My PC has been hijacked! Please help.

View previous topic View next topic Go down

My PC has been hijacked! Please help.

Post by xs11ax on Mon Mar 29, 2010 11:01 am

Hi

I found you guys through google. Im badly in need of some help. My PC has been hijacked.

When doing a Google search the Google page looks all funny sometimes. Like its covered in html tags. When clicking on a link on Google, i get directed to a completely different site. i have to go back and click the same link a few times before i can get to my desired web page. My Digg page is covered by ads that say clicksor on them. Every now and again my browser opens up on a random advertising web page.

I have tried Spybot, AVG, Adaware, Panda Scan, Trend Micro but have had no luck.

This is my HijackThis log.....


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:56:47, on 29/03/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18385)
Boot mode: Normal

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe
C:\Program Files\SiS VGA Utilities\SiSTray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TouchPadHotKey] C:\Program Files\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe
O4 - HKLM\..\Run: [SiSTray] %ProgramFiles%\SiS VGA Utilities\SiSTray.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [TOY5KNQ8OC] C:\Users\xs11ax\AppData\Local\Temp\Bg3.exe
O4 - HKCU\..\Run: [RTHDBPL] C:\Users\xs11ax\AppData\Roaming\SystemProc\lsass.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - [You must be registered and logged in to see this link.]
O16 - DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} (CheckersZPA Object) - [You must be registered and logged in to see this link.]
O17 - HKLM\System\CCS\Services\Tcpip\..\{83CFDBAD-9E72-4802-9521-E4193CD4CA6B}: NameServer = 93.188.163.117,93.188.161.65
O17 - HKLM\System\CCS\Services\Tcpip\..\{ACE32156-2199-4A74-B4FC-4914D4363B7A}: NameServer = 93.188.163.117,93.188.161.65
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.163.117,93.188.161.65
O17 - HKLM\System\CS1\Services\Tcpip\..\{83CFDBAD-9E72-4802-9521-E4193CD4CA6B}: NameServer = 93.188.163.117,93.188.161.65
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 93.188.163.117,93.188.161.65
O17 - HKLM\System\CS2\Services\Tcpip\..\{83CFDBAD-9E72-4802-9521-E4193CD4CA6B}: NameServer = 93.188.163.117,93.188.161.65
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.163.117,93.188.161.65
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 6732 bytes



i appreciate any help.

cheers.

xs11ax
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-03-29
OS OS : windows vista
Points Points : 24668
# Likes # Likes : 0

View user profile

Back to top Go down

Re: My PC has been hijacked! Please help.

Post by Dr Jay on Mon Mar 29, 2010 11:32 am

Please visit this webpage for a tutorial on downloading and running ComboFix:

[You must be registered and logged in to see this link.]

See the area: Using ComboFix, and when done, post the log back here.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13753
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302235
# Likes # Likes : 10

View user profile

Back to top Go down

Re: My PC has been hijacked! Please help.

Post by xs11ax on Mon Mar 29, 2010 5:18 pm

hi jay

i did as you said.

but when i tried to run combofix all i got was the loading bar in the middle of my screen. once it was loaded that disapeared and nothing else happened after that even though i waited 10 mins.

i tried running it 2 or 3 times but each time it would not work.

xs11ax
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-03-29
OS OS : windows vista
Points Points : 24668
# Likes # Likes : 0

View user profile

Back to top Go down

Re: My PC has been hijacked! Please help.

Post by Dr Jay on Mon Mar 29, 2010 9:45 pm

Download [You must be registered and logged in to see this link.] to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.exe /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %SYSTEMDRIVE%\*.*
    %PROGRAMFILES%\*.
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    /md5stop
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs


  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time



Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13753
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302235
# Likes # Likes : 10

View user profile

Back to top Go down

Re: My PC has been hijacked! Please help.

Post by xs11ax on Tue Mar 30, 2010 5:08 am

OTL logfile created on: 30/03/2010 09:55:18 - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\xs11ax\Desktop
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 65.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 78.83 Gb Free Space | 52.89% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SUPER-PC
Current User Name: xs11ax
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/30 09:50:22 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\xs11ax\Desktop\OTL.exe
PRC - [2010/03/17 11:00:38 | 002,059,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/03/17 11:00:34 | 000,617,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/03/17 11:00:34 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/03/17 11:00:31 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/03/17 10:59:46 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/03/17 10:59:45 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/03/17 10:59:44 | 001,086,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/06/12 12:34:16 | 001,414,144 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
PRC - [2009/06/02 10:10:08 | 000,637,952 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2009/05/28 13:45:00 | 000,132,096 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2009/04/28 23:06:35 | 000,386,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe
PRC - [2009/03/30 10:11:14 | 000,120,320 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2009/03/05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/09/18 13:09:04 | 000,552,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\Program Files\SiS VGA Utilities\SiSTray.exe
PRC - [2007/08/13 22:47:38 | 000,364,544 | ---- | M] () -- C:\Program Files\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe
PRC - [2007/08/10 04:26:42 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006/05/16 20:58:18 | 000,213,936 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe


========== Modules (SafeList) ==========

MOD - [2010/03/30 09:50:22 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\xs11ax\Desktop\OTL.exe
MOD - [2008/01/21 03:33:14 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/03/17 11:00:31 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/17 10:59:46 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/03/12 21:47:47 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/09/21 19:30:15 | 001,028,432 | ---- | M] (Lavasoft) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/06/02 10:10:08 | 000,637,952 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/01/21 03:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2010/03/17 11:00:36 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/03/17 11:00:34 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/17 10:59:45 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/09/15 21:04:58 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2009/06/30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2009/04/21 19:29:19 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/02/09 08:37:56 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009/02/09 08:37:48 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009/02/09 08:37:46 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009/02/09 08:37:46 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/04/24 06:28:05 | 000,021,560 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\drivers\atapi.sys -- (atapi)
DRV - [2008/01/21 03:32:53 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/21 03:32:53 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/21 03:32:52 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/21 03:32:52 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/21 03:32:52 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/21 03:32:52 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/21 03:32:51 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/21 03:32:51 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/21 03:32:50 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/21 03:32:50 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/21 03:32:50 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/21 03:32:49 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/21 03:32:49 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/21 03:32:49 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/21 03:32:49 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/21 03:32:49 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/21 03:32:48 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/21 03:32:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/21 03:32:47 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/21 03:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/21 03:32:46 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/21 03:32:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/21 03:32:21 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/21 03:32:21 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/21 03:32:21 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/12/19 18:45:00 | 000,170,000 | ---- | M] (AMD Technologies Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ahcix86s.sys -- (ahcix86s)
DRV - [2007/10/31 11:23:00 | 000,124,960 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2007/10/31 11:23:00 | 000,115,744 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007/09/29 13:30:52 | 000,065,024 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\jraid.sys -- (JRAID)
DRV - [2007/09/18 13:09:36 | 000,452,968 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SISGRKMD.sys -- (SiS6350)
DRV - [2007/08/10 22:49:16 | 001,941,848 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/07/30 02:00:56 | 000,014,168 | ---- | M] (Zeal SoftStudio) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\zntport.sys -- (zntport)
DRV - [2007/07/04 19:04:54 | 000,047,616 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SiSGB6.sys -- (SiSGbeLH)
DRV - [2007/06/19 21:04:48 | 000,737,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/05/11 04:48:56 | 000,187,320 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/01/25 02:08:06 | 000,056,184 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2006/11/02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.783
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.3.3
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20091209.4
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0.0.712
FF - prefs.js..extensions.enabledItems: {4D144BC3-23FB-47de-90C5-63CCB0139CCF}:1.0

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/03/18 10:55:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/07/08 14:14:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/03 18:11:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/20 22:11:06 | 000,000,000 | ---D | M]

[2009/03/10 14:31:38 | 000,000,000 | ---D | M] -- C:\Users\xs11ax\AppData\Roaming\Mozilla\Extensions
[2010/03/29 18:42:31 | 000,000,000 | ---D | M] -- C:\Users\xs11ax\AppData\Roaming\Mozilla\Firefox\Profiles\1iqf1tr3.default\extensions
[2009/09/03 00:35:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\xs11ax\AppData\Roaming\Mozilla\Firefox\Profiles\1iqf1tr3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/12/04 10:48:32 | 000,000,000 | ---D | M] (TradeManager-Plugin) -- C:\Users\xs11ax\AppData\Roaming\Mozilla\Firefox\Profiles\1iqf1tr3.default\extensions\{4D144BC3-23FB-47de-90C5-63CCB0139CCF}
[2010/02/10 12:57:29 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\xs11ax\AppData\Roaming\Mozilla\Firefox\Profiles\1iqf1tr3.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/03/15 23:00:29 | 000,000,000 | ---D | M] -- C:\Users\xs11ax\AppData\Roaming\Mozilla\Firefox\Profiles\1iqf1tr3.default\extensions\firebug@software.joehewitt.com
[2010/03/29 18:42:31 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/02/22 20:35:13 | 000,000,000 | ---D | M] (Internal security) -- C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}
[2009/09/16 01:48:04 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\staff@hide-my-ip.com
[2010/01/17 23:29:36 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/01/17 23:29:36 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/01/17 23:29:36 | 000,000,759 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/01/17 23:29:37 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SiSTray] C:\Program Files\SiS VGA Utilities\SiSTray.exe (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [TouchPadHotKey] C:\Program Files\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKCU..\Run: [RTHDBPL] C:\Users\xs11ax\AppData\Roaming\SystemProc\lsass.exe File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [TOY5KNQ8OC] C:\Users\xs11ax\AppData\Local\Temp\Bg3.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} [You must be registered and logged in to see this link.] (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O16 - DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} [You must be registered and logged in to see this link.] (CheckersZPA Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.163.117,93.188.161.65
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\xs11ax\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\xs11ax\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/01/21 03:46:39 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpFolder: C:^Users^xs11ax^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^GameEx.lnk - C:\Users\xs11ax\Desktop\MASTER COPY Mame Central\Program Files Gamex\GameEx\GameEx.exe - (Spesoft Ltd)
MsConfig - State: "startup" - 2

SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 30 Days ==========

[2010/03/30 09:50:19 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Users\xs11ax\Desktop\OTL.exe
[2010/03/29 21:52:35 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/03/29 15:25:46 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/03/17 11:00:34 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/03/15 12:30:08 | 000,000,000 | ---D | C] -- C:\Users\xs11ax\Desktop\images
[2010/03/12 22:27:49 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2010/03/12 21:58:37 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/03/12 21:47:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/30 09:56:17 | 001,835,008 | -HS- | M] () -- C:\Users\xs11ax\NTUSER.DAT
[2010/03/30 09:50:22 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\xs11ax\Desktop\OTL.exe
[2010/03/30 09:47:01 | 000,000,290 | -H-- | M] () -- C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2010/03/30 09:41:12 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/03/30 09:41:12 | 000,600,378 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/03/30 09:41:12 | 000,105,852 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/03/30 09:39:37 | 058,222,658 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/03/30 09:36:12 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/30 09:36:12 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/30 09:36:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/30 09:35:59 | 000,000,242 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/03/30 09:35:41 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/30 09:35:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/30 09:35:28 | 1876,082,688 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/30 01:28:24 | 000,524,288 | -HS- | M] () -- C:\Users\xs11ax\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms
[2010/03/30 01:28:24 | 000,065,536 | -HS- | M] () -- C:\Users\xs11ax\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf
[2010/03/30 01:28:17 | 001,655,158 | -H-- | M] () -- C:\Users\xs11ax\AppData\Local\IconCache.db
[2010/03/30 01:10:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/29 20:31:12 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{882935C0-6055-4445-AA55-F48054CB6E51}.job
[2010/03/29 19:29:03 | 000,000,472 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/03/29 17:27:49 | 003,905,577 | ---- | M] () -- C:\Users\xs11ax\Desktop\ComboFix.exe
[2010/03/29 15:25:47 | 000,001,874 | ---- | M] () -- C:\Users\xs11ax\Desktop\HijackThis.lnk
[2010/03/26 12:38:44 | 000,000,000 | ---- | M] () -- C:\Users\xs11ax\AppData\Local\prvlcl.dat
[2010/03/26 00:27:26 | 000,000,884 | ---- | M] () -- C:\Users\xs11ax\Desktop\csstest.html
[2010/03/25 23:35:41 | 000,006,454 | ---- | M] () -- C:\Users\xs11ax\Desktop\index - Copy.html
[2010/03/23 18:07:44 | 000,041,942 | ---- | M] () -- C:\Users\xs11ax\Desktop\myhouse.jpg
[2010/03/22 23:55:33 | 000,002,990 | ---- | M] () -- C:\Users\xs11ax\Desktop\drop down menu.html
[2010/03/22 23:51:20 | 000,001,433 | ---- | M] () -- C:\Users\xs11ax\Desktop\position test.html
[2010/03/18 16:02:14 | 000,023,040 | ---- | M] () -- C:\Users\xs11ax\Desktop\Euro_Sunni.xlsm.xls
[2010/03/18 16:01:51 | 000,009,790 | ---- | M] () -- C:\Users\xs11ax\Desktop\Euro_Sunni.xlsm.xlsm
[2010/03/17 11:00:36 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/03/17 11:00:34 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/03/17 11:00:34 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/03/17 10:59:45 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/03/16 19:11:02 | 000,003,644 | ---- | M] () -- C:\Users\xs11ax\Desktop\index.html
[2010/03/13 16:35:58 | 000,001,002 | ---- | M] () -- C:\Users\xs11ax\Desktop\Adobe Photoshop CS3.lnk
[2010/03/13 03:36:58 | 001,570,544 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/03/12 22:39:52 | 000,048,600 | ---- | M] () -- C:\Users\xs11ax\AppData\Local\GDIPFONTCACHEV1.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/29 17:27:00 | 003,905,577 | ---- | C] () -- C:\Users\xs11ax\Desktop\ComboFix.exe
[2010/03/29 15:25:47 | 000,001,874 | ---- | C] () -- C:\Users\xs11ax\Desktop\HijackThis.lnk
[2010/03/25 23:55:14 | 000,000,884 | ---- | C] () -- C:\Users\xs11ax\Desktop\csstest.html
[2010/03/18 16:02:15 | 000,023,040 | ---- | C] () -- C:\Users\xs11ax\Desktop\Euro_Sunni.xlsm.xls
[2010/03/18 16:01:51 | 000,009,790 | ---- | C] () -- C:\Users\xs11ax\Desktop\Euro_Sunni.xlsm.xlsm
[2010/03/17 18:49:30 | 000,041,942 | ---- | C] () -- C:\Users\xs11ax\Desktop\myhouse.jpg
[2010/03/17 16:57:00 | 000,001,433 | ---- | C] () -- C:\Users\xs11ax\Desktop\position test.html
[2010/03/17 12:38:58 | 000,006,454 | ---- | C] () -- C:\Users\xs11ax\Desktop\index - Copy.html
[2010/03/16 23:57:32 | 000,002,990 | ---- | C] () -- C:\Users\xs11ax\Desktop\drop down menu.html
[2010/03/15 12:32:44 | 000,003,644 | ---- | C] () -- C:\Users\xs11ax\Desktop\index.html
[2010/03/13 16:35:58 | 000,001,002 | ---- | C] () -- C:\Users\xs11ax\Desktop\Adobe Photoshop CS3.lnk
[2010/02/22 02:47:01 | 000,000,000 | ---- | C] () -- C:\Users\xs11ax\AppData\Local\prvlcl.dat
[2010/02/07 14:31:20 | 000,000,036 | ---- | C] () -- C:\Users\xs11ax\AppData\Local\housecall.guid.cache
[2009/03/06 23:29:36 | 000,007,168 | ---- | C] () -- C:\Users\xs11ax\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/03 20:23:57 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/01/21 03:32:21 | 000,021,560 | ---- | C] () -- C:\Windows\System32\drivers\atapi.sys
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== Custom Scans ==========


< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/01/21 03:34:26 | 000,242,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2008/01/21 03:34:22 | 000,225,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2008/04/24 06:28:05 | 000,021,560 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\atapi.sys

< %systemroot%\System32\config\*.sav >
[2008/01/21 04:31:11 | 015,716,352 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/21 04:31:01 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/21 04:31:12 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %SYSTEMDRIVE%\*.* >
[2010/03/30 09:35:27 | 000,018,812 | ---- | M] () -- C:\aaw7boot.log
[2006/09/18 22:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2008/01/21 03:34:29 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2009/03/03 19:58:30 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/03/30 09:35:28 | 1876,082,688 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/29 15:41:19 | 000,014,777 | ---- | M] () -- C:\JavaRa.log
[2009/03/06 19:45:24 | 000,001,233 | ---- | M] () -- C:\lang.txt
[2010/03/30 09:35:27 | 2189,905,920 | -HS- | M] () -- C:\pagefile.sys
[2009/03/03 20:25:56 | 000,000,426 | ---- | M] () -- C:\RHDSetup.log
[1 C:\*.tmp files -> C:\*.tmp -> ]

< %PROGRAMFILES%\*. >
[2010/03/12 21:59:50 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2010/02/19 13:37:08 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2010/03/12 21:58:37 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2010/03/12 21:47:47 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2009/07/08 14:13:52 | 000,000,000 | ---D | M] -- C:\Program Files\DIFX
[2010/02/20 22:59:43 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2010/02/03 16:52:01 | 000,000,000 | ---D | M] -- C:\Program Files\DOSBox-0.72
[2009/03/03 20:29:28 | 000,000,000 | ---D | M] -- C:\Program Files\FSC
[2009/05/17 15:38:24 | 000,000,000 | ---D | M] -- C:\Program Files\GameEx
[2010/02/14 19:39:24 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2009/05/07 12:59:05 | 000,000,000 | ---D | M] -- C:\Program Files\gs
[2009/09/16 01:55:29 | 000,000,000 | ---D | M] -- C:\Program Files\Hide My IP 2009
[2009/09/16 01:40:05 | 000,000,000 | ---D | M] -- C:\Program Files\Hotspot Shield
[2009/04/28 22:39:33 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2010/01/23 10:13:48 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/03/29 15:41:16 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2009/03/10 20:28:10 | 000,000,000 | ---D | M] -- C:\Program Files\Lavasoft
[2006/11/02 13:35:51 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2010/01/03 02:59:40 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2008/01/21 03:47:43 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/03/30 09:37:11 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2006/11/02 13:35:51 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2010/01/03 03:06:19 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2009/07/08 14:14:01 | 000,000,000 | ---D | M] -- C:\Program Files\Nokia
[2009/03/10 23:39:05 | 000,000,000 | ---D | M] -- C:\Program Files\Paltalk Messenger
[2010/02/24 10:20:47 | 000,000,000 | ---D | M] -- C:\Program Files\Panda Security
[2009/07/08 14:12:47 | 000,000,000 | ---D | M] -- C:\Program Files\PC Connectivity Solution
[2009/03/03 20:25:17 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2006/11/02 13:35:51 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2009/03/06 19:52:51 | 000,000,000 | ---D | M] -- C:\Program Files\SiS VGA Utilities
[2010/02/05 10:54:31 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2009/03/03 20:27:02 | 000,000,000 | ---D | M] -- C:\Program Files\Synaptics
[2010/02/14 20:09:09 | 000,000,000 | ---D | M] -- C:\Program Files\Telltale Games
[2010/03/29 15:25:46 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2006/11/02 13:58:18 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2008/01/21 03:47:45 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Calendar
[2008/01/21 03:47:42 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
[2008/01/21 03:47:37 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2010/02/11 14:45:26 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2009/10/28 10:08:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2006/11/02 13:35:51 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2008/01/21 03:47:42 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery
[2008/01/21 03:47:44 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2009/07/28 23:31:31 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2009/05/07 11:33:18 | 000,000,000 | ---D | M] -- C:\Program Files\WinZip


< MD5 for: AGP440.SYS >
[2008/01/21 03:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/21 03:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/21 03:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/21 03:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2001/08/17 14:58:00 | 000,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\$Recycle.Bin\S-1-5-21-4070463143-225535495-3523140438-1001\$RM0RBN0\system32\drivers\AGP440.SYS
[2006/11/02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: AHCIX86S.SYS >
[2007/12/19 18:45:00 | 000,170,000 | ---- | M] (AMD Technologies Inc.) MD5=0DEE2B628D4C6E23285BB91EFFDABFDE -- C:\Windows\System32\drivers\ahcix86s.sys
[2007/12/19 18:45:00 | 000,170,000 | ---- | M] (AMD Technologies Inc.) MD5=0DEE2B628D4C6E23285BB91EFFDABFDE -- C:\Windows\System32\DriverStore\FileRepository\ahcix86s.inf_71554ba4\ahcix86s.sys

< MD5 for: ATAPI.SYS >
[2008/04/24 06:28:05 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2008/04/24 06:28:05 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/21 03:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/21 03:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/04/24 06:28:05 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys
[2001/08/23 13:00:00 | 000,086,656 | ---- | M] (Microsoft Corporation) MD5=A64013E98426E1877CB653685C5C0009 -- C:\$Recycle.Bin\S-1-5-21-4070463143-225535495-3523140438-1001\$RM0RBN0\system32\drivers\atapi.sys
[2008/04/24 06:28:05 | 000,021,560 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: EVENTLOG.DLL >
[2001/08/23 13:00:00 | 000,047,616 | ---- | M] (Microsoft Corporation) MD5=A510B91253544D56B5712D66BE8371E9 -- C:\$Recycle.Bin\S-1-5-21-4070463143-225535495-3523140438-1001\$RM0RBN0\system32\dllcache\eventlog.dll
[2001/08/23 13:00:00 | 000,047,616 | ---- | M] (Microsoft Corporation) MD5=A510B91253544D56B5712D66BE8371E9 -- C:\$Recycle.Bin\S-1-5-21-4070463143-225535495-3523140438-1001\$RM0RBN0\system32\eventlog.dll

< MD5 for: IASTORV.SYS >
[2008/01/21 03:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/21 03:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/21 03:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/04/11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/21 03:33:41 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008/01/21 03:33:41 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
[2001/08/23 13:00:00 | 000,397,824 | ---- | M] (Microsoft Corporation) MD5=F41C1602DC79AB72035F2388FCA0255F -- C:\$Recycle.Bin\S-1-5-21-4070463143-225535495-3523140438-1001\$RM0RBN0\system32\dllcache\netlogon.dll
[2001/08/23 13:00:00 | 000,397,824 | ---- | M] (Microsoft Corporation) MD5=F41C1602DC79AB72035F2388FCA0255F -- C:\$Recycle.Bin\S-1-5-21-4070463143-225535495-3523140438-1001\$RM0RBN0\system32\netlogon.dll

< MD5 for: NVRD32.SYS >
[2007/10/31 11:23:00 | 000,124,960 | ---- | M] (NVIDIA Corporation) MD5=B8D6145D3EB05E9F81BADE9B7AFC2C80 -- C:\Windows\System32\drivers\nvrd32.sys
[2007/10/31 11:23:00 | 000,124,960 | ---- | M] (NVIDIA Corporation) MD5=B8D6145D3EB05E9F81BADE9B7AFC2C80 -- C:\Windows\System32\DriverStore\FileRepository\nvrd32.inf_04bc6797\nvrd32.sys

< MD5 for: NVSTOR.SYS >
[2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/21 03:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/21 03:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/21 03:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: NVSTOR32.SYS >
[2007/10/31 11:23:00 | 000,115,744 | ---- | M] (NVIDIA Corporation) MD5=9D2BD672C0461185D6EA1AE8BD3AE3F4 -- C:\Windows\System32\drivers\nvstor32.sys
[2007/10/31 11:23:00 | 000,115,744 | ---- | M] (NVIDIA Corporation) MD5=9D2BD672C0461185D6EA1AE8BD3AE3F4 -- C:\Windows\System32\DriverStore\FileRepository\nvrd32.inf_04bc6797\nvstor32.sys

< MD5 for: SCECLI.DLL >
[2008/01/21 03:34:39 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008/01/21 03:34:39 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2001/08/23 13:00:00 | 000,174,080 | ---- | M] (Microsoft Corporation) MD5=73968C834C316ADC7A2F07DC4B5F3665 -- C:\$Recycle.Bin\S-1-5-21-4070463143-225535495-3523140438-1001\$RM0RBN0\system32\dllcache\scecli.dll
[2001/08/23 13:00:00 | 000,174,080 | ---- | M] (Microsoft Corporation) MD5=73968C834C316ADC7A2F07DC4B5F3665 -- C:\$Recycle.Bin\S-1-5-21-4070463143-225535495-3523140438-1001\$RM0RBN0\system32\scecli.dll
[2009/04/11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-02-19 10:02:34
< End of report >

xs11ax
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-03-29
OS OS : windows vista
Points Points : 24668
# Likes # Likes : 0

View user profile

Back to top Go down

Re: My PC has been hijacked! Please help.

Post by xs11ax on Tue Mar 30, 2010 5:08 am

OTL Extras logfile created on: 30/03/2010 09:55:18 - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\xs11ax\Desktop
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 65.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 78.83 Gb Free Space | 52.89% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SUPER-PC
Current User Name: xs11ax
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{229CD101-E44B-419D-8933-E96D52BE32E2}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |
"{4C6DA029-331A-49F4-90CE-4C1BD8F9C217}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe |
"{FC8127F6-2C90-40CE-83E1-1C1D45AB8AF2}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"TCP Query User{6F253BEA-DF7B-4FBE-8E64-64511C9B4B4E}C:\program files\novalogic\delta force\df.exe" = protocol=6 | dir=in | app=c:\program files\novalogic\delta force\df.exe |
"TCP Query User{9DC426C8-C13C-4506-9C3D-C6A93EE48DA1}C:\program files\paltalk messenger\paltalk.exe" = protocol=6 | dir=in | app=c:\program files\paltalk messenger\paltalk.exe |
"TCP Query User{AB17A535-D7F2-4649-8FA0-53B0C8091905}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{F0B126F7-01E1-46F6-BE5F-3001D3E5F08C}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{FD956172-DB6D-4DF3-9422-9EEC2A84A961}C:\program files\paltalk messenger\paltalk.exe" = protocol=6 | dir=in | app=c:\program files\paltalk messenger\paltalk.exe |
"UDP Query User{020E62F2-FDB7-459D-97BE-C6E68874E9A0}C:\program files\novalogic\delta force\df.exe" = protocol=17 | dir=in | app=c:\program files\novalogic\delta force\df.exe |
"UDP Query User{420AD6A1-CD1C-477D-8862-116ED1B39A7A}C:\program files\paltalk messenger\paltalk.exe" = protocol=17 | dir=in | app=c:\program files\paltalk messenger\paltalk.exe |
"UDP Query User{B2ED5F17-F8BB-42CF-8A5A-42C791176D80}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{CE2E01AC-02E9-4F76-970E-3CAA4FCE488E}C:\program files\paltalk messenger\paltalk.exe" = protocol=17 | dir=in | app=c:\program files\paltalk messenger\paltalk.exe |
"UDP Query User{D8F976DE-EA71-40AF-BBF0-2B3DF55F508C}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{003CD4FD-DB3E-4D12-9A34-8C00FA8A680F}" = WirelessControl
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0C973594-7DDF-4BD0-84ED-3517F7622037}" = PC Connectivity Solution
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{3E789BE5-3DE0-498C-8F74-35010DACA2ED}" = Wireless LAN Driver
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{52D02A2B-03D2-4E34-A358-DC5D951FD296}" = Nokia Connectivity Cable Driver
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}" = Nokia PC Suite
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe Extendscript Toolkit 2
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DB457913-028D-460E-BB4C-D9A6369752CA}" = TouchPad HotKey Utility
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"AVG9Uninstall" = AVG Free 9.0
"HijackThis" = HijackThis 2.0.2
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Mozilla Firefox (3.0.18)" = Mozilla Firefox (3.0.18)
"Nokia PC Suite" = Nokia PC Suite
"PalTalk8.2" = PaltalkScene
"SiS VGA Utilities" = SiS VGA Utilities
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR archiver

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

xs11ax
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-03-29
OS OS : windows vista
Points Points : 24668
# Likes # Likes : 0

View user profile

Back to top Go down

Re: My PC has been hijacked! Please help.

Post by xs11ax on Tue Mar 30, 2010 5:09 am

thanks mate.

i really appreciate this.

xs11ax
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-03-29
OS OS : windows vista
Points Points : 24668
# Likes # Likes : 0

View user profile

Back to top Go down

Re: My PC has been hijacked! Please help.

Post by Dr Jay on Tue Mar 30, 2010 4:23 pm

Hi Awesome (sparkly)

Update Software
Please download the newest version of Adobe Acrobat Reader from [You must be registered and logged in to see this link.]

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.


Please download the newest version of Java from [You must be registered and logged in to see this link.].

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.


Firefox is out of date. Firefox is a very popular web browser, and if it is out of date, it is very vulnerable to security bugs, and other holes. To update it now, click Help > Check for Updates.




Scan for Malware
  • Please go to VirSCAN.org FREE on-line scan
    service

  • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:
    • C:\Users\xs11ax\AppData\Local\prvlcl.dat

  • Click on the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.





OTL fixes
Please run OTL
  • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

    :otl
    O4 - HKCU..\Run: [TOY5KNQ8OC] C:\Users\xs11ax\AppData\Local\Temp\Bg3.exe File not found
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.163.117,93.188.161.65

    :files
    C:\Windows\System32\drivers\atapi.sys|C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys /replace

    :commands
    [emptytemp]
    [reboot]


  • Then click the Run Fix button at the top.
  • Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, this is normal.
  • Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
    Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)





OTL Re-Scan
Please open OTL -- Click None and paste this in the Custom Scans box:
Code:
/md5start
logevent.dll
cngaudit.dll
*event*
/md5stop

Then click Run Scan. It shall launch a log. Please post it in your next reply.




Logs needed
Please make sure you post the following logs for my review:
  • VirScan URL
  • OTL fix log
  • OTL re-scan log

Also, let me know how your computer is running.

Thanks! Smile


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13753
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302235
# Likes # Likes : 10

View user profile

Back to top Go down

Re: My PC has been hijacked! Please help.

Post by xs11ax on Thu Apr 01, 2010 4:38 pm

VirSCAN.org Scanned Report :
Scanned time : 2010/04/01 21:19:20 (BST)
Scanner results: Scanners did not find malware!
File Name : prvlcl.dat
File Size : 565488 byte
File Type : data
MD5 : 8fe207a4d8b41979a75bebd803c6df54
SHA1 : d9212c7b5c342d2b086f0a780a365404280cd58c
Online report : [You must be registered and logged in to see this link.]

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20100402023343 2010-04-02 0.09 -
AhnLab V3 2010.04.02.00 2010.04.02 2010-04-02 0.09 -
AntiVir 8.2.1.210 7.10.6.16 2010-04-01 0.27 -
Antiy 2.0.18 20100401.4123837 2010-04-01 0.12 -
Arcavir 2009 201004011323 2010-04-01 0.02 -
Authentium 5.1.1 201004010911 2010-04-01 1.48 -
AVAST! 4.7.4 100401-0 2010-04-01 0.01 -
AVG 8.5.720 271.1.1/2783 2010-04-01 0.22 -
BitDefender 7.81008.5559750 7.31049 2010-04-01 3.57 -
ClamAV 0.95.3 10689 2010-04-01 0.04 -
Comodo 3.13.579 4464 2010-04-01 0.08 -
CP Secure 1.3.0.5 2010.04.02 2010-04-02 0.02 -
Dr.Web 5.0.2.3300 2010.04.02 2010-04-02 6.36 -
F-Prot 4.4.4.56 20100401 2010-04-01 1.26 -
F-Secure 7.02.73807 2010.04.01.13 2010-04-01 0.18 -
Fortinet 4.0.14 11.643 2010-03-31 0.08 -
GData 19.10918/19.859 20100401 2010-04-01 0.08 -
ViRobot 20100401 2010.04.01 2010-04-01 0.08 -
Ikarus T3.1.01.80 2010.04.01.75530 2010-04-01 5.46 -
JiangMin 13.0.900 2010.04.01 2010-04-01 0.08 -
Kaspersky 5.5.10 2010.04.01 2010-04-01 0.03 -
KingSoft 2009.2.5.15 2010.4.1.20 2010-04-01 0.08 -
McAfee 5.3.00 5937 2010-03-31 3.88 -
Microsoft 1.5605 2010.04.01 2010-04-01 0.08 -
Norman 6.04.10 6.04.00 2010-03-30 6.01 -
Panda 9.05.01 2010.04.01 2010-04-01 0.08 -
Trend Micro 9.120-1004 6.964.06 2010-04-01 0.02 -
Quick Heal 10.00 2010.04.01 2010-04-01 0.08 -
Rising 20.0 22.41.03.04 2010-04-01 0.08 -
Sophos 3.05.4 4.51 2010-04-02 3.91 -
Sunbelt 3.9.2412.2 6125 2010-04-01 0.08 -
Symantec 1.3.0.24 20100401.002 2010-04-01 0.06 -
nProtect 20100401.01 7881294 2010-04-01 0.08 -
The Hacker 6.5.2.0 v00250 2010-04-01 0.08 -
VBA32 3.12.12.4 20100331.2140 2010-03-31 2.78 -
VirusBuster 4.5.11.10 10.122.27/2027789 2010-04-02 2.70 -

xs11ax
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-03-29
OS OS : windows vista
Points Points : 24668
# Likes # Likes : 0

View user profile

Back to top Go down

Re: My PC has been hijacked! Please help.

Post by xs11ax on Thu Apr 01, 2010 4:40 pm

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\TOY5KNQ8OC deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\\NameServer| /E : value set successfully!
========== FILES ==========
Unable to replace file: C:\Windows\System32\drivers\atapi.sys with C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys without a reboot.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: test
->Temp folder emptied: 31832 bytes
->Temporary Internet Files folder emptied: 199737 bytes

User: xs11ax
->Temp folder emptied: 137807808 bytes
->Temporary Internet Files folder emptied: 108450797 bytes
->Java cache emptied: 45141393 bytes
->FireFox cache emptied: 13964462 bytes
->Flash cache emptied: 561148 bytes

%systemdrive% .tmp files removed: 216802707 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1015670 bytes
RecycleBin emptied: 7307449 bytes

Total Files Cleaned = 507.00 mb


OTL by OldTimer - Version 3.1.37.3 log created on 04012010_212556

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

xs11ax
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-03-29
OS OS : windows vista
Points Points : 24668
# Likes # Likes : 0

View user profile

Back to top Go down

Re: My PC has been hijacked! Please help.

Post by xs11ax on Thu Apr 01, 2010 4:47 pm

OTL logfile created on: 01/04/2010 21:42:07 - Run 2
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\xs11ax\Desktop
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 57.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 79.75 Gb Free Space | 53.50% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SUPER-PC
Current User Name: xs11ax
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Custom Scans ==========



< MD5 for: APPEVENT.EVT >
[2009/05/05 22:04:34 | 000,065,536 | ---- | M] () MD5=B4F51F3404194C537476E40812F40EB7 -- C:\$Recycle.Bin\S-1-5-21-4070463143-225535495-3523140438-1001\$RM0RBN0\system32\config\AppEvent.Evt

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: EVENT VIEWER.LNK >
[2006/11/02 13:51:27 | 000,001,714 | ---- | M] () MD5=78428695A0F74D053101141648D65D5B -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk
[2006/11/02 13:51:27 | 000,001,714 | ---- | M] () MD5=78428695A0F74D053101141648D65D5B -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk

< MD5 for: EVENTCLS.DLL >
[2008/01/21 03:34:07 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=197FE5C1FEC75B1700ED92041707D5D1 -- C:\Windows\System32\eventcls.dll
[2008/01/21 03:34:07 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=197FE5C1FEC75B1700ED92041707D5D1 -- C:\Windows\winsxs\x86_microsoft-windows-vssapi_31bf3856ad364e35_6.0.6001.18000_none_d4e6de5081c1ab4e\eventcls.dll
[2008/01/21 03:34:07 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=197FE5C1FEC75B1700ED92041707D5D1 -- C:\Windows\winsxs\x86_microsoft-windows-vssapi_31bf3856ad364e35_6.0.6002.18005_none_d6d2575c7ee3769a\eventcls.dll
[2001/08/23 13:00:00 | 000,033,280 | ---- | M] (Microsoft Corporation) MD5=4F866CB807F44E77F65AE716F49ED530 -- C:\$Recycle.Bin\S-1-5-21-4070463143-225535495-3523140438-1001\$RM0RBN0\system32\dllcache\eventcls.dll
[2001/08/23 13:00:00 | 000,033,280 | ---- | M] (Microsoft Corporation) MD5=4F866CB807F44E77F65AE716F49ED530 -- C:\$Recycle.Bin\S-1-5-21-4070463143-225535495-3523140438-1001\$RM0RBN0\system32\eventcls.dll

< MD5 for: EVENTCOLLECTOR-DL.MAN >
[2008/01/21 03:33:03 | 000,001,633 | ---- | M] () MD5=9D5080EDD7A0CF7FCE5DB6C0FC51F99D -- C:\Windows\System32\migwiz\dlmanifests\EventCollector-DL.man
[2008/01/21 03:33:03 | 000,001,633 | ---- | M] () MD5=9D5080EDD7A0CF7FCE5DB6C0FC51F99D -- C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_0278b57e8399bfdb\EventCollector-DL.man
[2008/01/21 03:33:03 | 000,001,633 | ---- | M] () MD5=9D5080EDD7A0CF7FCE5DB6C0FC51F99D -- C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\EventCollector-DL.man

< MD5 for: EVENTCREATE.EXE >
[2001/08/23 13:00:00 | 000,047,616 | ---- | M] (Microsoft Corporation) MD5=49E6FFEA52E4FF31C3069467AF471620 -- C:\$Recycle.Bin\S-1-5-21-4070463143-225535495-3523140438-1001\$RM0RBN0\system32\eventcreate.exe
[2006/11/02 10:45:06 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=CAA0A0C8D544355BDAC747FF7577F292 -- C:\Windows\System32\eventcreate.exe
[2006/11/02 10:45:06 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=CAA0A0C8D544355BDAC747FF7577F292 -- C:\Windows\winsxs\x86_microsoft-windows-eventcreate_31bf3856ad364e35_6.0.6000.16386_none_d32c0ea842a8cb28\eventcreate.exe

< MD5 for: EVENTCREATE.EXE.MUI >
[2006/11/02 13:38:59 | 000,036,864 | ---- | M] (Microsoft Corporation) MD5=6EB7900FCA6BD1FAECF497E6FE8BB2F8 -- C:\Windows\System32\en-US\EventCreate.exe.mui
[2006/11/02 13:38:59 | 000,036,864 | ---- | M] (Microsoft Corporation) MD5=6EB7900FCA6BD1FAECF497E6FE8BB2F8 -- C:\Windows\winsxs\x86_microsoft-windows-eventcreate.resources_31bf3856ad364e35_6.0.6000.16386_en-us_163f93beca50608f\EventCreate.exe.mui

< MD5 for: EVENTHANDLER.JSX >
[2007/03/16 10:25:10 | 000,114,933 | ---- | M] () MD5=3C347FF05C85737B2EBE282C040337C7 -- C:\Program Files\Adobe\Adobe Stock Photos CS3\eventHandler.jsx

< MD5 for: EVENTHANDLER.TXT >
[2007/03/16 10:20:04 | 000,000,402 | ---- | M] () MD5=0432736DDFCAAFDDAEA479096EB58DE3 -- C:\Program Files\Adobe\Adobe Stock Photos CS3\Resources\zh_TW\eventHandler.txt
[2007/03/16 10:20:04 | 000,000,442 | ---- | M] () MD5=0B85D1529F060CC4995061C4B7E11FB5 -- C:\Program Files\Adobe\Adobe Stock Photos CS3\Resources\sv_SE\eventHandler.txt
[2007/03/16 10:19:58 | 000,000,434 | ---- | M] () MD5=39CAC4596856423D243FD50362B7579A -- C:\Program Files\Adobe\Adobe Stock Photos CS3\Resources\da_DK\eventHandler.txt
[2007/03/16 10:20:00 | 000,000,448 | ---- | M] () MD5=42E35ED9C33269B05CA5C9D2F35B56C6 -- C:\Program Files\Adobe\Adobe Stock Photos CS3\Resources\es_ES\eventHandler.txt
[2007/03/16 10:20:02 | 000,000,426 | ---- | M] () MD5=50FFD57ACB4286A678208F03D9DAB9DE -- C:\Program Files\Adobe\Adobe Stock Photos CS3\Resources\ja_JP\eventHandler.txt
[2007/03/16 10:20:00 | 000,000,442 | ---- | M] () MD5=5D85EE22437D713E6F509C4A44C144AC -- C:\Program Files\Adobe\Adobe Stock Photos CS3\Resources\fr_FR\eventHandler.txt
[2007/03/16 10:19:58 | 000,000,434 | ---- | M] () MD5=6E29384DD684494267500DF84F099808 -- C:\Program Files\Adobe\Adobe Stock Photos CS3\Resources\de_DE\eventHandler.txt
[2007/03/16 10:20:04 | 000,000,456 | ---- | M] () MD5=8857796E5C32002B1F8EBC0421234BAA -- C:\Program Files\Adobe\Adobe Stock Photos CS3\Resources\pt_BR\eventHandler.txt
[2007/03/16 10:20:02 | 000,000,446 | ---- | M] () MD5=8D2D20B0801EC5779D72D6A083CB64EC -- C:\Program Files\Adobe\Adobe Stock Photos CS3\Resources\nl_NL\eventHandler.txt
[2007/03/16 10:20:04 | 000,000,410 | ---- | M] () MD5=A228B84C4A423488F12E7C02EA1B3101 -- C:\Program Files\Adobe\Adobe Stock Photos CS3\Resources\zh_CN\eventHandler.txt
[2007/03/16 10:20:00 | 000,000,452 | ---- | M] () MD5=A22D825640A12278DD4CFB9A8FB999D0 -- C:\Program Files\Adobe\Adobe Stock Photos CS3\Resources\it_IT\eventHandler.txt
[2007/03/16 10:20:02 | 000,000,412 | ---- | M] () MD5=ADBD01840B888078FE39D8329A7D2EC9 -- C:\Program Files\Adobe\Adobe Stock Photos CS3\Resources\ko_KR\eventHandler.txt
[2007/03/16 10:20:02 | 000,000,442 | ---- | M] () MD5=BCEAAF38ADC4B3050C10F700965756A1 -- C:\Program Files\Adobe\Adobe Stock Photos CS3\Resources\nb_NO\eventHandler.txt
[2007/03/16 10:20:00 | 000,000,466 | ---- | M] () MD5=EC20805A52F01848339A35B92E86CC44 -- C:\Program Files\Adobe\Adobe Stock Photos CS3\Resources\fi_FI\eventHandler.txt

< MD5 for: EVENTLOG.DLL >
[2001/08/23 13:00:00 | 000,047,616 | ---- | M] (Microsoft Corporation) MD5=A510B91253544D56B5712D66BE8371E9 -- C:\$Recycle.Bin\S-1-5-21-4070463143-225535495-3523140438-1001\$RM0RBN0\system32\dllcache\eventlog.dll
[2001/08/23 13:00:00 | 000,047,616 | ---- | M] (Microsoft Corporation) MD5=A510B91253544D56B5712D66BE8371E9 -- C:\$Recycle.Bin\S-1-5-21-4070463143-225535495-3523140438-1001\$RM0RBN0\system32\eventlog.dll

< MD5 for: EVENTLOG.ETL >
[2009/07/23 18:53:18 | 001,048,576 | ---- | M] () MD5=4EB8EF7BBC083BB3B6A0C27D289047BC -- C:\Windows\System32\NDF\eventlog.etl

< MD5 for: EVENTLOG-DL.MAN >
[2006/11/02 13:34:11 | 000,001,699 | ---- | M] () MD5=81714FDF68FD3867693F012F21A43AEB -- C:\Windows\System32\migwiz\dlmanifests\Eventlog-DL.man
[2006/11/02 13:34:11 | 000,001,699 | ---- | M] () MD5=81714FDF68FD3867693F012F21A43AEB -- C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_0278b57e8399bfdb\Eventlog-DL.man
[2006/11/02 13:34:11 | 000,001,699 | ---- | M] () MD5=81714FDF68FD3867693F012F21A43AEB -- C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\Eventlog-DL.man

< MD5 for: EVENTLOGMESSAGES.DLL >
[2008/07/27 19:03:11 | 000,798,224 | ---- | M] (Microsoft Corporation) MD5=920A18F137A10805C12E89E31F349D38 -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
[2008/07/27 19:00:23 | 000,798,224 | ---- | M] (Microsoft Corporation) MD5=920A18F137A10805C12E89E31F349D38 -- C:\Windows\winsxs\x86_netfx-eventlogmessages_dll_b03f5f7f11d50a3a_6.0.6000.16720_none_cf8a616af2a68bf7\EventLogMessages.dll
[2008/07/27 18:55:51 | 000,798,224 | ---- | M] (Microsoft Corporation) MD5=920A18F137A10805C12E89E31F349D38 -- C:\Windows\winsxs\x86_netfx-eventlogmessages_dll_b03f5f7f11d50a3a_6.0.6000.20883_none_b8c2780f0c48d0ea\EventLogMessages.dll
[2008/07/27 19:03:11 | 000,798,224 | ---- | M] (Microsoft Corporation) MD5=920A18F137A10805C12E89E31F349D38 -- C:\Windows\winsxs\x86_netfx-eventlogmessages_dll_b03f5f7f11d50a3a_6.0.6001.18111_none_cf654620f2f89898\EventLogMessages.dll
[2008/07/27 18:58:32 | 000,798,224 | ---- | M] (Microsoft Corporation) MD5=920A18F137A10805C12E89E31F349D38 -- C:\Windows\winsxs\x86_netfx-eventlogmessages_dll_b03f5f7f11d50a3a_6.0.6001.22230_none_b899b6bd0c9e11ab\EventLogMessages.dll
[2006/10/20 02:14:02 | 000,788,992 | ---- | M] (Microsoft Corporation) MD5=B9BF565ED071691602B402199AE45E8C -- C:\Windows\winsxs\x86_netfx-eventlogmessages_dll_b03f5f7f11d50a3a_6.0.6000.16386_none_cf8fdb06f2a1bc83\EventLogMessages.dll

< MD5 for: EVENTQUERY.VBS >
[2001/08/23 13:00:00 | 000,097,965 | ---- | M] () MD5=39660B8AB452876C12CE3981314B12A0 -- C:\$Recycle.Bin\S-1-5-21-4070463143-225535495-3523140438-1001\$RM0RBN0\system32\eventquery.vbs

< MD5 for: EVENTTRIGGERS.EXE >
[2001/08/23 13:00:00 | 000,077,824 | ---- | M] (Microsoft Corporation) MD5=8262E29A46F8F5D8068C6F0B2F1D5C11 -- C:\$Recycle.Bin\S-1-5-21-4070463143-225535495-3523140438-1001\$RM0RBN0\system32\eventtriggers.exe

< MD5 for: EVENTVIEWER.CHM >
[2006/11/02 13:39:18 | 000,068,699 | ---- | M] () MD5=5C0E01413D36E22465ACB16226C8744B -- C:\Windows\winsxs\x86_server-help-chm.eventviewer_lh.resources_31bf3856ad364e35_6.0.6000.16386_en-us_21142a195e683ad7\eventviewer.CHM
[2008/01/21 08:02:59 | 000,076,029 | ---- | M] () MD5=890F073BC9B400609EAC76DFE5AD5830 -- C:\Windows\Help\mui\0409\eventviewer.CHM
[2008/01/21 08:02:59 | 000,076,029 | ---- | M] () MD5=890F073BC9B400609EAC76DFE5AD5830 -- C:\Windows\winsxs\x86_server-help-chm.eventviewer_lh.resources_31bf3856ad364e35_6.0.6001.18000_en-us_234aec155b534bab\eventviewer.CHM

< MD5 for: EVENTVIEWER.DLL >
[2008/01/21 03:34:23 | 000,364,544 | ---- | M] () MD5=0D5AC2B7BB1C83383805BF8310B45542 -- C:\Windows\assembly\GAC_MSIL\EventViewer\6.0.0.0__31bf3856ad364e35\EventViewer.dll
[2008/01/21 03:34:23 | 000,364,544 | ---- | M] (Microsoft Corporation) MD5=0D5AC2B7BB1C83383805BF8310B45542 -- C:\Windows\winsxs\msil_eventviewer_31bf3856ad364e35_6.0.6001.18000_none_a5c054a8a914d00a\EventViewer.dll

< MD5 for: EVENTVIEWER.NI.DLL >
[2009/08/08 09:50:09 | 000,543,744 | ---- | M] () MD5=AB00A1349B9D27AD29EFEDA97F66B752 -- C:\Windows\assembly\NativeImages_v2.0.50727_32\EventViewer\9d3bbd186caa7d4838248d7ea0abf867\EventViewer.ni.dll
[2009/10/17 03:17:04 | 000,543,744 | ---- | M] () MD5=D9FA40A61D234B5EE441E85F1FC4C7BB -- C:\Windows\assembly\NativeImages_v2.0.50727_32\EventViewer\77e9d309736994c2d34606a7df99b7b1\EventViewer.ni.dll

< MD5 for: EVENTVIEWER.RESOURCES.DLL >
[2008/01/21 03:35:33 | 000,008,192 | ---- | M] () MD5=1277DEDA0EB85996C37DC9E16FFDBEAC -- C:\Windows\assembly\GAC_MSIL\EventViewer.Resources\6.0.0.0_en_31bf3856ad364e35\EventViewer.resources.dll
[2008/01/21 03:35:33 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=1277DEDA0EB85996C37DC9E16FFDBEAC -- C:\Windows\winsxs\msil_eventviewer.resources_31bf3856ad364e35_6.0.6001.18000_en-us_ca2c6170b5d0c6c3\EventViewer.resources.dll
[2006/11/02 13:38:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=3B1373E987A3B322759B5897BC2FF3B0 -- C:\Windows\winsxs\msil_eventviewer.resources_31bf3856ad364e35_6.0.6000.16386_en-us_c7f59f74b8e5b5ef\EventViewer.resources.dll
[2009/04/11 07:38:06 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=EEE2E9126E9AE6044DAEC9739EC27925 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\msil_eventviewer.resources_31bf3856ad364e35_6.0.6002.18005_en-us_cc17da7cb2f2920f\EventViewer.resources.dll

< MD5 for: EVENTVIEWER_EVENTDETAILS.XSL >
[2006/09/18 22:37:25 | 000,017,952 | ---- | M] () MD5=36C9AD9236538A390B395FB2536D6D4B -- C:\Windows\System32\EventViewer_EventDetails.xsl
[2006/09/18 22:37:25 | 000,017,952 | ---- | M] () MD5=36C9AD9236538A390B395FB2536D6D4B -- C:\Windows\winsxs\x86_eventviewersettings_31bf3856ad364e35_6.0.6000.16386_none_f2c1160b06c8132e\EventViewer_EventDetails.xsl
[2006/11/02 13:38:55 | 000,018,420 | ---- | M] () MD5=5C9370D299D9AE9CDABF5CD65175281C -- C:\Windows\System32\en-US\EventViewer_EventDetails.xsl
[2006/11/02 13:38:55 | 000,018,420 | ---- | M] () MD5=5C9370D299D9AE9CDABF5CD65175281C -- C:\Windows\winsxs\x86_eventviewersettings.resources_31bf3856ad364e35_6.0.6000.16386_en-us_94fb307b96f94e97\EventViewer_EventDetails.xsl

< MD5 for: EVENTVWR.EXE >
[2006/11/02 10:45:06 | 000,079,872 | ---- | M] (Microsoft Corporation) MD5=4D00411113E4BF82CEF530A1F57C3B37 -- C:\Windows\System32\eventvwr.exe
[2006/11/02 10:45:06 | 000,079,872 | ---- | M] (Microsoft Corporation) MD5=4D00411113E4BF82CEF530A1F57C3B37 -- C:\Windows\winsxs\x86_eventviewersettings_31bf3856ad364e35_6.0.6000.16386_none_f2c1160b06c8132e\eventvwr.exe
[2001/08/23 13:00:00 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=F636FD7E97AB17B8FF9D3FF593833301 -- C:\$Recycle.Bin\S-1-5-21-4070463143-225535495-3523140438-1001\$RM0RBN0\system32\dllcache\eventvwr.exe
[2001/08/23 13:00:00 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=F636FD7E97AB17B8FF9D3FF593833301 -- C:\$Recycle.Bin\S-1-5-21-4070463143-225535495-3523140438-1001\$RM0RBN0\system32\eventvwr.exe

< MD5 for: EVENTVWR.EXE.MUI >
[2006/11/02 13:38:55 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=B8E2DDBF64B29EE9BF321CBB9F6AD56B -- C:\Windows\System32\en-US\eventvwr.exe.mui
[2006/11/02 13:38:55 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=B8E2DDBF64B29EE9BF321CBB9F6AD56B -- C:\Windows\winsxs\x86_eventviewersettings.resources_31bf3856ad364e35_6.0.6000.16386_en-us_94fb307b96f94e97\eventvwr.exe.mui

< MD5 for: EVENTVWR.MSC >
[2001/08/23 13:00:00 | 000,056,678 | ---- | M] () MD5=41203FBE6973DE3469439CA690B1292B -- C:\$Recycle.Bin\S-1-5-21-4070463143-225535495-3523140438-1001\$RM0RBN0\system32\eventvwr.msc
[2006/11/02 13:38:55 | 000,145,127 | ---- | M] () MD5=9BDCCC1A87CCA27ADEACE8144F385165 -- C:\Windows\System32\en-US\eventvwr.msc
[2006/09/18 22:37:43 | 000,145,127 | ---- | M] () MD5=9BDCCC1A87CCA27ADEACE8144F385165 -- C:\Windows\System32\eventvwr.msc
[2006/11/02 13:38:55 | 000,145,127 | ---- | M] () MD5=9BDCCC1A87CCA27ADEACE8144F385165 -- C:\Windows\winsxs\x86_eventviewersettings.resources_31bf3856ad364e35_6.0.6000.16386_en-us_94fb307b96f94e97\eventvwr.msc
[2006/09/18 22:37:43 | 000,145,127 | ---- | M] () MD5=9BDCCC1A87CCA27ADEACE8144F385165 -- C:\Windows\winsxs\x86_eventviewersettings_31bf3856ad364e35_6.0.6000.16386_none_f2c1160b06c8132e\eventvwr.msc

< MD5 for: FXSEVENT.DLL >
[2001/08/23 13:00:00 | 000,053,760 | ---- | M] (Microsoft Corporation) MD5=088D030EFC608948FDD029BD5FE1D77A -- C:\$Recycle.Bin\S-1-5-21-4070463143-225535495-3523140438-1001\$RM0RBN0\system32\dllcache\fxsevent.dll

< MD5 for: HARDWAREEVENTS.EVTX >
[2009/03/03 20:03:05 | 000,069,632 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\winevt\Logs\HardwareEvents.evtx

< MD5 for: INSTALLWEBEVENTSQLPROVIDER.SQL >
[2006/09/18 22:32:38 | 000,006,457 | ---- | M] () MD5=BB901DE47FEB608764811E3FF975B1A1 -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\InstallWebEventSqlProvider.sql
[2006/09/18 22:32:38 | 000,006,457 | ---- | M] () MD5=BB901DE47FEB608764811E3FF975B1A1 -- C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6000.16386_none_a35fb91408dfc7e8\InstallWebEventSqlProvider.sql
[2006/09/18 22:32:38 | 000,006,457 | ---- | M] () MD5=BB901DE47FEB608764811E3FF975B1A1 -- C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6000.16720_none_a35a3f7808e4975c\InstallWebEventSqlProvider.sql
[2006/09/18 22:32:38 | 000,006,457 | ---- | M] () MD5=BB901DE47FEB608764811E3FF975B1A1 -- C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6000.20883_none_8c92561c2286dc4f\InstallWebEventSqlProvider.sql
[2006/09/18 22:32:38 | 000,006,457 | ---- | M] () MD5=BB901DE47FEB608764811E3FF975B1A1 -- C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6001.18111_none_a335242e0936a3fd\InstallWebEventSqlProvider.sql
[2006/09/18 22:32:38 | 000,006,457 | ---- | M] () MD5=BB901DE47FEB608764811E3FF975B1A1 -- C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6001.22230_none_8c6994ca22dc1d10\InstallWebEventSqlProvider.sql

< MD5 for: MSIL_EVENTVIEWER.RESOURCES_31BF3856AD364E35_6.0.6000.16386_EN-US_C7F59F74B8E5B5EF.MANIFEST >
[2006/11/02 13:37:33 | 000,003,142 | ---- | M] () MD5=BC61F4AF91C601C10254EFA39D7D2723 -- C:\Windows\winsxs\Manifests\msil_eventviewer.resources_31bf3856ad364e35_6.0.6000.16386_en-us_c7f59f74b8e5b5ef.manifest

< MD5 for: MSIL_EVENTVIEWER.RESOURCES_31BF3856AD364E35_6.0.6001.18000_EN-US_CA2C6170B5D0C6C3.MANIFEST >
[2008/01/21 03:30:31 | 000,003,142 | ---- | M] () MD5=C34E95C31884C72E694CF593CBD166E8 -- C:\Windows\winsxs\Manifests\msil_eventviewer.resources_31bf3856ad364e35_6.0.6001.18000_en-us_ca2c6170b5d0c6c3.manifest

< MD5 for: MSIL_EVENTVIEWER.RESOURCES_31BF3856AD364E35_6.0.6002.18005_DE-DE_23270483C414864A.MANIFEST >
[2009/04/10 23:48:14 | 000,003,142 | ---- | M] () MD5=030BEB78820BCE41EAE92AF2BA11D9DB -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\msil_eventviewer.resources_31bf3856ad364e35_6.0.6002.18005_de-de_23270483c414864a.manifest

< MD5 for: MSIL_EVENTVIEWER.RESOURCES_31BF3856AD364E35_6.0.6002.18005_EN-US_CC17DA7CB2F2920F.MANIFEST >
[2009/04/10 23:43:16 | 000,003,142 | ---- | M] () MD5=10DE27D20A829814E52651630C2A620F -- C:\Windows\winsxs\Manifests\msil_eventviewer.resources_31bf3856ad364e35_6.0.6002.18005_en-us_cc17da7cb2f2920f.manifest

< MD5 for: MSIL_EVENTVIEWER.RESOURCES_31BF3856AD364E35_6.0.6002.18005_ES-ES_CBE33760B31983B4.MANIFEST >
[2009/04/10 23:47:54 | 000,003,142 | ---- | M] () MD5=CE8ED9D37E3981FAEA3E18C9B2EBCDF4 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\msil_eventviewer.resources_31bf3856ad364e35_6.0.6002.18005_es-es_cbe33760b31983b4.manifest

< MD5 for: MSIL_EVENTVIEWER.RESOURCES_31BF3856AD364E35_6.0.6002.18005_FR-FR_6E9AAD5FA5EB9A16.MANIFEST >
[2009/04/10 23:47:56 | 000,003,142 | ---- | M] () MD5=F73F81EA04B291502E982C5A831F4D5A -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\msil_eventviewer.resources_31bf3856ad364e35_6.0.6002.18005_fr-fr_6e9aad5fa5eb9a16.manifest

< MD5 for: MSIL_EVENTVIEWER.RESOURCES_31BF3856AD364E35_6.0.6002.18005_JA-JP_FAE822B37038916F.MANIFEST >
[2009/04/10 23:49:40 | 000,003,142 | ---- | M] () MD5=D6FF974FD3AEB85823EE9C3ED6E14752 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\msil_eventviewer.resources_31bf3856ad364e35_6.0.6002.18005_ja-jp_fae822b37038916f.manifest

< MD5 for: MSIL_EVENTVIEWER_31BF3856AD364E35_6.0.6000.16386_NONE_A38992ACAC29BF36.MANIFEST >
[2006/11/02 11:10:06 | 000,003,756 | ---- | M] () MD5=FD31A753A816B90C330AADE1B2196A40 -- C:\Windows\winsxs\Manifests\msil_eventviewer_31bf3856ad364e35_6.0.6000.16386_none_a38992acac29bf36.manifest

< MD5 for: MSIL_EVENTVIEWER_31BF3856AD364E35_6.0.6001.18000_NONE_A5C054A8A914D00A.MANIFEST >
[2008/01/21 03:28:28 | 000,003,756 | ---- | M] () MD5=26E4855A767F537F778867368D41173E -- C:\Windows\winsxs\Manifests\msil_eventviewer_31bf3856ad364e35_6.0.6001.18000_none_a5c054a8a914d00a.manifest

< MD5 for: NDFEVENTVIEW.XML >
[2006/09/18 22:28:31 | 000,000,565 | ---- | M] () MD5=86166DAA04A6C154826508304CC6D4AC -- C:\Windows\System32\NdfEventView.xml
[2006/09/18 22:28:31 | 000,000,565 | ---- | M] () MD5=86166DAA04A6C154826508304CC6D4AC -- C:\Windows\winsxs\x86_microsoft-windows-n..nosticsframeworkapi_31bf3856ad364e35_6.0.6001.18000_none_2af1b08aab1dca92\NdfEventView.xml

< MD5 for: NETEVENT.DLL >
[2009/08/14 17:00:27 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=04A453B52273934D84A9DB06FFE415BC -- C:\Windows\winsxs\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6002.22200_none_5cb66ecc80d2b9bd\netevent.dll
[2009/08/14 17:29:41 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=4C84B19D71AF801A34D05B05F0156899 -- C:\Windows\System32\netevent.dll
[2009/08/14 17:29:41 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=4C84B19D71AF801A34D05B05F0156899 -- C:\Windows\winsxs\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6001.18311_none_5a3c8e916a95fcf0\netevent.dll
[2009/08/14 17:24:46 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=A31931B77C878E6E5970F252BB45B6AB -- C:\Windows\winsxs\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6001.22497_none_5a75adb883ef144c\netevent.dll
[2001/08/23 13:00:00 | 000,214,016 | ---- | M] (Microsoft Corporation) MD5=DA45AD502B4F2B7FC4ADEBA2E309F384 -- C:\$Recycle.Bin\S-1-5-21-4070463143-225535495-3523140438-1001\$RM0RBN0\system32\dllcache\netevent.dll
[2001/08/23 13:00:00 | 000,214,016 | ---- | M] (Microsoft Corporation) MD5=DA45AD502B4F2B7FC4ADEBA2E309F384 -- C:\$Recycle.Bin\S-1-5-21-4070463143-225535495-3523140438-1001\$RM0RBN0\system32\netevent.dll
[2009/08/14 16:53:34 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=E0CBBEB184AD739C73266925C0970EEE -- C:\Windows\winsxs\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6002.18091_none_5bcc811967fd319c\netevent.dll
[2008/01/21 03:34:01 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=E43A7C782689176F9C1239D2BCA3AF59 -- C:\Windows\winsxs\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6001.18000_none_5a4658816a8ed033\netevent.dll
[2009/08/16 00:56:43 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=E7A46CB9551E2F58F499F0D4FCB0C5BB -- C:\Windows\winsxs\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6000.21108_none_58f196ca867ed47b\netevent.dll
[2009/08/14 17:40:52 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=F651C1AF8B85F0EC9BA8373322E121F7 -- C:\Windows\winsxs\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6000.16908_none_586821dd6d61016f\netevent.dll

< MD5 for: NETEVENT.DLL.MUI >
[2008/01/21 03:35:33 | 000,241,664 | ---- | M] (Microsoft Corporation) MD5=0840473AA5FEB1382674318613E2EF40 -- C:\Windows\winsxs\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6001.18000_en-us_82887d4ebb975790\netevent.dll.mui
[2009/08/14 17:08:09 | 000,241,664 | ---- | M] (Microsoft Corporation) MD5=227D89C68AA3694A29E84287767380AF -- C:\Windows\winsxs\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6002.22200_en-us_84f89399d1db411a\netevent.dll.mui
[2009/08/14 17:32:27 | 000,241,664 | ---- | M] (Microsoft Corporation) MD5=4B5FC257B1FF9AB144BC8FAA257A2D94 -- C:\Windows\winsxs\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6001.22497_en-us_82b7d285d4f79ba9\netevent.dll.mui
[2009/08/14 17:36:03 | 000,241,664 | ---- | M] (Microsoft Corporation) MD5=ABAD046C4B067F466A95FC74A93DC99A -- C:\Windows\System32\en-US\netevent.dll.mui
[2009/08/14 17:36:03 | 000,241,664 | ---- | M] (Microsoft Corporation) MD5=ABAD046C4B067F466A95FC74A93DC99A -- C:\Windows\winsxs\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6001.18311_en-us_827eb35ebb9e844d\netevent.dll.mui
[2009/08/14 17:45:14 | 000,237,568 | ---- | M] (Microsoft Corporation) MD5=AF8C0ED182A3DA0D28DF6C21B037F341 -- C:\Windows\winsxs\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6000.16908_en-us_80aa46aabe6988cc\netevent.dll.mui
[2009/08/16 01:01:13 | 000,237,568 | ---- | M] (Microsoft Corporation) MD5=C5A316351BBB48E6EF45CB13F3F8D9EE -- C:\Windows\winsxs\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6000.21108_en-us_8133bb97d7875bd8\netevent.dll.mui
[2009/08/14 17:03:01 | 000,241,664 | ---- | M] (Microsoft Corporation) MD5=EC7769B2919CB85181B165931810E1F0 -- C:\Windows\winsxs\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6002.18091_en-us_840ea5e6b905b8f9\netevent.dll.mui
[2006/11/02 13:38:58 | 000,237,568 | ---- | M] (Microsoft Corporation) MD5=F99A1227AD7E83FC9B3E273902906A6A -- C:\Windows\winsxs\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6000.16386_en-us_8051bb52beac46bc\netevent.dll.mui

< MD5 for: NWEVENT.DLL >
[2001/08/23 13:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=92DDAE2DF95D44434E94CB0F8FF662E3 -- C:\$Recycle.Bin\S-1-5-21-4070463143-225535495-3523140438-1001\$RM0RBN0\system32\dllcache\nwevent.dll
[2001/08/23 13:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=92DDAE2DF95D44434E94CB0F8FF662E3 -- C:\$Recycle.Bin\S-1-5-21-4070463143-225535495-3523140438-1001\$RM0RBN0\system32\nwevent.dll

< MD5 for: REGEVENT.MFL >
[2001/08/23 13:00:00 | 000,038,578 | ---- | M] () MD5=101A987B5FC9AE768E9778D0DCE6A56F -- C:\$Recycle.Bin\S-1-5-21-4070463143-225535495-3523140438-1001\$RM0RBN0\system32\wbem\regevent.mfl
[2006/11/02 13:38:59 | 000,093,270 | ---- | M] () MD5=C30848EB90454DE579CD0B86D0922AE5 -- C:\Windows\System32\wbem\en-US\regevent.mfl
[2006/11/02 13:38:59 | 000,093,270 | ---- | M] () MD5=C30848EB90454DE579CD0B86D0922AE5 -- C:\Windows\winsxs\x86_microsoft-windows-w..-provider.resources_31bf3856ad364e35_6.0.6000.16386_en-us_cd3e9af2c00a8a55\regevent.mfl

< MD5 for: REGEVENT.MOF >
[2006/11/02 08:15:20 | 000,111,686 | ---- | M] () MD5=BFEC5EA3B59FE1A4F392ECF3BC046A8E -- C:\Windows\System32\wbem\regevent.mof
[2006/11/02 08:15:20 | 000,111,686 | ---- | M] () MD5=BFEC5EA3B59FE1A4F392ECF3BC046A8E -- C:\Windows\winsxs\x86_microsoft-windows-wmi-stdprov-provider_31bf3856ad364e35_6.0.6001.18000_none_3e8e5f20c68f55a0\regevent.mof
[2001/08/23 13:00:00 | 000,046,372 | ---- | M] () MD5=D1FE7976E2D5110F293415200DF00937 -- C:\$Recycle.Bin\S-1-5-21-4070463143-225535495-3523140438-1001\$RM0RBN0\system32\wbem\regevent.mof

< MD5 for: REPORTINGEVENTS.LOG >
[2010/04/01 21:34:06 | 000,845,180 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SoftwareDistribution\ReportingEvents.log

< MD5 for: script EVENTS MANAGER.JSX >
[2007/03/21 21:53:40 | 000,047,963 | ---- | M] () MD5=7B01CAF926507B27FD82E377BF788D93 -- C:\Program Files\Adobe\Adobe Photoshop CS3\Presets\scripts\script Events Manager.jsx

< MD5 for: SECEVENT.EVT >
[2008/05/24 16:43:52 | 000,065,536 | ---- | M] () MD5=4407052E2885C8319711F5112FAFAF5C -- C:\$Recycle.Bin\S-1-5-21-4070463143-225535495-3523140438-1001\$RM0RBN0\system32\config\SecEvent.Evt

< MD5 for: SERVICEMODELEVENTS.DLL >
[2008/06/20 02:14:31 | 000,011,280 | ---- | M] (Microsoft Corporation) MD5=3F33FCC8CDDBF4786FE1D8D158992383 -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll
[2008/06/20 02:17:50 | 000,011,280 | ---- | M] (Microsoft Corporation) MD5=3F33FCC8CDDBF4786FE1D8D158992383 -- C:\Windows\winsxs\x86_wcf-m_sm_evt_dll_vista_31bf3856ad364e35_6.0.6000.16708_none_768bf6749b33d781\ServiceModelEvents.dll
[2008/06/20 02:12:45 | 000,011,280 | ---- | M] (Microsoft Corporation) MD5=3F33FCC8CDDBF4786FE1D8D158992383 -- C:\Windows\winsxs\x86_wcf-m_sm_evt_dll_vista_31bf3856ad364e35_6.0.6000.20864_none_76d0b28fb485b995\ServiceModelEvents.dll
[2008/06/20 02:14:31 | 000,011,280 | ---- | M] (Microsoft Corporation) MD5=3F33FCC8CDDBF4786FE1D8D158992383 -- C:\Windows\winsxs\x86_wcf-m_sm_evt_dll_vista_31bf3856ad364e35_6.0.6001.18096_none_780ee35498a53416\ServiceModelEvents.dll
[2008/06/20 02:13:19 | 000,011,280 | ---- | M] (Microsoft Corporation) MD5=3F33FCC8CDDBF4786FE1D8D158992383 -- C:\Windows\winsxs\x86_wcf-m_sm_evt_dll_vista_31bf3856ad364e35_6.0.6001.22208_none_78fbd1e5b178083c\ServiceModelEvents.dll
[2009/02/18 19:38:42 | 000,009,064 | ---- | M] (Microsoft Corporation) MD5=F4898103804B3CBBFD38C2A85BB38ED6 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_wcf-m_sm_evt_dll_vista_31bf3856ad364e35_6.0.6002.18005_none_7a55a9f095836bdf\ServiceModelEvents.dll
[2008/01/21 03:35:15 | 000,002,560 | ---- | M] (Microsoft Corporation) MD5=FCA305DF874B1EBC81BA9F53CE4A54AC -- C:\Windows\winsxs\x86_wcf-m_sm_evt_dll_vista_31bf3856ad364e35_6.0.6001.18000_none_786a30e49861a093\ServiceModelEvents.dll

< MD5 for: SERVICEMODELEVENTS.DLL.MUI >
[2009/02/18 19:38:41 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=8825E559725BD8AA1C3229ED35BDFB99 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.0.6002.18005_en-us_a2b5d6f9369b0105\ServiceModelEvents.dll.mui
[2006/11/02 13:39:13 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=9060EB563337E26ADE791404A034C4B3 -- C:\Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.0.6000.16386_en-us_9e939bf13c8e24e5\ServiceModelEvents.dll.mui
[2008/01/21 03:35:28 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=9DFA894BFA4BB7EA3DE551BDD0EDB56F -- C:\Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.0.6001.18000_en-us_a0ca5ded397935b9\ServiceModelEvents.dll.mui
[2008/06/20 02:14:31 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=9F0AD8E3FBC8DB1ADC5615C1B5B2FA60 -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\en-US\ServiceModelEvents.dll.mui
[2008/06/20 02:17:49 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=9F0AD8E3FBC8DB1ADC5615C1B5B2FA60 -- C:\Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.0.6000.16708_en-us_9eec237d3c4b6ca7\ServiceModelEvents.dll.mui
[2008/06/20 02:12:45 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=9F0AD8E3FBC8DB1ADC5615C1B5B2FA60 -- C:\Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.0.6000.20864_en-us_9f30df98559d4ebb\ServiceModelEvents.dll.mui
[2008/06/20 02:14:31 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=9F0AD8E3FBC8DB1ADC5615C1B5B2FA60 -- C:\Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.0.6001.18096_en-us_a06f105d39bcc93c\ServiceModelEvents.dll.mui
[2008/06/20 02:13:18 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=9F0AD8E3FBC8DB1ADC5615C1B5B2FA60 -- C:\Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.0.6001.22208_en-us_a15bfeee528f9d62\ServiceModelEvents.dll.mui

< MD5 for: SHAREDDATAEVENTS >
[2010/04/01 20:44:39 | 000,003,072 | ---- | M] () MD5=F4722ADCC5A091BEDCF8FF63BB359FA3 -- C:\Users\xs11ax\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

< MD5 for: SYSEVENT.EVT >
[2009/05/05 22:04:34 | 000,393,216 | ---- | M] () MD5=8868BFE3A917E82C1AF0BCA05304C8F1 -- C:\$Recycle.Bin\S-1-5-21-4070463143-225535495-3523140438-1001\$RM0RBN0\system32\config\SysEvent.Evt

< MD5 for: SYSTEMPROPERTIESDATAEXECUTIONPREVENTION.EXE >
[2006/11/02 10:45:48 | 000,081,920 | ---- | M] (Microsoft Corporation) MD5=B4617912AB45A9F47B86F71CEDD51421 -- C:\Windows\System32\SystemPropertiesDataExecutionPrevention.exe
[2006/11/02 10:45:48 | 000,081,920 | ---- | M] (Microsoft Corporation) MD5=B4617912AB45A9F47B86F71CEDD51421 -- C:\Windows\winsxs\x86_microsoft-windows-s..executionprevention_31bf3856ad364e35_6.0.6000.16386_none_c7aca7a727ae5f8e\SystemPropertiesDataExecutionPrevention.exe

< MD5 for: SYSTEMPROPERTIESDATAEXECUTIONPREVENTION.EXE.MUI >
[2006/11/02 13:39:04 | 000,003,072 | ---- | M] (Microsoft Corporation) MD5=82DCF8DBDC04F6F8B7795DFB830F6304 -- C:\Windows\System32\en-US\SystemPropertiesDataExecutionPrevention.exe.mui
[2006/11/02 13:39:04 | 000,003,072 | ---- | M] (Microsoft Corporation) MD5=82DCF8DBDC04F6F8B7795DFB830F6304 -- C:\Windows\winsxs\x86_microsoft-windows-s..revention.resources_31bf3856ad364e35_6.0.6000.16386_en-us_dd34f67efa156081\SystemPropertiesDataExecutionPrevention.exe.mui

< MD5 for: UNINSTALLWEBEVENTSQLPROVIDER.SQL >
[2006/09/18 22:33:00 | 000,003,006 | ---- | M] () MD5=AA48743F571EA182E5D9ECCC8B9F1641 -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\UninstallWebEventSqlProvider.sql
[2006/09/18 22:33:00 | 000,003,006 | ---- | M] () MD5=AA48743F571EA182E5D9ECCC8B9F1641 -- C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6000.16386_none_a35fb91408dfc7e8\UninstallWebEventSqlProvider.sql
[2006/09/18 22:33:00 | 000,003,006 | ---- | M] () MD5=AA48743F571EA182E5D9ECCC8B9F1641 -- C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6000.16720_none_a35a3f7808e4975c\UninstallWebEventSqlProvider.sql
[2006/09/18 22:33:00 | 000,003,006 | ---- | M] () MD5=AA48743F571EA182E5D9ECCC8B9F1641 -- C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6000.20883_none_8c92561c2286dc4f\UninstallWebEventSqlProvider.sql
[2006/09/18 22:33:00 | 000,003,006 | ---- | M] () MD5=AA48743F571EA182E5D9ECCC8B9F1641 -- C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6001.18111_none_a335242e0936a3fd\UninstallWebEventSqlProvider.sql
[2006/09/18 22:33:00 | 000,003,006 | ---- | M] () MD5=AA48743F571EA182E5D9ECCC8B9F1641 -- C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6001.22230_none_8c6994ca22dc1d10\UninstallWebEventSqlProvider.sql

< MD5 for: WDCEVENTS.ECF442AB01C04AB4880DD1E1F5F44D8D >
[2010/04/01 00:09:08 | 000,033,256 | ---- | M] () MD5=052409EDD7E3258AEEAF04310B142CD7 -- C:\ProgramData\Microsoft\RAC\StateData\WDCEvents.ECF442AB01C04AB4880DD1E1F5F44D8D
[2010/04/01 00:09:08 | 000,033,256 | ---- | M] () MD5=052409EDD7E3258AEEAF04310B142CD7 -- C:\Users\All Users\Microsoft\RAC\StateData\WDCEvents.ECF442AB01C04AB4880DD1E1F5F44D8D

< MD5 for: X86_EVENTVIEWERSETTINGS.RESOURCES_31BF3856AD364E35_6.0.6000.16386_EN-US_94FB307B96F94E97.MANIFEST >
[2006/11/02 13:37:32 | 000,006,215 | ---- | M] () MD5=AD33DF67A2DA206695C558E1F750395A -- C:\Windows\winsxs\Manifests\x86_eventviewersettings.resources_31bf3856ad364e35_6.0.6000.16386_en-us_94fb307b96f94e97.manifest

< MD5 for: X86_EVENTVIEWERSETTINGS_31BF3856AD364E35_6.0.6000.16386_NONE_F2C1160B06C8132E.MANIFEST >
[2006/11/02 11:16:11 | 000,029,183 | ---- | M] () MD5=BDBFF73CD851A872BE8F119A435678DD -- C:\Windows\winsxs\Manifests\x86_eventviewersettings_31bf3856ad364e35_6.0.6000.16386_none_f2c1160b06c8132e.manifest

< MD5 for: X86_MICROSOFT-WINDOWS-A..TURE-APPHELP-EVENTS_31BF3856AD364E35_6.0.6000.16386_NONE_690B14EBD99A6B2C.MANIFEST >
[2006/11/02 11:00:47 | 000,010,538 | ---- | M] () MD5=707DD07A846ED490C02E2F902CAA984A -- C:\Windows\winsxs\Manifests\x86_microsoft-windows-a..ture-apphelp-events_31bf3856ad364e35_6.0.6000.16386_none_690b14ebd99a6b2c.manifest

< MD5 for: X86_MICROSOFT-WINDOWS-C..COMPLUS-EVENTSYSTEM_31BF3856AD364E35_6.0.6000.16386_NONE_0AB6DD2154D28F55.MANIFEST >
[2006/11/02 11:06:45 | 000,089,770 | ---- | M] () MD5=138D8256DE966B9A863D201A41FF6D4D -- C:\Windows\winsxs\Manifests\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.0.6000.16386_none_0ab6dd2154d28f55.manifest

< MD5 for: X86_MICROSOFT-WINDOWS-C..COMPLUS-EVENTSYSTEM_31BF3856AD364E35_6.0.6000.16677_NONE_0AC2B30954C98430.MANIFEST >
[2008/04/19 21:09:09 | 000,089,770 | ---- | M] () MD5=4DB41C5A7237E4D03973B62ADBC0A041 -- C:\Windows\winsxs\Manifests\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.0.6000.16677_none_0ac2b30954c98430.manifest

< MD5 for: X86_MICROSOFT-WINDOWS-C..COMPLUS-EVENTSYSTEM_31BF3856AD364E35_6.0.6000.20818_NONE_0B8E318C6DB592D2.MANIFEST >
[2008/04/19 21:08:48 | 000,089,770 | ---- | M] () MD5=037625E2BA855D742AAFFBBCAF47BFF6 -- C:\Windows\winsxs\Manifests\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.0.6000.20818_none_0b8e318c6db592d2.manifest

< MD5 for: X86_MICROSOFT-WINDOWS-C..COMPLUS-EVENTSYSTEM_31BF3856AD364E35_6.0.6001.18000_NONE_0CED9F1D51BDA029.MANIFEST >
[2008/01/21 03:27:12 | 000,089,770 | ---- | M] () MD5=A975042354E79BA1BD86D90C1B677514 -- C:\Windows\winsxs\Manifests\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.0.6001.18000_none_0ced9f1d51bda029.manifest

< MD5 for: X86_MICROSOFT-WINDOWS-C..COMPLUS-EVENTSYSTEM_31BF3856AD364E35_6.0.6001.18057_NONE_0CBE918751DFDD3F.MANIFEST >
[2008/04/18 07:03:46 | 000,089,770 | ---- | M] () MD5=9DACEA0C3BE0016E3A2E91EDB02A794A -- C:\Windows\winsxs\Manifests\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.0.6001.18057_none_0cbe918751dfdd3f.manifest

< MD5 for: X86_MICROSOFT-WINDOWS-C..COMPLUS-EVENTSYSTEM_31BF3856AD364E35_6.0.6001.22162_NONE_0D385CF46B0A1A47.MANIFEST >
[2008/04/18 06:45:03 | 000,089,770 | ---- | M] () MD5=05A36FAC9BEC0B8921DABCD2BB682470 -- C:\Windows\winsxs\Manifests\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.0.6001.22162_none_0d385cf46b0a1a47.manifest

< MD5 for: X86_MICROSOFT-WINDOWS-C..COMPLUS-EVENTSYSTEM_31BF3856AD364E35_6.0.6002.18005_NONE_0ED918294EDF6B75.MANIFEST >
[2009/04/11 00:13:16 | 000,089,770 | ---- | M] () MD5=39FDD8007A0C1F296329DDEED2ED3A80 -- C:\Windows\winsxs\Manifests\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.0.6002.18005_none_0ed918294edf6b75.manifest

< MD5 for: X86_MICROSOFT-WINDOWS-C..FILERECOVERY-EVENTS_31BF3856AD364E35_6.0.6000.16386_NONE_4F029032307A172D.MANIFEST >
[2006/11/02 11:00:56 | 000,011,945 | ---- | M] () MD5=A9D4B77E1808599942D7B3211C0D2749 -- C:\Windows\winsxs\Manifests\x86_microsoft-windows-c..filerecovery-events_31bf3856ad364e35_6.0.6000.16386_none_4f029032307a172d.manifest

xs11ax
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-03-29
OS OS : windows vista
Points Points : 24668
# Likes # Likes : 0

View user profile

Back to top Go down

Re: My PC has been hijacked! Please help.

Post by xs11ax on Thu Apr 01, 2010 4:48 pm

continued

< MD5 for: X86_MICROSOFT-WINDOWS-C..FILERECOVERY-EVENTS_31BF3856AD364E35_6.0.6001.18000_NONE_5139522E2D652801.MANIFEST >
[2008/01/21 03:26:38 | 000,012,289 | ---- | M] () MD5=5E4B61A93E167E1E406EA343D0ADA8AE -- C:\Windows\winsxs\Manifests\x86_microsoft-windows-c..filerecovery-events_31bf3856ad364e35_6.0.6001.18000_none_5139522e2d652801.manifest

< MD5 for: X86_MICROSOFT-WINDOWS-D..FRASTRUCTURE-EVENTS_31BF3856AD364E35_6.0.6000.16386_NONE_7B296E6253194B36.MANIFEST >
[2006/11/02 11:01:07 | 000,029,746 | ---- | M] () MD5=CCC2D5552CB92D0659AAF4CA4275CBC0 -- C:\Windows\winsxs\Manifests\x86_microsoft-windows-d..frastructure-events_31bf3856ad364e35_6.0.6000.16386_none_7b296e6253194b36.manifest

< MD5 for: X86_MICROSOFT-WINDOWS-D..FRASTRUCTURE-EVENTS_31BF3856AD364E35_6.0.6001.18000_NONE_7D60305E50045C0A.MANIFEST >
[2008/01/21 03:27:09 | 000,030,441 | ---- | M] () MD5=30161D797E4C0B939BC8B3ADD0913F37 -- C:\Windows\winsxs\Manifests\x86_microsoft-windows-d..frastructure-events_31bf3856ad364e35_6.0.6001.18000_none_7d60305e50045c0a.manifest

< MD5 for: X86_MICROSOFT-WINDOWS-DHCPV6-CLIENT-EVENTS_31BF3856AD364E35_6.0.6000.16386_NONE_ED868000FBAA38D3.MANIFEST >
[2006/11/02 11:01:00 | 000,006,749 | ---- | M] () MD5=E4F8601B26C6A23DDA130787A5FF1BDC -- C:\Windows\winsxs\Manifests\x86_microsoft-windows-dhcpv6-client-events_31bf3856ad364e35_6.0.6000.16386_none_ed868000fbaa38d3.manifest

< MD5 for: X86_MICROSOFT-WINDOWS-DISKDIAGNOSIS-EVENTS_31BF3856AD364E35_6.0.6000.16386_NONE_95685929F2847402.MANIFEST >
[2006/11/02 13:33:19 | 000,011,413 | ---- | M] () MD5=98F7C10B073F6F4A966C5A04A69B8150 -- C:\Windows\winsxs\Manifests\x86_microsoft-windows-diskdiagnosis-events_31bf3856ad364e35_6.0.6000.16386_none_95685929f2847402.manifest

< MD5 for: X86_MICROSOFT-WINDOWS-DISKDIAGNOSIS-EVENTS_31BF3856AD364E35_6.0.6001.18000_NONE_979F1B25EF6F84D6.MANIFEST >
[2008/01/21 03:25:39 | 000,012,735 | ---- | M] () MD5=2C033EC787BB59CC223E1B75349AD0B8 -- C:\Windows\winsxs\Manifests\x86_microsoft-windows-diskdiagnosis-events_31bf3856ad364e35_6.0.6001.18000_none_979f1b25ef6f84d6.manifest

< MD5 for: X86_MICROSOFT-WINDOWS-EVENTCOLLECTOR_31BF3856AD364E35_6.0.6000.16386_NONE_F8D6E0EB77C7E4B5.MANIFEST >
[2006/11/02 11:13:30 | 000,029,880 | ---- | M] () MD5=E39DF922C9B39162822E8401495997E0 -- C:\Windows\winsxs\Manifests\x86_microsoft-windows-eventcollector_31bf3856ad364e35_6.0.6000.16386_none_f8d6e0eb77c7e4b5.manifest

< MD5 for: X86_MICROSOFT-WINDOWS-EVENTCOLLECTOR_31BF3856AD364E35_6.0.6001.18000_NONE_FB0DA2E774B2F589.MANIFEST >
[2008/01/21 03:27:48 | 000,032,028 | ---- | M] () MD5=FFD09A050629980C4712D8501FCE7EAE -- C:\Windows\winsxs\Manifests\x86_microsoft-windows-eventcollector_31bf3856ad364e35_6.0.6001.18000_none_fb0da2e774b2f589.manifest

< MD5 for: X86_MICROSOFT-WINDOWS-EVENTCREATE.RESOURCES_31BF3856AD364E35_6.0.6000.16386_EN-US_163F93BECA50608F.MANIFEST >
[2006/11/02 13:37:34 | 000,002,483 | ---- | M] () MD5=F45EAE2288E339878193D89674D4F82E -- C:\Windows\winsxs\Manifests\x86_microsoft-windows-eventcreate.resources_31bf3856ad364e35_6.0.6000.16386_en-us_163f93beca50608f.manifest

< MD5 for: X86_MICROSOFT-WINDOWS-EVENTCREATE_31BF3856AD364E35_6.0.6000.16386_NONE_D32C0EA842A8CB28.MANIFEST >
[2006/11/02 11:11:32 | 000,006,372 | ---- | M] () MD5=99CD7DDF4C1093008F2EE0A1309806B1 -- C:\Windows\winsxs\Manifests\x86_microsoft-windows-eventcreate_31bf3856ad364e35_6.0.6000.16386_none_d32c0ea842a8cb28.manifest

< MD5 for: X86_MICROSOFT-WINDOWS-EVENTLOG.RESOURCES_31BF3856AD364E35_6.0.6000.16386_EN-US_9BD00D96C3E3F341.MANIFEST >
[2006/11/02 13:39:31 | 000,002,914 | ---- | M] () MD5=CC97FDF1F36724DE6FC516967FB41E6D -- C:\Windows\winsxs\Backup\x86_microsoft-windows-eventlog.resources_31bf3856ad364e35_6.0.6000.16386_en-us_9bd00d96c3e3f341.manifest
[2006/11/02 13:37:33 | 000,002,914 | ---- | M] () MD5=CC97FDF1F36724DE6FC516967FB41E6D -- C:\Windows\winsxs\Manifests\x86_microsoft-windows-eventlog.resources_31bf3856ad364e35_6.0.6000.16386_en-us_9bd00d96c3e3f341.manifest

< MD5 for: X86_MICROSOFT-WINDOWS-EVENTLOG.RESOURCES_31BF3856AD364E35_6.0.6000.16386_EN-US_9BD00D96C3E3F341_WEVTSVC.DLL.MUI_F41BF7B7 >
[2006/11/02 13:39:31 | 000,010,752 | ---- | M] (Microsoft Corporation) MD5=762392C8340E17CC62C90F6B3826107A -- C:\Windows\winsxs\Backup\x86_microsoft-windows-eventlog.resources_31bf3856ad364e35_6.0.6000.16386_en-us_9bd00d96c3e3f341_wevtsvc.dll.mui_f41bf7b7

< MD5 for: X86_MICROSOFT-WINDOWS-EVENTLOG.RESOURCES_31BF3856AD364E35_6.0.6002.18005_DE-DE_F70172A5CF12C39C.MANIFEST >
[2009/04/10 23:48:30 | 000,002,914 | ---- | M] () MD5=7B4EC6FC837C1B5FB54054D5629CDC0D -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-eventlog.resources_31bf3856ad364e35_6.0.6002.18005_de-de_f70172a5cf12c39c.manifest

< MD5 for: X86_MICROSOFT-WINDOWS-EVENTLOG.RESOURCES_31BF3856AD364E35_6.0.6002.18005_EN-US_9FF2489EBDF0CF61.MANIFEST >
[2009/04/10 23:43:44 | 000,002,914 | ---- | M] () MD5=2ADCFA6DB0AAD1F49503FF16728C1052 -- C:\Windows\winsxs\Manifests\x86_microsoft-windows-eventlog.resources_31bf3856ad364e35_6.0.6002.18005_en-us_9ff2489ebdf0cf61.manifest

< MD5 for: X86_MICROSOFT-WINDOWS-EVENTLOG.RESOURCES_31BF3856AD364E35_6.0.6002.18005_ES-ES_9FBDA582BE17C106.MANIFEST >
[2009/04/10 23:48:06 | 000,002,914 | ---- | M] () MD5=F55C24D3F68D94B468D8C1E9670EBCD9 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-eventlog.resources_31bf3856ad364e35_6.0.6002.18005_es-es_9fbda582be17c106.manifest

< MD5 for: X86_MICROSOFT-WINDOWS-EVENTLOG.RESOURCES_31BF3856AD364E35_6.0.6002.18005_FR-FR_42751B81B0E9D768.MANIFEST >
[2009/04/10 23:48:10 | 000,002,914 | ---- | M] () MD5=0FB3215A5104169E897DBB4EFCCA66D8 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-eventlog.resources_31bf3856ad364e35_6.0.6002.18005_fr-fr_42751b81b0e9d768.manifest

< MD5 for: X86_MICROSOFT-WINDOWS-EVENTLOG.RESOURCES_31BF3856AD364E35_6.0.6002.18005_JA-JP_CEC290D57B36CEC1.MANIFEST >
[2009/04/10 23:50:00 | 000,002,914 | ---- | M] () MD5=01FE7B66BD9C0B3F0DC25E1A8802E636 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-eventlog.resources_31bf3856ad364e35_6.0.6002.18005_ja-jp_cec290d57b36cec1.manifest

< MD5 for: X86_MICROSOFT-WINDOWS-EVENTLOG_31BF3856AD364E35_6.0.6000.16386_NONE_DA8D9A1E15EE1EB0.MANIFEST >
[2006/11/02 11:12:04 | 000,043,981 | ---- | M] () MD5=9F93C344C71669A5BE90744DA6159916 -- C:\Windows\winsxs\Manifests\x86_microsoft-windows-eventlog_31bf3856ad364e35_6.0.6000.16386_none_da8d9a1e15ee1eb0.manifest

< MD5 for: X86_MICROSOFT-WINDOWS-EVENTLOG_31BF3856AD364E35_6.0.6001.18000_NONE_DCC45C1A12D92F84.MANIFEST >
[2008/01/21 03:36:39 | 000,043,981 | ---- | M] () MD5=1C68F568D63C6C48C357FDBE25CD7296 -- C:\Windows\winsxs\Backup\x86_microsoft-windows-eventlog_31bf3856ad364e35_6.0.6001.18000_none_dcc45c1a12d92f84.manifest
[2008/01/21 03:26:03 | 000,043,981 | ---- | M] () MD5=1C68F568D63C6C48C357FDBE25CD7296 -- C:\Windows\winsxs\Manifests\x86_microsoft-windows-eventlog_31bf3856ad364e35_6.0.6001.18000_none_dcc45c1a12d92f84.manifest

< MD5 for: X86_MICROSOFT-WINDOWS-EVENTLOG_31BF3856AD364E35_6.0.6001.18000_NONE_DCC45C1A12D92F84_WEVTSVC.DLL_ADD42CE6 >
[2008/01/21 03:36:39 | 001,013,760 | ---- | M] (Microsoft Corporation) MD5=3ABDB4BEAE7CF1187109756D5F3A9BC0 -- C:\Windows\winsxs\Backup\x86_microsoft-windows-eventlog_31bf3856ad364e35_6.0.6001.18000_none_dcc45c1a12d92f84_wevtsvc.dll_add42ce6

< MD5 for: X86_MICROSOFT-WINDOWS-EVENTLOG_31BF3856AD364E35_6.0.6002.18005_NONE_DEAFD5260FFAFAD0.MANIFEST >
[2009/04/11 00:17:02 | 000,047,715 | ---- | M] () MD5=FDD5D08AF3D85E82FDF8C2A06729B13A -- C:\Windows\winsxs\Manifests\x86_microsoft-windows-eventlog_31bf3856ad364e35_6.0.6002.18005_none_deafd5260ffafad0.manifest

< MD5 for: X86_MICROSOFT-WINDOWS-EVENTLOG-API.RESOURCES_31BF3856AD364E35_6.0.6000.16386_EN-US_219FDEB75A985ACA.MANIFEST >
[2006/11/02 13:39:32 | 000,002,362 | ---- | M] () MD5=6577EB61737C56C777717C1616140A66 -- C:\Windows\winsxs\Backup\x86_microsoft-windows-eventlog-api.resources_31bf3856ad364e35_6.0.6000.16386_en-us_219fdeb75a985aca.manifest
[2006/11/02 13:37:29 | 000,002,362 | ---- | M] () MD5=6577EB61737C56C777717C1616140A66 -- C:\Windows\winsxs\Manifests\x86_microsoft-windows-eventlog-api.resources_31bf3856ad364e35_6.0.6000.16386_en-us_219fdeb75a985aca.manifest

< MD5 for: X86_MICROSOFT-WINDOWS-EVENTLOG-API.RESOURCES_31BF3856AD364E35_6.0.6000.16386_EN-US_219FDEB75A985ACA_WEVTAPI.DLL.MUI_27C9F5DD >
[2006/11/02 13:39:32 | 000,004,096 | ---- | M] (Microsoft Corporation) MD5=8399D9127B174E2E51E3E1845FEE458D -- C:\Windows\winsxs\Backup\x86_microsoft-windows-eventlog-api.resources_31bf3856ad364e35_6.0.6000.16386_en-us_219fdeb75a985aca_wevtapi.dll.mui_27c9f5dd

< MD5 for: X86_MICROSOFT-WINDOWS-EVENTLOG-API_31BF3856AD364E35_6.0.6000.16386_NONE_A9FA4020685F2193.MANIFEST >
[2006/11/02 11:06:30 | 000,005,053 | ---- | M] () MD5=F79E9C2E32A677E9788CC609BBA21335 -- C:\Windows\winsxs\Manifests\x86_microsoft-windows-eventlog-api_31bf3856ad364e35_6.0.6000.16386_none_a9fa4020685f2193.manifest

< MD5 for: X86_MICROSOFT-WINDOWS-EVENTLOG-API_31BF3856AD364E35_6.0.6001.18000_NONE_AC31021C654A3267.MANIFEST >
[2008/01/21 03:36:37 | 000,005,053 | ---- | M] () MD5=80587D9FBE30C0CFF5B5CC4BD34A2821 -- C:\Windows\winsxs\Backup\x86_microsoft-windows-eventlog-api_31bf3856ad364e35_6.0.6001.18000_none_ac31021c654a3267.manifest
[2008/01/21 03:27:35 | 000,005,053 | ---- | M] () MD5=80587D9FBE30C0CFF5B5CC4BD34A2821 -- C:\Windows\winsxs\Manifests\x86_microsoft-windows-eventlog-api_31bf3856ad364e35_6.0.6001.18000_none_ac31021c654a3267.manifest

< MD5 for: X86_MICROSOFT-WINDOWS-EVENTLOG-API_31BF3856AD364E35_6.0.6001.18000_NONE_AC31021C654A3267_WEVTAPI.DLL_DF064540 >
[2008/01/21 03:36:37 | 000,250,368 | ---- | M] (Microsoft Corporation) MD5=E83DD205830F7FAEDA91E8E8D5C15ECC -- C:\Windows\winsxs\Backup\x86_microsoft-windows-eventlog-api_31bf3856ad364e35_6.0.6001.18000_none_ac31021c654a3267_wevtapi.dll_df064540

< MD5 for: X86_MICROSOFT-WINDOWS-EVENTLOG-API_31BF3856AD364E35_6.0.6002.18005_NONE_AE1C7B28626BFDB3.MANIFEST >
[2009/04/11 00:19:38 | 000,005,053 | ---- | M] () MD5=CDBA218C2689075EA079C29690AD984A -- C:\Windows\winsxs\Manifests\x86_microsoft-windows-eventlog-api_31bf3856ad364e35_6.0.6002.18005_none_ae1c7b28626bfdb3.manifest

< MD5 for: X86_MICROSOFT-WINDOWS-EVENTLOG-COMMANDLINE_31BF3856AD364E35_6.0.6000.16386_NONE_BE9D73A37FE4F6B4.MANIFEST >
[2006/11/02 11:08:40 | 000,005,829 | ---- | M] () MD5=C7022C02ED99B1BDE7ACC2440C8D2047 -- C:\Windows\winsxs\Manifests\x86_microsoft-windows-eventlog-commandline_31bf3856ad364e35_6.0.6000.16386_none_be9d73a37fe4f6b4.manifest

< MD5 for: X86_MICROSOFT-WINDOWS-EVENTLOG-COMMANDLINE_31BF3856AD364E35_6.0.6001.18000_NONE_C0D4359F7CD00788.MANIFEST >
[2008/01/21 03:27:55 | 000,005,829 | ---- | M] () MD5=AD72C5E10A260C6648A487BBDE585260 -- C:\Windows\winsxs\Manifests\x86_microsoft-windows-eventlog-commandline_31bf3856ad364e35_6.0.6001.18000_none_c0d4359f7cd00788.manifest

< MD5 for: X86_MICROSOFT-WINDOWS-EVENTLOG-COMMANDLINE_31BF3856AD364E35_6.0.6002.18005_NONE_C2BFAEAB79F1D2D4.MANIFEST >
[2009/04/11 00:18:02 | 000,005,829 | ---- | M] () MD5=A4C14780D747EA3651E3323087316E20 -- C:\Windows\winsxs\Manifests\x86_microsoft-windows-eventlog-commandline_31bf3856ad364e35_6.0.6002.18005_none_c2bfaeab79f1d2d4.manifest

< MD5 for: X86_MICROSOFT-WINDOWS-EVENTLOG-FORWARDPLUGIN_31BF3856AD364E35_6.0.6000.16386_NONE_7333675EF0EED7DD.MANIFEST >
[2006/11/02 11:04:46 | 000,008,855 | ---- | M] () MD5=A413CCC9EC168127D50B31A962BE6414 -- C:\Windows\winsxs\Manifests\x86_microsoft-windows-eventlog-forwardplugin_31bf3856ad364e35_6.0.6000.16386_none_7333675ef0eed7dd.manifest

< MD5 for: X86_MICROSOFT-WINDOWS-EVENTLOG-FORWARDPLUGIN_31BF3856AD364E35_6.0.6001.18000_NONE_756A295AEDD9E8B1.MANIFEST >
[2008/01/21 03:29:18 | 000,011,726 | ---- | M] () MD5=0F4EADFA78CEBAAF1B8EC55253247124 -- C:\Windows\winsxs\Manifests\x86_microsoft-windows-eventlog-forwardplugin_31bf3856ad364e35_6.0.6001.18000_none_756a295aedd9e8b1.manifest

< MD5 for: X86_MICROSOFT-WINDOWS-EVENTVIEWER.RESOURCES_31BF3856AD364E35_6.0.6000.16386_EN-US_226F49836CDE0B61.MANIFEST >
[2006/11/02 13:37:30 | 000,002,214 | ---- | M] () MD5=C0B3EBBFEACED3697B5EB3B38A17BFF8 -- C:\Windows\winsxs\Manifests\x86_microsoft-windows-eventviewer.resources_31bf3856ad364e35_6.0.6000.16386_en-us_226f49836cde0b61.manifest

< MD5 for: X86_MICROSOFT-WINDOWS-EVENTVIEWER_31BF3856AD364E35_6.0.6000.16386_NONE_6BB45E9B9F2F81DA.MANIFEST >
[2006/11/02 11:12:08 | 000,025,833 | ---- | M] () MD5=884BA3E445BAAD03B1C2C5F8C1D66CFD -- C:\Windows\winsxs\Manifests\x86_microsoft-windows-eventviewer_31bf3856ad364e35_6.0.6000.16386_none_6bb45e9b9f2f81da.manifest

< MD5 for: X86_MICROSOFT-WINDOWS-EVENTVIEWER_31BF3856AD364E35_6.0.6001.18000_NONE_6DEB20979C1A92AE.MANIFEST >
[2008/01/21 03:28:17 | 000,025,833 | ---- | M] () MD5=91300B4F172785CEE8176E326FCDDB3E -- C:\Windows\winsxs\Manifests\x86_microsoft-windows-eventviewer_31bf3856ad364e35_6.0.6001.18000_none_6deb20979c1a92ae.manifest

< MD5 for: X86_MICROSOFT-WINDOWS-HOTSTART-EVENTS_31BF3856AD364E35_6.0.6000.16386_NONE_B8465F8C91F74367.MANIFEST >
[2006/11/02 13:33:16 | 000,003,384 | ---- | M] () MD5=C15B41618E625CF3FFED58C9988CB51B -- C:\Windows\winsxs\Manifests\x86_microsoft-windows-hotstart-events_31bf3856ad364e35_6.0.6000.16386_none_b8465f8c91f74367.manifest

< MD5 for: X86_MICROSOFT-WINDOWS-LOADPERF-EVENTS_31BF3856AD364E35_6.0.6000.16386_NONE_278713ED85680A87.MANIFEST >
[2006/11/02 11:01:49 | 000,022,971 | ---- | M] () MD5=3D5E50E9B3763871996FF428229FBE4E -- C:\Windows\winsxs\Manifests\x86_microsoft-windows-loadperf-events_31bf3856ad364e35_6.0.6000.16386_none_278713ed85680a87.manifest

< MD5 for: X86_MICROSOFT-WINDOWS-M..TIC-SCHEDULE-EVENTS_31BF3856AD364E35_6.0.6000.16386_NONE_8C16CF3225C62F51.MANIFEST >
[2006/11/02 11:01:50 | 000,003,693 | ---- | M] () MD5=C3D8BA09B41CCB6062472423A98CF1A6 -- C:\Windows\winsxs\Manifests\x86_microsoft-windows-m..tic-schedule-events_31bf3856ad364e35_6.0.6000.16386_none_8c16cf3225c62f51.manifest

< MD5 for: X86_MICROSOFT-WINDOWS-MSDT-EVENTS_31BF3856AD364E35_6.0.6000.16386_NONE_01040458A3EC9920.MANIFEST >
[2006/11/02 11:02:17 | 000,031,228 | ---- | M] () MD5=FF1B8A131CDF2F3B8C178F54FA890EB3 -- C:\Windows\winsxs\Manifests\x86_microsoft-windows-msdt-events_31bf3856ad364e35_6.0.6000.16386_none_01040458a3ec9920.manifest

< MD5 for: X86_MICROSOFT-WINDOWS-NETEVENT.RESOURCES_31BF3856AD364E35_6.0.6000.16386_EN-US_8051BB52BEAC46BC.MANIFEST >
[2006/11/02 13:37:33 | 000,002,556 | ---- | M] () MD5=5A2F5C510068262BB42D5B8111916BE8 -- C:\Windows\winsxs\Manifests\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6000.16386_en-us_8051bb52beac46bc.manifest

< MD5 for: X86_MICROSOFT-WINDOWS-NETEVENT.RESOURCES_31BF3856AD364E35_6.0.6000.16908_EN-US_80AA46AABE6988CC.MANIFEST >
[2009/08/14 18:27:11 | 000,002,556 | ---- | M] () MD5=CCB72DE1D8B287C373B942CBAD25DC1A -- C:\Windows\winsxs\Manifests\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6000.16908_en-us_80aa46aabe6988cc.manifest

< MD5 for: X86_MICROSOFT-WINDOWS-NETEVENT.RESOURCES_31BF3856AD364E35_6.0.6000.21108_EN-US_8133BB97D7875BD8.MANIFEST >
[2009/08/16 01:44:32 | 000,002,556 | ---- | M] () MD5=E4E78057AEA805AE00D3824D8C09ED04 -- C:\Windows\winsxs\Manifests\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6000.21108_en-us_8133bb97d7875bd8.manifest

< MD5 for: X86_MICROSOFT-WINDOWS-NETEVENT.RESOURCES_31BF3856AD364E35_6.0.6001.18000_EN-US_82887D4EBB975790.MANIFEST >
[2008/01/21 03:30:31 | 000,002,556 | ---- | M] () MD5=31FAED0E6B7E1FA46E378BB4970EBCD7 -- C:\Windows\winsxs\Manifests\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6001.18000_en-us_82887d4ebb975790.manifest

< MD5 for: X86_MICROSOFT-WINDOWS-NETEVENT.RESOURCES_31BF3856AD364E35_6.0.6001.18311_EN-US_827EB35EBB9E844D.MANIFEST >
[2009/08/14 18:23:07 | 000,002,556 | ---- | M] () MD5=BE6D59D94FAC78A27297C7E9FB6246B4 -- C:\Windows\winsxs\Manifests\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6001.18311_en-us_827eb35ebb9e844d.manifest

< MD5 for: X86_MICROSOFT-WINDOWS-NETEVENT.RESOURCES_31BF3856AD364E35_6.0.6001.22497_EN-US_82B7D285D4F79BA9.MANIFEST >
[2009/08/14 18:20:13 | 000,002,556 | ---- | M] () MD5=51602C91ED74D08731E1F07E3C3C3A3A -- C:\Windows\winsxs\Manifests\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6001.22497_en-us_82b7d285d4f79ba9.manifest

< MD5 for: X86_MICROSOFT-WINDOWS-NETEVENT.RESOURCES_31BF3856AD364E35_6.0.6002.18091_EN-US_840EA5E6B905B8F9.MANIFEST >
[2009/08/14 17:44:03 | 000,002,556 | ---- | M] () MD5=2522DE60E6EE5F5BFC8A31B64ED4417E -- C:\Windows\winsxs\Manifests\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6002.18091_en-us_840ea5e6b905b8f9.manifest

< MD5 for: X86_MICROSOFT-WINDOWS-NETEVENT.RESOURCES_31BF3856AD364E35_6.0.6002.22200_EN-US_84F89399D1DB411A.MANIFEST >
[2009/08/14 17:51:16 | 000,002,556 | ---- | M] () MD5=216CDC7D4B97F72108689BABCF696E92 -- C:\Windows\winsxs\Manifests\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6002.22200_en-us_84f89399d1db411a.manifest

< MD5 for: X86_MICROSOFT-WINDOWS-NETEVENT_31BF3856AD364E35_6.0.6000.16386_NONE_580F96856DA3BF5F.MANIFEST >
[2006/11/02 11:18:40 | 000,016,623 | ---- | M] () MD5=D836BEC31A11E0FE22917882E9883650 -- C:\Windows\winsxs\Manifests\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6000.16386_none_580f96856da3bf5f.manifest

< MD5 for: X86_MICROSOFT-WINDOWS-NETEVENT_31BF3856AD364E35_6.0.6000.16908_NONE_586821DD6D61016F.MANIFEST >
[2009/08/14 19:15:34 | 000,016,623 | ---- | M] () MD5=B162F2E8D7B7818C1FF141B55D386354 -- C:\Windows\winsxs\Manifests\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6000.16908_none_586821dd6d61016f.manifest

< MD5 for: X86_MICROSOFT-WINDOWS-NETEVENT_31BF3856AD364E35_6.0.6000.21108_NONE_58F196CA867ED47B.MANIFEST >
[2009/08/16 08:29:25 | 000,016,623 | ---- | M] () MD5=5981065B96C04EB2D870C20A16C36E2B -- C:\Windows\winsxs\Manifests\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6000.21108_none_58f196ca867ed47b.manifest

< MD5 for: X86_MICROSOFT-WINDOWS-NETEVENT_31BF3856AD364E35_6.0.6001.18000_NONE_5A4658816A8ED033.MANIFEST >
[2008/01/21 03:27:39 | 000,018,915 | ---- | M] () MD5=6D62FC8F23EF4CFC180133B248EEA9A2 -- C:\Windows\winsxs\Manifests\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6001.18000_none_5a4658816a8ed033.manifest

< MD5 for: X86_MICROSOFT-WINDOWS-NETEVENT_31BF3856AD364E35_6.0.6001.18311_NONE_5A3C8E916A95FCF0.MANIFEST >
[2009/08/14 19:24:58 | 000,018,915 | ---- | M] () MD5=54327081B9EEEB28DB6F6C041F2EFFCC -- C:\Windows\winsxs\Manifests\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6001.18311_none_5a3c8e916a95fcf0.manifest

< MD5 for: X86_MICROSOFT-WINDOWS-NETEVENT_31BF3856AD364E35_6.0.6001.22497_NONE_5A75ADB883EF144C.MANIFEST >
[2009/08/14 19:24:12 | 000,018,915 | ---- | M] () MD5=EF3050C7C218CB7FAE8633128D736BBF -- C:\Windows\winsxs\Manifests\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6001.22497_none_5a75adb883ef144c.manifest

< MD5 for: X86_MICROSOFT-WINDOWS-NETEVENT_31BF3856AD364E35_6.0.6002.18091_NONE_5BCC811967FD319C.MANIFEST >
[2009/08/14 19:12:48 | 000,018,915 | ---- | M] () MD5=D29C5ADD26F44D6B9140A94855AA31E4 -- C:\Windows\winsxs\Manifests\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6002.18091_none_5bcc811967fd319c.manifest

< MD5 for: X86_MICROSOFT-WINDOWS-NETEVENT_31BF3856AD364E35_6.0.6002.22200_NONE_5CB66ECC80D2B9BD.MANIFEST >
[2009/08/14 18:37:27 | 000,018,915 | ---- | M] () MD5=9AD25AD5440741D7EC498236004F6DDF -- C:\Windows\winsxs\Manifests\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6002.22200_none_5cb66ecc80d2b9bd.manifest

< MD5 for: X86_MICROSOFT-WINDOWS-PDH-EVENTS_31BF3856AD364E35_6.0.6000.16386_NONE_95C54CB11BA3EEBC.MANIFEST >
[2006/11/02 11:02:44 | 000,023,485 | ---- | M] () MD5=1887139F4538744D88018F5CBCEFEEC4 -- C:\Windows\winsxs\Manifests\x86_microsoft-windows-pdh-events_31bf3856ad364e35_6.0.6000.16386_none_95c54cb11ba3eebc.manifest

< MD5 for: X86_MICROSOFT-WINDOWS-PERFCTRS-EVENTS_31BF3856AD364E35_6.0.6000.16386_NONE_1BC666DDC65EEF27.MANIFEST >
[2006/11/02 11:02:45 | 000,020,872 | ---- | M] () MD5=AFFFAD564166792032D3FE63DD23D234 -- C:\Windows\winsxs\Manifests\x86_microsoft-windows-perfctrs-events_31bf3856ad364e35_6.0.6000.16386_none_1bc666ddc65eef27.manifest

< MD5 for: X86_MICROSOFT-WINDOWS-PERFDISK-EVENTS_31BF3856AD364E35_6.0.6000.16386_NONE_B32314603DEC2722.MANIFEST >
[2006/11/02 11:02:45 | 000,003,063 | ---- | M] () MD5=D094BDCD58791F9C725A8D6FF32214E9 -- C:\Windows\winsxs\Manifests\x86_microsoft-windows-perfdisk-events_31bf3856ad364e35_6.0.6000.16386_none_b32314603dec2722.manifest

< MD5 for: X86_MICROSOFT-WINDOWS-PERFLIB-EVENTS_31BF3856AD364E35_6.0.6000.16386_NONE_1AF7A61F455B70A0.MANIFEST >
[2006/11/02 11:02:49 | 000,028,116 | ---- | M] () MD5=B2F5A5926F0E2456FBEA730D6E6695E0 -- C:\Windows\winsxs\Manifests\x86_microsoft-windows-perflib-events_31bf3856ad364e35_6.0.6000.16386_none_1af7a61f455b70a0.manifest

< MD5 for: X86_MICROSOFT-WINDOWS-PERFNET-EVENTS_31BF3856AD364E35_6.0.6000.16386_NONE_DA402F5EAE15D5CC.MANIFEST >
[2006/11/02 11:02:45 | 000,004,489 | ---- | M] () MD5=3C61CDE9C1FFDFC923ED51F0DBB0E4E7 -- C:\Windows\winsxs\Manifests\x86_microsoft-windows-perfnet-events_31bf3856ad364e35_6.0.6000.16386_none_da402f5eae15d5cc.manifest

< MD5 for: X86_MICROSOFT-WINDOWS-PERFOS-EVENTS_31BF3856AD364E35_6.0.6000.16386_NONE_8C2FD6B4B0B84DB9.MANIFEST >
[2006/11/02 11:02:46 | 000,007,412 | ---- | M] () MD5=AB786BD477E2F971A62ACC843408A689 -- C:\Windows\winsxs\Manifests\x86_microsoft-windows-perfos-events_31bf3856ad364e35_6.0.6000.16386_none_8c2fd6b4b0b84db9.manifest

< MD5 for: X86_MICROSOFT-WINDOWS-PERFPROC-EVENTS_31BF3856AD364E35_6.0.6000.16386_NONE_1DB0B556AA0CE8CB.MANIFEST >
[2006/11/02 11:02:46 | 000,004,311 | ---- | M] () MD5=EE8F2AC2C45B03CEC1ED070D9010EEB4 -- C:\Windows\winsxs\Manifests\x86_microsoft-windows-perfproc-events_31bf3856ad364e35_6.0.6000.16386_none_1db0b556aa0ce8cb.manifest

< MD5 for: X86_MICROSOFT-WINDOWS-PLA-EVENTS_31BF3856AD364E35_6.0.6000.16386_NONE_6167DA977006EB35.MANIFEST >
[2006/11/02 11:02:48 | 000,024,413 | ---- | M] () MD5=50C51F18571694300EAA251577CB1C62 -- C:\Windows\winsxs\Manifests\x86_microsoft-windows-pla-events_31bf3856ad364e35_6.0.6000.16386_none_6167da977006eb35.manifest

< MD5 for: X86_MICROSOFT-WINDOWS-PLA-EVENTS_31BF3856AD364E35_6.0.6001.18000_NONE_639E9C936CF1FC09.MANIFEST >
[2008/01/21 03:27:42 | 000,024,782 | ---- | M] () MD5=E4835780B9418CD07EA0A012A5E9C501 -- C:\Windows\winsxs\Manifests\x86_microsoft-windows-pla-events_31bf3856ad364e35_6.0.6001.18000_none_639e9c936cf1fc09.manifest

< MD5 for: X86_MICROSOFT-WINDOWS-R..ALYSIS-AGENT-EVENTS_31BF3856AD364E35_6.0.6000.16386_NONE_F4A5AB112D4F564F.MANIFEST >
[2006/11/02 11:02:52 | 000,002,713 | ---- | M] () MD5=ABDF9B952878C36A9F1EABAF77EF08F1 -- C:\Windows\winsxs\Manifests\x86_microsoft-windows-r..alysis-agent-events_31bf3856ad364e35_6.0.6000.16386_none_f4a5ab112d4f564f.manifest

< MD5 for: X86_MICROSOFT-WINDOWS-R..ION-DETECTOR-EVENTS_31BF3856AD364E35_6.0.6000.16386_NONE_9C0FE3764D21EA1C.MANIFEST >
[2006/11/02 13:33:09 | 000,020,184 | ---- | M] () MD5=A4B1B212691568E86C86D54E2F4FA197 -- C:\Windows\winsxs\Manifests\x86_microsoft-windows-r..ion-detector-events_31bf3856ad364e35_6.0.6000.16386_none_9c0fe3764d21ea1c.manifest

< MD5 for: X86_MICROSOFT-WINDOWS-R..ION-RESOLVER-EVENTS_31BF3856AD364E35_6.0.6000.16386_NONE_19D28994CCEDBF16.MANIFEST >
[2006/11/02 13:33:09 | 000,022,533 | ---- | M] () MD5=03DC7BDE27A765374931B617553FCE65 -- C:\Windows\winsxs\Manifests\x86_microsoft-windows-r..ion-resolver-events_31bf3856ad364e35_6.0.6000.16386_none_19d28994ccedbf16.manifest

< MD5 for: X86_MICROSOFT-WINDOWS-R..ITY-POSTBOOT-EVENTS_31BF3856AD364E35_6.0.6000.16386_NONE_FE6C88B368E0C503.MANIFEST >
[2006/11/02 11:02:58 | 000,026,991 | ---- | M] () MD5=3085E4D32610D3D0A1341B213AE1505A -- C:\Windows\winsxs\Manifests\x86_microsoft-windows-r..ity-postboot-events_31bf3856ad364e35_6.0.6000.16386_none_fe6c88b368e0c503.manifest

< MD5 for: X86_MICROSOFT-WINDOWS-R..K-DIAGNOSTIC-EVENTS_31BF3856AD364E35_6.0.6000.16386_NONE_5422D2123A6ECEA4.MANIFEST >
[2006/11/02 13:33:09 | 000,006,244 | ---- | M] () MD5=27212769DAEDF95A7908F922392DBC68 -- C:\Windows\winsxs\Manifests\x86_microsoft-windows-r..k-diagnostic-events_31bf3856ad364e35_6.0.6000.16386_none_5422d2123a6ecea4.manifest

< MD5 for: X86_MICROSOFT-WINDOWS-R..LYSIS-ENGINE-EVENTS_31BF3856AD364E35_6.0.6000.16386_NONE_6788029A383B19C0.MANIFEST >
[2006/11/02 11:02:52 | 000,006,352 | ---- | M] () MD5=F6F51838E592DC57ECCA9053DAC709B4 -- C:\Windows\winsxs\Manifests\x86_microsoft-windows-r..lysis-engine-events_31bf3856ad364e35_6.0.6000.16386_none_6788029a383b19c0.manifest

< MD5 for: X86_MICROSOFT-WINDOWS-R..LYSIS-ENGINE-EVENTS_31BF3856AD364E35_6.0.6001.18000_NONE_69BEC49635262A94.MANIFEST >
[2008/01/21 03:26:44 | 000,016,997 | ---- | M] () MD5=FBF98F54597ECA6DDB6756C6A866178D -- C:\Windows\winsxs\Manifests\x86_microsoft-windows-r..lysis-engine-events_31bf3856ad364e35_6.0.6001.18000_none_69bec49635262a94.manifest

< MD5 for: X86_MICROSOFT-WINDOWS-RESTARTMANAGER-EVENTS_31BF3856AD364E35_6.0.6000.16386_NONE_70E42BCC8B49038C.MANIFEST >
[2006/11/02 11:03:00 | 000,014,810 | ---- | M] () MD5=C37EF8F8BF974AC431DCF3C06FE8D340 -- C:\Windows\winsxs\Manifests\x86_microsoft-windows-restartmanager-events_31bf3856ad364e35_6.0.6000.16386_none_70e42bcc8b49038c.manifest

< MD5 for: X86_MICROSOFT-WINDOWS-S..EXECUTIONPREVENTION_31BF3856AD364E35_6.0.6000.16386_NONE_C7ACA7A727AE5F8E.MANIFEST >
[2006/11/02 11:08:06 | 000,003,904 | ---- | M] () MD5=684E9E2B30281EFEAD026267CD21DC4F -- C:\Windows\winsxs\Manifests\x86_microsoft-windows-s..executionprevention_31bf3856ad364e35_6.0.6000.16386_none_c7aca7a727ae5f8e.manifest

< MD5 for: X86_MICROSOFT-WINDOWS-S..LICENSING-SLC-EVENT_31BF3856AD364E35_6.0.6000.16386_NONE_6A0593DF546AD073.MANIFEST >
[2006/11/02 11:03:10 | 000,025,993 | ---- | M] () MD5=ED0495789B8B739F65379FDF0FBAF0F7 -- C:\Windows\winsxs\Manifests\x86_microsoft-windows-s..licensing-slc-event_31bf3856ad364e35_6.0.6000.16386_none_6a0593df546ad073.manifest

< MD5 for: X86_MICROSOFT-WINDOWS-S..LICENSING-SLC-EVENT_31BF3856AD364E35_6.0.6001.18000_NONE_6C3C55DB5155E147.MANIFEST >
[2008/01/21 03:27:12 | 000,026,221 | ---- | M] () MD5=BF7A205B583E4FB62D5191EE8F48B8A1 -- C:\Windows\winsxs\Manifests\x86_microsoft-windows-s..licensing-slc-event_31bf3856ad364e35_6.0.6001.18000_none_6c3c55db5155e147.manifest

< MD5 for: X86_MICROSOFT-WINDOWS-S..LICENSING-SLC-EVENT_31BF3856AD364E35_6.0.6002.18005_NONE_6E27CEE74E77AC93.MANIFEST >
[2009/04/11 00:08:06 | 000,026,907 | ---- | M] () MD5=F8401DF90BF38439D3A065CF1463DC80 -- C:\Windows\winsxs\Manifests\x86_microsoft-windows-s..licensing-slc-event_31bf3856ad364e35_6.0.6002.18005_none_6e27cee74e77ac93.manifest

< MD5 for: X86_MICROSOFT-WINDOWS-S..REVENTION.RESOURCES_31BF3856AD364E35_6.0.6000.16386_EN-US_DD34F67EFA156081.MANIFEST >
[2006/11/02 13:37:35 | 000,002,699 | ---- | M] () MD5=04D4C34249B2FD97318FB547C4FE16FF -- C:\Windows\winsxs\Manifests\x86_microsoft-windows-s..revention.resources_31bf3856ad364e35_6.0.6000.16386_en-us_dd34f67efa156081.manifest

< MD5 for: X86_MICROSOFT-WINDOWS-SEARCH-EVENTS_31BF3856AD364E35_6.0.6000.16386_NONE_0856D0953EE37660.MANIFEST >
[2006/11/02 13:33:07 | 000,046,591 | ---- | M] () MD5=DCD44D76B08D24318FD974E09F35F096 -- C:\Windows\winsxs\Manifests\x86_microsoft-windows-search-events_31bf3856ad364e35_6.0.6000.16386_none_0856d0953ee37660.manifest

< MD5 for: X86_MICROSOFT-WINDOWS-SEARCH-EVENTS_31BF3856AD364E35_7.0.6001.16503_NONE_FC0146C2C6B23A89.MANIFEST >
[2008/05/27 06:57:44 | 000,046,878 | ---- | M] () MD5=9B548489701F04FA0E58411CFCB6F1B8 -- C:\Windows\winsxs\Manifests\x86_microsoft-windows-search-events_31bf3856ad364e35_7.0.6001.16503_none_fc0146c2c6b23a89.manifest

< MD5 for: X86_MICROSOFT-WINDOWS-SEARCH-EVENTS_31BF3856AD364E35_7.0.6002.18005_NONE_FDE987E2C3D6FB4F.MANIFEST >
[2009/04/11 00:07:50 | 000,047,108 | ---- | M] () MD5=2CFD360BB049B3630BB10C8866B58E72 -- C:\Windows\winsxs\Manifests\x86_microsoft-windows-search-events_31bf3856ad364e35_7.0.6002.18005_none_fde987e2c3d6fb4f.manifest

< MD5 for: X86_MICROSOFT-WINDOWS-SHUTDOWN-EVENT-TRACKER_31BF3856AD364E35_6.0.6000.16386_NONE_009D55B4CB0CE71A.MANIFEST >
[2006/11/02 11:15:26 | 000,010,219 | ---- | M] () MD5=0327480591086C23ECC0E5742B46A6E3 -- C:\Windows\winsxs\Manifests\x86_microsoft-windows-shutdown-event-tracker_31bf3856ad364e35_6.0.6000.16386_none_009d55b4cb0ce71a.manifest

< MD5 for: X86_MICROSOFT-WINDOWS-SHUTDOWN-EVENT-TRACKER_31BF3856AD364E35_6.0.6001.18000_NONE_02D417B0C7F7F7EE.MANIFEST >
[2008/01/21 03:28:52 | 000,010,209 | ---- | M] () MD5=8293C6AFE8F075264F9B10429779F3A7 -- C:\Windows\winsxs\Manifests\x86_microsoft-windows-shutdown-event-tracker_31bf3856ad364e35_6.0.6001.18000_none_02d417b0c7f7f7ee.manifest

< MD5 for: X86_MICROSOFT-WINDOWS-SYSTEM-EVENTS_31BF3856AD364E35_6.0.6000.16386_NONE_041EB808063E8B1D.MANIFEST >
[2006/11/02 11:03:37 | 000,144,008 | ---- | M] () MD5=E5C3E9A2E9FFD5502FE9720BBB9267F7 -- C:\Windows\winsxs\Manifests\x86_microsoft-windows-system-events_31bf3856ad364e35_6.0.6000.16386_none_041eb808063e8b1d.manifest

< MD5 for: X86_MICROSOFT-WINDOWS-SYSTEM-EVENTS_31BF3856AD364E35_6.0.6001.18000_NONE_06557A0403299BF1.MANIFEST >
[2008/01/21 03:25:42 | 000,160,468 | ---- | M] () MD5=DD431C2898F54377D5EA45C283818CAC -- C:\Windows\winsxs\Manifests\x86_microsoft-windows-system-events_31bf3856ad364e35_6.0.6001.18000_none_06557a0403299bf1.manifest

< MD5 for: X86_MICROSOFT-WINDOWS-SYSTEM-EVENTS_31BF3856AD364E35_6.0.6002.18005_NONE_0840F310004B673D.MANIFEST >
[2009/04/11 00:09:36 | 000,161,597 | ---- | M] () MD5=70666675089397CECF5EB5BD13C1F3EE -- C:\Windows\winsxs\Manifests\x86_microsoft-windows-system-events_31bf3856ad364e35_6.0.6002.18005_none_0840f310004b673d.manifest

< MD5 for: X86_MICROSOFT-WINDOWS-T..ECTIONMANAGEREVENTS_31BF3856AD364E35_6.0.6000.16386_NONE_4F677470447B27AD.MANIFEST >
[2006/11/02 11:02:58 | 000,030,827 | ---- | M] () MD5=146AC326F2B63D499671B2304B917F4A -- C:\Windows\winsxs\Manifests\x86_microsoft-windows-t..ectionmanagerevents_31bf3856ad364e35_6.0.6000.16386_none_4f677470447b27ad.manifest

< MD5 for: X86_MICROSOFT-WINDOWS-T..ECTIONMANAGEREVENTS_31BF3856AD364E35_6.0.6001.18000_NONE_519E366C41663881.MANIFEST >
[2008/01/21 03:26:52 | 000,026,374 | ---- | M] () MD5=0EF5A9B01864511596CCE7A49FD49761 -- C:\Windows\winsxs\Manifests\x86_microsoft-windows-t..ectionmanagerevents_31bf3856ad364e35_6.0.6001.18000_none_519e366c41663881.manifest

< MD5 for: X86_MICROSOFT-WINDOWS-USER-PNPEVENTS_31BF3856AD364E35_6.0.6000.16386_NONE_59A70FC3B7815327.MANIFEST >
[2006/11/02 11:03:57 | 000,005,084 | ---- | M] () MD5=C59AF5C291088540C39E75C0E73EFD3F -- C:\Windows\winsxs\Manifests\x86_microsoft-windows-user-pnpevents_31bf3856ad364e35_6.0.6000.16386_none_59a70fc3b7815327.manifest

< MD5 for: X86_MICROSOFT-WINDOWS-VSSAPI_31BF3856AD364E35_6.0.6001.18000_NONE_D4E6DE5081C1AB4E_EVENTCLS.DLL_09CE86BA >
[2008/01/21 03:36:40 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=197FE5C1FEC75B1700ED92041707D5D1 -- C:\Windows\winsxs\Backup\x86_microsoft-windows-vssapi_31bf3856ad364e35_6.0.6001.18000_none_d4e6de5081c1ab4e_eventcls.dll_09ce86ba

< MD5 for: X86_MICROSOFT-WINDOWS-W..LASSINSTALLEREVENTS_31BF3856AD364E35_6.0.6000.16386_NONE_7F56B61B2D7EE78E.MANIFEST >
[2006/11/02 13:33:14 | 000,009,525 | ---- | M] () MD5=82E091A9CC37B9242AA40F3D14CFF449 -- C:\Windows\winsxs\Manifests\x86_microsoft-windows-w..lassinstallerevents_31bf3856ad364e35_6.0.6000.16386_none_7f56b61b2d7ee78e.manifest

< MD5 for: X86_MICROSOFT-WINDOWS-WDC-EVENTS_31BF3856AD364E35_6.0.6000.16386_NONE_D1C8546F4AC36D80.MANIFEST >
[2006/11/02 11:04:02 | 000,002,217 | ---- | M] () MD5=498BD9BC02CD50D2E6FAC9B91E7DA907 -- C:\Windows\winsxs\Manifests\x86_microsoft-windows-wdc-events_31bf3856ad364e35_6.0.6000.16386_none_d1c8546f4ac36d80.manifest

< MD5 for: X86_MICROSOFT-WINDOWS-WDC-EVENTS_31BF3856AD364E35_6.0.6001.18000_NONE_D3FF166B47AE7E54.MANIFEST >
[2008/01/21 03:26:57 | 000,002,461 | ---- | M] () MD5=56633C56AA76CB645205BC7D77BAE0CB -- C:\Windows\winsxs\Manifests\x86_microsoft-windows-wdc-events_31bf3856ad364e35_6.0.6001.18000_none_d3ff166b47ae7e54.manifest

< MD5 for: X86_MICROSOFT-WINDOWS-WININIT-EVENTS_31BF3856AD364E35_6.0.6000.16386_NONE_7B812B227F6BF462.MANIFEST >
[2006/11/02 11:04:10 | 000,007,556 | ---- | M] () MD5=5594B85AA1488EC6EAA001DF3EA11DE7 -- C:\Windows\winsxs\Manifests\x86_microsoft-windows-wininit-events_31bf3856ad364e35_6.0.6000.16386_none_7b812b227f6bf462.manifest

< MD5 for: X86_MICROSOFT-WINDOWS-WINLOGON-EVENTS_31BF3856AD364E35_6.0.6000.16386_NONE_0B066AA28B1FAF8B.MANIFEST >
[2006/11/02 11:04:10 | 000,022,180 | ---- | M] () MD5=51E8557488A021987F303B1B4DD7AFBB -- C:\Windows\winsxs\Manifests\x86_microsoft-windows-winlogon-events_31bf3856ad364e35_6.0.6000.16386_none_0b066aa28b1faf8b.manifest

< MD5 for: X86_MICROSOFT-WINDOWS-WINLOGON-EVENTS_31BF3856AD364E35_6.0.6001.18000_NONE_0D3D2C9E880AC05F.MANIFEST >
[2008/01/21 03:28:02 | 000,022,733 | ---- | M] () MD5=0E3FAC2121D841CE29945EB381C6123B -- C:\Windows\winsxs\Manifests\x86_microsoft-windows-winlogon-events_31bf3856ad364e35_6.0.6001.18000_none_0d3d2c9e880ac05f.manifest

< MD5 for: X86_MICROSOFT-WINDOWS-WMI-EVENTS_31BF3856AD364E35_6.0.6000.16386_NONE_AE23240E8F503EFF.MANIFEST >
[2006/11/02 11:18:17 | 000,003,809 | ---- | M] () MD5=50844E7443326D9F06DCDCB31D1A07CE -- C:\Windows\winsxs\Manifests\x86_microsoft-windows-wmi-events_31bf3856ad364e35_6.0.6000.16386_none_ae23240e8f503eff.manifest

< MD5 for: X86_MICROSOFT-WINDOWS-WMI-EVENTS_31BF3856AD364E35_6.0.6001.18000_NONE_B059E60A8C3B4FD3.MANIFEST >
[2008/01/21 03:36:44 | 000,003,809 | ---- | M] () MD5=E0C9035502560B41E8A1F291314BB1CA -- C:\Windows\winsxs\Backup\x86_microsoft-windows-wmi-events_31bf3856ad364e35_6.0.6001.18000_none_b059e60a8c3b4fd3.manifest
[2008/01/21 03:28:06 | 000,003,809 | ---- | M] () MD5=E0C9035502560B41E8A1F291314BB1CA -- C:\Windows\winsxs\Manifests\x86_microsoft-windows-wmi-events_31bf3856ad364e35_6.0.6001.18000_none_b059e60a8c3b4fd3.manifest

< MD5 for: X86_MICROSOFT-WINDOWS-WMI-EVENTS_31BF3856AD364E35_6.0.6001.18000_NONE_B059E60A8C3B4FD3_NCOBJAPI.DLL_5EA29A86 >
[2008/01/21 03:36:44 | 000,048,128 | ---- | M] (Microsoft Corporation) MD5=2FA16465F64DB54B1F7F511395EB4FD7 -- C:\Windows\winsxs\Backup\x86_microsoft-windows-wmi-events_31bf3856ad364e35_6.0.6001.18000_none_b059e60a8c3b4fd3_ncobjapi.dll_5ea29a86

< MD5 for: X86_MICROSOFT-WINDOWS-WMI-NTEVENT-PROVIDER_31BF3856AD364E35_6.0.6000.16386_NONE_EE22DE54AFEF53B8.MANIFEST >
[2006/11/02 11:06:35 | 000,010,180 | ---- | M] () MD5=9D529BEE10AD2E767FCEDF1C3A13949A -- C:\Windows\winsxs\Manifests\x86_microsoft-windows-wmi-ntevent-provider_31bf3856ad364e35_6.0.6000.16386_none_ee22de54afef53b8.manifest

< MD5 for: X86_MICROSOFT-WINDOWS-WMI-NTEVENT-PROVIDER_31BF3856AD364E35_6.0.6001.18000_NONE_F059A050ACDA648C.MANIFEST >
[2008/01/21 03:28:30 | 000,010,180 | ---- | M] () MD5=A6EE67DE86705F65734D6B6B3FAF5666 -- C:\Windows\winsxs\Manifests\x86_microsoft-windows-wmi-ntevent-provider_31bf3856ad364e35_6.0.6001.18000_none_f059a050acda648c.manifest

< MD5 for: X86_MICROSOFT-WINDOWS-WMI-NTEVENT-PROVIDER_31BF3856AD364E35_6.0.6002.18005_NONE_F245195CA9FC2FD8.MANIFEST >
[2009/04/11 00:15:30 | 000,010,180 | ---- | M] () MD5=E475C6CB455301097A35FC17078115CB -- C:\Windows\winsxs\Manifests\x86_microsoft-windows-wmi-ntevent-provider_31bf3856ad364e35_6.0.6002.18005_none_f245195ca9fc2fd8.manifest

< MD5 for: X86_NETFX-ASPNET_WEBEVENT_SQLPROV_B03F5F7F11D50A3A_6.0.6000.16386_NONE_A35FB91408DFC7E8.MANIFEST >
[2006/11/02 11:08:09 | 000,003,189 | ---- | M] () MD5=49D82870FF7A06752524BFCAABF16363 -- C:\Windows\winsxs\Manifests\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6000.16386_none_a35fb91408dfc7e8.manifest

< MD5 for: X86_NETFX-ASPNET_WEBEVENT_SQLPROV_B03F5F7F11D50A3A_6.0.6000.16720_NONE_A35A3F7808E4975C.MANIFEST >
[2008/07/28 00:19:23 | 000,003,189 | ---- | M] () MD5=A5D04A4C0EF14F8E97A6795AB55B3B96 -- C:\Windows\winsxs\Manifests\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6000.16720_none_a35a3f7808e4975c.manifest

< MD5 for: X86_NETFX-ASPNET_WEBEVENT_SQLPROV_B03F5F7F11D50A3A_6.0.6000.20883_NONE_8C92561C2286DC4F.MANIFEST >
[2008/07/28 00:22:33 | 000,003,189 | ---- | M] () MD5=4FA7F647489E0CBCA25656ADE3D79F00 -- C:\Windows\winsxs\Manifests\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6000.20883_none_8c92561c2286dc4f.manifest

< MD5 for: X86_NETFX-ASPNET_WEBEVENT_SQLPROV_B03F5F7F11D50A3A_6.0.6001.18111_NONE_A335242E0936A3FD.MANIFEST >
[2008/07/28 00:45:15 | 000,003,189 | ---- | M] () MD5=269AB2196DF88CFA1AE4897DD8BEB5AA -- C:\Windows\winsxs\Manifests\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6001.18111_none_a335242e0936a3fd.manifest

< MD5 for: X86_NETFX-ASPNET_WEBEVENT_SQLPROV_B03F5F7F11D50A3A_6.0.6001.22230_NONE_8C6994CA22DC1D10.MANIFEST >
[2008/07/28 00:31:25 | 000,003,189 | ---- | M] () MD5=1DED3F543E75C64AA4164659057A150E -- C:\Windows\winsxs\Manifests\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6001.22230_none_8c6994ca22dc1d10.manifest

< MD5 for: X86_NETFX-EVENTLOGMESSAGES_DLL_B03F5F7F11D50A3A_6.0.6000.16386_NONE_CF8FDB06F2A1BC83.MANIFEST >
[2006/11/02 11:08:55 | 000,002,325 | ---- | M] () MD5=DBB1A543B874F87B5DB4520256ABE644 -- C:\Windows\winsxs\Manifests\x86_netfx-eventlogmessages_dll_b03f5f7f11d50a3a_6.0.6000.16386_none_cf8fdb06f2a1bc83.manifest

< MD5 for: X86_NETFX-EVENTLOGMESSAGES_DLL_B03F5F7F11D50A3A_6.0.6000.16720_NONE_CF8A616AF2A68BF7.MANIFEST >
[2008/07/28 00:18:59 | 000,002,325 | ---- | M] () MD5=F9E8AA5ED5656D4D90A3F7AA6850A18D -- C:\Windows\winsxs\Manifests\x86_netfx-eventlogmessages_dll_b03f5f7f11d50a3a_6.0.6000.16720_none_cf8a616af2a68bf7.manifest

< MD5 for: X86_NETFX-EVENTLOGMESSAGES_DLL_B03F5F7F11D50A3A_6.0.6000.20883_NONE_B8C2780F0C48D0EA.MANIFEST >
[2008/07/28 00:21:56 | 000,002,325 | ---- | M] () MD5=D6A466A370D916E5A3B31A076A6A213B -- C:\Windows\winsxs\Manifests\x86_netfx-eventlogmessages_dll_b03f5f7f11d50a3a_6.0.6000.20883_none_b8c2780f0c48d0ea.manifest

< MD5 for: X86_NETFX-EVENTLOGMESSAGES_DLL_B03F5F7F11D50A3A_6.0.6001.18111_NONE_CF654620F2F89898.MANIFEST >
[2008/07/28 00:44:40 | 000,002,325 | ---- | M] () MD5=5838C7DB09F4D697DDDB385D03FA5DA7 -- C:\Windows\winsxs\Manifests\x86_netfx-eventlogmessages_dll_b03f5f7f11d50a3a_6.0.6001.18111_none_cf654620f2f89898.manifest

< MD5 for: X86_NETFX-EVENTLOGMESSAGES_DLL_B03F5F7F11D50A3A_6.0.6001.22230_NONE_B899B6BD0C9E11AB.MANIFEST >
[2008/07/28 00:30:55 | 000,002,325 | ---- | M] () MD5=2A208303CE87B076F438417E49EBD66D -- C:\Windows\winsxs\Manifests\x86_netfx-eventlogmessages_dll_b03f5f7f11d50a3a_6.0.6001.22230_none_b899b6bd0c9e11ab.manifest

< MD5 for: X86_SECURITY-MALWARE-WI..ER-EVENTS.RESOURCES_31BF3856AD364E35_6.0.6000.16386_EN-US_7C875C670B5B3CC0.MANIFEST >
[2006/11/02 13:37:36 | 000,002,571 | ---- | M] () MD5=BB4D4DC47D0B90CF02978BD07B2DCAC9 -- C:\Windows\winsxs\Manifests\x86_security-malware-wi..er-events.resources_31bf3856ad364e35_6.0.6000.16386_en-us_7c875c670b5b3cc0.manifest

< MD5 for: X86_SECURITY-MALWARE-WINDOWS-DEFENDER-EVENTS_31BF3856AD364E35_6.0.6000.16386_NONE_B3613E39BEAE266F.MANIFEST >
[2006/11/02 13:33:05 | 000,046,412 | ---- | M] () MD5=6334DC2526961FACCE051874FBAE8EEC -- C:\Windows\winsxs\Manifests\x86_security-malware-windows-defender-events_31bf3856ad364e35_6.0.6000.16386_none_b3613e39beae266f.manifest

< MD5 for: X86_SERVER-HELP-CHM.EVENTVIEWER_LH.RESOURCES_31BF3856AD364E35_6.0.6000.16386_EN-US_21142A195E683AD7.MANIFEST >
[2006/11/02 13:37:41 | 000,002,770 | ---- | M] () MD5=83A8B84E0C3740241FA4CF7B1454E86C -- C:\Windows\winsxs\Manifests\x86_server-help-chm.eventviewer_lh.resources_31bf3856ad364e35_6.0.6000.16386_en-us_21142a195e683ad7.manifest

< MD5 for: X86_SERVER-HELP-CHM.EVENTVIEWER_LH.RESOURCES_31BF3856AD364E35_6.0.6001.18000_EN-US_234AEC155B534BAB.MANIFEST >
[2008/01/21 08:02:45 | 000,002,770 | ---- | M] () MD5=EB0E7FC5BBF2B886775246406D988808 -- C:\Windows\winsxs\Manifests\x86_server-help-chm.eventviewer_lh.resources_31bf3856ad364e35_6.0.6001.18000_en-us_234aec155b534bab.manifest

< MD5 for: X86_SERVER-HELP-CHM.EVENTVIEWER_LH_31BF3856AD364E35_6.0.6000.16386_NONE_44508FC5EC9603CE.MANIFEST >
[2006/11/02 13:33:11 | 000,001,326 | ---- | M] () MD5=2ECA815FF385658F3C43C087E6A6612E -- C:\Windows\winsxs\Manifests\x86_server-help-chm.eventviewer_lh_31bf3856ad364e35_6.0.6000.16386_none_44508fc5ec9603ce.manifest
< End of report >
[u]

xs11ax
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-03-29
OS OS : windows vista
Points Points : 24668
# Likes # Likes : 0

View user profile

Back to top Go down

Re: My PC has been hijacked! Please help.

Post by xs11ax on Thu Apr 01, 2010 4:50 pm

there you go mate.

thanks for that.

what do you mean by how my computer is running?

xs11ax
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-03-29
OS OS : windows vista
Points Points : 24668
# Likes # Likes : 0

View user profile

Back to top Go down

Re: My PC has been hijacked! Please help.

Post by Dr Jay on Thu Apr 01, 2010 11:08 pm

Please run a free online scan with the [You must be registered and logged in to see this link.]
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13753
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302235
# Likes # Likes : 10

View user profile

Back to top Go down

Re: My PC has been hijacked! Please help.

Post by xs11ax on Fri Apr 02, 2010 8:01 pm

Hi jay

i have tried accessing the site a few times today but it seems to be down Let me think

this is what i get...

Unable to connect

Firefox can't establish a connection to the server at [You must be registered and logged in to see this link.]

* The site could be temporarily unavailable or too busy. Try again in a few moments.

* If you are unable to load any pages, check your computer's network connection.

* If your computer or network is protected by a firewall or proxy make sure that Firefox is permitted to access the Web.

xs11ax
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-03-29
OS OS : windows vista
Points Points : 24668
# Likes # Likes : 0

View user profile

Back to top Go down

Re: My PC has been hijacked! Please help.

Post by Dr Jay on Fri Apr 02, 2010 10:57 pm

Please download [You must be registered and logged in to see this link.] by DragonMaster Jay.
  • Save it to your Desktop.
  • Right-click on the file and select Extract All...
  • Choose a location to save extracted files and keep pressing Next until Finish.
  • Double-click RenewMyDNS folder, then double-click RenewMyDNS.bat to start the program.
  • Follow the prompts, and when finished it will launch a log.
  • Post that log in your next reply.
  • After posting the log, delete the folder RenewMyDNS.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13753
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302235
# Likes # Likes : 10

View user profile

Back to top Go down

Re: My PC has been hijacked! Please help.

Post by xs11ax on Mon Apr 05, 2010 5:31 pm

there you go mate. sorry about the delay. whats the diagnosis so far doc?




RenewMyDNS by DragonMaster Jay
DNS Diagnostics and refresher
Version 0.1.4 - November 2009

Microsoft Windows [Version 6.0.6001]


(((((((((((((((((((( Network and DNS Information ))))))))))))))))))))



Windows IP Configuration

Host Name . . . . . . . . . . . . : Super-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros AR5007EG Wireless Network Adapter
Physical Address. . . . . . . . . : 00-16-44-DF-5D-5A
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::cde:3e46:e74a:e9cd%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.4(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 05 April 2010 10:09:42
Lease Expires . . . . . . . . . . : 06 April 2010 22:09:40
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 93.188.163.117
93.188.161.65
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : SiS191 Ethernet Controller
Physical Address. . . . . . . . . : 00-1E-33-08-EC-99
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{83CFDBAD-9E72-4802-9521-E4193CD4CA6B}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{ACE32156-2199-4A74-B4FC-4914D4363B7A}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e74:2469:16a9:3f57:fefb(Preferred)
Link-local IPv6 Address . . . . . : fe80::2469:16a9:3f57:fefb%13(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

(((((((((((((((((((( DNS-Fake Request Testing and Flush ))))))))))))))))))))

... Requests made were successful
The requested operation requires elevation.



(((((((((((((((((((( Speed-test - Ping ))))))))))))))))))))


Pinging yahoo.com [209.191.122.70] with 32 bytes of data:

Reply from 209.191.122.70: bytes=32 time=184ms TTL=50

Reply from 209.191.122.70: bytes=32 time=168ms TTL=50

Reply from 209.191.122.70: bytes=32 time=156ms TTL=50

Reply from 209.191.122.70: bytes=32 time=169ms TTL=50



Ping statistics for 209.191.122.70:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 156ms, Maximum = 184ms, Average = 169ms



Pinging GeekPolice.net [64.202.189.170] with 32 bytes of data:

Reply from 64.202.189.170: bytes=32 time=146ms TTL=111

Reply from 64.202.189.170: bytes=32 time=140ms TTL=111

Reply from 64.202.189.170: bytes=32 time=138ms TTL=111

Reply from 64.202.189.170: bytes=32 time=141ms TTL=111



Ping statistics for 64.202.189.170:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 138ms, Maximum = 146ms, Average = 141ms



Pinging facebook.com [69.63.189.16] with 32 bytes of data:

Reply from 69.63.189.16: bytes=32 time=95ms TTL=244

Reply from 69.63.189.16: bytes=32 time=143ms TTL=244

Reply from 69.63.189.16: bytes=32 time=105ms TTL=244

Request timed out.



Ping statistics for 69.63.189.16:

Packets: Sent = 4, Received = 3, Lost = 1 (25% loss),

Approximate round trip times in milli-seconds:

Minimum = 95ms, Maximum = 143ms, Average = 114ms



Pinging microsoft.com [207.46.197.32] with 32 bytes of data:

Request timed out.

Request timed out.

Request timed out.

Request timed out.



Ping statistics for 207.46.197.32:

Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),


********************
EOF

xs11ax
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-03-29
OS OS : windows vista
Points Points : 24668
# Likes # Likes : 0

View user profile

Back to top Go down

Re: My PC has been hijacked! Please help.

Post by Dr Jay on Tue Apr 06, 2010 12:11 am

Please download SystemLook from one of the links below and save it to your Desktop.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code:

    :reg
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces /s
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces /s
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces /s

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13753
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302235
# Likes # Likes : 10

View user profile

Back to top Go down

Re: My PC has been hijacked! Please help.

Post by xs11ax on Wed Apr 07, 2010 3:36 pm

Hi...




SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 20:35 on 07/04/2010 by xs11ax (Administrator - Elevation successful)

========== reg ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces]
(No values found)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{83CFDBAD-9E72-4802-9521-E4193CD4CA6B}]
"AddressType"= 0000000000 (0)
"DhcpConnForceBroadcastFlag"= 0x0000000001 (1)
"DhcpDefaultGateway"="192.168.1.1"
"DhcpInterfaceOptions"=06 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 bf 87 bd 4b c0 a8 01 01 03 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 bf 87 bd 4b c0 a8 01 01 01 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 bf 87 bd 4b ff ff ff 00 36 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 bf 87 bd 4b c0 a8 01 01 35 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 bf 87 bd 4b 05 00 00 00 fc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c2 d9 bc 4b 33 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 bf 87 bd 4b 00 01 51 80 (REG_BINARY)
"DhcpIPAddress"="192.168.1.4"
"DhcpNameServer"="192.168.1.1"
"DhcpServer"="192.168.1.1"
"DhcpSubnetMask"="255.255.255.0"
"DhcpSubnetMaskOpt"="255.255.255.0"
"Domain"=""
"EnableDeadGWDetect"= 0x0000000001 (1)
"EnableDHCP"= 0x0000000001 (1)
"IsServerNapAware"= 0000000000 (0)
"Lease"= 0x0000015180 (86400)
"LeaseObtainedTime"= 0x004bbc363f (1270625855)
"LeaseTerminatesTime"= 0x004bbd87bf (1270712255)
"NameServer"="93.188.163.117,93.188.161.65"
"RegisterAdapterName"= 0000000000 (0)
"RegistrationEnabled"= 0x0000000001 (1)
"T1"= 0x004bbcdeff (1270669055)
"T2"= 0x004bbd5d8f (1270701455)
"UseZeroBroadcast"= 0000000000 (0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{968BBE7E-6FD4-4031-9B6B-2CEE3EF43F53}]
"AddressType"= 0000000000 (0)
"DhcpConnForceBroadcastFlag"= 0x0000000001 (1)
"DhcpInterfaceOptions"=06 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 15 66 91 4c 0a 11 30 01 01 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 15 66 91 4c ff ff f0 00 33 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 15 66 91 4c 01 e1 33 80 36 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 15 66 91 4c 0a 11 3f fe 35 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 15 66 91 4c 05 00 00 00 (REG_BINARY)
"DhcpIPAddress"="10.17.56.230"
"DhcpNameServer"="10.17.48.1"
"DhcpServer"="10.17.63.254"
"DhcpSubnetMask"="255.255.240.0"
"DhcpSubnetMaskOpt"="255.255.240.0"
"Domain"=""
"EnableDeadGWDetect"= 0x0000000001 (1)
"EnableDHCP"= 0x0000000001 (1)
"IsServerNapAware"= 0000000000 (0)
"Lease"= 0x0001e13380 (31536000)
"LeaseObtainedTime"= 0x004ab03295 (1253061269)
"LeaseTerminatesTime"= 0x004c916615 (1284597269)
"NameServer"=""
"RegisterAdapterName"= 0000000000 (0)
"RegistrationEnabled"= 0x0000000001 (1)
"T1"= 0x004ba0cc55 (1268829269)
"T2"= 0x004c553fa5 (1280655269)
"UseZeroBroadcast"= 0000000000 (0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ACE32156-2199-4A74-B4FC-4914D4363B7A}]
"AddressType"= 0000000000 (0)
"DhcpConnForceBroadcastFlag"= 0x0000000001 (1)
"DhcpDefaultGateway"="81.98.120.1"
"DhcpInterfaceOptions"=01 00 00 00 00 00 00 00 04 00 00 00 01 00 00 00 61 23 67 4b 00 00 00 02 1f 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 61 23 67 4b 01 00 00 00 06 00 00 00 00 00 00 00 08 00 00 00 00 00 00 00 61 23 67 4b c2 a8 04 64 c2 a8 08 64 03 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 61 23 67 4b 51 62 78 01 01 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 61 23 67 4b ff ff fc 00 33 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 61 23 67 4b 00 09 2a ff 36 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 61 23 67 4b 3e fd 83 29 35 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 61 23 67 4b 05 00 00 00 (REG_BINARY)
"DhcpIPAddress"="81.98.120.60"
"DhcpNameServer"="93.188.163.117,93.188.161.65"
"DhcpServer"="62.253.131.41"
"DhcpSubnetMask"="255.255.252.0"
"DhcpSubnetMaskOpt"="255.255.252.0"
"Domain"=""
"EnableDeadGWDetect"= 0x0000000001 (1)
"EnableDHCP"= 0x0000000001 (1)
"IsServerNapAware"= 0000000000 (0)
"Lease"= 0x0000092aff (600831)
"LeaseObtainedTime"= 0x004b5df862 (1264449634)
"LeaseTerminatesTime"= 0x004b672361 (1265050465)
"NameServer"="93.188.163.117,93.188.161.65"
"RegisterAdapterName"= 0000000000 (0)
"RegistrationEnabled"= 0x0000000001 (1)
"T1"= 0x004b628de1 (1264750049)
"T2"= 0x004b65fe01 (1264975361)
"UseZeroBroadcast"= 0000000000 (0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{d8932e52-6a6f-11db-b6ab-806e6f6e6963}]
(No values found)


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces]
(No values found)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{83CFDBAD-9E72-4802-9521-E4193CD4CA6B}]
"AddressType"= 0000000000 (0)
"DhcpConnForceBroadcastFlag"= 0x0000000001 (1)
"DhcpDefaultGateway"="192.168.1.1"
"DhcpInterfaceOptions"=06 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 bf 87 bd 4b c0 a8 01 01 03 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 bf 87 bd 4b c0 a8 01 01 01 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 bf 87 bd 4b ff ff ff 00 36 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 bf 87 bd 4b c0 a8 01 01 35 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 bf 87 bd 4b 05 00 00 00 fc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c2 d9 bc 4b 33 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 bf 87 bd 4b 00 01 51 80 (REG_BINARY)
"DhcpIPAddress"="192.168.1.4"
"DhcpNameServer"="192.168.1.1"
"DhcpServer"="192.168.1.1"
"DhcpSubnetMask"="255.255.255.0"
"DhcpSubnetMaskOpt"="255.255.255.0"
"Domain"=""
"EnableDeadGWDetect"= 0x0000000001 (1)
"EnableDHCP"= 0x0000000001 (1)
"IsServerNapAware"= 0000000000 (0)
"Lease"= 0x0000015180 (86400)
"LeaseObtainedTime"= 0x004bbc363f (1270625855)
"LeaseTerminatesTime"= 0x004bbd87bf (1270712255)
"NameServer"="93.188.163.117,93.188.161.65"
"RegisterAdapterName"= 0000000000 (0)
"RegistrationEnabled"= 0x0000000001 (1)
"T1"= 0x004bbcdeff (1270669055)
"T2"= 0x004bbd5d8f (1270701455)
"UseZeroBroadcast"= 0000000000 (0)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{968BBE7E-6FD4-4031-9B6B-2CEE3EF43F53}]
"AddressType"= 0000000000 (0)
"DhcpConnForceBroadcastFlag"= 0x0000000001 (1)
"DhcpInterfaceOptions"=06 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 15 66 91 4c 0a 11 30 01 01 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 15 66 91 4c ff ff f0 00 33 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 15 66 91 4c 01 e1 33 80 36 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 15 66 91 4c 0a 11 3f fe 35 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 15 66 91 4c 05 00 00 00 (REG_BINARY)
"DhcpIPAddress"="10.17.56.230"
"DhcpNameServer"="10.17.48.1"
"DhcpServer"="10.17.63.254"
"DhcpSubnetMask"="255.255.240.0"
"DhcpSubnetMaskOpt"="255.255.240.0"
"Domain"=""
"EnableDeadGWDetect"= 0x0000000001 (1)
"EnableDHCP"= 0x0000000001 (1)
"IsServerNapAware"= 0000000000 (0)
"Lease"= 0x0001e13380 (31536000)
"LeaseObtainedTime"= 0x004ab03295 (1253061269)
"LeaseTerminatesTime"= 0x004c916615 (1284597269)
"NameServer"=""
"RegisterAdapterName"= 0000000000 (0)
"RegistrationEnabled"= 0x0000000001 (1)
"T1"= 0x004ba0cc55 (1268829269)
"T2"= 0x004c553fa5 (1280655269)
"UseZeroBroadcast"= 0000000000 (0)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{ACE32156-2199-4A74-B4FC-4914D4363B7A}]
"AddressType"= 0000000000 (0)
"DhcpConnForceBroadcastFlag"= 0x0000000001 (1)
"DhcpDefaultGateway"="81.98.120.1"
"DhcpInterfaceOptions"=01 00 00 00 00 00 00 00 04 00 00 00 01 00 00 00 61 23 67 4b 00 00 00 02 1f 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 61 23 67 4b 01 00 00 00 06 00 00 00 00 00 00 00 08 00 00 00 00 00 00 00 61 23 67 4b c2 a8 04 64 c2 a8 08 64 03 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 61 23 67 4b 51 62 78 01 01 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 61 23 67 4b ff ff fc 00 33 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 61 23 67 4b 00 09 2a ff 36 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 61 23 67 4b 3e fd 83 29 35 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 61 23 67 4b 05 00 00 00 (REG_BINARY)
"DhcpIPAddress"="81.98.120.60"
"DhcpNameServer"="93.188.163.117,93.188.161.65"
"DhcpServer"="62.253.131.41"
"DhcpSubnetMask"="255.255.252.0"
"DhcpSubnetMaskOpt"="255.255.252.0"
"Domain"=""
"EnableDeadGWDetect"= 0x0000000001 (1)
"EnableDHCP"= 0x0000000001 (1)
"IsServerNapAware"= 0000000000 (0)
"Lease"= 0x0000092aff (600831)
"LeaseObtainedTime"= 0x004b5df862 (1264449634)
"LeaseTerminatesTime"= 0x004b672361 (1265050465)
"NameServer"="93.188.163.117,93.188.161.65"
"RegisterAdapterName"= 0000000000 (0)
"RegistrationEnabled"= 0x0000000001 (1)
"T1"= 0x004b628de1 (1264750049)
"T2"= 0x004b65fe01 (1264975361)
"UseZeroBroadcast"= 0000000000 (0)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{d8932e52-6a6f-11db-b6ab-806e6f6e6963}]
(No values found)


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces]
(No values found)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{83CFDBAD-9E72-4802-9521-E4193CD4CA6B}]
"AddressType"= 0000000000 (0)
"DhcpConnForceBroadcastFlag"= 0x0000000001 (1)
"DhcpDefaultGateway"="192.168.1.1"
"DhcpInterfaceOptions"=06 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 bf 87 bd 4b c0 a8 01 01 03 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 bf 87 bd 4b c0 a8 01 01 01 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 bf 87 bd 4b ff ff ff 00 36 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 bf 87 bd 4b c0 a8 01 01 35 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 bf 87 bd 4b 05 00 00 00 fc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 57 36 bc 4b 33 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 bf 87 bd 4b 00 01 51 80 (REG_BINARY)
"DhcpIPAddress"="192.168.1.4"
"DhcpNameServer"="192.168.1.1"
"DhcpServer"="192.168.1.1"
"DhcpSubnetMask"="255.255.255.0"
"DhcpSubnetMaskOpt"="255.255.255.0"
"Domain"=""
"EnableDeadGWDetect"= 0x0000000001 (1)
"EnableDHCP"= 0x0000000001 (1)
"IsServerNapAware"= 0000000000 (0)
"Lease"= 0x0000015180 (86400)
"LeaseObtainedTime"= 0x004bbc363f (1270625855)
"LeaseTerminatesTime"= 0x004bbd87bf (1270712255)
"NameServer"="93.188.163.117,93.188.161.65"
"RegisterAdapterName"= 0000000000 (0)
"RegistrationEnabled"= 0x0000000001 (1)
"T1"= 0x004bbcdeff (1270669055)
"T2"= 0x004bbd5d8f (1270701455)
"UseZeroBroadcast"= 0000000000 (0)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{968BBE7E-6FD4-4031-9B6B-2CEE3EF43F53}]
"AddressType"= 0000000000 (0)
"DhcpConnForceBroadcastFlag"= 0x0000000001 (1)
"DhcpInterfaceOptions"=06 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 15 66 91 4c 0a 11 30 01 01 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 15 66 91 4c ff ff f0 00 33 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 15 66 91 4c 01 e1 33 80 36 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 15 66 91 4c 0a 11 3f fe 35 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 15 66 91 4c 05 00 00 00 (REG_BINARY)
"DhcpIPAddress"="10.17.56.230"
"DhcpNameServer"="10.17.48.1"
"DhcpServer"="10.17.63.254"
"DhcpSubnetMask"="255.255.240.0"
"DhcpSubnetMaskOpt"="255.255.240.0"
"Domain"=""
"EnableDeadGWDetect"= 0x0000000001 (1)
"EnableDHCP"= 0x0000000001 (1)
"IsServerNapAware"= 0000000000 (0)
"Lease"= 0x0001e13380 (31536000)
"LeaseObtainedTime"= 0x004ab03295 (1253061269)
"LeaseTerminatesTime"= 0x004c916615 (1284597269)
"NameServer"=""
"RegisterAdapterName"= 0000000000 (0)
"RegistrationEnabled"= 0x0000000001 (1)
"T1"= 0x004ba0cc55 (1268829269)
"T2"= 0x004c553fa5 (1280655269)
"UseZeroBroadcast"= 0000000000 (0)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{ACE32156-2199-4A74-B4FC-4914D4363B7A}]
"AddressType"= 0000000000 (0)
"DhcpConnForceBroadcastFlag"= 0x0000000001 (1)
"DhcpDefaultGateway"="81.98.120.1"
"DhcpInterfaceOptions"=01 00 00 00 00 00 00 00 04 00 00 00 01 00 00 00 61 23 67 4b 00 00 00 02 1f 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 61 23 67 4b 01 00 00 00 06 00 00 00 00 00 00 00 08 00 00 00 00 00 00 00 61 23 67 4b c2 a8 04 64 c2 a8 08 64 03 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 61 23 67 4b 51 62 78 01 01 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 61 23 67 4b ff ff fc 00 33 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 61 23 67 4b 00 09 2a ff 36 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 61 23 67 4b 3e fd 83 29 35 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 61 23 67 4b 05 00 00 00 (REG_BINARY)
"DhcpIPAddress"="81.98.120.60"
"DhcpNameServer"="93.188.163.117,93.188.161.65"
"DhcpServer"="62.253.131.41"
"DhcpSubnetMask"="255.255.252.0"
"DhcpSubnetMaskOpt"="255.255.252.0"
"Domain"=""
"EnableDeadGWDetect"= 0x0000000001 (1)
"EnableDHCP"= 0x0000000001 (1)
"IsServerNapAware"= 0000000000 (0)
"Lease"= 0x0000092aff (600831)
"LeaseObtainedTime"= 0x004b5df862 (1264449634)
"LeaseTerminatesTime"= 0x004b672361 (1265050465)
"NameServer"="93.188.163.117,93.188.161.65"
"RegisterAdapterName"= 0000000000 (0)
"RegistrationEnabled"= 0x0000000001 (1)
"T1"= 0x004b628de1 (1264750049)
"T2"= 0x004b65fe01 (1264975361)
"UseZeroBroadcast"= 0000000000 (0)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{d8932e52-6a6f-11db-b6ab-806e6f6e6963}]
(No values found)


-=End Of File=-

xs11ax
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-03-29
OS OS : windows vista
Points Points : 24668
# Likes # Likes : 0

View user profile

Back to top Go down

Re: My PC has been hijacked! Please help.

Post by Dr Jay on Wed Apr 07, 2010 9:41 pm

Open OTL, press Quick Scan. Then, post a log.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13753
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302235
# Likes # Likes : 10

View user profile

Back to top Go down

Re: My PC has been hijacked! Please help.

Post by xs11ax on Thu Apr 08, 2010 4:34 am

Hi

something else is hapening now. i think it only happens in the evening. sometimes when clicking on links the page opens up and then re-directs to a different site. then no matter how many times i click on the link it always re-directs.



OTL logfile created on: 08/04/2010 09:28:20 - Run 3
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\xs11ax\Desktop
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 64.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 78.98 Gb Free Space | 52.99% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SUPER-PC
Current User Name: xs11ax
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/03/30 09:50:22 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\xs11ax\Desktop\OTL.exe
PRC - [2010/03/17 11:00:38 | 002,059,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/03/17 11:00:34 | 000,617,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/03/17 11:00:34 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/03/17 11:00:31 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/03/17 10:59:46 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/03/17 10:59:45 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/03/17 10:59:44 | 001,086,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/06/12 12:34:16 | 001,414,144 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
PRC - [2009/06/02 10:10:08 | 000,637,952 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2009/05/28 13:45:00 | 000,132,096 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2009/03/30 10:11:14 | 000,120,320 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2009/03/05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/09/18 13:09:04 | 000,552,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\Program Files\SiS VGA Utilities\SiSTray.exe
PRC - [2007/08/13 22:47:38 | 000,364,544 | ---- | M] () -- C:\Program Files\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe
PRC - [2007/08/10 04:26:42 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006/05/16 20:58:18 | 000,213,936 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe


========== Modules (SafeList) ==========

MOD - [2010/03/30 09:50:22 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\xs11ax\Desktop\OTL.exe
MOD - [2008/01/21 03:33:14 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/03/17 11:00:31 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/17 10:59:46 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/03/12 21:47:47 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/09/21 19:30:15 | 001,028,432 | ---- | M] (Lavasoft) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/06/02 10:10:08 | 000,637,952 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/01/21 03:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.783
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20091209.4
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: {4D144BC3-23FB-47de-90C5-63CCB0139CCF}:1.0

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/03/18 10:55:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/07/08 14:14:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/01 21:15:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/01 21:29:46 | 000,000,000 | ---D | M]

[2009/03/10 14:31:38 | 000,000,000 | ---D | M] -- C:\Users\xs11ax\AppData\Roaming\Mozilla\Extensions
[2010/04/07 19:57:51 | 000,000,000 | ---D | M] -- C:\Users\xs11ax\AppData\Roaming\Mozilla\Firefox\Profiles\1iqf1tr3.default\extensions
[2009/09/03 00:35:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\xs11ax\AppData\Roaming\Mozilla\Firefox\Profiles\1iqf1tr3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/12/04 10:48:32 | 000,000,000 | ---D | M] (TradeManager-Plugin) -- C:\Users\xs11ax\AppData\Roaming\Mozilla\Firefox\Profiles\1iqf1tr3.default\extensions\{4D144BC3-23FB-47de-90C5-63CCB0139CCF}
[2010/02/10 12:57:29 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\xs11ax\AppData\Roaming\Mozilla\Firefox\Profiles\1iqf1tr3.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/03/15 23:00:29 | 000,000,000 | ---D | M] -- C:\Users\xs11ax\AppData\Roaming\Mozilla\Firefox\Profiles\1iqf1tr3.default\extensions\firebug@software.joehewitt.com
[2010/04/01 21:31:27 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/02/22 20:35:13 | 000,000,000 | ---D | M] (Internal security) -- C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}
[2009/09/16 01:48:04 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\staff@hide-my-ip.com
[2010/04/01 21:15:34 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/04/01 21:15:34 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/04/01 21:15:34 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/04/01 21:15:34 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SiSTray] C:\Program Files\SiS VGA Utilities\SiSTray.exe (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [TouchPadHotKey] C:\Program Files\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKCU..\Run: [RTHDBPL] C:\Users\xs11ax\AppData\Roaming\SystemProc\lsass.exe File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_19)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} [You must be registered and logged in to see this link.] (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_19)
O16 - DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} [You must be registered and logged in to see this link.] (CheckersZPA Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\xs11ax\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\xs11ax\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010/04/01 21:25:56 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/04/01 20:55:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/04/01 20:55:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/04/01 20:55:00 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/04/01 20:41:51 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\Adobe Reader 9 Installer
[2010/04/01 20:29:54 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS
[2010/04/01 20:25:55 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/03/31 13:10:41 | 000,000,000 | ---D | C] -- C:\Program Files\Xvid
[2010/03/31 13:10:06 | 000,662,136 | ---- | C] (Xvid team ) -- C:\Users\xs11ax\Desktop\Xvid-1.2.1-04122008.exe
[2010/03/30 09:50:19 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Users\xs11ax\Desktop\OTL.exe
[2010/03/29 21:52:35 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/03/29 15:25:46 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

========== Files - Modified Within 14 Days ==========

[2010/04/08 09:26:56 | 001,835,008 | -HS- | M] () -- C:\Users\xs11ax\NTUSER.DAT
[2010/04/08 09:10:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/08 09:08:09 | 058,646,228 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/04/08 08:47:01 | 000,000,290 | -H-- | M] () -- C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2010/04/08 08:45:31 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/04/08 08:45:31 | 000,600,378 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/04/08 08:45:31 | 000,105,852 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/04/08 08:41:14 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/04/08 08:41:14 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/04/08 08:41:13 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/08 08:41:12 | 000,000,242 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/04/08 08:41:01 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/04/08 08:40:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/04/08 08:40:45 | 1876,082,688 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/08 00:15:12 | 000,524,288 | -HS- | M] () -- C:\Users\xs11ax\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms
[2010/04/08 00:15:12 | 000,065,536 | -HS- | M] () -- C:\Users\xs11ax\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf
[2010/04/08 00:15:03 | 001,661,480 | -H-- | M] () -- C:\Users\xs11ax\AppData\Local\IconCache.db
[2010/04/07 20:33:24 | 000,100,908 | ---- | M] () -- C:\Users\xs11ax\Desktop\SystemLook.exe
[2010/04/07 09:23:27 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{882935C0-6055-4445-AA55-F48054CB6E51}.job
[2010/04/06 19:29:03 | 000,000,472 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/04/05 22:24:39 | 000,007,156 | ---- | M] () -- C:\Users\xs11ax\Desktop\rapidconnection.cache
[2010/04/02 10:09:54 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2010/04/01 21:30:40 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/04/01 20:42:40 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/04/01 00:40:51 | 000,000,082 | ---- | M] () -- C:\Users\xs11ax\Desktop\mystyle.css
[2010/04/01 00:40:21 | 000,000,486 | ---- | M] () -- C:\Users\xs11ax\Desktop\test.html
[2010/03/31 21:46:44 | 000,565,488 | ---- | M] () -- C:\Users\xs11ax\AppData\Local\prvlcl.dat
[2010/03/31 13:10:08 | 000,662,136 | ---- | M] (Xvid team ) -- C:\Users\xs11ax\Desktop\Xvid-1.2.1-04122008.exe
[2010/03/31 13:07:55 | 000,007,680 | ---- | M] () -- C:\Users\xs11ax\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/30 09:50:22 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\xs11ax\Desktop\OTL.exe
[2010/03/29 17:27:49 | 003,905,577 | ---- | M] () -- C:\Users\xs11ax\Desktop\ComboFix.exe
[2010/03/29 15:25:47 | 000,001,874 | ---- | M] () -- C:\Users\xs11ax\Desktop\HijackThis.lnk
[2010/03/26 00:27:26 | 000,000,884 | ---- | M] () -- C:\Users\xs11ax\Desktop\csstest.html
[2010/03/25 23:35:41 | 000,006,454 | ---- | M] () -- C:\Users\xs11ax\Desktop\index - Copy.html

========== Files Created - No Company Name ==========

[2010/04/07 20:33:19 | 000,100,908 | ---- | C] () -- C:\Users\xs11ax\Desktop\SystemLook.exe
[2010/04/05 22:23:43 | 000,007,156 | ---- | C] () -- C:\Users\xs11ax\Desktop\rapidconnection.cache
[2010/04/02 10:09:54 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2010/04/01 21:30:40 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/04/01 20:42:40 | 000,001,887 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/03/31 21:12:10 | 000,000,082 | ---- | C] () -- C:\Users\xs11ax\Desktop\mystyle.css
[2010/03/31 21:09:16 | 000,000,486 | ---- | C] () -- C:\Users\xs11ax\Desktop\test.html
[2010/03/31 13:10:41 | 000,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/03/31 13:10:41 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/03/31 13:10:41 | 000,110,592 | ---- | C] () -- C:\Windows\System32\xvid.ax
[2010/03/29 17:27:00 | 003,905,577 | ---- | C] () -- C:\Users\xs11ax\Desktop\ComboFix.exe
[2010/03/29 15:25:47 | 000,001,874 | ---- | C] () -- C:\Users\xs11ax\Desktop\HijackThis.lnk
[2010/03/25 23:55:14 | 000,000,884 | ---- | C] () -- C:\Users\xs11ax\Desktop\csstest.html
[2010/02/22 02:47:01 | 000,565,488 | ---- | C] () -- C:\Users\xs11ax\AppData\Local\prvlcl.dat
[2010/02/07 14:31:20 | 000,000,036 | ---- | C] () -- C:\Users\xs11ax\AppData\Local\housecall.guid.cache
[2009/03/06 23:29:36 | 000,007,680 | ---- | C] () -- C:\Users\xs11ax\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/03 20:23:57 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/01/21 03:32:21 | 000,021,560 | ---- | C] () -- C:\Windows\System32\drivers\atapi.sys
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== LOP Check ==========

[2009/12/01 00:43:31 | 000,000,000 | ---D | M] -- C:\Users\xs11ax\AppData\Roaming\Listing Factory 2009
[2009/07/08 14:26:25 | 000,000,000 | ---D | M] -- C:\Users\xs11ax\AppData\Roaming\Nokia
[2009/03/10 23:40:39 | 000,000,000 | ---D | M] -- C:\Users\xs11ax\AppData\Roaming\Paltalk
[2009/07/08 14:20:35 | 000,000,000 | ---D | M] -- C:\Users\xs11ax\AppData\Roaming\PC Suite
[2009/10/12 11:02:30 | 000,000,000 | ---D | M] -- C:\Users\xs11ax\AppData\Roaming\Photo2Sketch
[2010/02/25 13:01:03 | 000,000,000 | -HSD | M] -- C:\Users\xs11ax\AppData\Roaming\SystemProc
[2010/04/06 19:29:03 | 000,000,472 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2010/04/08 00:15:23 | 000,032,552 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/04/07 09:23:27 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{882935C0-6055-4445-AA55-F48054CB6E51}.job
[2010/04/08 08:41:12 | 000,000,242 | -H-- | M] () -- C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/04/08 08:47:01 | 000,000,290 | -H-- | M] () -- C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

========== Purity Check ==========


< End of report >

xs11ax
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-03-29
OS OS : windows vista
Points Points : 24668
# Likes # Likes : 0

View user profile

Back to top Go down

Re: My PC has been hijacked! Please help.

Post by Dr Jay on Thu Apr 08, 2010 11:05 am

Please download the [You must be registered and logged in to see this link.]. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any
"<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.

Post the contents of GMER.txt in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13753
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302235
# Likes # Likes : 10

View user profile

Back to top Go down

Re: My PC has been hijacked! Please help.

Post by xs11ax on Sat Apr 17, 2010 9:32 pm

Hi,

sorry just been really busy.

i have tried gmer a few times. even left it running overnight. it either stalls and i have to reset my pc or when it does not get jammed it doesnt do anything.

xs11ax
Novice
Novice

Posts Posts : 18
Joined Joined : 2010-03-29
OS OS : windows vista
Points Points : 24668
# Likes # Likes : 0

View user profile

Back to top Go down

Re: My PC has been hijacked! Please help.

Post by Dr Jay on Sat Apr 17, 2010 9:47 pm

Please download RootRepeal from [You must be registered and logged in to see this link.].

  • Extract the program file to your Desktop.
  • Run the program RootRepeal.exe.
  • Click Settings > Options. Drag the slider to High Level. Then, click the Red X.
  • Go to the Report tab and click on the Scan button.


  • Select ALL of the checkboxes and then click OK and it will start scanning your system.

  • If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
  • When done, click on Save Report
  • Save it to the Desktop.
  • Please copy/paste the contents of the report in your next reply.

Please remove any e-mail address in the RootRepeal report (if present).


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13753
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302235
# Likes # Likes : 10

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum