Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Internet Security 2010-malware

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Internet Security 2010-malware

Unread postby PapaBear » January 18th, 2010, 10:31 pm

Ok, that was not as easy as it reads. The first link for ComboFix has a corrupt file or at least the 2 times I down loaded it the .exe could not execute "file corrupt". The second link, the first time I downloaded it, it wouldn't start. I'm don't think the instructions to turn of AVG 9 are complete as I kept getting a warning when I tried to run ComboFix. I turned off avg in the start-up programs, and some other stuff I didn't want to run at start-up(ie web cam, msn messenger....) and restarted my computer. I also found some other things that I did not put there (or at least I don't think I did). This must have fixed the issue as the 4th time I downloaded ComboFix and clicked the .exe it worked fine as far as I can tell. On a side note, it removed my background pic?

As far as performance, the only noticeable difference thus far is the Run dll error dose not come up and as far as I can tell Fire Fox has stopped with the random misdirects. I tried about 4-6 searches and 8-10 links per search.

***I took a print screen of the programs listed in my start up and I tried to attach a JPEG of it but the forum wont let me. There where 2 items, Rundll32P17 and uvemijigokj. Both of witch unchecked. The uvemijigokj is no longer there after the ComboFix however, the Rundll32P17 is still there. It stayed unchecked but it stayed in the list as well.


ComboFix.log
ComboFix 10-01-18.02 - Gary S. Priest 01/18/2010 19:50:56.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1537 [GMT -6:00]
Running from: c:\documents and settings\Gary S. Priest\Desktop\ComboFix.exe
AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Gary S. Priest\Application Data\Desktopicon
c:\documents and settings\Gary S. Priest\Application Data\Desktopicon\eBay.ico
c:\documents and settings\Gary S. Priest\Application Data\Desktopicon\uninst.exe
c:\documents and settings\Gary S. Priest\Application Data\SystemProc
c:\documents and settings\Gary S. Priest\Local Settings\Application Data\{043824D6-D722-4575-B8C8-67F42C848810}
c:\documents and settings\Gary S. Priest\Local Settings\Application Data\{043824D6-D722-4575-B8C8-67F42C848810}\chrome.manifest
c:\documents and settings\Gary S. Priest\Local Settings\Application Data\{043824D6-D722-4575-B8C8-67F42C848810}\chrome\content\_cfg.js
c:\documents and settings\Gary S. Priest\Local Settings\Application Data\{043824D6-D722-4575-B8C8-67F42C848810}\chrome\content\overlay.xul
c:\documents and settings\Gary S. Priest\Local Settings\Application Data\{043824D6-D722-4575-B8C8-67F42C848810}\install.rdf
c:\program files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}
c:\program files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\timer.xul
c:\program files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\install.rdf
c:\windows\omecerisu.dll
c:\windows\system32\11478.exe
c:\windows\system32\11942.exe
c:\windows\system32\12382.exe
c:\windows\system32\14604.exe
c:\windows\system32\153.exe
c:\windows\system32\15724.exe
c:\windows\system32\16827.exe
c:\windows\system32\18467.exe
c:\windows\system32\19169.exe
c:\windows\system32\23281.exe
c:\windows\system32\24464.exe
c:\windows\system32\26500.exe
c:\windows\system32\26962.exe
c:\windows\system32\28145.exe
c:\windows\system32\292.exe
c:\windows\system32\29358.exe
c:\windows\system32\2995.exe
c:\windows\system32\32391.exe
c:\windows\system32\3902.exe
c:\windows\system32\4827.exe
c:\windows\system32\491.exe
c:\windows\system32\5436.exe
c:\windows\system32\5705.exe
c:\windows\system32\6334.exe
c:\windows\system32\9961.exe
c:\windows\system32\Data
c:\windows\system32\warning.html
c:\windows\update.exe

.
((((((((((((((((((((((((( Files Created from 2009-12-19 to 2010-01-19 )))))))))))))))))))))))))))))))
.

2010-01-19 01:12 . 2010-01-19 01:12 -------- d-----w- c:\program files\ERUNT
2010-01-18 00:04 . 2010-01-08 00:49 2303680 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfws9.exe
2010-01-18 00:04 . 2010-01-08 00:49 1260312 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
2010-01-15 20:50 . 2010-01-15 20:50 -------- d-----w- C:\rsit
2010-01-15 20:50 . 2010-01-15 20:50 -------- d-----w- c:\program files\trend micro
2010-01-12 19:39 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-12 01:13 . 2010-01-12 01:13 3776280 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe
2010-01-12 01:13 . 2010-01-08 00:49 4043032 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
2010-01-12 01:13 . 2010-01-08 00:49 2033432 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtray.exe
2010-01-12 01:13 . 2010-01-12 01:13 3966744 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-01-12 01:13 . 2010-01-08 00:49 2352920 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgresf.dll
2010-01-12 01:13 . 2010-01-08 00:48 916248 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcfgx.dll
2010-01-11 16:16 . 2010-01-11 16:16 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-01-11 16:11 . 2010-01-11 16:12 -------- d-----w- c:\documents and settings\Gary S. Priest\Local Settings\Application Data\Temp
2010-01-11 16:11 . 2010-01-11 16:11 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-01-11 16:11 . 2010-01-11 16:13 -------- d-----w- c:\documents and settings\Gary S. Priest\Local Settings\Application Data\Google
2010-01-11 16:11 . 2010-01-11 16:12 -------- d-----w- c:\program files\Google
2010-01-09 21:05 . 2010-01-18 00:03 0 ----a-w- c:\documents and settings\Gary S. Priest\Local Settings\Application Data\prvlcl.dat
2010-01-08 00:55 . 2010-01-08 00:55 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-01-08 00:49 . 2010-01-08 00:49 -------- d-----w- C:\$AVG
2010-01-08 00:49 . 2010-01-08 00:49 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-01-08 00:49 . 2010-01-08 00:49 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-01-08 00:49 . 2010-01-08 00:49 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-01-08 00:49 . 2010-01-19 01:11 -------- d-----w- c:\windows\system32\drivers\Avg
2010-01-08 00:48 . 2010-01-08 00:48 25608 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2010-01-08 00:48 . 2010-01-08 00:48 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-01-08 00:48 . 2010-01-08 00:48 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-01-08 00:48 . 2010-01-08 00:48 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2010-01-08 00:48 . 2010-01-08 00:48 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2010-01-08 00:48 . 2010-01-08 00:48 -------- d-----w- c:\program files\AVG
2010-01-08 00:48 . 2010-01-08 00:48 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-01-08 00:19 . 2010-01-08 00:19 -------- d-----w- c:\documents and settings\Gary S. Priest\Application Data\Malwarebytes
2010-01-07 15:54 . 2010-01-07 15:54 388096 ----a-r- c:\documents and settings\Gary S. Priest\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-01-07 15:54 . 2010-01-07 15:54 -------- d-----w- c:\program files\TrendMicro
2010-01-07 13:49 . 2010-01-07 13:59 -------- d-----w- c:\documents and settings\Gary S. Priest\DoctorWeb
2010-01-06 21:27 . 2010-01-06 21:27 102400 ----a-w- c:\windows\iStler.exe
2010-01-06 16:27 . 2010-01-06 16:27 -------- d--h--w- c:\windows\PIF
2010-01-02 15:07 . 2009-08-07 01:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-01-02 15:07 . 2009-08-07 01:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-01-01 22:40 . 2008-04-13 18:45 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2010-01-01 21:05 . 2010-01-01 21:33 -------- d-----w- c:\program files\Unlocker
2010-01-01 20:58 . 2010-01-01 21:34 -------- d-----w- c:\documents and settings\Gary S. Priest\Tracing
2010-01-01 20:55 . 2010-01-01 20:55 -------- d-----w- c:\program files\Common Files\Windows Live
2010-01-01 20:54 . 2010-01-01 20:54 -------- d-----w- c:\documents and settings\Gary S. Priest\Contacts
2010-01-01 20:52 . 2010-01-01 20:54 -------- dcsh--w- c:\program files\Common Files\WindowsLiveInstaller
2010-01-01 20:52 . 2010-01-01 20:52 -------- d-----w- c:\documents and settings\All Users\Application Data\WLInstaller
2010-01-01 20:45 . 2010-01-01 20:45 -------- d-----w- c:\documents and settings\Gary S. Priest\Local Settings\Application Data\Help
2010-01-01 20:14 . 2010-01-01 20:14 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Adobe
2010-01-01 20:13 . 2010-01-01 20:13 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-01 20:13 . 2009-11-20 11:08 38784 ----a-w- c:\documents and settings\Gary S. Priest\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-01-01 20:13 . 2009-11-20 11:08 38784 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-01-01 20:13 . 2010-01-01 20:13 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-01-01 20:12 . 2010-01-01 20:15 -------- d-----w- c:\documents and settings\Gary S. Priest\Local Settings\Application Data\Adobe
2010-01-01 20:12 . 2010-01-01 20:12 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-01-01 20:12 . 2010-01-01 21:08 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-01-01 01:42 . 2010-01-05 19:37 -------- d-----w- c:\documents and settings\Gary S. Priest\Application Data\gtk-2.0
2010-01-01 01:42 . 2010-01-01 01:42 -------- d-----w- c:\documents and settings\Gary S. Priest\.thumbnails
2010-01-01 01:41 . 2010-01-05 19:40 -------- d-----w- c:\documents and settings\Gary S. Priest\.gimp-2.6
2010-01-01 01:41 . 2010-01-01 01:41 -------- d-----w- c:\documents and settings\Gary S. Priest\.gegl-0.0
2010-01-01 01:41 . 2010-01-01 01:41 -------- d-sh--w- c:\documents and settings\Gary S. Priest\PrivacIE
2010-01-01 01:38 . 2010-01-01 01:38 -------- d-----w- c:\program files\Gimp-2.0
2009-12-31 15:05 . 2009-12-31 15:05 -------- d-----w- c:\documents and settings\Gary S. Priest\Local Settings\Application Data\Nero
2009-12-31 01:28 . 2008-04-14 00:12 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-12-31 01:27 . 2009-12-31 01:27 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-12-31 01:21 . 2009-12-31 01:21 -------- d-----w- c:\windows\system32\scripting
2009-12-31 01:21 . 2009-12-31 01:21 -------- d-----w- c:\windows\l2schemas
2009-12-31 01:21 . 2009-12-31 01:21 -------- d-----w- c:\windows\system32\en
2009-12-31 01:21 . 2009-12-31 01:21 -------- d-----w- c:\windows\system32\bits
2009-12-31 01:18 . 2009-12-31 01:18 -------- d-----w- c:\windows\EHome
2009-12-31 01:13 . 2010-01-07 03:28 120 ----a-w- c:\windows\Bnebe.dat
2009-12-31 01:13 . 2010-01-06 16:23 0 ----a-w- c:\windows\Cwugeco.bin
2009-12-31 01:09 . 2009-12-31 01:09 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-12-31 01:09 . 2009-12-31 01:09 -------- d-sh--w- c:\documents and settings\Gary S. Priest\IETldCache
2009-12-31 00:55 . 2009-10-29 07:45 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-12-31 00:55 . 2009-10-29 07:45 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-12-31 00:55 . 2009-10-29 07:45 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-12-31 00:55 . 2009-10-29 07:45 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-12-31 00:55 . 2009-10-29 07:45 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-12-31 00:55 . 2009-10-29 07:45 11069952 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-12-31 00:55 . 2009-12-31 00:55 -------- d-----w- c:\windows\ie8updates
2009-12-31 00:55 . 2009-10-02 04:44 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-12-31 00:55 . 2009-12-31 00:55 -------- dc-h--w- c:\windows\ie8
2009-12-29 16:54 . 2008-04-13 18:46 10880 ----a-w- c:\windows\system32\drivers\ndisip.sys
2009-12-29 16:54 . 2008-04-13 18:46 15232 ----a-w- c:\windows\system32\drivers\streamip.sys
2009-12-29 16:54 . 2008-04-13 18:46 11136 ----a-w- c:\windows\system32\drivers\slip.sys
2009-12-29 16:54 . 2008-04-13 18:39 5504 ----a-w- c:\windows\system32\drivers\mstee.sys
2009-12-29 16:54 . 2008-04-13 18:46 19200 ----a-w- c:\windows\system32\drivers\wstcodec.sys
2009-12-29 16:54 . 2008-04-13 18:46 85248 ----a-w- c:\windows\system32\drivers\nabtsfec.sys
2009-12-29 16:54 . 2008-04-13 18:46 17024 ----a-w- c:\windows\system32\drivers\ccdecode.sys
2009-12-29 16:53 . 2008-04-14 00:12 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2009-12-29 16:53 . 2007-06-13 15:24 1469312 ----a-w- c:\windows\system32\drivers\ZS211.sys
2009-12-29 16:53 . 2007-04-06 20:21 77824 ----a-w- c:\windows\ZS211Cap.exe
2009-12-29 16:53 . 2007-04-06 17:06 57344 ----a-w- c:\windows\ZSSnp211.exe
2009-12-29 16:53 . 2006-08-18 22:58 49152 ----a-w- c:\windows\Domino.exe
2009-12-29 16:53 . 2006-08-09 23:37 81920 ----a-w- c:\windows\system32\ZS211STI.dll
2009-12-29 16:53 . 2006-03-14 20:28 172032 ----a-w- c:\windows\amcap.exe
2009-12-29 16:53 . 2009-12-29 16:53 -------- d-----w- c:\program files\Vimicro
2009-12-27 15:36 . 2009-12-27 15:36 -------- d-----w- c:\program files\MSXML 4.0
2009-12-26 17:36 . 2009-12-26 17:45 -------- d-----w- c:\program files\Common Files\Nero
2009-12-26 14:35 . 2009-12-26 14:35 -------- d-----w- c:\documents and settings\Gary S. Priest\Local Settings\Application Data\Ahead
2009-12-26 05:18 . 2010-01-15 16:29 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-26 05:18 . 2010-01-15 16:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-26 04:52 . 2009-12-26 20:25 -------- d-----w- c:\documents and settings\Gary S. Priest\Application Data\Nero
2009-12-26 04:41 . 2009-12-26 17:37 -------- d-----w- c:\program files\Nero
2009-12-26 03:44 . 2009-12-26 03:44 152576 ----a-w- c:\documents and settings\Gary S. Priest\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-26 03:44 . 2009-12-26 03:44 79488 ----a-w- c:\documents and settings\Gary S. Priest\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-26 03:33 . 2009-12-26 04:28 -------- d-----w- c:\program files\Windows Sidebar
2009-12-26 03:28 . 2009-12-26 03:30 -------- d--h--w- c:\windows\msdownld.tmp
2009-12-26 03:28 . 2009-12-26 03:28 -------- d-----w- c:\windows\Logs
2009-12-26 03:25 . 2009-12-31 15:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-12-26 03:12 . 2009-10-11 10:17 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-26 03:12 . 2009-12-26 03:44 -------- d-----w- c:\program files\Java
2009-12-26 03:12 . 2009-12-26 03:12 152576 ----a-w- c:\documents and settings\Gary S. Priest\Application Data\Sun\Java\jre1.6.0_16\lzma.dll
2009-12-26 03:11 . 2009-12-26 03:11 -------- d-----w- c:\program files\Winamp Detect
2009-12-26 03:00 . 2010-01-15 16:26 -------- d-----w- c:\documents and settings\Gary S. Priest\Application Data\uTorrent
2009-12-26 02:54 . 2009-12-26 02:54 -------- d-----w- c:\windows\system32\LogFiles
2009-12-26 02:51 . 2009-12-26 02:51 -------- d-----w- C:\d7bd8d90dc6561f35f408805b51018a4
2009-12-26 02:51 . 2009-12-26 02:56 -------- d-----w- c:\windows\SxsCaPendDel
2009-12-26 02:34 . 2009-12-26 02:34 -------- d-----w- c:\documents and settings\Gary S. Priest\Application Data\Roxio Log Files
2009-12-26 02:30 . 2009-12-26 02:30 -------- d-----w- c:\program files\Elaborate Bytes
2009-12-26 01:26 . 2009-12-26 01:26 -------- d-----w- C:\Hex_Editor_xvi32
2009-12-26 01:21 . 2003-03-25 11:49 152064 ----a-w- c:\windows\system32\unrar.dll
2009-12-26 01:21 . 2001-10-31 16:14 77824 ----a-w- c:\windows\system32\mplaw7.dll
2009-12-26 01:21 . 2001-10-31 16:14 77824 ----a-w- c:\windows\system32\mplaa6.dll
2009-12-26 01:21 . 2001-10-31 16:14 65536 ----a-w- c:\windows\system32\mplapx.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-07 23:07 . 2010-01-07 23:07 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-01-07 23:07 . 2010-01-07 23:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-07 23:07 . 2010-01-07 23:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-07 22:07 . 2010-01-07 23:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 22:07 . 2010-01-07 23:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-31 01:22 . 2009-12-25 23:47 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-12-26 03:11 . 2009-12-26 03:10 -------- d-----w- c:\documents and settings\Gary S. Priest\Application Data\Winamp
2009-12-26 03:11 . 2009-12-26 03:10 -------- d-----w- c:\program files\Winamp
2009-12-25 23:57 . 2009-12-25 23:57 0 ----a-w- c:\windows\nsreg.dat
2009-12-25 23:47 . 2009-12-25 23:47 -------- d-----w- c:\program files\microsoft frontpage
2009-12-25 23:45 . 2009-12-25 23:45 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-11-21 15:51 . 2004-08-04 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-20 11:08 . 2010-01-07 22:59 38784 ----a-w- c:\documents and settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-10-29 07:45 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2004-08-04 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-04 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-30 61440]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-05-26 85160]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-01-08 00:49 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY]
2010-01-12 01:13 2033432 ----a-w- c:\progra~1\AVG\AVG9\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Domino]
2006-08-18 22:58 49152 ----a-w- c:\windows\Domino.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper]
2005-05-04 00:38 64512 ----a-w- c:\windows\system32\P17.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]
2005-06-21 00:53 1056768 ----a-w- c:\program files\VIA\RAID\raid_tool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZSSnp211]
2007-04-06 17:06 57344 ----a-w- c:\windows\ZSSnp211.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"Windows Service Host"= c:\documents and settings\Gary S. Priest\Application Data\svhost.exe
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [1/7/2010 6:48 PM 25608]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [1/7/2010 6:48 PM 161800]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [1/7/2010 6:49 PM 333192]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [1/7/2010 6:48 PM 360584]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [12/25/2009 6:16 PM 13696]
R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [1/7/2010 6:48 PM 906520]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [1/7/2010 6:48 PM 285392]
R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [1/7/2010 6:49 PM 2304192]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [1/7/2010 6:48 PM 5832712]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [1/7/2010 6:48 PM 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [1/7/2010 6:48 PM 122376]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [1/7/2010 6:48 PM 30216]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [1/7/2010 6:48 PM 25736]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/11/2010 10:11 AM 135664]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [1/7/2010 6:48 PM 30104]
.
Contents of the 'Scheduled Tasks' folder

2010-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-11 16:11]

2010-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-11 16:11]
.
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\documents and settings\Gary S. Priest\Application Data\Mozilla\Firefox\Profiles\dt378tcy.default\
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
MSConfigStartUp-MsnMsgr - c:\program files\Windows Live\Messenger\MsnMsgr.Exe
MSConfigStartUp-Rzoke - c:\windows\uvemijigoki.dll
MSConfigStartUp-UnlockerAssistant - c:\program files\Unlocker\UnlockerAssistant.exe
AddRemove-eBay Icon - c:\documents and settings\Gary S. Priest\Application Data\Desktopicon\uninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-18 19:56
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(976)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3552)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\wdfmgr.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
.
**************************************************************************
.
Completion time: 2010-01-18 19:59:11 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-19 01:59

Pre-Run: 62,063,894,528 bytes free
Post-Run: 62,017,007,616 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer

- - End Of File - - 70DF382042936B26CC0814E04ED6886A
PapaBear
Regular Member
 
Posts: 29
Joined: January 7th, 2010, 12:00 pm
Location: North Dakota
Advertisement
Register to Remove

Re: Internet Security 2010-malware

Unread postby Dakeyras » January 19th, 2010, 7:44 am

Hi. :)

OK thanks for the update and most unfortunate about the problems you encountered and I can only apologise about this. Removing malware in the manner I do via logs only with no physical access to a machine can be somewhat difficult at times. So we will merely employ a different methodology.

On a side note, it removed my background pic?
It appears something compromised was removed from the Desktop area/folder. When I give the all clear I suggest you change your personal settings back to how you wish etc.

MSConfig Advice:

Personally I do not think it wise to use the System Configuration Utility unless you know exactly what your are doing as otherwise serious problems may arise.

I advise you consider this application to use instead, it will also provide a extra layer of system protection via its monitoring activities.

WinPatrol:

Download it from here

You can find information about how WinPatrol works here

Note: Do not download/install just yet as it may hinder the malware removal process but by all means do so when I give the all clear if you so wish.

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

Please navigate to Start >> All Programs >> ERUNT >> ERUNT.

  • Click on OK within the pop-up menu.
  • In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
  • System registry
  • Current user registry
  • Next click on OK
  • When the Question pop-up appears click on Yes
  • After a short duration the Registry backup is complete! popup will appear
  • Now click on OK. A backup has been created.

Note: If you have uninstalled ERUNT since we last used it, please inform myself before proceeding any further.

Next:

Please download OTM to your Desktop.

  • Double-click OTM to start the program.
  • Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + B (or, after highlighting, right-click and choose Copy):
Code: Select all
:Processes

:Reg
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Domino]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZSSnp211]

:Files
c:\windows\Bnebe.dat
c:\windows\Cwugeco.bin
c:\windows\SxsCaPendDel
c:\documents and settings\Gary S. Priest\Application Data\uTorrent

:Commands
[Purity]
[EmptyTemp]
[Start Explorer]
[Reboot]
  • Return to OTM, right-click in the "Paste instructions for items to be moved" window (under the yellow bar) and choose Paste
  • Then click the red MoveIt! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of it and pressing CTRL + C (or, after highlighting, right-click and choose Copy), and paste it into your next response.
  • If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
  • Close OTM.

Malwarebytes Anti-Malware:

  • Launch the application, Check for Updates >> Perform a Quick Scan
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

When completed the above, please post back the following:

  • How is your computer performing now? Any problems encountered and or any further symptoms?
  • OTM Log.
  • Malwarebytes Anti-Malware Log.
  • A new RSIT Log.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Internet Security 2010-malware

Unread postby PapaBear » January 20th, 2010, 9:34 pm

Unfortunately I can not comment on performance at this time. I also may have made a mistake. When ComboFix removed my desk top picture I went and got it again not thinking. Its a picture of a character on World Of Warcraft that I got from the Blizzard site. I can take back off if you want me to, but I'll leave it alone until advised.

OTM Log
All processes killed
========== PROCESSES ==========
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Domino\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZSSnp211\ deleted successfully.
========== FILES ==========
c:\windows\Bnebe.dat moved successfully.
c:\windows\Cwugeco.bin moved successfully.
c:\windows\SxsCaPendDel folder moved successfully.
File/Folder c:\documents and settings\Gary S. Priest\Application Data\uTorrent not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 3356521 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Gary S. Priest
->Temp folder emptied: 7566 bytes
->Temporary Internet Files folder emptied: 242876 bytes
->Java cache emptied: 13690431 bytes
->FireFox cache emptied: 72474804 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2162283 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 132368 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 88.00 mb


OTM by OldTimer - Version 3.1.6.0 log created on 01202010_190843

Files moved on Reboot...

Registry entries deleted on Reboot...


Malwarebytes log

Scan type: Quick Scan
Objects scanned: 109968
Time elapsed: 3 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


RSIT

Logfile of random's system information tool 1.06 (written by random/random)
Run by Gary S. Priest at 2010-01-20 19:22:30
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 59 GB (75%) free of 79 GB
Total RAM: 2046 MB (72% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2010-01-07 1484056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-09-29 61440]
"VirtualCloneDrive"=C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2009-05-26 85160]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-01-11 2033432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-09-29 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2010-01-07 12464]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"Windows Service Host"="C:\Documents and Settings\Gary S. Priest\Application Data\svhost.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox"
"C:\Program Files\AVG\AVG9\avgam.exe"="C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe"
"C:\Program Files\AVG\AVG9\avgdiagex.exe"="C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe"
"C:\Program Files\AVG\AVG9\avgemc.exe"="C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-01-20 19:08:47 ----SHD---- C:\RECYCLER
2010-01-20 19:08:43 ----D---- C:\_OTM
2010-01-18 19:59:13 ----D---- C:\WINDOWS\temp
2010-01-18 19:59:11 ----A---- C:\ComboFix.txt
2010-01-18 19:49:55 ----A---- C:\Boot.bak
2010-01-18 19:49:48 ----RASHD---- C:\cmdcons
2010-01-18 19:49:09 ----A---- C:\WINDOWS\zip.exe
2010-01-18 19:49:09 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-01-18 19:49:09 ----A---- C:\WINDOWS\SWSC.exe
2010-01-18 19:49:09 ----A---- C:\WINDOWS\SWREG.exe
2010-01-18 19:49:09 ----A---- C:\WINDOWS\sed.exe
2010-01-18 19:49:09 ----A---- C:\WINDOWS\PEV.exe
2010-01-18 19:49:09 ----A---- C:\WINDOWS\NIRCMD.exe
2010-01-18 19:49:09 ----A---- C:\WINDOWS\MBR.exe
2010-01-18 19:49:09 ----A---- C:\WINDOWS\grep.exe
2010-01-18 19:33:33 ----D---- C:\Qoobox
2010-01-18 19:13:47 ----D---- C:\WINDOWS\ERDNT
2010-01-18 19:12:27 ----D---- C:\Program Files\ERUNT
2010-01-15 14:50:29 ----D---- C:\rsit
2010-01-15 14:50:29 ----D---- C:\Program Files\trend micro
2010-01-14 07:08:30 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-01-13 19:08:59 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-01-11 10:13:36 ----D---- C:\Documents and Settings\Gary S. Priest\Application Data\Google
2010-01-11 10:11:27 ----D---- C:\Program Files\Google
2010-01-07 18:49:32 ----D---- C:\$AVG
2010-01-07 18:49:20 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2010-01-07 18:48:48 ----D---- C:\Program Files\AVG
2010-01-07 18:48:48 ----A---- C:\WINDOWS\system32\avgfwdx.dll
2010-01-07 18:48:45 ----D---- C:\Documents and Settings\All Users\Application Data\avg9
2010-01-07 18:19:49 ----D---- C:\Documents and Settings\Gary S. Priest\Application Data\Malwarebytes
2010-01-07 17:07:04 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-01-07 17:07:03 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-07 16:58:55 ----A---- C:\WINDOWS\ntbtlog.txt
2010-01-07 09:54:11 ----D---- C:\Program Files\TrendMicro
2010-01-06 15:27:40 ----A---- C:\WINDOWS\iStler.exe
2010-01-06 10:27:46 ----HD---- C:\WINDOWS\PIF
2010-01-04 19:08:01 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2010-01-04 19:07:57 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2010-01-04 19:07:48 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2010-01-02 09:07:51 ----A---- C:\WINDOWS\system32\muweb.dll
2010-01-02 09:07:51 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2010-01-02 09:07:51 ----A---- C:\WINDOWS\system32\mucltui.dll
2010-01-01 15:05:49 ----D---- C:\Program Files\Unlocker
2010-01-01 14:55:40 ----D---- C:\Program Files\Common Files\Windows Live
2010-01-01 14:52:59 ----SHDC---- C:\Program Files\Common Files\WindowsLiveInstaller
2010-01-01 14:52:48 ----D---- C:\Documents and Settings\All Users\Application Data\WLInstaller
2010-01-01 14:45:17 ----D---- C:\Documents and Settings\Gary S. Priest\Application Data\Help
2010-01-01 14:13:34 ----D---- C:\Program Files\Common Files\Adobe
2010-01-01 14:13:19 ----D---- C:\Program Files\Adobe
2010-01-01 14:13:12 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2010-01-01 14:13:10 ----D---- C:\Program Files\Common Files\Adobe AIR
2010-01-01 14:12:46 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2009-12-31 19:42:49 ----D---- C:\Documents and Settings\Gary S. Priest\Application Data\gtk-2.0
2009-12-31 19:38:13 ----D---- C:\Program Files\Gimp-2.0
2009-12-30 19:38:57 ----A---- C:\WINDOWS\wininit.ini
2009-12-30 19:28:17 ----A---- C:\WINDOWS\system32\wmpns.dll
2009-12-30 19:27:48 ----D---- C:\WINDOWS\Prefetch
2009-12-30 19:26:21 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2009-12-30 19:26:17 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2009-12-30 19:26:13 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2009-12-30 19:26:10 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2009-12-30 19:26:07 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2009-12-30 19:26:04 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-12-30 19:25:59 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-12-30 19:25:56 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-12-30 19:25:52 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2009-12-30 19:25:48 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-12-30 19:25:45 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-12-30 19:25:42 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2009-12-30 19:25:39 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-12-30 19:25:36 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-12-30 19:25:32 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-12-30 19:25:28 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-12-30 19:25:24 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2009-12-30 19:25:20 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-12-30 19:25:17 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2009-12-30 19:25:13 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-12-30 19:25:10 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-12-30 19:25:05 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-12-30 19:25:02 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-12-30 19:24:58 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$
2009-12-30 19:24:51 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-12-30 19:24:48 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-12-30 19:24:44 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-12-30 19:24:41 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-12-30 19:24:38 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-12-30 19:24:35 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-12-30 19:24:32 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-12-30 19:24:28 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-12-30 19:24:25 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-12-30 19:24:22 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-12-30 19:24:19 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-12-30 19:24:13 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-12-30 19:24:06 ----HDC---- C:\WINDOWS\$NtUninstallKB973687_1$
2009-12-30 19:24:03 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-12-30 19:24:00 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-12-30 19:23:57 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-12-30 19:23:53 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-12-30 19:23:49 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-12-30 19:23:46 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-12-30 19:23:43 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-12-30 19:23:40 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-12-30 19:23:36 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-12-30 19:23:33 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-12-30 19:23:30 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-12-30 19:21:54 ----D---- C:\WINDOWS\system32\scripting
2009-12-30 19:21:54 ----D---- C:\WINDOWS\l2schemas
2009-12-30 19:21:53 ----D---- C:\WINDOWS\system32\en
2009-12-30 19:21:53 ----D---- C:\WINDOWS\system32\bits
2009-12-30 19:19:56 ----D---- C:\WINDOWS\network diagnostic
2009-12-30 19:18:39 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-12-30 19:18:39 ----D---- C:\WINDOWS\EHome
2009-12-30 18:55:30 ----D---- C:\WINDOWS\ie8updates
2009-12-30 18:55:22 ----D---- C:\WINDOWS\WBEM
2009-12-30 18:55:10 ----HDC---- C:\WINDOWS\ie8
2009-12-30 18:54:08 ----HDC---- C:\WINDOWS\$NtUninstallKB932823-v3$
2009-12-30 18:50:29 ----A---- C:\WINDOWS\system32\MRT.exe
2009-12-29 10:53:53 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2009-12-29 10:53:37 ----A---- C:\WINDOWS\ZSSnp211.exe
2009-12-29 10:53:37 ----A---- C:\WINDOWS\ZS211Cap.exe
2009-12-29 10:53:37 ----A---- C:\WINDOWS\system32\ZS211STI.dll
2009-12-29 10:53:37 ----A---- C:\WINDOWS\Domino.exe
2009-12-29 10:53:37 ----A---- C:\WINDOWS\amcap.exe
2009-12-29 10:53:35 ----D---- C:\Program Files\Vimicro
2009-12-27 09:39:31 ----HDC---- C:\WINDOWS\$NtUninstallKB970430_0$
2009-12-27 09:39:16 ----HDC---- C:\WINDOWS\$NtUninstallKB961118_0$
2009-12-27 09:37:15 ----HDC---- C:\WINDOWS\$NtUninstallKB925720$
2009-12-27 09:37:12 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-12-27 09:36:57 ----HDC---- C:\WINDOWS\$NtUninstallKB971737_0$
2009-12-27 09:36:51 ----D---- C:\Program Files\MSXML 4.0
2009-12-26 12:01:19 ----A---- C:\WINDOWS\NeroDigital.ini
2009-12-26 11:36:47 ----D---- C:\Program Files\Common Files\Nero
2009-12-26 11:12:53 ----A---- C:\WINDOWS\system32\regsvr32.exe.log
2009-12-26 08:34:03 ----A---- C:\WINDOWS\system32\MsiExec.exe.log
2009-12-25 23:18:26 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-12-25 23:18:26 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-25 22:52:12 ----D---- C:\Documents and Settings\Gary S. Priest\Application Data\Nero
2009-12-25 22:41:01 ----D---- C:\Program Files\Nero
2009-12-25 21:33:52 ----D---- C:\Program Files\Windows Sidebar
2009-12-25 21:33:31 ----A---- C:\WINDOWS\Irremote.ini
2009-12-25 21:29:45 ----A---- C:\WINDOWS\system32\XAudio2_5.dll
2009-12-25 21:29:44 ----A---- C:\WINDOWS\system32\xactengine3_5.dll
2009-12-25 21:29:44 ----A---- C:\WINDOWS\system32\D3DX9_42.dll
2009-12-25 21:29:44 ----A---- C:\WINDOWS\system32\d3dx11_42.dll
2009-12-25 21:29:44 ----A---- C:\WINDOWS\system32\d3dx10_42.dll
2009-12-25 21:29:44 ----A---- C:\WINDOWS\system32\d3dcsx_42.dll
2009-12-25 21:29:44 ----A---- C:\WINDOWS\system32\D3DCompiler_42.dll
2009-12-25 21:29:43 ----A---- C:\WINDOWS\system32\XAudio2_4.dll
2009-12-25 21:29:43 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll
2009-12-25 21:29:43 ----A---- C:\WINDOWS\system32\xactengine3_4.dll
2009-12-25 21:29:43 ----A---- C:\WINDOWS\system32\D3DX9_41.dll
2009-12-25 21:29:43 ----A---- C:\WINDOWS\system32\d3dx10_41.dll
2009-12-25 21:29:43 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll
2009-12-25 21:29:42 ----A---- C:\WINDOWS\system32\XAudio2_3.dll
2009-12-25 21:29:42 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll
2009-12-25 21:29:42 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll
2009-12-25 21:29:42 ----A---- C:\WINDOWS\system32\D3DX9_40.dll
2009-12-25 21:29:42 ----A---- C:\WINDOWS\system32\d3dx10_40.dll
2009-12-25 21:29:42 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll
2009-12-25 21:29:41 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2009-12-25 21:29:41 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2009-12-25 21:29:41 ----A---- C:\WINDOWS\system32\xactengine3_3.dll
2009-12-25 21:29:41 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2009-12-25 21:29:41 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll
2009-12-25 21:29:41 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2009-12-25 21:29:41 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2009-12-25 21:29:41 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2009-12-25 21:29:40 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2009-12-25 21:29:40 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2009-12-25 21:29:40 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2009-12-25 21:29:40 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2009-12-25 21:29:40 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2009-12-25 21:29:40 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2009-12-25 21:29:40 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2009-12-25 21:29:39 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2009-12-25 21:29:39 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2009-12-25 21:29:39 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2009-12-25 21:29:39 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2009-12-25 21:29:39 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2009-12-25 21:29:39 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2009-12-25 21:28:11 ----D---- C:\WINDOWS\Logs
2009-12-25 21:25:38 ----D---- C:\Documents and Settings\All Users\Application Data\Nero
2009-12-25 21:12:36 ----A---- C:\WINDOWS\system32\javaws.exe
2009-12-25 21:12:36 ----A---- C:\WINDOWS\system32\javaw.exe
2009-12-25 21:12:36 ----A---- C:\WINDOWS\system32\java.exe
2009-12-25 21:12:36 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-12-25 21:12:27 ----D---- C:\Program Files\Java
2009-12-25 21:11:54 ----D---- C:\Documents and Settings\Gary S. Priest\Application Data\Sun
2009-12-25 21:11:03 ----D---- C:\Program Files\Winamp Detect
2009-12-25 21:10:53 ----N---- C:\WINDOWS\system32\vxblock.dll
2009-12-25 21:10:53 ----N---- C:\WINDOWS\system32\pxwave.dll
2009-12-25 21:10:53 ----N---- C:\WINDOWS\system32\pxsfs.dll
2009-12-25 21:10:53 ----N---- C:\WINDOWS\system32\pxmas.dll
2009-12-25 21:10:53 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2009-12-25 21:10:53 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2009-12-25 21:10:53 ----N---- C:\WINDOWS\system32\pxdrv.dll
2009-12-25 21:10:53 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2009-12-25 21:10:53 ----N---- C:\WINDOWS\system32\pxafs.dll
2009-12-25 21:10:53 ----N---- C:\WINDOWS\system32\px.dll
2009-12-25 21:10:53 ----D---- C:\Program Files\Winamp
2009-12-25 21:10:53 ----D---- C:\Documents and Settings\Gary S. Priest\Application Data\Winamp
2009-12-25 21:00:36 ----D---- C:\Documents and Settings\Gary S. Priest\Application Data\uTorrent
2009-12-25 20:54:36 ----D---- C:\WINDOWS\system32\LogFiles
2009-12-25 20:53:52 ----D---- C:\WINDOWS\RegisteredPackages
2009-12-25 20:53:36 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2009-12-25 20:53:36 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2009-12-25 20:53:36 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2009-12-25 20:53:36 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2009-12-25 20:53:35 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2009-12-25 20:53:35 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2009-12-25 20:53:35 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2009-12-25 20:53:35 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2009-12-25 20:53:34 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2009-12-25 20:53:34 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2009-12-25 20:53:34 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll
2009-12-25 20:53:34 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2009-12-25 20:53:34 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2009-12-25 20:53:34 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2009-12-25 20:53:33 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2009-12-25 20:53:32 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2009-12-25 20:53:32 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2009-12-25 20:53:32 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2009-12-25 20:53:31 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2009-12-25 20:53:31 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2009-12-25 20:53:31 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2009-12-25 20:53:31 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2009-12-25 20:53:31 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2009-12-25 20:53:31 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2009-12-25 20:53:30 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2009-12-25 20:53:30 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2009-12-25 20:53:30 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2009-12-25 20:53:30 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2009-12-25 20:53:30 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2009-12-25 20:53:26 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2009-12-25 20:53:25 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2009-12-25 20:53:25 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2009-12-25 20:53:25 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2009-12-25 20:53:25 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2009-12-25 20:53:25 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2009-12-25 20:53:25 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2009-12-25 20:53:24 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2009-12-25 20:53:24 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2009-12-25 20:53:24 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2009-12-25 20:51:36 ----D---- C:\d7bd8d90dc6561f35f408805b51018a4
2009-12-25 20:34:51 ----D---- C:\Documents and Settings\Gary S. Priest\Application Data\Roxio Log Files
2009-12-25 20:30:04 ----D---- C:\Program Files\Elaborate Bytes
2009-12-25 19:26:38 ----D---- C:\Hex_Editor_xvi32
2009-12-25 19:26:38 ----A---- C:\xvi32_readme.txt
2009-12-25 19:21:44 ----A---- C:\WINDOWS\system32\unrar.dll
2009-12-25 19:21:44 ----A---- C:\WINDOWS\system32\mplvw7.dll
2009-12-25 19:21:44 ----A---- C:\WINDOWS\system32\mplvpx.dll
2009-12-25 19:21:44 ----A---- C:\WINDOWS\system32\mplvm6.dll
2009-12-25 19:21:44 ----A---- C:\WINDOWS\system32\mplva6.dll
2009-12-25 19:21:44 ----A---- C:\WINDOWS\system32\mplaw7.dll
2009-12-25 19:21:44 ----A---- C:\WINDOWS\system32\mplapx.dll
2009-12-25 19:21:44 ----A---- C:\WINDOWS\system32\mplam6.dll
2009-12-25 19:21:44 ----A---- C:\WINDOWS\system32\mplaa6.dll
2009-12-25 19:21:44 ----A---- C:\WINDOWS\system32\cpuinf32.dll
2009-12-25 19:21:43 ----A---- C:\WINDOWS\system32\xvidcore.dll
2009-12-25 19:21:42 ----D---- C:\Program Files\ACE Mega CoDecS Pack
2009-12-25 19:09:10 ----D---- C:\Program Files\Conquer 2.0
2009-12-25 19:04:38 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-12-25 19:04:38 ----D---- C:\Program Files\AMD
2009-12-25 19:04:30 ----D---- C:\Documents and Settings\Gary S. Priest\Application Data\InstallShield
2009-12-25 19:01:52 ----A---- C:\WINDOWS\system32\wrap_oal.dll
2009-12-25 19:01:52 ----A---- C:\WINDOWS\system32\OpenAL32.dll
2009-12-25 19:01:46 ----A---- C:\WINDOWS\system32\ludap17.ini
2009-12-25 19:01:46 ----A---- C:\WINDOWS\system32\ctzapxx.ini
2009-12-25 19:01:46 ----A---- C:\WINDOWS\INRES.DLL
2009-12-25 19:01:45 ----D---- C:\Program Files\Creative
2009-12-25 18:59:04 ----D---- C:\WINDOWS\pss
2009-12-25 18:54:03 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2_0$
2009-12-25 18:54:00 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2009-12-25 18:53:57 ----HDC---- C:\WINDOWS\$NtUninstallKB959426_0$
2009-12-25 18:53:54 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2009-12-25 18:53:51 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2009-12-25 18:53:48 ----HDC---- C:\WINDOWS\$NtUninstallKB960859_0$
2009-12-25 18:53:46 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2009-12-25 18:53:43 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-12-25 18:53:41 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$
2009-12-25 18:53:39 ----HDC---- C:\WINDOWS\$NtUninstallKB974318_0$
2009-12-25 18:53:35 ----HDC---- C:\WINDOWS\$NtUninstallKB969059_0$
2009-12-25 18:53:32 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2_0$
2009-12-25 18:53:29 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2009-12-25 18:53:26 ----HDC---- C:\WINDOWS\$NtUninstallKB971657_0$
2009-12-25 18:53:22 ----HDC---- C:\WINDOWS\$NtUninstallKB971557_0$
2009-12-25 18:53:19 ----HDC---- C:\WINDOWS\$NtUninstallKB960225_0$
2009-12-25 18:53:16 ----HDC---- C:\WINDOWS\$NtUninstallKB974112_0$
2009-12-25 18:53:09 ----HDC---- C:\WINDOWS\$NtUninstallKB956572_0$
2009-12-25 18:53:05 ----HDC---- C:\WINDOWS\$NtUninstallKB956844_0$
2009-12-25 18:53:01 ----HDC---- C:\WINDOWS\$NtUninstallKB961501_0$
2009-12-25 18:52:58 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-12-25 18:52:56 ----HDC---- C:\WINDOWS\$NtUninstallKB971633_0$
2009-12-25 18:52:52 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-12-25 18:52:50 ----HDC---- C:\WINDOWS\$NtUninstallKB973869_0$
2009-12-25 18:52:47 ----HDC---- C:\WINDOWS\$NtUninstallKB975025_0$
2009-12-25 18:52:42 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$
2009-12-25 18:52:39 ----HDC---- C:\WINDOWS\$NtUninstallKB952004_0$
2009-12-25 18:52:36 ----HDC---- C:\WINDOWS\$NtUninstallKB974571_0$
2009-12-25 18:52:27 ----HDC---- C:\WINDOWS\$NtUninstallKB976325$
2009-12-25 18:52:23 ----HDC---- C:\WINDOWS\$NtUninstallKB973507_0$
2009-12-25 18:52:20 ----HDC---- C:\WINDOWS\$NtUninstallKB973687_0$
2009-12-25 18:52:17 ----HDC---- C:\WINDOWS\$NtUninstallKB950762_0$
2009-12-25 18:52:13 ----HDC---- C:\WINDOWS\$NtUninstallKB957097_0$
2009-12-25 18:52:10 ----HDC---- C:\WINDOWS\$NtUninstallKB958687_0$
2009-12-25 18:52:07 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2009-12-25 18:52:04 ----HDC---- C:\WINDOWS\$NtUninstallKB973354_0$
2009-12-25 18:52:00 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2009-12-25 18:51:53 ----HDC---- C:\WINDOWS\$NtUninstallKB967715_0$
2009-12-25 18:51:49 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2009-12-25 18:51:46 ----HDC---- C:\WINDOWS\$NtUninstallKB974392_0$
2009-12-25 18:51:42 ----HDC---- C:\WINDOWS\$NtUninstallKB951748_0$
2009-12-25 18:51:39 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2009-12-25 18:51:36 ----HDC---- C:\WINDOWS\$NtUninstallKB970238_0$
2009-12-25 18:51:30 ----HDC---- C:\WINDOWS\$NtUninstallKB971486_0$
2009-12-25 18:51:26 ----D---- C:\WINDOWS\ServicePackFiles
2009-12-25 18:51:25 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$
2009-12-25 18:51:22 ----HDC---- C:\WINDOWS\$NtUninstallKB960803_0$
2009-12-25 18:51:19 ----HDC---- C:\WINDOWS\$NtUninstallKB973815_0$
2009-12-25 18:51:16 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2009-12-25 18:51:13 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$
2009-12-25 18:51:10 ----HDC---- C:\WINDOWS\$NtUninstallKB955069_0$
2009-12-25 18:51:07 ----HDC---- C:\WINDOWS\$NtUninstallKB956802_0$
2009-12-25 18:51:00 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2009-12-25 18:50:56 ----HDC---- C:\WINDOWS\$NtUninstallKB923561_0$
2009-12-25 18:50:53 ----HDC---- C:\WINDOWS\$NtUninstallKB975467_0$
2009-12-25 18:50:48 ----HDC---- C:\WINDOWS\$NtUninstallKB968389_0$
2009-12-25 18:50:43 ----HDC---- C:\WINDOWS\$NtUninstallKB969947_0$
2009-12-25 18:34:36 ----D---- C:\Documents and Settings\Gary S. Priest\Application Data\WinRAR
2009-12-25 18:34:19 ----D---- C:\Program Files\WinRAR
2009-12-25 18:28:56 ----D---- C:\Program Files\MSBuild
2009-12-25 18:28:53 ----D---- C:\WINDOWS\system32\XPSViewer
2009-12-25 18:28:51 ----D---- C:\WINDOWS\system32\en-us
2009-12-25 18:28:50 ----D---- C:\Program Files\Reference Assemblies
2009-12-25 18:28:35 ----N---- C:\WINDOWS\system32\spmsg2.dll
2009-12-25 18:27:02 ----HDC---- C:\WINDOWS\$NtUninstallWIC$
2009-12-25 18:26:59 ----D---- C:\Program Files\MSXML 6.0
2009-12-25 18:23:24 ----N---- C:\WINDOWS\system32\tzchange.exe
2009-12-25 18:22:12 ----D---- C:\WINDOWS\vnDrvBas
2009-12-25 18:22:12 ----A---- C:\WINDOWS\system32\vuins32.dll
2009-12-25 18:17:11 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-12-25 18:16:57 ----D---- C:\Program Files\VIA
2009-12-25 18:16:52 ----N---- C:\WINDOWS\system32\xpsp4res.dll
2009-12-25 18:16:52 ----A---- C:\WINDOWS\system32\xpsp3res.dll
2009-12-25 18:13:32 ----D---- C:\Documents and Settings\Gary S. Priest\Application Data\ATI
2009-12-25 18:13:32 ----D---- C:\Documents and Settings\All Users\Application Data\ATI
2009-12-25 18:11:20 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2009-12-25 18:11:04 ----RSD---- C:\WINDOWS\assembly
2009-12-25 18:11:01 ----D---- C:\WINDOWS\system32\PreInstall
2009-12-25 18:11:00 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-12-25 18:11:00 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2009-12-25 18:10:59 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2009-12-25 18:10:59 ----HD---- C:\WINDOWS\$hf_mig$
2009-12-25 18:10:47 ----D---- C:\WINDOWS\Microsoft.NET
2009-12-25 18:06:59 ----N---- C:\WINDOWS\system32\ati2sgag.exe
2009-12-25 18:06:44 ----HD---- C:\Program Files\InstallShield Installation Information
2009-12-25 18:06:44 ----D---- C:\Program Files\ATI Technologies
2009-12-25 18:06:17 ----D---- C:\Program Files\Common Files\InstallShield
2009-12-25 18:06:01 ----D---- C:\ATI
2009-12-25 18:01:48 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2009-12-25 17:58:13 ----D---- C:\Documents and Settings\Gary S. Priest\Application Data\Macromedia
2009-12-25 17:58:13 ----D---- C:\Documents and Settings\Gary S. Priest\Application Data\Adobe
2009-12-25 17:57:03 ----D---- C:\Documents and Settings\Gary S. Priest\Application Data\Mozilla
2009-12-25 17:56:56 ----D---- C:\Program Files\Mozilla Firefox
2009-12-25 17:53:23 ----D---- C:\Documents and Settings\Gary S. Priest\Application Data\Identities
2009-12-25 17:53:22 ----HD---- C:\Program Files\Uninstall Information
2009-12-25 17:53:20 ----ASH---- C:\Documents and Settings\Gary S. Priest\Application Data\desktop.ini
2009-12-25 17:53:19 ----SD---- C:\Documents and Settings\Gary S. Priest\Application Data\Microsoft
2009-12-25 17:52:57 ----A---- C:\WINDOWS\system32\wpa.bak
2009-12-25 17:50:31 ----D---- C:\WINDOWS\SoftwareDistribution
2009-12-25 17:50:20 ----SD---- C:\WINDOWS\system32\Microsoft
2009-12-25 17:50:20 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-12-25 17:47:57 ----D---- C:\WINDOWS\system32\xircom
2009-12-25 17:47:57 ----D---- C:\Program Files\xerox
2009-12-25 17:47:57 ----D---- C:\Program Files\microsoft frontpage
2009-12-25 17:47:51 ----A---- C:\WINDOWS\control.ini
2009-12-25 17:47:51 ----A---- C:\AUTOEXEC.BAT
2009-12-25 17:47:43 ----A---- C:\WINDOWS\OEWABLog.txt
2009-12-25 17:47:40 ----A---- C:\WINDOWS\system32\mapi32.dll
2009-12-25 17:46:50 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-12-25 17:46:50 ----RD---- C:\WINDOWS\Offline Web Pages
2009-12-25 17:46:50 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2009-12-25 17:46:46 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-12-25 17:46:43 ----HD---- C:\Program Files\WindowsUpdate
2009-12-25 17:46:28 ----D---- C:\WINDOWS\system32\DirectX
2009-12-25 17:46:13 ----A---- C:\WINDOWS\system32\atrace.dll
2009-12-25 17:46:11 ----A---- C:\WINDOWS\system32\desktop.ini
2009-12-25 17:46:11 ----A---- C:\WINDOWS\desktop.ini
2009-12-25 17:46:06 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2009-12-25 17:46:05 ----A---- C:\WINDOWS\system32\acctres.dll
2009-12-25 17:46:04 ----D---- C:\Program Files\Common Files\Services
2009-12-25 17:46:03 ----SD---- C:\WINDOWS\Tasks
2009-12-25 17:46:03 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2009-12-25 17:46:02 ----D---- C:\Program Files\Common Files\MSSoap
2009-12-25 17:45:59 ----D---- C:\WINDOWS\system32\Macromed
2009-12-25 17:45:59 ----D---- C:\WINDOWS\srchasst
2009-12-25 17:45:57 ----A---- C:\WINDOWS\system32\wuweb.dll
2009-12-25 17:45:57 ----A---- C:\WINDOWS\system32\wups.dll
2009-12-25 17:45:57 ----A---- C:\WINDOWS\system32\wucltui.dll
2009-12-25 17:45:57 ----A---- C:\WINDOWS\system32\wuauserv.dll
2009-12-25 17:45:57 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2009-12-25 17:45:57 ----A---- C:\WINDOWS\system32\wuaueng.dll
2009-12-25 17:45:57 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2009-12-25 17:45:56 ----N---- C:\WINDOWS\system32\wuauclt.exe
2009-12-25 17:45:56 ----N---- C:\WINDOWS\system32\qmgr.dll
2009-12-25 17:45:56 ----A---- C:\WINDOWS\system32\wuapi.dll
2009-12-25 17:45:56 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2009-12-25 17:45:56 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2009-12-25 17:45:56 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2009-12-25 17:45:53 ----D---- C:\Program Files\Movie Maker
2009-12-25 17:45:51 ----A---- C:\WINDOWS\system32\safrslv.dll
2009-12-25 17:45:51 ----A---- C:\WINDOWS\system32\safrdm.dll
2009-12-25 17:45:51 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2009-12-25 17:45:50 ----A---- C:\WINDOWS\system32\racpldlg.dll
2009-12-25 17:45:48 ----N---- C:\WINDOWS\system32\srsvc.dll
2009-12-25 17:45:48 ----D---- C:\WINDOWS\system32\Restore
2009-12-25 17:45:48 ----A---- C:\WINDOWS\system32\srrstr.dll
2009-12-25 17:45:48 ----A---- C:\WINDOWS\system32\srclient.dll
2009-12-25 17:45:48 ----A---- C:\WINDOWS\system32\fltmc.exe
2009-12-25 17:45:48 ----A---- C:\WINDOWS\system32\fltlib.dll
2009-12-25 17:45:47 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2009-12-25 17:45:47 ----A---- C:\WINDOWS\system32\msconf.dll
2009-12-25 17:45:47 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2009-12-25 17:45:47 ----A---- C:\WINDOWS\system32\mnmdd.dll
2009-12-25 17:45:47 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2009-12-25 17:45:47 ----A---- C:\WINDOWS\system32\ils.dll
2009-12-25 17:45:45 ----D---- C:\Program Files\NetMeeting
2009-12-25 17:45:45 ----A---- C:\WINDOWS\system32\msoert2.dll
2009-12-25 17:45:45 ----A---- C:\WINDOWS\system32\msoeacct.dll
2009-12-25 17:45:44 ----A---- C:\WINDOWS\system32\inetres.dll
2009-12-25 17:45:44 ----A---- C:\WINDOWS\system32\inetcomm.dll
2009-12-25 17:45:43 ----N---- C:\WINDOWS\system32\schedsvc.dll
2009-12-25 17:45:43 ----D---- C:\Program Files\Outlook Express
2009-12-25 17:45:43 ----A---- C:\WINDOWS\system32\mstinit.exe
2009-12-25 17:45:43 ----A---- C:\WINDOWS\system32\mstask.dll
2009-12-25 17:45:42 ----A---- C:\WINDOWS\system32\isign32.dll
2009-12-25 17:45:42 ----A---- C:\WINDOWS\system32\inetcfg.dll
2009-12-25 17:45:42 ----A---- C:\WINDOWS\system32\icwphbk.dll
2009-12-25 17:45:42 ----A---- C:\WINDOWS\system32\icwdial.dll
2009-12-25 17:45:38 ----D---- C:\Program Files\Common Files\System
2009-12-25 17:45:36 ----D---- C:\Program Files\Internet Explorer
2009-12-25 17:45:27 ----D---- C:\Program Files\ComPlus Applications
2009-12-25 17:45:25 ----A---- C:\WINDOWS\vbaddin.ini
2009-12-25 17:45:25 ----A---- C:\WINDOWS\vb.ini
2009-12-25 17:45:21 ----D---- C:\WINDOWS\Registration
2009-12-25 17:45:01 ----D---- C:\Program Files\Windows Media Player
2009-12-25 17:45:01 ----D---- C:\Program Files\Online Services
2009-12-25 17:44:57 ----D---- C:\Program Files\Messenger
2009-12-25 17:44:54 ----D---- C:\Program Files\MSN Gaming Zone
2009-12-25 17:44:54 ----A---- C:\WINDOWS\system32\write.exe
2009-12-25 17:44:48 ----A---- C:\WINDOWS\system32\sndvol32.exe
2009-12-25 17:44:48 ----A---- C:\WINDOWS\system32\hticons.dll
2009-12-25 17:44:48 ----A---- C:\WINDOWS\system32\avwav.dll
2009-12-25 17:44:47 ----A---- C:\WINDOWS\system32\winchat.exe
2009-12-25 17:44:47 ----A---- C:\WINDOWS\system32\avtapi.dll
2009-12-25 17:44:47 ----A---- C:\WINDOWS\system32\avmeter.dll
2009-12-25 17:44:43 ----A---- C:\WINDOWS\system32\getuname.dll
2009-12-25 17:44:42 ----A---- C:\WINDOWS\system32\winmine.exe
2009-12-25 17:44:42 ----A---- C:\WINDOWS\system32\sol.exe
2009-12-25 17:44:42 ----A---- C:\WINDOWS\system32\mshearts.exe
2009-12-25 17:44:42 ----A---- C:\WINDOWS\system32\freecell.exe
2009-12-25 17:44:42 ----A---- C:\WINDOWS\system32\charmap.exe
2009-12-25 17:44:42 ----A---- C:\WINDOWS\system32\calc.exe
2009-12-25 17:44:41 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2009-12-25 17:44:41 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2009-12-25 17:44:41 ----A---- C:\WINDOWS\system32\tslabels.ini
2009-12-25 17:44:41 ----A---- C:\WINDOWS\system32\tskill.exe
2009-12-25 17:44:41 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2009-12-25 17:44:41 ----A---- C:\WINDOWS\system32\tscon.exe
2009-12-25 17:44:41 ----A---- C:\WINDOWS\system32\shadow.exe
2009-12-25 17:44:41 ----A---- C:\WINDOWS\system32\rwinsta.exe
2009-12-25 17:44:41 ----A---- C:\WINDOWS\system32\reset.exe
2009-12-25 17:44:41 ----A---- C:\WINDOWS\system32\regini.exe
2009-12-25 17:44:41 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2009-12-25 17:44:41 ----A---- C:\WINDOWS\system32\qwinsta.exe
2009-12-25 17:44:41 ----A---- C:\WINDOWS\system32\qappsrv.exe
2009-12-25 17:44:41 ----A---- C:\WINDOWS\system32\msg.exe
2009-12-25 17:44:41 ----A---- C:\WINDOWS\system32\logoff.exe
2009-12-25 17:44:41 ----A---- C:\WINDOWS\system32\cdmodem.dll
2009-12-25 17:44:40 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2009-12-25 17:44:40 ----A---- C:\WINDOWS\system32\mtxex.dll
2009-12-25 17:44:40 ----A---- C:\WINDOWS\system32\mtxdm.dll
2009-12-25 17:44:40 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2009-12-25 17:44:40 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2009-12-25 17:44:40 ----A---- C:\WINDOWS\system32\comrepl.dll
2009-12-25 17:44:40 ----A---- C:\WINDOWS\system32\comaddin.dll
2009-12-25 17:44:39 ----A---- C:\WINDOWS\system32\stclient.dll
2009-12-25 17:44:39 ----A---- C:\WINDOWS\system32\comsnap.dll
2009-12-25 17:44:36 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2009-12-25 17:44:28 ----D---- C:\Program Files\MSN
2009-12-25 17:44:27 ----D---- C:\Program Files\Windows NT
2009-12-25 17:44:27 ----A---- C:\WINDOWS\system32\sndrec32.exe
2009-12-25 17:44:27 ----A---- C:\WINDOWS\system32\mspaint.exe
2009-12-25 17:44:27 ----A---- C:\WINDOWS\system32\mplay32.exe
2009-12-25 17:44:27 ----A---- C:\WINDOWS\system32\hypertrm.dll
2009-12-25 17:44:27 ----A---- C:\WINDOWS\system32\accwiz.exe
2009-12-25 17:44:26 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2009-12-25 17:44:26 ----A---- C:\WINDOWS\system32\spider.exe
2009-12-25 17:44:26 ----A---- C:\WINDOWS\system32\mstscax.dll
2009-12-25 17:44:26 ----A---- C:\WINDOWS\system32\mstsc.exe
2009-12-25 17:44:26 ----A---- C:\WINDOWS\system32\clipbrd.exe
2009-12-25 17:44:25 ----N---- C:\WINDOWS\system32\termsrv.dll
2009-12-25 17:44:25 ----D---- C:\WINDOWS\system32\MsDtc
2009-12-25 17:44:25 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2009-12-25 17:44:25 ----A---- C:\WINDOWS\system32\sessmgr.exe
2009-12-25 17:44:25 ----A---- C:\WINDOWS\system32\remotepg.dll
2009-12-25 17:44:25 ----A---- C:\WINDOWS\system32\rdshost.exe
2009-12-25 17:44:25 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2009-12-25 17:44:25 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2009-12-25 17:44:25 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2009-12-25 17:44:25 ----A---- C:\WINDOWS\system32\rdpclip.exe
2009-12-25 17:44:25 ----A---- C:\WINDOWS\system32\rdchost.dll
2009-12-25 17:44:25 ----A---- C:\WINDOWS\system32\qprocess.exe
2009-12-25 17:44:25 ----A---- C:\WINDOWS\system32\icaapi.dll
2009-12-25 17:44:25 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2009-12-25 17:44:24 ----A---- C:\WINDOWS\system32\xolehlp.dll
2009-12-25 17:44:24 ----A---- C:\WINDOWS\system32\mtxoci.dll
2009-12-25 17:44:24 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2009-12-25 17:44:24 ----A---- C:\WINDOWS\system32\msdtctm.dll
2009-12-25 17:44:24 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2009-12-25 17:44:24 ----A---- C:\WINDOWS\system32\msdtclog.dll
2009-12-25 17:44:24 ----A---- C:\WINDOWS\system32\msdtc.exe
2009-12-25 17:44:23 ----D---- C:\WINDOWS\system32\Com
2009-12-25 17:44:23 ----A---- C:\WINDOWS\system32\comuid.dll
2009-12-25 17:44:23 ----A---- C:\WINDOWS\system32\comsvcs.dll
2009-12-25 17:44:23 ----A---- C:\WINDOWS\system32\colbact.dll
2009-12-25 17:44:23 ----A---- C:\WINDOWS\system32\clbcatq.dll
2009-12-25 17:44:23 ----A---- C:\WINDOWS\system32\clbcatex.dll
2009-12-25 17:44:23 ----A---- C:\WINDOWS\system32\catsrvut.dll
2009-12-25 17:44:23 ----A---- C:\WINDOWS\system32\catsrvps.dll
2009-12-25 17:44:23 ----A---- C:\WINDOWS\system32\catsrv.dll
2009-12-25 17:44:19 ----A---- C:\WINDOWS\system32\servdeps.dll
2009-12-25 17:44:19 ----A---- C:\WINDOWS\system32\mmfutil.dll
2009-12-25 17:44:19 ----A---- C:\WINDOWS\system32\licwmi.dll
2009-12-25 17:44:18 ----A---- C:\WINDOWS\system32\cmprops.dll
2009-12-25 16:50:53 ----A---- C:\WINDOWS\system32\EAX.DLL
2009-12-25 16:50:53 ----A---- C:\WINDOWS\OALInst.exe
2009-12-25 16:50:52 ----A---- C:\WINDOWS\system32\sfms32.dll
2009-12-25 16:50:52 ----A---- C:\WINDOWS\system32\sfman32.dll
2009-12-25 16:50:52 ----A---- C:\WINDOWS\system32\P17res.dll
2009-12-25 16:50:52 ----A---- C:\WINDOWS\system32\P17CPI.dll
2009-12-25 16:50:52 ----A---- C:\WINDOWS\system32\P17.dll
2009-12-25 16:50:52 ----A---- C:\WINDOWS\system32\CtDvInst.dll
2009-12-25 16:50:52 ----A---- C:\WINDOWS\system32\A3d.dll
2009-12-25 16:50:52 ----A---- C:\WINDOWS\P17DEF.EXE
2009-12-25 16:50:52 ----A---- C:\WINDOWS\MIDIDEF.EXE
2009-12-25 11:42:57 ----A---- C:\WINDOWS\system32\h323log.txt
2009-12-25 11:39:09 ----A---- C:\WINDOWS\system32\ksuser.dll
2009-12-25 11:38:04 ----A---- C:\WINDOWS\system32\usbui.dll
2009-12-25 11:37:12 ----A---- C:\WINDOWS\imsins.BAK
2009-12-25 11:37:10 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-12-25 11:37:09 ----SHD---- C:\WINDOWS\Installer
2009-12-25 11:37:09 ----D---- C:\Program Files\Common Files\ODBC
2009-12-25 11:37:09 ----A---- C:\WINDOWS\ODBCINST.INI
2009-12-25 11:37:07 ----D---- C:\Program Files\Common Files\SpeechEngines
2009-12-25 11:37:06 ----RD---- C:\Program Files
2009-12-25 11:37:06 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-12-25 11:37:06 ----D---- C:\Program Files\Common Files
2009-12-25 11:37:04 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2009-12-25 11:37:04 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2009-12-25 11:37:04 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2009-12-25 11:37:03 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2009-12-25 11:37:03 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2009-12-25 11:37:03 ----RA---- C:\WINDOWS\system32\kbdur.dll
2009-12-25 11:37:03 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2009-12-25 11:37:03 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2009-12-25 11:37:03 ----RA---- C:\WINDOWS\system32\kbdru.dll
2009-12-25 11:37:03 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2009-12-25 11:37:03 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2009-12-25 11:37:03 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2009-12-25 11:37:03 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2009-12-25 11:37:03 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2009-12-25 11:37:03 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2009-12-25 11:37:01 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2009-12-25 11:37:01 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2009-12-25 11:37:01 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2009-12-25 11:37:01 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2009-12-25 11:37:01 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2009-12-25 11:37:01 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2009-12-25 11:37:01 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2009-12-25 11:37:00 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2009-12-25 11:37:00 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2009-12-25 11:37:00 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2009-12-25 11:37:00 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2009-12-25 11:37:00 ----RA---- C:\WINDOWS\system32\kbdest.dll
2009-12-25 11:36:59 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2009-12-25 11:36:59 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2009-12-25 11:36:59 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2009-12-25 11:36:59 ----RA---- C:\WINDOWS\system32\kbdro.dll
2009-12-25 11:36:59 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2009-12-25 11:36:59 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2009-12-25 11:36:59 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2009-12-25 11:36:59 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2009-12-25 11:36:59 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2009-12-25 11:36:59 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2009-12-25 11:36:59 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2009-12-25 11:36:59 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2009-12-25 11:36:59 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2009-12-25 11:36:57 ----A---- C:\WINDOWS\system32\irclass.dll
2009-12-25 11:36:57 ----A---- C:\WINDOWS\system32\dgsetup.dll
2009-12-25 11:36:57 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2009-12-25 11:36:56 ----A---- C:\WINDOWS\system32\spxcoins.dll
2009-12-25 11:36:56 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2009-12-25 11:36:55 ----A---- C:\WINDOWS\TASKMAN.EXE
2009-12-25 11:36:55 ----A---- C:\WINDOWS\system32\batt.dll
2009-12-25 11:36:54 ----A---- C:\WINDOWS\system32\storprop.dll
2009-12-25 11:36:54 ----A---- C:\WINDOWS\notepad.exe
2009-12-25 11:36:47 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2009-12-25 11:36:38 ----D---- C:\WINDOWS\system32\CatRoot2
2009-12-25 11:36:38 ----D---- C:\WINDOWS\system32\CatRoot
2009-12-25 11:36:33 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-12-25 11:36:16 ----A---- C:\WINDOWS\setuplog.txt
2009-12-25 11:36:13 ----SHD---- C:\System Volume Information
2009-12-25 11:36:13 ----D---- C:\Documents and Settings
2009-12-25 11:35:18 ----RASH---- C:\boot.ini
2009-12-25 11:30:16 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-12-25 11:30:16 ----RSD---- C:\WINDOWS\Fonts
2009-12-25 11:30:16 ----RD---- C:\WINDOWS\Web
2009-12-25 11:30:16 ----HD---- C:\WINDOWS\inf
2009-12-25 11:30:16 ----D---- C:\WINDOWS\WinSxS
2009-12-25 11:30:16 ----D---- C:\WINDOWS\twain_32
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\wins
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\wbem
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\usmt
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\spool
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\ShellExt
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\Setup
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\ras
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\oobe
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\npp
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\mui
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\inetsrv
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\IME
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\icsxml
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\ias
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\export
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\drivers
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\dhcp
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\config
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\3com_dmi
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\3076
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\2052
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\1054
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\1042
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\1041
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\1037
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\1033
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\1031
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\1028
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\1025
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system
2009-12-25 11:30:16 ----D---- C:\WINDOWS\security
2009-12-25 11:30:16 ----D---- C:\WINDOWS\Resources
2009-12-25 11:30:16 ----D---- C:\WINDOWS\repair
2009-12-25 11:30:16 ----D---- C:\WINDOWS\Provisioning
2009-12-25 11:30:16 ----D---- C:\WINDOWS\PeerNet
2009-12-25 11:30:16 ----D---- C:\WINDOWS\pchealth
2009-12-25 11:30:16 ----D---- C:\WINDOWS\mui
2009-12-25 11:30:16 ----D---- C:\WINDOWS\msapps
2009-12-25 11:30:16 ----D---- C:\WINDOWS\msagent
2009-12-25 11:30:16 ----D---- C:\WINDOWS\Media
2009-12-25 11:30:16 ----D---- C:\WINDOWS\java
2009-12-25 11:30:16 ----D---- C:\WINDOWS\ime
2009-12-25 11:30:16 ----D---- C:\WINDOWS\Help
2009-12-25 11:30:16 ----D---- C:\WINDOWS\Driver Cache
2009-12-25 11:30:16 ----D---- C:\WINDOWS\Debug
2009-12-25 11:30:16 ----D---- C:\WINDOWS\Cursors
2009-12-25 11:30:16 ----D---- C:\WINDOWS\Connection Wizard
2009-12-25 11:30:16 ----D---- C:\WINDOWS\Config
2009-12-25 11:30:16 ----D---- C:\WINDOWS\AppPatch
2009-12-25 11:30:16 ----D---- C:\WINDOWS\addins
2009-12-25 11:30:16 ----D---- C:\WINDOWS

======List of files/folders modified in the last 1 months======

2010-01-18 20:00:13 ----A---- C:\WINDOWS\win.ini
2010-01-18 20:00:13 ----A---- C:\WINDOWS\system.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 36864]
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2010-01-07 333192]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2010-01-07 28424]
R1 AvgTdiX;AVG Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2010-01-07 360584]
R1 BIOS;BIOS; \??\C:\WINDOWS\system32\drivers\BIOS.sys []
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2009-02-17 24232]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-09-29 3565056]
R3 Avgfwdx;Avgfwdx; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2010-01-07 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver; \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys []
R3 AVGIDSFilterxpx;AVG9IDSFilter; \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys []
R3 AVGIDSShimxpx;AVG9IDSShim; \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys []
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2005-01-10 138752]
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2005-06-22 43008]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2005-01-10 106496]
R3 P17;SB Live! 24-bit; C:\WINDOWS\system32\drivers\P17.sys [2007-06-15 1127936]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 VClone;VClone; C:\WINDOWS\system32\DRIVERS\VClone.sys [2009-05-22 29696]
R3 ZSMC211;ZSMC USB PC Camera (ZS211); C:\WINDOWS\System32\Drivers\ZS211.sys [2007-06-13 1469312]
S3 Avgfwfd;AVG network filter service; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2010-01-07 30104]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-09-29 602112]
R2 avg9emc;AVG E-mail Scanner; C:\Program Files\AVG\AVG9\avgemc.exe [2010-01-07 906520]
R2 avg9wd;AVG WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-01-07 285392]
R2 avgfws9;AVG Firewall; C:\Program Files\AVG\AVG9\avgfws9.exe [2010-01-17 2304192]
R2 AVGIDSAgent;AVG9IDSAgent; C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2010-01-07 5832712]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-09-29 593920]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-11 135664]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
S3 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-09-23 935208]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe []
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------


Gary~
PapaBear
Regular Member
 
Posts: 29
Joined: January 7th, 2010, 12:00 pm
Location: North Dakota

Re: Internet Security 2010-malware

Unread postby PapaBear » January 20th, 2010, 9:36 pm

Unfortunately I can not comment on performance at this time. I also may have made a mistake. When ComboFix removed my desk top picture I went and got it again not thinking. Its a picture of a character on World Of Warcraft that I got from the Blizzard site. I can take back off if you want me to, but I'll leave it alone until advised.

OTM Log
All processes killed
========== PROCESSES ==========
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Domino\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZSSnp211\ deleted successfully.
========== FILES ==========
c:\windows\Bnebe.dat moved successfully.
c:\windows\Cwugeco.bin moved successfully.
c:\windows\SxsCaPendDel folder moved successfully.
File/Folder c:\documents and settings\Gary S. Priest\Application Data\uTorrent not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 3356521 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Gary S. Priest
->Temp folder emptied: 7566 bytes
->Temporary Internet Files folder emptied: 242876 bytes
->Java cache emptied: 13690431 bytes
->FireFox cache emptied: 72474804 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2162283 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 132368 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 88.00 mb


OTM by OldTimer - Version 3.1.6.0 log created on 01202010_190843

Files moved on Reboot...

Registry entries deleted on Reboot...


Malwarebytes log

Scan type: Quick Scan
Objects scanned: 109968
Time elapsed: 3 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


RSIT

Logfile of random's system information tool 1.06 (written by random/random)
Run by Gary S. Priest at 2010-01-20 19:22:30
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 59 GB (75%) free of 79 GB
Total RAM: 2046 MB (72% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2010-01-07 1484056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-09-29 61440]
"VirtualCloneDrive"=C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2009-05-26 85160]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-01-11 2033432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-09-29 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2010-01-07 12464]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"Windows Service Host"="C:\Documents and Settings\Gary S. Priest\Application Data\svhost.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox"
"C:\Program Files\AVG\AVG9\avgam.exe"="C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe"
"C:\Program Files\AVG\AVG9\avgdiagex.exe"="C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe"
"C:\Program Files\AVG\AVG9\avgemc.exe"="C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-01-20 19:08:47 ----SHD---- C:\RECYCLER
2010-01-20 19:08:43 ----D---- C:\_OTM
2010-01-18 19:59:13 ----D---- C:\WINDOWS\temp
2010-01-18 19:59:11 ----A---- C:\ComboFix.txt
2010-01-18 19:49:55 ----A---- C:\Boot.bak
2010-01-18 19:49:48 ----RASHD---- C:\cmdcons
2010-01-18 19:49:09 ----A---- C:\WINDOWS\zip.exe
2010-01-18 19:49:09 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-01-18 19:49:09 ----A---- C:\WINDOWS\SWSC.exe
2010-01-18 19:49:09 ----A---- C:\WINDOWS\SWREG.exe
2010-01-18 19:49:09 ----A---- C:\WINDOWS\sed.exe
2010-01-18 19:49:09 ----A---- C:\WINDOWS\PEV.exe
2010-01-18 19:49:09 ----A---- C:\WINDOWS\NIRCMD.exe
2010-01-18 19:49:09 ----A---- C:\WINDOWS\MBR.exe
2010-01-18 19:49:09 ----A---- C:\WINDOWS\grep.exe
2010-01-18 19:33:33 ----D---- C:\Qoobox
2010-01-18 19:13:47 ----D---- C:\WINDOWS\ERDNT
2010-01-18 19:12:27 ----D---- C:\Program Files\ERUNT
2010-01-15 14:50:29 ----D---- C:\rsit
2010-01-15 14:50:29 ----D---- C:\Program Files\trend micro
2010-01-14 07:08:30 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-01-13 19:08:59 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-01-11 10:13:36 ----D---- C:\Documents and Settings\Gary S. Priest\Application Data\Google
2010-01-11 10:11:27 ----D---- C:\Program Files\Google
2010-01-07 18:49:32 ----D---- C:\$AVG
2010-01-07 18:49:20 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2010-01-07 18:48:48 ----D---- C:\Program Files\AVG
2010-01-07 18:48:48 ----A---- C:\WINDOWS\system32\avgfwdx.dll
2010-01-07 18:48:45 ----D---- C:\Documents and Settings\All Users\Application Data\avg9
2010-01-07 18:19:49 ----D---- C:\Documents and Settings\Gary S. Priest\Application Data\Malwarebytes
2010-01-07 17:07:04 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-01-07 17:07:03 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-07 16:58:55 ----A---- C:\WINDOWS\ntbtlog.txt
2010-01-07 09:54:11 ----D---- C:\Program Files\TrendMicro
2010-01-06 15:27:40 ----A---- C:\WINDOWS\iStler.exe
2010-01-06 10:27:46 ----HD---- C:\WINDOWS\PIF
2010-01-04 19:08:01 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2010-01-04 19:07:57 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2010-01-04 19:07:48 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2010-01-02 09:07:51 ----A---- C:\WINDOWS\system32\muweb.dll
2010-01-02 09:07:51 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2010-01-02 09:07:51 ----A---- C:\WINDOWS\system32\mucltui.dll
2010-01-01 15:05:49 ----D---- C:\Program Files\Unlocker
2010-01-01 14:55:40 ----D---- C:\Program Files\Common Files\Windows Live
2010-01-01 14:52:59 ----SHDC---- C:\Program Files\Common Files\WindowsLiveInstaller
2010-01-01 14:52:48 ----D---- C:\Documents and Settings\All Users\Application Data\WLInstaller
2010-01-01 14:45:17 ----D---- C:\Documents and Settings\Gary S. Priest\Application Data\Help
2010-01-01 14:13:34 ----D---- C:\Program Files\Common Files\Adobe
2010-01-01 14:13:19 ----D---- C:\Program Files\Adobe
2010-01-01 14:13:12 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2010-01-01 14:13:10 ----D---- C:\Program Files\Common Files\Adobe AIR
2010-01-01 14:12:46 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2009-12-31 19:42:49 ----D---- C:\Documents and Settings\Gary S. Priest\Application Data\gtk-2.0
2009-12-31 19:38:13 ----D---- C:\Program Files\Gimp-2.0
2009-12-30 19:38:57 ----A---- C:\WINDOWS\wininit.ini
2009-12-30 19:28:17 ----A---- C:\WINDOWS\system32\wmpns.dll
2009-12-30 19:27:48 ----D---- C:\WINDOWS\Prefetch
2009-12-30 19:26:21 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2009-12-30 19:26:17 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2009-12-30 19:26:13 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2009-12-30 19:26:10 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2009-12-30 19:26:07 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2009-12-30 19:26:04 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-12-30 19:25:59 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-12-30 19:25:56 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-12-30 19:25:52 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2009-12-30 19:25:48 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-12-30 19:25:45 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-12-30 19:25:42 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2009-12-30 19:25:39 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-12-30 19:25:36 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-12-30 19:25:32 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-12-30 19:25:28 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-12-30 19:25:24 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2009-12-30 19:25:20 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-12-30 19:25:17 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2009-12-30 19:25:13 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-12-30 19:25:10 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-12-30 19:25:05 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-12-30 19:25:02 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-12-30 19:24:58 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$
2009-12-30 19:24:51 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-12-30 19:24:48 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-12-30 19:24:44 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-12-30 19:24:41 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-12-30 19:24:38 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-12-30 19:24:35 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-12-30 19:24:32 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-12-30 19:24:28 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-12-30 19:24:25 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-12-30 19:24:22 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-12-30 19:24:19 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-12-30 19:24:13 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-12-30 19:24:06 ----HDC---- C:\WINDOWS\$NtUninstallKB973687_1$
2009-12-30 19:24:03 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-12-30 19:24:00 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-12-30 19:23:57 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-12-30 19:23:53 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-12-30 19:23:49 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-12-30 19:23:46 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-12-30 19:23:43 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-12-30 19:23:40 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-12-30 19:23:36 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-12-30 19:23:33 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-12-30 19:23:30 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-12-30 19:21:54 ----D---- C:\WINDOWS\system32\scripting
2009-12-30 19:21:54 ----D---- C:\WINDOWS\l2schemas
2009-12-30 19:21:53 ----D---- C:\WINDOWS\system32\en
2009-12-30 19:21:53 ----D---- C:\WINDOWS\system32\bits
2009-12-30 19:19:56 ----D---- C:\WINDOWS\network diagnostic
2009-12-30 19:18:39 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-12-30 19:18:39 ----D---- C:\WINDOWS\EHome
2009-12-30 18:55:30 ----D---- C:\WINDOWS\ie8updates
2009-12-30 18:55:22 ----D---- C:\WINDOWS\WBEM
2009-12-30 18:55:10 ----HDC---- C:\WINDOWS\ie8
2009-12-30 18:54:08 ----HDC---- C:\WINDOWS\$NtUninstallKB932823-v3$
2009-12-30 18:50:29 ----A---- C:\WINDOWS\system32\MRT.exe
2009-12-29 10:53:53 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2009-12-29 10:53:37 ----A---- C:\WINDOWS\ZSSnp211.exe
2009-12-29 10:53:37 ----A---- C:\WINDOWS\ZS211Cap.exe
2009-12-29 10:53:37 ----A---- C:\WINDOWS\system32\ZS211STI.dll
2009-12-29 10:53:37 ----A---- C:\WINDOWS\Domino.exe
2009-12-29 10:53:37 ----A---- C:\WINDOWS\amcap.exe
2009-12-29 10:53:35 ----D---- C:\Program Files\Vimicro
2009-12-27 09:39:31 ----HDC---- C:\WINDOWS\$NtUninstallKB970430_0$
2009-12-27 09:39:16 ----HDC---- C:\WINDOWS\$NtUninstallKB961118_0$
2009-12-27 09:37:15 ----HDC---- C:\WINDOWS\$NtUninstallKB925720$
2009-12-27 09:37:12 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-12-27 09:36:57 ----HDC---- C:\WINDOWS\$NtUninstallKB971737_0$
2009-12-27 09:36:51 ----D---- C:\Program Files\MSXML 4.0
2009-12-26 12:01:19 ----A---- C:\WINDOWS\NeroDigital.ini
2009-12-26 11:36:47 ----D---- C:\Program Files\Common Files\Nero
2009-12-26 11:12:53 ----A---- C:\WINDOWS\system32\regsvr32.exe.log
2009-12-26 08:34:03 ----A---- C:\WINDOWS\system32\MsiExec.exe.log
2009-12-25 23:18:26 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-12-25 23:18:26 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-25 22:52:12 ----D---- C:\Documents and Settings\Gary S. Priest\Application Data\Nero
2009-12-25 22:41:01 ----D---- C:\Program Files\Nero
2009-12-25 21:33:52 ----D---- C:\Program Files\Windows Sidebar
2009-12-25 21:33:31 ----A---- C:\WINDOWS\Irremote.ini
2009-12-25 21:29:45 ----A---- C:\WINDOWS\system32\XAudio2_5.dll
2009-12-25 21:29:44 ----A---- C:\WINDOWS\system32\xactengine3_5.dll
2009-12-25 21:29:44 ----A---- C:\WINDOWS\system32\D3DX9_42.dll
2009-12-25 21:29:44 ----A---- C:\WINDOWS\system32\d3dx11_42.dll
2009-12-25 21:29:44 ----A---- C:\WINDOWS\system32\d3dx10_42.dll
2009-12-25 21:29:44 ----A---- C:\WINDOWS\system32\d3dcsx_42.dll
2009-12-25 21:29:44 ----A---- C:\WINDOWS\system32\D3DCompiler_42.dll
2009-12-25 21:29:43 ----A---- C:\WINDOWS\system32\XAudio2_4.dll
2009-12-25 21:29:43 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll
2009-12-25 21:29:43 ----A---- C:\WINDOWS\system32\xactengine3_4.dll
2009-12-25 21:29:43 ----A---- C:\WINDOWS\system32\D3DX9_41.dll
2009-12-25 21:29:43 ----A---- C:\WINDOWS\system32\d3dx10_41.dll
2009-12-25 21:29:43 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll
2009-12-25 21:29:42 ----A---- C:\WINDOWS\system32\XAudio2_3.dll
2009-12-25 21:29:42 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll
2009-12-25 21:29:42 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll
2009-12-25 21:29:42 ----A---- C:\WINDOWS\system32\D3DX9_40.dll
2009-12-25 21:29:42 ----A---- C:\WINDOWS\system32\d3dx10_40.dll
2009-12-25 21:29:42 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll
2009-12-25 21:29:41 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2009-12-25 21:29:41 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2009-12-25 21:29:41 ----A---- C:\WINDOWS\system32\xactengine3_3.dll
2009-12-25 21:29:41 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2009-12-25 21:29:41 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll
2009-12-25 21:29:41 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2009-12-25 21:29:41 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2009-12-25 21:29:41 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2009-12-25 21:29:40 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2009-12-25 21:29:40 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2009-12-25 21:29:40 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2009-12-25 21:29:40 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2009-12-25 21:29:40 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2009-12-25 21:29:40 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2009-12-25 21:29:40 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2009-12-25 21:29:39 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2009-12-25 21:29:39 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2009-12-25 21:29:39 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2009-12-25 21:29:39 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2009-12-25 21:29:39 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2009-12-25 21:29:39 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2009-12-25 21:28:11 ----D---- C:\WINDOWS\Logs
2009-12-25 21:25:38 ----D---- C:\Documents and Settings\All Users\Application Data\Nero
2009-12-25 21:12:36 ----A---- C:\WINDOWS\system32\javaws.exe
2009-12-25 21:12:36 ----A---- C:\WINDOWS\system32\javaw.exe
2009-12-25 21:12:36 ----A---- C:\WINDOWS\system32\java.exe
2009-12-25 21:12:36 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-12-25 21:12:27 ----D---- C:\Program Files\Java
2009-12-25 21:11:54 ----D---- C:\Documents and Settings\Gary S. Priest\Application Data\Sun
2009-12-25 21:11:03 ----D---- C:\Program Files\Winamp Detect
2009-12-25 21:10:53 ----N---- C:\WINDOWS\system32\vxblock.dll
2009-12-25 21:10:53 ----N---- C:\WINDOWS\system32\pxwave.dll
2009-12-25 21:10:53 ----N---- C:\WINDOWS\system32\pxsfs.dll
2009-12-25 21:10:53 ----N---- C:\WINDOWS\system32\pxmas.dll
2009-12-25 21:10:53 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2009-12-25 21:10:53 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2009-12-25 21:10:53 ----N---- C:\WINDOWS\system32\pxdrv.dll
2009-12-25 21:10:53 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2009-12-25 21:10:53 ----N---- C:\WINDOWS\system32\pxafs.dll
2009-12-25 21:10:53 ----N---- C:\WINDOWS\system32\px.dll
2009-12-25 21:10:53 ----D---- C:\Program Files\Winamp
2009-12-25 21:10:53 ----D---- C:\Documents and Settings\Gary S. Priest\Application Data\Winamp
2009-12-25 21:00:36 ----D---- C:\Documents and Settings\Gary S. Priest\Application Data\uTorrent
2009-12-25 20:54:36 ----D---- C:\WINDOWS\system32\LogFiles
2009-12-25 20:53:52 ----D---- C:\WINDOWS\RegisteredPackages
2009-12-25 20:53:36 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2009-12-25 20:53:36 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2009-12-25 20:53:36 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2009-12-25 20:53:36 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2009-12-25 20:53:35 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2009-12-25 20:53:35 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2009-12-25 20:53:35 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2009-12-25 20:53:35 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2009-12-25 20:53:34 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2009-12-25 20:53:34 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2009-12-25 20:53:34 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll
2009-12-25 20:53:34 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2009-12-25 20:53:34 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2009-12-25 20:53:34 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2009-12-25 20:53:33 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2009-12-25 20:53:32 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2009-12-25 20:53:32 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2009-12-25 20:53:32 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2009-12-25 20:53:31 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2009-12-25 20:53:31 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2009-12-25 20:53:31 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2009-12-25 20:53:31 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2009-12-25 20:53:31 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2009-12-25 20:53:31 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2009-12-25 20:53:30 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2009-12-25 20:53:30 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2009-12-25 20:53:30 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2009-12-25 20:53:30 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2009-12-25 20:53:30 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2009-12-25 20:53:26 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2009-12-25 20:53:25 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2009-12-25 20:53:25 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2009-12-25 20:53:25 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2009-12-25 20:53:25 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2009-12-25 20:53:25 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2009-12-25 20:53:25 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2009-12-25 20:53:24 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2009-12-25 20:53:24 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2009-12-25 20:53:24 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2009-12-25 20:51:36 ----D---- C:\d7bd8d90dc6561f35f408805b51018a4
2009-12-25 20:34:51 ----D---- C:\Documents and Settings\Gary S. Priest\Application Data\Roxio Log Files
2009-12-25 20:30:04 ----D---- C:\Program Files\Elaborate Bytes
2009-12-25 19:26:38 ----D---- C:\Hex_Editor_xvi32
2009-12-25 19:26:38 ----A---- C:\xvi32_readme.txt
2009-12-25 19:21:44 ----A---- C:\WINDOWS\system32\unrar.dll
2009-12-25 19:21:44 ----A---- C:\WINDOWS\system32\mplvw7.dll
2009-12-25 19:21:44 ----A---- C:\WINDOWS\system32\mplvpx.dll
2009-12-25 19:21:44 ----A---- C:\WINDOWS\system32\mplvm6.dll
2009-12-25 19:21:44 ----A---- C:\WINDOWS\system32\mplva6.dll
2009-12-25 19:21:44 ----A---- C:\WINDOWS\system32\mplaw7.dll
2009-12-25 19:21:44 ----A---- C:\WINDOWS\system32\mplapx.dll
2009-12-25 19:21:44 ----A---- C:\WINDOWS\system32\mplam6.dll
2009-12-25 19:21:44 ----A---- C:\WINDOWS\system32\mplaa6.dll
2009-12-25 19:21:44 ----A---- C:\WINDOWS\system32\cpuinf32.dll
2009-12-25 19:21:43 ----A---- C:\WINDOWS\system32\xvidcore.dll
2009-12-25 19:21:42 ----D---- C:\Program Files\ACE Mega CoDecS Pack
2009-12-25 19:09:10 ----D---- C:\Program Files\Conquer 2.0
2009-12-25 19:04:38 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-12-25 19:04:38 ----D---- C:\Program Files\AMD
2009-12-25 19:04:30 ----D---- C:\Documents and Settings\Gary S. Priest\Application Data\InstallShield
2009-12-25 19:01:52 ----A---- C:\WINDOWS\system32\wrap_oal.dll
2009-12-25 19:01:52 ----A---- C:\WINDOWS\system32\OpenAL32.dll
2009-12-25 19:01:46 ----A---- C:\WINDOWS\system32\ludap17.ini
2009-12-25 19:01:46 ----A---- C:\WINDOWS\system32\ctzapxx.ini
2009-12-25 19:01:46 ----A---- C:\WINDOWS\INRES.DLL
2009-12-25 19:01:45 ----D---- C:\Program Files\Creative
2009-12-25 18:59:04 ----D---- C:\WINDOWS\pss
2009-12-25 18:54:03 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2_0$
2009-12-25 18:54:00 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2009-12-25 18:53:57 ----HDC---- C:\WINDOWS\$NtUninstallKB959426_0$
2009-12-25 18:53:54 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2009-12-25 18:53:51 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2009-12-25 18:53:48 ----HDC---- C:\WINDOWS\$NtUninstallKB960859_0$
2009-12-25 18:53:46 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2009-12-25 18:53:43 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-12-25 18:53:41 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$
2009-12-25 18:53:39 ----HDC---- C:\WINDOWS\$NtUninstallKB974318_0$
2009-12-25 18:53:35 ----HDC---- C:\WINDOWS\$NtUninstallKB969059_0$
2009-12-25 18:53:32 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2_0$
2009-12-25 18:53:29 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2009-12-25 18:53:26 ----HDC---- C:\WINDOWS\$NtUninstallKB971657_0$
2009-12-25 18:53:22 ----HDC---- C:\WINDOWS\$NtUninstallKB971557_0$
2009-12-25 18:53:19 ----HDC---- C:\WINDOWS\$NtUninstallKB960225_0$
2009-12-25 18:53:16 ----HDC---- C:\WINDOWS\$NtUninstallKB974112_0$
2009-12-25 18:53:09 ----HDC---- C:\WINDOWS\$NtUninstallKB956572_0$
2009-12-25 18:53:05 ----HDC---- C:\WINDOWS\$NtUninstallKB956844_0$
2009-12-25 18:53:01 ----HDC---- C:\WINDOWS\$NtUninstallKB961501_0$
2009-12-25 18:52:58 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-12-25 18:52:56 ----HDC---- C:\WINDOWS\$NtUninstallKB971633_0$
2009-12-25 18:52:52 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-12-25 18:52:50 ----HDC---- C:\WINDOWS\$NtUninstallKB973869_0$
2009-12-25 18:52:47 ----HDC---- C:\WINDOWS\$NtUninstallKB975025_0$
2009-12-25 18:52:42 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$
2009-12-25 18:52:39 ----HDC---- C:\WINDOWS\$NtUninstallKB952004_0$
2009-12-25 18:52:36 ----HDC---- C:\WINDOWS\$NtUninstallKB974571_0$
2009-12-25 18:52:27 ----HDC---- C:\WINDOWS\$NtUninstallKB976325$
2009-12-25 18:52:23 ----HDC---- C:\WINDOWS\$NtUninstallKB973507_0$
2009-12-25 18:52:20 ----HDC---- C:\WINDOWS\$NtUninstallKB973687_0$
2009-12-25 18:52:17 ----HDC---- C:\WINDOWS\$NtUninstallKB950762_0$
2009-12-25 18:52:13 ----HDC---- C:\WINDOWS\$NtUninstallKB957097_0$
2009-12-25 18:52:10 ----HDC---- C:\WINDOWS\$NtUninstallKB958687_0$
2009-12-25 18:52:07 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2009-12-25 18:52:04 ----HDC---- C:\WINDOWS\$NtUninstallKB973354_0$
2009-12-25 18:52:00 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2009-12-25 18:51:53 ----HDC---- C:\WINDOWS\$NtUninstallKB967715_0$
2009-12-25 18:51:49 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2009-12-25 18:51:46 ----HDC---- C:\WINDOWS\$NtUninstallKB974392_0$
2009-12-25 18:51:42 ----HDC---- C:\WINDOWS\$NtUninstallKB951748_0$
2009-12-25 18:51:39 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2009-12-25 18:51:36 ----HDC---- C:\WINDOWS\$NtUninstallKB970238_0$
2009-12-25 18:51:30 ----HDC---- C:\WINDOWS\$NtUninstallKB971486_0$
2009-12-25 18:51:26 ----D---- C:\WINDOWS\ServicePackFiles
2009-12-25 18:51:25 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$
2009-12-25 18:51:22 ----HDC---- C:\WINDOWS\$NtUninstallKB960803_0$
2009-12-25 18:51:19 ----HDC---- C:\WINDOWS\$NtUninstallKB973815_0$
2009-12-25 18:51:16 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2009-12-25 18:51:13 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$
2009-12-25 18:51:10 ----HDC---- C:\WINDOWS\$NtUninstallKB955069_0$
2009-12-25 18:51:07 ----HDC---- C:\WINDOWS\$NtUninstallKB956802_0$
2009-12-25 18:51:00 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2009-12-25 18:50:56 ----HDC---- C:\WINDOWS\$NtUninstallKB923561_0$
2009-12-25 18:50:53 ----HDC---- C:\WINDOWS\$NtUninstallKB975467_0$
2009-12-25 18:50:48 ----HDC---- C:\WINDOWS\$NtUninstallKB968389_0$
2009-12-25 18:50:43 ----HDC---- C:\WINDOWS\$NtUninstallKB969947_0$
2009-12-25 18:34:36 ----D---- C:\Documents and Settings\Gary S. Priest\Application Data\WinRAR
2009-12-25 18:34:19 ----D---- C:\Program Files\WinRAR
2009-12-25 18:28:56 ----D---- C:\Program Files\MSBuild
2009-12-25 18:28:53 ----D---- C:\WINDOWS\system32\XPSViewer
2009-12-25 18:28:51 ----D---- C:\WINDOWS\system32\en-us
2009-12-25 18:28:50 ----D---- C:\Program Files\Reference Assemblies
2009-12-25 18:28:35 ----N---- C:\WINDOWS\system32\spmsg2.dll
2009-12-25 18:27:02 ----HDC---- C:\WINDOWS\$NtUninstallWIC$
2009-12-25 18:26:59 ----D---- C:\Program Files\MSXML 6.0
2009-12-25 18:23:24 ----N---- C:\WINDOWS\system32\tzchange.exe
2009-12-25 18:22:12 ----D---- C:\WINDOWS\vnDrvBas
2009-12-25 18:22:12 ----A---- C:\WINDOWS\system32\vuins32.dll
2009-12-25 18:17:11 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-12-25 18:16:57 ----D---- C:\Program Files\VIA
2009-12-25 18:16:52 ----N---- C:\WINDOWS\system32\xpsp4res.dll
2009-12-25 18:16:52 ----A---- C:\WINDOWS\system32\xpsp3res.dll
2009-12-25 18:13:32 ----D---- C:\Documents and Settings\Gary S. Priest\Application Data\ATI
2009-12-25 18:13:32 ----D---- C:\Documents and Settings\All Users\Application Data\ATI
2009-12-25 18:11:20 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2009-12-25 18:11:04 ----RSD---- C:\WINDOWS\assembly
2009-12-25 18:11:01 ----D---- C:\WINDOWS\system32\PreInstall
2009-12-25 18:11:00 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-12-25 18:11:00 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2009-12-25 18:10:59 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2009-12-25 18:10:59 ----HD---- C:\WINDOWS\$hf_mig$
2009-12-25 18:10:47 ----D---- C:\WINDOWS\Microsoft.NET
2009-12-25 18:06:59 ----N---- C:\WINDOWS\system32\ati2sgag.exe
2009-12-25 18:06:44 ----HD---- C:\Program Files\InstallShield Installation Information
2009-12-25 18:06:44 ----D---- C:\Program Files\ATI Technologies
2009-12-25 18:06:17 ----D---- C:\Program Files\Common Files\InstallShield
2009-12-25 18:06:01 ----D---- C:\ATI
2009-12-25 18:01:48 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2009-12-25 17:58:13 ----D---- C:\Documents and Settings\Gary S. Priest\Application Data\Macromedia
2009-12-25 17:58:13 ----D---- C:\Documents and Settings\Gary S. Priest\Application Data\Adobe
2009-12-25 17:57:03 ----D---- C:\Documents and Settings\Gary S. Priest\Application Data\Mozilla
2009-12-25 17:56:56 ----D---- C:\Program Files\Mozilla Firefox
2009-12-25 17:53:23 ----D---- C:\Documents and Settings\Gary S. Priest\Application Data\Identities
2009-12-25 17:53:22 ----HD---- C:\Program Files\Uninstall Information
2009-12-25 17:53:20 ----ASH---- C:\Documents and Settings\Gary S. Priest\Application Data\desktop.ini
2009-12-25 17:53:19 ----SD---- C:\Documents and Settings\Gary S. Priest\Application Data\Microsoft
2009-12-25 17:52:57 ----A---- C:\WINDOWS\system32\wpa.bak
2009-12-25 17:50:31 ----D---- C:\WINDOWS\SoftwareDistribution
2009-12-25 17:50:20 ----SD---- C:\WINDOWS\system32\Microsoft
2009-12-25 17:50:20 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-12-25 17:47:57 ----D---- C:\WINDOWS\system32\xircom
2009-12-25 17:47:57 ----D---- C:\Program Files\xerox
2009-12-25 17:47:57 ----D---- C:\Program Files\microsoft frontpage
2009-12-25 17:47:51 ----A---- C:\WINDOWS\control.ini
2009-12-25 17:47:51 ----A---- C:\AUTOEXEC.BAT
2009-12-25 17:47:43 ----A---- C:\WINDOWS\OEWABLog.txt
2009-12-25 17:47:40 ----A---- C:\WINDOWS\system32\mapi32.dll
2009-12-25 17:46:50 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-12-25 17:46:50 ----RD---- C:\WINDOWS\Offline Web Pages
2009-12-25 17:46:50 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2009-12-25 17:46:46 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-12-25 17:46:43 ----HD---- C:\Program Files\WindowsUpdate
2009-12-25 17:46:28 ----D---- C:\WINDOWS\system32\DirectX
2009-12-25 17:46:13 ----A---- C:\WINDOWS\system32\atrace.dll
2009-12-25 17:46:11 ----A---- C:\WINDOWS\system32\desktop.ini
2009-12-25 17:46:11 ----A---- C:\WINDOWS\desktop.ini
2009-12-25 17:46:06 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2009-12-25 17:46:05 ----A---- C:\WINDOWS\system32\acctres.dll
2009-12-25 17:46:04 ----D---- C:\Program Files\Common Files\Services
2009-12-25 17:46:03 ----SD---- C:\WINDOWS\Tasks
2009-12-25 17:46:03 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2009-12-25 17:46:02 ----D---- C:\Program Files\Common Files\MSSoap
2009-12-25 17:45:59 ----D---- C:\WINDOWS\system32\Macromed
2009-12-25 17:45:59 ----D---- C:\WINDOWS\srchasst
2009-12-25 17:45:57 ----A---- C:\WINDOWS\system32\wuweb.dll
2009-12-25 17:45:57 ----A---- C:\WINDOWS\system32\wups.dll
2009-12-25 17:45:57 ----A---- C:\WINDOWS\system32\wucltui.dll
2009-12-25 17:45:57 ----A---- C:\WINDOWS\system32\wuauserv.dll
2009-12-25 17:45:57 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2009-12-25 17:45:57 ----A---- C:\WINDOWS\system32\wuaueng.dll
2009-12-25 17:45:57 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2009-12-25 17:45:56 ----N---- C:\WINDOWS\system32\wuauclt.exe
2009-12-25 17:45:56 ----N---- C:\WINDOWS\system32\qmgr.dll
2009-12-25 17:45:56 ----A---- C:\WINDOWS\system32\wuapi.dll
2009-12-25 17:45:56 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2009-12-25 17:45:56 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2009-12-25 17:45:56 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2009-12-25 17:45:53 ----D---- C:\Program Files\Movie Maker
2009-12-25 17:45:51 ----A---- C:\WINDOWS\system32\safrslv.dll
2009-12-25 17:45:51 ----A---- C:\WINDOWS\system32\safrdm.dll
2009-12-25 17:45:51 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2009-12-25 17:45:50 ----A---- C:\WINDOWS\system32\racpldlg.dll
2009-12-25 17:45:48 ----N---- C:\WINDOWS\system32\srsvc.dll
2009-12-25 17:45:48 ----D---- C:\WINDOWS\system32\Restore
2009-12-25 17:45:48 ----A---- C:\WINDOWS\system32\srrstr.dll
2009-12-25 17:45:48 ----A---- C:\WINDOWS\system32\srclient.dll
2009-12-25 17:45:48 ----A---- C:\WINDOWS\system32\fltmc.exe
2009-12-25 17:45:48 ----A---- C:\WINDOWS\system32\fltlib.dll
2009-12-25 17:45:47 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2009-12-25 17:45:47 ----A---- C:\WINDOWS\system32\msconf.dll
2009-12-25 17:45:47 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2009-12-25 17:45:47 ----A---- C:\WINDOWS\system32\mnmdd.dll
2009-12-25 17:45:47 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2009-12-25 17:45:47 ----A---- C:\WINDOWS\system32\ils.dll
2009-12-25 17:45:45 ----D---- C:\Program Files\NetMeeting
2009-12-25 17:45:45 ----A---- C:\WINDOWS\system32\msoert2.dll
2009-12-25 17:45:45 ----A---- C:\WINDOWS\system32\msoeacct.dll
2009-12-25 17:45:44 ----A---- C:\WINDOWS\system32\inetres.dll
2009-12-25 17:45:44 ----A---- C:\WINDOWS\system32\inetcomm.dll
2009-12-25 17:45:43 ----N---- C:\WINDOWS\system32\schedsvc.dll
2009-12-25 17:45:43 ----D---- C:\Program Files\Outlook Express
2009-12-25 17:45:43 ----A---- C:\WINDOWS\system32\mstinit.exe
2009-12-25 17:45:43 ----A---- C:\WINDOWS\system32\mstask.dll
2009-12-25 17:45:42 ----A---- C:\WINDOWS\system32\isign32.dll
2009-12-25 17:45:42 ----A---- C:\WINDOWS\system32\inetcfg.dll
2009-12-25 17:45:42 ----A---- C:\WINDOWS\system32\icwphbk.dll
2009-12-25 17:45:42 ----A---- C:\WINDOWS\system32\icwdial.dll
2009-12-25 17:45:38 ----D---- C:\Program Files\Common Files\System
2009-12-25 17:45:36 ----D---- C:\Program Files\Internet Explorer
2009-12-25 17:45:27 ----D---- C:\Program Files\ComPlus Applications
2009-12-25 17:45:25 ----A---- C:\WINDOWS\vbaddin.ini
2009-12-25 17:45:25 ----A---- C:\WINDOWS\vb.ini
2009-12-25 17:45:21 ----D---- C:\WINDOWS\Registration
2009-12-25 17:45:01 ----D---- C:\Program Files\Windows Media Player
2009-12-25 17:45:01 ----D---- C:\Program Files\Online Services
2009-12-25 17:44:57 ----D---- C:\Program Files\Messenger
2009-12-25 17:44:54 ----D---- C:\Program Files\MSN Gaming Zone
2009-12-25 17:44:54 ----A---- C:\WINDOWS\system32\write.exe
2009-12-25 17:44:48 ----A---- C:\WINDOWS\system32\sndvol32.exe
2009-12-25 17:44:48 ----A---- C:\WINDOWS\system32\hticons.dll
2009-12-25 17:44:48 ----A---- C:\WINDOWS\system32\avwav.dll
2009-12-25 17:44:47 ----A---- C:\WINDOWS\system32\winchat.exe
2009-12-25 17:44:47 ----A---- C:\WINDOWS\system32\avtapi.dll
2009-12-25 17:44:47 ----A---- C:\WINDOWS\system32\avmeter.dll
2009-12-25 17:44:43 ----A---- C:\WINDOWS\system32\getuname.dll
2009-12-25 17:44:42 ----A---- C:\WINDOWS\system32\winmine.exe
2009-12-25 17:44:42 ----A---- C:\WINDOWS\system32\sol.exe
2009-12-25 17:44:42 ----A---- C:\WINDOWS\system32\mshearts.exe
2009-12-25 17:44:42 ----A---- C:\WINDOWS\system32\freecell.exe
2009-12-25 17:44:42 ----A---- C:\WINDOWS\system32\charmap.exe
2009-12-25 17:44:42 ----A---- C:\WINDOWS\system32\calc.exe
2009-12-25 17:44:41 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2009-12-25 17:44:41 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2009-12-25 17:44:41 ----A---- C:\WINDOWS\system32\tslabels.ini
2009-12-25 17:44:41 ----A---- C:\WINDOWS\system32\tskill.exe
2009-12-25 17:44:41 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2009-12-25 17:44:41 ----A---- C:\WINDOWS\system32\tscon.exe
2009-12-25 17:44:41 ----A---- C:\WINDOWS\system32\shadow.exe
2009-12-25 17:44:41 ----A---- C:\WINDOWS\system32\rwinsta.exe
2009-12-25 17:44:41 ----A---- C:\WINDOWS\system32\reset.exe
2009-12-25 17:44:41 ----A---- C:\WINDOWS\system32\regini.exe
2009-12-25 17:44:41 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2009-12-25 17:44:41 ----A---- C:\WINDOWS\system32\qwinsta.exe
2009-12-25 17:44:41 ----A---- C:\WINDOWS\system32\qappsrv.exe
2009-12-25 17:44:41 ----A---- C:\WINDOWS\system32\msg.exe
2009-12-25 17:44:41 ----A---- C:\WINDOWS\system32\logoff.exe
2009-12-25 17:44:41 ----A---- C:\WINDOWS\system32\cdmodem.dll
2009-12-25 17:44:40 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2009-12-25 17:44:40 ----A---- C:\WINDOWS\system32\mtxex.dll
2009-12-25 17:44:40 ----A---- C:\WINDOWS\system32\mtxdm.dll
2009-12-25 17:44:40 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2009-12-25 17:44:40 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2009-12-25 17:44:40 ----A---- C:\WINDOWS\system32\comrepl.dll
2009-12-25 17:44:40 ----A---- C:\WINDOWS\system32\comaddin.dll
2009-12-25 17:44:39 ----A---- C:\WINDOWS\system32\stclient.dll
2009-12-25 17:44:39 ----A---- C:\WINDOWS\system32\comsnap.dll
2009-12-25 17:44:36 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2009-12-25 17:44:28 ----D---- C:\Program Files\MSN
2009-12-25 17:44:27 ----D---- C:\Program Files\Windows NT
2009-12-25 17:44:27 ----A---- C:\WINDOWS\system32\sndrec32.exe
2009-12-25 17:44:27 ----A---- C:\WINDOWS\system32\mspaint.exe
2009-12-25 17:44:27 ----A---- C:\WINDOWS\system32\mplay32.exe
2009-12-25 17:44:27 ----A---- C:\WINDOWS\system32\hypertrm.dll
2009-12-25 17:44:27 ----A---- C:\WINDOWS\system32\accwiz.exe
2009-12-25 17:44:26 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2009-12-25 17:44:26 ----A---- C:\WINDOWS\system32\spider.exe
2009-12-25 17:44:26 ----A---- C:\WINDOWS\system32\mstscax.dll
2009-12-25 17:44:26 ----A---- C:\WINDOWS\system32\mstsc.exe
2009-12-25 17:44:26 ----A---- C:\WINDOWS\system32\clipbrd.exe
2009-12-25 17:44:25 ----N---- C:\WINDOWS\system32\termsrv.dll
2009-12-25 17:44:25 ----D---- C:\WINDOWS\system32\MsDtc
2009-12-25 17:44:25 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2009-12-25 17:44:25 ----A---- C:\WINDOWS\system32\sessmgr.exe
2009-12-25 17:44:25 ----A---- C:\WINDOWS\system32\remotepg.dll
2009-12-25 17:44:25 ----A---- C:\WINDOWS\system32\rdshost.exe
2009-12-25 17:44:25 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2009-12-25 17:44:25 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2009-12-25 17:44:25 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2009-12-25 17:44:25 ----A---- C:\WINDOWS\system32\rdpclip.exe
2009-12-25 17:44:25 ----A---- C:\WINDOWS\system32\rdchost.dll
2009-12-25 17:44:25 ----A---- C:\WINDOWS\system32\qprocess.exe
2009-12-25 17:44:25 ----A---- C:\WINDOWS\system32\icaapi.dll
2009-12-25 17:44:25 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2009-12-25 17:44:24 ----A---- C:\WINDOWS\system32\xolehlp.dll
2009-12-25 17:44:24 ----A---- C:\WINDOWS\system32\mtxoci.dll
2009-12-25 17:44:24 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2009-12-25 17:44:24 ----A---- C:\WINDOWS\system32\msdtctm.dll
2009-12-25 17:44:24 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2009-12-25 17:44:24 ----A---- C:\WINDOWS\system32\msdtclog.dll
2009-12-25 17:44:24 ----A---- C:\WINDOWS\system32\msdtc.exe
2009-12-25 17:44:23 ----D---- C:\WINDOWS\system32\Com
2009-12-25 17:44:23 ----A---- C:\WINDOWS\system32\comuid.dll
2009-12-25 17:44:23 ----A---- C:\WINDOWS\system32\comsvcs.dll
2009-12-25 17:44:23 ----A---- C:\WINDOWS\system32\colbact.dll
2009-12-25 17:44:23 ----A---- C:\WINDOWS\system32\clbcatq.dll
2009-12-25 17:44:23 ----A---- C:\WINDOWS\system32\clbcatex.dll
2009-12-25 17:44:23 ----A---- C:\WINDOWS\system32\catsrvut.dll
2009-12-25 17:44:23 ----A---- C:\WINDOWS\system32\catsrvps.dll
2009-12-25 17:44:23 ----A---- C:\WINDOWS\system32\catsrv.dll
2009-12-25 17:44:19 ----A---- C:\WINDOWS\system32\servdeps.dll
2009-12-25 17:44:19 ----A---- C:\WINDOWS\system32\mmfutil.dll
2009-12-25 17:44:19 ----A---- C:\WINDOWS\system32\licwmi.dll
2009-12-25 17:44:18 ----A---- C:\WINDOWS\system32\cmprops.dll
2009-12-25 16:50:53 ----A---- C:\WINDOWS\system32\EAX.DLL
2009-12-25 16:50:53 ----A---- C:\WINDOWS\OALInst.exe
2009-12-25 16:50:52 ----A---- C:\WINDOWS\system32\sfms32.dll
2009-12-25 16:50:52 ----A---- C:\WINDOWS\system32\sfman32.dll
2009-12-25 16:50:52 ----A---- C:\WINDOWS\system32\P17res.dll
2009-12-25 16:50:52 ----A---- C:\WINDOWS\system32\P17CPI.dll
2009-12-25 16:50:52 ----A---- C:\WINDOWS\system32\P17.dll
2009-12-25 16:50:52 ----A---- C:\WINDOWS\system32\CtDvInst.dll
2009-12-25 16:50:52 ----A---- C:\WINDOWS\system32\A3d.dll
2009-12-25 16:50:52 ----A---- C:\WINDOWS\P17DEF.EXE
2009-12-25 16:50:52 ----A---- C:\WINDOWS\MIDIDEF.EXE
2009-12-25 11:42:57 ----A---- C:\WINDOWS\system32\h323log.txt
2009-12-25 11:39:09 ----A---- C:\WINDOWS\system32\ksuser.dll
2009-12-25 11:38:04 ----A---- C:\WINDOWS\system32\usbui.dll
2009-12-25 11:37:12 ----A---- C:\WINDOWS\imsins.BAK
2009-12-25 11:37:10 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-12-25 11:37:09 ----SHD---- C:\WINDOWS\Installer
2009-12-25 11:37:09 ----D---- C:\Program Files\Common Files\ODBC
2009-12-25 11:37:09 ----A---- C:\WINDOWS\ODBCINST.INI
2009-12-25 11:37:07 ----D---- C:\Program Files\Common Files\SpeechEngines
2009-12-25 11:37:06 ----RD---- C:\Program Files
2009-12-25 11:37:06 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-12-25 11:37:06 ----D---- C:\Program Files\Common Files
2009-12-25 11:37:04 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2009-12-25 11:37:04 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2009-12-25 11:37:04 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2009-12-25 11:37:03 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2009-12-25 11:37:03 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2009-12-25 11:37:03 ----RA---- C:\WINDOWS\system32\kbdur.dll
2009-12-25 11:37:03 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2009-12-25 11:37:03 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2009-12-25 11:37:03 ----RA---- C:\WINDOWS\system32\kbdru.dll
2009-12-25 11:37:03 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2009-12-25 11:37:03 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2009-12-25 11:37:03 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2009-12-25 11:37:03 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2009-12-25 11:37:03 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2009-12-25 11:37:03 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2009-12-25 11:37:01 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2009-12-25 11:37:01 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2009-12-25 11:37:01 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2009-12-25 11:37:01 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2009-12-25 11:37:01 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2009-12-25 11:37:01 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2009-12-25 11:37:01 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2009-12-25 11:37:00 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2009-12-25 11:37:00 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2009-12-25 11:37:00 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2009-12-25 11:37:00 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2009-12-25 11:37:00 ----RA---- C:\WINDOWS\system32\kbdest.dll
2009-12-25 11:36:59 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2009-12-25 11:36:59 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2009-12-25 11:36:59 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2009-12-25 11:36:59 ----RA---- C:\WINDOWS\system32\kbdro.dll
2009-12-25 11:36:59 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2009-12-25 11:36:59 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2009-12-25 11:36:59 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2009-12-25 11:36:59 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2009-12-25 11:36:59 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2009-12-25 11:36:59 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2009-12-25 11:36:59 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2009-12-25 11:36:59 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2009-12-25 11:36:59 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2009-12-25 11:36:57 ----A---- C:\WINDOWS\system32\irclass.dll
2009-12-25 11:36:57 ----A---- C:\WINDOWS\system32\dgsetup.dll
2009-12-25 11:36:57 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2009-12-25 11:36:56 ----A---- C:\WINDOWS\system32\spxcoins.dll
2009-12-25 11:36:56 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2009-12-25 11:36:55 ----A---- C:\WINDOWS\TASKMAN.EXE
2009-12-25 11:36:55 ----A---- C:\WINDOWS\system32\batt.dll
2009-12-25 11:36:54 ----A---- C:\WINDOWS\system32\storprop.dll
2009-12-25 11:36:54 ----A---- C:\WINDOWS\notepad.exe
2009-12-25 11:36:47 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2009-12-25 11:36:38 ----D---- C:\WINDOWS\system32\CatRoot2
2009-12-25 11:36:38 ----D---- C:\WINDOWS\system32\CatRoot
2009-12-25 11:36:33 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-12-25 11:36:16 ----A---- C:\WINDOWS\setuplog.txt
2009-12-25 11:36:13 ----SHD---- C:\System Volume Information
2009-12-25 11:36:13 ----D---- C:\Documents and Settings
2009-12-25 11:35:18 ----RASH---- C:\boot.ini
2009-12-25 11:30:16 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-12-25 11:30:16 ----RSD---- C:\WINDOWS\Fonts
2009-12-25 11:30:16 ----RD---- C:\WINDOWS\Web
2009-12-25 11:30:16 ----HD---- C:\WINDOWS\inf
2009-12-25 11:30:16 ----D---- C:\WINDOWS\WinSxS
2009-12-25 11:30:16 ----D---- C:\WINDOWS\twain_32
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\wins
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\wbem
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\usmt
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\spool
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\ShellExt
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\Setup
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\ras
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\oobe
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\npp
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\mui
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\inetsrv
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\IME
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\icsxml
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\ias
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\export
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\drivers
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\dhcp
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\config
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\3com_dmi
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\3076
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\2052
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\1054
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\1042
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\1041
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\1037
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\1033
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\1031
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\1028
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\1025
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system
2009-12-25 11:30:16 ----D---- C:\WINDOWS\security
2009-12-25 11:30:16 ----D---- C:\WINDOWS\Resources
2009-12-25 11:30:16 ----D---- C:\WINDOWS\repair
2009-12-25 11:30:16 ----D---- C:\WINDOWS\Provisioning
2009-12-25 11:30:16 ----D---- C:\WINDOWS\PeerNet
2009-12-25 11:30:16 ----D---- C:\WINDOWS\pchealth
2009-12-25 11:30:16 ----D---- C:\WINDOWS\mui
2009-12-25 11:30:16 ----D---- C:\WINDOWS\msapps
2009-12-25 11:30:16 ----D---- C:\WINDOWS\msagent
2009-12-25 11:30:16 ----D---- C:\WINDOWS\Media
2009-12-25 11:30:16 ----D---- C:\WINDOWS\java
2009-12-25 11:30:16 ----D---- C:\WINDOWS\ime
2009-12-25 11:30:16 ----D---- C:\WINDOWS\Help
2009-12-25 11:30:16 ----D---- C:\WINDOWS\Driver Cache
2009-12-25 11:30:16 ----D---- C:\WINDOWS\Debug
2009-12-25 11:30:16 ----D---- C:\WINDOWS\Cursors
2009-12-25 11:30:16 ----D---- C:\WINDOWS\Connection Wizard
2009-12-25 11:30:16 ----D---- C:\WINDOWS\Config
2009-12-25 11:30:16 ----D---- C:\WINDOWS\AppPatch
2009-12-25 11:30:16 ----D---- C:\WINDOWS\addins
2009-12-25 11:30:16 ----D---- C:\WINDOWS

======List of files/folders modified in the last 1 months======

2010-01-18 20:00:13 ----A---- C:\WINDOWS\win.ini
2010-01-18 20:00:13 ----A---- C:\WINDOWS\system.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 36864]
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2010-01-07 333192]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2010-01-07 28424]
R1 AvgTdiX;AVG Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2010-01-07 360584]
R1 BIOS;BIOS; \??\C:\WINDOWS\system32\drivers\BIOS.sys []
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2009-02-17 24232]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-09-29 3565056]
R3 Avgfwdx;Avgfwdx; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2010-01-07 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver; \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys []
R3 AVGIDSFilterxpx;AVG9IDSFilter; \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys []
R3 AVGIDSShimxpx;AVG9IDSShim; \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys []
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2005-01-10 138752]
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2005-06-22 43008]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2005-01-10 106496]
R3 P17;SB Live! 24-bit; C:\WINDOWS\system32\drivers\P17.sys [2007-06-15 1127936]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 VClone;VClone; C:\WINDOWS\system32\DRIVERS\VClone.sys [2009-05-22 29696]
R3 ZSMC211;ZSMC USB PC Camera (ZS211); C:\WINDOWS\System32\Drivers\ZS211.sys [2007-06-13 1469312]
S3 Avgfwfd;AVG network filter service; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2010-01-07 30104]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-09-29 602112]
R2 avg9emc;AVG E-mail Scanner; C:\Program Files\AVG\AVG9\avgemc.exe [2010-01-07 906520]
R2 avg9wd;AVG WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-01-07 285392]
R2 avgfws9;AVG Firewall; C:\Program Files\AVG\AVG9\avgfws9.exe [2010-01-17 2304192]
R2 AVGIDSAgent;AVG9IDSAgent; C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2010-01-07 5832712]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-09-29 593920]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-11 135664]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
S3 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-09-23 935208]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe []
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------


Gary~
PapaBear
Regular Member
 
Posts: 29
Joined: January 7th, 2010, 12:00 pm
Location: North Dakota

Re: Internet Security 2010-malware

Unread postby PapaBear » January 20th, 2010, 9:38 pm

Unfortunately I can not comment on performance at this time. I also may have made a mistake. When ComboFix removed my desk top picture I went and got it again not thinking. Its a picture of a character on World Of Warcraft that I got from the Blizzard site. I can take back off if you want me to, but I'll leave it alone until advised.

OTM Log
All processes killed
========== PROCESSES ==========
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Domino\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZSSnp211\ deleted successfully.
========== FILES ==========
c:\windows\Bnebe.dat moved successfully.
c:\windows\Cwugeco.bin moved successfully.
c:\windows\SxsCaPendDel folder moved successfully.
File/Folder c:\documents and settings\Gary S. Priest\Application Data\uTorrent not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 3356521 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Gary S. Priest
->Temp folder emptied: 7566 bytes
->Temporary Internet Files folder emptied: 242876 bytes
->Java cache emptied: 13690431 bytes
->FireFox cache emptied: 72474804 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2162283 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 132368 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 88.00 mb


OTM by OldTimer - Version 3.1.6.0 log created on 01202010_190843

Files moved on Reboot...

Registry entries deleted on Reboot...


Malwarebytes log

Scan type: Quick Scan
Objects scanned: 109968
Time elapsed: 3 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


RSIT

Logfile of random's system information tool 1.06 (written by random/random)
Run by Gary S. Priest at 2010-01-20 19:22:30
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 59 GB (75%) free of 79 GB
Total RAM: 2046 MB (72% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2010-01-07 1484056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-09-29 61440]
"VirtualCloneDrive"=C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2009-05-26 85160]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-01-11 2033432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-09-29 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2010-01-07 12464]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"Windows Service Host"="C:\Documents and Settings\Gary S. Priest\Application Data\svhost.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox"
"C:\Program Files\AVG\AVG9\avgam.exe"="C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe"
"C:\Program Files\AVG\AVG9\avgdiagex.exe"="C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe"
"C:\Program Files\AVG\AVG9\avgemc.exe"="C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-01-20 19:08:47 ----SHD---- C:\RECYCLER
2010-01-20 19:08:43 ----D---- C:\_OTM
2010-01-18 19:59:13 ----D---- C:\WINDOWS\temp
2010-01-18 19:59:11 ----A---- C:\ComboFix.txt
2010-01-18 19:49:55 ----A---- C:\Boot.bak
2010-01-18 19:49:48 ----RASHD---- C:\cmdcons
2010-01-18 19:49:09 ----A---- C:\WINDOWS\zip.exe
2010-01-18 19:49:09 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-01-18 19:49:09 ----A---- C:\WINDOWS\SWSC.exe
2010-01-18 19:49:09 ----A---- C:\WINDOWS\SWREG.exe
2010-01-18 19:49:09 ----A---- C:\WINDOWS\sed.exe
2010-01-18 19:49:09 ----A---- C:\WINDOWS\PEV.exe
2010-01-18 19:49:09 ----A---- C:\WINDOWS\NIRCMD.exe
2010-01-18 19:49:09 ----A---- C:\WINDOWS\MBR.exe
2010-01-18 19:49:09 ----A---- C:\WINDOWS\grep.exe
2010-01-18 19:33:33 ----D---- C:\Qoobox
2010-01-18 19:13:47 ----D---- C:\WINDOWS\ERDNT
2010-01-18 19:12:27 ----D---- C:\Program Files\ERUNT
2010-01-15 14:50:29 ----D---- C:\rsit
2010-01-15 14:50:29 ----D---- C:\Program Files\trend micro
2010-01-14 07:08:30 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-01-13 19:08:59 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-01-11 10:13:36 ----D---- C:\Documents and Settings\Gary S. Priest\Application Data\Google
2010-01-11 10:11:27 ----D---- C:\Program Files\Google
2010-01-07 18:49:32 ----D---- C:\$AVG
2010-01-07 18:49:20 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2010-01-07 18:48:48 ----D---- C:\Program Files\AVG
2010-01-07 18:48:48 ----A---- C:\WINDOWS\system32\avgfwdx.dll
2010-01-07 18:48:45 ----D---- C:\Documents and Settings\All Users\Application Data\avg9
2010-01-07 18:19:49 ----D---- C:\Documents and Settings\Gary S. Priest\Application Data\Malwarebytes
2010-01-07 17:07:04 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-01-07 17:07:03 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-07 16:58:55 ----A---- C:\WINDOWS\ntbtlog.txt
2010-01-07 09:54:11 ----D---- C:\Program Files\TrendMicro
2010-01-06 15:27:40 ----A---- C:\WINDOWS\iStler.exe
2010-01-06 10:27:46 ----HD---- C:\WINDOWS\PIF
2010-01-04 19:08:01 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2010-01-04 19:07:57 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2010-01-04 19:07:48 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2010-01-02 09:07:51 ----A---- C:\WINDOWS\system32\muweb.dll
2010-01-02 09:07:51 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2010-01-02 09:07:51 ----A---- C:\WINDOWS\system32\mucltui.dll
2010-01-01 15:05:49 ----D---- C:\Program Files\Unlocker
2010-01-01 14:55:40 ----D---- C:\Program Files\Common Files\Windows Live
2010-01-01 14:52:59 ----SHDC---- C:\Program Files\Common Files\WindowsLiveInstaller
2010-01-01 14:52:48 ----D---- C:\Documents and Settings\All Users\Application Data\WLInstaller
2010-01-01 14:45:17 ----D---- C:\Documents and Settings\Gary S. Priest\Application Data\Help
2010-01-01 14:13:34 ----D---- C:\Program Files\Common Files\Adobe
2010-01-01 14:13:19 ----D---- C:\Program Files\Adobe
2010-01-01 14:13:12 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2010-01-01 14:13:10 ----D---- C:\Program Files\Common Files\Adobe AIR
2010-01-01 14:12:46 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2009-12-31 19:42:49 ----D---- C:\Documents and Settings\Gary S. Priest\Application Data\gtk-2.0
2009-12-31 19:38:13 ----D---- C:\Program Files\Gimp-2.0
2009-12-30 19:38:57 ----A---- C:\WINDOWS\wininit.ini
2009-12-30 19:28:17 ----A---- C:\WINDOWS\system32\wmpns.dll
2009-12-30 19:27:48 ----D---- C:\WINDOWS\Prefetch
2009-12-30 19:26:21 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2009-12-30 19:26:17 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2009-12-30 19:26:13 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2009-12-30 19:26:10 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2009-12-30 19:26:07 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2009-12-30 19:26:04 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-12-30 19:25:59 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-12-30 19:25:56 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-12-30 19:25:52 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2009-12-30 19:25:48 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-12-30 19:25:45 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-12-30 19:25:42 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2009-12-30 19:25:39 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-12-30 19:25:36 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-12-30 19:25:32 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-12-30 19:25:28 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-12-30 19:25:24 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2009-12-30 19:25:20 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-12-30 19:25:17 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2009-12-30 19:25:13 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-12-30 19:25:10 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-12-30 19:25:05 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-12-30 19:25:02 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-12-30 19:24:58 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$
2009-12-30 19:24:51 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-12-30 19:24:48 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-12-30 19:24:44 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-12-30 19:24:41 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-12-30 19:24:38 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-12-30 19:24:35 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-12-30 19:24:32 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-12-30 19:24:28 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-12-30 19:24:25 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-12-30 19:24:22 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-12-30 19:24:19 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-12-30 19:24:13 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-12-30 19:24:06 ----HDC---- C:\WINDOWS\$NtUninstallKB973687_1$
2009-12-30 19:24:03 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-12-30 19:24:00 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-12-30 19:23:57 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-12-30 19:23:53 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-12-30 19:23:49 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-12-30 19:23:46 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-12-30 19:23:43 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-12-30 19:23:40 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-12-30 19:23:36 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-12-30 19:23:33 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-12-30 19:23:30 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-12-30 19:21:54 ----D---- C:\WINDOWS\system32\scripting
2009-12-30 19:21:54 ----D---- C:\WINDOWS\l2schemas
2009-12-30 19:21:53 ----D---- C:\WINDOWS\system32\en
2009-12-30 19:21:53 ----D---- C:\WINDOWS\system32\bits
2009-12-30 19:19:56 ----D---- C:\WINDOWS\network diagnostic
2009-12-30 19:18:39 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-12-30 19:18:39 ----D---- C:\WINDOWS\EHome
2009-12-30 18:55:30 ----D---- C:\WINDOWS\ie8updates
2009-12-30 18:55:22 ----D---- C:\WINDOWS\WBEM
2009-12-30 18:55:10 ----HDC---- C:\WINDOWS\ie8
2009-12-30 18:54:08 ----HDC---- C:\WINDOWS\$NtUninstallKB932823-v3$
2009-12-30 18:50:29 ----A---- C:\WINDOWS\system32\MRT.exe
2009-12-29 10:53:53 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2009-12-29 10:53:37 ----A---- C:\WINDOWS\ZSSnp211.exe
2009-12-29 10:53:37 ----A---- C:\WINDOWS\ZS211Cap.exe
2009-12-29 10:53:37 ----A---- C:\WINDOWS\system32\ZS211STI.dll
2009-12-29 10:53:37 ----A---- C:\WINDOWS\Domino.exe
2009-12-29 10:53:37 ----A---- C:\WINDOWS\amcap.exe
2009-12-29 10:53:35 ----D---- C:\Program Files\Vimicro
2009-12-27 09:39:31 ----HDC---- C:\WINDOWS\$NtUninstallKB970430_0$
2009-12-27 09:39:16 ----HDC---- C:\WINDOWS\$NtUninstallKB961118_0$
2009-12-27 09:37:15 ----HDC---- C:\WINDOWS\$NtUninstallKB925720$
2009-12-27 09:37:12 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-12-27 09:36:57 ----HDC---- C:\WINDOWS\$NtUninstallKB971737_0$
2009-12-27 09:36:51 ----D---- C:\Program Files\MSXML 4.0
2009-12-26 12:01:19 ----A---- C:\WINDOWS\NeroDigital.ini
2009-12-26 11:36:47 ----D---- C:\Program Files\Common Files\Nero
2009-12-26 11:12:53 ----A---- C:\WINDOWS\system32\regsvr32.exe.log
2009-12-26 08:34:03 ----A---- C:\WINDOWS\system32\MsiExec.exe.log
2009-12-25 23:18:26 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-12-25 23:18:26 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-25 22:52:12 ----D---- C:\Documents and Settings\Gary S. Priest\Application Data\Nero
2009-12-25 22:41:01 ----D---- C:\Program Files\Nero
2009-12-25 21:33:52 ----D---- C:\Program Files\Windows Sidebar
2009-12-25 21:33:31 ----A---- C:\WINDOWS\Irremote.ini
2009-12-25 21:29:45 ----A---- C:\WINDOWS\system32\XAudio2_5.dll
2009-12-25 21:29:44 ----A---- C:\WINDOWS\system32\xactengine3_5.dll
2009-12-25 21:29:44 ----A---- C:\WINDOWS\system32\D3DX9_42.dll
2009-12-25 21:29:44 ----A---- C:\WINDOWS\system32\d3dx11_42.dll
2009-12-25 21:29:44 ----A---- C:\WINDOWS\system32\d3dx10_42.dll
2009-12-25 21:29:44 ----A---- C:\WINDOWS\system32\d3dcsx_42.dll
2009-12-25 21:29:44 ----A---- C:\WINDOWS\system32\D3DCompiler_42.dll
2009-12-25 21:29:43 ----A---- C:\WINDOWS\system32\XAudio2_4.dll
2009-12-25 21:29:43 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll
2009-12-25 21:29:43 ----A---- C:\WINDOWS\system32\xactengine3_4.dll
2009-12-25 21:29:43 ----A---- C:\WINDOWS\system32\D3DX9_41.dll
2009-12-25 21:29:43 ----A---- C:\WINDOWS\system32\d3dx10_41.dll
2009-12-25 21:29:43 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll
2009-12-25 21:29:42 ----A---- C:\WINDOWS\system32\XAudio2_3.dll
2009-12-25 21:29:42 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll
2009-12-25 21:29:42 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll
2009-12-25 21:29:42 ----A---- C:\WINDOWS\system32\D3DX9_40.dll
2009-12-25 21:29:42 ----A---- C:\WINDOWS\system32\d3dx10_40.dll
2009-12-25 21:29:42 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll
2009-12-25 21:29:41 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2009-12-25 21:29:41 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2009-12-25 21:29:41 ----A---- C:\WINDOWS\system32\xactengine3_3.dll
2009-12-25 21:29:41 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2009-12-25 21:29:41 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll
2009-12-25 21:29:41 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2009-12-25 21:29:41 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2009-12-25 21:29:41 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2009-12-25 21:29:40 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2009-12-25 21:29:40 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2009-12-25 21:29:40 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2009-12-25 21:29:40 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2009-12-25 21:29:40 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2009-12-25 21:29:40 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2009-12-25 21:29:40 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2009-12-25 21:29:39 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2009-12-25 21:29:39 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2009-12-25 21:29:39 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2009-12-25 21:29:39 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2009-12-25 21:29:39 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2009-12-25 21:29:39 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2009-12-25 21:28:11 ----D---- C:\WINDOWS\Logs
2009-12-25 21:25:38 ----D---- C:\Documents and Settings\All Users\Application Data\Nero
2009-12-25 21:12:36 ----A---- C:\WINDOWS\system32\javaws.exe
2009-12-25 21:12:36 ----A---- C:\WINDOWS\system32\javaw.exe
2009-12-25 21:12:36 ----A---- C:\WINDOWS\system32\java.exe
2009-12-25 21:12:36 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-12-25 21:12:27 ----D---- C:\Program Files\Java
2009-12-25 21:11:54 ----D---- C:\Documents and Settings\Gary S. Priest\Application Data\Sun
2009-12-25 21:11:03 ----D---- C:\Program Files\Winamp Detect
2009-12-25 21:10:53 ----N---- C:\WINDOWS\system32\vxblock.dll
2009-12-25 21:10:53 ----N---- C:\WINDOWS\system32\pxwave.dll
2009-12-25 21:10:53 ----N---- C:\WINDOWS\system32\pxsfs.dll
2009-12-25 21:10:53 ----N---- C:\WINDOWS\system32\pxmas.dll
2009-12-25 21:10:53 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2009-12-25 21:10:53 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2009-12-25 21:10:53 ----N---- C:\WINDOWS\system32\pxdrv.dll
2009-12-25 21:10:53 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2009-12-25 21:10:53 ----N---- C:\WINDOWS\system32\pxafs.dll
2009-12-25 21:10:53 ----N---- C:\WINDOWS\system32\px.dll
2009-12-25 21:10:53 ----D---- C:\Program Files\Winamp
2009-12-25 21:10:53 ----D---- C:\Documents and Settings\Gary S. Priest\Application Data\Winamp
2009-12-25 21:00:36 ----D---- C:\Documents and Settings\Gary S. Priest\Application Data\uTorrent
2009-12-25 20:54:36 ----D---- C:\WINDOWS\system32\LogFiles
2009-12-25 20:53:52 ----D---- C:\WINDOWS\RegisteredPackages
2009-12-25 20:53:36 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2009-12-25 20:53:36 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2009-12-25 20:53:36 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2009-12-25 20:53:36 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2009-12-25 20:53:35 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2009-12-25 20:53:35 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2009-12-25 20:53:35 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2009-12-25 20:53:35 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2009-12-25 20:53:34 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2009-12-25 20:53:34 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2009-12-25 20:53:34 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll
2009-12-25 20:53:34 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2009-12-25 20:53:34 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2009-12-25 20:53:34 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2009-12-25 20:53:33 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2009-12-25 20:53:32 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2009-12-25 20:53:32 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2009-12-25 20:53:32 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2009-12-25 20:53:31 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2009-12-25 20:53:31 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2009-12-25 20:53:31 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2009-12-25 20:53:31 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2009-12-25 20:53:31 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2009-12-25 20:53:31 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2009-12-25 20:53:30 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2009-12-25 20:53:30 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2009-12-25 20:53:30 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2009-12-25 20:53:30 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2009-12-25 20:53:30 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2009-12-25 20:53:26 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2009-12-25 20:53:25 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2009-12-25 20:53:25 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2009-12-25 20:53:25 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2009-12-25 20:53:25 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2009-12-25 20:53:25 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2009-12-25 20:53:25 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2009-12-25 20:53:24 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2009-12-25 20:53:24 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2009-12-25 20:53:24 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2009-12-25 20:51:36 ----D---- C:\d7bd8d90dc6561f35f408805b51018a4
2009-12-25 20:34:51 ----D---- C:\Documents and Settings\Gary S. Priest\Application Data\Roxio Log Files
2009-12-25 20:30:04 ----D---- C:\Program Files\Elaborate Bytes
2009-12-25 19:26:38 ----D---- C:\Hex_Editor_xvi32
2009-12-25 19:26:38 ----A---- C:\xvi32_readme.txt
2009-12-25 19:21:44 ----A---- C:\WINDOWS\system32\unrar.dll
2009-12-25 19:21:44 ----A---- C:\WINDOWS\system32\mplvw7.dll
2009-12-25 19:21:44 ----A---- C:\WINDOWS\system32\mplvpx.dll
2009-12-25 19:21:44 ----A---- C:\WINDOWS\system32\mplvm6.dll
2009-12-25 19:21:44 ----A---- C:\WINDOWS\system32\mplva6.dll
2009-12-25 19:21:44 ----A---- C:\WINDOWS\system32\mplaw7.dll
2009-12-25 19:21:44 ----A---- C:\WINDOWS\system32\mplapx.dll
2009-12-25 19:21:44 ----A---- C:\WINDOWS\system32\mplam6.dll
2009-12-25 19:21:44 ----A---- C:\WINDOWS\system32\mplaa6.dll
2009-12-25 19:21:44 ----A---- C:\WINDOWS\system32\cpuinf32.dll
2009-12-25 19:21:43 ----A---- C:\WINDOWS\system32\xvidcore.dll
2009-12-25 19:21:42 ----D---- C:\Program Files\ACE Mega CoDecS Pack
2009-12-25 19:09:10 ----D---- C:\Program Files\Conquer 2.0
2009-12-25 19:04:38 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-12-25 19:04:38 ----D---- C:\Program Files\AMD
2009-12-25 19:04:30 ----D---- C:\Documents and Settings\Gary S. Priest\Application Data\InstallShield
2009-12-25 19:01:52 ----A---- C:\WINDOWS\system32\wrap_oal.dll
2009-12-25 19:01:52 ----A---- C:\WINDOWS\system32\OpenAL32.dll
2009-12-25 19:01:46 ----A---- C:\WINDOWS\system32\ludap17.ini
2009-12-25 19:01:46 ----A---- C:\WINDOWS\system32\ctzapxx.ini
2009-12-25 19:01:46 ----A---- C:\WINDOWS\INRES.DLL
2009-12-25 19:01:45 ----D---- C:\Program Files\Creative
2009-12-25 18:59:04 ----D---- C:\WINDOWS\pss
2009-12-25 18:54:03 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2_0$
2009-12-25 18:54:00 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2009-12-25 18:53:57 ----HDC---- C:\WINDOWS\$NtUninstallKB959426_0$
2009-12-25 18:53:54 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2009-12-25 18:53:51 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2009-12-25 18:53:48 ----HDC---- C:\WINDOWS\$NtUninstallKB960859_0$
2009-12-25 18:53:46 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2009-12-25 18:53:43 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-12-25 18:53:41 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$
2009-12-25 18:53:39 ----HDC---- C:\WINDOWS\$NtUninstallKB974318_0$
2009-12-25 18:53:35 ----HDC---- C:\WINDOWS\$NtUninstallKB969059_0$
2009-12-25 18:53:32 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2_0$
2009-12-25 18:53:29 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2009-12-25 18:53:26 ----HDC---- C:\WINDOWS\$NtUninstallKB971657_0$
2009-12-25 18:53:22 ----HDC---- C:\WINDOWS\$NtUninstallKB971557_0$
2009-12-25 18:53:19 ----HDC---- C:\WINDOWS\$NtUninstallKB960225_0$
2009-12-25 18:53:16 ----HDC---- C:\WINDOWS\$NtUninstallKB974112_0$
2009-12-25 18:53:09 ----HDC---- C:\WINDOWS\$NtUninstallKB956572_0$
2009-12-25 18:53:05 ----HDC---- C:\WINDOWS\$NtUninstallKB956844_0$
2009-12-25 18:53:01 ----HDC---- C:\WINDOWS\$NtUninstallKB961501_0$
2009-12-25 18:52:58 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-12-25 18:52:56 ----HDC---- C:\WINDOWS\$NtUninstallKB971633_0$
2009-12-25 18:52:52 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-12-25 18:52:50 ----HDC---- C:\WINDOWS\$NtUninstallKB973869_0$
2009-12-25 18:52:47 ----HDC---- C:\WINDOWS\$NtUninstallKB975025_0$
2009-12-25 18:52:42 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$
2009-12-25 18:52:39 ----HDC---- C:\WINDOWS\$NtUninstallKB952004_0$
2009-12-25 18:52:36 ----HDC---- C:\WINDOWS\$NtUninstallKB974571_0$
2009-12-25 18:52:27 ----HDC---- C:\WINDOWS\$NtUninstallKB976325$
2009-12-25 18:52:23 ----HDC---- C:\WINDOWS\$NtUninstallKB973507_0$
2009-12-25 18:52:20 ----HDC---- C:\WINDOWS\$NtUninstallKB973687_0$
2009-12-25 18:52:17 ----HDC---- C:\WINDOWS\$NtUninstallKB950762_0$
2009-12-25 18:52:13 ----HDC---- C:\WINDOWS\$NtUninstallKB957097_0$
2009-12-25 18:52:10 ----HDC---- C:\WINDOWS\$NtUninstallKB958687_0$
2009-12-25 18:52:07 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2009-12-25 18:52:04 ----HDC---- C:\WINDOWS\$NtUninstallKB973354_0$
2009-12-25 18:52:00 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2009-12-25 18:51:53 ----HDC---- C:\WINDOWS\$NtUninstallKB967715_0$
2009-12-25 18:51:49 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2009-12-25 18:51:46 ----HDC---- C:\WINDOWS\$NtUninstallKB974392_0$
2009-12-25 18:51:42 ----HDC---- C:\WINDOWS\$NtUninstallKB951748_0$
2009-12-25 18:51:39 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2009-12-25 18:51:36 ----HDC---- C:\WINDOWS\$NtUninstallKB970238_0$
2009-12-25 18:51:30 ----HDC---- C:\WINDOWS\$NtUninstallKB971486_0$
2009-12-25 18:51:26 ----D---- C:\WINDOWS\ServicePackFiles
2009-12-25 18:51:25 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$
2009-12-25 18:51:22 ----HDC---- C:\WINDOWS\$NtUninstallKB960803_0$
2009-12-25 18:51:19 ----HDC---- C:\WINDOWS\$NtUninstallKB973815_0$
2009-12-25 18:51:16 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2009-12-25 18:51:13 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$
2009-12-25 18:51:10 ----HDC---- C:\WINDOWS\$NtUninstallKB955069_0$
2009-12-25 18:51:07 ----HDC---- C:\WINDOWS\$NtUninstallKB956802_0$
2009-12-25 18:51:00 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2009-12-25 18:50:56 ----HDC---- C:\WINDOWS\$NtUninstallKB923561_0$
2009-12-25 18:50:53 ----HDC---- C:\WINDOWS\$NtUninstallKB975467_0$
2009-12-25 18:50:48 ----HDC---- C:\WINDOWS\$NtUninstallKB968389_0$
2009-12-25 18:50:43 ----HDC---- C:\WINDOWS\$NtUninstallKB969947_0$
2009-12-25 18:34:36 ----D---- C:\Documents and Settings\Gary S. Priest\Application Data\WinRAR
2009-12-25 18:34:19 ----D---- C:\Program Files\WinRAR
2009-12-25 18:28:56 ----D---- C:\Program Files\MSBuild
2009-12-25 18:28:53 ----D---- C:\WINDOWS\system32\XPSViewer
2009-12-25 18:28:51 ----D---- C:\WINDOWS\system32\en-us
2009-12-25 18:28:50 ----D---- C:\Program Files\Reference Assemblies
2009-12-25 18:28:35 ----N---- C:\WINDOWS\system32\spmsg2.dll
2009-12-25 18:27:02 ----HDC---- C:\WINDOWS\$NtUninstallWIC$
2009-12-25 18:26:59 ----D---- C:\Program Files\MSXML 6.0
2009-12-25 18:23:24 ----N---- C:\WINDOWS\system32\tzchange.exe
2009-12-25 18:22:12 ----D---- C:\WINDOWS\vnDrvBas
2009-12-25 18:22:12 ----A---- C:\WINDOWS\system32\vuins32.dll
2009-12-25 18:17:11 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-12-25 18:16:57 ----D---- C:\Program Files\VIA
2009-12-25 18:16:52 ----N---- C:\WINDOWS\system32\xpsp4res.dll
2009-12-25 18:16:52 ----A---- C:\WINDOWS\system32\xpsp3res.dll
2009-12-25 18:13:32 ----D---- C:\Documents and Settings\Gary S. Priest\Application Data\ATI
2009-12-25 18:13:32 ----D---- C:\Documents and Settings\All Users\Application Data\ATI
2009-12-25 18:11:20 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2009-12-25 18:11:04 ----RSD---- C:\WINDOWS\assembly
2009-12-25 18:11:01 ----D---- C:\WINDOWS\system32\PreInstall
2009-12-25 18:11:00 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-12-25 18:11:00 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2009-12-25 18:10:59 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2009-12-25 18:10:59 ----HD---- C:\WINDOWS\$hf_mig$
2009-12-25 18:10:47 ----D---- C:\WINDOWS\Microsoft.NET
2009-12-25 18:06:59 ----N---- C:\WINDOWS\system32\ati2sgag.exe
2009-12-25 18:06:44 ----HD---- C:\Program Files\InstallShield Installation Information
2009-12-25 18:06:44 ----D---- C:\Program Files\ATI Technologies
2009-12-25 18:06:17 ----D---- C:\Program Files\Common Files\InstallShield
2009-12-25 18:06:01 ----D---- C:\ATI
2009-12-25 18:01:48 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2009-12-25 17:58:13 ----D---- C:\Documents and Settings\Gary S. Priest\Application Data\Macromedia
2009-12-25 17:58:13 ----D---- C:\Documents and Settings\Gary S. Priest\Application Data\Adobe
2009-12-25 17:57:03 ----D---- C:\Documents and Settings\Gary S. Priest\Application Data\Mozilla
2009-12-25 17:56:56 ----D---- C:\Program Files\Mozilla Firefox
2009-12-25 17:53:23 ----D---- C:\Documents and Settings\Gary S. Priest\Application Data\Identities
2009-12-25 17:53:22 ----HD---- C:\Program Files\Uninstall Information
2009-12-25 17:53:20 ----ASH---- C:\Documents and Settings\Gary S. Priest\Application Data\desktop.ini
2009-12-25 17:53:19 ----SD---- C:\Documents and Settings\Gary S. Priest\Application Data\Microsoft
2009-12-25 17:52:57 ----A---- C:\WINDOWS\system32\wpa.bak
2009-12-25 17:50:31 ----D---- C:\WINDOWS\SoftwareDistribution
2009-12-25 17:50:20 ----SD---- C:\WINDOWS\system32\Microsoft
2009-12-25 17:50:20 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-12-25 17:47:57 ----D---- C:\WINDOWS\system32\xircom
2009-12-25 17:47:57 ----D---- C:\Program Files\xerox
2009-12-25 17:47:57 ----D---- C:\Program Files\microsoft frontpage
2009-12-25 17:47:51 ----A---- C:\WINDOWS\control.ini
2009-12-25 17:47:51 ----A---- C:\AUTOEXEC.BAT
2009-12-25 17:47:43 ----A---- C:\WINDOWS\OEWABLog.txt
2009-12-25 17:47:40 ----A---- C:\WINDOWS\system32\mapi32.dll
2009-12-25 17:46:50 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-12-25 17:46:50 ----RD---- C:\WINDOWS\Offline Web Pages
2009-12-25 17:46:50 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2009-12-25 17:46:46 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-12-25 17:46:43 ----HD---- C:\Program Files\WindowsUpdate
2009-12-25 17:46:28 ----D---- C:\WINDOWS\system32\DirectX
2009-12-25 17:46:13 ----A---- C:\WINDOWS\system32\atrace.dll
2009-12-25 17:46:11 ----A---- C:\WINDOWS\system32\desktop.ini
2009-12-25 17:46:11 ----A---- C:\WINDOWS\desktop.ini
2009-12-25 17:46:06 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2009-12-25 17:46:05 ----A---- C:\WINDOWS\system32\acctres.dll
2009-12-25 17:46:04 ----D---- C:\Program Files\Common Files\Services
2009-12-25 17:46:03 ----SD---- C:\WINDOWS\Tasks
2009-12-25 17:46:03 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2009-12-25 17:46:02 ----D---- C:\Program Files\Common Files\MSSoap
2009-12-25 17:45:59 ----D---- C:\WINDOWS\system32\Macromed
2009-12-25 17:45:59 ----D---- C:\WINDOWS\srchasst
2009-12-25 17:45:57 ----A---- C:\WINDOWS\system32\wuweb.dll
2009-12-25 17:45:57 ----A---- C:\WINDOWS\system32\wups.dll
2009-12-25 17:45:57 ----A---- C:\WINDOWS\system32\wucltui.dll
2009-12-25 17:45:57 ----A---- C:\WINDOWS\system32\wuauserv.dll
2009-12-25 17:45:57 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2009-12-25 17:45:57 ----A---- C:\WINDOWS\system32\wuaueng.dll
2009-12-25 17:45:57 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2009-12-25 17:45:56 ----N---- C:\WINDOWS\system32\wuauclt.exe
2009-12-25 17:45:56 ----N---- C:\WINDOWS\system32\qmgr.dll
2009-12-25 17:45:56 ----A---- C:\WINDOWS\system32\wuapi.dll
2009-12-25 17:45:56 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2009-12-25 17:45:56 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2009-12-25 17:45:56 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2009-12-25 17:45:53 ----D---- C:\Program Files\Movie Maker
2009-12-25 17:45:51 ----A---- C:\WINDOWS\system32\safrslv.dll
2009-12-25 17:45:51 ----A---- C:\WINDOWS\system32\safrdm.dll
2009-12-25 17:45:51 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2009-12-25 17:45:50 ----A---- C:\WINDOWS\system32\racpldlg.dll
2009-12-25 17:45:48 ----N---- C:\WINDOWS\system32\srsvc.dll
2009-12-25 17:45:48 ----D---- C:\WINDOWS\system32\Restore
2009-12-25 17:45:48 ----A---- C:\WINDOWS\system32\srrstr.dll
2009-12-25 17:45:48 ----A---- C:\WINDOWS\system32\srclient.dll
2009-12-25 17:45:48 ----A---- C:\WINDOWS\system32\fltmc.exe
2009-12-25 17:45:48 ----A---- C:\WINDOWS\system32\fltlib.dll
2009-12-25 17:45:47 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2009-12-25 17:45:47 ----A---- C:\WINDOWS\system32\msconf.dll
2009-12-25 17:45:47 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2009-12-25 17:45:47 ----A---- C:\WINDOWS\system32\mnmdd.dll
2009-12-25 17:45:47 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2009-12-25 17:45:47 ----A---- C:\WINDOWS\system32\ils.dll
2009-12-25 17:45:45 ----D---- C:\Program Files\NetMeeting
2009-12-25 17:45:45 ----A---- C:\WINDOWS\system32\msoert2.dll
2009-12-25 17:45:45 ----A---- C:\WINDOWS\system32\msoeacct.dll
2009-12-25 17:45:44 ----A---- C:\WINDOWS\system32\inetres.dll
2009-12-25 17:45:44 ----A---- C:\WINDOWS\system32\inetcomm.dll
2009-12-25 17:45:43 ----N---- C:\WINDOWS\system32\schedsvc.dll
2009-12-25 17:45:43 ----D---- C:\Program Files\Outlook Express
2009-12-25 17:45:43 ----A---- C:\WINDOWS\system32\mstinit.exe
2009-12-25 17:45:43 ----A---- C:\WINDOWS\system32\mstask.dll
2009-12-25 17:45:42 ----A---- C:\WINDOWS\system32\isign32.dll
2009-12-25 17:45:42 ----A---- C:\WINDOWS\system32\inetcfg.dll
2009-12-25 17:45:42 ----A---- C:\WINDOWS\system32\icwphbk.dll
2009-12-25 17:45:42 ----A---- C:\WINDOWS\system32\icwdial.dll
2009-12-25 17:45:38 ----D---- C:\Program Files\Common Files\System
2009-12-25 17:45:36 ----D---- C:\Program Files\Internet Explorer
2009-12-25 17:45:27 ----D---- C:\Program Files\ComPlus Applications
2009-12-25 17:45:25 ----A---- C:\WINDOWS\vbaddin.ini
2009-12-25 17:45:25 ----A---- C:\WINDOWS\vb.ini
2009-12-25 17:45:21 ----D---- C:\WINDOWS\Registration
2009-12-25 17:45:01 ----D---- C:\Program Files\Windows Media Player
2009-12-25 17:45:01 ----D---- C:\Program Files\Online Services
2009-12-25 17:44:57 ----D---- C:\Program Files\Messenger
2009-12-25 17:44:54 ----D---- C:\Program Files\MSN Gaming Zone
2009-12-25 17:44:54 ----A---- C:\WINDOWS\system32\write.exe
2009-12-25 17:44:48 ----A---- C:\WINDOWS\system32\sndvol32.exe
2009-12-25 17:44:48 ----A---- C:\WINDOWS\system32\hticons.dll
2009-12-25 17:44:48 ----A---- C:\WINDOWS\system32\avwav.dll
2009-12-25 17:44:47 ----A---- C:\WINDOWS\system32\winchat.exe
2009-12-25 17:44:47 ----A---- C:\WINDOWS\system32\avtapi.dll
2009-12-25 17:44:47 ----A---- C:\WINDOWS\system32\avmeter.dll
2009-12-25 17:44:43 ----A---- C:\WINDOWS\system32\getuname.dll
2009-12-25 17:44:42 ----A---- C:\WINDOWS\system32\winmine.exe
2009-12-25 17:44:42 ----A---- C:\WINDOWS\system32\sol.exe
2009-12-25 17:44:42 ----A---- C:\WINDOWS\system32\mshearts.exe
2009-12-25 17:44:42 ----A---- C:\WINDOWS\system32\freecell.exe
2009-12-25 17:44:42 ----A---- C:\WINDOWS\system32\charmap.exe
2009-12-25 17:44:42 ----A---- C:\WINDOWS\system32\calc.exe
2009-12-25 17:44:41 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2009-12-25 17:44:41 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2009-12-25 17:44:41 ----A---- C:\WINDOWS\system32\tslabels.ini
2009-12-25 17:44:41 ----A---- C:\WINDOWS\system32\tskill.exe
2009-12-25 17:44:41 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2009-12-25 17:44:41 ----A---- C:\WINDOWS\system32\tscon.exe
2009-12-25 17:44:41 ----A---- C:\WINDOWS\system32\shadow.exe
2009-12-25 17:44:41 ----A---- C:\WINDOWS\system32\rwinsta.exe
2009-12-25 17:44:41 ----A---- C:\WINDOWS\system32\reset.exe
2009-12-25 17:44:41 ----A---- C:\WINDOWS\system32\regini.exe
2009-12-25 17:44:41 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2009-12-25 17:44:41 ----A---- C:\WINDOWS\system32\qwinsta.exe
2009-12-25 17:44:41 ----A---- C:\WINDOWS\system32\qappsrv.exe
2009-12-25 17:44:41 ----A---- C:\WINDOWS\system32\msg.exe
2009-12-25 17:44:41 ----A---- C:\WINDOWS\system32\logoff.exe
2009-12-25 17:44:41 ----A---- C:\WINDOWS\system32\cdmodem.dll
2009-12-25 17:44:40 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2009-12-25 17:44:40 ----A---- C:\WINDOWS\system32\mtxex.dll
2009-12-25 17:44:40 ----A---- C:\WINDOWS\system32\mtxdm.dll
2009-12-25 17:44:40 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2009-12-25 17:44:40 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2009-12-25 17:44:40 ----A---- C:\WINDOWS\system32\comrepl.dll
2009-12-25 17:44:40 ----A---- C:\WINDOWS\system32\comaddin.dll
2009-12-25 17:44:39 ----A---- C:\WINDOWS\system32\stclient.dll
2009-12-25 17:44:39 ----A---- C:\WINDOWS\system32\comsnap.dll
2009-12-25 17:44:36 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2009-12-25 17:44:28 ----D---- C:\Program Files\MSN
2009-12-25 17:44:27 ----D---- C:\Program Files\Windows NT
2009-12-25 17:44:27 ----A---- C:\WINDOWS\system32\sndrec32.exe
2009-12-25 17:44:27 ----A---- C:\WINDOWS\system32\mspaint.exe
2009-12-25 17:44:27 ----A---- C:\WINDOWS\system32\mplay32.exe
2009-12-25 17:44:27 ----A---- C:\WINDOWS\system32\hypertrm.dll
2009-12-25 17:44:27 ----A---- C:\WINDOWS\system32\accwiz.exe
2009-12-25 17:44:26 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2009-12-25 17:44:26 ----A---- C:\WINDOWS\system32\spider.exe
2009-12-25 17:44:26 ----A---- C:\WINDOWS\system32\mstscax.dll
2009-12-25 17:44:26 ----A---- C:\WINDOWS\system32\mstsc.exe
2009-12-25 17:44:26 ----A---- C:\WINDOWS\system32\clipbrd.exe
2009-12-25 17:44:25 ----N---- C:\WINDOWS\system32\termsrv.dll
2009-12-25 17:44:25 ----D---- C:\WINDOWS\system32\MsDtc
2009-12-25 17:44:25 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2009-12-25 17:44:25 ----A---- C:\WINDOWS\system32\sessmgr.exe
2009-12-25 17:44:25 ----A---- C:\WINDOWS\system32\remotepg.dll
2009-12-25 17:44:25 ----A---- C:\WINDOWS\system32\rdshost.exe
2009-12-25 17:44:25 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2009-12-25 17:44:25 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2009-12-25 17:44:25 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2009-12-25 17:44:25 ----A---- C:\WINDOWS\system32\rdpclip.exe
2009-12-25 17:44:25 ----A---- C:\WINDOWS\system32\rdchost.dll
2009-12-25 17:44:25 ----A---- C:\WINDOWS\system32\qprocess.exe
2009-12-25 17:44:25 ----A---- C:\WINDOWS\system32\icaapi.dll
2009-12-25 17:44:25 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2009-12-25 17:44:24 ----A---- C:\WINDOWS\system32\xolehlp.dll
2009-12-25 17:44:24 ----A---- C:\WINDOWS\system32\mtxoci.dll
2009-12-25 17:44:24 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2009-12-25 17:44:24 ----A---- C:\WINDOWS\system32\msdtctm.dll
2009-12-25 17:44:24 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2009-12-25 17:44:24 ----A---- C:\WINDOWS\system32\msdtclog.dll
2009-12-25 17:44:24 ----A---- C:\WINDOWS\system32\msdtc.exe
2009-12-25 17:44:23 ----D---- C:\WINDOWS\system32\Com
2009-12-25 17:44:23 ----A---- C:\WINDOWS\system32\comuid.dll
2009-12-25 17:44:23 ----A---- C:\WINDOWS\system32\comsvcs.dll
2009-12-25 17:44:23 ----A---- C:\WINDOWS\system32\colbact.dll
2009-12-25 17:44:23 ----A---- C:\WINDOWS\system32\clbcatq.dll
2009-12-25 17:44:23 ----A---- C:\WINDOWS\system32\clbcatex.dll
2009-12-25 17:44:23 ----A---- C:\WINDOWS\system32\catsrvut.dll
2009-12-25 17:44:23 ----A---- C:\WINDOWS\system32\catsrvps.dll
2009-12-25 17:44:23 ----A---- C:\WINDOWS\system32\catsrv.dll
2009-12-25 17:44:19 ----A---- C:\WINDOWS\system32\servdeps.dll
2009-12-25 17:44:19 ----A---- C:\WINDOWS\system32\mmfutil.dll
2009-12-25 17:44:19 ----A---- C:\WINDOWS\system32\licwmi.dll
2009-12-25 17:44:18 ----A---- C:\WINDOWS\system32\cmprops.dll
2009-12-25 16:50:53 ----A---- C:\WINDOWS\system32\EAX.DLL
2009-12-25 16:50:53 ----A---- C:\WINDOWS\OALInst.exe
2009-12-25 16:50:52 ----A---- C:\WINDOWS\system32\sfms32.dll
2009-12-25 16:50:52 ----A---- C:\WINDOWS\system32\sfman32.dll
2009-12-25 16:50:52 ----A---- C:\WINDOWS\system32\P17res.dll
2009-12-25 16:50:52 ----A---- C:\WINDOWS\system32\P17CPI.dll
2009-12-25 16:50:52 ----A---- C:\WINDOWS\system32\P17.dll
2009-12-25 16:50:52 ----A---- C:\WINDOWS\system32\CtDvInst.dll
2009-12-25 16:50:52 ----A---- C:\WINDOWS\system32\A3d.dll
2009-12-25 16:50:52 ----A---- C:\WINDOWS\P17DEF.EXE
2009-12-25 16:50:52 ----A---- C:\WINDOWS\MIDIDEF.EXE
2009-12-25 11:42:57 ----A---- C:\WINDOWS\system32\h323log.txt
2009-12-25 11:39:09 ----A---- C:\WINDOWS\system32\ksuser.dll
2009-12-25 11:38:04 ----A---- C:\WINDOWS\system32\usbui.dll
2009-12-25 11:37:12 ----A---- C:\WINDOWS\imsins.BAK
2009-12-25 11:37:10 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-12-25 11:37:09 ----SHD---- C:\WINDOWS\Installer
2009-12-25 11:37:09 ----D---- C:\Program Files\Common Files\ODBC
2009-12-25 11:37:09 ----A---- C:\WINDOWS\ODBCINST.INI
2009-12-25 11:37:07 ----D---- C:\Program Files\Common Files\SpeechEngines
2009-12-25 11:37:06 ----RD---- C:\Program Files
2009-12-25 11:37:06 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-12-25 11:37:06 ----D---- C:\Program Files\Common Files
2009-12-25 11:37:04 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2009-12-25 11:37:04 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2009-12-25 11:37:04 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2009-12-25 11:37:03 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2009-12-25 11:37:03 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2009-12-25 11:37:03 ----RA---- C:\WINDOWS\system32\kbdur.dll
2009-12-25 11:37:03 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2009-12-25 11:37:03 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2009-12-25 11:37:03 ----RA---- C:\WINDOWS\system32\kbdru.dll
2009-12-25 11:37:03 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2009-12-25 11:37:03 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2009-12-25 11:37:03 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2009-12-25 11:37:03 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2009-12-25 11:37:03 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2009-12-25 11:37:03 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2009-12-25 11:37:01 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2009-12-25 11:37:01 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2009-12-25 11:37:01 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2009-12-25 11:37:01 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2009-12-25 11:37:01 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2009-12-25 11:37:01 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2009-12-25 11:37:01 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2009-12-25 11:37:00 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2009-12-25 11:37:00 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2009-12-25 11:37:00 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2009-12-25 11:37:00 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2009-12-25 11:37:00 ----RA---- C:\WINDOWS\system32\kbdest.dll
2009-12-25 11:36:59 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2009-12-25 11:36:59 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2009-12-25 11:36:59 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2009-12-25 11:36:59 ----RA---- C:\WINDOWS\system32\kbdro.dll
2009-12-25 11:36:59 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2009-12-25 11:36:59 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2009-12-25 11:36:59 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2009-12-25 11:36:59 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2009-12-25 11:36:59 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2009-12-25 11:36:59 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2009-12-25 11:36:59 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2009-12-25 11:36:59 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2009-12-25 11:36:59 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2009-12-25 11:36:57 ----A---- C:\WINDOWS\system32\irclass.dll
2009-12-25 11:36:57 ----A---- C:\WINDOWS\system32\dgsetup.dll
2009-12-25 11:36:57 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2009-12-25 11:36:56 ----A---- C:\WINDOWS\system32\spxcoins.dll
2009-12-25 11:36:56 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2009-12-25 11:36:55 ----A---- C:\WINDOWS\TASKMAN.EXE
2009-12-25 11:36:55 ----A---- C:\WINDOWS\system32\batt.dll
2009-12-25 11:36:54 ----A---- C:\WINDOWS\system32\storprop.dll
2009-12-25 11:36:54 ----A---- C:\WINDOWS\notepad.exe
2009-12-25 11:36:47 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2009-12-25 11:36:38 ----D---- C:\WINDOWS\system32\CatRoot2
2009-12-25 11:36:38 ----D---- C:\WINDOWS\system32\CatRoot
2009-12-25 11:36:33 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-12-25 11:36:16 ----A---- C:\WINDOWS\setuplog.txt
2009-12-25 11:36:13 ----SHD---- C:\System Volume Information
2009-12-25 11:36:13 ----D---- C:\Documents and Settings
2009-12-25 11:35:18 ----RASH---- C:\boot.ini
2009-12-25 11:30:16 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-12-25 11:30:16 ----RSD---- C:\WINDOWS\Fonts
2009-12-25 11:30:16 ----RD---- C:\WINDOWS\Web
2009-12-25 11:30:16 ----HD---- C:\WINDOWS\inf
2009-12-25 11:30:16 ----D---- C:\WINDOWS\WinSxS
2009-12-25 11:30:16 ----D---- C:\WINDOWS\twain_32
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\wins
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\wbem
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\usmt
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\spool
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\ShellExt
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\Setup
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\ras
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\oobe
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\npp
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\mui
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\inetsrv
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\IME
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\icsxml
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\ias
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\export
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\drivers
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\dhcp
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\config
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\3com_dmi
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\3076
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\2052
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\1054
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\1042
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\1041
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\1037
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\1033
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\1031
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\1028
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\1025
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system
2009-12-25 11:30:16 ----D---- C:\WINDOWS\security
2009-12-25 11:30:16 ----D---- C:\WINDOWS\Resources
2009-12-25 11:30:16 ----D---- C:\WINDOWS\repair
2009-12-25 11:30:16 ----D---- C:\WINDOWS\Provisioning
2009-12-25 11:30:16 ----D---- C:\WINDOWS\PeerNet
2009-12-25 11:30:16 ----D---- C:\WINDOWS\pchealth
2009-12-25 11:30:16 ----D---- C:\WINDOWS\mui
2009-12-25 11:30:16 ----D---- C:\WINDOWS\msapps
2009-12-25 11:30:16 ----D---- C:\WINDOWS\msagent
2009-12-25 11:30:16 ----D---- C:\WINDOWS\Media
2009-12-25 11:30:16 ----D---- C:\WINDOWS\java
2009-12-25 11:30:16 ----D---- C:\WINDOWS\ime
2009-12-25 11:30:16 ----D---- C:\WINDOWS\Help
2009-12-25 11:30:16 ----D---- C:\WINDOWS\Driver Cache
2009-12-25 11:30:16 ----D---- C:\WINDOWS\Debug
2009-12-25 11:30:16 ----D---- C:\WINDOWS\Cursors
2009-12-25 11:30:16 ----D---- C:\WINDOWS\Connection Wizard
2009-12-25 11:30:16 ----D---- C:\WINDOWS\Config
2009-12-25 11:30:16 ----D---- C:\WINDOWS\AppPatch
2009-12-25 11:30:16 ----D---- C:\WINDOWS\addins
2009-12-25 11:30:16 ----D---- C:\WINDOWS

======List of files/folders modified in the last 1 months======

2010-01-18 20:00:13 ----A---- C:\WINDOWS\win.ini
2010-01-18 20:00:13 ----A---- C:\WINDOWS\system.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 36864]
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2010-01-07 333192]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2010-01-07 28424]
R1 AvgTdiX;AVG Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2010-01-07 360584]
R1 BIOS;BIOS; \??\C:\WINDOWS\system32\drivers\BIOS.sys []
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2009-02-17 24232]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-09-29 3565056]
R3 Avgfwdx;Avgfwdx; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2010-01-07 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver; \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys []
R3 AVGIDSFilterxpx;AVG9IDSFilter; \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys []
R3 AVGIDSShimxpx;AVG9IDSShim; \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys []
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2005-01-10 138752]
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2005-06-22 43008]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2005-01-10 106496]
R3 P17;SB Live! 24-bit; C:\WINDOWS\system32\drivers\P17.sys [2007-06-15 1127936]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 VClone;VClone; C:\WINDOWS\system32\DRIVERS\VClone.sys [2009-05-22 29696]
R3 ZSMC211;ZSMC USB PC Camera (ZS211); C:\WINDOWS\System32\Drivers\ZS211.sys [2007-06-13 1469312]
S3 Avgfwfd;AVG network filter service; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2010-01-07 30104]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-09-29 602112]
R2 avg9emc;AVG E-mail Scanner; C:\Program Files\AVG\AVG9\avgemc.exe [2010-01-07 906520]
R2 avg9wd;AVG WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-01-07 285392]
R2 avgfws9;AVG Firewall; C:\Program Files\AVG\AVG9\avgfws9.exe [2010-01-17 2304192]
R2 AVGIDSAgent;AVG9IDSAgent; C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2010-01-07 5832712]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-09-29 593920]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-11 135664]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
S3 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-09-23 935208]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe []
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------


Gary~
PapaBear
Regular Member
 
Posts: 29
Joined: January 7th, 2010, 12:00 pm
Location: North Dakota

Re: Internet Security 2010-malware

Unread postby Dakeyras » January 21st, 2010, 8:52 am

Hi. :)

Unfortunately I can not comment on performance at this time.
Fine, there is a specific check I will be asking your good self to carry out in due course with regard to this.

I also may have made a mistake. When ComboFix removed my desk top picture I went and got it again not thinking. Its a picture of a character on World Of Warcraft that I got from the Blizzard site. I can take back off if you want me to, but I'll leave it alone until advised.
OK not a problem and I can check this out in due course but there is something else I need to address first.

Next:

The version of HijackThis in use is the beta version and using RSIT should have download the last stable version but it has reported several time now:-

HijackThis download failed
So we need to address this so I am able to review a full RSIT log.txt.

Before we do I need to know have you removed anything with the beta version at all? Reason being once we uninstall the the beta version any backups created will be lost.

If you have removed anything with the aforementioned beta version please inform myself before we proceed any further, thank you.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Internet Security 2010-malware

Unread postby PapaBear » January 21st, 2010, 11:24 am

As far as Hijack This is concerned I do believe that I read that I shouldn't let Hijack This remove anything. That I should use a different program to remove files found by Hijack This. So I can say with about 80% certainty that have not removed/fixed anything with Hijack This.

Performance question
When I posted last night it was literally moments after I ran the scans and such. I can tell no difference in performance. My machine operates as you would expect a system that has less than a month on a reformat and install.

Additional question
Am I to gather you are still seeing traces of mal-ware in the scans I am performing?


Gary~
PapaBear
Regular Member
 
Posts: 29
Joined: January 7th, 2010, 12:00 pm
Location: North Dakota

Re: Internet Security 2010-malware

Unread postby Dakeyras » January 21st, 2010, 12:15 pm

Hi. :)

As far as Hijack This is concerned I do believe that I read that I shouldn't let Hijack This remove anything. That I should use a different program to remove files found by Hijack This. So I can say with about 80% certainty that have not removed/fixed anything with Hijack This.
Fair play.

Am I to gather you are still seeing traces of mal-ware in the scans I am performing?
I will be able to determine such once I have reviewed a new RSIT log.

Next:

Please download the HijackThis v2.0.2 installer from here and save it to the Desktop.

Now uninstall the beta version, then install the version you just downloaded.

Next:

Please make sure that RSIT.exe is still on the Desktop.(if not inform myself straight away please)

  • Double click once on RSIT.exe
  • RSIT will start running, at the disclaimer click on Continue.
  • When done, 1 log will be produced.
  • Post that in your next reply.

Check Hard Disk For Errors:

Press Start >> Run..., then copy/paste the following command into the box and press OK:
cmd /c chkdsk c: |find /v "percent" >> "%userprofile%\desktop\checkhd.txt"
A blank command window will open on your desktop, then close in a few minutes. This is normal.
A file icon named checkhd.txt should appear on your Desktop. Please post the contents of this file

When completed the above, please post back the following in the order asked for:
  • A new RSIT Log.
  • checkhd.txt.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Internet Security 2010-malware

Unread postby PapaBear » January 21st, 2010, 12:56 pm

Ok if I did this correctly these should be the logs you requested....

RSIT log
Logfile of random's system information tool 1.06 (written by random/random)
Run by Gary S. Priest at 2010-01-21 10:47:12
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 59 GB (75%) free of 79 GB
Total RAM: 2046 MB (32% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2010-01-07 1484056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-09-29 61440]
"VirtualCloneDrive"=C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2009-05-26 85160]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-01-11 2033432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-09-29 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2010-01-07 12464]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"Windows Service Host"="C:\Documents and Settings\Gary S. Priest\Application Data\svhost.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox"
"C:\Program Files\AVG\AVG9\avgam.exe"="C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe"
"C:\Program Files\AVG\AVG9\avgdiagex.exe"="C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe"
"C:\Program Files\AVG\AVG9\avgemc.exe"="C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-01-20 19:08:47 ----SHD---- C:\RECYCLER
2010-01-20 19:08:43 ----D---- C:\_OTM
2010-01-18 19:59:13 ----D---- C:\WINDOWS\temp
2010-01-18 19:59:11 ----A---- C:\ComboFix.txt
2010-01-18 19:49:55 ----A---- C:\Boot.bak
2010-01-18 19:49:48 ----RASHD---- C:\cmdcons
2010-01-18 19:49:09 ----A---- C:\WINDOWS\zip.exe
2010-01-18 19:49:09 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-01-18 19:49:09 ----A---- C:\WINDOWS\SWSC.exe
2010-01-18 19:49:09 ----A---- C:\WINDOWS\SWREG.exe
2010-01-18 19:49:09 ----A---- C:\WINDOWS\sed.exe
2010-01-18 19:49:09 ----A---- C:\WINDOWS\PEV.exe
2010-01-18 19:49:09 ----A---- C:\WINDOWS\NIRCMD.exe
2010-01-18 19:49:09 ----A---- C:\WINDOWS\MBR.exe
2010-01-18 19:49:09 ----A---- C:\WINDOWS\grep.exe
2010-01-18 19:33:33 ----D---- C:\Qoobox
2010-01-18 19:13:47 ----D---- C:\WINDOWS\ERDNT
2010-01-18 19:12:27 ----D---- C:\Program Files\ERUNT
2010-01-15 14:50:29 ----D---- C:\rsit
2010-01-15 14:50:29 ----D---- C:\Program Files\trend micro
2010-01-14 07:08:30 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-01-13 19:08:59 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-01-11 10:13:36 ----D---- C:\Documents and Settings\Gary S. Priest\Application Data\Google
2010-01-11 10:11:27 ----D---- C:\Program Files\Google
2010-01-07 18:49:32 ----D---- C:\$AVG
2010-01-07 18:49:20 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2010-01-07 18:48:48 ----D---- C:\Program Files\AVG
2010-01-07 18:48:48 ----A---- C:\WINDOWS\system32\avgfwdx.dll
2010-01-07 18:48:45 ----D---- C:\Documents and Settings\All Users\Application Data\avg9
2010-01-07 18:19:49 ----D---- C:\Documents and Settings\Gary S. Priest\Application Data\Malwarebytes
2010-01-07 17:07:04 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-01-07 17:07:03 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-07 16:58:55 ----A---- C:\WINDOWS\ntbtlog.txt
2010-01-07 09:54:11 ----D---- C:\Program Files\TrendMicro
2010-01-06 15:27:40 ----A---- C:\WINDOWS\iStler.exe
2010-01-06 10:27:46 ----HD---- C:\WINDOWS\PIF
2010-01-04 19:08:01 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2010-01-04 19:07:57 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2010-01-04 19:07:48 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2010-01-02 09:07:51 ----A---- C:\WINDOWS\system32\muweb.dll
2010-01-02 09:07:51 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2010-01-02 09:07:51 ----A---- C:\WINDOWS\system32\mucltui.dll
2010-01-01 15:05:49 ----D---- C:\Program Files\Unlocker
2010-01-01 14:55:40 ----D---- C:\Program Files\Common Files\Windows Live
2010-01-01 14:52:59 ----SHDC---- C:\Program Files\Common Files\WindowsLiveInstaller
2010-01-01 14:52:48 ----D---- C:\Documents and Settings\All Users\Application Data\WLInstaller
2010-01-01 14:45:17 ----D---- C:\Documents and Settings\Gary S. Priest\Application Data\Help
2010-01-01 14:13:34 ----D---- C:\Program Files\Common Files\Adobe
2010-01-01 14:13:19 ----D---- C:\Program Files\Adobe
2010-01-01 14:13:12 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2010-01-01 14:13:10 ----D---- C:\Program Files\Common Files\Adobe AIR
2010-01-01 14:12:46 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2009-12-31 19:42:49 ----D---- C:\Documents and Settings\Gary S. Priest\Application Data\gtk-2.0
2009-12-31 19:38:13 ----D---- C:\Program Files\Gimp-2.0
2009-12-30 19:38:57 ----A---- C:\WINDOWS\wininit.ini
2009-12-30 19:28:17 ----A---- C:\WINDOWS\system32\wmpns.dll
2009-12-30 19:27:48 ----D---- C:\WINDOWS\Prefetch
2009-12-30 19:26:21 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2009-12-30 19:26:17 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2009-12-30 19:26:13 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2009-12-30 19:26:10 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2009-12-30 19:26:07 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2009-12-30 19:26:04 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-12-30 19:25:59 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-12-30 19:25:56 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-12-30 19:25:52 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2009-12-30 19:25:48 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-12-30 19:25:45 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-12-30 19:25:42 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2009-12-30 19:25:39 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-12-30 19:25:36 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-12-30 19:25:32 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-12-30 19:25:28 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-12-30 19:25:24 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2009-12-30 19:25:20 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-12-30 19:25:17 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2009-12-30 19:25:13 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-12-30 19:25:10 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-12-30 19:25:05 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-12-30 19:25:02 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-12-30 19:24:58 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$
2009-12-30 19:24:51 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-12-30 19:24:48 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-12-30 19:24:44 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-12-30 19:24:41 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-12-30 19:24:38 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-12-30 19:24:35 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-12-30 19:24:32 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-12-30 19:24:28 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-12-30 19:24:25 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-12-30 19:24:22 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-12-30 19:24:19 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-12-30 19:24:13 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-12-30 19:24:06 ----HDC---- C:\WINDOWS\$NtUninstallKB973687_1$
2009-12-30 19:24:03 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-12-30 19:24:00 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-12-30 19:23:57 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-12-30 19:23:53 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-12-30 19:23:49 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-12-30 19:23:46 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-12-30 19:23:43 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-12-30 19:23:40 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-12-30 19:23:36 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-12-30 19:23:33 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-12-30 19:23:30 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-12-30 19:21:54 ----D---- C:\WINDOWS\system32\scripting
2009-12-30 19:21:54 ----D---- C:\WINDOWS\l2schemas
2009-12-30 19:21:53 ----D---- C:\WINDOWS\system32\en
2009-12-30 19:21:53 ----D---- C:\WINDOWS\system32\bits
2009-12-30 19:19:56 ----D---- C:\WINDOWS\network diagnostic
2009-12-30 19:18:39 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-12-30 19:18:39 ----D---- C:\WINDOWS\EHome
2009-12-30 18:55:30 ----D---- C:\WINDOWS\ie8updates
2009-12-30 18:55:22 ----D---- C:\WINDOWS\WBEM
2009-12-30 18:55:10 ----HDC---- C:\WINDOWS\ie8
2009-12-30 18:54:08 ----HDC---- C:\WINDOWS\$NtUninstallKB932823-v3$
2009-12-30 18:50:29 ----A---- C:\WINDOWS\system32\MRT.exe
2009-12-29 10:53:53 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2009-12-29 10:53:37 ----A---- C:\WINDOWS\ZSSnp211.exe
2009-12-29 10:53:37 ----A---- C:\WINDOWS\ZS211Cap.exe
2009-12-29 10:53:37 ----A---- C:\WINDOWS\system32\ZS211STI.dll
2009-12-29 10:53:37 ----A---- C:\WINDOWS\Domino.exe
2009-12-29 10:53:37 ----A---- C:\WINDOWS\amcap.exe
2009-12-29 10:53:35 ----D---- C:\Program Files\Vimicro
2009-12-27 09:39:31 ----HDC---- C:\WINDOWS\$NtUninstallKB970430_0$
2009-12-27 09:39:16 ----HDC---- C:\WINDOWS\$NtUninstallKB961118_0$
2009-12-27 09:37:15 ----HDC---- C:\WINDOWS\$NtUninstallKB925720$
2009-12-27 09:37:12 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-12-27 09:36:57 ----HDC---- C:\WINDOWS\$NtUninstallKB971737_0$
2009-12-27 09:36:51 ----D---- C:\Program Files\MSXML 4.0
2009-12-26 12:01:19 ----A---- C:\WINDOWS\NeroDigital.ini
2009-12-26 11:36:47 ----D---- C:\Program Files\Common Files\Nero
2009-12-26 11:12:53 ----A---- C:\WINDOWS\system32\regsvr32.exe.log
2009-12-26 08:34:03 ----A---- C:\WINDOWS\system32\MsiExec.exe.log
2009-12-25 23:18:26 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-12-25 23:18:26 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-25 22:52:12 ----D---- C:\Documents and Settings\Gary S. Priest\Application Data\Nero
2009-12-25 22:41:01 ----D---- C:\Program Files\Nero
2009-12-25 21:33:52 ----D---- C:\Program Files\Windows Sidebar
2009-12-25 21:33:31 ----A---- C:\WINDOWS\Irremote.ini
2009-12-25 21:29:45 ----A---- C:\WINDOWS\system32\XAudio2_5.dll
2009-12-25 21:29:44 ----A---- C:\WINDOWS\system32\xactengine3_5.dll
2009-12-25 21:29:44 ----A---- C:\WINDOWS\system32\D3DX9_42.dll
2009-12-25 21:29:44 ----A---- C:\WINDOWS\system32\d3dx11_42.dll
2009-12-25 21:29:44 ----A---- C:\WINDOWS\system32\d3dx10_42.dll
2009-12-25 21:29:44 ----A---- C:\WINDOWS\system32\d3dcsx_42.dll
2009-12-25 21:29:44 ----A---- C:\WINDOWS\system32\D3DCompiler_42.dll
2009-12-25 21:29:43 ----A---- C:\WINDOWS\system32\XAudio2_4.dll
2009-12-25 21:29:43 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll
2009-12-25 21:29:43 ----A---- C:\WINDOWS\system32\xactengine3_4.dll
2009-12-25 21:29:43 ----A---- C:\WINDOWS\system32\D3DX9_41.dll
2009-12-25 21:29:43 ----A---- C:\WINDOWS\system32\d3dx10_41.dll
2009-12-25 21:29:43 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll
2009-12-25 21:29:42 ----A---- C:\WINDOWS\system32\XAudio2_3.dll
2009-12-25 21:29:42 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll
2009-12-25 21:29:42 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll
2009-12-25 21:29:42 ----A---- C:\WINDOWS\system32\D3DX9_40.dll
2009-12-25 21:29:42 ----A---- C:\WINDOWS\system32\d3dx10_40.dll
2009-12-25 21:29:42 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll
2009-12-25 21:29:41 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2009-12-25 21:29:41 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2009-12-25 21:29:41 ----A---- C:\WINDOWS\system32\xactengine3_3.dll
2009-12-25 21:29:41 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2009-12-25 21:29:41 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll
2009-12-25 21:29:41 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2009-12-25 21:29:41 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2009-12-25 21:29:41 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2009-12-25 21:29:40 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2009-12-25 21:29:40 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2009-12-25 21:29:40 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2009-12-25 21:29:40 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2009-12-25 21:29:40 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2009-12-25 21:29:40 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2009-12-25 21:29:40 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2009-12-25 21:29:39 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2009-12-25 21:29:39 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2009-12-25 21:29:39 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2009-12-25 21:29:39 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2009-12-25 21:29:39 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2009-12-25 21:29:39 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2009-12-25 21:28:11 ----D---- C:\WINDOWS\Logs
2009-12-25 21:25:38 ----D---- C:\Documents and Settings\All Users\Application Data\Nero
2009-12-25 21:12:36 ----A---- C:\WINDOWS\system32\javaws.exe
2009-12-25 21:12:36 ----A---- C:\WINDOWS\system32\javaw.exe
2009-12-25 21:12:36 ----A---- C:\WINDOWS\system32\java.exe
2009-12-25 21:12:36 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-12-25 21:12:27 ----D---- C:\Program Files\Java
2009-12-25 21:11:54 ----D---- C:\Documents and Settings\Gary S. Priest\Application Data\Sun
2009-12-25 21:11:03 ----D---- C:\Program Files\Winamp Detect
2009-12-25 21:10:53 ----N---- C:\WINDOWS\system32\vxblock.dll
2009-12-25 21:10:53 ----N---- C:\WINDOWS\system32\pxwave.dll
2009-12-25 21:10:53 ----N---- C:\WINDOWS\system32\pxsfs.dll
2009-12-25 21:10:53 ----N---- C:\WINDOWS\system32\pxmas.dll
2009-12-25 21:10:53 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2009-12-25 21:10:53 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2009-12-25 21:10:53 ----N---- C:\WINDOWS\system32\pxdrv.dll
2009-12-25 21:10:53 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2009-12-25 21:10:53 ----N---- C:\WINDOWS\system32\pxafs.dll
2009-12-25 21:10:53 ----N---- C:\WINDOWS\system32\px.dll
2009-12-25 21:10:53 ----D---- C:\Program Files\Winamp
2009-12-25 21:10:53 ----D---- C:\Documents and Settings\Gary S. Priest\Application Data\Winamp
2009-12-25 21:00:36 ----D---- C:\Documents and Settings\Gary S. Priest\Application Data\uTorrent
2009-12-25 20:54:36 ----D---- C:\WINDOWS\system32\LogFiles
2009-12-25 20:53:52 ----D---- C:\WINDOWS\RegisteredPackages
2009-12-25 20:53:36 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2009-12-25 20:53:36 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2009-12-25 20:53:36 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2009-12-25 20:53:36 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2009-12-25 20:53:35 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2009-12-25 20:53:35 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2009-12-25 20:53:35 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2009-12-25 20:53:35 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2009-12-25 20:53:34 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2009-12-25 20:53:34 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2009-12-25 20:53:34 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll
2009-12-25 20:53:34 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2009-12-25 20:53:34 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2009-12-25 20:53:34 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2009-12-25 20:53:33 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2009-12-25 20:53:32 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2009-12-25 20:53:32 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2009-12-25 20:53:32 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2009-12-25 20:53:31 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2009-12-25 20:53:31 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2009-12-25 20:53:31 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2009-12-25 20:53:31 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2009-12-25 20:53:31 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2009-12-25 20:53:31 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2009-12-25 20:53:30 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2009-12-25 20:53:30 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2009-12-25 20:53:30 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2009-12-25 20:53:30 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2009-12-25 20:53:30 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2009-12-25 20:53:26 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2009-12-25 20:53:25 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2009-12-25 20:53:25 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2009-12-25 20:53:25 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2009-12-25 20:53:25 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2009-12-25 20:53:25 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2009-12-25 20:53:25 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2009-12-25 20:53:24 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2009-12-25 20:53:24 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2009-12-25 20:53:24 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2009-12-25 20:51:36 ----D---- C:\d7bd8d90dc6561f35f408805b51018a4
2009-12-25 20:34:51 ----D---- C:\Documents and Settings\Gary S. Priest\Application Data\Roxio Log Files
2009-12-25 20:30:04 ----D---- C:\Program Files\Elaborate Bytes
2009-12-25 19:26:38 ----D---- C:\Hex_Editor_xvi32
2009-12-25 19:26:38 ----A---- C:\xvi32_readme.txt
2009-12-25 19:21:44 ----A---- C:\WINDOWS\system32\unrar.dll
2009-12-25 19:21:44 ----A---- C:\WINDOWS\system32\mplvw7.dll
2009-12-25 19:21:44 ----A---- C:\WINDOWS\system32\mplvpx.dll
2009-12-25 19:21:44 ----A---- C:\WINDOWS\system32\mplvm6.dll
2009-12-25 19:21:44 ----A---- C:\WINDOWS\system32\mplva6.dll
2009-12-25 19:21:44 ----A---- C:\WINDOWS\system32\mplaw7.dll
2009-12-25 19:21:44 ----A---- C:\WINDOWS\system32\mplapx.dll
2009-12-25 19:21:44 ----A---- C:\WINDOWS\system32\mplam6.dll
2009-12-25 19:21:44 ----A---- C:\WINDOWS\system32\mplaa6.dll
2009-12-25 19:21:44 ----A---- C:\WINDOWS\system32\cpuinf32.dll
2009-12-25 19:21:43 ----A---- C:\WINDOWS\system32\xvidcore.dll
2009-12-25 19:21:42 ----D---- C:\Program Files\ACE Mega CoDecS Pack
2009-12-25 19:09:10 ----D---- C:\Program Files\Conquer 2.0
2009-12-25 19:04:38 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-12-25 19:04:38 ----D---- C:\Program Files\AMD
2009-12-25 19:04:30 ----D---- C:\Documents and Settings\Gary S. Priest\Application Data\InstallShield
2009-12-25 19:01:52 ----A---- C:\WINDOWS\system32\wrap_oal.dll
2009-12-25 19:01:52 ----A---- C:\WINDOWS\system32\OpenAL32.dll
2009-12-25 19:01:46 ----A---- C:\WINDOWS\system32\ludap17.ini
2009-12-25 19:01:46 ----A---- C:\WINDOWS\system32\ctzapxx.ini
2009-12-25 19:01:46 ----A---- C:\WINDOWS\INRES.DLL
2009-12-25 19:01:45 ----D---- C:\Program Files\Creative
2009-12-25 18:59:04 ----D---- C:\WINDOWS\pss
2009-12-25 18:54:03 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2_0$
2009-12-25 18:54:00 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2009-12-25 18:53:57 ----HDC---- C:\WINDOWS\$NtUninstallKB959426_0$
2009-12-25 18:53:54 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2009-12-25 18:53:51 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2009-12-25 18:53:48 ----HDC---- C:\WINDOWS\$NtUninstallKB960859_0$
2009-12-25 18:53:46 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2009-12-25 18:53:43 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-12-25 18:53:41 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$
2009-12-25 18:53:39 ----HDC---- C:\WINDOWS\$NtUninstallKB974318_0$
2009-12-25 18:53:35 ----HDC---- C:\WINDOWS\$NtUninstallKB969059_0$
2009-12-25 18:53:32 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2_0$
2009-12-25 18:53:29 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2009-12-25 18:53:26 ----HDC---- C:\WINDOWS\$NtUninstallKB971657_0$
2009-12-25 18:53:22 ----HDC---- C:\WINDOWS\$NtUninstallKB971557_0$
2009-12-25 18:53:19 ----HDC---- C:\WINDOWS\$NtUninstallKB960225_0$
2009-12-25 18:53:16 ----HDC---- C:\WINDOWS\$NtUninstallKB974112_0$
2009-12-25 18:53:09 ----HDC---- C:\WINDOWS\$NtUninstallKB956572_0$
2009-12-25 18:53:05 ----HDC---- C:\WINDOWS\$NtUninstallKB956844_0$
2009-12-25 18:53:01 ----HDC---- C:\WINDOWS\$NtUninstallKB961501_0$
2009-12-25 18:52:58 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-12-25 18:52:56 ----HDC---- C:\WINDOWS\$NtUninstallKB971633_0$
2009-12-25 18:52:52 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-12-25 18:52:50 ----HDC---- C:\WINDOWS\$NtUninstallKB973869_0$
2009-12-25 18:52:47 ----HDC---- C:\WINDOWS\$NtUninstallKB975025_0$
2009-12-25 18:52:42 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$
2009-12-25 18:52:39 ----HDC---- C:\WINDOWS\$NtUninstallKB952004_0$
2009-12-25 18:52:36 ----HDC---- C:\WINDOWS\$NtUninstallKB974571_0$
2009-12-25 18:52:27 ----HDC---- C:\WINDOWS\$NtUninstallKB976325$
2009-12-25 18:52:23 ----HDC---- C:\WINDOWS\$NtUninstallKB973507_0$
2009-12-25 18:52:20 ----HDC---- C:\WINDOWS\$NtUninstallKB973687_0$
2009-12-25 18:52:17 ----HDC---- C:\WINDOWS\$NtUninstallKB950762_0$
2009-12-25 18:52:13 ----HDC---- C:\WINDOWS\$NtUninstallKB957097_0$
2009-12-25 18:52:10 ----HDC---- C:\WINDOWS\$NtUninstallKB958687_0$
2009-12-25 18:52:07 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2009-12-25 18:52:04 ----HDC---- C:\WINDOWS\$NtUninstallKB973354_0$
2009-12-25 18:52:00 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2009-12-25 18:51:53 ----HDC---- C:\WINDOWS\$NtUninstallKB967715_0$
2009-12-25 18:51:49 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2009-12-25 18:51:46 ----HDC---- C:\WINDOWS\$NtUninstallKB974392_0$
2009-12-25 18:51:42 ----HDC---- C:\WINDOWS\$NtUninstallKB951748_0$
2009-12-25 18:51:39 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2009-12-25 18:51:36 ----HDC---- C:\WINDOWS\$NtUninstallKB970238_0$
2009-12-25 18:51:30 ----HDC---- C:\WINDOWS\$NtUninstallKB971486_0$
2009-12-25 18:51:26 ----D---- C:\WINDOWS\ServicePackFiles
2009-12-25 18:51:25 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$
2009-12-25 18:51:22 ----HDC---- C:\WINDOWS\$NtUninstallKB960803_0$
2009-12-25 18:51:19 ----HDC---- C:\WINDOWS\$NtUninstallKB973815_0$
2009-12-25 18:51:16 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2009-12-25 18:51:13 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$
2009-12-25 18:51:10 ----HDC---- C:\WINDOWS\$NtUninstallKB955069_0$
2009-12-25 18:51:07 ----HDC---- C:\WINDOWS\$NtUninstallKB956802_0$
2009-12-25 18:51:00 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2009-12-25 18:50:56 ----HDC---- C:\WINDOWS\$NtUninstallKB923561_0$
2009-12-25 18:50:53 ----HDC---- C:\WINDOWS\$NtUninstallKB975467_0$
2009-12-25 18:50:48 ----HDC---- C:\WINDOWS\$NtUninstallKB968389_0$
2009-12-25 18:50:43 ----HDC---- C:\WINDOWS\$NtUninstallKB969947_0$
2009-12-25 18:34:36 ----D---- C:\Documents and Settings\Gary S. Priest\Application Data\WinRAR
2009-12-25 18:34:19 ----D---- C:\Program Files\WinRAR
2009-12-25 18:28:56 ----D---- C:\Program Files\MSBuild
2009-12-25 18:28:53 ----D---- C:\WINDOWS\system32\XPSViewer
2009-12-25 18:28:51 ----D---- C:\WINDOWS\system32\en-us
2009-12-25 18:28:50 ----D---- C:\Program Files\Reference Assemblies
2009-12-25 18:28:35 ----N---- C:\WINDOWS\system32\spmsg2.dll
2009-12-25 18:27:02 ----HDC---- C:\WINDOWS\$NtUninstallWIC$
2009-12-25 18:26:59 ----D---- C:\Program Files\MSXML 6.0
2009-12-25 18:23:24 ----N---- C:\WINDOWS\system32\tzchange.exe
2009-12-25 18:22:12 ----D---- C:\WINDOWS\vnDrvBas
2009-12-25 18:22:12 ----A---- C:\WINDOWS\system32\vuins32.dll
2009-12-25 18:17:11 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-12-25 18:16:57 ----D---- C:\Program Files\VIA
2009-12-25 18:16:52 ----N---- C:\WINDOWS\system32\xpsp4res.dll
2009-12-25 18:16:52 ----A---- C:\WINDOWS\system32\xpsp3res.dll
2009-12-25 18:13:32 ----D---- C:\Documents and Settings\Gary S. Priest\Application Data\ATI
2009-12-25 18:13:32 ----D---- C:\Documents and Settings\All Users\Application Data\ATI
2009-12-25 18:11:20 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2009-12-25 18:11:04 ----RSD---- C:\WINDOWS\assembly
2009-12-25 18:11:01 ----D---- C:\WINDOWS\system32\PreInstall
2009-12-25 18:11:00 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-12-25 18:11:00 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2009-12-25 18:10:59 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2009-12-25 18:10:59 ----HD---- C:\WINDOWS\$hf_mig$
2009-12-25 18:10:47 ----D---- C:\WINDOWS\Microsoft.NET
2009-12-25 18:06:59 ----N---- C:\WINDOWS\system32\ati2sgag.exe
2009-12-25 18:06:44 ----HD---- C:\Program Files\InstallShield Installation Information
2009-12-25 18:06:44 ----D---- C:\Program Files\ATI Technologies
2009-12-25 18:06:17 ----D---- C:\Program Files\Common Files\InstallShield
2009-12-25 18:06:01 ----D---- C:\ATI
2009-12-25 18:01:48 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2009-12-25 17:58:13 ----D---- C:\Documents and Settings\Gary S. Priest\Application Data\Macromedia
2009-12-25 17:58:13 ----D---- C:\Documents and Settings\Gary S. Priest\Application Data\Adobe
2009-12-25 17:57:03 ----D---- C:\Documents and Settings\Gary S. Priest\Application Data\Mozilla
2009-12-25 17:56:56 ----D---- C:\Program Files\Mozilla Firefox
2009-12-25 17:53:23 ----D---- C:\Documents and Settings\Gary S. Priest\Application Data\Identities
2009-12-25 17:53:22 ----HD---- C:\Program Files\Uninstall Information
2009-12-25 17:53:20 ----ASH---- C:\Documents and Settings\Gary S. Priest\Application Data\desktop.ini
2009-12-25 17:53:19 ----SD---- C:\Documents and Settings\Gary S. Priest\Application Data\Microsoft
2009-12-25 17:52:57 ----A---- C:\WINDOWS\system32\wpa.bak
2009-12-25 17:50:31 ----D---- C:\WINDOWS\SoftwareDistribution
2009-12-25 17:50:20 ----SD---- C:\WINDOWS\system32\Microsoft
2009-12-25 17:50:20 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-12-25 17:47:57 ----D---- C:\WINDOWS\system32\xircom
2009-12-25 17:47:57 ----D---- C:\Program Files\xerox
2009-12-25 17:47:57 ----D---- C:\Program Files\microsoft frontpage
2009-12-25 17:47:51 ----A---- C:\WINDOWS\control.ini
2009-12-25 17:47:51 ----A---- C:\AUTOEXEC.BAT
2009-12-25 17:47:43 ----A---- C:\WINDOWS\OEWABLog.txt
2009-12-25 17:47:40 ----A---- C:\WINDOWS\system32\mapi32.dll
2009-12-25 17:46:50 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-12-25 17:46:50 ----RD---- C:\WINDOWS\Offline Web Pages
2009-12-25 17:46:50 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2009-12-25 17:46:46 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-12-25 17:46:43 ----HD---- C:\Program Files\WindowsUpdate
2009-12-25 17:46:28 ----D---- C:\WINDOWS\system32\DirectX
2009-12-25 17:46:13 ----A---- C:\WINDOWS\system32\atrace.dll
2009-12-25 17:46:11 ----A---- C:\WINDOWS\system32\desktop.ini
2009-12-25 17:46:11 ----A---- C:\WINDOWS\desktop.ini
2009-12-25 17:46:06 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2009-12-25 17:46:05 ----A---- C:\WINDOWS\system32\acctres.dll
2009-12-25 17:46:04 ----D---- C:\Program Files\Common Files\Services
2009-12-25 17:46:03 ----SD---- C:\WINDOWS\Tasks
2009-12-25 17:46:03 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2009-12-25 17:46:02 ----D---- C:\Program Files\Common Files\MSSoap
2009-12-25 17:45:59 ----D---- C:\WINDOWS\system32\Macromed
2009-12-25 17:45:59 ----D---- C:\WINDOWS\srchasst
2009-12-25 17:45:57 ----A---- C:\WINDOWS\system32\wuweb.dll
2009-12-25 17:45:57 ----A---- C:\WINDOWS\system32\wups.dll
2009-12-25 17:45:57 ----A---- C:\WINDOWS\system32\wucltui.dll
2009-12-25 17:45:57 ----A---- C:\WINDOWS\system32\wuauserv.dll
2009-12-25 17:45:57 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2009-12-25 17:45:57 ----A---- C:\WINDOWS\system32\wuaueng.dll
2009-12-25 17:45:57 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2009-12-25 17:45:56 ----N---- C:\WINDOWS\system32\wuauclt.exe
2009-12-25 17:45:56 ----N---- C:\WINDOWS\system32\qmgr.dll
2009-12-25 17:45:56 ----A---- C:\WINDOWS\system32\wuapi.dll
2009-12-25 17:45:56 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2009-12-25 17:45:56 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2009-12-25 17:45:56 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2009-12-25 17:45:53 ----D---- C:\Program Files\Movie Maker
2009-12-25 17:45:51 ----A---- C:\WINDOWS\system32\safrslv.dll
2009-12-25 17:45:51 ----A---- C:\WINDOWS\system32\safrdm.dll
2009-12-25 17:45:51 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2009-12-25 17:45:50 ----A---- C:\WINDOWS\system32\racpldlg.dll
2009-12-25 17:45:48 ----N---- C:\WINDOWS\system32\srsvc.dll
2009-12-25 17:45:48 ----D---- C:\WINDOWS\system32\Restore
2009-12-25 17:45:48 ----A---- C:\WINDOWS\system32\srrstr.dll
2009-12-25 17:45:48 ----A---- C:\WINDOWS\system32\srclient.dll
2009-12-25 17:45:48 ----A---- C:\WINDOWS\system32\fltmc.exe
2009-12-25 17:45:48 ----A---- C:\WINDOWS\system32\fltlib.dll
2009-12-25 17:45:47 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2009-12-25 17:45:47 ----A---- C:\WINDOWS\system32\msconf.dll
2009-12-25 17:45:47 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2009-12-25 17:45:47 ----A---- C:\WINDOWS\system32\mnmdd.dll
2009-12-25 17:45:47 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2009-12-25 17:45:47 ----A---- C:\WINDOWS\system32\ils.dll
2009-12-25 17:45:45 ----D---- C:\Program Files\NetMeeting
2009-12-25 17:45:45 ----A---- C:\WINDOWS\system32\msoert2.dll
2009-12-25 17:45:45 ----A---- C:\WINDOWS\system32\msoeacct.dll
2009-12-25 17:45:44 ----A---- C:\WINDOWS\system32\inetres.dll
2009-12-25 17:45:44 ----A---- C:\WINDOWS\system32\inetcomm.dll
2009-12-25 17:45:43 ----N---- C:\WINDOWS\system32\schedsvc.dll
2009-12-25 17:45:43 ----D---- C:\Program Files\Outlook Express
2009-12-25 17:45:43 ----A---- C:\WINDOWS\system32\mstinit.exe
2009-12-25 17:45:43 ----A---- C:\WINDOWS\system32\mstask.dll
2009-12-25 17:45:42 ----A---- C:\WINDOWS\system32\isign32.dll
2009-12-25 17:45:42 ----A---- C:\WINDOWS\system32\inetcfg.dll
2009-12-25 17:45:42 ----A---- C:\WINDOWS\system32\icwphbk.dll
2009-12-25 17:45:42 ----A---- C:\WINDOWS\system32\icwdial.dll
2009-12-25 17:45:38 ----D---- C:\Program Files\Common Files\System
2009-12-25 17:45:36 ----D---- C:\Program Files\Internet Explorer
2009-12-25 17:45:27 ----D---- C:\Program Files\ComPlus Applications
2009-12-25 17:45:25 ----A---- C:\WINDOWS\vbaddin.ini
2009-12-25 17:45:25 ----A---- C:\WINDOWS\vb.ini
2009-12-25 17:45:21 ----D---- C:\WINDOWS\Registration
2009-12-25 17:45:01 ----D---- C:\Program Files\Windows Media Player
2009-12-25 17:45:01 ----D---- C:\Program Files\Online Services
2009-12-25 17:44:57 ----D---- C:\Program Files\Messenger
2009-12-25 17:44:54 ----D---- C:\Program Files\MSN Gaming Zone
2009-12-25 17:44:54 ----A---- C:\WINDOWS\system32\write.exe
2009-12-25 17:44:48 ----A---- C:\WINDOWS\system32\sndvol32.exe
2009-12-25 17:44:48 ----A---- C:\WINDOWS\system32\hticons.dll
2009-12-25 17:44:48 ----A---- C:\WINDOWS\system32\avwav.dll
2009-12-25 17:44:47 ----A---- C:\WINDOWS\system32\winchat.exe
2009-12-25 17:44:47 ----A---- C:\WINDOWS\system32\avtapi.dll
2009-12-25 17:44:47 ----A---- C:\WINDOWS\system32\avmeter.dll
2009-12-25 17:44:43 ----A---- C:\WINDOWS\system32\getuname.dll
2009-12-25 17:44:42 ----A---- C:\WINDOWS\system32\winmine.exe
2009-12-25 17:44:42 ----A---- C:\WINDOWS\system32\sol.exe
2009-12-25 17:44:42 ----A---- C:\WINDOWS\system32\mshearts.exe
2009-12-25 17:44:42 ----A---- C:\WINDOWS\system32\freecell.exe
2009-12-25 17:44:42 ----A---- C:\WINDOWS\system32\charmap.exe
2009-12-25 17:44:42 ----A---- C:\WINDOWS\system32\calc.exe
2009-12-25 17:44:41 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2009-12-25 17:44:41 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2009-12-25 17:44:41 ----A---- C:\WINDOWS\system32\tslabels.ini
2009-12-25 17:44:41 ----A---- C:\WINDOWS\system32\tskill.exe
2009-12-25 17:44:41 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2009-12-25 17:44:41 ----A---- C:\WINDOWS\system32\tscon.exe
2009-12-25 17:44:41 ----A---- C:\WINDOWS\system32\shadow.exe
2009-12-25 17:44:41 ----A---- C:\WINDOWS\system32\rwinsta.exe
2009-12-25 17:44:41 ----A---- C:\WINDOWS\system32\reset.exe
2009-12-25 17:44:41 ----A---- C:\WINDOWS\system32\regini.exe
2009-12-25 17:44:41 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2009-12-25 17:44:41 ----A---- C:\WINDOWS\system32\qwinsta.exe
2009-12-25 17:44:41 ----A---- C:\WINDOWS\system32\qappsrv.exe
2009-12-25 17:44:41 ----A---- C:\WINDOWS\system32\msg.exe
2009-12-25 17:44:41 ----A---- C:\WINDOWS\system32\logoff.exe
2009-12-25 17:44:41 ----A---- C:\WINDOWS\system32\cdmodem.dll
2009-12-25 17:44:40 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2009-12-25 17:44:40 ----A---- C:\WINDOWS\system32\mtxex.dll
2009-12-25 17:44:40 ----A---- C:\WINDOWS\system32\mtxdm.dll
2009-12-25 17:44:40 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2009-12-25 17:44:40 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2009-12-25 17:44:40 ----A---- C:\WINDOWS\system32\comrepl.dll
2009-12-25 17:44:40 ----A---- C:\WINDOWS\system32\comaddin.dll
2009-12-25 17:44:39 ----A---- C:\WINDOWS\system32\stclient.dll
2009-12-25 17:44:39 ----A---- C:\WINDOWS\system32\comsnap.dll
2009-12-25 17:44:36 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2009-12-25 17:44:28 ----D---- C:\Program Files\MSN
2009-12-25 17:44:27 ----D---- C:\Program Files\Windows NT
2009-12-25 17:44:27 ----A---- C:\WINDOWS\system32\sndrec32.exe
2009-12-25 17:44:27 ----A---- C:\WINDOWS\system32\mspaint.exe
2009-12-25 17:44:27 ----A---- C:\WINDOWS\system32\mplay32.exe
2009-12-25 17:44:27 ----A---- C:\WINDOWS\system32\hypertrm.dll
2009-12-25 17:44:27 ----A---- C:\WINDOWS\system32\accwiz.exe
2009-12-25 17:44:26 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2009-12-25 17:44:26 ----A---- C:\WINDOWS\system32\spider.exe
2009-12-25 17:44:26 ----A---- C:\WINDOWS\system32\mstscax.dll
2009-12-25 17:44:26 ----A---- C:\WINDOWS\system32\mstsc.exe
2009-12-25 17:44:26 ----A---- C:\WINDOWS\system32\clipbrd.exe
2009-12-25 17:44:25 ----N---- C:\WINDOWS\system32\termsrv.dll
2009-12-25 17:44:25 ----D---- C:\WINDOWS\system32\MsDtc
2009-12-25 17:44:25 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2009-12-25 17:44:25 ----A---- C:\WINDOWS\system32\sessmgr.exe
2009-12-25 17:44:25 ----A---- C:\WINDOWS\system32\remotepg.dll
2009-12-25 17:44:25 ----A---- C:\WINDOWS\system32\rdshost.exe
2009-12-25 17:44:25 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2009-12-25 17:44:25 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2009-12-25 17:44:25 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2009-12-25 17:44:25 ----A---- C:\WINDOWS\system32\rdpclip.exe
2009-12-25 17:44:25 ----A---- C:\WINDOWS\system32\rdchost.dll
2009-12-25 17:44:25 ----A---- C:\WINDOWS\system32\qprocess.exe
2009-12-25 17:44:25 ----A---- C:\WINDOWS\system32\icaapi.dll
2009-12-25 17:44:25 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2009-12-25 17:44:24 ----A---- C:\WINDOWS\system32\xolehlp.dll
2009-12-25 17:44:24 ----A---- C:\WINDOWS\system32\mtxoci.dll
2009-12-25 17:44:24 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2009-12-25 17:44:24 ----A---- C:\WINDOWS\system32\msdtctm.dll
2009-12-25 17:44:24 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2009-12-25 17:44:24 ----A---- C:\WINDOWS\system32\msdtclog.dll
2009-12-25 17:44:24 ----A---- C:\WINDOWS\system32\msdtc.exe
2009-12-25 17:44:23 ----D---- C:\WINDOWS\system32\Com
2009-12-25 17:44:23 ----A---- C:\WINDOWS\system32\comuid.dll
2009-12-25 17:44:23 ----A---- C:\WINDOWS\system32\comsvcs.dll
2009-12-25 17:44:23 ----A---- C:\WINDOWS\system32\colbact.dll
2009-12-25 17:44:23 ----A---- C:\WINDOWS\system32\clbcatq.dll
2009-12-25 17:44:23 ----A---- C:\WINDOWS\system32\clbcatex.dll
2009-12-25 17:44:23 ----A---- C:\WINDOWS\system32\catsrvut.dll
2009-12-25 17:44:23 ----A---- C:\WINDOWS\system32\catsrvps.dll
2009-12-25 17:44:23 ----A---- C:\WINDOWS\system32\catsrv.dll
2009-12-25 17:44:19 ----A---- C:\WINDOWS\system32\servdeps.dll
2009-12-25 17:44:19 ----A---- C:\WINDOWS\system32\mmfutil.dll
2009-12-25 17:44:19 ----A---- C:\WINDOWS\system32\licwmi.dll
2009-12-25 17:44:18 ----A---- C:\WINDOWS\system32\cmprops.dll
2009-12-25 16:50:53 ----A---- C:\WINDOWS\system32\EAX.DLL
2009-12-25 16:50:53 ----A---- C:\WINDOWS\OALInst.exe
2009-12-25 16:50:52 ----A---- C:\WINDOWS\system32\sfms32.dll
2009-12-25 16:50:52 ----A---- C:\WINDOWS\system32\sfman32.dll
2009-12-25 16:50:52 ----A---- C:\WINDOWS\system32\P17res.dll
2009-12-25 16:50:52 ----A---- C:\WINDOWS\system32\P17CPI.dll
2009-12-25 16:50:52 ----A---- C:\WINDOWS\system32\P17.dll
2009-12-25 16:50:52 ----A---- C:\WINDOWS\system32\CtDvInst.dll
2009-12-25 16:50:52 ----A---- C:\WINDOWS\system32\A3d.dll
2009-12-25 16:50:52 ----A---- C:\WINDOWS\P17DEF.EXE
2009-12-25 16:50:52 ----A---- C:\WINDOWS\MIDIDEF.EXE
2009-12-25 11:42:57 ----A---- C:\WINDOWS\system32\h323log.txt
2009-12-25 11:39:09 ----A---- C:\WINDOWS\system32\ksuser.dll
2009-12-25 11:38:04 ----A---- C:\WINDOWS\system32\usbui.dll
2009-12-25 11:37:12 ----A---- C:\WINDOWS\imsins.BAK
2009-12-25 11:37:10 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-12-25 11:37:09 ----SHD---- C:\WINDOWS\Installer
2009-12-25 11:37:09 ----D---- C:\Program Files\Common Files\ODBC
2009-12-25 11:37:09 ----A---- C:\WINDOWS\ODBCINST.INI
2009-12-25 11:37:07 ----D---- C:\Program Files\Common Files\SpeechEngines
2009-12-25 11:37:06 ----RD---- C:\Program Files
2009-12-25 11:37:06 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-12-25 11:37:06 ----D---- C:\Program Files\Common Files
2009-12-25 11:37:04 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2009-12-25 11:37:04 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2009-12-25 11:37:04 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2009-12-25 11:37:03 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2009-12-25 11:37:03 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2009-12-25 11:37:03 ----RA---- C:\WINDOWS\system32\kbdur.dll
2009-12-25 11:37:03 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2009-12-25 11:37:03 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2009-12-25 11:37:03 ----RA---- C:\WINDOWS\system32\kbdru.dll
2009-12-25 11:37:03 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2009-12-25 11:37:03 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2009-12-25 11:37:03 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2009-12-25 11:37:03 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2009-12-25 11:37:03 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2009-12-25 11:37:03 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2009-12-25 11:37:01 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2009-12-25 11:37:01 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2009-12-25 11:37:01 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2009-12-25 11:37:01 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2009-12-25 11:37:01 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2009-12-25 11:37:01 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2009-12-25 11:37:01 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2009-12-25 11:37:00 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2009-12-25 11:37:00 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2009-12-25 11:37:00 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2009-12-25 11:37:00 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2009-12-25 11:37:00 ----RA---- C:\WINDOWS\system32\kbdest.dll
2009-12-25 11:36:59 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2009-12-25 11:36:59 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2009-12-25 11:36:59 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2009-12-25 11:36:59 ----RA---- C:\WINDOWS\system32\kbdro.dll
2009-12-25 11:36:59 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2009-12-25 11:36:59 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2009-12-25 11:36:59 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2009-12-25 11:36:59 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2009-12-25 11:36:59 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2009-12-25 11:36:59 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2009-12-25 11:36:59 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2009-12-25 11:36:59 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2009-12-25 11:36:59 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2009-12-25 11:36:57 ----A---- C:\WINDOWS\system32\irclass.dll
2009-12-25 11:36:57 ----A---- C:\WINDOWS\system32\dgsetup.dll
2009-12-25 11:36:57 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2009-12-25 11:36:56 ----A---- C:\WINDOWS\system32\spxcoins.dll
2009-12-25 11:36:56 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2009-12-25 11:36:55 ----A---- C:\WINDOWS\TASKMAN.EXE
2009-12-25 11:36:55 ----A---- C:\WINDOWS\system32\batt.dll
2009-12-25 11:36:54 ----A---- C:\WINDOWS\system32\storprop.dll
2009-12-25 11:36:54 ----A---- C:\WINDOWS\notepad.exe
2009-12-25 11:36:47 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2009-12-25 11:36:38 ----D---- C:\WINDOWS\system32\CatRoot2
2009-12-25 11:36:38 ----D---- C:\WINDOWS\system32\CatRoot
2009-12-25 11:36:33 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-12-25 11:36:16 ----A---- C:\WINDOWS\setuplog.txt
2009-12-25 11:36:13 ----SHD---- C:\System Volume Information
2009-12-25 11:36:13 ----D---- C:\Documents and Settings
2009-12-25 11:35:18 ----RASH---- C:\boot.ini
2009-12-25 11:30:16 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-12-25 11:30:16 ----RSD---- C:\WINDOWS\Fonts
2009-12-25 11:30:16 ----RD---- C:\WINDOWS\Web
2009-12-25 11:30:16 ----HD---- C:\WINDOWS\inf
2009-12-25 11:30:16 ----D---- C:\WINDOWS\WinSxS
2009-12-25 11:30:16 ----D---- C:\WINDOWS\twain_32
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\wins
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\wbem
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\usmt
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\spool
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\ShellExt
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\Setup
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\ras
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\oobe
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\npp
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\mui
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\inetsrv
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\IME
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\icsxml
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\ias
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\export
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\drivers
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\dhcp
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\config
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\3com_dmi
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\3076
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\2052
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\1054
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\1042
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\1041
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\1037
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\1033
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\1031
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\1028
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32\1025
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system32
2009-12-25 11:30:16 ----D---- C:\WINDOWS\system
2009-12-25 11:30:16 ----D---- C:\WINDOWS\security
2009-12-25 11:30:16 ----D---- C:\WINDOWS\Resources
2009-12-25 11:30:16 ----D---- C:\WINDOWS\repair
2009-12-25 11:30:16 ----D---- C:\WINDOWS\Provisioning
2009-12-25 11:30:16 ----D---- C:\WINDOWS\PeerNet
2009-12-25 11:30:16 ----D---- C:\WINDOWS\pchealth
2009-12-25 11:30:16 ----D---- C:\WINDOWS\mui
2009-12-25 11:30:16 ----D---- C:\WINDOWS\msapps
2009-12-25 11:30:16 ----D---- C:\WINDOWS\msagent
2009-12-25 11:30:16 ----D---- C:\WINDOWS\Media
2009-12-25 11:30:16 ----D---- C:\WINDOWS\java
2009-12-25 11:30:16 ----D---- C:\WINDOWS\ime
2009-12-25 11:30:16 ----D---- C:\WINDOWS\Help
2009-12-25 11:30:16 ----D---- C:\WINDOWS\Driver Cache
2009-12-25 11:30:16 ----D---- C:\WINDOWS\Debug
2009-12-25 11:30:16 ----D---- C:\WINDOWS\Cursors
2009-12-25 11:30:16 ----D---- C:\WINDOWS\Connection Wizard
2009-12-25 11:30:16 ----D---- C:\WINDOWS\Config
2009-12-25 11:30:16 ----D---- C:\WINDOWS\AppPatch
2009-12-25 11:30:16 ----D---- C:\WINDOWS\addins
2009-12-25 11:30:16 ----D---- C:\WINDOWS

======List of files/folders modified in the last 1 months======

2010-01-18 20:00:13 ----A---- C:\WINDOWS\win.ini
2010-01-18 20:00:13 ----A---- C:\WINDOWS\system.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 36864]
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2010-01-07 333192]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2010-01-07 28424]
R1 AvgTdiX;AVG Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2010-01-07 360584]
R1 BIOS;BIOS; \??\C:\WINDOWS\system32\drivers\BIOS.sys []
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2009-02-17 24232]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-09-29 3565056]
R3 Avgfwdx;Avgfwdx; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2010-01-07 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver; \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys []
R3 AVGIDSFilterxpx;AVG9IDSFilter; \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys []
R3 AVGIDSShimxpx;AVG9IDSShim; \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys []
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2005-01-10 138752]
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2005-06-22 43008]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2005-01-10 106496]
R3 P17;SB Live! 24-bit; C:\WINDOWS\system32\drivers\P17.sys [2007-06-15 1127936]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 VClone;VClone; C:\WINDOWS\system32\DRIVERS\VClone.sys [2009-05-22 29696]
R3 ZSMC211;ZSMC USB PC Camera (ZS211); C:\WINDOWS\System32\Drivers\ZS211.sys [2007-06-13 1469312]
S3 Avgfwfd;AVG network filter service; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2010-01-07 30104]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-09-29 602112]
R2 avg9emc;AVG E-mail Scanner; C:\Program Files\AVG\AVG9\avgemc.exe [2010-01-07 906520]
R2 avg9wd;AVG WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-01-07 285392]
R2 avgfws9;AVG Firewall; C:\Program Files\AVG\AVG9\avgfws9.exe [2010-01-17 2304192]
R2 AVGIDSAgent;AVG9IDSAgent; C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2010-01-07 5832712]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-09-29 593920]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-11 135664]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
S3 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-09-23 935208]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe []
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------


Scan Disk log
The type of the file system is NTFS.

WARNING! F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
CHKDSK is verifying indexes (stage 2 of 3)...
CHKDSK is recovering lost files.
Recovering orphaned file tmp.edb (8396) into directory file 9552.
Recovering orphaned file 9246E1~1.TMP (10224) into directory file 72.
Recovering orphaned file 9246e19a-bf90-419f-b370-791318bd21a9.tmp (10224) into directory file 72.
Recovering orphaned file EACF94~1.TMP (10257) into directory file 72.
Recovering orphaned file eacf9493-a092-403a-8ed8-57338af4d96e.tmp (10257) into directory file 72.
CHKDSK is verifying security descriptors (stage 3 of 3)...
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
Correcting errors in the master file table's (MFT) BITMAP attribute.
Correcting errors in the Volume Bitmap.
Windows found problems with the file system.
Run CHKDSK with the /F (fix) option to correct these.

80405293 KB total disk space.
20010240 KB in 49474 files.
17064 KB in 5667 indexes.
0 KB in bad sectors.
148205 KB in use by the system.
65536 KB occupied by the log file.
60229784 KB available on disk.

4096 bytes in each allocation unit.
20101323 total allocation units on disk.
15057446 allocation units available on disk.


Gary~
PapaBear
Regular Member
 
Posts: 29
Joined: January 7th, 2010, 12:00 pm
Location: North Dakota

Re: Internet Security 2010-malware

Unread postby Dakeyras » January 21st, 2010, 1:58 pm

Hi. :)

Please download ATF Cleaner to your desktop.

  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Hard-Drive Maintenance/Repair:

Note: for the CHKDSK portion you may refer to this tutorial of mine here and follow the instructions for Graphical Mode if you so wish.

  • Click Start >> Run... then type in CMD and click on OK.
  • At the Command Prompt C:\ > type the following:
  • CD C:\ and hit the Enter/Return key.
  • Now type in DEFRAG C: -F
  • A Analysis report will be displayed and then Windows will start the Defragmention run automatically.
  • This may take some time, when completed the Command Prompt C:\ > will appear.
  • Now type in CHKDSK C: /R and hit the Enter/Return key.
  • When prompted with:
CHKDSK cannot run because the volume is in use by another process
Would you like to schedule this volume to be checked next time the system
restarts (Y/N)
  • Hit the Y key then at the Command Prompt C:\ >
  • Type in EXIT and and hit the Enter/Return key.
  • Now Reboot(Restart) your computer.

Note: Upon Reboot(Restart) the CHKDSK(check-disk) will start and carry out the repairs required.

You should see a screen like this just after the Post(power on self test) screen:

Image

Note: Do not touch either the keyboard or Mouse, otherwise the Check-Disk will be cancelled and you computer will continue to boot-up as normal.

Run Kaspersky Online AV Scanner:

Go to this Kaspersky website and perform an online antivirus scan.

Note: You can ese either Internet Explorer or Mozilla Firefox for this scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.

This online tuturial will help explain how to use the aforementioned online scan.

When completed the above, please post back the following:

  • How is your computer performing now? Any problems encountered and or any further symptoms?
  • Kaspersky report.
  • A new HijackThis Log.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Internet Security 2010-malware

Unread postby PapaBear » January 23rd, 2010, 12:07 am

Ok, again I can not comment at this time about performance. I did forget to mention that during one of the scans my AVG poped up a warning and it did it again tonight during the Kaspersky scan. It said the name was Trojan horse injector.HK and that I'm sure was the same warning it gave me during the other scan. I told AVG to ignore it. Should I have done that?

Kaspersky log
KASPERSKY ONLINE SCANNER 7.0: scan report
Friday, January 22, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Saturday, January 23, 2010 01:14:37
Records in database: 3360178
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
F:\

Scan statistics:
Objects scanned: 51018
Threats found: 3
Infected objects found: 3
Suspicious objects found: 0
Scan duration: 01:00:19


File name / Threat / Threats count
C:\Documents and Settings\Gary S. Priest\DoctorWeb\Quarantine\Trial.Nero.9.4.26.0.EXE Infected: Trojan.Win32.Buzus.cvqt 1
C:\Documents and Settings\Gary S. Priest\My Documents\MyDownloads\firefoxsetup.exe Infected: not-a-virus:AdWare.Win32.HotBar.da 1
C:\Qoobox\Quarantine\C\Documents and Settings\Gary S. Priest\Local Settings\Application Data\{043824D6-D722-4575-B8C8-67F42C848810}\chrome\content\overlay.xul.vir Infected: Trojan.JS.Gord.a 1

Selected area has been scanned.


HijackThis Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:00:31 PM, on 1/22/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe (file missing)

--
End of file - 4878 bytes



Gary~
PapaBear
Regular Member
 
Posts: 29
Joined: January 7th, 2010, 12:00 pm
Location: North Dakota

Re: Internet Security 2010-malware

Unread postby Dakeyras » January 23rd, 2010, 8:04 am

Hi. :)

I did forget to mention that during one of the scans my AVG poped up a warning and it did it again tonight during the Kaspersky scan. It said the name was Trojan horse injector.HK and that I'm sure was the same warning it gave me during the other scan. I told AVG to ignore it. Should I have done that?
That is fine, it is merely detecting the ComboFix Quarantine folder. Which will be removed when we uninstall Combofix in due course.

Next:

  • Double-click OTM to start the program.
  • Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + B (or, after highlighting, right-click and choose Copy):
Code: Select all
:Processes

:Files
C:\Documents and Settings\Gary S. Priest\DoctorWeb\Quarantine\Trial.Nero.9.4.26.0.EXE
C:\Documents and Settings\Gary S. Priest\My Documents\MyDownloads\firefoxsetup.exe 

:Commands
[EmptyTemp]
[Start Explorer]
[Reboot]
  • Return to OTM, right-click in the "Paste instructions for items to be moved" window (under the yellow bar) and choose Paste
  • Then click the red MoveIt! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of it and pressing CTRL + C (or, after highlighting, right-click and choose Copy), and paste it into your next response.
  • If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
  • Close OTM.

When completed the above, please post back the following:

  • OTM Log.
  • Let myself know if any further issues?
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Internet Security 2010-malware

Unread postby PapaBear » January 23rd, 2010, 9:06 pm

As far as performance is concerned. The only difference I can see is its taking a lot longer to shut down and reboot.

And I do have a question. If I uninstalled and deleted the Nero, why dose it keep showing up in these scans?


OTM Log
All processes killed
========== PROCESSES ==========
========== FILES ==========
File/Folder C:\Documents and Settings\Gary S. Priest\DoctorWeb\Quarantine\Trial.Nero.9.4.26.0.EXE not found.
File/Folder C:\Documents and Settings\Gary S. Priest\My Documents\MyDownloads\firefoxsetup.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Gary S. Priest
->Temp folder emptied: 91737700 bytes
->Temporary Internet Files folder emptied: 272030 bytes
->Java cache emptied: 128013 bytes
->FireFox cache emptied: 39894856 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 87491 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 126.00 mb


OTM by OldTimer - Version 3.1.6.0 log created on 01232010_190236

Files moved on Reboot...

Registry entries deleted on Reboot...



Gary~
PapaBear
Regular Member
 
Posts: 29
Joined: January 7th, 2010, 12:00 pm
Location: North Dakota

Re: Internet Security 2010-malware

Unread postby Dakeyras » January 24th, 2010, 7:11 am

Hi. :)

As far as performance is concerned. The only difference I can see is its taking a lot longer to shut down and reboot.
Hmmm OK, this I think is worth a further check.

And I do have a question. If I uninstalled and deleted the Nero, why dose it keep showing up in these scans?
What was flagged by the online scan pertains to comprimised installer executables. As for Nero this is indication portions of the software have been left behind after uninstallation:-

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe (file missing)

Next:

Please download OTL and save it to your Desktop.

  • Double-click on OTL.exe to start the application.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

When completed the above, please post back the following in the order asked for:

  • How is you computer performing now, any further symptoms and or problems encountered?
  • Both OTL logs. <-- Post them individually please, IE: one Log per post/reply.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Internet Security 2010-malware

Unread postby PapaBear » January 24th, 2010, 11:35 am

While the OTL scanner was running AVG poped up that Trojan injector warning again. Haven't restarted yet.
Also, the OTL .txt is too long for 1 post. I split it into 2 posts and indicated "Part 1" and "Part 2".

OTL Extra txt
OTL Extras logfile created on: 1/24/2010 9:25:16 AM - Run 1
OTL by OldTimer - Version 3.1.26.0 Folder = C:\Documents and Settings\Gary S. Priest\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 35.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.68 Gb Total Space | 57.04 Gb Free Space | 74.39% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: REX
Current User Name: Gary S. Priest
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1547161642-706699826-839522115-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"Windows Service Host" = C:\Documents and Settings\Gary S. Priest\Application Data\svhost.exe -- File not found
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox -- (Mozilla Corporation)
"C:\Program Files\AVG\AVG9\avgam.exe" = C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgdiagex.exe" = C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{06053AB3-B607-B752-3252-4A2EA9E9761E}" = CCC Help Dutch
"{0B4A8658-43F1-50CA-AF30-C67E3AE2C9ED}" = CCC Help Greek
"{0CC61470-D776-2353-D5CB-C7BC20204863}" = CCC Help Finnish
"{12655AB3-9285-A2F0-5BBC-C5C45E4D718C}" = CCC Help Czech
"{1FF713E1-FE5E-4AD0-9C8C-B2E877846B45}" = Catalyst Control Center - Branding
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{24700C01-3A72-29D4-001B-6EE6BF71EB5E}" = CCC Help Korean
"{26262388-95BF-58B0-CD46-A8F957BB67BF}" = Catalyst Control Center Graphics Full Existing
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 17
"{329376FB-FB6C-C587-F483-07E3418456F5}" = ccc-utility
"{33A38A8B-9E1E-BCBB-EA87-CE797EC75080}" = CCC Help Chinese Traditional
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
"{369EEB32-64D1-F22A-1B2C-A3E81582E767}" = CCC Help Japanese
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39833F1F-E56B-4A2C-93F1-E5F6C1D7C107}" = Conquer 2.0
"{3FCD8F30-057D-C96F-AEF4-B0D77DE9730C}" = CCC Help Portuguese
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{44D02D8B-FFB3-4245-8D26-68D10B4C4023}" = ZSMC USB PC Camera (ZS211)
"{46605BDE-7F82-DB0F-7906-3279A7E639BE}" = Catalyst Control Center Localization All
"{480A8E00-D808-7D79-977B-CEBBB3BEB409}" = CCC Help French
"{48C7FD10-D6AD-8EE0-2E8E-0480C4EEB1BD}" = Catalyst Control Center HydraVision Full
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5CA7ABC3-5F89-3A1D-A113-046EA4C7FCEB}" = ccc-core-static
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{6F77AD48-BA04-F868-2D04-FC1BFF5E00BA}" = Catalyst Control Center Graphics Light
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{788907C5-C83B-9785-A1F0-67050017324E}" = CCC Help Spanish
"{7F5F1767-88C6-CBFC-5DD3-D853343FD5AE}" = CCC Help German
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84DE3702-3262-BE38-27E8-5ED423D803C6}" = CCC Help Chinese Standard
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{95053B5A-42E0-830E-85BD-733FAFC28BA7}" = ccc-core-preinstall
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B40D533-4F38-893D-EE5A-17226104BBC2}" = Skins
"{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap
"{A08CB73B-5DEA-185D-5D98-2230004D75ED}" = CCC Help Danish
"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor
"{A22D91C3-E7BD-CBEE-7CDC-DE4C42FA27B7}" = CCC Help Hungarian
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AD0DD974-ADC2-8C10-DFA6-C1203A6E5106}" = CCC Help Polish
"{B014F739-B305-5319-D996-6612BD60ED74}" = CCC Help Swedish
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C084BC61-E537-11DE-8616-005056806466}" = Google Earth
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C570CAF4-D734-5412-C842-9AB150803074}" = Catalyst Control Center Core Implementation
"{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax
"{cc79ce6c-8b67-4ed5-95a8-5ac073563a84}" = Nero MediaHome 4
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D01F5B2C-2776-6C46-441C-E819C08DF4FF}" = CCC Help Turkish
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D2FCA53F-F568-D08A-458F-F7C9769A30ED}" = CCC Help Norwegian
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D89B70AB-CF91-36A4-8658-FACA3AF6A654}" = Catalyst Control Center Graphics Previews Common
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{DF1274DC-02D4-B2D7-6197-5D24E1EF84B1}" = CCC Help Thai
"{E000D42E-5842-20A6-EEB1-6DED8C2746C5}" = CCC Help Italian
"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
"{E7679B31-21F5-4AAE-1620-0DFACF702325}" = Catalyst Control Center Graphics Full New
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{f411def1-da18-4e2a-a50d-3bddcc86cbb7}" = Nero 9
"{F83491F9-7CDF-46A7-9994-9E002CE5CE75}" = CCC Help Russian
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FDE409B1-1FF3-DC39-083E-C0F4ED496D5E}" = CCC Help English
"{FFFF6D5C-E2F1-4B40-BC89-8923312E89EB}}_is1" = ACE Mega CoDecS Pack
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"AVG9Uninstall" = AVG 9.0
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Device Control" = Device Control
"EAXSet" = Creative EAX Settings
"ERUNT_is1" = ERUNT 1.1j
"Google Chrome" = Google Chrome
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"SPEAKER" = Creative Speaker Settings
"VirtualCloneDrive" = VirtualCloneDrive
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast Ethernet Adapter
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = Gimp 2.6.2 Debug
"WinRAR archiver" = WinRAR archiver
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1547161642-706699826-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Application Detect

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/30/2009 7:09:16 PM | Computer Name = REX | Source = Application Error | ID = 1000
Description = Faulting application conquer.exe, version 2009.105.0.124, faulting
module conquer.exe, version 2009.105.0.124, fault address 0x001a4474.

Error - 12/30/2009 8:51:28 PM | Computer Name = REX | Source = Application Error | ID = 1000
Description = Faulting application mrt.exe, version 3.2.3202.0, faulting module
mrt.exe, version 3.2.3202.0, fault address 0x0002885f.

Error - 12/30/2009 8:51:36 PM | Computer Name = REX | Source = Application Error | ID = 1001
Description = Fault bucket 1595407939.

Error - 12/30/2009 8:54:59 PM | Computer Name = REX | Source = Application Error | ID = 1000
Description = Faulting application mrt.exe, version 3.2.3202.0, faulting module
mrt.exe, version 3.2.3202.0, fault address 0x0002885f.

Error - 12/30/2009 8:55:05 PM | Computer Name = REX | Source = Application Error | ID = 1001
Description = Fault bucket 1595407939.

Error - 1/1/2010 4:22:24 PM | Computer Name = REX | Source = MsiInstaller | ID = 11722
Description = Product: Windows XP Professional -- Error 1722. There is a problem
with this Windows Installer package. A program run as part of the setup did not
finish as expected. Contact your support personnel or package vendor. Action RunSetupImmediate,
location: G:\I386\winnt32.exe, command: /unattend /batch /#Q

Error - 1/2/2010 6:39:30 PM | Computer Name = REX | Source = Application Hang | ID = 1002
Description = Hanging application Conquer.exe, version 2009.105.0.124, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/7/2010 9:47:51 PM | Computer Name = REX | Source = Application Error | ID = 1000
Description = Faulting application conquer.exe, version 2009.105.0.124, faulting
module c3_core_dll.dll, version 0.0.0.0, fault address 0x0000229a.

Error - 1/7/2010 9:48:01 PM | Computer Name = REX | Source = Application Error | ID = 1000
Description = Faulting application conquer.exe, version 2009.105.0.124, faulting
module conquer.exe, version 2009.105.0.124, fault address 0x001ae37d.

Error - 1/10/2010 8:41:57 AM | Computer Name = REX | Source = Application Error | ID = 1000
Description = Faulting application conquer.exe, version 2009.105.0.124, faulting
module conquer.exe, version 2009.105.0.124, fault address 0x001ef859.

[ System Events ]
Error - 1/21/2010 12:46:16 PM | Computer Name = REX | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/21/2010 12:46:16 PM | Computer Name = REX | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/21/2010 12:46:16 PM | Computer Name = REX | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/21/2010 12:46:17 PM | Computer Name = REX | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/21/2010 12:46:17 PM | Computer Name = REX | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/21/2010 12:46:17 PM | Computer Name = REX | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/21/2010 12:46:17 PM | Computer Name = REX | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/21/2010 12:46:17 PM | Computer Name = REX | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/21/2010 12:46:17 PM | Computer Name = REX | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/21/2010 12:46:17 PM | Computer Name = REX | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126


< End of report >
Last edited by PapaBear on January 24th, 2010, 11:41 am, edited 2 times in total.
PapaBear
Regular Member
 
Posts: 29
Joined: January 7th, 2010, 12:00 pm
Location: North Dakota
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 52 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware