-29 23:26:58 42112 -c--a-w- c:\windows\system32\dllcache\crtaud.sys
2012-03-29 23:25:58 74240 -c--a-w- c:\windows\system32\dllcache\camexo20.dll
2012-03-29 23:24:59 342336 -c--a-w- c:\windows\system32\dllcache\banshee.dll
2012-03-29 23:23:59 327040 -c--a-w- c:\windows\system32\dllcache\ati2mtaa.sys
2012-03-29 23:22:57 32827 -c--a-w- c:\windows\system32\dllcache\tcptest.exe
2012-03-29 23:13:24 18944 -c--a-w- c:\windows\system32\dllcache\simptcp.dll
2012-03-29 23:13:24 18944 ----a-w- c:\windows\system32\simptcp.dll
2012-03-29 23:12:32 18944 -c--a-w- c:\windows\system32\dllcache\lprmon.dll
2012-03-29 23:12:32 18944 ----a-w- c:\windows\system32\lprmon.dll
2012-03-29 23:12:31 22528 -c--a-w- c:\windows\system32\dllcache\lpdsvc.dll
2012-03-29 23:12:31 22528 ----a-w- c:\windows\system32\lpdsvc.dll
2012-03-29 22:15:45 -------- d-----w- C:\CLOCKUP
2012-03-29 21:59:36 23376 ----a-r- c:\windows\system32\SZIO5.dll
2012-03-29 21:59:24 546640 ----a-r- c:\windows\system32\SZComp5.dll
2012-03-29 21:59:18 481104 ----a-r- c:\windows\system32\SZBase5.dll
2012-03-29 21:36:48 72080 ----a-r- c:\windows\system32\drivers\SZKGFS.sys
2012-03-29 20:57:43 -------- d-----w- c:\program files\eclipse
2012-03-29 18:35:48 -------- d-----w- c:\windows\system32\UAs
2012-03-29 18:35:43 90112 ------w- c:\windows\system32\comprsh.dll
2012-03-26 03:07:01 -------- d-----w- c:\program files\TinkerBell
2012-03-25 07:04:30 -------- d-----w- c:\program files\ソニア
2012-03-25 06:13:51 3072 ------w- c:\windows\system32\iacenc.dll
.
==================== Find3M ====================
.
2012-04-04 21:49:48 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-24 20:28:26 99728 ----a-r- c:\windows\system32\drivers\SZKG.sys
2012-02-24 20:28:26 99728 ----a-r- c:\windows\system32\drivers\is3srv.sys
2012-02-23 19:09:44 29008 ----a-r- c:\windows\system32\IS3XDat5.dll
2012-02-23 19:09:42 390992 ----a-r- c:\windows\system32\IS3UI5.dll
2012-02-23 19:09:42 231248 ----a-r- c:\windows\system32\IS3Win325.dll
2012-02-23 19:09:40 100176 ----a-r- c:\windows\system32\IS3Svc5.dll
2012-02-23 19:09:34 132944 ----a-r- c:\windows\system32\IS3HTUI5.dll
2012-02-23 19:09:34 104272 ----a-r- c:\windows\system32\IS3Inet5.dll
2012-02-23 19:09:32 67408 ----a-r- c:\windows\system32\IS3Hks5.dll
2012-02-23 19:09:32 456528 ----a-r- c:\windows\system32\IS3DBA5.dll
2012-02-23 19:09:30 808784 ----a-r- c:\windows\system32\IS3Base5.dll
2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
2010-06-02 10:22:02 89944 ----a-w- c:\program files\DSETUP.dll
2010-06-02 10:22:02 537432 ----a-w- c:\program files\DXSETUP.exe
2010-06-02 10:22:02 1801048 ----a-w- c:\program files\dsetup32.dll
.
============= FINISH: 15:45:27.36 ===============
Hi rockmypunkk,
Rootkit
Your computer has a dangerous Rootkit infection. A rootkit is a set of software tools intended for concealing running processes, files or system data from the operating system.
You are strongly advised to do the following:
Disconnect the computer from the Internet and from any networked computers until it is cleaned.
Back up all your important data except programs. The programs can be reinstalled back from the original disc or from the Net.
Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts. If you don't mind the hassle, change all your account numbers.
From a clean computer, change all your passwords (ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, online groups and forums and any other online activities you carry out which require a username and password).
DO NOT change your passwords from this computer as the attacker will be able to get all the new passwords and transaction records.
Due to its rootkit functionality, your computer is very likely to have been compromised and there is no way that it can be trusted again. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be to do a reformat and reinstallation of the operating system (OS). However, if you do not have the resources to reinstall your OS and would like me to attempt to clean your machine, I will be happy to do so.
To help you understand more, please take some time to read the following articles:
What are rootkits from Wikipedia (http://en.wikipedia.org/wiki/Rootkit)
How do I respond to a possible identity theft and how do I prevent it (http://www.dslreports.com/faq/10451)
When should do a reformat and reinstallation of my OS (http://www.dslreports.com/faq/10063)
How to backup your files in Windows XP (http://support.microsoft.com/kb/308422)
Should you have any questions please feel free to ask.
Please let us know what you have decided to do in your next post.
rockmypunkk
2012-04-09, 22:58
As my computer did not come with install discs I would like to attempt to clean the machine
Hi rockmypunkk,
As my computer did not come with install discs I would like to attempt to clean the machineNo problem, lets try to get rid of this so. Please note that this can be a tricky infection to remove. Be sure to disable TeaTimer, create the restore point and install the recovery console so that we have some redundancy if anything does go wrong.
Create a New System Restore Point.
Click Start,
Select All Programs, Accessories, System Tools... press System Restore.
At the Welcome screen...select Create a restore point...then press Next.
In the description box, type a name to describe this restore point.
System Restore automatically adds (to your description) the current date and time.
Click Create...to finish creating this restore point.
Click Close to exit System Restore.
If you have successfully created a System Restore Point...we can proceed.
STOP! If you have NOT successfully created a System Restore Point... STOP! do not go any further!
Please post back so we can determine why it was unsuccessful.
Disable TeaTimer
TeaTimer needs to be disabled so that its protection does not interfere with fixes.
How Spybot-S&D protects against the installation of Spyware/Malware. (http://forums.spybot.info/showthread.php?t=281)
TeaTimer can be re-enabled once the computer is clean.
Open Spybot-S&D in Advanced Mode.
If it is not already set to do this go to the "Mode" menu and select "Advanced Mode".
On the left hand side, click on "Tools".
Then click on the Resident Icon in the List.
Uncheck "Resident TeaTimer" and OK any prompts.
Restart your computer.
Download and Run ComboFix
Please download ComboFix from one of the following links.
Link 1. (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2. (http://www.infospyware.net/antimalware/combofix/)
**IMPORTANT !!! Save ComboFix.exe to your Desktop**
Please disable any Antivirus or Firewall you have active, as shown in this topic (http://www.bleepingcomputer.com/forums/topic114351.html). Please close all open application windows.
Double click on ComboFix.exe & follow the prompts
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Consolehttp://img.photobucket.com/albums/v666/sUBs/Query_RC.gif
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
http://img.photobucket.com/albums/v666/sUBs/RC_successful.gif
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
rockmypunkk
2012-04-10, 00:12
Once combofix finished I got the error windows cannot find the file NIRCMD.exe
Do you know if it also cleaned the infections stopzilla found?
ComboFix 12-04-09.05 - Chris 9/2012 Mon 16:43:01.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.932.81.1033.18.1012.700 [GMT -5:00]
Running from: c:\documents and settings\Chris\Desktop\ComboFix.exe
.
Error: Cfiles.dat
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Chris\Application Data\BDL+D
c:\documents and settings\Chris\Application Data\BDL+D\GETCHU(JB)\56960\____.hld
c:\documents and settings\Chris\Application Data\BDL+D\GETCHU(JB)\56960\____.sys
c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\lrp7h7bg.default\Extensions\{A5DCA3F5-ED5A-4ed3-9671-DBB0C68FA469}
c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\lrp7h7bg.default\Extensions\{A5DCA3F5-ED5A-4ed3-9671-DBB0C68FA469}\chrome.manifest
c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\lrp7h7bg.default\Extensions\{A5DCA3F5-ED5A-4ed3-9671-DBB0C68FA469}\content\ff-overlay.xul
c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\lrp7h7bg.default\Extensions\{A5DCA3F5-ED5A-4ed3-9671-DBB0C68FA469}\content\overlay.js
c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\lrp7h7bg.default\Extensions\{A5DCA3F5-ED5A-4ed3-9671-DBB0C68FA469}\install.rdf
c:\documents and settings\Chris\Local Settings\Application Data\ad7217cf\U
c:\documents and settings\Chris\Local Settings\Application Data\ad7217cf\U\000000cb.@
c:\documents and settings\Chris\WINDOWS
c:\windows\$NtUninstallKB17730$
c:\windows\$NtUninstallKB17730$\2909935567\@
c:\windows\$NtUninstallKB17730$\2909935567\L\nyycniyq
c:\windows\$NtUninstallKB17730$\2909935567\loader(2)(2).tlb
c:\windows\$NtUninstallKB17730$\2909935567\loader.tlb
c:\windows\$NtUninstallKB17730$\2909935567\U\@00000001
c:\windows\$NtUninstallKB17730$\2909935567\U\@000000c0
c:\windows\$NtUninstallKB17730$\2909935567\U\@000000cb
c:\windows\$NtUninstallKB17730$\2909935567\U\@000000cf
c:\windows\$NtUninstallKB17730$\2909935567\U\@80000000
c:\windows\$NtUninstallKB17730$\2909935567\U\@800000c0
c:\windows\$NtUninstallKB17730$\2909935567\U\@800000cb
c:\windows\$NtUninstallKB17730$\2909935567\U\@800000cf
c:\windows\$NtUninstallKB17730$\383721441
c:\windows\apppatch\AppLoc.exe
c:\windows\IsUn0411.exe
c:\windows\system32\dds_log_ad13.cmd
c:\windows\system32\SET400.tmp
c:\windows\system32\SET408.tmp
c:\windows\system32\SET409.tmp
c:\windows\system32\SET40B.tmp
c:\windows\system32\SET410.tmp
c:\windows\system32\SET417.tmp
c:\windows\system32\SET418.tmp
c:\windows\system32\SET428.tmp
c:\windows\system32\SET42A.tmp
c:\windows\system32\SET439.tmp
c:\windows\system32\UAs
c:\windows\system32\UAs\firefox.exe_UAs001.dat
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_STEC3
-------\Service_STEC3
.
.
((((((((((((((((((((((((( Files Created from 2012-03-09 to 2012-04-09 )))))))))))))))))))))))))))))))
.
.
2012-04-04 21:50 . 2012-04-04 21:50 -------- d-----w- c:\program files\Common Files\Java
2012-04-04 21:50 . 2012-04-04 21:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-03 06:29 . 2012-01-19 15:22 42864 ----a-r- c:\windows\system32\SBBD.EXE
2012-04-03 06:29 . 2012-01-12 14:26 101112 ----a-r- c:\windows\system32\drivers\SBREDrv.sys
2012-04-03 06:29 . 2012-04-03 06:29 -------- d-----w- c:\program files\STOPzilla!
2012-04-03 06:29 . 2012-04-03 06:29 -------- d-----w- c:\program files\Common Files\iS3
2012-04-03 06:29 . 2012-04-09 22:00 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2012-04-03 06:25 . 2012-04-03 06:35 -------- d-----w- c:\program files\Common Files\PC Tools
2012-04-03 06:25 . 2012-04-03 06:25 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2012-04-03 06:25 . 2012-04-03 06:25 -------- d-----w- c:\documents and settings\Chris\Application Data\TestApp
2012-04-03 06:05 . 2012-04-03 06:05 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-03 05:54 . 2012-04-03 05:54 -------- d-----w- c:\windows\system32\wbem\Repository
2012-04-03 00:02 . 2012-04-03 05:54 -------- d-----w- c:\program files\ERUNT
2012-04-02 17:04 . 2012-04-03 05:51 -------- d-s---w- c:\documents and settings\LocalService\UserData
2012-04-02 16:59 . 2012-04-09 21:53 -------- d-sh--w- c:\documents and settings\Chris\Local Settings\Application Data\ad7217cf
2012-04-02 06:46 . 2012-04-02 07:11 -------- d-----w- C:\UTSUSEMI
2012-04-02 02:31 . 2012-04-02 02:31 -------- d-----w- C:\NOMAD
2012-04-01 19:18 . 2012-04-01 19:21 -------- d-----w- c:\program files\ぴんくはてな
2012-04-01 19:07 . 2012-04-01 19:07 -------- d-----w- c:\program files\あかべぇそふとつぅTRY
2012-04-01 03:46 . 2012-04-01 03:46 -------- d-----w- c:\program files\アークシェル
2012-03-31 23:40 . 2012-03-31 23:40 -------- d-----w- c:\program files\DO
2012-03-31 15:31 . 2012-03-31 21:53 -------- d-----w- C:\アイル
2012-03-31 06:26 . 2012-04-03 05:48 -------- d-----w- c:\program files\教えてっ!おねてぃー
2012-03-31 04:36 . 2012-03-31 04:36 -------- d-----w- c:\program files\Vanadis
2012-03-31 02:58 . 2012-03-31 02:58 -------- d-----w- c:\program files\DualMage
2012-03-31 02:22 . 2012-03-31 02:24 -------- d-----w- c:\program files\euphoria
2012-03-31 02:17 . 2012-03-31 02:18 -------- d-----w- c:\documents and settings\Chris\Application Data\蠱惑の刻
2012-03-31 02:13 . 2012-03-31 02:17 -------- d-----w- c:\program files\蠱惑の刻
2012-03-30 21:46 . 2012-03-30 22:06 -------- d-----w- c:\program files\Acmeholic
2012-03-30 21:34 . 2012-03-30 21:34 -------- d-----w- c:\program files\SPEED
2012-03-30 20:42 . 2012-03-30 20:42 196616 ----a-w- c:\windows\system32\SARCheck.dll
2012-03-30 20:40 . 2012-03-30 20:45 -------- d-----w- c:\program files\ドキドキ母娘レッスン
2012-03-30 20:12 . 2012-03-30 20:12 -------- d-----w- C:\萌♂
2012-03-30 19:53 . 2012-03-30 19:53 -------- d-----w- C:\maika
2012-03-30 19:13 . 2012-03-31 00:04 -------- d-----w- c:\program files\touchable
2012-03-30 04:21 . 2012-03-30 04:21 -------- d-----w- c:\program files\Guilty
2012-03-30 02:41 . 2012-03-30 02:41 -------- d-----w- c:\program files\CLOCKUP
2012-03-30 01:53 . 2012-03-30 01:53 -------- d-----w- c:\program files\Atheros
2012-03-29 23:55 . 2012-04-03 00:37 -------- d-----w- C:\temp
2012-03-29 23:54 . 2001-08-18 03:36 26112 -c--a-w- c:\windows\system32\dllcache\EXCH_seos.dll
2012-03-29 23:54 . 2001-08-18 03:36 57856 -c--a-w- c:\windows\system32\dllcache\EXCH_scripto.dll
2012-03-29 23:50 . 2001-08-18 03:36 23040 -c--a-w- c:\windows\system32\dllcache\EXCH_regtrace.exe
2012-03-29 23:45 . 2001-08-18 03:36 38912 -c--a-w- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
2012-03-29 23:41 . 2008-04-14 05:16 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2012-03-29 23:41 . 2001-08-17 18:57 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
2012-03-29 23:41 . 2001-08-17 18:52 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys
2012-03-29 23:41 . 2008-04-15 03:00 7680 -c--a-w- c:\windows\system32\dllcache\migregdb.exe
2012-03-29 23:41 . 2008-04-15 03:00 34304 -c--a-w- c:\windows\system32\dllcache\migisol.exe
2012-03-29 23:41 . 2001-08-17 17:50 320384 -c--a-w- c:\windows\system32\dllcache\mgaum.sys
2012-03-29 23:41 . 2001-08-17 19:56 235648 -c--a-w- c:\windows\system32\dllcache\mgaud.dll
2012-03-29 23:41 . 2008-04-15 03:00 92416 -c--a-w- c:\windows\system32\dllcache\mga.sys
2012-03-29 23:41 . 2008-04-15 03:00 92032 -c--a-w- c:\windows\system32\dllcache\mga.dll
2012-03-29 23:41 . 2008-04-14 05:11 26112 -c--a-w- c:\windows\system32\dllcache\memstpci.sys
2012-03-29 23:41 . 2001-08-18 03:36 47616 -c--a-w- c:\windows\system32\dllcache\memgrp.dll
2012-03-29 23:41 . 2001-08-17 18:58 8320 -c--a-w- c:\windows\system32\dllcache\memcard.sys
2012-03-29 23:39 . 2001-08-17 18:28 727786 -c--a-w- c:\windows\system32\dllcache\ltck000c.sys
2012-03-29 23:39 . 2001-08-17 18:53 4992 -c--a-w- c:\windows\system32\dllcache\loop.sys
2012-03-29 23:39 . 2001-08-17 17:12 70730 -c--a-w- c:\windows\system32\dllcache\lne100tx.sys
2012-03-29 23:39 . 2001-08-17 17:12 20573 -c--a-w- c:\windows\system32\dllcache\lne100.sys
2012-03-29 23:39 . 2008-04-15 03:00 33792 -c--a-w- c:\windows\system32\dllcache\lmmib2.dll
2012-03-29 23:39 . 2001-08-17 17:11 25065 -c--a-w- c:\windows\system32\dllcache\lmndis3.sys
2012-03-29 23:39 . 2008-04-15 03:00 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2012-03-29 23:39 . 2001-08-17 18:51 15744 -c--a-w- c:\windows\system32\dllcache\lit220p.sys
2012-03-29 23:39 . 2001-08-17 17:12 26442 -c--a-w- c:\windows\system32\dllcache\lanepic5.sys
2012-03-29 23:39 . 2001-08-17 17:12 19016 -c--a-w- c:\windows\system32\dllcache\ktc111.sys
2012-03-29 23:39 . 2001-08-18 03:36 37376 -c--a-w- c:\windows\system32\dllcache\kousd.dll
2012-03-29 23:39 . 2008-04-14 10:41 253952 -c--a-w- c:\windows\system32\dllcache\kdsusd.dll
2012-03-29 23:39 . 2008-04-14 10:41 48640 -c--a-w- c:\windows\system32\dllcache\kdsui.dll
2012-03-29 23:37 . 2001-08-18 03:36 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll
2012-03-29 23:37 . 2001-08-17 19:06 100992 -c--a-w- c:\windows\system32\dllcache\icam5usb.sys
2012-03-29 23:37 . 2001-08-18 03:36 20480 -c--a-w- c:\windows\system32\dllcache\icam5ext.dll
2012-03-29 23:37 . 2001-08-18 03:36 45056 -c--a-w- c:\windows\system32\dllcache\icam5com.dll
2012-03-29 23:37 . 2001-08-17 19:06 154496 -c--a-w- c:\windows\system32\dllcache\icam4usb.sys
2012-03-29 23:37 . 2001-08-18 03:36 61952 -c--a-w- c:\windows\system32\dllcache\icam4ext.dll
2012-03-29 23:37 . 2001-08-18 03:36 91136 -c--a-w- c:\windows\system32\dllcache\icam4com.dll
2012-03-29 23:37 . 2001-08-18 03:36 26624 -c--a-w- c:\windows\system32\dllcache\icam3ext.dll
2012-03-29 23:37 . 2001-08-17 19:05 141056 -c--a-w- c:\windows\system32\dllcache\icam3.sys
2012-03-29 23:37 . 2001-08-17 19:06 38528 -c--a-w- c:\windows\system32\dllcache\ibmvcap.sys
2012-03-29 23:37 . 2001-08-17 17:12 109085 -c--a-w- c:\windows\system32\dllcache\ibmtrp.sys
2012-03-29 23:37 . 2001-08-17 17:12 100936 -c--a-w- c:\windows\system32\dllcache\ibmtok.sys
2012-03-29 23:35 . 2001-08-17 18:28 391199 -c--a-w- c:\windows\system32\dllcache\hsf_k56k.sys
2012-03-29 23:35 . 2001-08-18 03:36 9759 -c--a-w- c:\windows\system32\dllcache\hsf_inst.dll
2012-03-29 23:35 . 2001-08-17 18:28 115807 -c--a-w- c:\windows\system32\dllcache\hsf_fsks.sys
2012-03-29 23:35 . 2001-08-17 18:28 199711 -c--a-w- c:\windows\system32\dllcache\hsf_faxx.sys
2012-03-29 23:35 . 2001-08-17 18:28 289887 -c--a-w- c:\windows\system32\dllcache\hsf_fall.sys
2012-03-29 23:35 . 2001-08-17 18:28 67167 -c--a-w- c:\windows\system32\dllcache\hsf_bsc2.sys
2012-03-29 23:35 . 2001-08-17 18:28 150239 -c--a-w- c:\windows\system32\dllcache\hsf_amos.sys
2012-03-29 23:35 . 2001-08-18 03:36 19456 -c--a-w- c:\windows\system32\dllcache\hr1w.dll
2012-03-29 23:35 . 2001-08-17 18:52 5760 -c--a-w- c:\windows\system32\dllcache\hpt4qic.sys
2012-03-29 23:35 . 2001-08-18 03:36 13312 -c--a-w- c:\windows\system32\dllcache\hpsjmcro.dll
2012-03-29 23:35 . 2001-08-18 03:36 324608 -c--a-w- c:\windows\system32\dllcache\hpojwia.dll
2012-03-29 23:35 . 2001-08-18 03:36 32768 -c--a-w- c:\windows\system32\dllcache\hpgtmcro.dll
2012-03-29 23:33 . 2008-04-15 03:00 25600 -c--a-w- c:\windows\system32\dllcache\hidbth.sys
2012-03-29 23:32 . 2001-08-17 17:15 455680 -c--a-w- c:\windows\system32\dllcache\fus2base.sys
2012-03-29 23:31 . 2001-08-17 18:52 7040 -c--a-w- c:\windows\system32\dllcache\exabyte2.sys
2012-03-29 23:30 . 2001-08-18 03:36 61952 -c--a-w- c:\windows\system32\dllcache\eqnloop.exe
2012-03-29 23:29 . 2001-08-17 18:28 634134 -c--a-w- c:\windows\system32\dllcache\el656ct5.sys
2012-03-29 23:28 . 2001-08-18 03:36 37962 -c--a-w- c:\windows\system32\dllcache\divaprop.dll
2012-03-29 23:27 . 2001-08-17 18:52 7424 -c--a-w- c:\windows\system32\dllcache\ddsmc.sys
2012-03-29 23:26 . 2001-08-17 17:19 42112 -c--a-w- c:\windows\system32\dllcache\crtaud.sys
2012-03-29 23:25 . 2001-08-18 03:36 74240 -c--a-w- c:\windows\system32\dllcache\camexo20.dll
2012-03-29 23:24 . 2001-08-17 19:56 342336 -c--a-w- c:\windows\system32\dllcache\banshee.dll
2012-03-29 23:23 . 2008-04-14 03:04 327040 -c--a-w- c:\windows\system32\dllcache\ati2mtaa.sys
2012-03-29 23:22 . 2003-03-24 21:52 20538 -c--a-w- c:\windows\system32\dllcache\fpremadm.exe
2012-03-29 23:13 . 2008-04-15 03:00 18944 ----a-w- c:\windows\system32\simptcp.dll
2012-03-29 23:12 . 2008-04-15 03:00 18944 -c--a-w- c:\windows\system32\dllcache\lprmon.dll
2012-03-29 23:12 . 2008-04-15 03:00 18944 ----a-w- c:\windows\system32\lprmon.dll
2012-03-29 23:12 . 2008-04-15 03:00 22528 -c--a-w- c:\windows\system32\dllcache\lpdsvc.dll
2012-03-29 23:12 . 2008-04-15 03:00 22528 ----a-w- c:\windows\system32\lpdsvc.dll
2012-03-29 22:15 . 2012-03-30 04:05 -------- d-----w- C:\CLOCKUP
2012-03-29 21:59 . 2012-03-29 21:59 23376 ----a-r- c:\windows\system32\SZIO5.dll
2012-03-29 21:59 . 2012-03-29 21:59 546640 ----a-r- c:\windows\system32\SZComp5.dll
2012-03-29 21:59 . 2012-03-29 21:59 481104 ----a-r- c:\windows\system32\SZBase5.dll
2012-03-29 21:36 . 2012-03-29 21:36 72080 ----a-r- c:\windows\system32\drivers\SZKGFS.sys
2012-03-29 20:57 . 2012-03-29 22:46 -------- d-----w- c:\program files\eclipse
2012-03-29 18:35 . 2012-03-29 18:35 90112 ------w- c:\windows\system32\comprsh.dll
2012-03-26 03:07 . 2012-03-26 03:09 -------- d-----w- c:\program files\TinkerBell
2012-03-25 07:04 . 2012-03-30 22:16 -------- d-----w- c:\program files\ソニア
2012-03-25 06:13 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 21:49 . 2010-10-12 20:02 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-24 20:28 . 2012-02-24 20:28 99728 ----a-r- c:\windows\system32\drivers\SZKG.sys
2012-02-24 20:28 . 2012-02-24 20:28 99728 ----a-r- c:\windows\system32\drivers\is3srv.sys
2012-02-23 19:09 . 2012-02-23 19:09 29008 ----a-r- c:\windows\system32\IS3XDat5.dll
2012-02-23 19:09 . 2012-02-23 19:09 390992 ----a-r- c:\windows\system32\IS3UI5.dll
2012-02-23 19:09 . 2012-02-23 19:09 231248 ----a-r- c:\windows\system32\IS3Win325.dll
2012-02-23 19:09 . 2012-02-23 19:09 100176 ----a-r- c:\windows\system32\IS3Svc5.dll
2012-02-23 19:09 . 2012-02-23 19:09 132944 ----a-r- c:\windows\system32\IS3HTUI5.dll
2012-02-23 19:09 . 2012-02-23 19:09 104272 ----a-r- c:\windows\system32\IS3Inet5.dll
2012-02-23 19:09 . 2012-02-23 19:09 67408 ----a-r- c:\windows\system32\IS3Hks5.dll
2012-02-23 19:09 . 2012-02-23 19:09 456528 ----a-r- c:\windows\system32\IS3DBA5.dll
2012-02-23 19:09 . 2012-02-23 19:09 808784 ----a-r- c:\windows\system32\IS3Base5.dll
2012-02-03 09:22 . 2008-04-15 03:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2010-06-02 10:22 . 2010-06-02 10:22 89944 ----a-w- c:\program files\DSETUP.dll
2010-06-02 10:22 . 2010-06-02 10:22 537432 ----a-w- c:\program files\DXSETUP.exe
2010-06-02 10:22 . 2010-06-02 10:22 1801048 ----a-w- c:\program files\dsetup32.dll
2012-03-13 04:39 . 2012-03-25 06:16 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-15 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-16 16862720]
"AzMixerSel"="c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2006-07-17 53248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1044480]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-15 208952]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-05-14 821768]
"PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2008-05-22 425984]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\documents and settings\Chris\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-6-4 114688]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\ソ\ニア\\極楽バイパー ランジェリー 赤\\Bin\\VPLanRed.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Documents and Settings\\Chris\\My Documents\\Downloads\\STOPzilla_Setup.exe"=
"c:\\Program Files\\STOPzilla!\\distro-amzn-is3.exe"=
"c:\\Program Files\\Common Files\\Java\\Java Update\\jucheck.exe"=
.
R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [2/24/2012 3:28 PM 99728]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [3/29/2012 4:36 PM 72080]
R2 {09BB444F-B2E2-4009-BAF2-7B727681223E};BuddyVM;c:\program files\VMLaunch\BuddyVM.sys [3/25/2009 12:56 PM 15488]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [1/3/2011 5:10 AM 21992]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2/23/2009 9:59 AM 652360]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [10/13/2009 8:33 PM 95200]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/23/2009 9:50 AM 24652]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2/23/2009 9:59 AM 20464]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [2/24/2012 3:28 PM 99728]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 10:58 AM 11336]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2/23/2009 1:15 AM 96856]
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\lrp7h7bg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Yahoo-FlvTube
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://flvtubesearch.co/?prt=02ff&clid=&subid=&Keywords=
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Notify-TPSvc - TPSvc.dll
SafeBoot-80174812.sys
AddRemove-haregaku_m_is1 - c:\rapapuru\haregaku\unins000.exe
AddRemove-inyou_shock - c:\program files\淫妖蟲 蝕\uninst.exe
AddRemove-MP4 Player - c:\program files\MP4 Player\uninst.exe
AddRemove-NTFS Undelete_is1 - e:\ntfs undelete\unins000.exe
AddRemove-Recuva - c:\program files\Recuva\uninst.exe
AddRemove-solfa28 - c:\program files\sol-fa-soft\麦わら帽子と水辺の妖精\epuninst.exe
AddRemove-titininja - c:\windows\IsUn0411.exe
AddRemove-Twin_Knight - c:\windows\IsUn0411.exe
AddRemove-VPLanBlack - c:\windows\IsUn0411.exe
AddRemove-VPLanRed - c:\windows\IsUn0411.exe
AddRemove-VPLanViolet - c:\windows\IsUn0411.exe
AddRemove-Yahoo! Messenger - c:\progra~1\Yahoo!\MESSEN~1\UNWISE.EXE
AddRemove-{25136D99-7F99-4861-B7B2-B2430D4297F4} - c:\program files\Aile\relations sister×sister\Uninstall.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
AddRemove-おっぱい小さくて何が悪いのさ!_is1 - c:\program files\SwanMania\おっぱい小さくて何が悪いのさ!\unins000.exe
AddRemove-アイドル★ハーレム - c:\windows\IsUn0411.exe
AddRemove-口唇包柔~うさみみ調教 白く濡れる女体たち~ - c:\windows\IsUn0411.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-09 16:59
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-123947885-3055150098-3939964369-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\EROTICA PEACH\0j00O0・n0ラS纐*0^7_6R'`竡ロcT0qN、N^]
"Order"=hex:08,00,00,00,02,00,00,00,22,01,00,00,01,00,00,00,02,00,00,00,80,00,
00,00,00,00,00,00,72,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,60,00,36,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\經�U�Sヤg^F0U000ソ該e*0}vO0痂・・sYSO_0a0^]
"UninstallString"="c:\\WINDOWS\\IsUn0411.exe -f\"c:\\Program Files\\アークシェル\\口唇包柔\\koushin.isu\""
"DisplayName"="口唇包柔~うさみみ調教 白く濡れる女体たち~"
.
[HKEY_LOCAL_MACHINE\software\S*t*u*d*i*o*ェ尻`\エ0ヒ0・��]
"InstalledFolder"="c:\\Studio邪恋\\ゴニン!?"
.
[HKEY_LOCAL_MACHINE\software\「0・ッ0キ0ァ0・\經�U�Sヤg^F0U000ソ該e*0}vO0痂・・sYSO_0a0^\1.00.000]
"srcpath"="d:\\koushin\\"
"dstpath"="c:\\Program Files\\アークシェル\\口唇包柔"
"Version"="0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(4088)
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\iS3\Anti-Spyware\SZServer.exe
c:\windows\system32\netdde.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\conime.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\igfxext.exe
c:\docume~1\Chris\LOCALS~1\Temp\RtkBtMnt.exe
.
**************************************************************************
.
Completion time: 2012-04-09 17:07:47 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-09 22:07
.
Pre-Run: 23,123,763,200 bytes free
Post-Run: 23,393,112,064 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer
[spybotsd]
timeout.old=30
.
- - End Of File - - 1621D9446E5E7A2AC81669AFC9586778
rockmypunkk
2012-04-10, 02:26
Ran stopzilla again and 100 of the infections are gone but 67 still remain I'll type them out and their locations
GASF count 1 type trojan severity 5/5 location c:\system volume information\_restore{d24a3be8-4cbb-48d0-81ad-acafa6a6c48b}\rp576\a0222095.sys
Vundo.A7 count 1 type hijacker severity 5/5 location c:\system volume information\_restore{d24a3be8-4cbb-48d0-81ad-acafa6a6c48b}\rp589\a0228623.exe
Trojan.Win32.Redirector.gen count 3 type Spyware, Hijacker, Adware Severity 4/5 location c:\windows\swreg.exe
lpv4mons count 1 type Spyware, Adware Severity 4/5 location hklm\software\Microsoft\Windows\CurrentVersion\Control Panel\load
Rogue.Win32.AntiVirus8 count 30 type Rogue Severity 4/5 location hkus\.default\software\Microsoft\Windows\CurrentVersion\InternetSettings\ZoneMap\Domains\gensoftdownload.com
Rootkit.win32.sirefef Count 30 type Trojan Severity 4/5 location hklm\system\ControlSet001\Enum\Root\LEGACY_MBR
Appconf32 Count 2 type trojan severity 4/5 location c:\system volume information\_restore{d24a3be8-4cbb-48d0-81ad-acafa6a6c48b}\rp576\a0222091.exe
DesktopVirii Count 1 type trojan severity 4/5 location c:\windows\system32\autorun\app\launchm\instcat.dll
Trojan.Win32.Mal.gen!b32 count 1 type trojan severity 4/5 location hkus\s-1-5-21-123947885-3055150098-3939964369-1006\software\Microsoft\OLE
Alexmo count 1 type trojan severity 3/5 location c:\windows\eiunin21.exe
As the infections that have more than 1 count have multiple locations I have only typed the first one, unless requested for the other locations
Hi rockmypunkk,
Do you know if it also cleaned the infections stopzilla found?No, it hasnt cleaned out everything yet. I need to look through the logs from Combofix and DDS before we deal with them.
Ran stopzilla again and 100 of the infections are gone but 67 still remain I'll type them out and their locationsPlease do not run any more scans unless instructed so here. As I said before, this can be a tricky infection to remove, if you do it wrong you can turn your computer into an expensive paper weight.
No anti-virus
Looking over your log, it seems you don't have any anti-virus software installed.
Please download and install a free anti-virus software from one these excellent vendors.
avast! Home Edition (http://www.avast.com/index) - Anti-virus program for Windows. The home edition is freeware for noncommercial users.
Microsoft Security Essentials (http://www.microsoft.com/security_essentials/) - Free and provides real-time protection for your home PC.
Note: You should run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and results in program conflicts and false virus alerts.
I will post further instructions later today.
diver79
rockmypunkk
2012-04-10, 14:39
Okay I've installed avast av and await further instructions
Hi rockmypunkk,
Please run the Combofix cfscript below and then re-run DDS. Let me know how the PC is performing after running the fix.
ComboFix - CFScript
This script is for this user and computer ONLY! Using this tool incorrectly could cause problems with your operating system... preventing it from ever starting again!
You will not have Internet access when you execute ComboFix. All open windows will need to be closed!
Please open Notepad and copy/paste all the text below... into the window:
DDS::
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - No File
BHO: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
FireFox::
FF - ProfilePath - c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\lrp7h7bg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Yahoo-FlvTube
FF - prefs.js: keyword.URL - hxxp://flvtubesearch.co/?prt=02ff&clid=&subid=&Keywords=
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
File::
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At4.job
ADS::
C:\Documents and Settings\All Users\Application Data\TEMP:AC6124CA
ClearJavaCache::
Save it to your desktop as CFScript.txt
Please disable avast! Antivirus .
Right Click on the Avast! icon in the System tray and select Avast Shields Control.
Select Disable until Computer is restarted.
Please close all open application windows.
Drag the CFScript.txt (icon) into the ComboFix.exe icon... as seen in the image below:
http://i526.photobucket.com/albums/cc345/MPKwings/ComboFixScriptDrag.gif
This will cause ComboFix to run again.
Do Not use your keyboard or mouse click anywhere in the ComboFix window, as this may cause the program to stall or crash.
Do Not touch your computer when ComboFix is running!
When finished ComboFix will create a log file... you can save this file to a convenient place.
Please copy/paste the ComboFix log file in your next reply.
Next re-run DDS and post the contents of dds.txt
Let me know how the computer is performing after you run Combofix.
rockmypunkk
2012-04-10, 23:46
NIRCMD.exe file not found error popped up again after running combofix, and my wireless card keeps getting disabled or it fails the ARP cache clear when repairing it
ComboFix 12-04-09.05 - Chris 0/2012 Tue 16:15:07.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.932.81.1033.18.1012.577 [GMT -5:00]
Running from: c:\documents and settings\Chris\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Chris\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\windows\Tasks\At1.job"
"c:\windows\Tasks\At2.job"
"c:\windows\Tasks\At3.job"
"c:\windows\Tasks\At4.job"
.
Error: Cfiles.dat
.
((((((((((((((((((((((((( Files Created from 2012-03-10 to 2012-04-10 )))))))))))))))))))))))))))))))
.
.
2012-04-10 12:29 . 2012-03-06 23:01 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-04-10 12:29 . 2012-03-06 23:03 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-04-10 12:29 . 2012-03-06 23:02 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-04-10 12:29 . 2012-03-06 23:01 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-04-10 12:29 . 2012-03-06 23:03 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-04-10 12:29 . 2012-03-06 23:01 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-04-10 12:29 . 2012-03-06 23:01 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-04-10 12:29 . 2012-03-06 22:58 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-04-10 12:26 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-04-10 12:25 . 2012-03-06 23:15 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-04-10 12:24 . 2012-04-10 12:24 -------- d-----w- c:\program files\AVAST Software
2012-04-10 12:24 . 2012-04-10 12:24 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2012-04-04 21:50 . 2012-04-04 21:50 -------- d-----w- c:\program files\Common Files\Java
2012-04-04 21:50 . 2012-04-04 21:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-03 06:29 . 2012-01-19 15:22 42864 ----a-r- c:\windows\system32\SBBD.EXE
2012-04-03 06:29 . 2012-01-12 14:26 101112 ----a-r- c:\windows\system32\drivers\SBREDrv.sys
2012-04-03 06:29 . 2012-04-03 06:29 -------- d-----w- c:\program files\STOPzilla!
2012-04-03 06:29 . 2012-04-03 06:29 -------- d-----w- c:\program files\Common Files\iS3
2012-04-03 06:29 . 2012-04-10 21:24 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2012-04-03 06:25 . 2012-04-03 06:35 -------- d-----w- c:\program files\Common Files\PC Tools
2012-04-03 06:25 . 2012-04-03 06:25 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2012-04-03 06:25 . 2012-04-03 06:25 -------- d-----w- c:\documents and settings\Chris\Application Data\TestApp
2012-04-03 06:05 . 2012-04-03 06:05 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-03 05:54 . 2012-04-03 05:54 -------- d-----w- c:\windows\system32\wbem\Repository
2012-04-03 00:02 . 2012-04-03 05:54 -------- d-----w- c:\program files\ERUNT
2012-04-02 21:59 . 2008-06-20 11:51 361600 -c----w- c:\windows\system32\dllcache\tcpip.sys
2012-04-02 17:04 . 2012-04-03 05:51 -------- d-s---w- c:\documents and settings\LocalService\UserData
2012-04-02 16:59 . 2012-04-09 21:53 -------- d-sh--w- c:\documents and settings\Chris\Local Settings\Application Data\ad7217cf
2012-04-02 06:46 . 2012-04-02 07:11 -------- d-----w- C:\UTSUSEMI
2012-04-02 02:31 . 2012-04-02 02:31 -------- d-----w- C:\NOMAD
2012-04-01 19:18 . 2012-04-01 19:21 -------- d-----w- c:\program files\ぴんくはてな
2012-04-01 19:07 . 2012-04-01 19:07 -------- d-----w- c:\program files\あかべぇそふとつぅTRY
2012-04-01 03:46 . 2012-04-01 03:46 -------- d-----w- c:\program files\アークシェル
2012-03-31 23:40 . 2012-03-31 23:40 -------- d-----w- c:\program files\DO
2012-03-31 15:31 . 2012-03-31 21:53 -------- d-----w- C:\アイル
2012-03-31 06:26 . 2012-04-03 05:48 -------- d-----w- c:\program files\教えてっ!おねてぃー
2012-03-31 04:36 . 2012-03-31 04:36 -------- d-----w- c:\program files\Vanadis
2012-03-31 02:58 . 2012-03-31 02:58 -------- d-----w- c:\program files\DualMage
2012-03-31 02:22 . 2012-03-31 02:24 -------- d-----w- c:\program files\euphoria
2012-03-31 02:17 . 2012-03-31 02:18 -------- d-----w- c:\documents and settings\Chris\Application Data\蠱惑の刻
2012-03-31 02:13 . 2012-03-31 02:17 -------- d-----w- c:\program files\蠱惑の刻
2012-03-30 21:46 . 2012-03-30 22:06 -------- d-----w- c:\program files\Acmeholic
2012-03-30 21:34 . 2012-03-30 21:34 -------- d-----w- c:\program files\SPEED
2012-03-30 20:42 . 2012-03-30 20:42 196616 ----a-w- c:\windows\system32\SARCheck.dll
2012-03-30 20:40 . 2012-03-30 20:45 -------- d-----w- c:\program files\ドキドキ母娘レッスン
2012-03-30 20:12 . 2012-03-30 20:12 -------- d-----w- C:\萌♂
2012-03-30 19:53 . 2012-03-30 19:53 -------- d-----w- C:\maika
2012-03-30 19:13 . 2012-03-31 00:04 -------- d-----w- c:\program files\touchable
2012-03-30 04:21 . 2012-03-30 04:21 -------- d-----w- c:\program files\Guilty
2012-03-30 02:41 . 2012-03-30 02:41 -------- d-----w- c:\program files\CLOCKUP
2012-03-30 01:53 . 2012-03-30 01:53 -------- d-----w- c:\program files\Atheros
2012-03-29 23:58 . 2001-08-17 17:51 58368 -c--a-w- c:\windows\system32\dllcache\smiminib.sys
2012-03-29 23:56 . 2008-04-15 03:00 38912 -c--a-w- c:\windows\system32\dllcache\sm9aw.dll
2012-03-29 23:55 . 2001-08-17 17:50 50432 -c--a-w- c:\windows\system32\dllcache\sisv.sys
2012-03-29 23:55 . 2008-04-14 03:05 32768 -c--a-w- c:\windows\system32\dllcache\sisnic.sys
2012-03-29 23:55 . 2001-08-18 03:36 238592 -c--a-w- c:\windows\system32\dllcache\sisgrv.dll
2012-03-29 23:55 . 2001-08-17 17:50 104064 -c--a-w- c:\windows\system32\dllcache\sisgrp.sys
2012-03-29 23:55 . 2001-08-17 19:56 150144 -c--a-w- c:\windows\system32\dllcache\sis6306v.dll
2012-03-29 23:55 . 2001-08-17 17:50 68608 -c--a-w- c:\windows\system32\dllcache\sis6306p.sys
2012-03-29 23:55 . 2001-08-17 19:56 252032 -c--a-w- c:\windows\system32\dllcache\sis300iv.dll
2012-03-29 23:55 . 2001-08-17 17:50 101760 -c--a-w- c:\windows\system32\dllcache\sis300ip.sys
2012-03-29 23:55 . 2008-04-15 03:00 3901 -c--a-w- c:\windows\system32\dllcache\siint5.dll
2012-03-29 23:55 . 2012-04-03 00:37 -------- d-----w- C:\temp
2012-03-29 23:55 . 2001-07-21 19:29 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys
2012-03-29 23:54 . 2001-07-21 19:29 18400 -c--a-w- c:\windows\system32\dllcache\sgsmld.sys
2012-03-29 23:54 . 2001-08-17 17:51 98080 -c--a-w- c:\windows\system32\dllcache\sgiulnt5.sys
2012-03-29 23:54 . 2001-08-18 03:36 386560 -c--a-w- c:\windows\system32\dllcache\sgiul50.dll
2012-03-29 23:54 . 2001-08-17 17:19 36480 -c--a-w- c:\windows\system32\dllcache\sfmanm.sys
2012-03-29 23:54 . 2001-08-17 18:53 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2012-03-29 23:54 . 2001-08-17 18:48 17664 -c--a-w- c:\windows\system32\dllcache\sermouse.sys
2012-03-29 23:54 . 2001-08-18 03:36 26112 -c--a-w- c:\windows\system32\dllcache\EXCH_seos.dll
2012-03-29 23:54 . 2001-08-17 18:53 6912 -c--a-w- c:\windows\system32\dllcache\seaddsmc.sys
2012-03-29 23:54 . 2008-04-14 05:15 11520 -c--a-w- c:\windows\system32\dllcache\scsiscan.sys
2012-03-29 23:54 . 2001-08-17 18:52 11648 -c--a-w- c:\windows\system32\dllcache\scsiprnt.sys
2012-03-29 23:54 . 2001-08-18 03:36 57856 -c--a-w- c:\windows\system32\dllcache\EXCH_scripto.dll
2012-03-29 23:53 . 2001-08-17 18:51 17280 -c--a-w- c:\windows\system32\dllcache\scr111.sys
2012-03-29 23:53 . 2001-08-17 18:51 16640 -c--a-w- c:\windows\system32\dllcache\scmstcs.sys
2012-03-29 23:53 . 2001-08-17 18:51 23936 -c--a-w- c:\windows\system32\dllcache\sccmusbm.sys
2012-03-29 23:53 . 2001-08-17 18:51 23936 -c--a-w- c:\windows\system32\dllcache\sccmn50m.sys
2012-03-29 23:53 . 2008-04-15 03:00 43904 -c--a-w- c:\windows\system32\dllcache\sbp2port.sys
2012-03-29 23:53 . 2001-08-18 03:36 495616 -c--a-w- c:\windows\system32\dllcache\sblfx.dll
2012-03-29 23:53 . 2001-08-17 17:50 75392 -c--a-w- c:\windows\system32\dllcache\s3savmxm.sys
2012-03-29 23:53 . 2001-08-17 19:56 245632 -c--a-w- c:\windows\system32\dllcache\s3savmx.dll
2012-03-29 23:53 . 2001-08-17 17:50 77824 -c--a-w- c:\windows\system32\dllcache\s3sav4m.sys
2012-03-29 23:53 . 2001-08-17 19:56 198400 -c--a-w- c:\windows\system32\dllcache\s3sav4.dll
2012-03-29 23:52 . 2001-08-17 17:50 61504 -c--a-w- c:\windows\system32\dllcache\s3sav3dm.sys
2012-03-29 23:52 . 2001-08-17 19:56 179264 -c--a-w- c:\windows\system32\dllcache\s3sav3d.dll
2012-03-29 23:52 . 2001-08-17 19:56 210496 -c--a-w- c:\windows\system32\dllcache\s3mvirge.dll
2012-03-29 23:52 . 2001-08-18 03:36 62496 -c--a-w- c:\windows\system32\dllcache\s3mtrio.dll
2012-03-29 23:52 . 2001-08-17 17:50 41216 -c--a-w- c:\windows\system32\dllcache\s3mt3d.sys
2012-03-29 23:52 . 2001-08-17 19:56 182272 -c--a-w- c:\windows\system32\dllcache\s3mt3d.dll
2012-03-29 23:52 . 2001-08-17 17:50 166720 -c--a-w- c:\windows\system32\dllcache\s3m.sys
2012-03-29 23:52 . 2001-08-17 18:57 65664 -c--a-w- c:\windows\system32\dllcache\s3legacy.sys
2012-03-29 23:52 . 2008-04-14 03:04 166912 -c--a-w- c:\windows\system32\dllcache\s3gnbm.sys
2012-03-29 23:52 . 2008-04-14 10:42 397056 -c--a-w- c:\windows\system32\dllcache\s3gnb.dll
2012-03-29 23:50 . 2001-08-18 03:36 86097 -c--a-w- c:\windows\system32\dllcache\reslog32.dll
2012-03-29 23:49 . 2001-08-17 18:28 112574 -c--a-w- c:\windows\system32\dllcache\ptserlp.sys
2012-03-29 23:48 . 2001-08-17 19:07 19840 -c--a-w- c:\windows\system32\dllcache\philtune.sys
2012-03-29 23:48 . 2001-08-17 19:04 92416 -c--a-w- c:\windows\system32\dllcache\phildec.sys
2012-03-29 23:48 . 2001-08-17 19:04 173696 -c--a-w- c:\windows\system32\dllcache\philcam2.sys
2012-03-29 23:48 . 2001-08-17 19:04 75776 -c--a-w- c:\windows\system32\dllcache\philcam1.sys
2012-03-29 23:48 . 2001-08-18 03:36 16384 -c--a-w- c:\windows\system32\dllcache\philcam1.dll
2012-03-29 23:48 . 2008-04-14 10:40 259328 -c--a-w- c:\windows\system32\dllcache\perm3dd.dll
2012-03-29 23:48 . 2008-04-14 05:14 28032 -c--a-w- c:\windows\system32\dllcache\perm3.sys
2012-03-29 23:48 . 2008-04-14 10:40 211584 -c--a-w- c:\windows\system32\dllcache\perm2dll.dll
2012-03-29 23:48 . 2008-04-14 05:14 27904 -c--a-w- c:\windows\system32\dllcache\perm2.sys
2012-03-29 23:48 . 2008-04-14 02:42 169984 -c--a-w- c:\windows\system32\dllcache\pcx500.sys
2012-03-29 23:48 . 2001-08-18 03:36 86016 -c--a-w- c:\windows\system32\dllcache\pctspk.exe
2012-03-29 23:48 . 2001-08-17 17:11 35328 -c--a-w- c:\windows\system32\dllcache\pcntpci5.sys
2012-03-29 23:47 . 2001-08-17 17:11 29769 -c--a-w- c:\windows\system32\dllcache\pcntn5m.sys
2012-03-29 23:47 . 2001-08-17 17:11 30282 -c--a-w- c:\windows\system32\dllcache\pcntn5hl.sys
2012-03-29 23:47 . 2001-08-17 17:12 26153 -c--a-w- c:\windows\system32\dllcache\pcmlm56.sys
2012-03-29 23:47 . 2008-04-14 03:05 29502 -c--a-w- c:\windows\system32\dllcache\pca200e.sys
2012-03-29 23:47 . 2001-08-17 17:12 30495 -c--a-w- c:\windows\system32\dllcache\pc100nds.sys
2012-03-29 23:47 . 2001-08-18 03:36 41984 -c--a-w- c:\windows\system32\dllcache\ovui2rc.dll
2012-03-29 23:47 . 2001-08-18 03:36 44544 -c--a-w- c:\windows\system32\dllcache\ovui2.dll
2012-03-29 23:47 . 2001-08-17 19:05 25216 -c--a-w- c:\windows\system32\dllcache\ovsound2.sys
2012-03-29 23:47 . 2001-08-18 03:36 39424 -c--a-w- c:\windows\system32\dllcache\ovcoms.exe
2012-03-29 23:47 . 2001-08-18 03:36 20480 -c--a-w- c:\windows\system32\dllcache\ovcomc.dll
2012-03-29 23:46 . 2001-08-17 19:05 351616 -c--a-w- c:\windows\system32\dllcache\ovcodek2.sys
2012-03-29 23:46 . 2001-08-18 03:36 116736 -c--a-w- c:\windows\system32\dllcache\ovcodec2.dll
2012-03-29 23:46 . 2001-08-17 19:05 31872 -c--a-w- c:\windows\system32\dllcache\ovce.sys
2012-03-29 23:46 . 2001-08-17 19:05 28032 -c--a-w- c:\windows\system32\dllcache\ovcd.sys
2012-03-29 23:46 . 2001-08-17 19:05 48000 -c--a-w- c:\windows\system32\dllcache\ovcam2.sys
2012-03-29 23:46 . 2001-08-17 19:05 25088 -c--a-w- c:\windows\system32\dllcache\ovca.sys
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 21:49 . 2010-10-12 20:02 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-04 20:56 . 2009-02-23 14:59 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-24 20:28 . 2012-02-24 20:28 99728 ----a-r- c:\windows\system32\drivers\SZKG.sys
2012-02-24 20:28 . 2012-02-24 20:28 99728 ----a-r- c:\windows\system32\drivers\is3srv.sys
2012-02-23 19:09 . 2012-02-23 19:09 29008 ----a-r- c:\windows\system32\IS3XDat5.dll
2012-02-23 19:09 . 2012-02-23 19:09 390992 ----a-r- c:\windows\system32\IS3UI5.dll
2012-02-23 19:09 . 2012-02-23 19:09 231248 ----a-r- c:\windows\system32\IS3Win325.dll
2012-02-23 19:09 . 2012-02-23 19:09 100176 ----a-r- c:\windows\system32\IS3Svc5.dll
2012-02-23 19:09 . 2012-02-23 19:09 132944 ----a-r- c:\windows\system32\IS3HTUI5.dll
2012-02-23 19:09 . 2012-02-23 19:09 104272 ----a-r- c:\windows\system32\IS3Inet5.dll
2012-02-23 19:09 . 2012-02-23 19:09 67408 ----a-r- c:\windows\system32\IS3Hks5.dll
2012-02-23 19:09 . 2012-02-23 19:09 456528 ----a-r- c:\windows\system32\IS3DBA5.dll
2012-02-23 19:09 . 2012-02-23 19:09 808784 ----a-r- c:\windows\system32\IS3Base5.dll
2012-02-03 09:22 . 2008-04-15 03:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2010-06-02 10:22 . 2010-06-02 10:22 89944 ----a-w- c:\program files\DSETUP.dll
2010-06-02 10:22 . 2010-06-02 10:22 537432 ----a-w- c:\program files\DXSETUP.exe
2010-06-02 10:22 . 2010-06-02 10:22 1801048 ----a-w- c:\program files\dsetup32.dll
2012-03-13 04:39 . 2012-03-25 06:16 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-09_22.00.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-12 05:02 . 2009-07-12 05:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2009-07-12 05:05 . 2009-07-12 05:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-12 05:05 . 2009-07-12 05:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2012-04-10 12:11 . 2012-04-10 12:11 16384 c:\windows\Temp\Perflib_Perfdata_664.dat
+ 2009-07-12 05:02 . 2009-07-12 05:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-12 05:05 . 2009-07-12 05:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2012-04-10 12:27 . 2012-04-10 12:27 219648 c:\windows\Installer\f0366.msi
+ 2012-04-10 12:12 . 2012-04-10 12:12 253952 c:\windows\ERDNT\AutoBackup\4-10-2012\Users\00000002\UsrClass.dat
+ 2012-04-10 12:12 . 2005-10-20 17:02 163328 c:\windows\ERDNT\AutoBackup\4-10-2012\ERDNT.EXE
+ 2009-07-12 05:02 . 2009-07-12 05:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
+ 2012-04-10 12:12 . 2012-04-10 12:12 13766656 c:\windows\ERDNT\AutoBackup\4-10-2012\Users\00000001\ntuser.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-16 16862720]
"AzMixerSel"="c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2006-07-17 53248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1044480]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-15 208952]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-05-14 821768]
"PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2008-05-22 425984]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
.
c:\documents and settings\Chris\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-6-4 114688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TPSvc]
TPSvc.dll [BU]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\ソ\ニア\\極楽バイパー ランジェリー 赤\\Bin\\VPLanRed.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Documents and Settings\\Chris\\My Documents\\Downloads\\STOPzilla_Setup.exe"=
"c:\\Program Files\\STOPzilla!\\distro-amzn-is3.exe"=
"c:\\Program Files\\Common Files\\Java\\Java Update\\jucheck.exe"=
.
R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [2/24/2012 3:28 PM 99728]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [3/29/2012 4:36 PM 72080]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [4/10/2012 7:29 AM 337880]
R2 {09BB444F-B2E2-4009-BAF2-7B727681223E};BuddyVM;c:\program files\VMLaunch\BuddyVM.sys [3/25/2009 12:56 PM 15488]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/10/2012 7:29 AM 20696]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [1/3/2011 5:10 AM 21992]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2/23/2009 9:59 AM 654408]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [10/13/2009 8:33 PM 95200]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/23/2009 9:50 AM 24652]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2/23/2009 9:59 AM 22344]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [2/24/2012 3:28 PM 99728]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [4/10/2012 7:29 AM 612184]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 10:58 AM 11336]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2/23/2009 1:15 AM 96856]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - AAVMKER4
*NewlyCreated* - ASWFSBLK
*NewlyCreated* - ASWMON2
*NewlyCreated* - ASWRDR
*NewlyCreated* - ASWSP
*NewlyCreated* - ASWTDI
*NewlyCreated* - AVAST!_ANTIVIRUS
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\lrp7h7bg.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-10 16:24
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-123947885-3055150098-3939964369-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\EROTICA PEACH\0j00O0・n0ラS纐*0^7_6R'`竡ロcT0qN、N^]
"Order"=hex:08,00,00,00,02,00,00,00,22,01,00,00,01,00,00,00,02,00,00,00,80,00,
00,00,00,00,00,00,72,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,60,00,36,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\經�U�Sヤg^F0U000ソ該e*0}vO0痂・・sYSO_0a0^]
"UninstallString"="c:\\WINDOWS\\IsUn0411.exe -f\"c:\\Program Files\\アークシェル\\口唇包柔\\koushin.isu\""
"DisplayName"="口唇包柔~うさみみ調教 白く濡れる女体たち~"
.
[HKEY_LOCAL_MACHINE\software\S*t*u*d*i*o*ェ尻`\エ0ヒ0・��]
"InstalledFolder"="c:\\Studio邪恋\\ゴニン!?"
.
[HKEY_LOCAL_MACHINE\software\「0・ッ0キ0ァ0・\經�U�Sヤg^F0U000ソ該e*0}vO0痂・・sYSO_0a0^\1.00.000]
"srcpath"="d:\\koushin\\"
"dstpath"="c:\\Program Files\\アークシェル\\口唇包柔"
"Version"="0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(728)
c:\windows\system32\igfxdev.dll
.
- - - - - - - > 'explorer.exe'(2604)
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-04-10 16:29:33
ComboFix-quarantined-files.txt 2012-04-10 21:29
ComboFix2.txt 2012-04-09 22:07
rockmypunkk
2012-04-10, 23:50
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_31
Run by Chris at 16:47:43 on 2012-04-10
Microsoft Windows XP Home Edition 5.1.2600.3.932.81.1033.18.1012.358 [GMT -5:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
c:\PROGRA~1\mcafee\SITEAD~1\saui.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.msn.com
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - No File
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: STOPzilla Browser Helper Object: {e3215f20-3212-11d6-9f8b-00d0b743919d} - c:\program files\stopzilla!\SZIEBHO.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
mRun: [LaunchApp] Alaunch
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AzMixerSel] c:\program files\realtek\audio\installshield\AzMixerSel.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [LManager] c:\progra~1\launch~1\QtZgAcer.EXE
mRun: [PLFSetL] c:\windows\PLFSetL.exe
mRun: [eRecoveryService] c:\acer\empowering technology\erecovery\eRAgent.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
StartupFolder: c:\docume~1\chris\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\interv~1.lnk - c:\program files\intervideo\common\bin\WinCinemaMgr.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{FC95DAB5-2C4C-4702-8CED-AD0C49E9A417} : DhcpNameServer = 75.75.75.75 75.75.76.76
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: igfxcui - igfxdev.dll
Notify: TPSvc - TPSvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\chris\application data\mozilla\firefox\profiles\lrp7h7bg.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\browser\nppdf32(2).dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
.
============= SERVICES / DRIVERS ===============
.
R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [2012-2-24 99728]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [2012-3-29 72080]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-4-10 337880]
R2 {09BB444F-B2E2-4009-BAF2-7B727681223E};BuddyVM;c:\program files\vmlaunch\BuddyVM.sys [2009-3-25 15488]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-4-10 20696]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-4-10 44768]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-1-3 21992]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-2-23 654408]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-10-13 95200]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-2-23 24652]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-2-23 22344]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [2012-2-24 99728]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-4-10 612184]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-2-23 96856]
.
=============== Created Last 30 ================
.
2012-04-10 21:12:06 -------- d-----w- C:\ComboFix
2012-04-10 12:29:14 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-04-10 12:26:08 41184 ----a-w- c:\windows\avastSS.scr
2012-04-10 12:24:39 -------- d-----w- c:\program files\AVAST Software
2012-04-10 12:24:39 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2012-04-09 21:31:44 -------- d-sha-r- C:\cmdcons
2012-04-09 21:29:56 98816 ----a-w- c:\windows\sed.exe
2012-04-09 21:29:56 208896 ----a-w- c:\windows\MBR.exe
2012-04-04 21:50:06 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-03 06:29:47 42864 ----a-r- c:\windows\system32\SBBD.EXE
2012-04-03 06:29:47 101112 ----a-r- c:\windows\system32\drivers\SBREDrv.sys
2012-04-03 06:29:38 -------- d-----w- c:\program files\STOPzilla!
2012-04-03 06:29:36 -------- d-----w- c:\program files\common files\iS3
2012-04-03 06:29:35 -------- d-----w- c:\documents and settings\all users\application data\STOPzilla!
2012-04-03 06:25:39 -------- d-----w- c:\program files\common files\PC Tools
2012-04-03 06:25:03 -------- d-----w- c:\documents and settings\all users\application data\PC Tools
2012-04-03 06:25:02 -------- d-----w- c:\documents and settings\chris\application data\TestApp
2012-04-03 06:05:35 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-03 05:54:22 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-04-03 05:54:22 -------- d-----w- c:\windows\system32\wbem\Repository
2012-04-02 21:59:33 361600 -c----w- c:\windows\system32\dllcache\tcpip.sys
2012-04-02 16:59:25 -------- d-sh--w- c:\documents and settings\chris\local settings\application data\ad7217cf
2012-04-02 06:46:29 -------- d-----w- C:\UTSUSEMI
2012-04-02 02:31:02 -------- d-----w- C:\NOMAD
2012-04-01 19:18:06 -------- d-----w- c:\program files\ぴんくはてな
2012-04-01 19:07:44 -------- d-----w- c:\program files\あかべぇそふとつぅTRY
2012-04-01 03:46:15 -------- d-----w- c:\program files\アークシェル
2012-03-31 23:40:13 -------- d-----w- c:\program files\DO
2012-03-31 15:31:03 -------- d-----w- C:\アイル
2012-03-31 06:26:39 -------- d-----w- c:\program files\教えてっ!おねてぃー
2012-03-31 04:36:39 -------- d-----w- c:\program files\Vanadis
2012-03-31 02:58:20 -------- d-----w- c:\program files\DualMage
2012-03-31 02:22:04 -------- d-----w- c:\program files\euphoria
2012-03-31 02:17:36 -------- d-----w- c:\documents and settings\chris\application data\蠱惑の刻
2012-03-31 02:13:10 -------- d-----w- c:\program files\蠱惑の刻
2012-03-30 21:46:33 -------- d-----w- c:\program files\Acmeholic
2012-03-30 21:34:55 -------- d-----w- c:\program files\SPEED
2012-03-30 20:42:54 196616 ----a-w- c:\windows\system32\SARCheck.dll
2012-03-30 20:40:02 -------- d-----w- c:\program files\ドキドキ母娘レッスン
2012-03-30 20:12:38 -------- d-----w- C:\萌♂
2012-03-30 19:53:25 -------- d-----w- C:\maika
2012-03-30 19:13:04 -------- d-----w- c:\program files\touchable
2012-03-30 04:21:50 -------- d-----w- c:\program files\Guilty
2012-03-30 02:41:47 -------- d-----w- c:\program files\CLOCKUP
2012-03-30 01:53:23 -------- d-----w- c:\program files\Atheros
2012-03-29 23:58:08 58368 -c--a-w- c:\windows\system32\dllcache\smiminib.sys
2012-03-29 23:56:55 38912 -c--a-w- c:\windows\system32\dllcache\sm9aw.dll
2012-03-29 23:55:59 50432 -c--a-w- c:\windows\system32\dllcache\sisv.sys
2012-03-29 23:55:57 32768 -c--a-w- c:\windows\system32\dllcache\sisnic.sys
2012-03-29 23:55:50 238592 -c--a-w- c:\windows\system32\dllcache\sisgrv.dll
2012-03-29 23:55:43 104064 -c--a-w- c:\windows\system32\dllcache\sisgrp.sys
2012-03-29 23:55:36 150144 -c--a-w- c:\windows\system32\dllcache\sis6306v.dll
2012-03-29 23:55:29 68608 -c--a-w- c:\windows\system32\dllcache\sis6306p.sys
2012-03-29 23:55:22 252032 -c--a-w- c:\windows\system32\dllcache\sis300iv.dll
2012-03-29 23:55:15 101760 -c--a-w- c:\windows\system32\dllcache\sis300ip.sys
2012-03-29 23:55:14 3901 -c--a-w- c:\windows\system32\dllcache\siint5.dll
2012-03-29 23:55:13 -------- d-----w- C:\temp
2012-03-29 23:55:03 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys
2012-03-29 23:54:56 18400 -c--a-w- c:\windows\system32\dllcache\sgsmld.sys
2012-03-29 23:54:50 98080 -c--a-w- c:\windows\system32\dllcache\sgiulnt5.sys
2012-03-29 23:54:43 386560 -c--a-w- c:\windows\system32\dllcache\sgiul50.dll
2012-03-29 23:54:36 36480 -c--a-w- c:\windows\system32\dllcache\sfmanm.sys
2012-03-29 23:54:28 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2012-03-29 23:54:22 17664 -c--a-w- c:\windows\system32\dllcache\sermouse.sys
2012-03-29 23:54:21 26112 -c--a-w- c:\windows\system32\dllcache\EXCH_seos.dll
2012-03-29 23:54:14 6912 -c--a-w- c:\windows\system32\dllcache\seaddsmc.sys
2012-03-29 23:54:13 11520 -c--a-w- c:\windows\system32\dllcache\scsiscan.sys
2012-03-29 23:54:06 11648 -c--a-w- c:\windows\system32\dllcache\scsiprnt.sys
2012-03-29 23:54:05 57856 -c--a-w- c:\windows\system32\dllcache\EXCH_scripto.dll
2012-03-29 23:53:58 17280 -c--a-w- c:\windows\system32\dllcache\scr111.sys
2012-03-29 23:53:51 16640 -c--a-w- c:\windows\system32\dllcache\scmstcs.sys
2012-03-29 23:53:44 23936 -c--a-w- c:\windows\system32\dllcache\sccmusbm.sys
2012-03-29 23:53:37 23936 -c--a-w- c:\windows\system32\dllcache\sccmn50m.sys
2012-03-29 23:53:36 43904 -c--a-w- c:\windows\system32\dllcache\sbp2port.sys
2012-03-29 23:53:29 495616 -c--a-w- c:\windows\system32\dllcache\sblfx.dll
2012-03-29 23:53:21 75392 -c--a-w- c:\windows\system32\dllcache\s3savmxm.sys
2012-03-29 23:53:15 245632 -c--a-w- c:\windows\system32\dllcache\s3savmx.dll
2012-03-29 23:53:08 77824 -c--a-w- c:\windows\system32\dllcache\s3sav4m.sys
2012-03-29 23:53:01 198400 -c--a-w- c:\windows\system32\dllcache\s3sav4.dll
2012-03-29 23:52:54 61504 -c--a-w- c:\windows\system32\dllcache\s3sav3dm.sys
2012-03-29 23:52:47 179264 -c--a-w- c:\windows\system32\dllcache\s3sav3d.dll
2012-03-29 23:52:41 210496 -c--a-w- c:\windows\system32\dllcache\s3mvirge.dll
2012-03-29 23:52:34 62496 -c--a-w- c:\windows\system32\dllcache\s3mtrio.dll
2012-03-29 23:52:27 41216 -c--a-w- c:\windows\system32\dllcache\s3mt3d.sys
2012-03-29 23:52:21 182272 -c--a-w- c:\windows\system32\dllcache\s3mt3d.dll
2012-03-29 23:52:14 166720 -c--a-w- c:\windows\system32\dllcache\s3m.sys
2012-03-29 23:52:07 65664 -c--a-w- c:\windows\system32\dllcache\s3legacy.sys
2012-03-29 23:52:06 166912 -c--a-w- c:\windows\system32\dllcache\s3gnbm.sys
2012-03-29 23:52:05 397056 -c--a-w- c:\windows\system32\dllcache\s3gnb.dll
2012-03-29 23:50:57 86097 -c--a-w- c:\windows\system32\dllcache\reslog32.dll
2012-03-29 23:49:59 112574 -c--a-w- c:\windows\system32\dllcache\ptserlp.sys
2012-03-29 23:48:57 19840 -c--a-w- c:\windows\system32\dllcache\philtune.sys
2012-03-29 23:48:51 92416 -c--a-w- c:\windows\system32\dllcache\phildec.sys
2012-03-29 23:48:45 173696 -c--a-w- c:\windows\system32\dllcache\philcam2.sys
2012-03-29 23:48:38 75776 -c--a-w- c:\windows\system32\dllcache\philcam1.sys
2012-03-29 23:48:32 16384 -c--a-w- c:\windows\system32\dllcache\philcam1.dll
2012-03-29 23:48:24 259328 -c--a-w- c:\windows\system32\dllcache\perm3dd.dll
2012-03-29 23:48:23 28032 -c--a-w- c:\windows\system32\dllcache\perm3.sys
2012-03-29 23:48:22 211584 -c--a-w- c:\windows\system32\dllcache\perm2dll.dll
2012-03-29 23:48:21 27904 -c--a-w- c:\windows\system32\dllcache\perm2.sys
2012-03-29 23:48:19 169984 -c--a-w- c:\windows\system32\dllcache\pcx500.sys
2012-03-29 23:48:12 86016 -c--a-w- c:\windows\system32\dllcache\pctspk.exe
2012-03-29 23:48:06 35328 -c--a-w- c:\windows\system32\dllcache\pcntpci5.sys
2012-03-29 23:47:59 29769 -c--a-w- c:\windows\system32\dllcache\pcntn5m.sys
2012-03-29 23:47:53 30282 -c--a-w- c:\windows\system32\dllcache\pcntn5hl.sys
2012-03-29 23:47:46 26153 -c--a-w- c:\windows\system32\dllcache\pcmlm56.sys
2012-03-29 23:47:45 29502 -c--a-w- c:\windows\system32\dllcache\pca200e.sys
2012-03-29 23:47:39 30495 -c--a-w- c:\windows\system32\dllcache\pc100nds.sys
2012-03-29 23:47:31 41984 -c--a-w- c:\windows\system32\dllcache\ovui2rc.dll
2012-03-29 23:47:25 44544 -c--a-w- c:\windows\system32\dllcache\ovui2.dll
2012-03-29 23:47:18 25216 -c--a-w- c:\windows\system32\dllcache\ovsound2.sys
2012-03-29 23:47:12 39424 -c--a-w- c:\windows\system32\dllcache\ovcoms.exe
2012-03-29 23:47:05 20480 -c--a-w- c:\windows\system32\dllcache\ovcomc.dll
2012-03-29 23:46:59 351616 -c--a-w- c:\windows\system32\dllcache\ovcodek2.sys
2012-03-29 23:46:52 116736 -c--a-w- c:\windows\system32\dllcache\ovcodec2.dll
2012-03-29 23:46:46 31872 -c--a-w- c:\windows\system32\dllcache\ovce.sys
2012-03-29 23:46:40 28032 -c--a-w- c:\windows\system32\dllcache\ovcd.sys
2012-03-29 23:46:33 48000 -c--a-w- c:\windows\system32\dllcache\ovcam2.sys
2012-03-29 23:46:27 25088 -c--a-w- c:\windows\system32\dllcache\ovca.sys
2012-03-29 23:46:20 54186 -c--a-w- c:\windows\system32\dllcache\otcsercb.sys
2012-03-29 23:46:14 43689 -c--a-w- c:\windows\system32\dllcache\otceth5.sys
2012-03-29 23:46:07 27209 -c--a-w- c:\windows\system32\dllcache\otc06x5.sys
2012-03-29 23:46:01 54528 -c--a-w- c:\windows\system32\dllcache\opl3sax.sys
2012-03-29 23:44:53 32840 -c--a-w- c:\windows\system32\dllcache\ngrpci.sys
2012-03-29 23:44:51 132695 -c--a-w- c:\windows\system32\dllcache\netwlan5.sys
2012-03-29 23:44:42 65278 -c--a-w- c:\windows\system32\dllcache\netflx3.sys
2012-03-29 23:44:34 39264 -c--a-w- c:\windows\system32\dllcache\neo20xx.sys
2012-03-29 23:44:28 60480 -c--a-w- c:\windows\system32\dllcache\neo20xx.dll
2012-03-29 23:44:21 15872 -c--a-w- c:\windows\system32\dllcache\ne2000.sys
2012-03-29 23:44:13 91488 -c--a-w- c:\windows\system32\dllcache\n9i3disp.dll
2012-03-29 23:44:07 27936 -c--a-w- c:\windows\system32\dllcache\n9i3d.sys
2012-03-29 23:44:01 33088 -c--a-w- c:\windows\system32\dllcache\n9i128v2.sys
2012-03-29 23:43:55 59104 -c--a-w- c:\windows\system32\dllcache\n9i128v2.dll
2012-03-29 23:43:48 13664 -c--a-w- c:\windows\system32\dllcache\n9i128.sys
2012-03-29 23:43:43 35392 -c--a-w- c:\windows\system32\dllcache\n9i128.dll
2012-03-29 23:43:37 128000 -c--a-w- c:\windows\system32\dllcache\n100325.sys
2012-03-29 23:43:31 52255 -c--a-w- c:\windows\system32\dllcache\n1000nt5.sys
2012-03-29 23:43:25 75520 -c--a-w- c:\windows\system32\dllcache\mxport.sys
2012-03-29 23:43:18 7168 -c--a-w- c:\windows\system32\dllcache\mxport.dll
2012-03-29 23:43:13 19968 -c--a-w- c:\windows\system32\dllcache\mxnic.sys
2012-03-29 23:43:08 19968 -c--a-w- c:\windows\system32\dllcache\mxicfg.dll
2012-03-29 23:43:02 21888 -c--a-w- c:\windows\system32\dllcache\mxcard.sys
2012-03-29 23:43:01 12672 -c--a-w- c:\windows\system32\dllcache\mutohpen.sys
2012-03-29 23:41:58 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2012-03-29 23:41:38 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
2012-03-29 23:41:30 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys
2012-03-29 23:41:29 7680 -c--a-w- c:\windows\system32\dllcache\migregdb.exe
2012-03-29 23:41:28 34304 -c--a-w- c:\windows\system32\dllcache\migisol.exe
2012-03-29 23:41:22 320384 -c--a-w- c:\windows\system32\dllcache\mgaum.sys
2012-03-29 23:41:16 235648 -c--a-w- c:\windows\system32\dllcache\mgaud.dll
2012-03-29 23:41:15 92416 -c--a-w- c:\windows\system32\dllcache\mga.sys
2012-03-29 23:41:15 92032 -c--a-w- c:\windows\system32\dllcache\mga.dll
2012-03-29 23:41:14 26112 -c--a-w- c:\windows\system32\dllcache\memstpci.sys
2012-03-29 23:41:08 47616 -c--a-w- c:\windows\system32\dllcache\memgrp.dll
2012-03-29 23:41:02 8320 -c--a-w- c:\windows\system32\dllcache\memcard.sys
2012-03-29 23:39:55 727786 -c--a-w- c:\windows\system32\dllcache\ltck000c.sys
2012-03-29 23:39:49 4992 -c--a-w- c:\windows\system32\dllcache\loop.sys
2012-03-29 23:39:42 70730 -c--a-w- c:\windows\system32\dllcache\lne100tx.sys
2012-03-29 23:39:37 20573 -c--a-w- c:\windows\system32\dllcache\lne100.sys
2012-03-29 23:39:31 33792 -c--a-w- c:\windows\system32\dllcache\lmmib2.dll
2012-03-29 23:39:31 25065 -c--a-w- c:\windows\system32\dllcache\lmndis3.sys
2012-03-29 23:39:25 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2012-03-29 23:39:25 15744 -c--a-w- c:\windows\system32\dllcache\lit220p.sys
2012-03-29 23:39:19 26442 -c--a-w- c:\windows\system32\dllcache\lanepic5.sys
2012-03-29 23:39:13 19016 -c--a-w- c:\windows\system32\dllcache\ktc111.sys
2012-03-29 23:39:07 37376 -c--a-w- c:\windows\system32\dllcache\kousd.dll
2012-03-29 23:39:05 253952 -c--a-w- c:\windows\system32\dllcache\kdsusd.dll
2012-03-29 23:39:03 48640 -c--a-w- c:\windows\system32\dllcache\kdsui.dll
2012-03-29 23:37:59 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll
2012-03-29 23:37:53 100992 -c--a-w- c:\windows\system32\dllcache\icam5usb.sys
2012-03-29 23:37:48 20480 -c--a-w- c:\windows\system32\dllcache\icam5ext.dll
2012-03-29 23:37:43 45056 -c--a-w- c:\windows\system32\dllcache\icam5com.dll
2012-03-29 23:37:37 154496 -c--a-w- c:\windows\system32\dllcache\icam4usb.sys
2012-03-29 23:37:32 61952 -c--a-w- c:\windows\system32\dllcache\icam4ext.dll
2012-03-29 23:37:27 91136 -c--a-w- c:\windows\system32\dllcache\icam4com.dll
2012-03-29 23:37:21 26624 -c--a-w- c:\windows\system32\dllcache\icam3ext.dll
2012-03-29 23:37:16 141056 -c--a-w- c:\windows\system32\dllcache\icam3.sys
2012-03-29 23:37:11 38528 -c--a-w- c:\windows\system32\dllcache\ibmvcap.sys
2012-03-29 23:37:06 109085 -c--a-w- c:\windows\system32\dllcache\ibmtrp.sys
2012-03-29 23:37:01 100936 -c--a-w- c:\windows\system32\dllcache\ibmtok.sys
2012-03-29 23:35:55 391199 -c--a-w- c:\windows\system32\dllcache\hsf_k56k.sys
2012-03-29 23:35:51 9759 -c--a-w- c:\windows\system32\dllcache\hsf_inst.dll
2012-03-29 23:35:46 115807 -c--a-w- c:\windows\system32\dllcache\hsf_fsks.sys
2012-03-29 23:35:41 199711 -c--a-w- c:\windows\system32\dllcache\hsf_faxx.sys
2012-03-29 23:35:35 289887 -c--a-w- c:\windows\system32\dllcache\hsf_fall.sys
2012-03-29 23:35:30 67167 -c--a-w- c:\windows\system32\dllcache\hsf_bsc2.sys
2012-03-29 23:35:25 150239 -c--a-w- c:\windows\system32\dllcache\hsf_amos.sys
2012-03-29 23:35:20 19456 -c--a-w- c:\windows\system32\dllcache\hr1w.dll
2012-03-29 23:35:15 5760 -c--a-w- c:\windows\system32\dllcache\hpt4qic.sys
2012-03-29 23:35:10 13312 -c--a-w- c:\windows\system32\dllcache\hpsjmcro.dll
2012-03-29 23:35:06 324608 -c--a-w- c:\windows\system32\dllcache\hpojwia.dll
2012-03-29 23:35:01 32768 -c--a-w- c:\windows\system32\dllcache\hpgtmcro.dll
2012-03-29 23:33:56 8576 -c--a-w- c:\windows\system32\dllcache\hidgame.sys
2012-03-29 23:32:57 455680 -c--a-w- c:\windows\system32\dllcache\fus2base.sys
2012-03-29 23:31:58 7040 -c--a-w- c:\windows\system32\dllcache\exabyte2.sys
2012-03-29 23:30:59 61952 -c--a-w- c:\windows\system32\dllcache\eqnloop.exe
2012-03-29 23:29:57 634134 -c--a-w- c:\windows\system32\dllcache\el656ct5.sys
2012-03-29 23:28:59 37962 -c--a-w- c:\windows\system32\dllcache\divaprop.dll
2012-03-29 23:27:57 7424 -c--a-w- c:\windows\system32\dllcache\ddsmc.sys
2012-03-29 23:26:58 42112 -c--a-w- c:\windows\system32\dllcache\crtaud.sys
2012-03-29 23:25:58 74240 -c--a-w- c:\windows\system32\dllcache\camexo20.dll
2012-03-29 23:24:59 342336 -c--a-w- c:\windows\system32\dllcache\banshee.dll
2012-03-29 23:23:59 327040 -c--a-w- c:\windows\system32\dllcache\ati2mtaa.sys
2012-03-29 23:22:57 32827 -c--a-w- c:\windows\system32\dllcache\tcptest.exe
2012-03-29 23:13:24 18944 -c--a-w- c:\windows\system32\dllcache\simptcp.dll
2012-03-29 23:13:24 18944 ----a-w- c:\windows\system32\simptcp.dll
2012-03-29 23:12:32 18944 -c--a-w- c:\windows\system32\dllcache\lprmon.dll
2012-03-29 23:12:32 18944 ----a-w- c:\windows\system32\lprmon.dll
2012-03-29 23:12:31 22528 -c--a-w- c:\windows\system32\dllcache\lpdsvc.dll
2012-03-29 23:12:31 22528 ----a-w- c:\windows\system32\lpdsvc.dll
2012-03-29 22:15:45 -------- d-----w- C:\CLOCKUP
2012-03-29 21:59:36 23376 ----a-r- c:\windows\system32\SZIO5.dll
2012-03-29 21:59:24 546640 ----a-r- c:\windows\system32\SZComp5.dll
2012-03-29 21:59:18 481104 ----a-r- c:\windows\system32\SZBase5.dll
2012-03-29 21:36:48 72080 ----a-r- c:\windows\system32\drivers\SZKGFS.sys
2012-03-29 20:57:43 -------- d-----w- c:\program files\eclipse
2012-03-26 03:07:01 -------- d-----w- c:\program files\TinkerBell
2012-03-25 07:04:30 -------- d-----w- c:\program files\ソニア
2012-03-25 06:13:51 3072 ------w- c:\windows\system32\iacenc.dll
.
==================== Find3M ====================
.
2012-04-04 21:49:48 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-04 20:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-24 20:28:26 99728 ----a-r- c:\windows\system32\drivers\SZKG.sys
2012-02-24 20:28:26 99728 ----a-r- c:\windows\system32\drivers\is3srv.sys
2012-02-23 19:09:44 29008 ----a-r- c:\windows\system32\IS3XDat5.dll
2012-02-23 19:09:42 390992 ----a-r- c:\windows\system32\IS3UI5.dll
2012-02-23 19:09:42 231248 ----a-r- c:\windows\system32\IS3Win325.dll
2012-02-23 19:09:40 100176 ----a-r- c:\windows\system32\IS3Svc5.dll
2012-02-23 19:09:34 132944 ----a-r- c:\windows\system32\IS3HTUI5.dll
2012-02-23 19:09:34 104272 ----a-r- c:\windows\system32\IS3Inet5.dll
2012-02-23 19:09:32 67408 ----a-r- c:\windows\system32\IS3Hks5.dll
2012-02-23 19:09:32 456528 ----a-r- c:\windows\system32\IS3DBA5.dll
2012-02-23 19:09:30 808784 ----a-r- c:\windows\system32\IS3Base5.dll
2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
2010-06-02 10:22:02 89944 ----a-w- c:\program files\DSETUP.dll
2010-06-02 10:22:02 537432 ----a-w- c:\program files\DXSETUP.exe
2010-06-02 10:22:02 1801048 ----a-w- c:\program files\dsetup32.dll
.
============= FINISH: 16:48:57.57 ===============
rockmypunkk
2012-04-10, 23:52
dds attach log
Hi rockmypunkk,
Try the following in relation to the wireless connection issue.
Click on Start > Run
Type cmd and press enter.
At the prompt type ipconfig/flushdns and press Enter.
Now type netsh interface ip delete arpcache and press enter.
Now try repairing the adaptor and see if it works.
Next we will check for additional infections with ESET's Online scanner.
ESET Online Scanner:
Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your Avast! Anti-Virus.
Disable Antivirus
Right Click on the Avast! icon in the System tray and select Avast Shields Control.
Select Disable until Computer is restarted.
Please go here (http://www.eset.com/us/online-scanner/run) to run the scan.
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox. Select the option YES, I accept the Terms of Use then click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS2.gif
When prompted allow the Add-On/Active X to install.
Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following:
Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth Technology
Now click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS3.gif
The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
Now click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS4.gif
Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
rockmypunkk
2012-04-11, 02:31
Okay flushing the dns didn't work it's still failing at the same spot for repairing the connection, and sorry that took so long I didn't think it would take 2 hours
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=501cac3573c1eb479ed66d34cc5fa4fa
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-04-10 10:43:36
# local_time=2012-04-10 05:43:36 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=9833
# found=2
# cleaned=0
# scan_time=1533
C:\Documents and Settings\Chris\Local Settings\Application Data\Mozilla\Firefox\Profiles\lrp7h7bg.default\Cache(3)\3C4BBE48d01 JS/Exploit.Agent.NBQ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Chris\Local Settings\Application Data\Mozilla\Firefox\Profiles\lrp7h7bg.default\Cache(4)\8466DE95d01 JS/Exploit.Agent.NBU trojan (unable to clean) 00000000000000000000000000000000 I
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=501cac3573c1eb479ed66d34cc5fa4fa
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-04-11 12:25:52
# local_time=2012-04-10 07:25:52 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=67714
# found=13
# cleaned=0
# scan_time=6021
C:\Documents and Settings\Chris\Local Settings\Application Data\Mozilla\Firefox\Profiles\lrp7h7bg.default\Cache(3)\3C4BBE48d01 JS/Exploit.Agent.NBQ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Chris\Local Settings\Application Data\Mozilla\Firefox\Profiles\lrp7h7bg.default\Cache(4)\8466DE95d01 JS/Exploit.Agent.NBU trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{D24A3BE8-4CBB-48D0-81AD-ACAFA6A6C48B}\RP550\A0208398.exe probably a variant of Win32/Agent.JXWYDNA trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{D24A3BE8-4CBB-48D0-81AD-ACAFA6A6C48B}\RP552\A0209457.exe probably a variant of Win32/Agent.JXWYDNA trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{D24A3BE8-4CBB-48D0-81AD-ACAFA6A6C48B}\RP557\A0210977.dll a variant of Win32/Kryptik.WRL trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{D24A3BE8-4CBB-48D0-81AD-ACAFA6A6C48B}\RP576\A0222048.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{D24A3BE8-4CBB-48D0-81AD-ACAFA6A6C48B}\RP576\A0222096.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{D24A3BE8-4CBB-48D0-81AD-ACAFA6A6C48B}\RP578\A0222135.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{D24A3BE8-4CBB-48D0-81AD-ACAFA6A6C48B}\RP579\A0222473.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{D24A3BE8-4CBB-48D0-81AD-ACAFA6A6C48B}\RP580\A0222537.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{D24A3BE8-4CBB-48D0-81AD-ACAFA6A6C48B}\RP581\A0222671.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{D24A3BE8-4CBB-48D0-81AD-ACAFA6A6C48B}\RP583\A0224711.dll Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{D24A3BE8-4CBB-48D0-81AD-ACAFA6A6C48B}\RP589\A0228665.dll a variant of Win32/Kryptik.WRL trojan (unable to clean) 0000000000000000000000000000000
Hi rockmypunkk,
Logs are looking good, only a couple of items to remove now. See instructions below to run the OTL script and the MiniToolBox report.
Besides the wireless connection issue are you having any other problems?
Run OTL Script
We need to run an OTL Fix
Double-click OTL.exe to start the program.
Copy and Paste the following code into the http://billy-oneal.com/Canned%20Speeches/speechimages/OTL/customFix.png textbox. Do not include the word Code
:files
C:\Documents and Settings\Chris\Local Settings\Application Data\Mozilla\Firefox\Profiles\lrp7h7bg.default\Cache(3)\3C4BBE48d01
C:\Documents and Settings\Chris\Local Settings\Application Data\Mozilla\Firefox\Profiles\lrp7h7bg.default\Cache(4)\8466DE95d01
:commands
[EMPTYTEMP]
[CREATERESTOREPOINT]
Then click the Run Fix button at the top.
Click http://billy-oneal.com/Canned%20Speeches/speechimages/OTL/btnOK.png.
OTL may ask to reboot the machine. Please do so if asked.
The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.
MiniToolBox
Please download MiniToolBox© by farbar and save it to your desktop. Click here. (http://download.bleepingcomputer.com/farbar/MiniToolBox.exe)
Double click on MiniToolBox.exe to run it.
Please check (tick) the following options:
Flush DNS
List IP Configuration
List Winsock Entries
List Last 10 Event Viewer Errors
List Devices (Only Problems) Click on the GO button. A log will open.
Please post the contents of this log. It can also be found on the desktop as Result.txt.
rockmypunkk
2012-04-11, 18:49
Is it normal for OTL to become unresponsive while killing tasks? Its been like that for 10 minutes i closed all open programs and disabled avast teatimer and mbam
This can sometimes happen if you have malwarebytes realtiime protection turned on. Try disabling realtime protection and also temporarily disable avast as before.
Disable MBAM Real-Time protection
Right-click on the MBAM icon in the System Tray and uncheck Enable Protection.
When asked, "Are you sure you want to disable the MBAM Protection Module?", click Yes.
Right-click on the MBAM icon again and then uncheck Start with Windows.
Restart your computer for the changes to take effect.
My apologies, I missed where you said you had disabled mbam and avast.
Let me check though your list of installed programs to see what else may be causing it.
Be sure to follow the above mbam instructions, then follow the below instructions and make sure to reboot the computer before attempting the OTL fix again.
Disable Stopzilla
Right-click the "Stopzilla" icon in the system tray next to the clock. Click "Disable Real Time Protection" radio button under Spyware Protection.
Select "Disable" under Pop-up Protection. Uncheck the "Auto-enable Stopzilla whenever my computer starts".
Click "OK" to save the changes.
rockmypunkk
2012-04-11, 19:56
Same problem it freezes as soon as the killing processes phase starts
OK, we know combofix is working so we will use that. See instructions below and then follow the MiniToolBox instructions in the earlier post.
ComboFix - CFScript
This script is for this user and computer ONLY! Using this tool incorrectly could cause problems with your operating system... preventing it from ever starting again!
You will not have Internet access when you execute ComboFix. All open windows will need to be closed!
Please open Notepad and copy/paste all the text below... into the window:
file::
C:\Documents and Settings\Chris\Local Settings\Application Data\Mozilla\Firefox\Profiles\lrp7h7bg.default\Cache(3)\3C4BBE48d01
C:\Documents and Settings\Chris\Local Settings\Application Data\Mozilla\Firefox\Profiles\lrp7h7bg.default\Cache(4)\8466DE95d01
Save it to your desktop as CFScript.txt
Please disable avast! Antivirus .
Right Click on the Avast! icon in the System tray and select Avast Shields Control.
Select Disable until Computer is restarted.
Please close all open application windows.
Drag the CFScript.txt (icon) into the ComboFix.exe icon... as seen in the image below:
http://i526.photobucket.com/albums/cc345/MPKwings/ComboFixScriptDrag.gif
This will cause ComboFix to run again.
Do Not use your keyboard or mouse click anywhere in the ComboFix window, as this may cause the program to stall or crash.
Do Not touch your computer when ComboFix is running!
When finished ComboFix will create a log file... you can save this file to a convenient place.
Please copy/paste the ComboFix log file in your next reply.
rockmypunkk
2012-04-11, 20:57
ComboFix 12-04-09.05 - Chris 1/2012 Wed 13:37:24.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.932.81.1033.18.1012.501 [GMT -5:00]
Running from: c:\documents and settings\Chris\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Chris\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\documents and settings\Chris\Local Settings\Application Data\Mozilla\Firefox\Profiles\lrp7h7bg.default\Cache(3)\3C4BBE48d01"
"c:\documents and settings\Chris\Local Settings\Application Data\Mozilla\Firefox\Profiles\lrp7h7bg.default\Cache(4)\8466DE95d01"
.
Error: Cfiles.dat
.
((((((((((((((((((((((((( Files Created from 2012-03-11 to 2012-04-11 )))))))))))))))))))))))))))))))
.
.
2012-04-11 16:34 . 2012-04-11 16:34 -------- d-----w- C:\_OTL
2012-04-10 12:29 . 2012-03-06 23:01 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-04-10 12:29 . 2012-03-06 23:03 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-04-10 12:29 . 2012-03-06 23:02 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-04-10 12:29 . 2012-03-06 23:01 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-04-10 12:29 . 2012-03-06 23:03 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-04-10 12:29 . 2012-03-06 23:01 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-04-10 12:29 . 2012-03-06 23:01 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-04-10 12:29 . 2012-03-06 22:58 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-04-10 12:26 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-04-10 12:25 . 2012-03-06 23:15 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-04-10 12:24 . 2012-04-10 12:24 -------- d-----w- c:\program files\AVAST Software
2012-04-10 12:24 . 2012-04-10 12:24 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2012-04-04 21:50 . 2012-04-04 21:50 -------- d-----w- c:\program files\Common Files\Java
2012-04-04 21:50 . 2012-04-04 21:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-03 06:29 . 2012-01-19 15:22 42864 ----a-r- c:\windows\system32\SBBD.EXE
2012-04-03 06:29 . 2012-01-12 14:26 101112 ----a-r- c:\windows\system32\drivers\SBREDrv.sys
2012-04-03 06:29 . 2012-04-03 06:29 -------- d-----w- c:\program files\Common Files\iS3
2012-04-03 06:25 . 2012-04-03 06:35 -------- d-----w- c:\program files\Common Files\PC Tools
2012-04-03 06:25 . 2012-04-03 06:25 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2012-04-03 06:25 . 2012-04-03 06:25 -------- d-----w- c:\documents and settings\Chris\Application Data\TestApp
2012-04-03 06:05 . 2012-04-03 06:05 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-03 05:54 . 2012-04-03 05:54 -------- d-----w- c:\windows\system32\wbem\Repository
2012-04-03 00:02 . 2012-04-03 05:54 -------- d-----w- c:\program files\ERUNT
2012-04-02 21:59 . 2008-06-20 11:51 361600 -c----w- c:\windows\system32\dllcache\tcpip.sys
2012-04-02 17:04 . 2012-04-03 05:51 -------- d-s---w- c:\documents and settings\LocalService\UserData
2012-04-02 16:59 . 2012-04-09 21:53 -------- d-sh--w- c:\documents and settings\Chris\Local Settings\Application Data\ad7217cf
2012-04-02 06:46 . 2012-04-02 07:11 -------- d-----w- C:\UTSUSEMI
2012-04-02 02:31 . 2012-04-02 02:31 -------- d-----w- C:\NOMAD
2012-04-01 19:18 . 2012-04-01 19:21 -------- d-----w- c:\program files\ぴんくはてな
2012-04-01 19:07 . 2012-04-01 19:07 -------- d-----w- c:\program files\あかべぇそふとつぅTRY
2012-04-01 03:46 . 2012-04-01 03:46 -------- d-----w- c:\program files\アークシェル
2012-03-31 23:40 . 2012-03-31 23:40 -------- d-----w- c:\program files\DO
2012-03-31 15:31 . 2012-03-31 21:53 -------- d-----w- C:\アイル
2012-03-31 06:26 . 2012-04-03 05:48 -------- d-----w- c:\program files\教えてっ!おねてぃー
2012-03-31 04:36 . 2012-03-31 04:36 -------- d-----w- c:\program files\Vanadis
2012-03-31 02:58 . 2012-03-31 02:58 -------- d-----w- c:\program files\DualMage
2012-03-31 02:22 . 2012-03-31 02:24 -------- d-----w- c:\program files\euphoria
2012-03-31 02:17 . 2012-03-31 02:18 -------- d-----w- c:\documents and settings\Chris\Application Data\蠱惑の刻
2012-03-31 02:13 . 2012-04-11 13:43 -------- d-----w- c:\program files\蠱惑の刻
2012-03-30 21:46 . 2012-03-30 22:06 -------- d-----w- c:\program files\Acmeholic
2012-03-30 21:34 . 2012-03-30 21:34 -------- d-----w- c:\program files\SPEED
2012-03-30 20:42 . 2012-03-30 20:42 196616 ----a-w- c:\windows\system32\SARCheck.dll
2012-03-30 20:40 . 2012-03-30 20:45 -------- d-----w- c:\program files\ドキドキ母娘レッスン
2012-03-30 20:12 . 2012-03-30 20:12 -------- d-----w- C:\萌♂
2012-03-30 19:53 . 2012-03-30 19:53 -------- d-----w- C:\maika
2012-03-30 19:13 . 2012-03-31 00:04 -------- d-----w- c:\program files\touchable
2012-03-30 04:21 . 2012-03-30 04:21 -------- d-----w- c:\program files\Guilty
2012-03-30 02:41 . 2012-03-30 02:41 -------- d-----w- c:\program files\CLOCKUP
2012-03-30 01:53 . 2012-03-30 01:53 -------- d-----w- c:\program files\Atheros
2012-03-29 23:58 . 2001-08-17 17:51 58368 -c--a-w- c:\windows\system32\dllcache\smiminib.sys
2012-03-29 23:56 . 2008-04-15 03:00 38912 -c--a-w- c:\windows\system32\dllcache\sm9aw.dll
2012-03-29 23:55 . 2001-08-17 17:50 50432 -c--a-w- c:\windows\system32\dllcache\sisv.sys
2012-03-29 23:55 . 2008-04-14 03:05 32768 -c--a-w- c:\windows\system32\dllcache\sisnic.sys
2012-03-29 23:55 . 2001-08-18 03:36 238592 -c--a-w- c:\windows\system32\dllcache\sisgrv.dll
2012-03-29 23:55 . 2001-08-17 17:50 104064 -c--a-w- c:\windows\system32\dllcache\sisgrp.sys
2012-03-29 23:55 . 2001-08-17 19:56 150144 -c--a-w- c:\windows\system32\dllcache\sis6306v.dll
2012-03-29 23:55 . 2001-08-17 17:50 68608 -c--a-w- c:\windows\system32\dllcache\sis6306p.sys
2012-03-29 23:55 . 2001-08-17 19:56 252032 -c--a-w- c:\windows\system32\dllcache\sis300iv.dll
2012-03-29 23:55 . 2001-08-17 17:50 101760 -c--a-w- c:\windows\system32\dllcache\sis300ip.sys
2012-03-29 23:55 . 2008-04-15 03:00 3901 -c--a-w- c:\windows\system32\dllcache\siint5.dll
2012-03-29 23:55 . 2012-04-03 00:37 -------- d-----w- C:\temp
2012-03-29 23:55 . 2001-07-21 19:29 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys
2012-03-29 23:54 . 2001-07-21 19:29 18400 -c--a-w- c:\windows\system32\dllcache\sgsmld.sys
2012-03-29 23:54 . 2001-08-17 17:51 98080 -c--a-w- c:\windows\system32\dllcache\sgiulnt5.sys
2012-03-29 23:54 . 2001-08-18 03:36 386560 -c--a-w- c:\windows\system32\dllcache\sgiul50.dll
2012-03-29 23:54 . 2001-08-17 17:19 36480 -c--a-w- c:\windows\system32\dllcache\sfmanm.sys
2012-03-29 23:54 . 2001-08-17 18:53 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2012-03-29 23:54 . 2001-08-17 18:48 17664 -c--a-w- c:\windows\system32\dllcache\sermouse.sys
2012-03-29 23:54 . 2001-08-18 03:36 26112 -c--a-w- c:\windows\system32\dllcache\EXCH_seos.dll
2012-03-29 23:54 . 2001-08-17 18:53 6912 -c--a-w- c:\windows\system32\dllcache\seaddsmc.sys
2012-03-29 23:54 . 2008-04-14 05:15 11520 -c--a-w- c:\windows\system32\dllcache\scsiscan.sys
2012-03-29 23:54 . 2001-08-17 18:52 11648 -c--a-w- c:\windows\system32\dllcache\scsiprnt.sys
2012-03-29 23:54 . 2001-08-18 03:36 57856 -c--a-w- c:\windows\system32\dllcache\EXCH_scripto.dll
2012-03-29 23:53 . 2001-08-17 18:51 17280 -c--a-w- c:\windows\system32\dllcache\scr111.sys
2012-03-29 23:53 . 2001-08-17 18:51 16640 -c--a-w- c:\windows\system32\dllcache\scmstcs.sys
2012-03-29 23:53 . 2001-08-17 18:51 23936 -c--a-w- c:\windows\system32\dllcache\sccmusbm.sys
2012-03-29 23:53 . 2001-08-17 18:51 23936 -c--a-w- c:\windows\system32\dllcache\sccmn50m.sys
2012-03-29 23:53 . 2008-04-15 03:00 43904 -c--a-w- c:\windows\system32\dllcache\sbp2port.sys
2012-03-29 23:53 . 2001-08-18 03:36 495616 -c--a-w- c:\windows\system32\dllcache\sblfx.dll
2012-03-29 23:53 . 2001-08-17 17:50 75392 -c--a-w- c:\windows\system32\dllcache\s3savmxm.sys
2012-03-29 23:53 . 2001-08-17 19:56 245632 -c--a-w- c:\windows\system32\dllcache\s3savmx.dll
2012-03-29 23:53 . 2001-08-17 17:50 77824 -c--a-w- c:\windows\system32\dllcache\s3sav4m.sys
2012-03-29 23:53 . 2001-08-17 19:56 198400 -c--a-w- c:\windows\system32\dllcache\s3sav4.dll
2012-03-29 23:52 . 2001-08-17 17:50 61504 -c--a-w- c:\windows\system32\dllcache\s3sav3dm.sys
2012-03-29 23:52 . 2001-08-17 19:56 179264 -c--a-w- c:\windows\system32\dllcache\s3sav3d.dll
2012-03-29 23:52 . 2001-08-17 19:56 210496 -c--a-w- c:\windows\system32\dllcache\s3mvirge.dll
2012-03-29 23:52 . 2001-08-18 03:36 62496 -c--a-w- c:\windows\system32\dllcache\s3mtrio.dll
2012-03-29 23:52 . 2001-08-17 17:50 41216 -c--a-w- c:\windows\system32\dllcache\s3mt3d.sys
2012-03-29 23:52 . 2001-08-17 19:56 182272 -c--a-w- c:\windows\system32\dllcache\s3mt3d.dll
2012-03-29 23:52 . 2001-08-17 17:50 166720 -c--a-w- c:\windows\system32\dllcache\s3m.sys
2012-03-29 23:52 . 2001-08-17 18:57 65664 -c--a-w- c:\windows\system32\dllcache\s3legacy.sys
2012-03-29 23:52 . 2008-04-14 03:04 166912 -c--a-w- c:\windows\system32\dllcache\s3gnbm.sys
2012-03-29 23:52 . 2008-04-14 10:42 397056 -c--a-w- c:\windows\system32\dllcache\s3gnb.dll
2012-03-29 23:50 . 2001-08-18 03:36 86097 -c--a-w- c:\windows\system32\dllcache\reslog32.dll
2012-03-29 23:49 . 2001-08-17 18:28 112574 -c--a-w- c:\windows\system32\dllcache\ptserlp.sys
2012-03-29 23:48 . 2001-08-17 19:07 19840 -c--a-w- c:\windows\system32\dllcache\philtune.sys
2012-03-29 23:48 . 2001-08-17 19:04 92416 -c--a-w- c:\windows\system32\dllcache\phildec.sys
2012-03-29 23:48 . 2001-08-17 19:04 173696 -c--a-w- c:\windows\system32\dllcache\philcam2.sys
2012-03-29 23:48 . 2001-08-17 19:04 75776 -c--a-w- c:\windows\system32\dllcache\philcam1.sys
2012-03-29 23:48 . 2001-08-18 03:36 16384 -c--a-w- c:\windows\system32\dllcache\philcam1.dll
2012-03-29 23:48 . 2008-04-14 10:40 259328 -c--a-w- c:\windows\system32\dllcache\perm3dd.dll
2012-03-29 23:48 . 2008-04-14 05:14 28032 -c--a-w- c:\windows\system32\dllcache\perm3.sys
2012-03-29 23:48 . 2008-04-14 10:40 211584 -c--a-w- c:\windows\system32\dllcache\perm2dll.dll
2012-03-29 23:48 . 2008-04-14 05:14 27904 -c--a-w- c:\windows\system32\dllcache\perm2.sys
2012-03-29 23:48 . 2008-04-14 02:42 169984 -c--a-w- c:\windows\system32\dllcache\pcx500.sys
2012-03-29 23:48 . 2001-08-18 03:36 86016 -c--a-w- c:\windows\system32\dllcache\pctspk.exe
2012-03-29 23:48 . 2001-08-17 17:11 35328 -c--a-w- c:\windows\system32\dllcache\pcntpci5.sys
2012-03-29 23:47 . 2001-08-17 17:11 29769 -c--a-w- c:\windows\system32\dllcache\pcntn5m.sys
2012-03-29 23:47 . 2001-08-17 17:11 30282 -c--a-w- c:\windows\system32\dllcache\pcntn5hl.sys
2012-03-29 23:47 . 2001-08-17 17:12 26153 -c--a-w- c:\windows\system32\dllcache\pcmlm56.sys
2012-03-29 23:47 . 2008-04-14 03:05 29502 -c--a-w- c:\windows\system32\dllcache\pca200e.sys
2012-03-29 23:47 . 2001-08-17 17:12 30495 -c--a-w- c:\windows\system32\dllcache\pc100nds.sys
2012-03-29 23:47 . 2001-08-18 03:36 41984 -c--a-w- c:\windows\system32\dllcache\ovui2rc.dll
2012-03-29 23:47 . 2001-08-18 03:36 44544 -c--a-w- c:\windows\system32\dllcache\ovui2.dll
2012-03-29 23:47 . 2001-08-17 19:05 25216 -c--a-w- c:\windows\system32\dllcache\ovsound2.sys
2012-03-29 23:47 . 2001-08-18 03:36 39424 -c--a-w- c:\windows\system32\dllcache\ovcoms.exe
2012-03-29 23:47 . 2001-08-18 03:36 20480 -c--a-w- c:\windows\system32\dllcache\ovcomc.dll
2012-03-29 23:46 . 2001-08-17 19:05 351616 -c--a-w- c:\windows\system32\dllcache\ovcodek2.sys
2012-03-29 23:46 . 2001-08-18 03:36 116736 -c--a-w- c:\windows\system32\dllcache\ovcodec2.dll
2012-03-29 23:46 . 2001-08-17 19:05 31872 -c--a-w- c:\windows\system32\dllcache\ovce.sys
2012-03-29 23:46 . 2001-08-17 19:05 28032 -c--a-w- c:\windows\system32\dllcache\ovcd.sys
2012-03-29 23:46 . 2001-08-17 19:05 48000 -c--a-w- c:\windows\system32\dllcache\ovcam2.sys
2012-03-29 23:46 . 2001-08-17 19:05 25088 -c--a-w- c:\windows\system32\dllcache\ovca.sys
2012-03-29 23:46 . 2001-08-17 18:28 54186 -c--a-w- c:\windows\system32\dllcache\otcsercb.sys
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 21:49 . 2010-10-12 20:02 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-04 20:56 . 2009-02-23 14:59 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-03 09:22 . 2008-04-15 03:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2010-06-02 10:22 . 2010-06-02 10:22 89944 ----a-w- c:\program files\DSETUP.dll
2010-06-02 10:22 . 2010-06-02 10:22 537432 ----a-w- c:\program files\DXSETUP.exe
2010-06-02 10:22 . 2010-06-02 10:22 1801048 ----a-w- c:\program files\dsetup32.dll
2012-03-13 04:39 . 2012-03-25 06:16 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-09_22.00.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-12 05:02 . 2009-07-12 05:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2009-07-12 05:05 . 2009-07-12 05:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-12 05:05 . 2009-07-12 05:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2012-04-11 17:58 . 2012-04-11 17:58 16384 c:\windows\Temp\Perflib_Perfdata_730.dat
+ 2009-07-12 05:02 . 2009-07-12 05:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-12 05:05 . 2009-07-12 05:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2012-04-10 12:27 . 2012-04-10 12:27 219648 c:\windows\Installer\f0366.msi
+ 2012-04-11 13:38 . 2012-04-11 13:38 253952 c:\windows\ERDNT\AutoBackup\4-11-2012\Users\00000002\UsrClass.dat
+ 2012-04-11 13:38 . 2005-10-20 17:02 163328 c:\windows\ERDNT\AutoBackup\4-11-2012\ERDNT.EXE
+ 2012-04-10 12:12 . 2012-04-10 12:12 253952 c:\windows\ERDNT\AutoBackup\4-10-2012\Users\00000002\UsrClass.dat
+ 2012-04-10 12:12 . 2005-10-20 17:02 163328 c:\windows\ERDNT\AutoBackup\4-10-2012\ERDNT.EXE
+ 2009-07-12 05:02 . 2009-07-12 05:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
+ 2012-04-11 13:38 . 2012-04-11 13:38 13766656 c:\windows\ERDNT\AutoBackup\4-11-2012\Users\00000001\ntuser.dat
+ 2012-04-10 12:12 . 2012-04-10 12:12 13766656 c:\windows\ERDNT\AutoBackup\4-10-2012\Users\00000001\ntuser.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-16 16862720]
"AzMixerSel"="c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2006-07-17 53248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1044480]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-15 208952]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-05-14 821768]
"PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2008-05-22 425984]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
.
c:\documents and settings\Chris\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-6-4 114688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TPSvc]
TPSvc.dll [BU]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\ソ\ニア\\極楽バイパー ランジェリー 赤\\Bin\\VPLanRed.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Documents and Settings\\Chris\\My Documents\\Downloads\\STOPzilla_Setup.exe"=
"c:\\Program Files\\Common Files\\Java\\Java Update\\jucheck.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [4/10/2012 7:29 AM 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [4/10/2012 7:29 AM 337880]
R2 {09BB444F-B2E2-4009-BAF2-7B727681223E};BuddyVM;c:\program files\VMLaunch\BuddyVM.sys [3/25/2009 12:56 PM 15488]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/10/2012 7:29 AM 20696]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [1/3/2011 5:10 AM 21992]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2/23/2009 9:59 AM 654408]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [10/13/2009 8:33 PM 95200]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/23/2009 9:50 AM 24652]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2/23/2009 9:59 AM 22344]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 10:58 AM 11336]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2/23/2009 1:15 AM 96856]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\lrp7h7bg.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-UltraISO_is1 - c:\program files\UltraISO\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-11 13:50
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-123947885-3055150098-3939964369-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\EROTICA PEACH\0j00O0・n0ラS纐*0^7_6R'`竡ロcT0qN、N^]
"Order"=hex:08,00,00,00,02,00,00,00,22,01,00,00,01,00,00,00,02,00,00,00,80,00,
00,00,00,00,00,00,72,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,60,00,36,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\經�U�Sヤg^F0U000ソ該e*0}vO0痂・・sYSO_0a0^]
"SlowInfoCache"=hex:28,02,00,00,01,00,00,00,00,10,b2,29,00,00,00,00,5e,8b,83,
cb,72,17,cd,01,05,00,00,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,\
"Changed"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\經�U�Sヤg^F0U000ソ該e*0}vO0痂・・sYSO_0a0^]
"UninstallString"="c:\\WINDOWS\\IsUn0411.exe -f\"c:\\Program Files\\アークシェル\\口唇包柔\\koushin.isu\""
"DisplayName"="口唇包柔~うさみみ調教 白く濡れる女体たち~"
.
[HKEY_LOCAL_MACHINE\software\S*t*u*d*i*o*ェ尻`\エ0ヒ0・��]
"InstalledFolder"="c:\\Studio邪恋\\ゴニン!?"
.
[HKEY_LOCAL_MACHINE\software\「0・ッ0キ0ァ0・\經�U�Sヤg^F0U000ソ該e*0}vO0痂・・sYSO_0a0^\1.00.000]
"srcpath"="d:\\koushin\\"
"dstpath"="c:\\Program Files\\アークシェル\\口唇包柔"
"Version"="0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3176)
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-04-11 13:54:57
ComboFix-quarantined-files.txt 2012-04-11 18:54
ComboFix2.txt 2012-04-10 21:29
ComboFix3.txt 2012-04-09 22:07
.
Pre-Run: 20,287,537,152 bytes free
Post-Run: 22,711,504,896 bytes free
.
- - End Of File - - 2035B0157BE9067833C4A41D2ABF4442
Please run minitoolbox now.
MiniToolBox
Please download MiniToolBox© by farbar and save it to your desktop. Click here. (http://download.bleepingcomputer.com/farbar/MiniToolBox.exe)
Double click on MiniToolBox.exe to run it.
Please check (tick) the following options:
Flush DNS
List IP Configuration
List Winsock Entries
List Last 10 Event Viewer Errors
List Devices (Only Problems) Click on the GO button. A log will open.
Please post the contents of this log. It can also be found on the desktop as Result.txt.
rockmypunkk
2012-04-11, 22:07
MiniToolBox by Farbar Version: 18-01-2012
Ran by Chris (administrator) on 11-04-2012 at 15:04:16
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************
========================= Flush DNS: ===================================
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========================= IP Configuration: ================================
Atheros AR5007EG Wireless Network Adapter = Wireless Network Connection (Connected)
Realtek RTL8102E Family PCI-E Fast Ethernet NIC = Local Area Connection (Media disconnected)
# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip
# Interface IP Configuration for "Local Area Connection"
set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp
# Interface IP Configuration for "Wireless Network Connection"
set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp
popd
# End of interface IP configuration
Windows IP Configuration
Host Name . . . . . . . . . . . . : SnowSakura
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : hsd1.tn.comcast.net.
Ethernet adapter Local Area Connection:
Media State . . . . . . . . . . . : Media disconnected
Description . . . . . . . . . . . : Realtek RTL8102E Family PCI-E Fast Ethernet NIC
Physical Address. . . . . . . . . : 00-23-8B-69-F1-4D
Ethernet adapter Wireless Network Connection:
Connection-specific DNS Suffix . : hsd1.tn.comcast.net.
Description . . . . . . . . . . . : Atheros AR5007EG Wireless Network Adapter
Physical Address. . . . . . . . . : 00-24-2B-23-BC-24
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.1.105
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 75.75.75.75
75.75.76.76
Lease Obtained. . . . . . . . . . : Wednesday, April 11, 2012 1:16:00 PM
Lease Expires . . . . . . . . . . : Thursday, April 12, 2012 1:16:00 PM
Server: cdns01.comcast.net
Address: 75.75.75.75
Name: google.com
Addresses: 74.125.159.101, 74.125.159.100, 74.125.159.139, 74.125.159.102
74.125.159.113, 74.125.159.138
Pinging google.com [74.125.159.102] with 32 bytes of data:
Reply from 74.125.159.102: bytes=32 time=19ms TTL=54
Reply from 74.125.159.102: bytes=32 time=19ms TTL=54
Ping statistics for 74.125.159.102:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 19ms, Maximum = 19ms, Average = 19ms
Server: cdns01.comcast.net
Address: 75.75.75.75
Name: yahoo.com
Addresses: 209.191.122.70, 72.30.38.140, 98.139.183.24
Pinging yahoo.com [72.30.38.140] with 32 bytes of data:
Reply from 72.30.38.140: bytes=32 time=92ms TTL=51
Reply from 72.30.38.140: bytes=32 time=166ms TTL=51
Ping statistics for 72.30.38.140:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 92ms, Maximum = 166ms, Average = 129ms
Server: cdns01.comcast.net
Address: 75.75.75.75
Name: bleepingcomputer.com
Address: 208.43.87.2
Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.
Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x3 ...00 23 8b 69 f1 4d ...... Realtek RTL8102E Family PCI-E Fast Ethernet NIC - Packet Scheduler Miniport
0x20002 ...00 24 2b 23 bc 24 ...... Atheros AR5007EG Wireless Network Adapter - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.105 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.105 192.168.1.105 30
192.168.1.105 255.255.255.255 127.0.0.1 127.0.0.1 30
192.168.1.255 255.255.255.255 192.168.1.105 192.168.1.105 30
224.0.0.0 240.0.0.0 192.168.1.105 192.168.1.105 30
255.255.255.255 255.255.255.255 192.168.1.105 3 1
255.255.255.255 255.255.255.255 192.168.1.105 192.168.1.105 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================
Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
========================= Event log errors: ===============================
Application errors:
==================
Error: (04/10/2012 10:57:02 AM) (Source: Application Hang) (User: )
Description: Hanging application SpybotSD.exe, version 1.6.2.46, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error: (04/09/2012 10:31:36 AM) (Source: Application Error) (User: )
Description: Faulting application plugin-container.exe, version 11.0.0.4454, faulting module mozalloc.dll, version 11.0.0.4454, fault address 0x0000195d.
Processing media-specific event for [plugin-container.exe!ws!]
Error: (04/02/2012 02:10:27 AM) (Source: Application Error) (User: )
Description: Faulting application seraph.exe, version 1.0.0.1, faulting module user32.dll, version 5.1.2600.5512, fault address 0x000187aa.
Processing media-specific event for [seraph.exe!ws!]
Error: (04/02/2012 02:06:43 AM) (Source: Application Error) (User: )
Description: Faulting application seraph.exe, version 1.0.0.1, faulting module user32.dll, version 5.1.2600.5512, fault address 0x000187aa.
Processing media-specific event for [seraph.exe!ws!]
Error: (04/02/2012 02:04:50 AM) (Source: Application Error) (User: )
Description: Faulting application seraph.exe, version 1.0.0.1, faulting module user32.dll, version 5.1.2600.5512, fault address 0x000187aa.
Processing media-specific event for [seraph.exe!ws!]
Error: (04/02/2012 02:03:12 AM) (Source: Application Error) (User: )
Description: Faulting application seraph.exe, version 1.0.0.1, faulting module user32.dll, version 5.1.2600.5512, fault address 0x000187aa.
Processing media-specific event for [seraph.exe!ws!]
Error: (04/02/2012 01:58:56 AM) (Source: Application Error) (User: )
Description: Faulting application seraph.exe, version 1.0.0.1, faulting module user32.dll, version 5.1.2600.5512, fault address 0x000187aa.
Processing media-specific event for [seraph.exe!ws!]
Error: (03/31/2012 09:42:32 PM) (Source: MsiInstaller) (User: Chris)Chris
Description: ? : ???????????? -- ??? 1324? ???? ?? '????????????' ?????????????????
Error: (03/31/2012 09:31:54 PM) (Source: MsiInstaller) (User: Chris)Chris
Description: ? : ???????????? -- ??? 1324? ???? ?? '????????????' ?????????????????
Error: (03/31/2012 09:28:37 PM) (Source: MsiInstaller) (User: Chris)Chris
Description: ? : ???????????? -- ??? 1324? ???? ?? '????????????' ?????????????????
System errors:
=============
Error: (04/11/2012 00:55:59 PM) (Source: Service Control Manager) (User: )
Description: The MBAMService service terminated unexpectedly. It has done this 1 time(s).
Error: (04/11/2012 00:55:58 PM) (Source: Service Control Manager) (User: )
Description: The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
Error: (04/11/2012 00:55:58 PM) (Source: Service Control Manager) (User: )
Description: The IviRegMgr service terminated unexpectedly. It has done this 1 time(s).
Error: (04/11/2012 00:05:00 PM) (Source: Service Control Manager) (User: )
Description: The MBAMService service terminated unexpectedly. It has done this 1 time(s).
Error: (04/11/2012 00:04:59 PM) (Source: Service Control Manager) (User: )
Description: The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
Error: (04/11/2012 00:04:59 PM) (Source: Service Control Manager) (User: )
Description: The IviRegMgr service terminated unexpectedly. It has done this 1 time(s).
Error: (04/11/2012 11:45:46 AM) (Source: Service Control Manager) (User: )
Description: The MBAMService service terminated unexpectedly. It has done this 1 time(s).
Error: (04/11/2012 11:45:46 AM) (Source: Service Control Manager) (User: )
Description: The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
Error: (04/11/2012 11:45:46 AM) (Source: Service Control Manager) (User: )
Description: The IviRegMgr service terminated unexpectedly. It has done this 1 time(s).
Error: (04/11/2012 11:34:09 AM) (Source: Service Control Manager) (User: )
Description: The MBAMService service terminated unexpectedly. It has done this 1 time(s).
Microsoft Office Sessions:
=========================
========================= Devices: ================================
**** End of log ****
Minitoolbox shows no issues that would affect your wireless card. You appear to be connected to it now. Are you still having issues with it? If so, please describe.
Also let me know if there are any other symptoms relating to the infection.
Thanks,
diver79.
rockmypunkk
2012-04-11, 22:21
No I'm not seeing any other problems currently, just need to remove stopzilla and defrag so it's not so slow
Hi rockmypunkk,
just need to remove stopzilla and defrag so it's not so slowGood idea, stopzilla is not a prgram I would recommend. Lets remove it now along with some other out of date programs
Click on start
Then Run
In the open text entry box please copy/paste appwiz.cpl Then click enter.
Press the "Remove" or "Change/Remove"...button to uninstall the programs listed below.
Adobe Flash Player 10 ActiveX
Adobe Reader 9.3.4
Adobe Reader 9.5.0
Java(TM) 6 Update 31
STOPzilla
Viewpoint Media Player
Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.
You can reinstall the latest versions of Flash, Reader and Java using the links below.
http://get.adobe.com/flashplayer/
http://get.adobe.com/uk/reader/
http://www.java.com/en/download/index.jsp
ATF Cleaner
Please download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) to your desktop.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.If you use Firefox browser Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.
Security Check
Please download Security Check by screen317 from one of the links below:
Link 1 (http://screen317.spywareinfoforum.org/SecurityCheck.exe)
Link 2 (http://screen317.changelog.fr/SecurityCheck.exe)
Save it to your Desktop.
Double click SecurityCheck.exeand follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt
Please post the contents of that document.
rockmypunkk
2012-04-11, 23:03
Couldn't remove Adobe Reader 9.3.4 received the notification
This patch package could not be opened. Verify that the patch package exists and that you can access it, or contact the application vendor to verify that this is a valid Windows Installer patch package.
No problem, just continue with the rest of the instructions.
rockmypunkk
2012-04-11, 23:37
Results of screen317's Security Check version 0.99.32
Windows XP Service Pack 3 x86
Internet Explorer 6 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
avast! Free Antivirus
```````````````````````````````
Anti-malware/Other Utilities Check:
Spybot - Search & Destroy
McAfee SiteAdvisor
Java(TM) 6 Update 31
Adobe Flash Player 11.2.202.228
Adobe Reader 9 Adobe Reader out of date!
Adobe Reader X (10.1.3)
Mozilla Firefox (11.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUI.exe
``````````End of Log````````````
Hi rockmypunkk,
You can try removing Adobe Reader with Revo Uninstaller (http://www.revouninstaller.com/start_freeware_download.html)
Just install the Program and run it. Select the program you want to remove (Adobe) and select the Uninstallation mode you want. I would suggest using the moderate setting.
Securitycheck shows that you still have IE6 installed. This poses a huge security risk. Even if you do not use Internet Explorer I would urge you to upgrade it to the latest version. You should be able to do this using Windows Update.
Congratulations your PC is now feee from infection 8) Follow the below steps to clean up the tools we used to fix your PC.
Clean up with OTL
Double-click OTL.exe to start the program. This will remove all the tools we used to clean your pc.
Close all other programs apart from OTL as this step will require a reboot
On the OTL main screen, press the CleanUp! button
Say Yes to the prompt and then allow the program to reboot your computer.
Uninstall Combofix
Click on Start >> Run...
Now type in ComboFix /Uninstall into the box and click OK.
Note the space between the X and the /Uninstall, it needs to be there.
http://i280.photobucket.com/albums/kk173/Dakeyras_album2/CF-Uninstall.png
The above procedure will reset your System Restore and clear out the backups and quarantines created during the course of this fix.
Additional Security Tips.
Update your Antivirus programs and other programs regularly.
Secunia Personal Software Inspector (http://secunia.com/vulnerability_scanning/personal/) - Copyright © Secunia. This app will monitor programs on your computer for known vulnerabilities. You can set it to auto-update for you, or just prompt you if an update is available. I highly recommend it.
F-secure Health Check (http://www.f-secure.com/en_EMEA-Labs/security-threats/tools/health-check/) - Copyright © F-Secure Corporation. F-Secure Health Check is a free application that tells you if your computer is protected and helps you fix possible security issues.
Visit Microsoft often
Keep on top of critical updates, as well as other updates for your computer.
How to configure and use Automatic Updates in Windows XP (http://support.microsoft.com/kb/306525)
Using Windows Update for Windows XP (http://www.microsoft.com/windows/downloads/windowsupdate/learn/windowsxp.mspx)
Microsoft Update Home (http://www.update.microsoft.com)
Please let me know that you completed the cleanup steps and reviewed the rest of the post. Once I receive your reply, unless there are other malware questions or concerns, I will have this topic closed as resolved.
rockmypunkk
2012-04-12, 01:17
I had actually removed internet explorer over a year ago but combofix brought it back, I'll just remove it again. Revo was unable to remove adobe it came up with the same notification about the patch package, was unable to remove combofix, the command came up with the error, windows cannot find combofix
I had actually removed internet explorer over a year ago but combofix brought it back, I'll just remove it again. Combofix would not have added this back. I would recommend leaving it installed and updating it to the latest version.
Revo was unable to remove adobe it came up with the same notification about the patch package, Try just installing the latest version of Adobe Reader from here (http://get.adobe.com/uk/reader/). Run the securitycheck again and see it it still reports that version 9 is installed.
was unable to remove combofix, the command came up with the error, windows cannot find combofixIs the combofix icon still on your desktop?
rockmypunkk
2012-04-12, 23:53
No I think otl removed combofix on the cleanup
I think you may be right, just download Combofix to your desktop again and then run the uninstall command I posted earlier
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
rockmypunkk
2012-04-13, 01:06
Okay I have uninstalled combofix
Excellent you should be all set now then. Just make sure you have updated Adobe Reader to the latest version.
Safe Surfin!
rockmypunkk
2012-04-13, 22:01
I cannot thank you enough for your help I am truly grateful, thank you :bigthumb::thanks::thanks:
Since this issue appears to be resolved ... this Topic has been closed. Glad we could
help.
Note: If it has been three days or more since your last post, and the helper assisting
you posted a response to that post to which you did not reply, your topic will not be
reopened. At that point, if you still require help, please start a new topic and include
a fresh DDS log and a link to your previous thread.
If it has been less than three days since your last response and you need the thread
re-opened, please send me or your helper a private message (pm). A valid, working link to
the closed topic is required.