[Inactive] Trojan-Downloader.Agent!sd6

Welcome to 247fixes PC Help Forum

Welcome to 247fixes PC Help Forum, like most online communities you must register to view or post in our community, but don't worry this is a simple free process that requires minimal information. Take advantage of it immediately, Register Now or Sign In.

Start new topics and reply to others
Subscribe to topics and forums to get automatic updates
Add events to our community calendar
Get your own profile and make new friends
Customize your experience here

Page 1 of 1

You cannot start a new topic
This topic is locked

[Inactive] Trojan-Downloader.Agent!sd6 Continuously 'Alt-Tabbing' out of programs/movies etc

#1 Sanguel

Full Member

Group: Member+
Posts: 12
Joined: 03-December 08

Posted 03 December 2008 - 08:49 AM

Hi everyone, I am experiencing a problem with my computer. Whenever I use my computer to watch a movie, browse the internet or play games, I find that within minutes, it would always switch to the desktop as if i've pressed 'Alt-Tab' on my keyboard. I have tried many programs to see what was going on: AVG, BitDefender, Spyware Doctor and some registry fixers. From Spyware doctor - Trojan-Downloader.Agent!sd6 was shown, but i quarantined and removed.

I don't believe I have recently downloaded any suspicious programs, I use Firefox with NoScript - and do not browse any websites that would appear to be unsafe. Not sure how I was infected.

This is my HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:42:10 PM, on 3/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\taskmagr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearc...ce.com/ie6.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

--
End of file - 6264 bytes

Thanks for reading my post, and I do hope that there is a resolution for this.
(Its really annoying, I play world of warcraft and during i raid, being alt tabbed continuously is getting on my nerves :P)

Edit: I've also tried system restoring the first time i had encountered this problem but obviously had no effect. (Just providing more detail on the situation)

This post has been edited by Sanguel: 03 December 2008 - 08:53 AM

Back to top of the page up there ^
MultiQuote
Reply

#2 Blender

I Will Eat Your Malware

Group: Visiting Teacher
Posts: 374
Joined: 19-September 06

Posted 07 December 2008 - 11:48 AM

Hi & welcome,

Please dont run other tools unless I ask.
If you are already getting help elsewhere -- please let me know.

Don't use registry fixer programs. They can be dangerous because their backups are not accessable if the computer won't boot if the app "fixed" something & broke the registry.

Please stick with me till I give you the "all clear". Even though the symptoms may dissapear the infection may not be all gone so stay with me till I tell you we're all done.

Spyware Doctor give you any details (like file name/location) of "Trojan-Downloader.Agent!sd6" ?
If so -- post that info please.

Please download this tool and save it to your desktop:

http://oldtimer.geek...om/OTViewIt.exe
http://download.blee...er/OTViewIt.exe

Temporarily disable antimalware programs to prevent its interference with running of OTViewIt.exe
Double click OTViewIt.exe to run. (If running Vista please right click & choose "run as administrator")
Click "run scan"
When done it will have produced 2 logs in same folder you saved OTViewit.exe to. (should be on desktop)

Post contents of both logs here please.

Thanks :)

Back to top of the page up there ^
MultiQuote
Reply

#3 Sanguel

Full Member

Group: Member+
Posts: 12
Joined: 03-December 08

Posted 20 December 2008 - 09:21 AM

Hi! I'm so sorry, I have been VERY busy lately and I had no time to reply/check :(

Here is from Extras.Txt:

OTViewIt Extras logfile created on: 20/12/2008 8:18:52 PM - Run
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\Viktor\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.57 Gb Available Physical Memory | 78.37% Memory free
3.85 Gb Paging File | 3.52 Gb Available in Paging File | 91.41% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 15.42 Gb Free Space | 20.69% Space Free | Partition Type: NTFS
Drive D: | 650.10 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 1.91 Gb Total Space | 0.03 Gb Free Space | 1.82% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VICTOR-7UX0TMP8
Current User Name: Viktor
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2002/08/29 06:41:26 | 00,091,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Disabled:Internet Explorer

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

========== HKEY_LOCAL_MACHINE Protocol Defaults ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_CURRENT_USER Protocol Defaults ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2003/12/22 08:38:40 | 00,081,920 | ---- | M] (Hewlett-Packard Company) C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (cetihpz:{CF184AD3-CDCB-4168-A3F7-8E447D129300} (HKLM) [CZipHandler Object])
ipp: [HKLM - No CLSID value]
[2003/07/11 02:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[2007/10/18 11:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])
msdaipp: [HKLM - No CLSID value]
[2003/07/11 02:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[2003/07/11 02:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]
[2007/10/18 11:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])
[2003/08/01 15:09:04 | 08,086,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])
[2002/08/29 06:40:12 | 00,842,268 | ---- | M] () C:\WINDOWS\system32\msdxm.ocx (vnd.ms.radio:{3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} (HKLM) [AsyncPProt Class])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2003/07/14 22:45:12 | 00,039,488 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}"=MSXML4 Parser
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}"=Steam
"{055EE59D-217B-43A7-ABFF-507B966405D8}"=ATI Catalyst Control Center
"{18D10072035C4515918F7E37EAFAACFC}"=AutoUpdate
"{18E0918E-1060-48f3-925C-56C82E88551B}"=HP PSC & OfficeJet 3.5
"{1F7473D9-6C0B-4F5A-8FA4-AB8AD78CBE54}"=DocProc
"{22988B2A-374A-4A7B-B795-A1AFF2046BE9}"=PhotoGallery
"{22F358CE-610B-A033-0D36-4FADA6E8F67A}"=Skins
"{236BB7C4-4419-42FD-0409-1E257A25E34D}"=Adobe Photoshop CS2
"{255F566C-3F57-15AD-2CA5-E7EA41F9904F}"=Catalyst Control Center Graphics Full Existing
"{257EC58E-03FD-472B-A9B6-93F23A3C4CB0}"=Scan
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}"=Java™ 6 Update 10
"{29B50D30-EAFC-4cea-9F76-3A0E3729E9B0}"=SkinsHP1
"{2E132061-C78A-48D4-A899-1D13B9D189FA}"=Memories Disc Creator 2.0
"{31DABA20-10A1-4746-9D9F-57955B8DFF66}"=Free Games Offer, Desktop Shortcut
"{3248F0A8-6813-11D6-A77B-00B0D0160040}"=Java™ 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{34957B51-9676-41CE-9E52-44AE91B73F1C}"=HP Software Update
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{3BD633E0-4BF8-4499-9149-88F0767D449C}"=Call of Duty® 4 - Modern Warfare™ 1.4 Patch
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}"=HPSystemDiagnostics
"{415B8A4E-0EA2-4C69-975C-EEE07B837FD7}"=Unload
"{4287A29F-EA4C-24E4-4AAE-3E6CDC9C965A}"=CCC Help English
"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}"=Bonjour
"{47C25360-AEBC-4B21-B233-87CE653B3369}"=AIOMinimal
"{48242276-DB89-42e8-9678-BD4280D7B99A}"=Copy
"{49FC50FC-F965-40D9-89B4-CBFF80941033}"=Windows Movie Maker 2.0
"{4FEEDAA3-0D0C-7584-63F2-0F216D3426C9}"=ccc-core-preinstall
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}"=Windows Live Messenger
"{57C7C46A-D35D-492d-A328-4F8C9B5B4B52}"=PrintScreen
"{5C709422-F782-4629-8EE3-E60B480C7327}"=1300Trb
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}"=PowerDVD
"{6864A62D-3EF3-415F-9922-240EED34B4C0}"=Fax
"{6E19F210-3813-4002-B561-94D66AA182B6}"=Atheros Communications Inc.® L1 Gigabit Ethernet Driver
"{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}"=QuickTime
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}"=Microsoft .NET Framework 2.0
"{723C033E-63EA-4227-BAB2-0AA8693C16EB}"=Director
"{745A92AF-53B4-41A7-91C3-9B026B1D5897}"=InstantShare
"{786C5747-1033-0000-B58E-000000000001}"=Adobe Stock Photos 1.0
"{789289CA-F73A-4A16-A331-54D498CE069F}"=Ventrilo Client
"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX Codec
"{80AE66E6-E9FA-0CAC-C9F1-4E5A144886F0}"=Catalyst Control Center Graphics Full New
"{81DD5688-695A-4c1d-AE7D-368BF857725A}"=TrayApp
"{8503C901-85D7-4262-88D2-8D8B2A7B08B8}"=Call of Duty® 4 - Modern Warfare™ 1.5 Patch
"{8777AC6D-89F9-4793-8266-DE406F343E89}"=QFolder
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}"=Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"{8AB8D458-939E-403F-0097-9BA1C1F013D5}"=The Sims 2
"{8D6EC7D6-E71D-8743-1396-591F4195F347}"=Catalyst Control Center Graphics Light
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}"=Adobe Common File Installer
"{8FD697DD-C94F-22BE-6EFD-AA4CA7CF2B33}"=ccc-core-static
"{91120409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Standard Edition 2003
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}"=Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"{98E05456-E3A5-4F6B-823E-4D1883E4BD3D}"=1300_Help
"{99D48FBB-2DEF-49A9-BCC9-C5AF63DD2643}"=AiOSoftware
"{9B03C535-3AEA-4ef2-B326-0A01A2207034}"=CreativeProjects
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}"=Microsoft Visual C++ 2005 Redistributable
"{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}"=SimCity 4 Deluxe
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}"=Windows Live installer
"{AA452BED-9370-44D5-970C-677DECDA7463}"=1300
"{AC76BA86-7AD7-1033-7B44-A81000000003}"=Adobe Reader 8.1.1
"{AEC20FEC-47D8-4DEA-85D7-0B7E5D905D11}"=AiO_Scan
"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}"=Windows Live Sign-in Assistant
"{B38C3184-F573-CDC2-9452-FA9C576AB010}"=ccc-utility
"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player
"{B74D4E10-6884-0000-0000-000000000103}"=Adobe Bridge 1.0
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}"=Apple Software Update
"{B85C4D19-6CEB-48CF-BD98-C887AC8C6F94}"=iTunes
"{BC339BFD-F550-471a-8D26-4D08126C62F7}"=SkinsHP2
"{C19BE821-89B1-4A96-AC7C-873810C0CB5F}"=ContentSAFER for Wizmax
"{C20CE592-B0F8-4D20-BF31-0151CA6331A6}"=EmoDio
"{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}"=Uniblue DriverScanner 2009
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CBE3E0AF-73BB-4c21-8B96-B09E003EDE7F}"=QuickProjects
"{D050D7362D214723AD585B541FFB6C11}"=DivX Content Uploader
"{D186329B-1B4D-408D-ABEC-EA5CE1F182C9}"=Overland
"{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4}"=Apple Mobile Device Support
"{DB52432E-3AD8-41A5-A586-0F065FB6A31E}"=Game Cam
"{DB6901C6-E8B7-F5F0-F0C6-9028AFCD5A74}"=Catalyst Control Center Graphics Previews Common
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware 2007
"{E068CD0F-E631-17E7-9A01-05C2B2B54C84}"=Catalyst Control Center Core Implementation
"{E443F067-3345-482C-BD7A-12675A53D292}"=Readme
"{E48469CC-635E-4FD5-A122-1497C286D217}"=Call of Duty® 4 - Modern Warfare™
"{E9787678-1033-0000-8E67-000000000001}"=Adobe Help Center 1.0
"{E9E3EE81-6E7F-47A3-8D38-3470256704DB}_is1"=Tortun 0.8
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}"=Realtek High Definition Audio Driver
"{F43CEA29-411E-4689-A075-566DC6394635}"=1300Tour
"{FA3A247D-437A-455E-A88F-7EB6E5F9E799}"=Catalyst Control Center - Branding
"{FBBF532A-47AC-457d-AC06-0D3163D8911E}"=WebReg
"{FF102450-55AA-4AE1-ACE4-E271E2470C83}"=hpmdtab
"3DSexVilla2-051.001"=thriXXX 3DSexVilla2-051.001
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}"=Adobe Photoshop CS2
"All ATI Software"=ATI - Software Uninstall Utility
"ATI Display Driver"=ATI Display Driver
"Audacity_is1"=Audacity 1.2.6
"CCleaner"=CCleaner (remove only)
"Combined Community Codec Pack_is1"=Combined Community Codec Pack 2007-07-22
"Diablo II"=Diablo II
"DVD Decrypter"=DVD Decrypter (Remove Only)
"EphPod"=EphPod
"FlashGet"=FlashGet 1.9.6.1073
"Free Music Zilla_is1"=Free Music Zilla
"Hamachi"=Hamachi 1.0.2.5
"HijackThis"=HijackThis 2.0.2
"HP Photo & Imaging"=HP Image Zone 3.5
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}"=Call of Duty® 4 - Modern Warfare™ 1.4 Patch
"InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}"=Call of Duty® 4 - Modern Warfare™ 1.5 Multiplayer Patch
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}"=Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}"=Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"InstallShield_{C20CE592-B0F8-4D20-BF31-0151CA6331A6}"=EmoDio
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}"=Call of Duty® 4 - Modern Warfare™
"InterActual Player"=InterActual Player
"LimeWire"=LimeWire PRO 4.18.8
"Messenger Plus! Live"=Messenger Plus! Live
"Microsoft .NET Framework 2.0"=Microsoft .NET Framework 2.0
"Mozilla Firefox (3.0.5)"=Mozilla Firefox (3.0.5)
"MultiRes (remove only)"=MultiRes (remove only)
"NetworkActiv PIAFCTM 2.2"=NetworkActiv PIAFCTM 2.2
"PingPlotter Standard"=PingPlotter Standard 3.20.1s
"PowerISO"=PowerISO
"Radeon Omega Drivers for Windows XP/2kv4.8.442"=Radeon Omega Drivers v4.8.442 Setup Files and Tools
"Registry Mechanic_is1"=Registry Mechanic 8.0
"RegistryBooster 2_is1"=Uniblue RegistryBooster 2
"SpeedFan"=SpeedFan (remove only)
"Steam App 320"=Half-Life 2: Deathmatch
"StyleXP"=StyleXP (remove only)
"Switch"=Switch Sound File Converter
"tweak ui 2.10"=Tweak UI
"Uniblue DriverScanner"=Uniblue DriverScanner
"Uniblue DriverScanner 2009"=Uniblue DriverScanner 2009
"VLC media player"=VideoLAN VLC media player 0.8.6d
"WinAVI Video Converter_is1"=WinAVI Video Converter
"Windows Media Format Runtime"=Windows Media Format Runtime
"Windows Media Player"=Windows Media Player 10
"WinRAR archiver"=WinRAR archiver
"World of Warcraft"=World of Warcraft
"XP Codec Pack"=XP Codec Pack
"XviD_is1"=XviD MPEG-4 Video Codec

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent"=µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 18/12/2008 3:12:40 AM | Computer Name = VICTOR-7UX0TMP8 | Source = Perflib | ID = 1015
Description = The timeout waiting for the performance data collection function "PerfOS"
in
the "C:\WINDOWS\system32\perfos.dll" Library to finish has expired. There may be
a problem with this extensible counter or the service it is collecting data from
or the system may have been very busy when this call was attempted.

Error - 18/12/2008 3:12:47 AM | Computer Name = VICTOR-7UX0TMP8 | Source = Perflib | ID = 1015
Description = The timeout waiting for the performance data collection function "PerfOS"
in
the "C:\WINDOWS\system32\perfos.dll" Library to finish has expired. There may be
a problem with this extensible counter or the service it is collecting data from
or the system may have been very busy when this call was attempted.

Error - 18/12/2008 3:13:19 AM | Computer Name = VICTOR-7UX0TMP8 | Source = Perflib | ID = 1015
Description = The timeout waiting for the performance data collection function "PerfOS"
in
the "C:\WINDOWS\system32\perfos.dll" Library to finish has expired. There may be
a problem with this extensible counter or the service it is collecting data from
or the system may have been very busy when this call was attempted.

Error - 18/12/2008 6:24:20 AM | Computer Name = VICTOR-7UX0TMP8 | Source = Perflib | ID = 1015
Description = The timeout waiting for the performance data collection function "PerfDisk"
in
the "C:\WINDOWS\system32\perfdisk.dll" Library to finish has expired. There may
be a problem with this extensible counter or the service it is collecting data from
or the system may have been very busy when this call was attempted.

Error - 18/12/2008 6:25:13 AM | Computer Name = VICTOR-7UX0TMP8 | Source = Perflib | ID = 1015
Description = The timeout waiting for the performance data collection function "PerfDisk"
in
the "C:\WINDOWS\system32\perfdisk.dll" Library to finish has expired. There may
be a problem with this extensible counter or the service it is collecting data from
or the system may have been very busy when this call was attempted.

Error - 18/12/2008 6:25:59 AM | Computer Name = VICTOR-7UX0TMP8 | Source = Perflib | ID = 1015
Description = The timeout waiting for the performance data collection function "PerfDisk"
in
the "C:\WINDOWS\system32\perfdisk.dll" Library to finish has expired. There may
be a problem with this extensible counter or the service it is collecting data from
or the system may have been very busy when this call was attempted.

Error - 18/12/2008 6:32:00 AM | Computer Name = VICTOR-7UX0TMP8 | Source = Perflib | ID = 1015
Description = The timeout waiting for the performance data collection function "PerfDisk"
in
the "C:\WINDOWS\system32\perfdisk.dll" Library to finish has expired. There may
be a problem with this extensible counter or the service it is collecting data from
or the system may have been very busy when this call was attempted.

Error - 18/12/2008 6:32:13 AM | Computer Name = VICTOR-7UX0TMP8 | Source = Perflib | ID = 1015
Description = The timeout waiting for the performance data collection function "PerfDisk"
in
the "C:\WINDOWS\system32\perfdisk.dll" Library to finish has expired. There may
be a problem with this extensible counter or the service it is collecting data from
or the system may have been very busy when this call was attempted.

Error - 18/12/2008 6:48:33 AM | Computer Name = VICTOR-7UX0TMP8 | Source = Perflib | ID = 1015
Description = The timeout waiting for the performance data collection function "PerfOS"
in
the "C:\WINDOWS\system32\perfos.dll" Library to finish has expired. There may be
a problem with this extensible counter or the service it is collecting data from
or the system may have been very busy when this call was attempted.

Error - 18/12/2008 8:03:45 AM | Computer Name = VICTOR-7UX0TMP8 | Source = Application Hang | ID = 1002
Description = Hanging application wmplayer.exe, version 10.0.0.3802, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 3/12/2008 3:34:08 AM | Computer Name = VICTOR-7UX0TMP8 | Source = Service Control Manager | ID = 7003
Description = The bdfsfltr service depends on the following nonexistent service:
FltMgr

Error - 3/12/2008 4:11:48 AM | Computer Name = VICTOR-7UX0TMP8 | Source = DCOM | ID = 10010
Description = The server {825AFB87-B613-4383-80B1-F22B419513ED} did not register
with DCOM within the required timeout.

Error - 6/12/2008 8:32:34 PM | Computer Name = VICTOR-7UX0TMP8 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.3 for the Network Card with network
address 001D60B980B8 has been denied by the DHCP server 192.168.2.1 (The DHCP Server
sent a DHCPNACK message).

Error - 7/12/2008 12:04:54 AM | Computer Name = VICTOR-7UX0TMP8 | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 7/12/2008 2:54:50 AM | Computer Name = VICTOR-7UX0TMP8 | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 17/12/2008 6:35:32 PM | Computer Name = VICTOR-7UX0TMP8 | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{94427C94-843E-48D1-9A9C-D58C67A696D6}
because another computer on the network has the same name. The server could not
start.

Error - 17/12/2008 6:38:11 PM | Computer Name = VICTOR-7UX0TMP8 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.6 for the Network Card with network
address 001D60B980B8 has been denied by the DHCP server 192.168.2.1 (The DHCP Server
sent a DHCPNACK message).

Error - 17/12/2008 9:57:47 PM | Computer Name = VICTOR-7UX0TMP8 | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{94427C94-843E-48D1-9A9C-D58C67A696D6}
because another computer on the network has the same name. The server could not
start.

Error - 17/12/2008 10:00:09 PM | Computer Name = VICTOR-7UX0TMP8 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.2 for the Network Card with network
address 001D60B980B8 has been denied by the DHCP server 192.168.2.1 (The DHCP Server
sent a DHCPNACK message).

Error - 17/12/2008 10:16:39 PM | Computer Name = VICTOR-7UX0TMP8 | Source = Print | ID = 54
Description = Document Microsoft Word - 1.doc was corrupted and has been deleted.
The associated driver is: hp psc 1300 series.

< End of report >

Back to top of the page up there ^
MultiQuote
Reply

#4 Sanguel

Full Member

Group: Member+
Posts: 12
Joined: 03-December 08

Posted 20 December 2008 - 09:22 AM

This is from OTViewIt.Txt:

OTViewIt logfile created on: 20/12/2008 8:18:52 PM - Run
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\Viktor\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.57 Gb Available Physical Memory | 78.37% Memory free
3.85 Gb Paging File | 3.52 Gb Available in Paging File | 91.41% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 15.42 Gb Free Space | 20.69% Space Free | Partition Type: NTFS
Drive D: | 650.10 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 1.91 Gb Total Space | 0.03 Gb Free Space | 1.82% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VICTOR-7UX0TMP8
Current User Name: Viktor
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/09/24 13:04:49 | 00,581,632 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2006/05/25 05:31:06 | 00,372,736 | ---- | M] () -- C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
[2008/09/24 13:04:49 | 00,581,632 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2008/06/03 12:47:41 | 00,607,576 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
[2008/01/15 02:40:04 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2007/07/24 15:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2008/12/16 12:15:02 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2008/02/15 11:14:35 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
[2005/01/28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe
[2003/12/22 08:38:42 | 00,241,664 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
[2008/12/16 12:15:03 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[2007/07/17 11:13:56 | 00,049,152 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
[2007/07/17 11:13:34 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
[2007/10/18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe
[2002/08/29 06:41:00 | 00,094,720 | ---- | M] () -- C:\WINDOWS\system32\taskmagr.exe
[2008/12/18 02:15:45 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2008/12/20 20:18:41 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Viktor\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/06/03 12:47:41 | 00,607,576 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -- (aawservice [Auto | Running])
[2008/03/05 21:40:42 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
[2008/01/15 02:40:04 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2005/09/23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/09/24 13:04:49 | 00,581,632 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
[2008/09/23 21:05:00 | 00,593,920 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
[2007/07/24 15:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2005/09/23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2008/01/15 03:22:44 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
[2008/12/16 12:15:02 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2005/07/07 21:56:08 | 00,065,795 | ---- | M] (HP) -- C:\WINDOWS\system32\hpzipm12.exe -- (Pml Driver HPZ12 [On_Demand | Stopped])
[2008/02/15 11:14:35 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])
[2006/05/25 05:31:06 | 00,372,736 | ---- | M] () -- C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe -- (StyleXPService [Auto | Running])
[2005/01/28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running])
[2007/10/18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Running])
[2007/10/25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])

========== Driver Services ==========

[2007/08/07 12:56:58 | 00,009,344 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\drivers\NSDriver.sys -- (Ad-Watch Connect Filter [On_Demand | Stopped])
[2008/02/03 23:56:27 | 00,043,488 | ---- | M] (Oak Technology Inc.) -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K [System | Running])
[2008/02/24 14:27:00 | 00,037,376 | ---- | M] (Atheros Communications, Inc.) -- C:\WINDOWS\system32\drivers\l151x86.sys -- (AtcL001 [On_Demand | Running])
[2008/09/24 14:09:07 | 03,331,072 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2007/07/20 18:40:10 | 00,084,992 | ---- | M] (ATI Research Inc.) -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService [On_Demand | Stopped])
[2006/09/19 14:44:04 | 00,015,664 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Stopped])
[1996/04/04 06:33:26 | 00,005,248 | ---- | M] () -- C:\WINDOWS\system32\giveio.sys -- (giveio [Boot | Running])
[2008/06/06 21:20:11 | 00,025,280 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi [On_Demand | Running])
[2005/01/07 17:07:18 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus [On_Demand | Stopped])
[2005/07/07 21:56:08 | 00,051,056 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\hpzid412.sys -- (HPZid412 [On_Demand | Stopped])
[2005/07/07 21:56:08 | 00,016,496 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
[2005/07/07 21:56:08 | 00,021,488 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
[2007/04/11 06:04:40 | 04,397,568 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Stopped])
[2008/12/11 17:13:15 | 00,015,271 | ---- | M] (MediaTek Corporation) -- C:\WINDOWS\system32\drivers\FIDE.SYS -- (MTK [On_Demand | Stopped])
[2004/08/12 19:00:00 | 00,005,810 | R--- | M] () -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor [On_Demand | Running])
[2001/08/23 23:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/08/07 11:15:07 | 00,033,052 | ---- | M] (PowerISO Computing, Inc.) -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu [System | Running])
[2008/01/18 14:27:28 | 00,012,400 | ---- | M] (Macrovision Europe Ltd) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [Auto | Running])
[2006/09/25 00:28:46 | 00,005,248 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\system32\speedfan.sys -- (speedfan [Boot | Running])
[2005/11/01 08:44:39 | 00,010,880 | ---- | M] (Windows ® 2000 DDK provider) -- C:\Program Files\TGTSoft\StyleXP\StyleXPHelper.exe -- (StyleXPHelper [System | Running])
[2002/08/29 02:32:32 | 00,056,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio [On_Demand | Running])
[2005/06/13 10:03:12 | 00,060,768 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\w800bus.sys -- (w800bus [On_Demand | Stopped])
[2005/06/13 10:05:08 | 00,009,264 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\w800mdfl.sys -- (w800mdfl [On_Demand | Stopped])
[2005/06/13 10:05:16 | 00,096,224 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\w800mdm.sys -- (w800mdm [On_Demand | Stopped])
[2005/06/13 10:06:58 | 00,087,792 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\w800mgmt.sys -- (w800mgmt [On_Demand | Stopped])
[2005/06/13 10:08:36 | 00,085,664 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\w800obex.sys -- (w800obex [On_Demand | Stopped])
[2001/08/23 23:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [Disabled | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
"Default_Search_URL"=http://internetsearchservice.com
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://www.google.com
"SearchMigratedDefaultName"=Search
"SearchMigratedDefaultURL"=http://internetsearchservice.com/search?q={searchTerms}
"Start Page"=about:blank

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://internetsearchservice.com

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchURL\w]
""=http://internetsearchservice.com/search?q=%s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\System32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.google.com
"Start Page"=about:blank

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
"provider"=

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} (HKLM) -- C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{8E718888-423F-11D2-876E-00A0C9082467}" (HKLM) -- C:\WINDOWS\system32\msdxm.ocx ()

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"Alcmtr"=ALCMTR.EXE (Realtek Semiconductor Corp.)
"AtiPTA"=atiptaxx.exe (ATI Technologies, Inc.)
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" (Hewlett-Packard Company)
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
"RTHDCPL"=RTHDCPL.EXE (Realtek Semiconductor Corp.)
"SkyTel"=SkyTel.EXE (Realtek Semiconductor Corp.)
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun (Advanced Micro Devices, Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)

========== (O4) Startup Folders ==========

[2005/03/16 19:16:50 | 00,113,664 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\Viktor\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoFolderOptions"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableTaskMgr"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
&Download All with FlashGet: C:\Program Files\FlashGet\JC_ALL.HTM [2007/05/19 03:13:10 | 00,001,049 | ---- | M] ()
&Download with FlashGet: C:\Program Files\FlashGet\JC_LINK.HTM [2007/05/19 03:13:10 | 00,001,898 | ---- | M] ()
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2003/08/13 02:34:38 | 10,073,144 | ---- | M] (Microsoft Corporation)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2003/07/14 22:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
{c95fe080-8f5d-11d2-a20b-00aa003c157a}: Button: @shdoclc.dll,-866 -- %SystemRoot%\Web\related.htm [2001/08/23 23:00:00 | 00,000,654 | ---- | M] ()
{c95fe080-8f5d-11d2-a20b-00aa003c157a}: Menu: @shdoclc.dll,-864 -- %SystemRoot%\Web\related.htm [2001/08/23 23:00:00 | 00,000,654 | ---- | M] ()
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3}: Button: FlashGet -- %ProgramFiles%\FlashGet\flashget.exe [2007/09/25 19:10:50 | 02,007,088 | ---- | M] (FlashGet.com)
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3}: Menu: FlashGet -- %ProgramFiles%\FlashGet\flashget.exe [2007/09/25 19:10:50 | 02,007,088 | ---- | M] (FlashGet.com)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/14 22:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} [HKLM] -> [@shdoclc.dll,-866] -> File not found
CmdMapping\\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} [HKLM] -> %ProgramFiles%\FlashGet\flashget.exe [FlashGet] -> [2007/09/25 19:10:50 | 02,007,088 | ---- | M] (FlashGet.com)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.micro...d...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/...indows-i586.cab -- Java Plug-in 1.6.0_10
{C3F79A2B-B9B4-4A66-B012-3EE46475B072}: http://messenger.zon...nt.cab56907.cab -- MessengerStatsClient Class
{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}: http://java.sun.com/...indows-i586.cab -- Java Plug-in 1.6.0_04
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}: http://java.sun.com/...indows-i586.cab -- Java Plug-in 1.6.0_10
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/...indows-i586.cab -- Java Plug-in 1.6.0_10
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload.ma...ash/swflash.cab -- Shockwave Flash Object

========== (O17) DNS Name Servers ==========

{0B98DE7C-4893-402A-AB79-337C3F8F339D} (Servers: | Description: )
{94427C94-843E-48D1-9A9C-D58C67A696D6} (Servers: | Description: Atheros L1 Gigabit Ethernet 10/100/1000Base-T Controller)

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}" (HKLM) -- C:\Program Files\MarkAny\ContentSafer\MACSMANAGER.dll (MarkAny Cooperation.)

========== LSA *Authentication Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=msv1_0,C:\WINDOWS\System32\nnnmjkjI,
>File not found --

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2008/01/17 19:41:53 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

AutoRun []
[2004/08/18 19:37:47 | 00,663,552 | R--- | M] (Electronic Arts Inc.) -- D:\AutoRun.exe -- [ CDFS ]

AutoRun.exe [MZ | ]
[2004/08/18 19:37:47 | 00,663,552 | R--- | M] (Electronic Arts Inc.) -- D:\AutoRun.exe -- [ CDFS ]

AutoRunGUI.dll [MZ | ]
[2004/08/18 13:13:47 | 00,598,016 | R--- | M] (Electronic Arts Inc.) -- D:\AutoRunGUI.dll -- [ CDFS ]

autorun.inf [[autorun] | open=Setup.exe | Icon=Sims2.ico | Name=The Sims 2 | | [Special] | Disk=1 | | ]
[2004/08/18 19:53:40 | 00,000,083 | R--- | M] () -- D:\autorun.inf -- [ CDFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e55f0621-c514-11dc-a3b4-806d6172696f}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e55f0621-c514-11dc-a3b4-806d6172696f}\Shell\AutoRun]
""=Auto&Play

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e55f0621-c514-11dc-a3b4-806d6172696f}\Shell\AutoRun\command]
""=D:\Setup.exe -- [2004/08/18 13:13:48 | 00,110,592 | R--- | M] (Electronic Arts Inc.)

========== Files/Folders - Created Within 30 Days ==========

[3 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2008/12/20 20:18:43 | 00,423,424 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Viktor\Desktop\OTViewIt.exe
[2008/12/19 00:53:01 | 00,001,588 | ---- | C] () -- C:\Documents and Settings\Viktor\Desktop\LimeWire PRO 4.18.8.lnk
[2008/12/19 00:52:09 | 00,772,418 | ---- | C] () -- C:\Documents and Settings\Viktor\My Documents\the-world-ends-with-you-4.jpg
[2008/12/19 00:26:53 | 00,024,698 | ---- | C] () -- C:\Documents and Settings\Viktor\My Documents\Picture 53.jpg
[2008/12/18 23:52:18 | 00,058,646 | ---- | C] () -- C:\Documents and Settings\Viktor\My Documents\i saved my goat.jpg
[2008/12/18 23:48:17 | 00,042,167 | ---- | C] () -- C:\Documents and Settings\Viktor\My Documents\WTF!.jpg
[2008/12/18 17:18:51 | 00,000,079 | ---- | C] () -- C:\Documents and Settings\Viktor\Desktop\Show Desktop.scf
[2008/12/18 13:23:57 | 00,034,304 | ---- | C] () -- C:\Documents and Settings\Viktor\My Documents\1.doc
[2008/12/18 13:22:58 | 00,035,328 | ---- | C] () -- C:\Documents and Settings\Viktor\Desktop\1.doc
[2008/12/17 16:20:03 | 00,049,028 | ---- | C] () -- C:\Documents and Settings\Viktor\My Documents\joanne lol.jpg
[2008/12/17 00:57:25 | 01,453,960 | ---- | C] () -- C:\Documents and Settings\Viktor\My Documents\PB260387.JPG
[2008/12/16 20:11:20 | 01,363,636 | ---- | C] () -- C:\Documents and Settings\Viktor\My Documents\nellyton.jpg
[2008/12/16 13:44:40 | 00,037,428 | ---- | C] () -- C:\Documents and Settings\Viktor\My Documents\rainy day.jpg
[2008/12/12 15:04:30 | 00,024,780 | ---- | C] () -- C:\Documents and Settings\Viktor\My Documents\the boys.jpg
[2008/12/12 02:09:03 | 00,067,544 | ---- | C] () -- C:\Documents and Settings\Viktor\My Documents\burwood hahaha.jpg
[2008/12/11 17:13:15 | 00,015,271 | ---- | C] (MediaTek Corporation) -- C:\WINDOWS\System32\drivers\FIDE.SYS
[2008/12/11 17:13:05 | 00,900,717 | ---- | C] () -- C:\Documents and Settings\Viktor\Desktop\drw1004im.exe
[2008/12/11 17:06:26 | 00,421,888 | ---- | C] () -- C:\WINDOWS\System32\ac3filter.acm
[2008/12/11 17:06:26 | 00,000,755 | ---- | C] () -- C:\Documents and Settings\Viktor\Desktop\Media Player Classic.lnk
[2008/12/11 17:06:22 | 00,000,000 | ---D | C] -- C:\Program Files\XP Codec Pack
[2008/12/11 17:04:39 | 07,459,697 | ---- | C] () -- C:\Documents and Settings\Viktor\Desktop\XP-Codec-Pack_2.4.4.exe
[2008/12/09 21:57:42 | 40,673,524 | ---- | C] () -- C:\Documents and Settings\Viktor\Desktop\1238_-_Dynasty_Warriors_DS_-_Fighters_Battle__(U).zip
[2008/12/09 20:55:45 | 05,427,923 | ---- | C] () -- C:\Documents and Settings\Viktor\Desktop\Soilwork_20-_20Distortion_20Sleep.mp3
[2008/12/09 00:13:26 | 76,039,736 | ---- | C] () -- C:\Documents and Settings\Viktor\Desktop\2252_-_The_World_Ends_with_You_(U).zip
[2008/12/09 00:12:14 | 11,043,8380 | ---- | C] () -- C:\Documents and Settings\Viktor\Desktop\0655_-_Elite_Beat_Agents_(U).zip
[2008/12/08 23:59:33 | 53,559,936 | ---- | C] () -- C:\Documents and Settings\Viktor\Desktop\0174_-_Tony_Hawks_American_Sk8land_(U).zip
[2008/12/08 23:45:42 | 10,567,7516 | ---- | C] () -- C:\Documents and Settings\Viktor\Desktop\2380_-_Guitar_Hero_-_On_Tour_(U).zip
[2008/12/08 23:43:26 | 10,577,0900 | ---- | C] () -- C:\Documents and Settings\Viktor\Desktop\2495_-_Final_Fantasy_IV_(U).zip
[2008/12/07 22:35:32 | 32,211,966 | ---- | C] () -- C:\Documents and Settings\Viktor\Desktop\Young and Dangerous
[2008/12/07 22:21:08 | 16,579,799 | ---- | C] () -- C:\Documents and Settings\Viktor\Desktop\Young and Dangerous.mp4
[2008/12/07 22:11:06 | 01,604,475 | ---- | C] () -- C:\Documents and Settings\Viktor\Desktop\YouTube - Nicholas Tse - The Active Volcano.mp3
[2008/12/07 17:50:06 | 24,853,272 | ---- | C] () -- C:\Documents and Settings\Viktor\Desktop\thesims2_update.exe
[2008/12/07 15:33:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\EA Games
[2008/12/07 15:27:25 | 00,001,740 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\The Sims 2.lnk
[2008/12/07 15:27:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Viktor\My Documents\EA Games
[2008/12/07 15:07:12 | 00,000,000 | ---D | C] -- C:\Program Files\EA GAMES
[2008/12/07 15:07:11 | 00,442,368 | R--- | C] (On2.com) -- C:\WINDOWS\System32\vp6vfw.dll
[2008/12/07 00:20:31 | 00,181,796 | ---- | C] () -- C:\Documents and Settings\Viktor\My Documents\LOL.gif
[2008/12/07 00:16:11 | 01,832,425 | ---- | C] () -- C:\Documents and Settings\Viktor\My Documents\nel-&-vic.jpg
[2008/12/07 00:14:54 | 00,498,314 | ---- | C] () -- C:\Documents and Settings\Viktor\My Documents\vik.jpg
[2008/12/07 00:13:27 | 04,657,695 | ---- | C] () -- C:\Documents and Settings\Viktor\My Documents\P1010762.JPG
[2008/12/07 00:03:02 | 02,637,111 | ---- | C] () -- C:\Documents and Settings\Viktor\My Documents\P1010784.JPG
[2008/12/07 00:01:59 | 03,917,606 | ---- | C] () -- C:\Documents and Settings\Viktor\My Documents\P1010752.JPG
[2008/12/07 00:01:59 | 03,720,547 | ---- | C] () -- C:\Documents and Settings\Viktor\My Documents\P1010753.JPG
[2008/12/06 23:57:46 | 04,552,843 | ---- | C] () -- C:\Documents and Settings\Viktor\My Documents\P1010695.JPG
[2008/12/06 23:57:38 | 04,580,394 | ---- | C] () -- C:\Documents and Settings\Viktor\My Documents\P1010694.JPG
[2008/12/03 21:45:38 | 00,867,394 | ---- | C] () -- C:\Documents and Settings\Viktor\My Documents\Last one standing.mp3
[2008/12/03 21:40:45 | 01,158,448 | ---- | C] () -- C:\Documents and Settings\Viktor\My Documents\PK LOOKING.wav
[2008/12/03 21:28:52 | 00,000,000 | ---D | C] -- C:\Program Files\Audacity
[2008/12/03 19:40:47 | 00,163,328 | ---- | C] () -- C:\Documents and Settings\Viktor\My Documents\ERDNT.E_E
[2008/12/03 19:40:47 | 00,157,696 | ---- | C] () -- C:\Documents and Settings\Viktor\My Documents\ERUNT.EXE
[2008/12/03 19:40:47 | 00,140,288 | ---- | C] () -- C:\Documents and Settings\Viktor\My Documents\NTREGOPT.EXE
[2008/12/03 19:40:47 | 00,038,912 | ---- | C] () -- C:\Documents and Settings\Viktor\My Documents\AUTOBACK.EXE
[2008/12/03 19:40:47 | 00,005,417 | ---- | C] () -- C:\Documents and Settings\Viktor\My Documents\LOC_GER.ZIP
[2008/12/03 19:40:47 | 00,004,090 | ---- | C] () -- C:\Documents and Settings\Viktor\My Documents\ERUNT.LOC
[2008/12/03 19:40:47 | 00,003,275 | ---- | C] () -- C:\Documents and Settings\Viktor\My Documents\ERDNTWIN.LOC
[2008/12/03 19:40:47 | 00,002,815 | ---- | C] () -- C:\Documents and Settings\Viktor\My Documents\ERDNTDOS.LOC
[2008/12/03 19:40:47 | 00,001,960 | ---- | C] () -- C:\Documents and Settings\Viktor\My Documents\NTREGOPT.LOC
[2008/12/03 19:33:51 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/12/03 18:29:37 | 00,000,000 | ---D | C] -- C:\Program Files\BitDefender
[2008/12/03 18:23:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2008/12/03 18:18:24 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\logs
[2008/12/03 18:18:24 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2008/12/03 17:23:37 | 00,000,850 | ---- | C] () -- C:\WINDOWS\System32\ProductTweaks.xml
[2008/12/03 17:23:36 | 00,000,385 | ---- | C] () -- C:\WINDOWS\System32\user_gensett.xml
[2008/12/03 17:18:40 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\BitDefender
[2008/12/02 20:51:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2008/12/02 20:31:24 | 00,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2008/11/30 15:26:35 | 00,000,677 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ventrilo.lnk
[2008/11/30 15:26:30 | 00,000,000 | ---D | C] -- C:\Program Files\Ventrilo
[2008/11/30 15:26:19 | 00,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008/11/28 22:37:05 | 00,028,160 | ---- | C] () -- C:\Documents and Settings\Viktor\My Documents\gem.doc
[2008/11/27 19:30:58 | 00,135,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbport.sys
[2008/11/27 19:30:58 | 00,135,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbport.sys
[2008/11/27 19:30:58 | 00,067,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\usbui.dll
[2008/11/27 19:30:58 | 00,067,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbui.dll
[2008/11/27 19:30:58 | 00,051,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbhub.sys
[2008/11/27 19:30:58 | 00,051,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbhub.sys
[2008/11/27 19:30:58 | 00,019,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbehci.sys
[2008/11/27 19:30:55 | 00,019,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbuhci.sys
[2008/11/27 19:30:55 | 00,019,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbuhci.sys
[2008/11/27 19:30:44 | 00,086,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atapi.sys
[2008/11/27 19:30:44 | 00,086,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atapi.sys
[2008/11/27 19:30:44 | 00,023,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\pciidex.sys
[2008/11/27 19:30:44 | 00,023,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pciidex.sys
[2008/11/27 19:30:44 | 00,003,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\pciide.sys
[2008/11/27 19:30:44 | 00,003,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pciide.sys
[2008/11/27 19:30:35 | 00,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\pci.sys
[2008/11/27 19:30:35 | 00,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pci.sys
[2008/11/27 19:30:33 | 00,035,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\isapnp.sys
[2008/11/27 19:30:33 | 00,035,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isapnp.sys
[2008/11/27 19:30:30 | 00,000,000 | ---D | C] -- C:\Program Files\Intel
[2008/11/27 19:30:06 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood.Tmp
[2008/11/27 19:30:05 | 00,037,376 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\drivers\l151x86.sys
[2008/11/27 19:27:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2008/11/27 19:26:04 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
[2008/11/27 18:44:14 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2008/11/27 18:37:03 | 00,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic
[2008/11/27 18:28:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
[2008/11/27 18:27:58 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\STKIT432.DLL
[2008/11/27 15:28:53 | 17,318,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008/11/26 17:25:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Viktor\My Documents\new mods
[2008/11/25 22:12:55 | 00,017,654 | ---- | C] () -- C:\Documents and Settings\Viktor\My Documents\nice dips gt.JPG
[2008/11/22 20:57:49 | 00,005,816 | ---- | C] () -- C:\Documents and Settings\Viktor\My Documents\a.gif

========== Files - Modified Within 30 Days ==========

[3 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2008/12/20 20:18:41 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Viktor\Desktop\OTViewIt.exe
[2008/12/20 11:35:37 | 00,000,566 | ---- | M] () -- C:\Documents and Settings\Viktor\My Documents\My Sharing Folders.lnk
[2008/12/20 11:33:00 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/12/20 11:32:59 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/12/19 18:30:17 | 00,137,688 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/12/19 18:30:08 | 00,202,040 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2008/12/19 12:51:29 | 00,550,912 | -HS- | M] () -- C:\Documents and Settings\Viktor\My Documents\Thumbs.db
@Alternate Data Stream - 0 bytes -> C:\Documents and Settings\Viktor\My Documents\Thumbs.db:encryptable
[2008/12/19 00:53:01 | 00,001,588 | ---- | M] () -- C:\Documents and Settings\Viktor\Desktop\LimeWire PRO 4.18.8.lnk
[2008/12/19 00:52:09 | 00,772,418 | ---- | M] () -- C:\Documents and Settings\Viktor\My Documents\the-world-ends-with-you-4.jpg
[2008/12/18 23:52:19 | 00,058,646 | ---- | M] () -- C:\Documents and Settings\Viktor\My Documents\i saved my goat.jpg
[2008/12/18 23:48:18 | 00,042,167 | ---- | M] () -- C:\Documents and Settings\Viktor\My Documents\WTF!.jpg
[2008/12/18 20:48:38 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2008/12/18 13:34:09 | 00,034,304 | ---- | M] () -- C:\Documents and Settings\Viktor\My Documents\1.doc
[2008/12/18 13:07:42 | 00,035,328 | ---- | M] () -- C:\Documents and Settings\Viktor\Desktop\1.doc
[2008/12/17 16:20:03 | 00,049,028 | ---- | M] () -- C:\Documents and Settings\Viktor\My Documents\joanne lol.jpg
[2008/12/17 15:59:45 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/12/17 00:39:01 | 05,427,923 | ---- | M] () -- C:\Documents and Settings\Viktor\Desktop\Soilwork_20-_20Distortion_20Sleep.mp3
[2008/12/16 20:11:20 | 01,363,636 | ---- | M] () -- C:\Documents and Settings\Viktor\My Documents\nellyton.jpg
[2008/12/16 13:44:40 | 00,037,428 | ---- | M] () -- C:\Documents and Settings\Viktor\My Documents\rainy day.jpg
[2008/12/16 13:35:49 | 00,034,304 | ---- | M] () -- C:\Documents and Settings\Viktor\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/16 01:20:05 | 02,637,918 | -H-- | M] () -- C:\Documents and Settings\Viktor\Local Settings\Application Data\IconCache.db
[2008/12/12 15:04:30 | 00,024,780 | ---- | M] () -- C:\Documents and Settings\Viktor\My Documents\the boys.jpg
[2008/12/12 02:09:03 | 00,067,544 | ---- | M] () -- C:\Documents and Settings\Viktor\My Documents\burwood hahaha.jpg
[2008/12/11 17:13:15 | 00,015,271 | ---- | M] (MediaTek Corporation) -- C:\WINDOWS\System32\drivers\FIDE.SYS
[2008/12/11 17:13:09 | 00,900,717 | ---- | M] () -- C:\Documents and Settings\Viktor\Desktop\drw1004im.exe
[2008/12/11 17:06:26 | 00,000,755 | ---- | M] () -- C:\Documents and Settings\Viktor\Desktop\Media Player Classic.lnk
[2008/12/11 17:05:23 | 07,459,697 | ---- | M] () -- C:\Documents and Settings\Viktor\Desktop\XP-Codec-Pack_2.4.4.exe
[2008/12/09 22:50:57 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/12/09 22:01:45 | 40,673,524 | ---- | M] () -- C:\Documents and Settings\Viktor\Desktop\1238_-_Dynasty_Warriors_DS_-_Fighters_Battle__(U).zip
[2008/12/09 02:55:48 | 11,043,8380 | ---- | M] () -- C:\Documents and Settings\Viktor\Desktop\0655_-_Elite_Beat_Agents_(U).zip
[2008/12/09 02:22:31 | 10,567,7516 | ---- | M] () -- C:\Documents and Settings\Viktor\Desktop\2380_-_Guitar_Hero_-_On_Tour_(U).zip
[2008/12/09 00:57:24 | 53,559,936 | ---- | M] () -- C:\Documents and Settings\Viktor\Desktop\0174_-_Tony_Hawks_American_Sk8land_(U).zip
[2008/12/09 00:27:56 | 76,039,736 | ---- | M] () -- C:\Documents and Settings\Viktor\Desktop\2252_-_The_World_Ends_with_You_(U).zip
[2008/12/08 23:58:54 | 10,577,0900 | ---- | M] () -- C:\Documents and Settings\Viktor\Desktop\2495_-_Final_Fantasy_IV_(U).zip
[2008/12/07 22:35:57 | 32,211,966 | ---- | M] () -- C:\Documents and Settings\Viktor\Desktop\Young and Dangerous
[2008/12/07 22:23:04 | 16,579,799 | ---- | M] () -- C:\Documents and Settings\Viktor\Desktop\Young and Dangerous.mp4
[2008/12/07 22:06:27 | 01,604,475 | ---- | M] () -- C:\Documents and Settings\Viktor\Desktop\YouTube - Nicholas Tse - The Active Volcano.mp3
[2008/12/07 17:52:35 | 24,853,272 | ---- | M] () -- C:\Documents and Settings\Viktor\Desktop\thesims2_update.exe
[2008/12/07 15:27:25 | 00,001,740 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\The Sims 2.lnk
[2008/12/07 00:20:31 | 00,181,796 | ---- | M] () -- C:\Documents and Settings\Viktor\My Documents\LOL.gif
[2008/12/07 00:16:11 | 01,832,425 | ---- | M] () -- C:\Documents and Settings\Viktor\My Documents\nel-&-vic.jpg
[2008/12/07 00:14:54 | 00,498,314 | ---- | M] () -- C:\Documents and Settings\Viktor\My Documents\vik.jpg
[2008/12/06 20:59:28 | 02,637,111 | ---- | M] () -- C:\Documents and Settings\Viktor\My Documents\P1010784.JPG
[2008/12/06 13:42:16 | 04,657,695 | ---- | M] () -- C:\Documents and Settings\Viktor\My Documents\P1010762.JPG
[2008/12/06 13:36:32 | 03,720,547 | ---- | M] () -- C:\Documents and Settings\Viktor\My Documents\P1010753.JPG
[2008/12/06 13:36:20 | 03,917,606 | ---- | M] () -- C:\Documents and Settings\Viktor\My Documents\P1010752.JPG
[2008/12/06 12:34:02 | 04,552,843 | ---- | M] () -- C:\Documents and Settings\Viktor\My Documents\P1010695.JPG
[2008/12/06 12:33:20 | 04,580,394 | ---- | M] () -- C:\Documents and Settings\Viktor\My Documents\P1010694.JPG
[2008/12/03 21:40:45 | 01,158,448 | ---- | M] () -- C:\Documents and Settings\Viktor\My Documents\PK LOOKING.wav
[2008/12/03 17:23:37 | 00,000,850 | ---- | M] () -- C:\WINDOWS\System32\ProductTweaks.xml
[2008/12/03 17:23:36 | 00,000,385 | ---- | M] () -- C:\WINDOWS\System32\user_gensett.xml
[2008/12/02 10:07:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008/12/01 21:29:36 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\Viktor\My Documents\pw.doc
[2008/11/30 15:26:36 | 00,000,262 | ---- | M] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008/11/30 15:26:35 | 00,000,677 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ventrilo.lnk
[2008/11/28 22:37:05 | 00,028,160 | ---- | M] () -- C:\Documents and Settings\Viktor\My Documents\gem.doc
[2008/11/26 08:04:11 | 00,000,638 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/11/25 22:12:55 | 00,017,654 | ---- | M] () -- C:\Documents and Settings\Viktor\My Documents\nice dips gt.JPG
[2008/11/22 20:57:49 | 00,005,816 | ---- | M] () -- C:\Documents and Settings\Viktor\My Documents\a.gif
< End of report >

Back to top of the page up there ^
MultiQuote
Reply

#5 Blender

I Will Eat Your Malware

Group: Visiting Teacher
Posts: 374
Joined: 19-September 06

Posted 20 December 2008 - 10:48 AM

Hi,

Thanks for the logs.

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v706/ried7/whatnext.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Let me know how the system is running please.

Thanks :)

Back to top of the page up there ^
MultiQuote
Reply

#6 Sanguel

Full Member

Group: Member+
Posts: 12
Joined: 03-December 08

Posted 21 December 2008 - 08:25 AM

ComboFix 08-12-20.03 - Viktor 2008-12-21 19:17:27.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1625 [GMT 11:00]
Running from: c:\documents and settings\Viktor\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\cookies.ini
c:\windows\system32\158117
c:\windows\system32\gqamgmuk.ini
c:\windows\system32\gqamgmuk.ini2
c:\windows\system32\gqamgmuk.tmp
c:\windows\system32\mcrh.tmp
c:\windows\system32\taskmagr.exe
c:\windows\system32\wmdmpmsvc.dll

.
((((((((((((((((((((((((( Files Created from 2008-11-21 to 2008-12-21 )))))))))))))))))))))))))))))))
.

2008-12-21 19:13 . 2008-12-21 19:13 <DIR> d-------- c:\program files\Ares
2008-12-16 12:15 . 2008-12-16 12:15 410,976 --a------ c:\windows\system32\deploytk.dll
2008-12-11 17:13 . 2008-12-11 17:13 15,271 --a------ c:\windows\system32\drivers\FIDE.SYS
2008-12-11 17:06 . 2008-12-11 17:06 <DIR> d-------- c:\program files\XP Codec Pack
2008-12-11 17:06 . 2008-07-09 20:05 421,888 --a------ c:\windows\system32\ac3filter.acm
2008-12-07 15:07 . 2008-12-07 15:07 <DIR> d-------- c:\program files\EA GAMES
2008-12-07 15:07 . 2004-08-18 13:14 442,368 -ra------ c:\windows\system32\vp6vfw.dll
2008-12-03 21:28 . 2008-12-03 21:28 <DIR> d-------- c:\program files\Audacity
2008-12-03 19:33 . 2008-12-03 19:33 <DIR> d-------- c:\program files\Trend Micro
2008-12-03 18:29 . 2008-12-03 19:12 <DIR> d-------- c:\program files\BitDefender
2008-12-03 18:23 . 2008-12-03 19:14 <DIR> d-------- c:\windows\SxsCaPendDel
2008-12-03 18:18 . 2008-12-03 18:18 <DIR> d-------- c:\windows\system32\logs
2008-12-03 18:18 . 2008-12-03 18:18 <DIR> d-------- c:\windows\LastGood
2008-12-03 17:23 . 2008-12-03 17:23 850 --a------ c:\windows\system32\ProductTweaks.xml
2008-12-03 17:23 . 2008-12-03 17:23 385 --a------ c:\windows\system32\user_gensett.xml
2008-12-03 17:18 . 2008-12-03 19:12 <DIR> d-------- c:\program files\Common Files\BitDefender
2008-12-02 20:51 . 2008-12-03 18:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\SecTaskMan
2008-12-02 20:31 . 2008-12-02 20:31 <DIR> d-------- c:\program files\Enigma Software Group
2008-11-30 15:26 . 2008-11-30 15:26 <DIR> d-------- c:\program files\Ventrilo
2008-11-30 15:26 . 2008-11-30 15:26 262 --a------ c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2008-11-27 19:30 . 2008-11-27 19:30 <DIR> d-------- c:\program files\Intel
2008-11-27 19:27 . 2008-11-27 19:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\DriverScanner
2008-11-27 19:26 . 2008-11-27 19:27 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
2008-11-27 18:44 . 2008-12-03 18:17 <DIR> d-------- c:\program files\Spyware Doctor
2008-11-27 18:28 . 2008-12-11 17:24 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-21 07:21 --------- d-----w c:\documents and settings\Viktor\Application Data\LimeWire
2008-12-21 07:04 --------- d-----w c:\program files\Warcraft III
2008-12-19 07:35 --------- d-----w c:\program files\Steam
2008-12-19 07:30 202,040 ----a-w c:\windows\system32\PnkBstrB.exe
2008-12-19 07:30 137,688 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-12-18 13:53 --------- d-----w c:\program files\LimeWire
2008-12-18 13:53 --------- d-----w c:\program files\FlashGet
2008-12-18 12:00 --------- d-----w c:\program files\Messenger Plus! Live
2008-12-17 08:49 --------- d-----w c:\program files\World of Warcraft
2008-12-16 01:14 --------- d-----w c:\program files\Java
2008-12-15 07:05 --------- d-----w c:\program files\Diablo II
2008-12-14 04:23 --------- d-----w c:\program files\Free Music Zilla
2008-12-11 06:07 --------- d-----w c:\documents and settings\Viktor\Application Data\dvdcss
2008-12-03 07:18 --------- d-----w c:\program files\UnHackMe
2008-11-30 04:26 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-30 04:26 --------- d-----w c:\documents and settings\Viktor\Application Data\Ventrilo
2008-11-27 08:27 --------- d-----w c:\program files\Uniblue
2008-11-27 08:15 --------- d-----w c:\documents and settings\Viktor\Application Data\Uniblue
2008-11-25 10:16 --------- d-----w c:\program files\Lavasoft
2008-11-25 10:16 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-13 04:27 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-12 07:57 --------- d-----w c:\program files\Microsoft Games
2008-11-08 23:34 --------- d-----w c:\documents and settings\All Users\Application Data\ATI
2008-11-08 23:22 --------- d-----w c:\program files\Common Files\Blizzard Entertainment
2008-11-08 23:20 --------- d-----w c:\program files\ATI Technologies
2008-10-21 06:18 --------- d-----w c:\program files\Total Video Converter
2008-09-24 02:18 425,984 ----a-w c:\windows\system32\ATIDEMGX.dll
2008-09-24 02:17 311,296 ----a-w c:\windows\system32\ati2dvag.dll
2008-09-24 02:09 10,772,480 ----a-w c:\windows\system32\atioglxx.dll
2008-09-24 02:07 188,416 ----a-w c:\windows\system32\atipdlxx.dll
2008-09-24 02:06 43,520 ----a-w c:\windows\system32\ati2edxx.dll
2008-09-24 02:06 26,112 ----a-w c:\windows\system32\Ati2mdxx.exe
2008-09-24 02:06 143,360 ----a-w c:\windows\system32\Oemdspif.dll
2008-09-24 02:06 143,360 ----a-w c:\windows\system32\ati2evxx.dll
2008-09-24 02:04 581,632 ----a-w c:\windows\system32\ati2evxx.exe
2008-09-24 02:03 53,248 ----a-w c:\windows\system32\ATIDDC.DLL
2008-09-24 01:56 307,200 ----a-w c:\windows\system32\atiiiexx.dll
2008-09-24 01:54 4,008,864 ----a-w c:\windows\system32\ati3duag.dll
2008-09-24 01:38 2,399,744 ----a-w c:\windows\system32\ativvaxx.dll
2008-09-24 01:24 48,640 ----a-w c:\windows\system32\amdpcom32.dll
2008-09-24 01:20 380,928 ----a-w c:\windows\system32\atikvmag.dll
2008-09-24 01:19 39,424 ----a-w c:\windows\system32\atiadlxx.dll
2008-09-24 01:18 253,952 ----a-w c:\windows\system32\atiok3x2.dll
2008-09-24 01:18 17,408 ----a-w c:\windows\system32\atitvo32.dll
2008-09-24 01:12 573,440 ----a-w c:\windows\system32\ati2cqag.dll
2008-09-23 10:05 593,920 ------w c:\windows\system32\ati2sgag.exe
2008-02-14 11:19 22,328 ----a-w c:\documents and settings\Viktor\Application Data\PnkBstrK.sys
2008-05-21 14:24 2 --shatr c:\windows\winstart.bat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\ctfmon.exe" [2002-08-29 13312]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ares"="c:\program files\Ares\Ares.exe" [2008-12-16 887808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-01-10 385024]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-16 136600]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-11 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2007-04-05 c:\windows\SkyTel.exe]
"AtiPTA"="atiptaxx.exe" [2006-02-22 c:\windows\system32\atiptaxx.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2002-08-29 13312]

c:\documents and settings\Viktor\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= "c:\progra~1\MarkAny\CONTEN~1\MACSMA~1.DLL" [2004-11-23 192512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\\Windows\\System32\\logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= ffdshow.ax
"msacm.ac3filter"= ac3filter.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-01-15 03:22 267048 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-12-19 18:30 1410296 c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
--a------ 2006-05-25 05:31 1372160 c:\program files\TGTSoft\StyleXP\StyleXP.exe

R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\System32\DRIVERS\l151x86.sys [2008-11-27 37376]
S3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\System32\drivers\AtiHdmi.sys [2007-07-20 84992]
S3 MTK;Media Technology Kernel Driver;c:\windows\System32\Drivers\fide.sys [2008-12-11 15271]

*Newly Created Service* - ALG
*Newly Created Service* - IPNAT
.
Contents of the 'Scheduled Tasks' folder

2008-12-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
mSearch Bar = hxxp://internetsearchservice.com/ie6.html
mSearchMigratedDefaultURL = hxxp://internetsearchservice.com/search?q={searchTerms}
uInternet Settings,ProxyOverride = *.local
mSearchURL = hxxp://internetsearchservice.com
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm -
FF - ProfilePath - c:\documents and settings\Viktor\Application Data\Mozilla\Firefox\Profiles\2ceii8xw.default\
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npWebLaunch.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-21 19:19:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(756)
c:\windows\System32\ODBC32.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(812)
c:\windows\System32\dssenh.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\TGTSoft\StyleXP\StyleXPService.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Windows Live\Messenger\usnsvc.exe
.
**************************************************************************
.
Completion time: 2008-12-21 19:21:05 - machine was rebooted [Viktor]
ComboFix-quarantined-files.txt 2008-12-21 08:21:03

Pre-Run: 16,390,688,768 bytes free
Post-Run: 16,363,347,968 bytes free

198

My computer seems to be running faster, but im yet to be 'alt-tabbed' - I'll let you know if it happens again.
Thanks alot :)

Back to top of the page up there ^
MultiQuote
Reply

#7 Blender

I Will Eat Your Malware

Group: Visiting Teacher
Posts: 374
Joined: 19-September 06

Posted 21 December 2008 - 06:36 PM

Hi,

You mean you still have the Alt+tab issue?

Attached is file called "fixme.zip"
Please save this file to your desktop & unzip it.
It should look like "fixme.reg" when done & look like blue blocks.
Right click "fixme.reg" & choose merge
Answer "yes" when asked about adding contents of fixme.reg to the registry.
Should get success message.

Delete fixme.reg & the zip when done.

Next:
Run Hijackthis, do system scan only & fix the following lines if present:

R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearc...ce.com/ie6.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com

Close all open browser windows including the one you're looking at now & hit "fix checked" then OK.
Exit Hijackthis & reboot.

Post a fresh Hijackthis log please.
As well as log from the following:

If you already have used Kaspersky online scanner, please uninstall it via add/remove programs because this is a new version I need you to download.

Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.

The program will install and then begin downloading the latest definition files.
After the files have been downloaded on the left side of the page in the Scan section select My Computer
This will start the program and scan your system.
The scan will take a while, so be patient and let it run.
Once the scan is complete, click on View scan report
Now, click on the Save Report as button.
Save the file to your desktop.
Copy and paste that information in your next post.

Graphics tutorial available here if needed:

http://i275.photobuc...ng/KAS/KAS9.gif

If you get Java error please refer to & do as the screenshots here show:
http://smg.photobuck...ky_Java-err.gif

Let me know how machine is running and if you still have the alt+tab issue.

Thanks :)

Attached File(s)

fixme.zip (219bytes)
Number of downloads: 2

Back to top of the page up there ^
MultiQuote
Reply

#8 Sanguel

Full Member

Group: Member+
Posts: 12
Joined: 03-December 08

Posted 02 January 2009 - 09:28 AM

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, January 2, 2009
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, January 02, 2009 05:06:57
Records in database: 1545901
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - Critical Areas:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
C:\Documents and Settings\Viktor\Start Menu\Programs\Startup
C:\Program Files
C:\WINDOWS

Scan statistics:
Files scanned: 48598
Threat name: 3
Infected objects: 6
Suspicious objects: 0
Duration of the scan: 00:41:18

File name / Threat name / Threats count
svchost.exe\mevent.dll/svchost.exe\mevent.dll Infected: Trojan-Downloader.Win32.Agent.aohb 1
C:\WINDOWS\System32\mevent.dll/C:\WINDOWS\System32\mevent.dll Infected: Trojan-Downloader.Win32.Agent.aohb 1
C:\WINDOWS\System32\taskmagr.exe/C:\WINDOWS\System32\taskmagr.exe Infected: Trojan-Downloader.Win32.Agent.ayrc 1
C:\WINDOWS\system32\mevent.dll Infected: Trojan-Downloader.Win32.Agent.aohb 1
C:\WINDOWS\system32\SkypeComm.dll Infected: Trojan.Win32.BHO.jgx 1
C:\WINDOWS\system32\taskmagr.exe Infected: Trojan-Downloader.Win32.Agent.ayrc 1

The selected area was scanned.

Sorry about the long delay. My internet was capped out. Thanks again >.< and i apologize for any inconvenience caused.

Back to top of the page up there ^
MultiQuote
Reply

#9 Blender

I Will Eat Your Malware

Group: Visiting Teacher
Posts: 374
Joined: 19-September 06

Posted 02 January 2009 - 02:42 PM

Hi,

Thanks for the log & Happy New Year!

I hate to do this to you but I need a scan of "my computer" not just the critical areas.
Without the complete info I risk breaking the system if I only see & remove part of the threats if anything is in other areas.

Can you re-do the scan please?

Thanks :)

Back to top of the page up there ^
MultiQuote
Reply

#10 Sanguel

Full Member

Group: Member+
Posts: 12
Joined: 03-December 08

Posted 03 January 2009 - 07:26 AM

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, January 3, 2009
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, January 03, 2009 04:39:31
Records in database: 1551365
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Files scanned: 64914
Threat name: 11
Infected objects: 18
Suspicious objects: 0
Duration of the scan: 03:00:23

File name / Threat name / Threats count
svchost.exe\mevent.dll/svchost.exe\mevent.dll Infected: Trojan-Downloader.Win32.Agent.aohb 1
C:\WINDOWS\System32\mevent.dll/C:\WINDOWS\System32\mevent.dll Infected: Trojan-Downloader.Win32.Agent.aohb 1
C:\WINDOWS\System32\taskmagr.exe/C:\WINDOWS\System32\taskmagr.exe Infected: Trojan-Downloader.Win32.Agent.ayrc 1
C:\Documents and Settings\Viktor\.housecall6.6\Quarantine\winavi_video_converter_8_0_3.exe.bac_a03760 Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\Viktor\.housecall6.6\Quarantine\winavi_video_converter_8_0_3.exe.bac_a03760 Infected: Trojan-Downloader.Win32.Small.ury 1
C:\Documents and Settings\Viktor\.housecall6.6\Quarantine\winavi_video_converter_8_0_3.exe.bac_a03760 Infected: Trojan-Downloader.Win32.Small.vrq 1
C:\Documents and Settings\Viktor\.housecall6.6\Quarantine\winavi_video_converter_8_0_3.exe.bac_a03764 Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\Viktor\.housecall6.6\Quarantine\winavi_video_converter_8_0_3.exe.bac_a03764 Infected: Trojan-Downloader.Win32.Small.ury 1
C:\Documents and Settings\Viktor\.housecall6.6\Quarantine\winavi_video_converter_8_0_3.exe.bac_a03764 Infected: Trojan-Downloader.Win32.Small.vrq 1
C:\Documents and Settings\Viktor\My Documents\LimeWire\Incomplete\T-3515161-today junki.wma Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Documents and Settings\Viktor\My Documents\LimeWire\Incomplete\T-3545425-diamonds are forever kayne.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Documents and Settings\Viktor\My Documents\LimeWire\Incomplete\T-3545425-starfall dragonland.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Documents and Settings\Viktor\My Documents\LimeWire\Incomplete\T-3877629-zooster breakout .mp3 Infected: Trojan-Downloader.WMA.GetCodec.n 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\taskmagr.exe.vir Infected: Trojan.Win32.StartPage.dbu 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\wmdmpmsvc.dll.vir Infected: Trojan-Downloader.Win32.Zlob.aome 1
C:\WINDOWS\system32\mevent.dll Infected: Trojan-Downloader.Win32.Agent.aohb 1
C:\WINDOWS\system32\SkypeComm.dll Infected: Trojan.Win32.BHO.jgx 1
C:\WINDOWS\system32\taskmagr.exe Infected: Trojan-Downloader.Win32.Agent.ayrc 1

The selected area was scanned.

:) Happy new year to you too~

Back to top of the page up there ^
MultiQuote
Reply

#11 Blender

I Will Eat Your Malware

Group: Visiting Teacher
Posts: 374
Joined: 19-September 06

Posted 04 January 2009 - 04:09 AM

Hi & thanks :)

Several of your limewire downloads (in progress) are infected.
Better look for a safer sourse for those files. You will see the list we're deleting next --
You will have to stop/cancel those downloads in limewire cus it will only try & get the files again resulting in re-infection.
Downloading stuff from P2P networks isn't safe cus you dunno who you're downloading from and ALOT of the stuff on those networks is infected.
Many uploaders/sharers don't even realize they are sharing worms & other malware.
Limewire has to be one of the worst places to download from.

Copy the contents of the following text inside the code box to a new notepad file.

file::
C:\WINDOWS\System32\mevent.dll
C:\WINDOWS\System32\taskmagr.exe
C:\WINDOWS\system32\SkypeComm.dll 
C:\Documents and Settings\Viktor\My Documents\LimeWire\Incomplete\T-3515161-today junki.wma 
C:\Documents and Settings\Viktor\My Documents\LimeWire\Incomplete\T-3545425-diamonds are forever kayne.mp3 
C:\Documents and Settings\Viktor\My Documents\LimeWire\Incomplete\T-3545425-starfall dragonland.mp3 
C:\Documents and Settings\Viktor\My Documents\LimeWire\Incomplete\T-3877629-zooster breakout .mp3 

registry::
mSearch Bar = hxxp://internetsearchservice.com/ie6.html
mSearchMigratedDefaultURL = hxxp://internetsearchservice.com/search?q={searchTerms}
mSearchURL = hxxp://internetsearchservice.com
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchURL\w]
@=-

Save file to your desktop as file name cfscript.txt

Temporarily disable antivirus/antspyware software to prevent conflict.
Drag cfscript on top of ComboFix & drop it.
CF may offer new version download. Please allow. Allow out through firewall if asked.
CF will restart itself & do the cleanup I asked it to.
Once done it will make new log.

Please post contents of that log & let me know how machine is running.

Thanks :)

Back to top of the page up there ^
MultiQuote
Reply

#12 Sanguel

Full Member

Group: Member+
Posts: 12
Joined: 03-December 08

Posted 04 January 2009 - 04:24 PM

ComboFix 08-12-20.03 - Viktor 2009-01-05 3:14:38.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1677 [GMT 11:00]
Running from: c:\documents and settings\Viktor\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Viktor\Desktop\cfscript.txt.txt
* Created a new restore point
.
- REDUCED FUNCTIONALITY MODE -

FILE ::
c:\documents and settings\Viktor\My Documents\LimeWire\Incomplete\T-3515161-today junki.wma
c:\documents and settings\Viktor\My Documents\LimeWire\Incomplete\T-3545425-diamonds are forever kayne.mp3
c:\documents and settings\Viktor\My Documents\LimeWire\Incomplete\T-3545425-starfall dragonland.mp3
c:\documents and settings\Viktor\My Documents\LimeWire\Incomplete\T-3877629-zooster breakout .mp3
c:\windows\System32\mevent.dll
c:\windows\system32\SkypeComm.dll
c:\windows\System32\taskmagr.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Viktor\My Documents\LimeWire\Incomplete\T-3515161-today junki.wma
c:\documents and settings\Viktor\My Documents\LimeWire\Incomplete\T-3545425-diamonds are forever kayne.mp3
c:\documents and settings\Viktor\My Documents\LimeWire\Incomplete\T-3545425-starfall dragonland.mp3
c:\documents and settings\Viktor\My Documents\LimeWire\Incomplete\T-3877629-zooster breakout .mp3
c:\windows\System32\mevent.dll
c:\windows\system32\SkypeComm.dll
c:\windows\system32\taskmagr.exe

.
((((((((((((((((((((((((( Files Created from 2008-12-04 to 2009-01-04 )))))))))))))))))))))))))))))))
.

2009-01-05 03:06 . 2009-01-05 03:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-01-04 00:33 . 2009-01-04 00:33 180,258 --a------ c:\windows\system32\c_20000.nls
2009-01-04 00:30 . 2007-04-12 16:33 66,082 --a------ c:\windows\system32\c_21027.nls
2009-01-04 00:29 . 2007-04-12 16:19 66,082 --a------ c:\windows\system32\c_20290.nls
2009-01-04 00:28 . 2009-01-04 00:27 162,850 --a------ c:\windows\system32\c_10001.nls
2009-01-04 00:25 . 2009-01-04 00:25 28,288 --a------ c:\windows\system32\xjis.nls
2008-12-23 01:05 . 2005-01-23 06:12 679,936 --a------ c:\windows\system32\D3DX81ab.dll
2008-12-23 01:00 . 2008-12-23 01:00 <DIR> d-------- c:\program files\WinPcap
2008-12-23 01:00 . 2008-12-23 01:54 <DIR> d-------- c:\program files\WC3Banlist
2008-12-23 00:38 . 2008-12-23 00:39 <DIR> d-------- c:\program files\PFConfig
2008-12-23 00:11 . 2008-12-23 00:11 <DIR> d-------- c:\program files\Telstra
2008-12-23 00:11 . 2008-12-23 00:11 <DIR> d-------- c:\program files\Alcatel
2008-12-23 00:11 . 2002-06-06 11:14 743,136 --a------ c:\windows\system32\drivers\alcaudsl.sys
2008-12-23 00:11 . 2002-06-14 03:16 81,920 -ra------ c:\windows\tbpu.exe
2008-12-23 00:11 . 2002-06-06 11:14 36,048 --a------ c:\windows\system32\drivers\alcan5ln.sys
2008-12-23 00:11 . 2002-06-06 11:14 5,607 --a------ c:\windows\system32\stci.dll
2008-12-23 00:11 . 2002-06-06 11:14 5,312 --a------ c:\windows\system32\drivers\alcawh.sys
2008-12-23 00:11 . 2002-06-06 11:14 4,000 --a------ c:\windows\system32\drivers\alcacr.sys
2008-12-23 00:11 . 2002-11-05 03:07 894 --------- c:\windows\z.iss
2008-12-23 00:08 . 2008-12-23 00:15 109 --a------ c:\windows\TTM.INI
2008-12-21 19:13 . 2008-12-21 19:13 <DIR> d-------- c:\program files\Ares
2008-12-16 12:15 . 2008-12-16 12:15 410,976 --a------ c:\windows\system32\deploytk.dll
2008-12-11 17:13 . 2008-12-11 17:13 15,271 --a------ c:\windows\system32\drivers\FIDE.SYS
2008-12-11 17:06 . 2008-12-11 17:06 <DIR> d-------- c:\program files\XP Codec Pack
2008-12-11 17:06 . 2008-07-09 20:05 421,888 --a------ c:\windows\system32\ac3filter.acm
2008-12-07 15:07 . 2008-12-07 15:07 <DIR> d-------- c:\program files\EA GAMES
2008-12-07 15:07 . 2004-08-18 13:14 442,368 -ra------ c:\windows\system32\vp6vfw.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-04 14:50 --------- d-----w c:\program files\Warcraft III
2009-01-04 11:52 --------- d-----w c:\program files\Free Music Zilla
2009-01-03 14:28 --------- d-----w c:\program files\FlashGet
2008-12-29 03:25 --------- d-----w c:\documents and settings\Viktor\Application Data\uTorrent
2008-12-22 13:11 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-21 07:21 --------- d-----w c:\documents and settings\Viktor\Application Data\LimeWire
2008-12-19 07:35 --------- d-----w c:\program files\Steam
2008-12-19 07:30 137,688 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-12-18 13:53 --------- d-----w c:\program files\LimeWire
2008-12-18 12:00 --------- d-----w c:\program files\Messenger Plus! Live
2008-12-17 08:49 --------- d-----w c:\program files\World of Warcraft
2008-12-16 01:14 --------- d-----w c:\program files\Java
2008-12-15 07:05 --------- d-----w c:\program files\Diablo II
2008-12-11 06:24 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-11 06:07 --------- d-----w c:\documents and settings\Viktor\Application Data\dvdcss
2008-12-03 10:28 --------- d-----w c:\program files\Audacity
2008-12-03 08:33 --------- d-----w c:\program files\Trend Micro
2008-12-03 08:12 --------- d-----w c:\program files\Common Files\BitDefender
2008-12-03 08:12 --------- d-----w c:\program files\BitDefender
2008-12-03 07:18 --------- d-----w c:\program files\UnHackMe
2008-12-03 07:18 --------- d-----w c:\documents and settings\All Users\Application Data\SecTaskMan
2008-12-03 07:17 --------- d-----w c:\program files\Spyware Doctor
2008-12-02 09:31 --------- d-----w c:\program files\Enigma Software Group
2008-11-30 04:26 --------- d-----w c:\program files\Ventrilo
2008-11-30 04:26 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-30 04:26 --------- d-----w c:\documents and settings\Viktor\Application Data\Ventrilo
2008-11-27 08:30 --------- d-----w c:\program files\Intel
2008-11-27 08:28 --------- d-----w c:\documents and settings\All Users\Application Data\DriverScanner
2008-11-27 08:27 --------- dc-h--w c:\documents and settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
2008-11-27 08:27 --------- d-----w c:\program files\Uniblue
2008-11-27 08:15 --------- d-----w c:\documents and settings\Viktor\Application Data\Uniblue
2008-11-25 10:16 --------- d-----w c:\program files\Lavasoft
2008-11-25 10:16 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-12 07:57 --------- d-----w c:\program files\Microsoft Games
2008-11-08 23:34 --------- d-----w c:\documents and settings\All Users\Application Data\ATI
2008-11-08 23:22 --------- d-----w c:\program files\Common Files\Blizzard Entertainment
2008-11-08 23:20 --------- d-----w c:\program files\ATI Technologies
2008-02-14 11:19 22,328 ----a-w c:\documents and settings\Viktor\Application Data\PnkBstrK.sys
2008-05-21 14:24 2 --shatr c:\windows\winstart.bat
.

((((((((((((((((((((((((((((( snapshot@2008-12-21_19.20.49.17 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-17 10:10:17 68,608 ----a-w c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2008-12-22 14:02:04 68,608 ----a-w c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2008-01-17 10:10:19 72,192 ----a-w c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2008-12-22 14:02:12 72,192 ----a-w c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2008-01-17 10:10:19 4,308,992 ----a-w c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2008-12-22 14:02:13 4,308,992 ----a-w c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2008-01-17 10:10:19 482,304 ----a-w c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2008-12-22 14:02:13 482,304 ----a-w c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2008-01-17 10:10:18 2,878,976 ----a-w c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2008-12-22 14:02:08 2,878,976 ----a-w c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2008-01-17 10:10:16 258,048 ----a-w c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2008-12-22 14:02:01 258,048 ----a-w c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2008-01-17 10:10:16 114,176 ----a-w c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2008-12-22 14:02:01 114,176 ----a-w c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2008-01-17 10:10:20 260,096 ----a-w c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2008-12-22 14:02:16 260,096 ----a-w c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2008-01-17 10:10:17 5,025,792 ----a-w c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2008-12-22 14:02:06 5,025,792 ----a-w c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2008-01-17 10:10:16 10,752 ----a-w c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2008-12-22 14:02:03 10,752 ----a-w c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2008-01-17 10:10:16 503,808 ----a-w c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2008-12-22 14:02:01 503,808 ----a-w c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2008-01-17 10:10:16 13,312 ----a-w c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2008-12-22 14:02:02 13,312 ----a-w c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2008-01-17 10:10:18 8,192 ----a-w c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2008-12-22 14:02:10 8,192 ----a-w c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2008-01-17 10:10:18 36,864 ----a-w c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2008-12-22 14:02:11 36,864 ----a-w c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2008-01-17 10:10:18 5,632 ----a-w c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2008-12-22 14:02:12 5,632 ----a-w c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2008-01-17 10:10:16 413,696 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2008-12-22 14:02:02 413,696 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2008-01-17 10:10:16 36,864 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2008-12-22 14:02:03 36,864 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2008-01-17 10:10:16 647,168 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2008-12-22 14:02:03 647,168 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2008-01-17 10:10:16 73,728 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2008-12-22 14:02:03 73,728 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2008-01-17 10:10:16 745,472 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2008-12-22 14:02:02 745,472 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2008-01-17 10:10:20 110,592 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2008-12-22 14:02:18 110,592 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2008-01-17 10:10:20 372,736 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2008-12-22 14:02:17 372,736 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2008-01-17 10:10:15 28,672 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2008-12-22 14:01:59 28,672 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2008-01-17 10:10:20 667,648 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2008-12-22 14:02:17 667,648 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2008-01-17 10:10:20 5,632 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2008-12-22 14:02:18 5,632 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2008-01-17 10:10:15 12,800 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2008-12-22 14:02:00 12,800 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2008-01-17 10:10:15 32,768 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2008-12-22 14:02:00 32,768 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2008-01-17 10:10:15 7,168 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2008-12-22 14:02:00 7,168 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2008-01-17 10:10:19 110,592 ----a-w c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2008-12-22 14:02:15 110,592 ----a-w c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2008-01-17 10:10:17 81,920 ----a-w c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2008-12-22 14:02:04 81,920 ----a-w c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2008-01-17 10:10:19 389,120 ----a-w c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2008-12-22 14:02:15 389,120 ----a-w c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2008-01-17 10:10:19 716,800 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2008-12-22 14:02:14 716,800 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2008-01-17 10:10:16 884,736 ----a-w c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2008-12-22 14:02:01 884,736 ----a-w c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2008-01-17 10:10:18 5,050,368 ----a-w c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2008-12-22 14:02:08 5,050,368 ----a-w c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2008-01-17 10:10:17 188,416 ----a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2008-12-22 14:02:05 188,416 ----a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2008-01-17 10:10:17 397,312 ----a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2008-12-22 14:02:05 397,312 ----a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2008-01-17 10:10:17 81,920 ----a-w c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2008-12-22 14:02:05 81,920 ----a-w c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2008-01-17 10:10:20 700,416 ----a-w c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2008-12-22 14:02:16 700,416 ----a-w c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2008-01-17 10:10:19 368,640 ----a-w c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2008-12-22 14:02:14 368,640 ----a-w c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2008-01-17 10:10:20 258,048 ----a-w c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2008-12-22 14:02:16 258,048 ----a-w c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2008-01-17 10:10:19 299,008 ----a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2008-12-22 14:02:14 299,008 ----a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2008-01-17 10:10:19 131,072 ----a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2008-12-22 14:02:15 131,072 ----a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2008-01-17 10:10:16 258,048 ----a-w c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2008-12-22 14:02:04 258,048 ----a-w c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2008-01-17 10:10:17 114,688 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2008-12-22 14:02:05 114,688 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2008-01-17 10:10:20 835,584 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2008-12-22 14:02:17 835,584 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2008-01-17 10:10:17 86,016 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2008-12-22 14:02:06 86,016 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2008-01-17 10:10:17 823,296 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2008-12-22 14:02:06 823,296 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2008-01-17 10:10:17 5,316,608 ----a-w c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2008-12-22 14:02:07 5,316,608 ----a-w c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2008-01-17 10:10:18 2,035,712 ----a-w c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2008-12-22 14:02:07 2,035,712 ----a-w c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2008-01-17 10:10:20 3,018,752 ----a-w c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2008-12-22 14:02:15 3,018,752 ----a-w c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2009-01-04 16:06:57 58,880 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\DriversHQ.DriverDet#\3cd6c9dd90ab3c4c8439c68b6c01d5ce\DriversHQ.DriverDetective.ExceptionLogging.ni.dll
+ 2009-01-04 16:06:53 253,952 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\DriversHQ.DriverDet#\6d713f6a5cb7af418f5b09f07b9fa100\DriversHQ.DriverDetective.Client.Communication.ni.dll
+ 2009-01-04 16:06:57 229,376 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\DriversHQ.DriverDet#\807ec0b491bb5c478b06777d5cf24782\DriversHQ.DriverDetective.Common.ni.dll
+ 2009-01-04 16:06:46 2,560,000 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\DriversHQ.DriverDet#\fdaa14fc0db4784a9ae2f9a3bccd5f21\DriversHQ.DriverDetective.Client.ni.exe
+ 2009-01-04 16:06:57 258,048 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Applicati#\6f53143940e60c4493b7e0b31a519b57\Microsoft.ApplicationBlocks.Updater.ni.dll
+ 2009-01-04 16:07:01 2,441,216 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\1b68e21dde3412489734294898b6dbee\Microsoft.JScript.ni.dll
+ 2009-01-04 16:06:58 368,640 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Practices#\81ecd09f6d3c6b4fb4eacf02b75706c2\Microsoft.Practices.EnterpriseLibrary.Common.ni.dll
+ 2009-01-04 16:07:02 356,352 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Practices#\d23d68073d003d4abc2cc12faa9b5cc1\Microsoft.Practices.ObjectBuilder.ni.dll
+ 2009-01-04 16:07:02 167,936 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Practices#\eb7759425dbd1c42b5c34974b1d216c1\Microsoft.Practices.EnterpriseLibrary.Security.Cryptography.ni.dll
+ 2009-01-04 16:06:53 17,920 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\4b72912f63efda4bbc3855ea3f43ef52\Microsoft.VisualC.ni.dll
+ 2009-01-04 16:07:01 77,824 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\a40dbae52808604e9035cd1d5e12513a\Microsoft.Vsa.ni.dll
+ 2009-01-04 16:06:52 167,936 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\273febafd5c1514d8a5ea1967b910d9a\System.Configuration.Install.ni.dll
+ 2009-01-04 16:06:56 1,183,744 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\a6a53cbb5a9ed447aa348c2bc01da8b5\System.Data.OracleClient.ni.dll
+ 2009-01-04 16:06:51 2,703,360 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\a050c7d57b5186448663fc7674c0ec52\System.Data.SqlXml.ni.dll
+ 2009-01-04 16:06:59 1,060,864 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\ffe691be1be50f4792045327b384d177\System.Management.ni.dll
+ 2009-01-04 16:06:54 815,104 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\be6b5ffba98f3b4bb92c3d882ec9d16a\System.Runtime.Remoting.ni.dll
+ 2009-01-04 16:06:51 339,968 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\d6746b6bc139684b9108fd7b87623933\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2009-01-04 16:06:56 233,472 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\52f66f41244d33498a6cec6b4af8ff01\System.ServiceProcess.ni.dll
+ 2009-01-04 16:07:02 139,264 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\XPBurnComponent\f61f5a99ff10664a85ac45b315a56bad\XPBurnComponent.ni.dll
+ 2008-01-17 10:10:19 299,008 ------w c:\windows\assembly\temp\ABODE3G5IV\System.Runtime.Remoting.dll
+ 2004-08-03 11:31:50 175,104 ----a-w c:\windows\ime\chsime\applets\PINTLCSA.DLL
+ 2004-08-03 11:31:50 53,760 ----a-w c:\windows\ime\chsime\applets\PINTLCSD.DLL
+ 2004-08-03 11:31:52 97,792 ----a-w c:\windows\ime\CHTIME\Applets\CHTMBX.DLL
+ 2004-08-03 11:31:54 56,320 ----a-w c:\windows\ime\CHTIME\Applets\CHTSKDIC.DLL
+ 2004-08-03 11:31:54 173,568 ----a-w c:\windows\ime\CHTIME\Applets\CHTSKF.DLL
+ 2009-01-03 14:11:16 10,096,640 ----a-w c:\windows\ime\CHTIME\Applets\HWXCHT.DLL
+ 2009-01-03 14:17:25 13,463,552 ----a-w c:\windows\ime\imjp8_1\applets\hwxjpn.dll
+ 2009-01-03 14:05:39 471,102 ----a-w c:\windows\ime\imjp8_1\applets\imskdic.dll
+ 2009-01-03 14:05:39 315,452 ----a-w c:\windows\ime\imjp8_1\applets\imskf.dll
+ 2009-01-03 14:17:25 229,439 ----a-w c:\windows\ime\imjp8_1\applets\multibox.dll
+ 2009-01-03 14:25:19 143,422 ----a-w c:\windows\ime\imjp8_1\applets\softkey.dll
+ 2002-08-28 13:39:06 426,042 ----a-w c:\windows\ime\imjp8_1\applets\voicepad.dll
+ 2002-08-28 13:39:08 86,074 ----a-w c:\windows\ime\imjp8_1\applets\voicesub.dll
+ 2002-08-28 13:38:26 57,400 ----a-w c:\windows\ime\imjp8_1\cplexe.exe
+ 2002-08-07 11:35:54 360,494 ----a-w c:\windows\ime\imjp8_1\imjpcic.dll
+ 2002-08-28 13:38:40 716,857 ----a-w c:\windows\ime\imjp8_1\imjpcus.dll
+ 2009-01-03 14:13:35 57,398 ----a-w c:\windows\ime\imjp8_1\imjpdadm.exe
+ 2002-08-28 13:38:40 81,977 ----a-w c:\windows\ime\imjp8_1\imjpdct.dll
+ 2002-08-28 13:38:40 307,258 ----a-w c:\windows\ime\imjp8_1\imjpdct.exe
+ 2002-08-28 13:38:40 155,706 ----a-w c:\windows\ime\imjp8_1\imjpdsvr.exe
+ 2002-08-28 13:38:42 196,666 ----a-w c:\windows\ime\imjp8_1\imjpinst.exe
+ 2002-08-28 13:38:42 208,953 ----a-w c:\windows\ime\imjp8_1\imjpmig.exe
+ 2002-08-28 13:38:46 233,528 ----a-w c:\windows\ime\imjp8_1\imjprw.exe
+ 2009-01-03 14:05:39 45,109 ----a-w c:\windows\ime\imjp8_1\imjpuex.exe
+ 2002-08-28 13:38:52 262,201 ----a-w c:\windows\ime\imjp8_1\imjputy.exe
+ 2002-08-28 13:38:54 274,490 ----a-w c:\windows\ime\imjp8_1\imjputyc.dll
+ 2009-01-03 14:25:19 10,129,408 ----a-w c:\windows\ime\imkr6_1\applets\hwxkor.dll
+ 2001-08-23 12:00:00 80,384 ----a-w c:\windows\ime\imkr6_1\applets\imekrmbx.dll
+ 2009-01-03 13:57:38 36,864 ----a-w c:\windows\ime\imkr6_1\dicts\hanjadic.dll
+ 2002-08-28 17:12:30 99,328 ----a-w c:\windows\ime\imkr6_1\imekrcic.dll
+ 2009-01-03 13:57:38 44,032 ----a-w c:\windows\ime\imkr6_1\imekrmig.exe
+ 2009-01-03 14:05:39 59,904 ----a-w c:\windows\ime\imkr6_1\imkrinst.exe
+ 2009-01-03 13:57:38 102,463 ----a-w c:\windows\ime\shared\imepadsm.dll
+ 2009-01-03 13:57:38 311,359 ----a-w c:\windows\ime\shared\imepadsv.exe
+ 2004-08-03 11:32:28 102,456 ----a-w c:\windows\ime\shared\imlang.dll
+ 2004-08-03 11:32:12 15,872 ----a-w c:\windows\ime\shared\res\PADRS404.DLL
+ 2009-01-03 14:11:17 36,927 ----a-w c:\windows\ime\shared\res\padrs411.dll
+ 2009-01-03 14:11:17 14,336 ----a-w c:\windows\ime\shared\res\padrs412.dll
+ 2004-08-03 11:31:50 15,360 ----a-w c:\windows\ime\shared\res\padrs804.dll
+ 2009-01-03 14:25:20 19,456 ----a-w c:\windows\msagent\intl\agt0404.dll
+ 2009-01-03 14:25:20 19,456 ----a-w c:\windows\msagent\intl\agt0411.dll
+ 2009-01-03 14:25:20 19,456 ----a-w c:\windows\msagent\intl\agt0412.dll
+ 2009-01-03 14:25:21 19,456 ----a-w c:\windows\msagent\intl\agt0804.dll
+ 2009-01-03 14:25:21 218,112 ----a-w c:\windows\system32\c_g18030.dll
+ 2009-01-03 14:25:21 6,656 ----a-w c:\windows\system32\c_is2022.dll
+ 2009-01-03 14:05:39 1,677,824 ----a-w c:\windows\system32\chsbrkr.dll
+ 2009-01-03 14:05:39 838,144 ----a-w c:\windows\system32\chtbrkr.dll
- 2008-12-21 08:05:04 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-01-04 16:16:24 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-12-21 08:05:04 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-01-04 16:16:24 49,152 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-12-31 01:34:25 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008123120090101\index.dat
+ 2008-12-31 19:57:37 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012009010120090102\index.dat
- 2008-12-21 08:05:04 393,216 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-04 16:16:24 409,600 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-12-21 08:15:38 233,472 ----a-w c:\windows\system32\config\systemprofile\ntuser.dat
+ 2009-01-04 16:14:14 233,472 ----a-w c:\windows\system32\config\systemprofile\ntuser.dat
- 2001-08-23 12:00:00 19,456 -c--a-w c:\windows\system32\dllcache\agt0404.dll
+ 2009-01-03 14:25:20 19,456 -c--a-w c:\windows\system32\dllcache\agt0404.dll
- 2001-08-23 12:00:00 19,456 -c--a-w c:\windows\system32\dllcache\agt0411.dll
+ 2009-01-03 14:25:20 19,456 -c--a-w c:\windows\system32\dllcache\agt0411.dll
- 2001-08-23 12:00:00 19,456 -c--a-w c:\windows\system32\dllcache\agt0412.dll
+ 2009-01-03 14:25:20 19,456 -c--a-w c:\windows\system32\dllcache\agt0412.dll
- 2001-08-23 12:00:00 19,456 -c--a-w c:\windows\system32\dllcache\agt0804.dll
+ 2009-01-03 14:25:21 19,456 -c--a-w c:\windows\system32\dllcache\agt0804.dll
- 2001-08-23 12:00:00 218,112 -c--a-w c:\windows\system32\dllcache\c_g18030.dll
+ 2009-01-03 14:25:21 218,112 -c--a-w c:\windows\system32\dllcache\c_g18030.dll
- 2001-08-23 12:00:00 6,656 -c--a-w c:\windows\system32\dllcache\c_is2022.dll
+ 2009-01-03 14:25:21 6,656 -c--a-w c:\windows\system32\dllcache\c_is2022.dll
- 2001-08-23 12:00:00 1,677,824 -c--a-w c:\windows\system32\dllcache\chsbrkr.dll
+ 2009-01-03 14:05:39 1,677,824 -c--a-w c:\windows\system32\dllcache\chsbrkr.dll
- 2001-08-23 12:00:00 838,144 -c--a-w c:\windows\system32\dllcache\chtbrkr.dll
+ 2009-01-03 14:05:39 838,144 -c--a-w c:\windows\system32\dllcache\chtbrkr.dll
- 2002-08-28 13:39:42 97,792 -c--a-w c:\windows\system32\dllcache\chtmbx.dll
+ 2004-08-03 11:31:52 97,792 -c--a-w c:\windows\system32\dllcache\chtmbx.dll
- 2002-08-28 13:39:42 56,320 -c--a-w c:\windows\system32\dllcache\chtskdic.dll
+ 2004-08-03 11:31:54 56,320 -c--a-w c:\windows\system32\dllcache\chtskdic.dll
- 2002-08-28 13:39:42 173,568 -c--a-w c:\windows\system32\dllcache\chtskf.dll
+ 2004-08-03 11:31:54 173,568 -c--a-w c:\windows\system32\dllcache\chtskf.dll
- 2001-08-23 12:00:00 7,168 -c--a-w c:\windows\system32\dllcache\f3ahvoas.dll
+ 2009-01-03 14:25:21 7,168 -c--a-w c:\windows\system32\dllcache\f3ahvoas.dll
- 2001-08-23 12:00:00 36,864 -c--a-w c:\windows\system32\dllcache\hanjadic.dll
+ 2009-01-03 13:57:38 36,864 -c--a-w c:\windows\system32\dllcache\hanjadic.dll
- 2001-08-23 12:00:00 10,096,640 -c--a-w c:\windows\system32\dllcache\hwxcht.dll
+ 2009-01-03 14:11:16 10,096,640 -c--a-w c:\windows\system32\dllcache\hwxcht.dll
- 2001-08-23 12:00:00 13,463,552 -c--a-w c:\windows\system32\dllcache\hwxjpn.dll
+ 2009-01-03 14:17:25 13,463,552 -c--a-w c:\windows\system32\dllcache\hwxjpn.dll
- 2001-08-23 12:00:00 10,129,408 -c--a-w c:\windows\system32\dllcache\hwxkor.dll
+ 2009-01-03 14:25:19 10,129,408 -c--a-w c:\windows\system32\dllcache\hwxkor.dll
- 2001-08-23 12:00:00 44,032 -c--a-w c:\windows\system32\dllcache\imekrmig.exe
+ 2009-01-03 13:57:38 44,032 -c--a-w c:\windows\system32\dllcache\imekrmig.exe
- 2001-08-23 12:00:00 102,463 -c--a-w c:\windows\system32\dllcache\imepadsm.dll
+ 2009-01-03 13:57:38 102,463 -c--a-w c:\windows\system32\dllcache\imepadsm.dll
- 2001-08-23 12:00:00 311,359 -c--a-w c:\windows\system32\dllcache\imepadsv.exe
+ 2009-01-03 13:57:38 311,359 -c--a-w c:\windows\system32\dllcache\imepadsv.exe
- 2001-08-23 12:00:00 57,398 -c--a-w c:\windows\system32\dllcache\imjpdadm.exe
+ 2009-01-03 14:13:35 57,398 -c--a-w c:\windows\system32\dllcache\imjpdadm.exe
- 2001-08-23 12:00:00 45,109 -c--a-w c:\windows\system32\dllcache\imjpuex.exe
+ 2009-01-03 14:05:39 45,109 -c--a-w c:\windows\system32\dllcache\imjpuex.exe
- 2001-08-23 12:00:00 59,904 -c--a-w c:\windows\system32\dllcache\imkrinst.exe
+ 2009-01-03 14:05:39 59,904 -c--a-w c:\windows\system32\dllcache\imkrinst.exe
- 2002-08-28 13:39:02 102,456 -c--a-w c:\windows\system32\dllcache\imlang.dll
+ 2004-08-03 11:32:28 102,456 -c--a-w c:\windows\system32\dllcache\imlang.dll
- 2002-08-28 13:39:06 59,392 -c--a-w c:\windows\system32\dllcache\imscinst.exe
+ 2004-08-03 11:31:50 59,392 -c--a-w c:\windows\system32\dllcache\imscinst.exe
- 2001-08-23 12:00:00 471,102 -c--a-w c:\windows\system32\dllcache\imskdic.dll
+ 2009-01-03 14:05:39 471,102 -c--a-w c:\windows\system32\dllcache\imskdic.dll
- 2001-08-23 12:00:00 315,452 -c--a-w c:\windows\system32\dllcache\imskf.dll
+ 2009-01-03 14:05:39 315,452 -c--a-w c:\windows\system32\dllcache\imskf.dll
- 2001-08-23 12:00:00 6,144 -c--a-w c:\windows\system32\dllcache\kbd101.dll
+ 2009-01-03 14:25:21 6,144 -c--a-w c:\windows\system32\dllcache\kbd101.dll
- 2001-08-23 12:00:00 6,144 -c--a-w c:\windows\system32\dllcache\kbd101a.dll
+ 2009-01-03 14:25:21 6,144 -c--a-w c:\windows\system32\dllcache\kbd101a.dll
- 2001-08-23 12:00:00 6,144 -c--a-w c:\windows\system32\dllcache\kbd106n.dll
+ 2009-01-03 14:25:21 6,144 -c--a-w c:\windows\system32\dllcache\kbd106n.dll
- 2001-08-23 12:00:00 6,144 -c--a-w c:\windows\system32\dllcache\kbdax2.dll
+ 2009-01-03 14:25:21 6,144 -c--a-w c:\windows\system32\dllcache\kbdax2.dll
- 2001-08-23 12:00:00 7,168 -c--a-w c:\windows\system32\dllcache\kbdibm02.dll
+ 2009-01-03 14:25:21 7,168 -c--a-w c:\windows\system32\dllcache\kbdibm02.dll
- 2001-08-23 12:00:00 6,656 -c--a-w c:\windows\system32\dllcache\kbdlk41a.dll
+ 2009-01-03 14:25:21 6,656 -c--a-w c:\windows\system32\dllcache\kbdlk41a.dll
- 2001-08-23 12:00:00 6,144 -c--a-w c:\windows\system32\dllcache\kbdlk41j.dll
+ 2009-01-03 14:25:21 6,144 -c--a-w c:\windows\system32\dllcache\kbdlk41j.dll
- 2001-08-23 12:00:00 7,168 -c--a-w c:\windows\system32\dllcache\kbdnec95.dll
+ 2009-01-03 14:25:21 7,168 -c--a-w c:\windows\system32\dllcache\kbdnec95.dll
- 2001-08-23 12:00:00 9,216 -c--a-w c:\windows\system32\dllcache\kbdnecat.dll
+ 2009-01-03 14:25:21 9,216 -c--a-w c:\windows\system32\dllcache\kbdnecat.dll
- 2001-08-23 12:00:00 7,680 -c--a-w c:\windows\system32\dllcache\kbdnecnt.dll
+ 2009-01-03 14:25:21 7,680 -c--a-w c:\windows\system32\dllcache\kbdnecnt.dll
- 2001-08-23 12:00:00 70,656 -c--a-w c:\windows\system32\dllcache\korwbrkr.dll
+ 2009-01-03 14:05:39 70,656 -c--a-w c:\windows\system32\dllcache\korwbrkr.dll
- 2001-08-23 12:00:00 98,304 -c--a-w c:\windows\system32\dllcache\msir3jp.dll
+ 2009-01-03 14:11:17 98,304 -c--a-w c:\windows\system32\dllcache\msir3jp.dll
- 2001-08-23 12:00:00 229,439 -c--a-w c:\windows\system32\dllcache\multibox.dll
+ 2009-01-03 14:17:25 229,439 -c--a-w c:\windows\system32\dllcache\multibox.dll
- 2002-08-28 13:39:46 15,872 -c--a-w c:\windows\system32\dllcache\padrs404.dll
+ 2004-08-03 11:32:12 15,872 -c--a-w c:\windows\system32\dllcache\padrs404.dll
- 2001-08-23 12:00:00 36,927 -c--a-w c:\windows\system32\dllcache\padrs411.dll
+ 2009-01-03 14:11:17 36,927 -c--a-w c:\windows\system32\dllcache\padrs411.dll
- 2001-08-23 12:00:00 14,336 -c--a-w c:\windows\system32\dllcache\padrs412.dll
+ 2009-01-03 14:11:17 14,336 -c--a-w c:\windows\system32\dllcache\padrs412.dll
- 2002-08-28 13:39:08 15,360 -c--a-w c:\windows\system32\dllcache\padrs804.dll
+ 2004-08-03 11:31:50 15,360 -c--a-w c:\windows\system32\dllcache\padrs804.dll
- 2002-08-28 13:39:08 175,104 -c--a-w c:\windows\system32\dllcache\pintlcsa.dll
+ 2004-08-03 11:31:50 175,104 -c--a-w c:\windows\system32\dllcache\pintlcsa.dll
- 2002-08-28 13:39:08 53,760 -c--a-w c:\windows\system32\dllcache\pintlcsd.dll
+ 2004-08-03 11:31:50 53,760 -c--a-w c:\windows\system32\dllcache\pintlcsd.dll
- 2002-08-28 13:39:06 70,144 -c--a-w c:\windows\system32\dllcache\pintlphr.exe
+ 2004-08-03 11:31:50 70,144 -c--a-w c:\windows\system32\dllcache\pintlphr.exe
- 2002-08-28 13:39:08 67,584 -c--a-w c:\windows\system32\dllcache\pmigrate.dll
+ 2004-08-03 11:31:50 67,584 -c--a-w c:\windows\system32\dllcache\pmigrate.dll
- 2001-08-23 12:00:00 143,422 -c--a-w c:\windows\system32\dllcache\softkey.dll
+ 2009-01-03 14:25:19 143,422 -c--a-w c:\windows\system32\dllcache\softkey.dll
- 2002-08-28 13:39:50 44,032 -c--a-w c:\windows\system32\dllcache\tintlphr.exe
+ 2004-08-03 11:32:16 44,032 -c--a-w c:\windows\system32\dllcache\tintlphr.exe
- 2002-08-28 13:39:50 455,168 -c--a-w c:\windows\system32\dllcache\tintsetp.exe
+ 2004-08-03 11:32:16 455,168 -c--a-w c:\windows\system32\dllcache\tintsetp.exe
- 2002-08-28 13:39:48 10,240 -c--a-w c:\windows\system32\dllcache\tmigrate.dll
+ 2004-08-03 11:32:14 10,240 -c--a-w c:\windows\system32\dllcache\tmigrate.dll
+ 2005-08-02 21:10:13 32,512 ----a-w c:\windows\system32\drivers\npf.sys
+ 2006-01-17 19:50:28 61,952 ----a-w c:\windows\system32\execryptorvb.dll
+ 2009-01-03 14:25:21 7,168 ----a-w c:\windows\system32\f3ahvoas.dll
- 2008-07-28 13:06:50 117,360 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-01-03 14:28:02 122,928 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2002-08-28 13:39:42 201,216 ----a-w c:\windows\system32\IME\CINTLGNT\cintime.dll
+ 2002-08-28 13:39:44 480,256 ----a-w c:\windows\system32\IME\CINTLGNT\cintsetp.exe
+ 2004-08-03 11:31:50 59,392 ----a-w c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE
+ 2004-08-03 11:31:50 70,144 ----a-w c:\windows\system32\IME\PINTLGNT\PINTLPHR.EXE
+ 2004-08-03 11:31:50 67,584 ----a-w c:\windows\system32\IME\PINTLGNT\PMIGRATE.DLL
+ 2004-08-03 11:32:16 44,032 ----a-w c:\windows\system32\IME\TINTLGNT\TINTLPHR.EXE
+ 2004-08-03 11:32:16 455,168 ----a-w c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
+ 2004-08-03 11:32:14 10,240 ----a-w c:\windows\system32\IME\TINTLGNT\TMIGRATE.DLL
+ 2002-06-12 11:14:46 827,438 ----a-w c:\windows\system32\imjp81k.dll
+ 2009-01-03 14:25:21 6,144 ----a-w c:\windows\system32\kbd101.dll
+ 2009-01-03 14:25:21 6,144 ----a-w c:\windows\system32\kbd101a.dll
+ 2009-01-03 14:25:21 6,144 ----a-w c:\windows\system32\kbd106n.dll
+ 2009-01-03 14:25:21 6,144 ----a-w c:\windows\system32\kbdax2.dll
+ 2009-01-03 14:25:21 7,168 ----a-w c:\windows\system32\kbdibm02.dll
+ 2009-01-03 14:25:21 6,656 ----a-w c:\windows\system32\kbdlk41a.dll
+ 2009-01-03 14:25:21 6,144 ----a-w c:\windows\system32\kbdlk41j.dll
+ 2009-01-03 14:25:21 7,168 ----a-w c:\windows\system32\kbdnec95.dll
+ 2009-01-03 14:25:21 9,216 ----a-w c:\windows\system32\kbdnecAT.dll
+ 2009-01-03 14:25:21 7,680 ----a-w c:\windows\system32\kbdnecNT.dll
+ 2009-01-03 14:05:39 70,656 ----a-w c:\windows\system32\korwbrkr.dll
+ 2009-01-03 14:11:17 98,304 ----a-w c:\windows\system32\msir3jp.dll
+ 2002-08-28 19:41:00 28,672 ----a-w c:\windows\system32\mswmdmsrv.dll
+ 2005-08-02 21:08:09 81,920 ----a-w c:\windows\system32\Packet.dll
- 2008-10-26 00:10:52 63,974 ----a-w c:\windows\system32\perfc009.dat
+ 2008-12-22 14:02:23 63,974 ----a-w c:\windows\system32\perfc009.dat
- 2008-10-26 00:10:52 406,432 ----a-w c:\windows\system32\perfh009.dat
+ 2008-12-22 14:02:23 406,432 ----a-w c:\windows\system32\perfh009.dat
- 2008-12-19 07:30:08 202,040 ----a-w c:\windows\system32\PnkBstrB.exe
+ 2009-01-02 05:44:57 202,040 ----a-w c:\windows\system32\PnkBstrB.exe
+ 2005-08-02 21:24:01 53,299 ----a-w c:\windows\system32\pthreadVC.dll
+ 2002-08-28 17:12:18 72,192 ----a-w c:\windows\system32\uniime.dll
+ 2005-08-02 21:08:06 61,440 ----a-w c:\windows\system32\WanPacket.dll
+ 2005-08-02 21:18:45 233,472 ----a-w c:\windows\system32\wpcap.dll
- 2008-01-17 10:10:16 258,048 ----a-w c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2008-12-22 14:02:01 258,048 ----a-w c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2008-01-17 10:10:16 114,176 ----a-w c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2008-12-22 14:02:01 114,176 ----a-w c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\ctfmon.exe" [2002-08-29 13312]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-01-10 385024]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-16 136600]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"SpeedTouch USB Diagnostics"="c:\program files\Alcatel\SpeedTouch USB\Dragdiag.exe" [2002-06-06 861184]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2002-08-29 208953]
"MSPY2002"="c:\windows\System32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]
"PHIME2002ASync"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-11 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2007-04-05 c:\windows\SkyTel.exe]
"AtiPTA"="atiptaxx.exe" [2006-02-22 c:\windows\system32\atiptaxx.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2002-08-29 13312]

c:\documents and settings\Viktor\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= "c:\progra~1\MarkAny\CONTEN~1\MACSMA~1.DLL" [2004-11-23 192512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\\Windows\\System32\\logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= ffdshow.ax
"msacm.ac3filter"= ac3filter.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-01-15 03:22 267048 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-12-19 18:30 1410296 c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
--a------ 2006-05-25 05:31 1372160 c:\program files\TGTSoft\StyleXP\StyleXP.exe

R3 alcan5ln;Alcatel SpeedTouch™ USB ADSL RFC1483 Networking Driver (NDIS);c:\windows\System32\DRIVERS\alcan5ln.sys [2008-12-23 36048]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\System32\DRIVERS\l151x86.sys [2008-11-27 37376]
S3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\System32\drivers\AtiHdmi.sys [2007-07-20 84992]
S3 MTK;Media Technology Kernel Driver;c:\windows\System32\Drivers\fide.sys [2008-12-11 15271]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\System32\drivers\npf.sys [2005-08-03 32512]
.
Contents of the 'Scheduled Tasks' folder

2008-12-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bigpond.com/
mSearchMigratedDefaultURL = hxxp://internetsearchservice.com/search?q={searchTerms}
uInternet Settings,ProxyOverride = *.local
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm -
TCP: {DFCCD8AA-B30D-4235-8DE9-4533380A2DD1} = 10.0.0.138
FF - ProfilePath - c:\documents and settings\Viktor\Application Data\Mozilla\Firefox\Profiles\2ceii8xw.default\
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npWebLaunch.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-05 03:16:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(872)
c:\windows\System32\ODBC32.dll
c:\windows\System32\msctfime.ime
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(928)
c:\windows\System32\dssenh.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\TGTSoft\StyleXP\StyleXPService.exe
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\wdfmgr.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Windows Live\Messenger\usnsvc.exe
.
**************************************************************************
.
Completion time: 2009-01-05 3:17:41 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-04 16:17:30
ComboFix2.txt 2008-12-21 08:21:05

Pre-Run: 16,524,779,520 bytes free
Post-Run: 16,649,830,400 bytes free

533

Hi again,
Oh i see. I haven't really used Limewire for a while, and those songs are really old :S
I use Ares *another p2p my friend recommended - Is that safe? D:

My computer seems to running as normal. Although there is a slight lag or delay everytime I show desktop icons.

I really appreciate your work and time :)

Cheers :D

edit: I've read the thread again ; just pointing this out there, I haven't been alt-tabbed out of anything recently. :)

This post has been edited by Sanguel: 04 January 2009 - 04:29 PM

Back to top of the page up there ^
MultiQuote
Reply

#13 Rorschach112

Scratch

Group: Administrator
Posts: 1438
Joined: 30-April 08

Posted 03 February 2009 - 05:42 PM

No p2p programs are safe, they are all very dangerous

If you persist on using them you will get infected

Please download OTMoveIt3 by OldTimer

Save it to your desktop.
Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).

Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:Processes
explorer.exe

:Services

:Reg

:Files
c:\documents and settings\All Users\Application Data\SecTaskMan
c:\windows\winstart.bat
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Download Rooter.exe to your desktop

Then doubleclick it to start the tool
A Notepad file containing the report will open, also found at %systemdrive%\Rooter.txt. Post that here

Back to top of the page up there ^
MultiQuote
Reply

#14 Rorschach112

Scratch

Group: Administrator
Posts: 1438
Joined: 30-April 08

Posted 07 February 2009 - 08:21 PM

This thread is being closed due to inactivity. If you would like it to be reopened please contact me or another member of the Moderating Team.

As always, we thank you for using 247fixes. Thank you, and have a great day!

Back to top of the page up there ^
MultiQuote
Reply

Page 1 of 1

You cannot start a new topic
This topic is locked

247fixes PC Help Forum: [Inactive] Trojan-Downloader.Agent!sd6 - 247fixes PC Help Forum

Welcome to 247fixes PC Help Forum

[Inactive] Trojan-Downloader.Agent!sd6 Continuously 'Alt-Tabbing' out of programs/movies etc

#1 Sanguel

#2 Blender

#3 Sanguel

#4 Sanguel

#5 Blender

#6 Sanguel

#7 Blender

Attached File(s)

#8 Sanguel

#9 Blender

#10 Sanguel

#11 Blender

#12 Sanguel

#13 Rorschach112

#14 Rorschach112

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users

Skin and Language

Execution Stats

247fixes PC Help Forum: [Inactive] Trojan-Downloader.Agent!sd6 - 247fixes PC Help Forum

Welcome to 247fixes PC Help Forum

[Inactive] Trojan-Downloader.Agent!sd6 Continuously 'Alt-Tabbing' out of programs/movies etc

Attached File(s)

1 User(s) are reading this topic 0 members, 1 guests, 0 anonymous users

Skin and Language

Execution Stats

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users