Strange Files In System32

View previous topic View next topic Go down

Strange Files In System32

Post by FakiaKun224 on Tue 22 Feb 2011, 10:01 am

I have the suspension of belief that I may have a virus in my computer, or some kind of other sneaky program on my computer after doing a little bit of snooping after installing my external drive, where I had originally found some strange .sys files that cannot be seen in my System32, but NOD32 SysInspector reports they are there and "unknown". When I tried to look up the files, all sources pointed to rootkits and viruses and other nasty stuff that just plain worried me. NOD32 and SuperAntiSpyware haven't picked it up, but things are acting a bit...odd, in terms of my computer. If it turns out there was no virus, I'm sorry for bothering, but I'm just worried. Here's the OTL:

OTL logfile created on: 2/21/2011 5:09:36 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = F:\Owner\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 33.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 65.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.15 Gb Total Space | 20.93 Gb Free Space | 15.04% Space Free | Partition Type: NTFS
Drive F: | 142.94 Gb Total Space | 32.53 Gb Free Space | 22.76% Space Free | Partition Type: NTFS

Computer Name: PUROSESU | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/21 17:08:43 | 000,602,624 | ---- | M] (OldTimer Tools) -- F:\Owner\Downloads\OTL.com
PRC - [2011/02/17 15:42:23 | 001,087,070 | ---- | M] (mIRC Co. Ltd.) -- C:\Program Files\mIRC\mirc.exe
PRC - [2011/01/16 11:05:51 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2010/12/10 18:57:58 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/12/10 18:57:58 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/11/10 01:13:30 | 000,025,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2009/11/24 14:25:34 | 004,463,400 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\Wacom_Tablet.exe
PRC - [2009/11/24 14:25:34 | 001,823,528 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\WTablet\Wacom_TabletUser.exe
PRC - [2009/09/25 23:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 01:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009/02/26 11:02:36 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/02/06 13:23:36 | 000,727,720 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2009/02/06 13:23:12 | 002,021,400 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2008/12/04 13:24:30 | 000,665,424 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2008/09/30 14:06:50 | 000,485,208 | ---- | M] (Nikon Corporation) -- C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
PRC - [2008/09/26 02:00:00 | 000,199,680 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_FATIFBA.EXE
PRC - [2008/08/19 05:26:00 | 006,265,376 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/07/29 20:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008/07/29 20:52:50 | 000,526,896 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
PRC - [2008/06/02 12:26:38 | 000,319,488 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
PRC - [2008/06/02 12:26:22 | 000,319,488 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
PRC - [2008/06/02 12:25:40 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
PRC - [2008/04/25 23:36:20 | 000,045,056 | ---- | M] (NewTech InfoSystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
PRC - [2008/04/25 23:36:20 | 000,028,672 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
PRC - [2008/04/25 23:36:02 | 000,131,072 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
PRC - [2008/04/03 07:00:30 | 000,136,488 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\WTablet\Pen_TabletUser.exe
PRC - [2008/04/03 06:59:48 | 003,024,168 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\Pen_Tablet.exe
PRC - [2008/03/03 15:11:14 | 000,016,384 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
PRC - [2008/01/20 21:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/05/17 16:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2007/04/10 16:46:52 | 000,709,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX1000.exe


========== Modules (SafeList) ==========

MOD - [2011/02/21 17:08:43 | 000,602,624 | ---- | M] (OldTimer Tools) -- F:\Owner\Downloads\OTL.com
MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/01/20 08:44:03 | 000,797,184 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2010/11/03 16:02:04 | 004,294,288 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/24 14:25:34 | 004,463,400 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\System32\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV - [2009/09/25 23:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009/02/06 13:27:06 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/02/06 13:23:36 | 000,727,720 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2008/07/29 20:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008/06/02 12:25:40 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008/04/25 23:36:20 | 000,045,056 | ---- | M] (NewTech InfoSystems, Inc.) [Auto | Running] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -- (NTIBackupSvc)
SRV - [2008/04/25 23:36:02 | 000,131,072 | ---- | M] () [Auto | Running] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -- (NTISchedulerSvc)
SRV - [2008/04/03 06:59:48 | 003,024,168 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\System32\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2008/03/03 15:11:14 | 000,016,384 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe -- (BUNAgentSvc)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/05/17 16:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)


========== Driver Services (SafeList) ==========

DRV - [2010/05/27 14:01:58 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/04/03 21:55:32 | 011,573,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/02/19 12:48:51 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/02/19 12:48:51 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/08/27 17:06:32 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2009/04/10 23:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/02/06 13:24:26 | 000,092,800 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV - [2009/02/06 13:23:18 | 000,106,208 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/02/06 13:19:52 | 000,113,448 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamon.sys -- (eamon)
DRV - [2009/01/19 14:41:14 | 000,517,120 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28.sys -- (netr28)
DRV - [2009/01/08 18:00:54 | 000,016,640 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DsAudioDevice_282.sys -- (DsAudioDevice_282)
DRV - [2008/08/19 05:03:00 | 002,161,760 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/08/18 05:58:16 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2008/07/29 20:53:12 | 000,060,464 | ---- | M] (Egis Incorporated) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSDVdisk.sys -- (psdvdisk)
DRV - [2008/07/29 20:53:10 | 000,018,992 | ---- | M] (Egis Incorporated) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\psdfilter.sys -- (PSDFilter)
DRV - [2008/07/29 20:53:10 | 000,016,944 | ---- | M] (Egis Incorporated) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSDNServ.sys -- (PSDNServ)
DRV - [2008/06/02 12:20:12 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008/02/25 19:29:24 | 000,014,544 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVicPort.sys -- (tvicport)
DRV - [2008/02/25 19:29:24 | 000,006,080 | ---- | M] (Zeal SoftStudio) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\zntport.sys -- (zntport)
DRV - [2008/01/30 04:52:06 | 000,014,848 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2008/01/30 04:51:50 | 000,013,824 | ---- | M] (NewTech Infosystems Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\UBHelper.sys -- (UBHelper)
DRV - [2008/01/20 21:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 21:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 21:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 21:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 21:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 21:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 21:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 21:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 21:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 21:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/20 21:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 21:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 21:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 21:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 21:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 21:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 21:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 21:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 21:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 21:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 21:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 21:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/11/17 06:39:50 | 001,040,544 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/06/18 19:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/06/02 13:59:42 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter)
DRV - [2007/04/10 16:46:53 | 001,966,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VX1000.sys -- (VX1000)
DRV - [2007/02/16 10:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2007/02/15 15:11:28 | 000,011,440 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WacomVKHid.sys -- (WacomVKHid)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2002/07/17 14:20:32 | 000,084,832 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ASPI32.SYS -- (ASPI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [You must be registered and logged in to see this link.] [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.3.5
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.6.1
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.5.2
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.2.4

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/10 18:58:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/02/11 06:16:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2009/09/13 20:27:20 | 000,000,000 | ---D | M]

[2009/02/27 15:46:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions
[2011/02/20 23:58:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\g9x6mh9a.default\extensions
[2010/04/27 15:03:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\g9x6mh9a.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/09 22:06:55 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\g9x6mh9a.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2011/02/16 06:13:24 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\g9x6mh9a.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/12/24 02:51:50 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\g9x6mh9a.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/01/26 06:09:54 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\g9x6mh9a.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/05/29 14:39:39 | 000,000,000 | ---D | M] (FabTabs) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\g9x6mh9a.default\extensions\fabtab@captaincaveman.nl
[2010/09/12 12:23:10 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\g9x6mh9a.default\extensions\personas@christopher.beard
[2010/06/06 13:39:02 | 000,000,000 | ---D | M] (Veoh Video Compass) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\g9x6mh9a.default\extensions\searchrecs@veoh.com
[2011/01/22 18:33:35 | 000,000,000 | ---D | M] (LavaFox V1-Purple) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\g9x6mh9a.default\extensions\zigboom555@aol.com
[2010/06/03 05:24:58 | 000,001,121 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\g9x6mh9a.default\searchplugins\maple-story-auction-search.xml
[2009/08/07 16:36:20 | 000,001,632 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\g9x6mh9a.default\searchplugins\weathercom.xml
[2009/03/08 16:51:51 | 000,000,705 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\g9x6mh9a.default\searchplugins\webster.xml
[2009/04/25 22:21:53 | 000,000,945 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\g9x6mh9a.default\searchplugins\youtube-video-search.xml
[2011/01/16 17:26:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/11 21:38:49 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/10/14 15:03:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/07 15:10:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/23 11:07:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/19 16:13:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2009/03/31 20:34:06 | 000,303,871 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 10469 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - File not found
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Program Files\Acer\Empowering Technology\SysMonitor.exe ()
O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files\Acer\Acer Registration\ACE1.exe (Leader Technologies)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BkupTray] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe ()
O4 - HKLM..\Run: [CarboniteSetupLite] C:\Program Files\Carbonite\CarbonitePreinstaller.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [EmpoweringTechnology] File not found
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [NapsterShell] File not found
O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - HKLM..\Run: [PhilipsSA33XXDM] C:\Program Files\Philips\SA33XX\Philips Device Manager\Bin\LaunchDM.exe (Koninklijke Philips Electronics N.V.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [EPSON NX110 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIFBA.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe (IGN Entertainment)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_23)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} [You must be registered and logged in to see this link.] (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{f5146f73-f281-11df-8800-00219763450f}\Shell - "" = AutoRun
O33 - MountPoints2\{f5146f73-f281-11df-8800-00219763450f}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: mcmscsvc - Service
SafeBootMin: MCODS - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: hitmanpro35 - Reg Error: Value error.
SafeBootNet: hitmanpro35.sys - Reg Error: Value error.
SafeBootNet: mcmscsvc - Service
SafeBootNet: MCODS - Service
SafeBootNet: Messenger - Service
SafeBootNet: MpfService - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.vorbis - C:\Windows\System32\vorbis.acm (HMS [You must be registered and logged in to see this link.]
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L)
Drivers32: VIDC.I420 - lvcodec2.dll File not found
Drivers32: vidc.tscc - C:\Windows\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: VIDC.XFR1 - C:\Windows\System32\xfcodec.dll ()
Drivers32: vidc.XVID - xvidvfw.dll File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/02/21 17:01:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/02/21 12:37:16 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{8DE93205-4C39-482B-BC4D-A78774841FCC}
[2011/02/21 11:19:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
[2011/02/21 11:18:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Seagate
[2011/02/21 11:18:57 | 000,000,000 | ---D | C] -- C:\Program Files\Seagate
[2011/02/21 11:18:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Carbonite
[2011/02/21 11:18:02 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Downloaded Installations
[2011/02/21 11:18:00 | 000,000,000 | ---D | C] -- C:\Program Files\Carbonite
[2011/02/21 11:17:59 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache
[2011/02/21 00:37:05 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{77CB5EF7-4047-4C5B-81FA-832085CFDE1C}
[2011/02/20 12:36:43 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{025992AB-B248-4DE7-A5C4-78F51C4859A0}
[2011/02/19 19:51:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RAR Password Cracker
[2011/02/19 19:45:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acoustica Mixcraft 5
[2011/02/19 19:42:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Acoustica
[2011/02/19 19:42:10 | 000,000,000 | ---D | C] -- C:\Program Files\Acoustica Mixcraft 5
[2011/02/19 18:38:18 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{2140F366-4616-4185-B64F-52BEBB43DAF3}
[2011/02/19 06:38:07 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{1C934AB9-C82B-4E68-80F8-38653B238E7F}
[2011/02/18 18:37:56 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{92EB39BC-C708-4019-9F32-961D334DD169}
[2011/02/18 06:37:32 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{2C3758BF-482B-4763-9075-6150140C93FD}
[2011/02/17 18:37:08 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{E98123B0-F71D-49D1-B37B-3E30E6051673}
[2011/02/17 15:43:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mIRC
[2011/02/17 15:43:21 | 000,000,000 | ---D | C] -- C:\Program Files\mIRC
[2011/02/17 06:36:44 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{71DAEED5-B443-488F-B7D1-7A2D1ADD6080}
[2011/02/16 21:56:37 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\mIRC
[2011/02/16 18:36:20 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{F0F8E7D7-8E43-40AD-B5C9-8A03FAF5BA1B}
[2011/02/16 06:35:56 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{B618568E-9AD2-48FE-9598-A3422D794EBF}
[2011/02/15 18:35:31 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{D045D64A-FC45-4D49-BBC6-0D59B251E3A7}
[2011/02/15 06:35:07 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{284B2442-E483-4023-8890-5B1099034D2A}
[2011/02/14 18:34:43 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{E1AFC547-322E-4E18-B1BB-E5A677A4F976}
[2011/02/14 06:34:19 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{098CABEB-D12D-4C32-ABBF-806DE8E5A34C}
[2011/02/13 18:33:56 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{41443634-FB88-41E7-A7EB-59CC9B749649}
[2011/02/13 06:33:45 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{C0B4DABA-F9AA-41CD-9920-025679BD3EC5}
[2011/02/12 18:33:34 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{48668E0D-69B1-47D0-B74D-B544BB0FF945}
[2011/02/12 06:33:23 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{187339BC-5EA7-47A6-A396-3E5249DB5AB2}
[2011/02/11 18:33:12 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{503B2F8E-C94F-471B-AB8C-EFF93E8C0070}
[2011/02/11 06:32:48 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{BD43B105-8A18-4C9F-AFF9-D878D4285BE1}
[2011/02/10 18:32:23 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{C8E92FB3-29BE-4277-915F-B042F940F649}
[2011/02/10 06:31:58 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{3E0530EF-4536-4CB4-9307-FC75006D3FA3}
[2011/02/09 18:31:33 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{487747BC-4A1B-4E1D-B730-8166E64B3B63}
[2011/02/09 06:31:09 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{D9BDAC60-B635-4B30-9EAC-04A8B0E546A1}
[2011/02/08 18:30:46 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{DB7EFD5B-97CD-42EA-8038-0931EA8447F3}
[2011/02/08 15:10:36 | 002,039,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/02/08 15:10:30 | 003,602,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/02/08 15:10:29 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/02/08 15:10:20 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/02/08 15:10:20 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/02/08 15:10:19 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/02/08 15:10:19 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/02/08 15:10:18 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/02/08 15:10:18 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/02/08 15:10:18 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/02/08 15:10:18 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/02/08 15:10:18 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/02/08 15:10:18 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/02/08 15:10:18 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/02/08 15:10:17 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/02/08 15:10:17 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/02/08 15:10:17 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/02/08 15:10:17 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/02/08 15:10:17 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/02/08 15:10:17 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/02/08 15:10:13 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011/02/08 15:10:13 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011/02/08 15:10:13 | 000,797,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll
[2011/02/08 15:10:12 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll
[2011/02/08 15:10:12 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011/02/08 15:10:11 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/02/08 15:10:11 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/02/08 15:10:11 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011/02/08 15:10:10 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2011/02/08 15:10:10 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll
[2011/02/08 15:10:10 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll
[2011/02/08 15:10:10 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011/02/08 15:10:09 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2011/02/08 15:10:09 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2011/02/08 15:10:09 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011/02/08 15:10:08 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011/02/08 15:10:08 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011/02/08 15:10:07 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2011/02/08 15:10:07 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2011/02/08 15:10:07 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2011/02/08 15:10:06 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2011/02/08 15:10:06 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2011/02/08 15:10:05 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2011/02/08 15:10:05 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011/02/08 15:10:04 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2011/02/08 15:09:24 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/02/08 15:09:24 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/02/08 06:30:22 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{03087F46-B4B1-49E4-8056-006E88AD2D8D}
[2011/02/07 18:29:58 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{71193FC7-FF2C-430D-B2AE-B8A723DBEE4B}
[2011/02/07 06:29:34 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{CAC33043-2E0A-4D9A-820C-FE5CB9F083A6}
[2011/02/06 18:29:09 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{AC386BA9-47D5-4F95-A365-4B149C6B5D5F}
[2011/02/06 06:28:58 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{00EAE84B-14B7-423F-9234-506919A2A7BF}
[2011/02/05 18:28:46 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{4C1CAD9D-2A7B-4979-81F5-EE484E499817}
[2011/02/05 06:28:35 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{00F77D9A-85BE-4D23-9F30-DE7773CE31BE}
[2011/02/04 18:28:24 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{80601623-2463-4544-8F69-E26609C45B86}
[2011/02/04 06:28:00 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{4747E947-34D9-47D1-96D2-925D2DB1DA5A}
[2011/02/03 18:27:36 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{4E341F5E-F88C-46C0-B9E4-FCBB98D1981A}
[2011/02/03 06:27:11 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{FD66C7E3-C004-4229-A777-69DD208B877B}
[2011/02/02 18:26:47 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{AE13750B-C29D-4A28-B54D-28F246E20400}
[2011/02/02 06:26:35 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{03AFEC71-31A6-40E4-B13F-710BE98B9F62}
[2011/02/02 00:03:16 | 000,000,000 | ---D | C] -- F:\Owner\Documents\HTMLCrap
[2011/02/01 18:26:24 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{4944847B-4B63-4CE9-B2A2-349D426CB14F}
[2011/02/01 06:26:00 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{657909C5-DA56-4CEB-9FB6-6D6460981D73}
[2011/01/31 18:25:36 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{DF3D1BC8-2CEF-470B-9EB5-6CD66E8198C0}
[2011/01/31 06:25:12 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{CD78B160-C1BB-4605-9200-5398DFD57F52}
[2011/01/30 18:24:47 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{6A51A1DD-E780-4E97-871E-70129BB0868B}
[2011/01/30 06:24:36 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{B289BC39-01F2-4FB4-92C1-AC558D92E8F2}
[2011/01/29 18:24:24 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{D4C18EEA-A5EB-44ED-A13E-ECC63A263898}
[2011/01/29 06:24:12 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{D818678F-79CC-44DA-B614-24AB125A6B40}
[2011/01/28 21:16:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StepMania
[2011/01/28 21:16:35 | 000,000,000 | ---D | C] -- C:\Program Files\StepMania
[2011/01/28 18:24:01 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{0D17D3B2-8BD4-4E65-9DD4-F9ECF49FB0EC}
[2011/01/28 06:23:37 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{914CD5BE-56CB-41A9-AE0D-548179F4B124}
[2011/01/27 18:23:13 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{7AC9115C-A7EB-4D2B-B079-000DD08DEACB}
[2011/01/27 06:22:49 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{A642DD86-9A61-4AC5-868C-79B4C263A5DA}
[2011/01/26 18:22:25 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{95ADC833-109F-4C54-86A8-8289763A4BA9}
[2011/01/26 06:22:01 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{E11694F4-D9CB-4E31-82FF-260A8633C4E3}
[2011/01/25 18:21:37 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{0A88EB95-9134-4005-AE2E-1C1E5798BB4D}
[2011/01/25 06:21:14 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{F46DE901-D7D0-40E7-A174-D174E1D9D45F}
[2011/01/24 18:20:50 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{96E18AAC-BC34-4C87-BFC9-8F3FF3282EA0}
[2011/01/24 06:20:26 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{D5CF43EA-FA1C-471E-9BB4-47C64ADF3072}
[2011/01/23 18:20:03 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{FEED2F3E-56DE-49B3-BD78-D7866AE232AD}
[2011/01/23 06:19:52 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{748F07AB-466C-47E9-8504-28FA19522926}
[2011/01/23 06:19:51 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{7B0294B3-B2F1-4060-8D59-E66E64681639}
[2011/01/22 18:19:24 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{D65F463C-DAFA-404B-A5B9-C0EA0640466A}
[2009/02/28 01:30:53 | 1080,580,624 | ---- | C] (Macrovision Corporation ) -- C:\Program Files\MSSetupv65.exe
[2009/01/18 16:30:04 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll


FakiaKun224

Newbie Surfer
Newbie Surfer

Posts : 17
Joined : 2011-02-22
Operating System : Windows Vista Home Premium

View user profile

Back to top Go down

Re: Strange Files In System32

Post by FakiaKun224 on Tue 22 Feb 2011, 10:02 am

Part 2

========== Files - Modified Within 30 Days ==========

[2011/02/21 17:01:23 | 000,016,968 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/02/21 16:35:06 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/02/21 16:35:06 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/21 11:59:39 | 000,102,400 | ---- | M] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/21 11:19:37 | 000,002,025 | ---- | M] () -- C:\Users\Public\Desktop\Seagate Manager.lnk
[2011/02/21 11:18:03 | 000,001,858 | ---- | M] () -- C:\Users\Public\Desktop\Carbonite Online Backup Setup.lnk
[2011/02/21 11:14:37 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/02/21 11:14:37 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/02/20 18:27:16 | 000,034,901 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/02/20 18:27:14 | 000,034,901 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/02/20 18:00:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/20 17:41:06 | 001,227,128 | ---- | M] () -- F:\Owner\Documents\othersideopen.wav
[2011/02/20 16:13:14 | 000,800,944 | ---- | M] () -- F:\Owner\Documents\erinpop.wav
[2011/02/20 12:36:00 | 000,016,396 | ---- | M] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2011/02/20 12:35:16 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/20 12:35:11 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2011/02/20 12:35:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/02/19 20:33:15 | 000,543,224 | ---- | M] () -- F:\Owner\Documents\sextingtone.mp3
[2011/02/19 20:12:14 | 005,295,420 | ---- | M] () -- F:\Owner\Documents\talkhaussingsdrag.mp3
[2011/02/19 19:45:33 | 000,000,821 | ---- | M] () -- C:\Users\Public\Desktop\Mixcraft 5.lnk
[2011/02/19 19:20:56 | 000,012,656 | ---- | M] () -- F:\Owner\Documents\dragonstalk.mx5
[2011/02/19 11:05:48 | 000,139,764 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat
[2011/02/18 18:48:13 | 000,003,944 | ---- | M] () -- C:\Users\Owner\.recently-used.xbel
[2011/02/17 15:43:24 | 000,000,565 | ---- | M] () -- C:\Windows\wininit.ini
[2011/02/17 15:43:22 | 000,000,752 | ---- | M] () -- C:\Users\Public\Desktop\mIRC.lnk
[2011/02/14 22:42:07 | 000,000,744 | ---- | M] () -- F:\Owner\Desktop\NodLogin Force.lnk
[2011/02/14 22:42:07 | 000,000,730 | ---- | M] () -- F:\Owner\Desktop\NodLogin normal.lnk
[2011/02/11 06:16:44 | 000,001,891 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2011/02/08 15:19:20 | 000,322,336 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/01/24 22:00:16 | 000,002,631 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Corel Painter Essentials 2.lnk

========== Files Created - No Company Name ==========

[2011/02/21 17:01:23 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/02/21 11:19:37 | 000,002,025 | ---- | C] () -- C:\Users\Public\Desktop\Seagate Manager.lnk
[2011/02/21 11:18:03 | 000,001,858 | ---- | C] () -- C:\Users\Public\Desktop\Carbonite Online Backup Setup.lnk
[2011/02/20 17:41:05 | 001,227,128 | ---- | C] () -- F:\Owner\Documents\othersideopen.wav
[2011/02/20 16:13:14 | 000,800,944 | ---- | C] () -- F:\Owner\Documents\erinpop.wav
[2011/02/19 20:33:13 | 000,543,224 | ---- | C] () -- F:\Owner\Documents\sextingtone.mp3
[2011/02/19 20:12:02 | 005,295,420 | ---- | C] () -- F:\Owner\Documents\talkhaussingsdrag.mp3
[2011/02/19 19:45:33 | 000,000,821 | ---- | C] () -- C:\Users\Public\Desktop\Mixcraft 5.lnk
[2011/02/19 19:20:55 | 000,012,656 | ---- | C] () -- F:\Owner\Documents\dragonstalk.mx5
[2011/02/19 11:05:48 | 000,139,764 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/02/18 18:48:13 | 000,003,944 | ---- | C] () -- C:\Users\Owner\.recently-used.xbel
[2011/02/17 15:43:22 | 000,000,752 | ---- | C] () -- C:\Users\Public\Desktop\mIRC.lnk
[2010/08/04 12:43:52 | 000,237,568 | ---- | C] () -- C:\Windows\System32\Unlha32.dll
[2010/08/04 12:43:51 | 000,473,600 | ---- | C] () -- C:\Windows\System32\Harmony.dll
[2010/06/19 19:30:36 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/06/09 22:07:18 | 000,000,565 | ---- | C] () -- C:\Windows\wininit.ini
[2010/03/18 14:21:05 | 000,230,752 | ---- | C] () -- C:\Windows\patchw32.dll
[2010/03/18 14:21:04 | 000,118,176 | ---- | C] () -- C:\Windows\patchw.dll
[2010/03/04 07:00:37 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2010/03/03 18:02:59 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010/03/03 18:01:28 | 000,000,071 | ---- | C] () -- C:\Windows\EPNX110.ini
[2010/01/29 20:32:00 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Quartz Composer
[2010/01/29 20:32:00 | 000,000,268 | RH-- | C] () -- C:\Users\Owner\AppData\Roaming\PrintingModule
[2010/01/29 20:32:00 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2010/01/29 20:32:00 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Robot
[2009/12/25 06:51:19 | 000,016,396 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2009/11/11 11:51:00 | 000,034,901 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/11/11 11:51:00 | 000,034,901 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/10/14 18:58:06 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2009/09/12 18:02:49 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/20 13:56:25 | 000,000,000 | ---- | C] () -- C:\Windows\JCMKR32.INI
[2009/06/20 20:45:08 | 000,027,043 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\UserTile.png
[2009/05/02 20:45:24 | 000,000,809 | ---- | C] () -- C:\Windows\NTIWVEDT.INI
[2009/03/20 19:40:50 | 000,014,336 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/02/28 13:09:04 | 000,002,020 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat
[2009/02/27 19:22:00 | 000,102,400 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/18 17:16:10 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2007/04/10 16:46:52 | 000,015,498 | ---- | C] () -- C:\Windows\VX1000.ini
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/10/10 12:41:41 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
[2006/10/10 12:41:41 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini
[2001/12/26 18:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/04 01:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 18:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/24 00:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== Custom Scans ==========


< %systemroot%\Fonts\*.com >
[2006/11/02 07:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 07:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 07:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/09/12 18:38:57 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 16:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/11/02 07:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 22:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2006/10/19 12:00:56 | 000,187,392 | ---- | M] () -- C:\Windows\Acer(Normal).scr
[2006/10/19 12:00:56 | 000,187,392 | ---- | M] () -- C:\Windows\Acer(Wide).scr

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/20 21:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
[2009/02/28 01:56:04 | 1080,580,624 | ---- | M] (Macrovision Corporation ) -- C:\Program Files\MSSetupv65.exe

< %APPDATA%\Update\*.* >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/05/15 14:09:28 | 000,000,286 | -HS- | M] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >
[2007/04/10 16:46:53 | 000,013,023 | ---- | M] () -- C:\Windows\VX1000.src

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >
[2003/06/13 16:23:00 | 000,004,304 | ---- | M] () -- C:\Windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >
[2010/11/26 23:05:11 | 410,255,741 | ---- | M] (Gretech Corp.) -- C:\Users\Owner\RumbleFighter-v1.8.7.EXE

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2010/03/02 18:26:54 | 000,008,192 | ---- | M] () -- C:\Windows\security\database\edb.chk
[2010/03/02 18:26:24 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edb.log
[2010/03/02 18:26:23 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs
[2010/03/02 18:26:24 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs
[2010/03/02 18:26:23 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbtmp.log
[2010/03/02 18:26:24 | 001,056,768 | ---- | M] () -- C:\Windows\security\database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2010/12/10 18:57:58 | 000,107,480 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2010/12/10 18:57:58 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2010/12/10 18:57:58 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
[2010/12/10 18:57:59 | 000,245,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2011/02/20 18:27:14 | 000,034,901 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/01/29 20:32:00 | 000,000,268 | RH-- | M] () -- C:\ProgramData\Quartz Composer
[2010/01/29 20:32:00 | 000,000,012 | RH-- | M] () -- C:\ProgramData\Robot

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 06:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009/03/08 06:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2010/12/18 01:22:10 | 000,184,320 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\iepeers.dll
[2009/04/11 01:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 01:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\system32\*.exe /lockedfiles >
[2010/10/15 09:08:12 | 003,602,320 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ntkrnlpa.exe

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/01/20 22:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 22:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 22:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\*.sys >
[2006/11/02 02:09:42 | 000,009,029 | ---- | M] () -- C:\Windows\System32\ANSI.SYS
[2009/04/11 01:32:46 | 000,245,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys
[2006/11/02 02:09:45 | 000,027,097 | ---- | M] () -- C:\Windows\System32\country.sys
[2006/11/02 02:09:41 | 000,004,768 | ---- | M] () -- C:\Windows\System32\HIMEM.SYS
[2006/11/02 02:09:44 | 000,042,809 | ---- | M] () -- C:\Windows\System32\KEY01.SYS
[2006/11/02 02:09:44 | 000,042,537 | ---- | M] () -- C:\Windows\System32\KEYBOARD.SYS
[2005/01/04 04:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Windows\System32\npptNT2.sys
[2006/11/02 02:09:29 | 000,027,866 | ---- | M] () -- C:\Windows\System32\NTDOS.SYS
[2006/11/02 02:09:35 | 000,029,146 | ---- | M] () -- C:\Windows\System32\NTDOS404.SYS
[2006/11/02 02:09:38 | 000,029,370 | ---- | M] () -- C:\Windows\System32\NTDOS411.SYS
[2006/11/02 02:09:40 | 000,029,274 | ---- | M] () -- C:\Windows\System32\NTDOS412.SYS
[2006/11/02 02:09:31 | 000,029,146 | ---- | M] () -- C:\Windows\System32\NTDOS804.SYS
[2006/11/02 02:09:20 | 000,033,952 | ---- | M] () -- C:\Windows\System32\NTIO.SYS
[2006/11/02 02:09:23 | 000,034,672 | ---- | M] () -- C:\Windows\System32\NTIO404.SYS
[2006/11/02 02:09:24 | 000,035,776 | ---- | M] () -- C:\Windows\System32\NTIO411.SYS
[2006/11/02 02:09:26 | 000,035,536 | ---- | M] () -- C:\Windows\System32\NTIO412.SYS
[2006/11/02 02:09:22 | 000,034,672 | ---- | M] () -- C:\Windows\System32\NTIO804.SYS
[2010/12/31 08:57:01 | 002,039,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

< %systemroot%\system32\drivers\*.dll >

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2006/11/02 07:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 22:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll

< %SYSTEMDRIVE%\*.* >
[2006/09/18 16:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 01:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2009/01/18 16:30:40 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2009/04/11 14:57:20 | 000,000,090 | ---- | M] () -- C:\CLMS.log
[2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2009/04/11 14:58:40 | 000,000,090 | ---- | M] () -- C:\Creator.log
[2009/12/05 15:43:26 | 000,230,424 | ---- | M] () -- C:\img2-001.raw
[2009/04/11 14:55:58 | 000,000,090 | ---- | M] () -- C:\MDisc.log
[2009/04/11 14:56:30 | 000,000,090 | ---- | M] () -- C:\MDR.log
[2011/02/20 12:34:58 | 3534,233,600 | -HS- | M] () -- C:\pagefile.sys
[2009/04/11 14:57:50 | 000,000,090 | ---- | M] () -- C:\PnR.log
[2009/04/11 14:58:20 | 000,000,090 | ---- | M] () -- C:\PSD.log
[2006/10/10 12:29:24 | 000,000,791 | ---- | M] () -- C:\RHDSetup.log
[2009/04/11 14:56:54 | 000,000,090 | ---- | M] () -- C:\SDMA.log

< %PROGRAMFILES%\*. >
[2009/02/26 11:01:51 | 000,000,000 | ---D | M] -- C:\Program Files\Acer
[2009/04/11 14:58:47 | 000,000,000 | ---D | M] -- C:\Program Files\Acer Arcade Live
[2009/04/11 14:54:48 | 000,000,000 | ---D | M] -- C:\Program Files\Acer GameZone
[2006/10/10 12:41:41 | 000,000,000 | ---D | M] -- C:\Program Files\Acer Incorporated
[2011/02/19 20:11:25 | 000,000,000 | ---D | M] -- C:\Program Files\Acoustica Mixcraft 5
[2011/02/19 19:44:47 | 000,000,000 | ---D | M] -- C:\Program Files\Acoustica Shared Effects
[2009/01/18 17:46:45 | 000,000,000 | ---D | M] -- C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[2010/04/13 13:53:31 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2010/03/27 00:09:10 | 000,000,000 | ---D | M] -- C:\Program Files\ArcSoft
[2010/08/04 12:43:51 | 000,000,000 | ---D | M] -- C:\Program Files\ASCII
[2009/03/09 14:53:06 | 000,000,000 | ---D | M] -- C:\Program Files\Audacity
[2010/11/22 11:08:01 | 000,000,000 | ---D | M] -- C:\Program Files\BitTorrent
[2011/02/21 11:18:00 | 000,000,000 | ---D | M] -- C:\Program Files\Carbonite
[2011/01/11 21:38:11 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2009/03/01 13:17:31 | 000,000,000 | ---D | M] -- C:\Program Files\Corel
[2009/01/18 17:21:35 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2010/01/31 20:24:33 | 000,000,000 | ---D | M] -- C:\Program Files\Daniusoft
[2009/04/10 21:34:45 | 000,000,000 | ---D | M] -- C:\Program Files\DOSBox-0.72
[2010/11/26 22:43:19 | 000,000,000 | ---D | M] -- C:\Program Files\Download Manager
[2010/03/03 18:07:59 | 000,000,000 | ---D | M] -- C:\Program Files\epson
[2010/03/03 18:05:23 | 000,000,000 | ---D | M] -- C:\Program Files\Epson Software
[2009/09/13 20:27:19 | 000,000,000 | ---D | M] -- C:\Program Files\ESET
[2009/04/11 14:49:10 | 000,000,000 | ---D | M] -- C:\Program Files\eSobi
[2009/03/20 19:40:51 | 000,000,000 | ---D | M] -- C:\Program Files\ffdshow
[2009/03/26 20:02:15 | 000,000,000 | ---D | M] -- C:\Program Files\GIMP-2.0
[2010/09/17 19:56:50 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2010/11/03 20:03:16 | 000,000,000 | ---D | M] -- C:\Program Files\Gravity
[2010/07/24 00:08:04 | 000,000,000 | ---D | M] -- C:\Program Files\Image-Line
[2011/02/21 11:19:39 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2011/02/08 15:16:39 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/12/19 16:13:00 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/10/14 15:04:36 | 000,000,000 | ---D | M] -- C:\Program Files\JRE
[2009/03/26 16:43:05 | 000,000,000 | ---D | M] -- C:\Program Files\Lame for Audacity
[2011/01/15 23:59:20 | 000,000,000 | ---D | M] -- C:\Program Files\Livestream Procaster
[2009/03/12 15:13:56 | 000,000,000 | ---D | M] -- C:\Program Files\Logitech
[2010/09/27 15:58:09 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ATS
[2009/02/28 13:32:32 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2006/11/02 07:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2009/03/12 15:28:50 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft LifeCam
[2009/01/18 17:46:16 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2011/02/15 06:07:47 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2009/10/13 14:05:16 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2010/06/25 02:01:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2011/02/17 15:44:31 | 000,000,000 | ---D | M] -- C:\Program Files\mIRC
[2010/08/10 14:23:13 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/12/10 18:58:00 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2006/11/02 07:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009/02/26 11:14:18 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2006/10/10 12:37:55 | 000,000,000 | ---D | M] -- C:\Program Files\NewTech Infosystems
[2010/01/29 20:33:01 | 000,000,000 | ---D | M] -- C:\Program Files\Nikon
[2010/05/25 13:50:24 | 000,000,000 | ---D | M] -- C:\Program Files\NVIDIA Corporation
[2011/02/15 15:21:49 | 000,000,000 | ---D | M] -- C:\Program Files\OGPlanet
[2010/10/14 15:04:35 | 000,000,000 | ---D | M] -- C:\Program Files\OpenOffice.org 3
[2011/02/10 18:40:35 | 000,000,000 | ---D | M] -- C:\Program Files\osu!
[2010/07/24 00:07:25 | 000,000,000 | ---D | M] -- C:\Program Files\Outsim
[2010/03/18 20:18:03 | 000,000,000 | ---D | M] -- C:\Program Files\Outspark
[2010/12/26 18:30:14 | 000,000,000 | ---D | M] -- C:\Program Files\Paint.NET
[2009/02/28 01:29:12 | 000,000,000 | ---D | M] -- C:\Program Files\Pando Networks
[2010/07/10 22:19:28 | 000,000,000 | ---D | M] -- C:\Program Files\PeerGuardian2
[2009/12/25 06:44:32 | 000,000,000 | ---D | M] -- C:\Program Files\Philips
[2009/01/18 17:19:25 | 000,000,000 | ---D | M] -- C:\Program Files\Preload
[2010/03/31 14:23:27 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2009/01/18 17:11:01 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2006/11/02 07:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2011/02/21 11:18:57 | 000,000,000 | ---D | M] -- C:\Program Files\Seagate
[2011/01/11 21:38:49 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2010/03/18 21:44:49 | 000,000,000 | ---D | M] -- C:\Program Files\Sony
[2010/03/27 00:18:39 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2011/01/28 21:31:46 | 000,000,000 | ---D | M] -- C:\Program Files\StepMania
[2011/01/16 11:05:51 | 000,000,000 | ---D | M] -- C:\Program Files\SUPERAntiSpyware
[2010/11/18 19:06:20 | 000,000,000 | ---D | M] -- C:\Program Files\SystemRequirementsLab
[2010/03/25 13:57:30 | 000,000,000 | ---D | M] -- C:\Program Files\Tablet
[2010/03/25 13:57:44 | 000,000,000 | ---D | M] -- C:\Program Files\TabletPlugins
[2010/03/31 14:23:04 | 000,000,000 | ---D | M] -- C:\Program Files\TechSmith
[2011/02/14 22:42:07 | 000,000,000 | ---D | M] -- C:\Program Files\UlisesSoft
[2006/11/02 08:01:55 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2009/02/28 15:28:15 | 000,000,000 | ---D | M] -- C:\Program Files\Universal Extractor
[2009/03/18 16:12:52 | 000,000,000 | ---D | M] -- C:\Program Files\Veoh Networks
[2010/07/24 00:07:49 | 000,000,000 | ---D | M] -- C:\Program Files\Vstplugins
[2009/09/12 18:47:31 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Calendar
[2009/09/12 18:47:30 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
[2009/09/12 18:47:28 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2009/09/12 18:47:30 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2011/01/20 12:42:38 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2011/02/08 15:16:40 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2010/10/13 05:08:55 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2006/11/02 07:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2009/09/12 18:47:30 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery
[2009/11/17 06:04:40 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
[2009/09/12 18:47:31 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2009/09/13 19:59:41 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2009/10/23 05:04:21 | 000,000,000 | ---D | M] -- C:\Program Files\Xfire
[2006/10/10 12:35:38 | 000,000,000 | ---D | M] -- C:\Program Files\YUAN

< %appdata%\*.* >
[2010/01/29 20:32:00 | 000,000,268 | RH-- | M] () -- C:\Users\Owner\AppData\Roaming\PrintingModule
[2009/06/20 20:45:08 | 000,027,043 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\UserTile.png
[2010/12/20 18:39:40 | 000,002,020 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat


< MD5 for: AGP440.SYS >
[2008/01/20 21:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/20 21:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/20 21:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/20 21:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/20 21:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 04:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: AHCIX86S.SYS >
[2007/08/07 23:55:08 | 000,122,880 | ---- | M] (Promise Technology, Inc.) MD5=4283A0F3A9557EB133D2BA8979747A77 -- C:\ACER\Preload\Autorun\DRV\ATI VGA PCI-E\Packages\Drivers\SBDrv\SB6xx\RAID\LH\ahcix86s.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/20 21:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 21:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 04:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: DISK.SYS >
[2009/04/11 01:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\System32\drivers\disk.sys
[2009/04/11 01:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_5c850fad\disk.sys
[2009/04/11 01:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6002.18005_none_fbb1faf0714e4ea6\disk.sys
[2008/01/20 21:23:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_90722180\disk.sys
[2008/01/20 21:23:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6001.18000_none_f9c681e4742c835a\disk.sys
[2006/11/02 04:49:51 | 000,052,840 | ---- | M] (Microsoft Corporation) MD5=841AF4C4D41D3E3B2F244E976B0F7963 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_e0b0b355\disk.sys

< MD5 for: IASTORV.SYS >
[2008/01/20 21:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/20 21:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/20 21:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/20 21:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVRD32.SYS >
[2008/08/18 05:58:42 | 000,133,152 | ---- | M] (NVIDIA Corporation) MD5=7894FFC354DDD5A0600BC112FFEC2DD0 -- C:\ACER\Preload\Autorun\DRV\nVidia Chipset MCP73PV\IDE\WinVista\sataraid\nvrd32.sys

< MD5 for: NVSTOR.SYS >
[2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: NVSTOR32.SYS >
[2007/12/07 18:28:08 | 000,140,320 | ---- | M] (NVIDIA Corporation) MD5=1A649B87A7B7C1220A2B16B121F2198E -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_933da2ea\nvstor32.sys
[2008/08/18 05:58:42 | 000,145,952 | ---- | M] (NVIDIA Corporation) MD5=2A0CC26D67B38460CC7563BC8313C1D6 -- C:\ACER\Preload\Autorun\DRV\nVidia Chipset MCP73PV\IDE\WinVista\sataraid\nvstor32.sys
[2008/08/18 05:58:16 | 000,145,952 | ---- | M] (NVIDIA Corporation) MD5=8EE374B6FB3CB2BB8D70395218B464A5 -- C:\ACER\Preload\Autorun\DRV\nVidia Chipset MCP73PV\IDE\WinVista\sata_ide\nvstor32.sys
[2008/08/18 05:58:16 | 000,145,952 | ---- | M] (NVIDIA Corporation) MD5=8EE374B6FB3CB2BB8D70395218B464A5 -- C:\Windows\System32\drivers\nvstor32.sys
[2008/08/18 05:58:16 | 000,145,952 | ---- | M] (NVIDIA Corporation) MD5=8EE374B6FB3CB2BB8D70395218B464A5 -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_d87a3a1f\nvstor32.sys

< MD5 for: SCECLI.DLL >
[2008/01/20 21:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< MD5 for: USBSTOR.SYS >
[2008/01/20 21:23:24 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=87BA6B83C5D19B69160968D07D6E2982 -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_b9f18584\USBSTOR.SYS
[2008/01/20 21:23:24 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=87BA6B83C5D19B69160968D07D6E2982 -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.0.6001.18000_none_48864eb697d31b43\USBSTOR.SYS
[2009/04/10 23:42:55 | 000,065,536 | ---- | M] (Microsoft Corporation) MD5=BE3DA31C191BC222D9AD503C5224F2AD -- C:\Windows\System32\drivers\USBSTOR.SYS
[2009/04/10 23:42:55 | 000,065,536 | ---- | M] (Microsoft Corporation) MD5=BE3DA31C191BC222D9AD503C5224F2AD -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_72a6a3e5\USBSTOR.SYS
[2009/04/10 23:42:55 | 000,065,536 | ---- | M] (Microsoft Corporation) MD5=BE3DA31C191BC222D9AD503C5224F2AD -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.0.6002.18005_none_4a71c7c294f4e68f\USBSTOR.SYS
[2006/11/02 03:55:05 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=FDBAABF07244C60B0F4E0A6E71A107C6 -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_bb2778a0\USBSTOR.SYS

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-02-14 19:59:21

========== Alternate Data Streams ==========

@Alternate Data Stream - 487 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:9E22BBE8

< End of report >

FakiaKun224

Newbie Surfer
Newbie Surfer

Posts : 17
Joined : 2011-02-22
Operating System : Windows Vista Home Premium

View user profile

Back to top Go down

Re: Strange Files In System32

Post by Belahzur on Tue 22 Feb 2011, 12:30 pm

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Strange Files In System32

Post by FakiaKun224 on Tue 22 Feb 2011, 12:55 pm

Malwarebytes' Anti-Malware 1.50.1.1100
[You must be registered and logged in to see this link.]

Database version: 5835

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019

2/21/2011 8:45:10 PM
mbam-log-2011-02-21 (20-45-10).txt

Scan type: Quick scan
Objects scanned: 162260
Time elapsed: 9 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

FakiaKun224

Newbie Surfer
Newbie Surfer

Posts : 17
Joined : 2011-02-22
Operating System : Windows Vista Home Premium

View user profile

Back to top Go down

Re: Strange Files In System32

Post by Belahzur on Wed 23 Feb 2011, 12:18 pm

Hello.

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com


Rename ComboFix.exe to commy.exe before you save it to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  • Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Strange Files In System32

Post by FakiaKun224 on Wed 23 Feb 2011, 12:47 pm

Okay, this thins scared the bejesus out of me...Is my toolbar supposed to be...um...missing all the stuff there on the lower right? Anyways.

ComboFix 11-02-22.01 - Owner 02/22/2011 20:28:46.1.2 - x86
Microsoft Windows Vista Home Premium 6.0.6002.2.1252.1.1033.18.3071.1681 [GMT -5:00]
Running from: f:\owner\Downloads\commy.exe
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb

.
((((((((((((((((((((((((( Files Created from 2011-01-23 to 2011-02-23 )))))))))))))))))))))))))))))))
.

2011-02-23 01:39 . 2011-02-23 01:39 -------- d-----w- c:\users\Owner\AppData\Local\temp
2011-02-23 01:39 . 2011-02-23 01:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-22 17:37 . 2011-02-22 17:38 -------- d-----w- c:\users\Owner\AppData\Local\{721006C1-7EBB-443C-BC9C-3ADE053FC7BF}
2011-02-22 06:45 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0A38C5E1-FB51-43B4-8EB1-5FDE29B869A8}\mpengine.dll
2011-02-22 05:37 . 2011-02-22 05:37 -------- d-----w- c:\users\Owner\AppData\Local\{6B622FFF-CF34-4FF8-BB5E-E55F75AA432A}
2011-02-22 01:33 . 2011-02-22 01:33 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes
2011-02-22 01:33 . 2011-02-22 01:33 -------- d-----w- c:\programdata\Malwarebytes
2011-02-22 01:33 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-22 01:33 . 2011-02-22 01:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-22 01:33 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-21 22:49 . 2011-02-21 23:05 -------- d-----w- c:\windows\BDOSCAN8
2011-02-21 22:01 . 2011-02-21 22:01 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-02-21 22:01 . 2011-02-21 22:01 -------- d-----w- c:\programdata\Hitman Pro
2011-02-21 17:37 . 2011-02-21 17:37 -------- d-----w- c:\users\Owner\AppData\Local\{8DE93205-4C39-482B-BC4D-A78774841FCC}
2011-02-21 16:18 . 2011-02-21 16:18 -------- d-----w- c:\programdata\Seagate
2011-02-21 16:18 . 2011-02-21 16:18 -------- d-----w- c:\program files\Seagate
2011-02-21 16:18 . 2011-02-21 16:18 -------- d-----w- c:\users\Owner\AppData\Local\Downloaded Installations
2011-02-21 16:18 . 2011-02-21 16:18 -------- d-----w- c:\program files\Carbonite
2011-02-21 16:17 . 2011-02-21 16:17 -------- d-sh--w- c:\windows\ftpcache
2011-02-21 05:37 . 2011-02-21 05:37 -------- d-----w- c:\users\Owner\AppData\Local\{77CB5EF7-4047-4C5B-81FA-832085CFDE1C}
2011-02-20 17:36 . 2011-02-20 17:37 -------- d-----w- c:\users\Owner\AppData\Local\{025992AB-B248-4DE7-A5C4-78F51C4859A0}
2011-02-20 00:42 . 2011-02-20 00:42 -------- d-----w- c:\programdata\Acoustica
2011-02-20 00:42 . 2011-02-20 01:11 -------- d-----w- c:\program files\Acoustica Mixcraft 5
2011-02-19 23:38 . 2011-02-19 23:38 -------- d-----w- c:\users\Owner\AppData\Local\{2140F366-4616-4185-B64F-52BEBB43DAF3}
2011-02-19 11:38 . 2011-02-19 11:38 -------- d-----w- c:\users\Owner\AppData\Local\{1C934AB9-C82B-4E68-80F8-38653B238E7F}
2011-02-18 23:37 . 2011-02-18 23:38 -------- d-----w- c:\users\Owner\AppData\Local\{92EB39BC-C708-4019-9F32-961D334DD169}
2011-02-18 11:37 . 2011-02-18 11:37 -------- d-----w- c:\users\Owner\AppData\Local\{2C3758BF-482B-4763-9075-6150140C93FD}
2011-02-17 23:37 . 2011-02-17 23:37 -------- d-----w- c:\users\Owner\AppData\Local\{E98123B0-F71D-49D1-B37B-3E30E6051673}
2011-02-17 20:43 . 2011-02-17 20:44 -------- d-----w- c:\program files\mIRC
2011-02-17 11:36 . 2011-02-17 11:36 -------- d-----w- c:\users\Owner\AppData\Local\{71DAEED5-B443-488F-B7D1-7A2D1ADD6080}
2011-02-17 02:56 . 2011-02-22 18:28 -------- d-----w- c:\users\Owner\AppData\Roaming\mIRC
2011-02-16 23:36 . 2011-02-16 23:36 -------- d-----w- c:\users\Owner\AppData\Local\{F0F8E7D7-8E43-40AD-B5C9-8A03FAF5BA1B}
2011-02-16 11:35 . 2011-02-16 11:36 -------- d-----w- c:\users\Owner\AppData\Local\{B618568E-9AD2-48FE-9598-A3422D794EBF}
2011-02-15 23:35 . 2011-02-15 23:35 -------- d-----w- c:\users\Owner\AppData\Local\{D045D64A-FC45-4D49-BBC6-0D59B251E3A7}
2011-02-15 11:35 . 2011-02-15 11:35 -------- d-----w- c:\users\Owner\AppData\Local\{284B2442-E483-4023-8890-5B1099034D2A}
2011-02-14 23:34 . 2011-02-14 23:34 -------- d-----w- c:\users\Owner\AppData\Local\{E1AFC547-322E-4E18-B1BB-E5A677A4F976}
2011-02-14 11:34 . 2011-02-14 11:34 -------- d-----w- c:\users\Owner\AppData\Local\{098CABEB-D12D-4C32-ABBF-806DE8E5A34C}
2011-02-13 23:33 . 2011-02-13 23:34 -------- d-----w- c:\users\Owner\AppData\Local\{41443634-FB88-41E7-A7EB-59CC9B749649}
2011-02-13 11:33 . 2011-02-13 11:33 -------- d-----w- c:\users\Owner\AppData\Local\{C0B4DABA-F9AA-41CD-9920-025679BD3EC5}
2011-02-12 23:33 . 2011-02-12 23:33 -------- d-----w- c:\users\Owner\AppData\Local\{48668E0D-69B1-47D0-B74D-B544BB0FF945}
2011-02-12 11:33 . 2011-02-12 11:33 -------- d-----w- c:\users\Owner\AppData\Local\{187339BC-5EA7-47A6-A396-3E5249DB5AB2}
2011-02-11 23:33 . 2011-02-11 23:33 -------- d-----w- c:\users\Owner\AppData\Local\{503B2F8E-C94F-471B-AB8C-EFF93E8C0070}
2011-02-11 11:32 . 2011-02-11 11:32 -------- d-----w- c:\users\Owner\AppData\Local\{BD43B105-8A18-4C9F-AFF9-D878D4285BE1}
2011-02-10 23:32 . 2011-02-10 23:32 -------- d-----w- c:\users\Owner\AppData\Local\{C8E92FB3-29BE-4277-915F-B042F940F649}
2011-02-10 11:31 . 2011-02-10 11:32 -------- d-----w- c:\users\Owner\AppData\Local\{3E0530EF-4536-4CB4-9307-FC75006D3FA3}
2011-02-09 23:31 . 2011-02-09 23:31 -------- d-----w- c:\users\Owner\AppData\Local\{487747BC-4A1B-4E1D-B730-8166E64B3B63}
2011-02-09 11:31 . 2011-02-09 11:31 -------- d-----w- c:\users\Owner\AppData\Local\{D9BDAC60-B635-4B30-9EAC-04A8B0E546A1}
2011-02-08 23:30 . 2011-02-08 23:30 -------- d-----w- c:\users\Owner\AppData\Local\{DB7EFD5B-97CD-42EA-8038-0931EA8447F3}
2011-02-08 20:09 . 2011-01-08 08:47 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-08 20:09 . 2011-01-08 06:28 292352 ----a-w- c:\windows\system32\atmfd.dll
2011-02-08 11:30 . 2011-02-08 11:30 -------- d-----w- c:\users\Owner\AppData\Local\{03087F46-B4B1-49E4-8056-006E88AD2D8D}
2011-02-07 23:29 . 2011-02-07 23:30 -------- d-----w- c:\users\Owner\AppData\Local\{71193FC7-FF2C-430D-B2AE-B8A723DBEE4B}
2011-02-07 11:29 . 2011-02-07 11:29 -------- d-----w- c:\users\Owner\AppData\Local\{CAC33043-2E0A-4D9A-820C-FE5CB9F083A6}
2011-02-06 23:29 . 2011-02-06 23:29 -------- d-----w- c:\users\Owner\AppData\Local\{AC386BA9-47D5-4F95-A365-4B149C6B5D5F}
2011-02-06 11:28 . 2011-02-06 11:29 -------- d-----w- c:\users\Owner\AppData\Local\{00EAE84B-14B7-423F-9234-506919A2A7BF}
2011-02-05 23:28 . 2011-02-05 23:28 -------- d-----w- c:\users\Owner\AppData\Local\{4C1CAD9D-2A7B-4979-81F5-EE484E499817}
2011-02-05 11:28 . 2011-02-05 11:28 -------- d-----w- c:\users\Owner\AppData\Local\{00F77D9A-85BE-4D23-9F30-DE7773CE31BE}
2011-02-04 23:28 . 2011-02-04 23:28 -------- d-----w- c:\users\Owner\AppData\Local\{80601623-2463-4544-8F69-E26609C45B86}
2011-02-04 11:28 . 2011-02-04 11:28 -------- d-----w- c:\users\Owner\AppData\Local\{4747E947-34D9-47D1-96D2-925D2DB1DA5A}
2011-02-03 23:27 . 2011-02-03 23:27 -------- d-----w- c:\users\Owner\AppData\Local\{4E341F5E-F88C-46C0-B9E4-FCBB98D1981A}
2011-02-03 11:27 . 2011-02-03 11:27 -------- d-----w- c:\users\Owner\AppData\Local\{FD66C7E3-C004-4229-A777-69DD208B877B}
2011-02-02 23:26 . 2011-02-02 23:26 -------- d-----w- c:\users\Owner\AppData\Local\{AE13750B-C29D-4A28-B54D-28F246E20400}
2011-02-02 11:26 . 2011-02-02 11:26 -------- d-----w- c:\users\Owner\AppData\Local\{03AFEC71-31A6-40E4-B13F-710BE98B9F62}
2011-02-01 23:26 . 2011-02-01 23:26 -------- d-----w- c:\users\Owner\AppData\Local\{4944847B-4B63-4CE9-B2A2-349D426CB14F}
2011-02-01 11:26 . 2011-02-01 11:26 -------- d-----w- c:\users\Owner\AppData\Local\{657909C5-DA56-4CEB-9FB6-6D6460981D73}
2011-01-31 23:25 . 2011-01-31 23:25 -------- d-----w- c:\users\Owner\AppData\Local\{DF3D1BC8-2CEF-470B-9EB5-6CD66E8198C0}
2011-01-31 11:25 . 2011-01-31 11:25 -------- d-----w- c:\users\Owner\AppData\Local\{CD78B160-C1BB-4605-9200-5398DFD57F52}
2011-01-30 23:24 . 2011-01-30 23:24 -------- d-----w- c:\users\Owner\AppData\Local\{6A51A1DD-E780-4E97-871E-70129BB0868B}
2011-01-30 11:24 . 2011-01-30 11:24 -------- d-----w- c:\users\Owner\AppData\Local\{B289BC39-01F2-4FB4-92C1-AC558D92E8F2}
2011-01-29 23:24 . 2011-01-29 23:24 -------- d-----w- c:\users\Owner\AppData\Local\{D4C18EEA-A5EB-44ED-A13E-ECC63A263898}
2011-01-29 11:24 . 2011-01-29 11:24 -------- d-----w- c:\users\Owner\AppData\Local\{D818678F-79CC-44DA-B614-24AB125A6B40}
2011-01-29 02:16 . 2011-01-29 02:31 -------- d-----w- c:\program files\StepMania
2011-01-28 23:24 . 2011-01-28 23:24 -------- d-----w- c:\users\Owner\AppData\Local\{0D17D3B2-8BD4-4E65-9DD4-F9ECF49FB0EC}
2011-01-28 11:23 . 2011-01-28 11:23 -------- d-----w- c:\users\Owner\AppData\Local\{914CD5BE-56CB-41A9-AE0D-548179F4B124}
2011-01-27 23:23 . 2011-01-27 23:23 -------- d-----w- c:\users\Owner\AppData\Local\{7AC9115C-A7EB-4D2B-B079-000DD08DEACB}
2011-01-27 11:22 . 2011-01-27 11:22 -------- d-----w- c:\users\Owner\AppData\Local\{A642DD86-9A61-4AC5-868C-79B4C263A5DA}
2011-01-26 23:22 . 2011-01-26 23:22 -------- d-----w- c:\users\Owner\AppData\Local\{95ADC833-109F-4C54-86A8-8289763A4BA9}
2011-01-26 11:22 . 2011-01-26 11:22 -------- d-----w- c:\users\Owner\AppData\Local\{E11694F4-D9CB-4E31-82FF-260A8633C4E3}
2011-01-25 23:21 . 2011-01-25 23:21 -------- d-----w- c:\users\Owner\AppData\Local\{0A88EB95-9134-4005-AE2E-1C1E5798BB4D}
2011-01-25 11:21 . 2011-01-25 11:21 -------- d-----w- c:\users\Owner\AppData\Local\{F46DE901-D7D0-40E7-A174-D174E1D9D45F}
2011-01-24 23:20 . 2011-01-24 23:21 -------- d-----w- c:\users\Owner\AppData\Local\{96E18AAC-BC34-4C87-BFC9-8F3FF3282EA0}
2011-01-24 11:20 . 2011-01-24 11:20 -------- d-----w- c:\users\Owner\AppData\Local\{D5CF43EA-FA1C-471E-9BB4-47C64ADF3072}

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-28 15:55 . 2011-01-11 21:13 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-12-14 14:49 . 2011-01-11 21:12 1169408 ----a-w- c:\windows\system32\sdclt.exe
2010-11-27 04:05 . 2010-11-27 03:45 410255741 ----a-w- c:\users\Owner\RumbleFighter-v1.8.7.EXE
2009-02-28 06:56 . 2009-02-28 06:30 1080580624 ----a-w- c:\program files\MSSetupv65.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-07-30 01:52 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-26 68856]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-01-16 2424560]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2010-04-28 2633976]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2009-10-27 1103216]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-03 15028104]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-08-19 6265376]
"Acer Empowering Technology Monitor"="c:\program files\Acer\Empowering Technology\SysMonitor.exe" [2008-06-02 319488]
"EmpoweringTechnology"="c:\program files\Acer\Empowering Technology\Framework.Launcher.exe" [2008-06-02 319488]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-07-30 526896]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-26 28672]
"Acer Product Registration"="c:\program files\Acer\Acer Registration\ACE1.exe" [2007-11-26 3387392]
"Acer Assist Launcher"="c:\program files\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"VX1000"="c:\windows\vVX1000.exe" [2007-04-10 709992]
"Skytel"="Skytel.exe" [2008-08-19 1833504]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"PhilipsSA33XXDM"="c:\program files\Philips\SA33XX\Philips Device Manager\Bin\LaunchDM.exe" [2007-08-02 40960]
"Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2008-09-30 485208]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-12-04 665424]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-01-22 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"CarboniteSetupLite"="c:\program files\Carbonite\CarbonitePreinstaller.exe" [2009-08-04 318096]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-09-26 185640]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-05 20:02 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 135664]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-26 131072]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 84832]
R3 DsAudioDevice_282;DsAudioDevice_282;c:\windows\system32\drivers\DsAudioDevice_282.sys [2009-01-08 16640]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-11-03 4294288]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-02-19 12872]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2009-08-27 16168]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 XDva285;XDva285;c:\windows\system32\XDva285.sys [x]
R3 XDva337;XDva337;c:\windows\system32\XDva337.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-02-06 106208]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-19 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2010-05-27 67656]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-02-06 727720]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-02-06 92800]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-06-02 24576]
S2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-09-26 189736]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-26 45056]
S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2008-04-03 3024168]
S2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2009-11-24 4463400]
S3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28.sys [2009-01-19 517120]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2011-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 04:35]

2011-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 04:35]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\g9x6mh9a.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: FabTabs: [You must be registered and logged in to see this link.] - %profile%\extensions\fabtab@captaincaveman.nl
FF - Ext: Personas: [You must be registered and logged in to see this link.] - %profile%\extensions\personas@christopher.beard
FF - Ext: Veoh Video Compass: [You must be registered and logged in to see this link.] - %profile%\extensions\searchrecs@veoh.com
FF - Ext: ChatZilla: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2} - %profile%\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: LavaFox V1-Purple: [You must be registered and logged in to see this link.] - %profile%\extensions\zigboom555@aol.com
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
HKLM-Run-eRecoveryService - (no file)
HKLM-Run-NapsterShell - c:\program files\Napster\napster.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-02-22 20:39
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-02-22 20:42:36
ComboFix-quarantined-files.txt 2011-02-23 01:42

Pre-Run: 21,413,974,016 bytes free
Post-Run: 71,830,515,712 bytes free

- - End Of File - - F42F343C6217B606936E7D294706B632

FakiaKun224

Newbie Surfer
Newbie Surfer

Posts : 17
Joined : 2011-02-22
Operating System : Windows Vista Home Premium

View user profile

Back to top Go down

Re: Strange Files In System32

Post by Belahzur on Thu 24 Feb 2011, 12:41 pm

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Strange Files In System32

Post by FakiaKun224 on Thu 24 Feb 2011, 2:40 pm

No log was produced, but the scanner did not find anything. So am I in the clear? Was there nothing there after all and I was just paranoid something was up?

FakiaKun224

Newbie Surfer
Newbie Surfer

Posts : 17
Joined : 2011-02-22
Operating System : Windows Vista Home Premium

View user profile

Back to top Go down

Re: Strange Files In System32

Post by Belahzur on Fri 25 Feb 2011, 12:02 pm

Hello.

Please download the current version of HijackThis from HERE

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Strange Files In System32

Post by FakiaKun224 on Fri 25 Feb 2011, 12:08 pm

This list?

Acer Assist
Acer eDataSecurity Management
Acer Empowering Technology
Acer eRecovery Management
Acer eSettings Management
Acer Registration
Acer ScreenSaver
Acoustica Effects Pack
Acoustica Mixcraft 5
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Reader 8.2.6
Audacity 1.2.6
BitTorrent
Camtasia Studio 7
Carbonite Online Backup Setup
Corel Painter Essentials 2
D3DX10
Download Manager 2.3.10
Drumaxx
Epson Event Manager
EPSON NX110 Series Printer Uninstall
EPSON Scan
ffdshow [rev 2083] [2008-08-21]
File Uploader
GIMP 2.6.10
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
Hardcore
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Java(TM) 6 Update 20
Java(TM) 6 Update 23
LAME v3.98.2 for Audacity
Livestream Procaster
Malwarebytes' Anti-Malware
MapleStory
MapleStoryTespia
Media Converter for Philips
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft AppLocale
Microsoft LifeCam
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Windows Application Compatibility Database
Microsoft Works
mIRC
Mozilla Firefox (3.6.13)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nexon Game Manager
Nikon Message Center
Nikon Transfer
NTI Backup Now 5
NTI Media Maker 8
NVIDIA Display Control Panel
NVIDIA Drivers
OGA Notifier 2.0.0048.0
OpenOffice.org 3.2
osu!
Paint.NET v3.5.7
Pando Media Booster
PE585QAEncoder-32
PeerGuardian 2.0
Pen Tablet
PoiZone
PVSonyDll
Realtek High Definition Audio Driver
RPGcN[VX RTP
RTP for RM2K (Png, Wav, Midi, Fonts)
SA33XX Device Manager
Sakura
Sawer
Seagate Manager Installer
Seagate Manager Installer
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Segoe UI
Skype Toolbars
Skype 5.1
StepMania 3.9a (remove only)
SUPERAntiSpyware Free Edition
System Requirements Lab
System Requirements Lab CYRI
Toxic Biohazard
Universal Extractor 1.6
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Vegas Movie Studio Platinum 9.0b
Vegas Pro 9.0
Wacom Tablet
WebTablet IE Plugin
WebTablet Netscape Plugin
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Messenger
Windows Live Messenger
Windows Live Photo Common
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Media Player Firefox Plugin
WinRAR archiver
Xfire (remove only)

FakiaKun224

Newbie Surfer
Newbie Surfer

Posts : 17
Joined : 2011-02-22
Operating System : Windows Vista Home Premium

View user profile

Back to top Go down

Re: Strange Files In System32

Post by Belahzur on Fri 25 Feb 2011, 12:15 pm

Hello.

I see that you are running BitTorrent.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

  • Click Start >> Control Panel.
  • Under the Programs click Uninstall a Program
  • Highlight the following:

    Adobe Reader 8.2.6
    BitTorrent
    Java(TM) 6 Update 20
    Java(TM) 6 Update 23

  • Click on the Uninstall/Change button at the top.

Updating Java:

  • Download the latest version of Java SE Runtime Environment (JRE) 6 Update 24.
  • Click the "Download JRE" button to the right.
  • In the Window that opens, select your platform, check the "agree" box, and click Continue.
  • Click on the link to download Windows Offline Installation and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Then from your desktop double-click on jre-6u24-windows-i586.exe that you downloaded to install the newest version.

Then download and install Adobe Reader X


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Strange Files In System32

Post by FakiaKun224 on Fri 25 Feb 2011, 12:37 pm

It's been done. Even Bit Torrent, gone. I had it for a friend of mine.

FakiaKun224

Newbie Surfer
Newbie Surfer

Posts : 17
Joined : 2011-02-22
Operating System : Windows Vista Home Premium

View user profile

Back to top Go down

Re: Strange Files In System32

Post by Belahzur on Fri 25 Feb 2011, 12:41 pm

How is the machine running now?


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Strange Files In System32

Post by FakiaKun224 on Fri 25 Feb 2011, 12:55 pm

Seems faster now, maybe from all the bulk that was in my C: drive?
Combofix removed a lot of stuff from it I was shocked. ESET SysInspector now reports nothing in the reddish range except for one thing and I know what that program is and I know it's had issues with the program in the past. (It's an anti hack shield for Maplestory).
I do have a question though- What is the drivers of xDva337 and xDva285?
If you don't know, it's okay. Thanks for everything.

FakiaKun224

Newbie Surfer
Newbie Surfer

Posts : 17
Joined : 2011-02-22
Operating System : Windows Vista Home Premium

View user profile

Back to top Go down

Re: Strange Files In System32

Post by Belahzur on Sat 26 Feb 2011, 12:57 pm

Not too sure what those drivers are to be honest, they have random names after the xDva.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Strange Files In System32

Post by FakiaKun224 on Sat 26 Feb 2011, 1:34 pm

Okay then. Well, thanks for everything, it's been solved.
I just need to get Applocale to work on my Japanese game again.

FakiaKun224

Newbie Surfer
Newbie Surfer

Posts : 17
Joined : 2011-02-22
Operating System : Windows Vista Home Premium

View user profile

Back to top Go down

Re: Strange Files In System32

Post by Sponsored content Today at 11:01 pm


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum