31 replies to this topic

[bakeneko]

Hi

I seem to have contracted some kind of virus/rootkit. Basically, the symptoms I see are the following:

From time to time, new tabs opens in Firefox, to weird URL:s. These don't load anything, because I have noScript which blocks all javascript on all pages, but it's annoying as hell.

Windows update doesn't seem to work anymore, and Chrome has also stopped working (eg. doesn't load any pages). Not sure how related these symptoms are.

Some of the steps I have done before coming here:
Ran Malwarebyte's Antimalware. It claimed I had some Win32.x rootkit, and requested a reboot-scan to remove it.
After that was done, it claims it doesn't find anything anymore.
However, I stared to get complaints of a missing "sshnas21.dll" in the windows/system32 folder.
A quick look in msconfig revealed:
Canaveral - Unknow - rundll32.exe C:\Windows\system32\sshnas21.dll,BackupReadW
M5T8QL3YW3 - Unknow - C:\Users\Allan\AppData\Local\Temp\Or1.exe

I disabled both of these and restarted.

However, symptoms remain.

I downloaded and ran the TDSSKille.exe from Kaspersky Lab on advice from a friend.
It claims:

"Driver "iaStor" infected by TDSS rootkit!
File "C:\Windows\system32\drivers\iaStor.sys" infected by TDSS rootkit ... will
be cured on next reboot

Completed

Results:
Memory objects infected / cured / cured on reboot: 1 / 0 / 0
Registry objects infected / cured / cured on reboot: 0 / 0 / 0
File objects infected / cured / cured on reboot: 1 / 0 / 1"

However, after reboot, when I ran it again, it just says the same.

I followed all the steps in "Are you infected?" thread.

First of all, the "Create a new system restore point" failed, I get a "unhandled exception". I will attach a jpg containing the captured error message.

Other steps work just fine.

Below are the requested logs:

DDS (Ver_09-06-26.01) - NTFSx86
Run by Allan at 10:26:25,09 on 2010-05-10
Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_20
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.46.1033.18.3070.1713 [GMT 2:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: avast! Antivirus *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\System32\svchost.exe -k Cognizance
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\ASUS\SmartLogon\smartlogon.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\ATK Hotkey\ASLDRSrv.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ATK Hotkey\Hcontrol.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\ACEngSvr.exe
C:\Program Files\ATK Hotkey\ATKOSD.exe
C:\Program Files\ATK Hotkey\KBFiltr.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\ifxspmgt.exe
C:\Windows\system32\ifxtcs.exe
C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe
C:\Windows\system32\IfxPsdSv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANOTIF.EXE
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Windows\ASScrPro.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\Net iD\iid.exe
C:\Windows\system32\ifxuagui.exe
C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
C:\Program Files\Infineon\Security Platform Software\SpTna.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\WD\WD Anywhere Backup\MemeoBackup.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Allan\Desktop\dds.scr
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.asus.com
mDefault_Page_URL = hxxp://www.asus.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: ASUS Security Protect Manager: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\asus security center\asus security protect manager\bin\ItIEAddIn.dll
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Skytel] Skytel.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ATKMEDIA] c:\program files\asus\atk media\DMEDIA.EXE
mRun: [ASUS Camera ScreenSaver] c:\windows\ASScrProlog.exe
mRun: [ASUS Screen Saver Protector] c:\windows\ASScrPro.exe
mRun: [IFXSPMGT] c:\windows\system32\ifxspmgt.exe /NotifyLogon
mRun: [CognizanceTS] rundll32.exe c:\progra~1\asusse~1\asusse~1\bin\ASTSVCC.dll,RegisterModule
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [WD Anywhere Backup] c:\program files\wd\wd anywhere backup\MemeoLauncher2.exe --silent
mRun: [Samsung PanelMgr] c:\windows\samsung\panelmgr\ssmmgr.exe /autorun
mRun: [Net iD] "c:\program files\net id\iid.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: APSHook.dll
STS: FencesShlExt Class: {1984dd45-52cf-49cd-ab77-18f378fea264} - c:\program files\stardock\fences\FencesMenu.dll
LSA: Notification Packages = scecli ASWLNPkg

================= FIREFOX ===================

FF - ProfilePath - c:\users\allan\appdata\roaming\mozilla\firefox\profiles\wuq99le7.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npiidplg.dll
FF - plugin: c:\users\allan\appdata\local\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.visited_color", "#551A8B");
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", "-1");
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); // now unused
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.delay", 50);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.videoFeeds.handler", "ask");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-4-23 64288]
R0 lullaby;lullaby;c:\windows\system32\drivers\lullaby.sys [2010-2-26 15416]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-2-26 164048]
R1 ItSDisk;ItSDisk;c:\windows\system32\drivers\itsdisk.sys [2006-5-16 23232]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [2007-1-23 39080]
R2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2010-2-27 21504]
R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2010-2-27 21504]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-2-26 19024]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-2-26 51792]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1285864]
R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\wd\wd anywhere backup\MemeoBackgroundService.exe [2009-4-17 25824]
R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.SYS [2010-3-8 5120]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l160x86.sys [2010-2-26 46592]
R3 DCamUSBET;USB2.0 1.3M UVC WebCam;c:\windows\system32\drivers\etDevice.sys [2010-2-26 474624]
R3 FiltUSBET;ET USB Device Lower Filter;c:\windows\system32\drivers\etFilter.sys [2010-2-26 206336]
R3 ScanUSBET;ET USB Still Image Capture Device;c:\windows\system32\drivers\etScan.sys [2010-2-26 6656]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2010-2-27 21504]

=============== Created Last 30 ================

2010-05-10 08:39 <DIR> --d----- c:\program files\Sophos
2010-05-09 21:08 36,488 a------- c:\windows\system32\drivers\klmd.sys
2010-05-09 21:07 45,056 a------- c:\windows\system32\acovcnt.exe
2010-05-09 16:59 <DIR> --d----- c:\windows\system32\catroot2
2010-05-09 09:19 <DIR> --d----- c:\users\allan\appdata\roaming\Malwarebytes
2010-05-09 09:19 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-09 09:19 20,952 a------- c:\windows\system32\drivers\mbam.sys
2010-05-09 09:19 <DIR> --d----- c:\programdata\Malwarebytes
2010-05-09 09:19 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2010-05-09 09:19 <DIR> --d----- c:\progra~2\Malwarebytes
2010-05-08 09:56 <DIR> --d----- c:\programdata\phpDesigner
2010-05-08 09:56 <DIR> --d----- c:\progra~2\phpDesigner
2010-05-08 09:53 <DIR> --d----- c:\users\allan\appdata\roaming\phpDesigner
2010-05-08 09:53 <DIR> --d----- c:\program files\phpDesigner
2010-04-26 09:10 <DIR> --d----- c:\program files\Net iD
2010-04-26 09:09 <DIR> --d----- c:\users\allan\appdata\roaming\iid
2010-04-23 08:37 15,880 a------- c:\windows\system32\lsdelete.exe
2010-04-23 07:56 64,288 a------- c:\windows\system32\drivers\Lbd.sys
2010-04-23 07:56 95,024 a------- c:\windows\system32\drivers\SBREDrv.sys
2010-04-23 07:55 <DIR> -cd-h--- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-04-23 07:55 <DIR> -cd-h--- c:\progra~2\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-04-23 07:55 <DIR> --d----- c:\programdata\Lavasoft
2010-04-23 07:55 <DIR> --d----- c:\program files\Lavasoft
2010-04-22 14:05 <DIR> --d----- c:\windows\pss
2010-04-17 21:59 411,368 a------- c:\windows\system32\deployJava1.dll
2010-04-13 10:58 <DIR> --d----- c:\program files\WMV9_VCM
2010-04-13 10:43 <DIR> --d----- c:\program files\AsfTools 3.1

==================== Find3M ====================

2010-05-10 10:22 60,275 a------- c:\programdata\nvModes.dat
2010-05-10 10:22 60,275 a------- c:\progra~2\nvModes.dat
2010-05-10 08:17 308,248 a------- c:\windows\system32\drivers\iaStor.sys
2010-05-06 22:34 51,792 a------- c:\windows\system32\drivers\aswMonFlt.sys
2010-05-06 15:05 237,568 a------- c:\windows\system32\rmc_rtspdl.dll
2010-05-06 15:05 156,672 a------- c:\windows\system32\rmc_fixasf.exe
2010-05-06 15:05 323,584 a------- c:\windows\system32\AUDIOGENIE2.DLL
2010-03-29 14:10 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdRapi_01_00_00.Wdf
2010-03-19 23:07 691,696 a------- c:\windows\system32\drivers\sptd.sys
2010-03-14 20:00 85,504 a------- c:\windows\system32\ff_vfw.dll
2010-03-08 17:16 51,200 a------- c:\windows\inf\infpub.dat
2010-03-08 17:16 143,360 a------- c:\windows\inf\infstrng.dat
2010-03-08 17:16 86,016 a------- c:\windows\inf\infstor.dat
2010-03-05 16:01 420,352 a------- c:\windows\system32\vbscript.dll
2010-03-01 00:53 665,600 a------- c:\windows\inf\drvindex.dat
2010-02-27 20:06 174 a--sh--- c:\program files\desktop.ini
2010-02-27 19:47 101,888 a------- c:\windows\system32\ifxcardm.dll
2010-02-27 19:47 82,432 a------- c:\windows\system32\axaltocm.dll
2010-02-26 09:11 20,992 a------- c:\windows\jestertb.dll
2010-02-26 09:03 377,344 a------- c:\windows\system32\winhttp.dll
2010-02-26 01:42 33,136 a------- c:\windows\ASScrPro.exe
2010-02-26 01:41 4,814,371 a------- c:\windows\ASUS Camera ScreenSaver.exe
2010-02-26 01:41 37,232 a------- c:\windows\ASScrProlog.exe
2010-02-26 01:41 274,800 a------- c:\windows\ASUS Camera ScreenSaver Uninstaller.exe
2010-02-26 01:41 503,808 a------- c:\windows\Asus_Camera_ScreenSaver.scr
2010-02-26 01:41 606,848 a------- c:\windows\flashax.exe
2010-02-26 01:41 12,288 a------- c:\windows\impborl.dll
2010-02-26 01:09 319,456 a------- c:\windows\DIFxAPI.dll
2010-02-26 01:08 315,392 a------- c:\windows\HideWin.exe
2010-02-26 00:50 56 a---h--- c:\programdata\ezsidmv.dat
2010-02-26 00:50 56 a---h--- c:\progra~2\ezsidmv.dat
2010-02-26 00:21 27,839 a------- c:\users\allan\appdata\roaming\nvModes.dat
2010-02-25 23:45 499,712 a------- c:\windows\system32\kerberos.dll
2010-02-25 23:45 270,848 a------- c:\windows\system32\schannel.dll
2010-02-25 23:27 156,672 a------- c:\windows\system32\t2embed.dll
2010-02-25 23:27 289,792 a------- c:\windows\system32\atmfd.dll
2010-02-25 23:27 72,704 a------- c:\windows\system32\fontsub.dll
2010-02-25 23:27 34,304 a------- c:\windows\system32\atmlib.dll
2010-02-25 23:27 23,552 a------- c:\windows\system32\lpk.dll
2010-02-25 23:27 10,240 a------- c:\windows\system32\dciman32.dll
2010-02-25 23:24 272,896 a------- c:\windows\system32\polstore.dll
2010-02-25 23:24 61,440 a------- c:\windows\system32\winipsec.dll
2010-02-25 23:20 17,920 a------- c:\windows\system32\netevent.dll
2010-02-25 23:20 11,264 a------- c:\windows\system32\MRINFO.EXE
2010-02-25 23:20 105,984 a------- c:\windows\system32\netiohlp.dll
2010-02-25 23:20 27,136 a------- c:\windows\system32\NETSTAT.EXE
2010-02-25 23:20 19,968 a------- c:\windows\system32\ARP.EXE
2010-02-25 23:20 17,920 a------- c:\windows\system32\ROUTE.EXE
2010-02-25 23:20 10,240 a------- c:\windows\system32\finger.exe
2010-02-25 23:20 9,728 a------- c:\windows\system32\TCPSVCS.EXE
2010-02-25 23:20 8,704 a------- c:\windows\system32\HOSTNAME.EXE
2010-02-25 23:17 127,488 a------- c:\windows\system32\L2SecHC.dll
2010-02-25 23:17 513,536 a------- c:\windows\system32\wlansvc.dll
2010-02-25 23:17 302,592 a------- c:\windows\system32\wlansec.dll
2010-02-25 23:17 293,376 a------- c:\windows\system32\wlanmsm.dll
2010-02-25 23:17 68,096 a------- c:\windows\system32\wlanhlp.dll
2010-02-25 23:17 65,024 a------- c:\windows\system32\wlanapi.dll
2010-02-25 23:17 15,181 a------- c:\windows\system32\gatherWirelessInfo.vbs
2010-02-25 23:16 1,401,856 a------- c:\windows\system32\msxml6.dll
2010-02-25 23:16 1,248,768 a------- c:\windows\system32\msxml3.dll
2010-02-25 23:16 2,048 a------- c:\windows\system32\msxml3r.dll
2010-02-25 23:16 2,048 a------- c:\windows\system32\msxml6r.dll
2010-02-25 23:15 218,624 a------- c:\windows\system32\msv1_0.dll
2010-02-25 23:15 175,104 a------- c:\windows\system32\wdigest.dll
2010-02-25 23:15 72,704 a------- c:\windows\system32\secur32.dll
2010-02-25 23:15 9,728 a------- c:\windows\system32\lsass.exe
2010-02-25 23:15 1,259,008 a------- c:\windows\system32\lsasrv.dll
2010-02-25 23:14 2,868,224 a------- c:\windows\system32\mf.dll
2010-02-25 23:14 98,816 a------- c:\windows\system32\mfps.dll
2010-02-25 23:14 53,248 a------- c:\windows\system32\rrinstaller.exe
2010-02-25 23:14 24,576 a------- c:\windows\system32\mfpmp.exe
2010-02-25 23:14 2,048 a------- c:\windows\system32\mferror.dll
2010-02-25 23:10 71,680 a------- c:\windows\system32\atl.dll
2010-02-25 23:04 160,256 a------- c:\windows\system32\wkssvc.dll
2010-02-25 23:03 2,066,432 a------- c:\windows\system32\mstscax.dll
2010-02-25 23:03 136,192 a------- c:\windows\system32\aaclient.dll
2010-02-25 23:03 53,248 a------- c:\windows\system32\tsgqec.dll
2010-02-25 22:54 2,048 a------- c:\windows\system32\tzres.dll
2010-02-25 22:54 623,616 a------- c:\windows\system32\localspl.dll
2010-02-25 22:46 6,656 a------- c:\windows\system32\kbd106n.dll
2010-02-25 22:38 37,888 a------- c:\windows\system32\printcom.dll
2010-02-25 22:37 2,036,736 a------- c:\windows\system32\win32k.sys
2010-02-25 22:36 14,848 a------- c:\windows\system32\wshrm.dll
2010-02-25 22:36 313,344 a------- c:\windows\system32\wmpdxm.dll
2010-02-25 22:35 332,288 a------- c:\windows\system32\msdrm.dll
2010-02-25 22:35 526,336 a------- c:\windows\system32\RMActivate_isv.exe
2010-02-25 22:35 518,144 a------- c:\windows\system32\RMActivate.exe
2010-02-25 22:35 471,552 a------- c:\windows\system32\secproc_isv.dll
2010-02-25 22:35 471,552 a------- c:\windows\system32\secproc.dll
2010-02-25 22:35 347,136 a------- c:\windows\system32\RMActivate_ssp.exe
2010-02-25 22:35 346,624 a------- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-25 22:35 152,576 a------- c:\windows\system32\secproc_ssp_isv.dll
2010-02-25 22:35 152,064 a------- c:\windows\system32\secproc_ssp.dll
2010-02-25 22:23 41,984 a------- c:\windows\system32\netfxperf.dll
2010-02-25 22:19 2,560 a------- c:\windows\apppatch\AcRes.dll
2010-02-25 22:18 84,480 a------- c:\windows\system32\INETRES.dll
2010-02-25 22:18 60,928 a------- c:\windows\system32\msasn1.dll
2010-02-25 22:18 784,896 a------- c:\windows\system32\rpcrt4.dll
2010-02-25 22:17 243,712 a------- c:\windows\system32\rastls.dll
2010-02-25 22:17:35 A------- 355,328 c:\windows\system32\WSDApi.dll

============= FINISH: 10:27:43,01 ===============

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-10 10:39:23
Windows 6.0.6002 Service Pack 2
Running: fw9iwbq2d.exe; Driver: C:\Users\Allan\AppData\Local\Temp\pwlcrpow.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0x904B6AC6]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0x904B68EA]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0x904B6A24]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntkrnlpa.exe!ZwLoadDriver 82786DF0 7 Bytes JMP 904B6A28 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 827F228F 5 Bytes JMP 904B2536 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObInsertObject 8284B038 5 Bytes JMP 904B3EC2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!NtCreateSection 8284C8C3 7 Bytes JMP 904B68EE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 828AC892 7 Bytes JMP 904B6ACA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
.rsrc C:\Windows\System32\drivers\mountmgr.sys entry point in ".rsrc" section [0x807AB014]
init C:\Windows\System32\Drivers\ItSDisk.sys entry point in "init" section [0x90487360]

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[1324] ntdll.dll!NtProtectVirtualMemory 76E54D34 5 Bytes JMP 0036000A
.text C:\Windows\system32\svchost.exe[1324] ntdll.dll!NtWriteVirtualMemory 76E55674 5 Bytes JMP 0045000A
.text C:\Windows\system32\svchost.exe[1324] ntdll.dll!KiUserExceptionDispatcher 76E55DC8 5 Bytes JMP 001B000A
.text C:\Windows\system32\svchost.exe[1324] ole32.dll!CoCreateInstance 76B09EA6 5 Bytes JMP 00A8000A
.text C:\Windows\system32\svchost.exe[1324] USER32.dll!GetCursorPos 76A30B88 5 Bytes JMP 01D1000A
.text C:\Windows\Explorer.EXE[4088] ntdll.dll!NtProtectVirtualMemory 76E54D34 5 Bytes JMP 0083000A
.text C:\Windows\Explorer.EXE[4088] ntdll.dll!NtWriteVirtualMemory 76E55674 5 Bytes JMP 0088000A
.text C:\Windows\Explorer.EXE[4088] ntdll.dll!KiUserExceptionDispatcher 76E55DC8 5 Bytes JMP 0082000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[4724] ntdll.dll!NtProtectVirtualMemory 76E54D34 5 Bytes JMP 0082000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[4724] ntdll.dll!NtWriteVirtualMemory 76E55674 5 Bytes JMP 0089000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[4724] ntdll.dll!KiUserExceptionDispatcher 76E55DC8 5 Bytes JMP 0081000A

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device -> \Driver\iaStor \Device\Harddisk0\DR0 85DE4EE4

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000ea6f3ec76
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xA8 0x77 0x07 0xF5 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x93 0x8E 0x27 0x4B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x84 0x74 0x33 0xFF ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000ea6f3ec76 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xA8 0x77 0x07 0xF5 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x93 0x8E 0x27 0x4B ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x84 0x74 0x33 0xFF ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000ea6f3ec76 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xA8 0x77 0x07 0xF5 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x93 0x8E 0x27 0x4B ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x84 0x74 0x33 0xFF ...

---- Files - GMER 1.0.15 ----

File C:\Windows\System32\drivers\mountmgr.sys suspicious modification
File C:\Windows\system32\drivers\iaStor.sys suspicious modification

---- EOF - GMER 1.0.15 ----

I would be very helpful on any advice on how to proceed...

Thanks in advance

Best regards
Allan

Attached Images

• 

Attached Files

•  Attach.txt   6.34KB   436 downloads

[LDTate]

DO NOT use any TOOLS such as Combofix, Vundofix, or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.


Vista and Windows 7 users:
1. These tools MUST be run from the executable. (.exe) every time you run them
2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

I suggest you do this:


XP Users

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Uncheck "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Uncheck "Hide protected operating system files."
Click Apply, and then click OK.


Vista Users

To enable the viewing of hidden and protected system files in Windows Vista please follow these steps:

Close all programs so that you are at your desktop.
Click on the Start button. This is the small round button with the Windows flag in the lower left corner.

Click on the Control Panel menu option.
When the control panel opens you can either be in Classic View or Control Panel Home view:

If you are in the Classic View do the following:
Double-click on the Folder Options icon.
Click on the View tab.


If you are in the Control Panel Home view do the following:

Click on the Appearance and Personalization link.
Click on Show Hidden Files or Folders.
Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
Remove the checkmark from the checkbox labeled Hide extensions for known file types.
Remove the checkmark from the checkbox labeled Hide protected operating system files.




Please do not delete anything unless instructed to.


We've been seeing some Java infections lately.
Go here and follow the instructions to clear your Java Cache


Next:

Please download ATF Cleaner by Atribune.
Download - ATF Cleaner»
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
[/list]If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

It's normal after running ATF cleaner that the PC will be slower to boot the first time.

Next:


Download ComboFix from one of these locations:

Link 1
Link 2 If using this link, Right Click and select Save As.


* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  
  
• Double click on ComboFix.exe & follow the prompts.
  
  Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
  
  Note: If you have SP3, use the SP2 package.If Vista or Windows 7, skip the Recovery Console part
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.


Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

[bakeneko]

Hi LDTate, and thanks for your time! I ran the steps according to your instructions. ComboFix claimed a file tried to hook to it's process, and asked me to note down the following: "C:\Windows\system32\APSHook.dll" It then continued scanning, and suddenly said "Combofix has detected presence of a Rootkit activity, and will restart the computer". The computer restarted, and there is no combofix.txt on the C: drive. How shall I proceed? Best regards Allan

Edited by bakeneko, 11 May 2010 - 12:58 AM.

[LDTate]

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.

• The application window will appear
• Click the Disable button to disable your CD Emulation drivers
• Click Yes to continue
• A 'Finished!' message will appear
• Click OK
• DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.


To re-enable your Emulation drivers AFTER we're finished, double click DeFogger to run the tool.

• The application window will appear
• Click the Re-enable button to re-enable your CD Emulation drivers
• Click Yes to continue
• A 'Finished!' message will appear
• Click OK
• DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.


Please download GMER from one of the following locations and save it to your desktop:

• Main Mirror
  This version will download a randomly named file (Recommended)
• Zipped Mirror
  This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

• Double click GMER.exe.
  
• If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
• In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
  • Sections
  • IAT/EAT
  • Drives/Partition other than Systemdrive (typically C:\)
  • Show All (don't miss this one)
    
    Click the image to enlarge it
• Then click the Scan button & wait for it to finish.
• Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
• Save the log where you can easily find it, such as your desktop.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Please copy and paste the report into your Post.

[bakeneko]

Ok, did as described, log below:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-11 14:44:38
Windows 6.0.6002 Service Pack 2
Running: hqxi7ni5.exe; Driver: C:\Users\Allan\AppData\Local\Temp\pwlcrpow.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0x916C3AC6]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0x916C38EA]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0x916C3A24]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000ea6f3ec76
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xA8 0x77 0x07 0xF5 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x93 0x8E 0x27 0x4B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x84 0x74 0x33 0xFF ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000ea6f3ec76 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xA8 0x77 0x07 0xF5 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x93 0x8E 0x27 0x4B ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x84 0x74 0x33 0xFF ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000ea6f3ec76 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xA8 0x77 0x07 0xF5 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x93 0x8E 0x27 0x4B ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x84 0x74 0x33 0xFF ...

---- EOF - GMER 1.0.15 ----

[LDTate]

Try Combofix again

[bakeneko]

Hi Tried combofix, it ran, and when I left the computer for a while, it had restarted. However, no combofix log seems to have been created. So far the computer seems fine, Chrome works again, no tabs open in FF, and Windows Update works fine.

[LDTate]

Search for Combofix.txt If not found, run combofix again.

[bakeneko]

Hi Indeed, I can't find combofix.txt, even when searching for it. I am also having some problem running combofix now, when I run it, the first progress-bar appear and disapear, and then nothing more happens, even if I wait for a very long time. If I try to run it again, I get an error message that it can't create some files, and that I should restart my computer. When I restart, I just get the same problem. Should I download a fresh copy and try again?

[LDTate]

Lets try this:

http://www.eset.eu/online-scanner
Go here to run an online scannner from ESET.
Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic.

[bakeneko]

Hi I ran the ESET scanner. The log.txt in C:\Program Files\ESET\ESET Online Scanner\ contains the following: ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK However, the scanner found something, and it asked me if I wanted to export the results. Here they are: C:\Qoobox\32788R22FWJFW\mountmgr.sys Win32/Olmarik.ZC trojan C:\Windows\winsxs\x86_microsoft-windows-mountpointmanager_31bf3856ad364e35_6.0.6001.18000_none_f29824c60705c394\mountmgr.sys Win32/Olmarik.ZC trojan

[LDTate]

Try booting in Safe Mode and run Combofix.

[bakeneko]

Hi I tried running Combofix in safe mode. It got stuck for more than 2 hours at the command prompt with the "This shouldn't take more than ten minutes" text, so finally I had to do a hard reset. I've had a assignment deadline for today, hence my slow replies, and this is the only computer at home at the moment. I'll try again tomorrow, when I can let it run as long as it needs.

[LDTate]

Download OTL to your desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Under the Custom Scan box paste this in:
  netsvcs
  %SYSTEMDRIVE%\*.*
  %systemroot%\*. /mp /s
  CREATERESTOREPOINT
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job /lockedfiles
  %systemroot%\System32\config\*.sav
  %systemroot%\system32\drivers\*.sys /90
  
  
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and include them in your next post.

Please include the following in your next post:

• OTL and Extras logs

[bakeneko]

Hi

Here are the logs:

--== OTIL.Txt ==--

OTL logfile created on: 2010-05-17 08:23:09 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Allan\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 0000041D | Country: Sweden | Language: SVE | Date Format: yyyy-MM-dd

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 66,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,44 Gb Total Space | 74,05 Gb Free Space | 63,59% Space Free | Partition Type: NTFS
Drive D: | 108,63 Gb Total Space | 35,61 Gb Free Space | 32,78% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ALLAN-PC
Current User Name: Allan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Users\Allan\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
PRC - C:\Windows\ASScrPro.exe ()
PRC - C:\Program Files\Net iD\iid.exe (SecMaker AB)
PRC - C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
PRC - C:\Program Files\WD\WD Anywhere Backup\MemeoBackup.exe (Memeo Inc.)
PRC - C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe (Memeo)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\ASUS\ASUS Live Update\ALU.exe ()
PRC - C:\Program Files\ASUS\SmartLogon\sensorsrv.exe (ASUS)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMON.EXE (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANOTIF.EXE (Intel Corporation)
PRC - C:\Program Files\ASUS\ASUS CopyProtect\ASPG.exe ()
PRC - C:\Program Files\P4G\BatteryLife.exe (ATK)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
PRC - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe ()
PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\Program Files\ATK Hotkey\HControl.exe (ATK0100)
PRC - C:\Program Files\ATK Hotkey\KBFiltr.exe ()
PRC - C:\Windows\System32\IfxPsdSv.exe (Infineon Technologies AG)
PRC - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\asghost.exe (Cognizance Corporation)
PRC - C:\Program Files\ATK Hotkey\ASLDRSrv.exe ()
PRC - C:\Program Files\Infineon\Security Platform Software\PSDrt.exe (Infineon Technologies AG)
PRC - C:\Windows\System32\IfxUAGUI.exe (Infineon Technologies AG)
PRC - C:\Program Files\Infineon\Security Platform Software\SpTNA.exe (Infineon Technologies AG)
PRC - C:\Program Files\ASUS\Splendid\ACMON.exe (ATK)
PRC - C:\Program Files\ATKOSD2\ATKOSD2.exe ()
PRC - C:\Program Files\Wireless Console 2\wcourier.exe ()
PRC - C:\Program Files\ATK Hotkey\ATKOSD.exe ()
PRC - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
PRC - C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUSTeK Computer INC.)
PRC - C:\Windows\System32\ACEngSvr.exe (ASUSTeK)


========== Modules (SafeList) ==========

MOD - C:\Users\Allan\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (PEVSystemStart) -- File not found
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (wampmysqld) -- c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe ()
SRV - (MemeoBackgroundService) -- C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe (Memeo)
SRV - (wampapache) -- c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe (Apache Software Foundation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMON.EXE (Intel Corporation)
SRV - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
SRV - (spmgr) -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe ()
SRV - (EvtEng) Intel® -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (RegSrvc) Intel® -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (PersonalSecureDriveService) -- C:\Windows\System32\IfxPsdSv.exe (Infineon Technologies AG)
SRV - (ASBroker) -- C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll (Cognizance Corporation)
SRV - (ASLDRService) -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe ()
SRV - (ASChannel) -- C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASChnl.dll (Cognizance Corporation)


========== Driver Services (SafeList) ==========

DRV - (catchme) -- C:\Users\Allan\AppData\Local\temp\catchme.sys ()
DRV - (iaStor) -- C:\Windows\system32\drivers\iaStor.sys (Intel Corporation)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (MODEMCSA) -- C:\Windows\System32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.SYS (Samsung Electronics)
DRV - (AtcL001) -- C:\Windows\System32\drivers\l160x86.sys (Atheros Communications, Inc.)
DRV - (FiltUSBET) -- C:\Windows\System32\drivers\etFilter.sys (eMPIA Technology Inc.)
DRV - (lullaby) -- C:\Windows\system32\DRIVERS\lullaby.sys (Windows ® Codename Longhorn DDK provider)
DRV - (ScanUSBET) -- C:\Windows\System32\drivers\etScan.sys (eMPIA Technology, Inc.)
DRV - (DCamUSBET) -- C:\Windows\System32\drivers\etDevice.sys (eMPIA Technology, Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (ghaio) -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys ()
DRV - (ASMMAP) -- C:\Program Files\ATKGFNEX\ASMMAP.sys ()
DRV - (NETw4v32) Intel® -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor) -- C:\Windows\System32\drivers\atswpdrv.sys (AuthenTec, Inc.)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( )
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (PersonalSecureDrive) -- C:\Windows\System32\drivers\psd.sys (Infineon Technologies AG)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation)
DRV - (NETw3v32) Intel® -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (ialm) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (ItSDisk) -- C:\Windows\System32\drivers\itsdisk.sys (Cognizance Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.74
FF - prefs.js..extensions.enabledItems: sv@dictionaries.addons.mozilla.org:1.41
FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:4.0.0
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-04-26 09:10:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-04-26 09:10:15 | 000,000,000 | ---D | M]

[2010-02-25 23:44:50 | 000,000,000 | ---D | M] -- C:\Users\Allan\AppData\Roaming\Mozilla\Extensions
[2010-05-16 10:49:20 | 000,000,000 | ---D | M] -- C:\Users\Allan\AppData\Roaming\Mozilla\Firefox\Profiles\wuq99le7.default\extensions
[2010-04-27 20:26:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Allan\AppData\Roaming\Mozilla\Firefox\Profiles\wuq99le7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010-05-04 07:03:47 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Allan\AppData\Roaming\Mozilla\Firefox\Profiles\wuq99le7.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010-02-26 11:13:42 | 000,000,000 | ---D | M] -- C:\Users\Allan\AppData\Roaming\Mozilla\Firefox\Profiles\wuq99le7.default\extensions\en-US@dictionaries.addons.mozilla.org
[2010-05-06 23:48:39 | 000,000,000 | ---D | M] -- C:\Users\Allan\AppData\Roaming\Mozilla\Firefox\Profiles\wuq99le7.default\extensions\firebug@software.joehewitt.com
[2010-02-26 00:45:19 | 000,000,000 | ---D | M] -- C:\Users\Allan\AppData\Roaming\Mozilla\Firefox\Profiles\wuq99le7.default\extensions\sv@dictionaries.addons.mozilla.org
[2010-04-17 21:59:26 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010-02-26 00:47:09 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010-04-17 21:59:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010-04-17 21:59:07 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010-02-04 15:01:14 | 000,220,472 | ---- | M] (SecMaker AB) -- C:\Program Files\Mozilla Firefox\plugins\npiidplg.dll
[2010-01-16 02:55:13 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010-01-16 02:55:13 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010-01-16 02:55:13 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010-01-16 02:55:13 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010-05-11 16:54:07 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (ASUS Security Protect Manager) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe ()
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe ()
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUSTeK Computer INC.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [CognizanceTS] C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASTSVCC.dll (Cognizance Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAANOTIF.EXE (Intel Corporation)
O4 - HKLM..\Run: [Net iD] C:\Program Files\Net iD\iid.exe (SecMaker AB)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe ()
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [WD Anywhere Backup] C:\Program Files\WD\WD Anywhere Backup\MemeoLauncher2.exe (Memeo Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O22 - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files\Stardock\Fences\FencesMenu.dll (Stardock)
O24 - Desktop WallPaper: D:\Documents\Backgrounds\02179_piertonowhere_1920x1200.jpg
O24 - Desktop BackupWallPaper: D:\Documents\Backgrounds\02179_piertonowhere_1920x1200.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006-09-18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2010-02-27 19:59:28 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010-05-17 08:21:05 | 000,571,392 | ---- | C] (OldTimer Tools) -- C:\Users\Allan\Desktop\OTL.exe
[2010-05-15 08:51:37 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010-05-15 08:49:03 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010-05-13 10:15:21 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010-05-11 17:18:25 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010-05-11 16:43:32 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010-05-11 16:43:32 | 000,000,000 | ---D | C] -- C:\Users\Allan\AppData\Local\temp
[2010-05-11 15:55:59 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010-05-11 10:08:11 | 000,000,000 | ---D | C] -- C:\Users\Allan\AppData\Local\Adobe
[2010-05-11 08:26:31 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010-05-11 08:26:31 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010-05-11 08:26:31 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010-05-11 08:22:21 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010-05-10 09:03:12 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010-05-10 09:01:30 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010-05-10 08:39:41 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2010-05-09 16:59:49 | 000,000,000 | ---D | C] -- C:\Windows\System32\catroot2
[2010-05-09 09:19:56 | 000,000,000 | ---D | C] -- C:\Users\Allan\AppData\Roaming\Malwarebytes
[2010-05-09 09:19:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010-05-09 09:19:48 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010-05-09 09:19:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010-05-09 09:19:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010-05-08 09:56:56 | 000,000,000 | ---D | C] -- C:\ProgramData\phpDesigner
[2010-05-08 09:53:16 | 000,000,000 | ---D | C] -- C:\Users\Allan\AppData\Roaming\phpDesigner
[2010-05-08 09:53:16 | 000,000,000 | ---D | C] -- C:\Program Files\phpDesigner
[2010-04-26 09:10:15 | 000,000,000 | ---D | C] -- C:\Program Files\Net iD
[2010-04-26 09:09:44 | 000,000,000 | ---D | C] -- C:\Users\Allan\AppData\Roaming\iid
[2010-04-23 08:05:00 | 000,000,000 | ---D | C] -- C:\Users\Allan\Documents\Downloads
[2010-04-23 08:03:12 | 000,000,000 | ---D | C] -- C:\Users\Allan\AppData\Local\Google
[2010-04-23 07:56:15 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2010-04-23 07:56:15 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2010-04-23 07:56:13 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010-04-23 07:55:19 | 000,000,000 | -H-D | C] -- C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010-04-23 07:55:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010-04-23 07:55:14 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010-04-22 14:05:24 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010-04-17 21:59:03 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010-04-13 10:58:45 | 000,000,000 | ---D | C] -- C:\Program Files\WMV9_VCM
[2010-04-13 10:43:13 | 000,000,000 | ---D | C] -- C:\Program Files\AsfTools 3.1
[2010-04-07 20:21:12 | 000,156,672 | ---- | C] (Radioactive) -- C:\Windows\System32\rmc_fixasf.exe
[2010-04-07 20:21:12 | 000,000,000 | ---D | C] -- C:\Users\Allan\Documents\My Recordings
[2010-04-07 20:20:35 | 000,323,584 | ---- | C] (Stefan Toengi) -- C:\Windows\System32\AUDIOGENIE2.DLL
[2010-04-07 20:16:12 | 000,000,000 | ---D | C] -- C:\Windows\Replay Media Catcher
[2010-04-07 20:16:12 | 000,000,000 | ---D | C] -- C:\Program Files\Replay Media Catcher
[2010-04-07 18:28:52 | 000,000,000 | ---D | C] -- C:\Program Files\SDP Multimedia
[2010-03-29 14:29:45 | 000,000,000 | ---D | C] -- C:\Program Files\MIKSOFT
[2010-03-29 14:22:12 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010-03-29 14:18:05 | 000,000,000 | ---D | C] -- C:\Users\Allan\AppData\Roaming\Audacity
[2010-03-29 14:17:41 | 000,000,000 | ---D | C] -- C:\Audacity 1.3 Beta (Unicode)
[2010-03-25 18:26:51 | 000,000,000 | ---D | C] -- C:\Users\Allan\AppData\Roaming\Stardock
[2010-03-25 18:26:46 | 000,000,000 | -H-D | C] -- C:\ProgramData\{A87EB928-0C6C-4071-AEF1-59E32BAEDF1B}
[2010-03-25 18:26:44 | 000,000,000 | ---D | C] -- C:\Program Files\Stardock
[2010-03-25 18:26:28 | 000,000,000 | ---D | C] -- C:\Users\Allan\AppData\Local\PackageAware
[2010-03-19 23:07:28 | 000,691,696 | ---- | C] (Duplex Secure Ltd.) -- C:\Windows\System32\drivers\sptd.sys
[2010-03-19 23:07:06 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2010-03-19 23:06:25 | 000,000,000 | ---D | C] -- C:\Users\Allan\AppData\Roaming\DAEMON Tools Lite
[2010-03-19 23:06:22 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2010-03-19 11:37:14 | 000,000,000 | ---D | C] -- C:\eclipse
[2010-03-19 10:17:03 | 000,000,000 | ---D | C] -- C:\Users\Allan\AppData\Roaming\Media Player Classic
[2010-03-19 10:16:23 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[2010-03-19 10:16:18 | 000,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\Windows\System32\lameACM.acm
[2010-03-19 10:16:18 | 000,217,088 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\yv12vfw.dll
[2010-03-19 10:16:18 | 000,151,552 | ---- | C] (fccHandler) -- C:\Windows\System32\ac3acm.acm
[2010-03-19 10:16:17 | 000,685,056 | ---- | C] (DivX, Inc.) -- C:\Windows\System32\divx.dll
[2010-03-19 10:16:17 | 000,090,112 | ---- | C] (DivX, Inc.) -- C:\Windows\System32\dpl100.dll
[2010-03-19 10:16:14 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2010-03-19 08:48:42 | 000,000,000 | ---D | C] -- C:\Users\Allan\AppData\Roaming\MySQL
[2010-03-19 08:46:27 | 000,000,000 | ---D | C] -- C:\Program Files\MySQL
[2010-03-18 14:50:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010-03-18 14:50:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010-03-17 17:29:57 | 000,000,000 | ---D | C] -- C:\Program Files\Armadillo Run
[2010-03-17 16:40:42 | 000,000,000 | ---D | C] -- C:\Users\Allan\AppData\Local\Deployment
[2010-03-17 16:40:39 | 000,000,000 | ---D | C] -- C:\Users\Allan\AppData\Local\Apps
[2010-03-13 19:42:47 | 000,000,000 | ---D | C] -- C:\Users\Allan\AppData\Local\GHISLER
[2010-03-13 19:39:54 | 000,000,000 | ---D | C] -- C:\totalcmd
[2010-03-13 19:39:54 | 000,000,000 | ---D | C] -- C:\Users\Allan\AppData\Roaming\GHISLER
[2010-03-11 14:40:06 | 000,000,000 | R--D | C] -- C:\Users\Allan\Documents\My Dropbox
[2010-03-11 14:34:35 | 000,000,000 | ---D | C] -- C:\Users\Allan\AppData\Roaming\Dropbox
[2010-03-10 22:09:15 | 000,000,000 | ---D | C] -- C:\Users\Allan\Desktop\Req
[2010-03-08 17:25:32 | 000,000,000 | ---D | C] -- C:\Program Files\SamsungPrinterLiveUpdate
[2010-03-08 17:25:28 | 000,000,000 | ---D | C] -- C:\Windows\Samsung
[2010-03-08 17:16:40 | 000,000,000 | ---D | C] -- C:\Users\Allan\AppData\Local\S2PC
[2010-03-08 17:16:36 | 000,522,240 | ---- | C] (Samsung) -- C:\Windows\System32\ssmgr.cpl
[2010-03-08 17:14:11 | 000,081,920 | ---- | C] (Samsung Electronics) -- C:\Windows\System32\ssdevm.dll
[2010-03-08 17:14:11 | 000,049,152 | ---- | C] (Samsung Electronics) -- C:\Windows\System32\Ssusbpn.dll
[2010-03-08 17:13:30 | 000,005,120 | ---- | C] (Samsung Electronics) -- C:\Windows\System32\drivers\SSPORT.SYS
[2010-03-08 17:13:26 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung
[2010-03-08 17:13:17 | 000,000,000 | ---D | C] -- C:\Temp
[2010-03-08 17:00:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Xerox
[2010-03-07 11:07:23 | 000,000,000 | ---D | C] -- C:\wamp
[2010-03-05 00:49:28 | 000,000,000 | ---D | C] -- C:\Users\Allan\AppData\Roaming\FileZilla
[2010-03-05 00:49:22 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client
[2010-03-01 14:33:55 | 000,000,000 | ---D | C] -- C:\Users\Allan\AppData\Roaming\VirtuaWin
[2010-03-01 14:33:52 | 000,000,000 | ---D | C] -- C:\Program Files\VirtuaWin
[2010-03-01 12:44:10 | 000,000,000 | ---D | C] -- C:\Users\Allan\Documents\SkypeIcons
[2010-03-01 08:16:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Memeo
[2010-03-01 08:16:15 | 000,000,000 | ---D | C] -- C:\Program Files\WD
[2010-03-01 00:54:00 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2010-02-28 22:23:33 | 000,000,000 | ---D | C] -- C:\Users\Allan\AppData\Roaming\WinRAR
[2010-02-28 22:22:00 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010-02-28 20:45:20 | 000,000,000 | ---D | C] -- C:\Program Files\Notepad++
[2010-02-28 19:57:21 | 000,000,000 | ---D | C] -- C:\ProgramData\MemeoCommon
[2010-02-28 19:45:36 | 000,000,000 | ---D | C] -- C:\Users\Allan\AppData\Roaming\WD
[2010-02-28 19:44:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\eSellerate
[2010-02-28 11:25:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2010-02-28 11:25:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2010-02-28 11:25:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2010-02-28 10:56:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2010-02-28 01:24:35 | 000,000,000 | ---D | C] -- C:\Users\Allan\AppData\Local\Microsoft Games
[2010-02-27 19:59:01 | 000,000,000 | ---D | C] -- C:\PerfLogs
[2010-02-27 11:42:58 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010-02-26 15:13:44 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2010-02-26 11:59:11 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010-02-26 11:59:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010-02-26 11:26:26 | 000,000,000 | ---D | C] -- C:\Users\Allan\AppData\Roaming\OpenOffice.org
[2010-02-26 11:17:35 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS
[2010-02-26 09:27:12 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010-02-26 09:11:35 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital
[2010-02-26 09:11:28 | 000,000,000 | ---D | C] -- C:\Users\Allan\Documents\WDC
[2010-02-26 09:03:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2010-02-26 08:33:36 | 000,000,000 | ---D | C] -- C:\Users\Allan\AppData\Roaming\vlc
[2010-02-26 08:33:02 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010-02-26 08:31:41 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2010-02-26 08:30:29 | 000,000,000 | ---D | C] -- C:\InstallationFiles
[2010-02-26 02:38:54 | 000,164,048 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010-02-26 02:38:54 | 000,051,792 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010-02-26 02:38:54 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010-02-26 02:38:54 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010-02-26 02:38:54 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010-02-26 02:38:37 | 000,165,032 | ---- | C] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2010-02-26 02:38:37 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\System32\avastSS.scr
[2010-02-26 02:38:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010-02-26 02:38:24 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010-02-26 02:32:09 | 000,000,000 | ---D | C] -- C:\Users\Allan\Documents\Updater5
[2010-02-26 02:21:14 | 000,000,000 | ---D | C] -- C:\Users\Allan\AppData\Roaming\Adobe
[2010-02-26 02:21:11 | 000,000,000 | ---D | C] -- C:\Users\Allan\AppData\Roaming\Infineon
[2010-02-26 02:21:08 | 000,000,000 | ---D | C] -- C:\Users\Allan\AppData\Roaming\Macromedia
[2010-02-26 02:20:53 | 000,000,000 | R--D | C] -- C:\Users\Allan\Searches
[2010-02-26 02:20:46 | 000,000,000 | ---D | C] -- C:\Users\Allan\AppData\Roaming\Identities
[2010-02-26 02:20:44 | 000,000,000 | R--D | C] -- C:\Users\Allan\Contacts
[2010-02-26 02:17:07 | 000,000,000 | ---D | C] -- C:\Program Files\ASUS Security Center
[2010-02-26 02:16:53 | 000,000,000 | ---D | C] -- C:\Program Files\Fingerprint Sensor
[2010-02-26 02:10:08 | 000,000,000 | ---D | C] -- C:\Users\Allan\AppData\Local\VirtualStore
[2010-02-26 02:10:07 | 000,000,000 | --SD | C] -- C:\Users\Allan\AppData\Roaming\Microsoft
[2010-02-26 02:10:07 | 000,000,000 | R--D | C] -- C:\Users\Allan\Videos
[2010-02-26 02:10:07 | 000,000,000 | R--D | C] -- C:\Users\Allan\Saved Games
[2010-02-26 02:10:07 | 000,000,000 | R--D | C] -- C:\Users\Allan\Pictures
[2010-02-26 02:10:07 | 000,000,000 | R--D | C] -- C:\Users\Allan\Music
[2010-02-26 02:10:07 | 000,000,000 | R--D | C] -- C:\Users\Allan\Links
[2010-02-26 02:10:07 | 000,000,000 | R--D | C] -- C:\Users\Allan\Favorites
[2010-02-26 02:10:07 | 000,000,000 | R--D | C] -- C:\Users\Allan\Downloads
[2010-02-26 02:10:07 | 000,000,000 | R--D | C] -- C:\Users\Allan\Documents
[2010-02-26 02:10:07 | 000,000,000 | R--D | C] -- C:\Users\Allan\Desktop
[2010-02-26 02:10:07 | 000,000,000 | -HSD | C] -- C:\Users\Allan\AppData\Local\Temporary Internet Files
[2010-02-26 02:10:07 | 000,000,000 | -HSD | C] -- C:\Users\Allan\Templates
[2010-02-26 02:10:07 | 000,000,000 | -HSD | C] -- C:\Users\Allan\Start Menu
[2010-02-26 02:10:07 | 000,000,000 | -HSD | C] -- C:\Users\Allan\SendTo
[2010-02-26 02:10:07 | 000,000,000 | -HSD | C] -- C:\Users\Allan\Recent
[2010-02-26 02:10:07 | 000,000,000 | -HSD | C] -- C:\Users\Allan\PrintHood
[2010-02-26 02:10:07 | 000,000,000 | -HSD | C] -- C:\Users\Allan\NetHood
[2010-02-26 02:10:07 | 000,000,000 | -HSD | C] -- C:\Users\Allan\Documents\My Videos
[2010-02-26 02:10:07 | 000,000,000 | -HSD | C] -- C:\Users\Allan\Documents\My Pictures
[2010-02-26 02:10:07 | 000,000,000 | -HSD | C] -- C:\Users\Allan\Documents\My Music
[2010-02-26 02:10:07 | 000,000,000 | -HSD | C] -- C:\Users\Allan\My Documents
[2010-02-26 02:10:07 | 000,000,000 | -HSD | C] -- C:\Users\Allan\Local Settings
[2010-02-26 02:10:07 | 000,000,000 | -HSD | C] -- C:\Users\Allan\AppData\Local\History
[2010-02-26 02:10:07 | 000,000,000 | -HSD | C] -- C:\Users\Allan\Cookies
[2010-02-26 02:10:07 | 000,000,000 | -HSD | C] -- C:\Users\Allan\Application Data
[2010-02-26 02:10:07 | 000,000,000 | -HSD | C] -- C:\Users\Allan\AppData\Local\Application Data
[2010-02-26 02:10:07 | 000,000,000 | -H-D | C] -- C:\Users\Allan\AppData
[2010-02-26 02:10:07 | 000,000,000 | ---D | C] -- C:\Users\Allan\Roaming
[2010-02-26 02:10:07 | 000,000,000 | ---D | C] -- C:\Users\Allan\AppData\Local\Microsoft
[2010-02-26 02:10:07 | 000,000,000 | ---D | C] -- C:\Users\Allan\AppData\Roaming\Media Center Programs
[2010-02-26 01:49:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010-02-26 01:49:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010-02-26 01:48:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Infineon
[2010-02-26 01:48:14 | 000,000,000 | ---D | C] -- C:\Program Files\Infineon
[2010-02-26 01:46:26 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2010-02-26 01:41:58 | 004,814,371 | ---- | C] (Macromedia, Inc.) -- C:\Windows\ASUS Camera ScreenSaver.exe
[2010-02-26 01:41:58 | 000,274,800 | ---- | C] (ASUSTeK Computer Inc) -- C:\Windows\ASUS Camera ScreenSaver Uninstaller.exe
[2010-02-26 01:41:57 | 000,503,808 | ---- | C] (ScreenTime Media) -- C:\Windows\Asus_Camera_ScreenSaver.scr
[2010-02-26 01:41:56 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2010-02-26 01:41:55 | 000,000,000 | ---D | C] -- C:\Windows\Asus_Camera_ScreenSaver dir
[2010-02-26 01:41:37 | 000,155,648 | ---- | C] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe
[2010-02-26 01:41:01 | 000,000,000 | ---D | C] -- C:\Program Files\P4P
[2010-02-26 01:39:17 | 000,000,000 | ---D | C] -- C:\Program Files\Power4Gear eXtreme
[2010-02-26 01:39:17 | 000,000,000 | ---D | C] -- C:\ProgramData\P4G
[2010-02-26 01:39:17 | 000,000,000 | ---D | C] -- C:\Program Files\P4G
[2010-02-26 01:38:34 | 000,000,000 | ---D | C] -- C:\ProgramData\ASUS
[2010-02-26 01:35:54 | 000,015,416 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\System32\drivers\lullaby.sys
[2010-02-26 01:34:36 | 000,000,000 | ---D | C] -- C:\Program Files\ATKGFNEX
[2010-02-26 01:33:32 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2010-02-26 01:29:41 | 000,182,456 | ---- | C] (Synaptics, Inc.) -- C:\Windows\System32\drivers\SynTP.sys
[2010-02-26 01:29:41 | 000,143,360 | ---- | C] (Synaptics, Inc.) -- C:\Windows\System32\SynTPAPI.dll
[2010-02-26 01:29:41 | 000,110,592 | ---- | C] (Synaptics, Inc.) -- C:\Windows\System32\SynTPCo4.dll
[2010-02-26 01:29:40 | 000,196,608 | ---- | C] (Synaptics, Inc.) -- C:\Windows\System32\SynCtrl.dll
[2010-02-26 01:29:40 | 000,163,840 | ---- | C] (Synaptics, Inc.) -- C:\Windows\System32\SynCOM.dll
[2010-02-26 01:28:22 | 000,982,272 | ---- | C] (Motorola Inc.) -- C:\Windows\System32\drivers\smserial.sys
[2010-02-26 01:28:21 | 000,196,608 | ---- | C] (Motorola Inc.) -- C:\Windows\System32\sm56co6a.dll
[2010-02-26 01:28:13 | 000,005,632 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys
[2010-02-26 01:27:52 | 000,221,184 | ---- | C] (EETI) -- C:\Windows\Uninstall.exe
[2010-02-26 01:27:51 | 000,474,624 | ---- | C] (eMPIA Technology, Inc.) -- C:\Windows\System32\drivers\etDevice.sys
[2010-02-26 01:27:51 | 000,206,336 | ---- | C] (eMPIA Technology Inc.) -- C:\Windows\System32\drivers\etFilter.sys
[2010-02-26 01:27:51 | 000,011,776 | ---- | C] (eMPIA Technology, Inc.) -- C:\Windows\System32\etUSD.dll
[2010-02-26 01:27:51 | 000,006,656 | ---- | C] (eMPIA Technology, Inc.) -- C:\Windows\System32\drivers\etScan.sys
[2010-02-26 01:27:04 | 000,046,592 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\drivers\l160x86.sys
[2010-02-26 01:26:57 | 000,007,680 | ---- | C] (ATK0100) -- C:\Windows\System32\drivers\ATKACPI.sys
[2010-02-26 01:22:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Roaming
[2010-02-26 01:21:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel
[2010-02-26 01:20:09 | 000,000,000 | ---D | C] -- C:\Program Files\Motorola
[2010-02-26 01:16:52 | 000,000,000 | ---D | C] -- C:\Windows\System32\ENU
[2010-02-26 01:16:51 | 000,000,000 | ---D | C] -- C:\Windows\System32\Lang
[2010-02-26 01:14:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Azureus
[2010-02-26 01:14:25 | 000,000,000 | ---D | C] -- C:\Users\Allan\AppData\Roaming\Azureus
[2010-02-26 01:13:51 | 000,000,000 | ---D | C] -- C:\Program Files\Wireless Console 2
[2010-02-26 01:13:38 | 000,000,000 | ---D | C] -- C:\Program Files\Vuze
[2010-02-26 01:13:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\i4j_jres
[2010-02-26 01:11:36 | 000,042,496 | ---- | C] (REDC) -- C:\Windows\System32\drivers\rimsptsk.sys
[2010-02-26 01:11:36 | 000,039,936 | ---- | C] (REDC) -- C:\Windows\System32\drivers\rimmptsk.sys
[2010-02-26 01:11:36 | 000,037,376 | ---- | C] (REDC) -- C:\Windows\System32\drivers\rixdptsk.sys
[2010-02-26 01:09:56 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM
[2010-02-26 01:09:18 | 000,339,968 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll
[2010-02-26 01:09:18 | 000,185,776 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSHD.dll
[2010-02-26 01:09:18 | 000,167,936 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSHP360.dll
[2010-02-26 01:09:18 | 000,135,168 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll
[2010-02-26 01:09:14 | 004,702,208 | ---- | C] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
[2010-02-26 01:09:14 | 000,126,976 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\maxxaudioapo.dll
[2010-02-26 01:09:14 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2010-02-26 01:01:16 | 000,000,000 | ---D | C] -- C:\Users\Allan\AppData\Roaming\Winamp
[2010-02-26 01:01:16 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp
[2010-02-26 00:58:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2010-02-26 00:58:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010-02-26 00:58:19 | 000,000,000 | ---D | C] -- C:\Program Files\ATKOSD2
[2010-02-26 00:57:44 | 000,000,000 | ---D | C] -- C:\Program Files\ATK Hotkey
[2010-02-26 00:57:43 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2010-02-26 00:54:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010-02-26 00:50:52 | 000,000,000 | ---D | C] -- C:\Users\Allan\AppData\Roaming\skypePM
[2010-02-26 00:50:20 | 000,000,000 | ---D | C] -- C:\Users\Allan\AppData\Roaming\Skype
[2010-02-26 00:48:54 | 000,000,000 | ---D | C] -- C:\Users\Allan\Documents\My Received Files
[2010-02-26 00:47:19 | 000,000,000 | ---D | C] -- C:\Program Files\ASUS
[2010-02-26 00:47:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010-02-26 00:46:58 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010-02-26 00:46:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2010-02-26 00:45:49 | 000,000,000 | ---D | C] -- C:\Users\Allan\Tracing
[2010-02-26 00:44:45 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2010-02-26 00:44:39 | 000,000,000 | ---D | C] -- C:\Intel
[2010-02-26 00:43:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010-02-26 00:42:56 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010-02-26 00:42:55 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010-02-26 00:42:50 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2010-02-26 00:42:34 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010-02-26 00:42:24 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010-02-26 00:41:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2010-02-26 00:38:01 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010-02-26 00:37:14 | 000,000,000 | ---D | C] -- C:\Users\Allan\Desktop\Downloads
[2010-02-26 00:33:04 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010-02-25 23:44:42 | 000,000,000 | ---D | C] -- C:\Users\Allan\AppData\Roaming\Mozilla
[2010-02-25 23:44:42 | 000,000,000 | ---D | C] -- C:\Users\Allan\AppData\Local\Mozilla

========== Files - Modified Within 90 Days ==========

[2010-05-17 08:22:43 | 001,835,008 | -HS- | M] () -- C:\Users\Allan\NTUSER.DAT
[2010-05-17 08:21:10 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Users\Allan\Desktop\OTL.exe
[2010-05-17 08:12:33 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010-05-17 08:12:33 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010-05-17 08:12:33 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010-05-17 08:08:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3899043805-2102556902-2462334787-1000UA.job
[2010-05-17 08:08:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3899043805-2102556902-2462334787-1000Core.job
[2010-05-17 08:05:14 | 000,060,275 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010-05-17 08:04:56 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2010-05-17 08:04:54 | 000,060,275 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010-05-17 08:04:52 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010-05-17 08:04:51 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010-05-17 08:04:51 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010-05-17 08:04:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010-05-17 08:04:42 | 3220,430,848 | -HS- | M] () -- C:\hiberfil.sys
[2010-05-17 00:39:28 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010-05-17 00:39:22 | 000,524,288 | -HS- | M] () -- C:\Users\Allan\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010-05-17 00:39:22 | 000,065,536 | -HS- | M] () -- C:\Users\Allan\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010-05-17 00:39:05 | 003,098,505 | -H-- | M] () -- C:\Users\Allan\AppData\Local\IconCache.db
[2010-05-16 22:47:15 | 000,035,328 | ---- | M] () -- C:\Users\Allan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-05-15 08:50:19 | 000,001,356 | ---- | M] () -- C:\Users\Allan\AppData\Local\d3d9caps.dat
[2010-05-14 15:48:21 | 006,185,383 | ---- | M] () -- C:\Users\Allan\Desktop\20100423-398253-en-1.pdf
[2010-05-11 23:13:53 | 000,101,131 | ---- | M] () -- C:\Users\Allan\Desktop\New OpenDocument Text (2).odt
[2010-05-11 22:44:25 | 000,147,571 | ---- | M] () -- C:\Users\Allan\Desktop\question 13-14-15.jpg
[2010-05-11 17:17:16 | 302,009,844 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010-05-11 16:54:13 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010-05-11 16:54:07 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010-05-11 15:42:13 | 003,686,135 | R--- | M] () -- C:\Users\Allan\Desktop\ComboFix.exe
[2010-05-11 15:42:13 | 003,686,135 | ---- | M] () -- C:\Users\Allan\Desktop\ComboFix - Copy.exe
[2010-05-11 14:27:47 | 000,293,376 | ---- | M] () -- C:\Users\Allan\Desktop\hqxi7ni5.exe
[2010-05-11 11:50:29 | 000,013,543 | ---- | M] () -- C:\Users\Allan\Desktop\New OpenDocument Text (2).pdf
[2010-05-11 11:19:05 | 000,201,314 | ---- | M] () -- C:\Users\Allan\Desktop\Survey Results Area.pdf
[2010-05-11 11:13:04 | 000,007,334 | ---- | M] () -- C:\Users\Allan\Desktop\New OpenDocument Text.odt
[2010-05-11 07:51:51 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010-05-10 13:40:27 | 000,122,409 | ---- | M] () -- C:\Users\Allan\Desktop\BHUSA09-Guerra-EconomicsCyberCrime-PAPER.pdf
[2010-05-10 10:19:19 | 000,293,376 | ---- | M] () -- C:\Users\Allan\Desktop\fw9iwbq2d.exe
[2010-05-10 10:18:31 | 000,359,929 | ---- | M] () -- C:\Users\Allan\Desktop\dds.scr
[2010-05-10 10:14:08 | 000,000,020 | ---- | M] () -- C:\Users\Allan\defogger_reenable
[2010-05-10 09:04:25 | 000,050,477 | ---- | M] () -- C:\Users\Allan\Desktop\Defogger.exe
[2010-05-10 09:01:30 | 000,000,740 | ---- | M] () -- C:\Users\Allan\Desktop\NTREGOPT.lnk
[2010-05-10 09:01:30 | 000,000,721 | ---- | M] () -- C:\Users\Allan\Desktop\ERUNT.lnk
[2010-05-10 09:00:08 | 000,018,463 | ---- | M] () -- C:\Users\Allan\Desktop\sysrest_fails.jpg
[2010-05-09 09:19:51 | 000,000,825 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010-05-09 00:31:36 | 000,080,896 | ---- | M] () -- C:\Users\Allan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini.x
[2010-05-08 17:33:14 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010-05-08 10:29:22 | 000,027,540 | ---- | M] () -- C:\Users\Allan\AppData\Roaming\phpdesigner.xml
[2010-05-08 09:53:26 | 000,000,789 | ---- | M] () -- C:\Users\Allan\Desktop\phpDesigner 7.lnk
[2010-05-06 22:59:36 | 000,165,032 | ---- | M] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2010-05-06 22:39:23 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010-05-06 22:39:00 | 000,164,048 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010-05-06 22:34:27 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010-05-06 22:34:10 | 000,051,792 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010-05-06 22:33:47 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010-05-06 15:05:51 | 000,237,568 | ---- | M] () -- C:\Windows\System32\rmc_rtspdl.dll
[2010-05-06 15:05:51 | 000,156,672 | ---- | M] (Radioactive) -- C:\Windows\System32\rmc_fixasf.exe
[2010-05-06 15:05:49 | 000,323,584 | ---- | M] (Stefan Toengi) -- C:\Windows\System32\AUDIOGENIE2.DLL
[2010-04-30 06:59:01 | 000,255,728 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010-04-29 22:44:54 | 000,009,700 | ---- | M] () -- C:\Users\Allan\Desktop\referenser.odt
[2010-04-29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010-04-29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010-04-27 10:34:21 | 000,157,127 | ---- | M] () -- C:\Users\Allan\Desktop\my_poor_hd2.jpg
[2010-04-26 15:58:12 | 000,256,512 | ---- | M] () -- C:\Windows\PEV.exe
[2010-04-26 11:13:59 | 000,014,599 | ---- | M] () -- C:\Users\Allan\Desktop\logga-redan-valt.png
[2010-04-23 23:03:12 | 000,158,782 | ---- | M] () -- C:\Users\Allan\Desktop\mickipedia.jpg
[2010-04-23 07:56:13 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010-04-23 07:56:12 | 000,015,880 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2010-04-22 15:18:50 | 000,019,704 | ---- | M] () -- C:\Users\Allan\Desktop\osC emails.ods
[2010-04-15 07:48:23 | 000,001,100 | ---- | M] () -- C:\Users\Allan\Desktop\Video.lnk
[2010-04-14 18:47:23 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\Windows\System32\avastSS.scr
[2010-04-07 20:16:20 | 000,001,813 | ---- | M] () -- C:\Users\Public\Desktop\Replay Media Catcher.lnk
[2010-03-29 14:10:20 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdRapi_01_00_00.Wdf
[2010-03-26 10:25:35 | 000,000,442 | ---- | M] () -- C:\Users\Allan\Desktop\MBA.lnk
[2010-03-25 18:28:17 | 000,001,814 | ---- | M] () -- C:\Users\Allan\Desktop\Customize Fences.lnk
[2010-03-22 18:39:38 | 000,007,487 | ---- | M] () -- C:\Users\Allan\Desktop\chegg1.jpg
[2010-03-19 23:07:28 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) -- C:\Windows\System32\drivers\sptd.sys
[2010-03-19 22:24:24 | 000,000,785 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts - Copy
[2010-03-19 15:38:32 | 000,417,659 | ---- | M] () -- C:\Users\Allan\Desktop\Picture 1.png
[2010-03-19 15:31:44 | 000,030,496 | ---- | M] () -- C:\Users\Allan\Desktop\ostrich_head.jpg
[2010-03-19 08:48:37 | 000,055,576 | ---- | M] () -- C:\Users\Allan\AppData\Local\GDIPFONTCACHEV1.DAT
[2010-03-17 17:29:58 | 000,000,871 | ---- | M] () -- C:\Users\Allan\Desktop\Armadillo Run.lnk
[2010-03-14 20:00:00 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[2010-03-14 20:00:00 | 000,085,504 | ---- | M] () -- C:\Windows\System32\ff_vfw.dll
[2010-03-14 20:00:00 | 000,000,038 | ---- | M] () -- C:\Windows\avisplitter.ini
[2010-03-13 19:39:56 | 000,000,591 | ---- | M] () -- C:\Users\Allan\Desktop\Total Commander.lnk
[2010-03-11 14:40:06 | 000,000,948 | ---- | M] () -- C:\Users\Allan\Desktop\Dropbox.lnk
[2010-03-08 17:31:10 | 025,988,982 | ---- | M] () -- C:\Users\Allan\Documents\knowledge.bmp
[2010-03-08 09:08:30 | 000,000,462 | ---- | M] () -- C:\Users\Allan\Desktop\www.lnk
[2010-03-07 11:56:38 | 000,000,469 | ---- | M] () -- C:\Users\Allan\Desktop\Hibnertech.lnk
[2010-03-07 11:08:25 | 000,000,566 | ---- | M] () -- C:\Users\Allan\Desktop\start WampServer.lnk
[2010-03-05 00:49:25 | 000,001,792 | ---- | M] () -- C:\Users\Allan\Desktop\FileZilla Client.lnk
[2010-03-01 09:28:39 | 000,000,493 | ---- | M] () -- C:\Users\Allan\Desktop\Job and CVs - 2010.lnk
[2010-03-01 00:53:56 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010-02-28 20:45:23 | 000,000,849 | ---- | M] () -- C:\Users\Public\Desktop\Notepad++.lnk
[2010-02-28 20:03:59 | 000,000,372 | ---- | M] () -- C:\Users\Allan\Desktop\Documents on D.lnk
[2010-02-28 11:24:53 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2010-02-27 20:07:35 | 000,027,839 | ---- | M] () -- C:\Users\Allan\AppData\Roaming\nvModes.001
[2010-02-27 20:06:06 | 000,000,749 | RH-- | M] () -- C:\Windows\WindowsShell.Manifest
[2010-02-27 19:47:08 | 000,101,888 | ---- | M] (Infineon Technologies AG) -- C:\Windows\System32\ifxcardm.dll
[2010-02-27 19:47:07 | 000,082,432 | ---- | M] (Gemalto, Inc.) -- C:\Windows\System32\axaltocm.dll
[2010-02-26 09:11:40 | 000,000,988 | ---- | M] () -- C:\Users\Allan\Desktop\WD Discovery.lnk
[2010-02-26 02:34:51 | 000,000,546 | ---- | M] () -- C:\Windows\System32\ABM51Sn.DAT
[2010-02-26 02:32:52 | 000,524,288 | -HS- | M] () -- C:\Users\Allan\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2010-02-26 02:31:05 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\1043_ASUSTeK_M51Sn.alu
[2010-02-26 02:10:07 | 000,000,020 | -HS- | M] () -- C:\Users\Allan\ntuser.ini
[2010-02-26 01:42:09 | 000,033,136 | ---- | M] () -- C:\Windows\ASScrPro.exe
[2010-02-26 01:41:59 | 004,814,371 | ---- | M] (Macromedia, Inc.) -- C:\Windows\ASUS Camera ScreenSaver.exe
[2010-02-26 01:41:59 | 000,037,232 | ---- | M] () -- C:\Windows\ASScrProlog.exe
[2010-02-26 01:41:58 | 000,274,800 | ---- | M] (ASUSTeK Computer Inc) -- C:\Windows\ASUS Camera ScreenSaver Uninstaller.exe
[2010-02-26 01:41:57 | 000,503,808 | ---- | M] (ScreenTime Media) -- C:\Windows\Asus_Camera_ScreenSaver.scr
[2010-02-26 01:41:55 | 000,012,288 | ---- | M] () -- C:\Windows\impborl.dll
[2010-02-26 01:33:52 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01000.Wdf
[2010-02-26 00:50:52 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2010-02-26 00:43:01 | 000,001,731 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010-02-26 00:21:03 | 000,027,839 | ---- | M] () -- C:\Users\Allan\AppData\Roaming\nvModes.dat
[2010-02-25 23:24:03 | 000,001,820 | ---- | M] () -- C:\Windows\System32\rasctrnm.h
[2010-02-25 23:17:41 | 002,501,921 | ---- | M] () -- C:\Windows\System32\wlan.tmf
[2010-02-25 23:17:38 | 000,015,181 | ---- | M] () -- C:\Windows\System32\gatherWirelessInfo.vbs
[2010-02-25 22:27:22 | 031,588,352 | ---- | M] () -- C:\Windows\ocsetup_install_NetFx3.etl
[2010-02-25 22:27:22 | 000,196,608 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf
[2010-02-25 22:27:22 | 000,065,536 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx

========== Files Created - No Company Name ==========

[2010-05-15 10:22:14 | 3220,430,848 | -HS- | C] () -- C:\hiberfil.sys
[2010-05-15 08:48:42 | 003,686,135 | ---- | C] () -- C:\Users\Allan\Desktop\ComboFix - Copy.exe
[2010-05-14 15:48:17 | 006,185,383 | ---- | C] () -- C:\Users\Allan\Desktop\20100423-398253-en-1.pdf
[2010-05-11 22:44:25 | 000,147,571 | ---- | C] () -- C:\Users\Allan\Desktop\question 13-14-15.jpg
[2010-05-11 15:42:04 | 003,686,135 | R--- | C] () -- C:\Users\Allan\Desktop\ComboFix.exe
[2010-05-11 14:27:46 | 000,293,376 | ---- | C] () -- C:\Users\Allan\Desktop\hqxi7ni5.exe
[2010-05-11 11:27:42 | 000,013,543 | ---- | C] () -- C:\Users\Allan\Desktop\New OpenDocument Text (2).pdf
[2010-05-11 11:18:47 | 000,201,314 | ---- | C] () -- C:\Users\Allan\Desktop\Survey Results Area.pdf
[2010-05-11 11:15:45 | 000,101,131 | ---- | C] () -- C:\Users\Allan\Desktop\New OpenDocument Text (2).odt
[2010-05-11 11:13:04 | 000,007,334 | ---- | C] () -- C:\Users\Allan\Desktop\New OpenDocument Text.odt
[2010-05-11 08:26:31 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010-05-11 08:26:31 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010-05-11 08:26:31 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010-05-11 08:26:31 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010-05-11 08:26:31 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010-05-10 13:40:27 | 000,122,409 | ---- | C] () -- C:\Users\Allan\Desktop\BHUSA09-Guerra-EconomicsCyberCrime-PAPER.pdf
[2010-05-10 10:19:18 | 000,293,376 | ---- | C] () -- C:\Users\Allan\Desktop\fw9iwbq2d.exe
[2010-05-10 10:18:31 | 000,359,929 | ---- | C] () -- C:\Users\Allan\Desktop\dds.scr
[2010-05-10 10:13:54 | 000,000,020 | ---- | C] () -- C:\Users\Allan\defogger_reenable
[2010-05-10 09:04:25 | 000,050,477 | ---- | C] () -- C:\Users\Allan\Desktop\Defogger.exe
[2010-05-10 09:01:30 | 000,000,740 | ---- | C] () -- C:\Users\Allan\Desktop\NTREGOPT.lnk
[2010-05-10 09:01:30 | 000,000,721 | ---- | C] () -- C:\Users\Allan\Desktop\ERUNT.lnk
[2010-05-10 09:00:07 | 000,018,463 | ---- | C] () -- C:\Users\Allan\Desktop\sysrest_fails.jpg
[2010-05-09 21:07:07 | 000,045,056 | ---- | C] () -- C:\Windows\System32\acovcnt.exe
[2010-05-09 10:18:43 | 000,035,328 | ---- | C] () -- C:\Users\Allan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-05-09 09:19:51 | 000,000,825 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010-05-08 10:29:22 | 000,027,540 | ---- | C] () -- C:\Users\Allan\AppData\Roaming\phpdesigner.xml
[2010-05-08 09:53:26 | 000,000,789 | ---- | C] () -- C:\Users\Allan\Desktop\phpDesigner 7.lnk
[2010-05-03 15:55:34 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010-04-29 20:45:11 | 000,009,700 | ---- | C] () -- C:\Users\Allan\Desktop\referenser.odt
[2010-04-27 10:34:21 | 000,157,127 | ---- | C] () -- C:\Users\Allan\Desktop\my_poor_hd2.jpg
[2010-04-26 11:13:59 | 000,014,599 | ---- | C] () -- C:\Users\Allan\Desktop\logga-redan-valt.png
[2010-04-23 23:03:24 | 000,158,782 | ---- | C] () -- C:\Users\Allan\Desktop\mickipedia.jpg
[2010-04-23 08:37:46 | 000,015,880 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2010-04-23 08:03:13 | 000,000,908 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3899043805-2102556902-2462334787-1000UA.job
[2010-04-23 08:03:13 | 000,000,856 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3899043805-2102556902-2462334787-1000Core.job
[2010-04-22 14:07:14 | 000,019,704 | ---- | C] () -- C:\Users\Allan\Desktop\osC emails.ods
[2010-04-15 07:48:23 | 000,001,100 | ---- | C] () -- C:\Users\Allan\Desktop\Video.lnk
[2010-04-07 20:21:12 | 000,237,568 | ---- | C] () -- C:\Windows\System32\rmc_rtspdl.dll
[2010-04-07 20:16:20 | 000,001,813 | ---- | C] () -- C:\Users\Public\Desktop\Replay Media Catcher.lnk
[2010-04-01 08:28:52 | 000,000,566 | ---- | C] () -- C:\Users\Allan\Desktop\start WampServer.lnk
[2010-03-29 14:10:20 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdRapi_01_00_00.Wdf
[2010-03-26 10:25:35 | 000,000,442 | ---- | C] () -- C:\Users\Allan\Desktop\MBA.lnk
[2010-03-25 18:26:52 | 000,001,814 | ---- | C] () -- C:\Users\Allan\Desktop\Customize Fences.lnk
[2010-03-23 23:26:39 | 000,001,356 | ---- | C] () -- C:\Users\Allan\AppData\Local\d3d9caps.dat
[2010-03-22 18:39:38 | 000,007,487 | ---- | C] () -- C:\Users\Allan\Desktop\chegg1.jpg
[2010-03-19 15:38:10 | 000,417,659 | ---- | C] () -- C:\Users\Allan\Desktop\Picture 1.png
[2010-03-19 15:31:44 | 000,030,496 | ---- | C] () -- C:\Users\Allan\Desktop\ostrich_head.jpg
[2010-03-19 10:16:22 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010-03-19 10:16:22 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010-03-19 10:16:18 | 000,000,414 | ---- | C] () -- C:\Windows\System32\lame_acm.xml
[2010-03-19 10:16:17 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2010-03-19 10:16:17 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010-03-19 10:16:17 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010-03-19 10:16:15 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010-03-19 10:16:15 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2010-03-17 17:29:58 | 000,000,871 | ---- | C] () -- C:\Users\Allan\Desktop\Armadillo Run.lnk
[2010-03-13 19:39:56 | 000,000,591 | ---- | C] () -- C:\Users\Allan\Desktop\Total Commander.lnk
[2010-03-13 19:39:54 | 000,000,545 | ---- | C] () -- C:\Windows\UC.PIF
[2010-03-13 19:39:54 | 000,000,545 | ---- | C] () -- C:\Windows\RAR.PIF
[2010-03-13 19:39:54 | 000,000,545 | ---- | C] () -- C:\Windows\PKZIP.PIF
[2010-03-13 19:39:54 | 000,000,545 | ---- | C] () -- C:\Windows\PKUNZIP.PIF
[2010-03-13 19:39:54 | 000,000,545 | ---- | C] () -- C:\Windows\NOCLOSE.PIF
[2010-03-13 19:39:54 | 000,000,545 | ---- | C] () -- C:\Windows\LHA.PIF
[2010-03-13 19:39:54 | 000,000,545 | ---- | C] () -- C:\Windows\ARJ.PIF
[2010-03-11 14:40:06 | 000,000,948 | ---- | C] () -- C:\Users\Allan\Desktop\Dropbox.lnk
[2010-03-08 17:30:00 | 025,988,982 | ---- | C] () -- C:\Users\Allan\Documents\knowledge.bmp
[2010-03-08 17:16:40 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe
[2010-03-08 17:16:39 | 000,080,384 | ---- | C] () -- C:\Windows\smgrinst.exe
[2010-03-08 17:16:31 | 000,113,768 | ---- | C] () -- C:\Windows\Wiainst.exe
[2010-03-08 17:14:25 | 000,011,502 | ---- | C] () -- C:\Windows\Dr. Printer Icon.ico
[2010-03-08 17:14:11 | 000,090,112 | ---- | C] () -- C:\Windows\System32\SaSegFlt.dll
[2010-03-08 17:14:10 | 000,270,336 | ---- | C] () -- C:\Windows\System32\SaMinDrv.dll
[2010-03-08 17:14:10 | 000,106,496 | ---- | C] () -- C:\Windows\System32\SaImgFlt.dll
[2010-03-08 17:14:10 | 000,061,440 | ---- | C] () -- C:\Windows\System32\SaErHdlr.dll
[2010-03-08 09:08:30 | 000,000,462 | ---- | C] () -- C:\Users\Allan\Desktop\www.lnk
[2010-03-07 11:56:38 | 000,000,469 | ---- | C] () -- C:\Users\Allan\Desktop\Hibnertech.lnk
[2010-03-05 00:49:25 | 000,001,792 | ---- | C] () -- C:\Users\Allan\Desktop\FileZilla Client.lnk
[2010-03-04 15:57:21 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2010-03-01 09:28:39 | 000,000,493 | ---- | C] () -- C:\Users\Allan\Desktop\Job and CVs - 2010.lnk
[2010-03-01 00:53:56 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010-02-28 20:45:23 | 000,000,849 | ---- | C] () -- C:\Users\Public\Desktop\Notepad++.lnk
[2010-02-28 20:03:59 | 000,000,372 | ---- | C] () -- C:\Users\Allan\Desktop\Documents on D.lnk
[2010-02-28 11:24:53 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2010-02-28 10:05:08 | 000,060,275 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010-02-28 10:04:26 | 000,060,275 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010-02-28 01:46:16 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010-02-28 01:46:14 | 011,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex
[2010-02-28 01:11:00 | 000,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2010-02-28 01:10:54 | 000,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man
[2010-02-28 01:10:32 | 000,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf
[2010-02-28 01:10:27 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010-02-28 01:10:27 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010-02-28 01:10:22 | 003,662,128 | ---- | C] () -- C:\Windows\System32\locale.nls
[2010-02-28 01:10:20 | 000,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf
[2010-02-28 01:10:08 | 000,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf
[2010-02-28 01:09:30 | 000,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2010-02-28 01:09:23 | 000,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs
[2010-02-28 01:07:25 | 000,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml
[2010-02-28 01:07:12 | 000,000,153 | ---- | C] () -- C:\Windows\System32\RacUREx.xml
[2010-02-27 11:42:34 | 302,009,844 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010-02-27 10:23:04 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2010-02-27 05:06:15 | 000,195,122 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2010-02-27 05:05:14 | 000,012,198 | ---- | C] () -- C:\Windows\System32\gatherWiredInfo.vbs
[2010-02-27 05:05:13 | 000,144,909 | ---- | C] () -- C:\Windows\System32\fsmgmt.msc
[2010-02-27 05:05:12 | 000,145,455 | ---- | C] () -- C:\Windows\System32\perfmon.msc
[2010-02-27 05:05:12 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf
[2010-02-26 09:11:40 | 000,000,988 | ---- | C] () -- C:\Users\Allan\Desktop\WD Discovery.lnk
[2010-02-26 02:34:51 | 000,000,546 | ---- | C] () -- C:\Windows\System32\ABM51Sn.DAT
[2010-02-26 02:31:05 | 000,000,000 | ---- | C] () -- C:\Windows\System32\drivers\1043_ASUSTeK_M51Sn.alu
[2010-02-26 02:10:07 | 001,835,008 | -HS- | C] () -- C:\Users\Allan\NTUSER.DAT
[2010-02-26 02:10:07 | 000,524,288 | -HS- | C] () -- C:\Users\Allan\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2010-02-26 02:10:07 | 000,524,288 | -HS- | C] () -- C:\Users\Allan\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010-02-26 02:10:07 | 000,262,144 | -H-- | C] () -- C:\Users\Allan\ntuser.dat.LOG1
[2010-02-26 02:10:07 | 000,065,536 | -HS- | C] () -- C:\Users\Allan\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010-02-26 02:10:07 | 000,000,020 | -HS- | C] () -- C:\Users\Allan\ntuser.ini
[2010-02-26 02:10:07 | 000,000,000 | -H-- | C] () -- C:\Users\Allan\ntuser.dat.LOG2
[2010-02-26 01:42:09 | 000,033,136 | ---- | C] () -- C:\Windows\ASScrPro.exe
[2010-02-26 01:41:59 | 000,037,232 | ---- | C] () -- C:\Windows\ASScrProlog.exe
[2010-02-26 01:41:55 | 000,012,288 | ---- | C] () -- C:\Windows\impborl.dll
[2010-02-26 01:33:52 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01000.Wdf
[2010-02-26 01:32:23 | 000,081,920 | ---- | C] () -- C:\Windows\PGMONITOR.EXE
[2010-02-26 01:32:23 | 000,000,014 | ---- | C] () -- C:\M51SN_VISTA.20
[2010-02-26 01:32:23 | 000,000,012 | ---- | C] () -- C:\RECOVERY.DAT
[2010-02-26 01:29:42 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2010-02-26 01:27:52 | 000,049,152 | ---- | C] () -- C:\Windows\revdevdll.dll
[2010-02-26 01:27:05 | 001,048,576 | ---- | C] () -- C:\M51SnAS.BIN
[2010-02-26 01:27:05 | 000,000,000 | ---- | C] () -- C:\Windows\System32\drivers\1043_ASUSTEK_M51SN_V20_VISTA.MRK
[2010-02-26 01:11:36 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2010-02-26 00:55:41 | 000,080,896 | ---- | C] () -- C:\Users\Allan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini.x
[2010-02-26 00:50:52 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010-02-26 00:43:01 | 000,001,731 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010-02-26 00:22:54 | 000,027,839 | ---- | C] () -- C:\Users\Allan\AppData\Roaming\nvModes.001
[2010-02-26 00:21:02 | 000,027,839 | ---- | C] () -- C:\Users\Allan\AppData\Roaming\nvModes.dat
[2010-02-25 23:24:03 | 000,001,820 | ---- | C] () -- C:\Windows\System32\rasctrnm.h
[2010-02-25 23:17:41 | 002,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2010-02-25 23:17:38 | 000,015,181 | ---- | C] () -- C:\Windows\System32\gatherWirelessInfo.vbs
[2010-02-25 22:24:38 | 031,588,352 | ---- | C] () -- C:\Windows\ocsetup_install_NetFx3.etl
[2010-02-25 22:24:38 | 000,196,608 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf
[2010-02-25 22:24:38 | 000,065,536 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx
[2009-10-26 04:58:00 | 000,022,723 | ---- | C] () -- C:\Windows\System32\ssw1ml3.dll
[2007-06-01 20:58:40 | 000,999,424 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll
[2007-04-20 07:18:10 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2006-11-02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006-11-02 12:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006-11-02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005-04-03 01:30:00 | 000,110,592 | R--- | C] () -- C:\Windows\System32\scardsyn.dll
[1998-05-06 06:10:00 | 000,069,632 | R--- | C] () -- C:\Windows\System32\ODMA32.dll

========== LOP Check ==========

[2010-03-29 14:43:59 | 000,000,000 | ---D | M] -- C:\Users\Allan\AppData\Roaming\Audacity
[2010-05-17 00:39:08 | 000,000,000 | ---D | M] -- C:\Users\Allan\AppData\Roaming\Azureus
[2010-03-20 10:06:20 | 000,000,000 | ---D | M] -- C:\Users\Allan\AppData\Roaming\DAEMON Tools Lite
[2010-05-11 11:57:07 | 000,000,000 | ---D | M] -- C:\Users\Allan\AppData\Roaming\Dropbox
[2010-05-04 11:28:03 | 000,000,000 | ---D | M] -- C:\Users\Allan\AppData\Roaming\FileZilla
[2010-03-13 19:39:54 | 000,000,000 | ---D | M] -- C:\Users\Allan\AppData\Roaming\GHISLER
[2010-04-26 09:14:00 | 000,000,000 | ---D | M] -- C:\Users\Allan\AppData\Roaming\iid
[2010-02-26 02:21:11 | 000,000,000 | ---D | M] -- C:\Users\Allan\AppData\Roaming\Infineon
[2010-03-19 08:48:42 | 000,000,000 | ---D | M] -- C:\Users\Allan\AppData\Roaming\MySQL
[2010-02-26 11:26:26 | 000,000,000 | ---D | M] -- C:\Users\Allan\AppData\Roaming\OpenOffice.org
[2010-05-08 10:29:21 | 000,000,000 | ---D | M] -- C:\Users\Allan\AppData\Roaming\phpDesigner
[2010-03-25 18:26:51 | 000,000,000 | ---D | M] -- C:\Users\Allan\AppData\Roaming\Stardock
[2010-03-01 14:33:55 | 000,000,000 | ---D | M] -- C:\Users\Allan\AppData\Roaming\VirtuaWin
[2010-02-28 19:45:36 | 000,000,000 | ---D | M] -- C:\Users\Allan\AppData\Roaming\WD
[2010-05-11 07:51:51 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2010-05-17 00:39:29 | 000,032,556 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010-05-17 08:04:41 | 000,013,436 | ---- | M] () -- C:\aaw7boot.log
[2006-09-18 23:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009-04-11 08:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2007-04-20 07:40:24 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006-12-30 01:20:42 | 000,000,019 | ---- | M] () -- C:\CD13.txt
[2010-02-26 02:11:50 | 000,412,076 | ---- | M] () -- C:\ciam_uninstall.log
[2010-02-26 02:11:39 | 000,016,145 | ---- | M] () -- C:\ciam_uninstall_0225-1611.log
[2006-09-18 23:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010-02-26 01:53:09 | 000,000,009 | ---- | M] () -- C:\Finish.log
[2010-05-17 08:04:42 | 3220,430,848 | -HS- | M] () -- C:\hiberfil.sys
[2007-12-24 06:38:08 | 001,048,576 | ---- | M] () -- C:\M51SnAS.BIN
[2008-01-02 05:17:54 | 000,000,014 | ---- | M] () -- C:\M51SN_VISTA.20
[2010-05-17 08:04:41 | 3534,204,928 | -HS- | M] () -- C:\pagefile.sys
[2007-10-15 11:25:27 | 000,000,012 | ---- | M] () -- C:\RECOVERY.DAT
[2010-02-26 01:10:22 | 000,000,426 | ---- | M] () -- C:\RHDSetup.log
[2010-02-26 01:12:39 | 000,000,086 | ---- | M] () -- C:\setup.log

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009-04-11 08:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009-04-11 08:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006-11-02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006-11-02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006-11-02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006-11-02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006-11-02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\drivers\*.sys /90 >
[2010-05-06 22:33:47 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010-05-06 22:34:10 | 000,051,792 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010-05-06 22:34:27 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010-05-06 22:39:00 | 000,164,048 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010-05-06 22:39:23 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010-02-20 22:53:34 | 000,411,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\http.sys
[2010-05-11 06:57:59 | 000,308,248 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\iaStor.sys
[2010-02-25 23:15:55 | 000,439,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecdd.sys
[2010-04-29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010-04-29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010-02-23 13:10:13 | 000,106,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb.sys
[2010-02-23 13:10:19 | 000,212,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys
[2010-02-23 13:10:13 | 000,079,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys
[2010-04-23 07:56:13 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010-03-19 23:07:28 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) -- C:\Windows\System32\drivers\sptd.sys
[2010-02-25 23:23:11 | 000,302,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv.sys
[2010-02-25 22:18:03 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys
[2010-02-25 23:23:11 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys
[2010-02-18 16:07:16 | 000,904,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpip.sys
[2010-02-25 22:32:16 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpipreg.sys
[2010-02-18 13:28:13 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tunnel.sys
< End of report >





--== Extras.Txt ==--

OTL Extras logfile created on: 2010-05-17 08:23:09 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Allan\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 0000041D | Country: Sweden | Language: SVE | Date Format: yyyy-MM-dd

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 66,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,44 Gb Total Space | 74,05 Gb Free Space | 63,59% Space Free | Partition Type: NTFS
Drive D: | 108,63 Gb Total Space | 35,61 Gb Free Space | 32,78% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ALLAN-PC
Current User Name: Allan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02286FA4-23A8-4EAC-A584-4A62C283B9EE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{13D6B111-A6F5-42E3-889E-EDCFD793DF26}" = rport=137 | protocol=17 | dir=out | app=system |
"{1BB21DD2-FD4E-43CB-AFCA-EF393C565F92}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{2C915334-FD4D-41C8-8BC6-FEB03358285E}" = lport=137 | protocol=17 | dir=in | app=system |
"{31F5A08E-92B4-4546-9625-4E1BFE9CC7A1}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{460A0D88-87A5-47BC-8DA0-E07DA2ABB7A9}" = rport=139 | protocol=6 | dir=out | app=system |
"{486FF60E-E74B-4AC7-99C1-74CAF59E7DF5}" = rport=445 | protocol=6 | dir=out | app=system |
"{68F8C7F4-3E3C-4696-BE9B-16BB1270C3A7}" = lport=139 | protocol=6 | dir=in | app=system |
"{80B06839-E287-495E-84A7-1BF233DE68E9}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9FFE06E1-2E68-4BC0-A3B3-1ED48848FE05}" = lport=445 | protocol=6 | dir=in | app=system |
"{DF18A2D6-35B0-437B-BEB6-1CD8F8190153}" = lport=138 | protocol=17 | dir=in | app=system |
"{E7646F79-4528-4436-B6DA-441ADC13BE6E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F6D07118-19F5-4746-AB11-C133F86B3789}" = rport=138 | protocol=17 | dir=out | app=system |
"{FDBA7263-70AE-44F0-80F8-BAECBB48D971}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{11784133-EC41-4443-B1C8-B491229172AA}" = protocol=17 | dir=in | app=c:\users\allan\appdata\roaming\dropbox\bin\dropbox.exe |
"{12390FD8-58E8-4400-9807-861706860B79}" = protocol=17 | dir=in | app=c:\windows\twain_32\samsung\scx4500w\scan2pc.exe |
"{1943F2AA-A6A3-46AC-A18C-E600BB36560E}" = protocol=6 | dir=in | app=c:\users\allan\appdata\roaming\dropbox\bin\dropbox.exe |
"{32743AB1-CD01-4248-8935-0028F1B5641C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{3B2E0405-13B4-4DA5-A022-B390724FB2B4}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{418E3DD1-3D06-41BD-8314-177D0B5732BD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{49993297-CB0D-4D0C-BC2D-5FD5BCDC64D4}" = protocol=6 | dir=in | app=c:\windows\twain_32\samsung\scx4500w\scan2pc.exe |
"{545ACDBA-F1AE-40FC-BD71-D02BD505F03E}" = protocol=17 | dir=in | app=c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe |
"{56CD273D-95BA-4EDD-818C-A7E7231EE992}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{586F0966-76F2-4824-97B3-F6D7CBA4A428}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5D4ABDAF-1E55-490D-94B8-7B0BAC14861B}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{63337445-555E-4FAD-B868-0AB7C8812763}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{67CFE971-A51F-4CA0-9B52-C3DA5F55F1A6}" = protocol=6 | dir=in | app=c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe |
"{8AAB4001-32E9-474B-B653-BA4767313D39}" = protocol=17 | dir=in | app=c:\windows\twain_32\samsung\scanmgr.exe |
"{9DED9A14-117E-4A27-9629-CD03D3D99BFC}" = protocol=6 | dir=in | app=c:\windows\twain_32\samsung\scanmgr.exe |
"{B6E1C153-6FD2-4B38-81D9-C5297325C261}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{F0F1520D-F36F-4593-A4D5-C256E1665F66}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{F7C0B939-01B5-4C13-83CE-86AD3762AD25}" = protocol=6 | dir=in | app=c:\windows\twain_32\samsung\scx4500w\sscan2io.exe |
"{F8C6FE0B-89CB-44F4-A5B2-B0FD3D572F7E}" = protocol=17 | dir=in | app=c:\windows\twain_32\samsung\scx4500w\sscan2io.exe |
"{FE016EC2-A913-41F3-A5A1-D1340581FE94}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"TCP Query User{4AC18A0E-F624-4CF7-9553-C3BB47676B74}C:\program files\phpdesigner\phpdesigner.exe" = protocol=6 | dir=in | app=c:\program files\phpdesigner\phpdesigner.exe |
"TCP Query User{9BF79BC7-54BD-49E1-A5A1-B8B90C0E7184}C:\eclipse\eclipse.exe" = protocol=6 | dir=in | app=c:\eclipse\eclipse.exe |
"TCP Query User{A360B7C5-70AF-4D79-9476-EAED1E9FAC5F}C:\program files\western digital\wd discovery software\wd discovery.exe" = protocol=6 | dir=in | app=c:\program files\western digital\wd discovery software\wd discovery.exe |
"TCP Query User{B17B27EF-5569-434E-A09E-DC39ED9CFC06}C:\program files\western digital\wd discovery software\wd discovery.exe" = protocol=6 | dir=in | app=c:\program files\western digital\wd discovery software\wd discovery.exe |
"TCP Query User{D9881568-ECBD-46F5-8B76-AD67DE2B4117}E:\wd discovery software\wd discovery.exe" = protocol=6 | dir=in | app=e:\wd discovery software\wd discovery.exe |
"UDP Query User{23136095-3E2A-4067-8DCC-E241077CC2B4}E:\wd discovery software\wd discovery.exe" = protocol=17 | dir=in | app=e:\wd discovery software\wd discovery.exe |
"UDP Query User{42ED5C2F-31C3-48A8-8AA6-EC1936CAF444}C:\program files\western digital\wd discovery software\wd discovery.exe" = protocol=17 | dir=in | app=c:\program files\western digital\wd discovery software\wd discovery.exe |
"UDP Query User{A3D7F332-ADA1-48AE-85DE-D044AB0B6E40}C:\program files\western digital\wd discovery software\wd discovery.exe" = protocol=17 | dir=in | app=c:\program files\western digital\wd discovery software\wd discovery.exe |
"UDP Query User{AC20C693-B0DC-42E4-A770-786D22E8D8A8}C:\eclipse\eclipse.exe" = protocol=17 | dir=in | app=c:\eclipse\eclipse.exe |
"UDP Query User{EDF9B9AB-81BF-4D57-8D46-B9C70B219893}C:\program files\phpdesigner\phpdesigner.exe" = protocol=17 | dir=in | app=c:\program files\phpdesigner\phpdesigner.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier
"{10CD364B-FFCC-48BE-B469-B9622A033075}" = Fences
"{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}" = ATK Media
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2396F815-84E0-4353-83D7-8B190556DA42}" = ASUS CopyProtect
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57B15AD4-8C9D-4164-82BB-E33D8644E757}" = ASUS InstantFun
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2
"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{68131B0A-D78D-4aed-B74E-33A6C7324E50}" = WD Anywhere Backup
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{78897DE2-640B-45D0-AA03-AC2DB9D95A7A}" = MySQL Workbench 5.0 OSS
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8CFEBE9C-F29F-4C49-80E0-7106970F8734}" = Power4Gear eXtreme
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A62892A7-9D90-4A58-8FFF-78FC5A2BC3C5}" = OpenOffice.org 3.2
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{B547CB8D-549A-436E-97B5-E79F911B11E2}" = SDP Downloader
"{C0FC1C14-4824-4A73-87A6-9E888C9C3102}" = ASUS Splendid Video Enhancement Technology
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D104C1CF-7C12-4D32-9850-DDC99060DE5B}" = Infineon TPM Professional Package
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D8D4AF9A-6ADE-4B14-A7F5-BA858792729E}" = ASUS Security Protect Manager
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{EB4DF30B-102B-4F0C-927A-D50E037A325D}" = AuthenTec Fingerprint Sensor Minimum Install
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}" = mCore
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FC3D290D-79BE-44B7-ABF9-FDD110925930}" = P4P
"7-Zip" = 7-Zip 4.65
"8461-7759-5462-8226" = Vuze
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Armadillo Run_is1" = Armadillo Run 1.0.3
"AsfTools 3.1" = AsfTools 3.1 (remove only)
"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver
"avast5" = avast! Free Antivirus
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"Fences" = Fences
"iid" = Net iD 5.3
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.8.3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mobile Media Converter_is1" = MIKSOFT Mobile Media Converter
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"phpDesigner7.2.1_is1" = phpDesigner 7 version 7.2.1
"ProInst" = Intel® PROSet/Wireless Software
"Replay Media Catcher 3.02" = Replay Media Catcher 3.02
"Samsung SCX-4500W Series" = Samsung SCX-4500W Series
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Totalcmd" = Total Commander (Remove or Repair)
"USB2.0 1.3M UVC WebCam" = USB2.0 1.3M UVC WebCam
"WampServer 2_is1" = WampServer 2.0
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"VLC media player" = VLC media player 1.0.5
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"FileZilla Client" = FileZilla Client 3.3.2
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2010-05-10 03:03:38 | Computer Name = Allan-PC | Source = System Restore | ID = 8193
Description =

Error - 2010-05-10 06:12:21 | Computer Name = Allan-PC | Source = SPP | ID = 16387
Description =

Error - 2010-05-10 06:12:21 | Computer Name = Allan-PC | Source = System Restore | ID = 8193
Description =

Error - 2010-05-10 06:12:21 | Computer Name = Allan-PC | Source = System Restore | ID = 8210
Description =

Error - 2010-05-10 08:35:05 | Computer Name = Allan-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 2010-05-11 02:26:59 | Computer Name = Allan-PC | Source = SPP | ID = 16387
Description =

Error - 2010-05-11 02:26:59 | Computer Name = Allan-PC | Source = System Restore | ID = 8193
Description =

Error - 2010-05-11 08:23:00 | Computer Name = Allan-PC | Source = Application Error | ID = 1000
Description = Faulting application LUpdate.exe, version 1.0.0.7, time stamp 0x4ad81016,
faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
0xc0000005, fault offset 0x00000000, process id 0x129c, application start time 0x01caf104b17268f4.

Error - 2010-05-11 08:26:06 | Computer Name = Allan-PC | Source = Application Error | ID = 1000
Description = Faulting application LUpdate.exe, version 1.0.0.7, time stamp 0x4ad81016,
faulting module ntdll.dll, version 6.0.6002.18005, time stamp 0x49e03821, exception
code 0xc0000005, fault offset 0x00065dab, process id 0x129c, application start time
0x01caf104b17268f4.

Error - 2010-05-11 08:33:09 | Computer Name = Allan-PC | Source = Perflib | ID = 1010
Description =

[ System Events ]
Error - 2010-02-26 12:43:35 | Computer Name = Allan-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 2010-02-26 13:45:47 | Computer Name = Allan-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 2010-02-26 17:08:07 | Computer Name = Allan-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 2010-02-26 19:39:29 | Computer Name = Allan-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 2010-02-26 23:37:25 | Computer Name = Allan-PC | Source = DCOM | ID = 10010
Description =

Error - 2010-02-26 23:38:21 | Computer Name = Allan-PC | Source = Service Control Manager | ID = 7043
Description =

Error - 2010-02-27 03:31:32 | Computer Name = Allan-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 2010-02-27 05:41:05 | Computer Name = Allan-PC | Source = DCOM | ID = 10010
Description =


< End of report >