« previous next »
Pages: [1]

Author Topic: Is it or Isn't it?  (Read 818 times)

Offline Bertran

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Is it or Isn't it?
« on: December 07, 2009, 07:47:18 PM »
Hi everybody!

 A little portable AV program scanned my machine and could only find a "probable BATCH virus" called SRunners.vbs in the C:\Documents and Settings\[user]\Local Settings\Temp folder.

I have AVG Anti-Virus Free installed. OS is Windows XP Pro.

I don't think it's a virus or a Trojan. What do you think? http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/unsure.gif\' class=\'bbc_emoticon\' alt=\':unsure:\' />

By the way, I don't fully trust AVG Free because it did not spot an Internat.exe in my C:\ and the corresponding entry in the Register. It was much bigger than it should be, and the icon was different from the one belonging to the "true" file. I erased both file and entry, and I keep switching keyboard languages as usual.
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Is it or Isn't it?
« Reply #1 on: December 07, 2009, 11:06:10 PM »
Quote
By the way, I don't fully trust AVG Free because it did not spot an Internat.exe in my C:\ and the corresponding entry in the Register

Not sure what you mean by that, did you click on that file and AVG didn't notice it, or was it laying stagnant and you never scanned that area?

I suggest you do the following
Download [color=\"#FF0000\"]OTL.exe[/color][/url] by OldTimer to your Desktop.
  • Close all windows and double click on OTL.exe to run it
  • Click Run Scan and let the program run uninterrupted.
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.

NOTE: If you have trouble, or an error message trying to post the logs
Can you upload it to a reply box
In a Reply, select "Browse..." on the bottom right and then navigate to the file and select it
Then click "Upload"
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Bertran

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Is it or Isn't it?
« Reply #2 on: December 08, 2009, 10:38:49 PM »
[quote name=\'guestolo\' post=\'466724\' date=\'Dec 8 2009, 01:06 AM\']Not sure what you mean by that, did you click on that file and AVG didn't notice it, or was it laying stagnant and you never scanned that area?

I suggest you do the following
Download [color=\"#ff0000\"]OTL.exe[/color][/url] by OldTimer to your Desktop.
  • Close all windows and double click on OTL.exe to run it
  • Click Run Scan and let the program run uninterrupted.
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.

NOTE: If you have trouble, or an error message trying to post the logs
Can you upload it to a reply box
In a Reply, select "Browse..." on the bottom right and then navigate to the file and select it
Then click "Upload"[/quote]

 http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' /> Thank you Questolo. As regards your 1st question, AVG scanned the area and didn't notice a C:\Internat.exe.
As to the logs, here they go:
OTL logfile created on: 09/12/2009 12:20:58 a.m. - Run 1
OTL by OldTimer - Version 3.1.11.9     Folder = C:\Documents and Settings\jmal\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00002C0A | Country: Argentina | Language: ESS | Date Format: dd/MM/yyyy
 
1023,53 Mb Total Physical Memory | 516,26 Mb Available Physical Memory | 50,44% Memory free
2,40 Gb Paging File | 1,98 Gb Available in Paging File | 82,59% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 100,59 Gb Total Space | 77,55 Gb Free Space | 77,09% Space Free | Partition Type: NTFS
Drive D: | 76,32 Gb Total Space | 14,03 Gb Free Space | 18,39% Space Free | Partition Type: NTFS
Drive E: | 365,13 Gb Total Space | 291,81 Gb Free Space | 79,92% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: PC-1
Current User Name: jmal
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
[color=\"#E56717\"]========== Processes (SafeList) ==========[/color]
 
PRC - [2009/12/08 22:40:09 | 00,536,576 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jmal\Desktop\OTL.exe
PRC - [2009/11/12 09:44:48 | 02,020,120 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2009/11/12 09:44:47 | 00,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2009/11/11 09:56:28 | 00,038,912 | ---- | M] () -- C:\WINDOWS\wizmo.exe
PRC - [2009/10/24 11:01:02 | 01,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/10/24 11:01:01 | 00,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/10/24 11:01:01 | 00,502,040 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2009/10/24 11:00:55 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2009/10/24 11:00:54 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/10/11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/06/10 04:02:50 | 00,904,840 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
PRC - [2009/06/10 03:57:40 | 00,136,472 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2009/06/10 03:57:36 | 00,431,384 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2009/06/10 03:55:30 | 01,326,080 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/04/13 21:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/20 10:36:26 | 02,044,712 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
PRC - [2007/09/20 10:36:16 | 01,440,552 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
PRC - [2007/09/20 10:35:56 | 01,077,032 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\InCD\InCD.exe
PRC - [2007/09/20 09:51:46 | 00,853,288 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
PRC - [2006/10/22 12:22:00 | 00,159,810 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2006/10/10 14:35:36 | 00,603,664 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\RAXCO\PerfectDisk\PDEngine.exe
PRC - [2006/10/10 14:35:24 | 00,402,960 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\RAXCO\PerfectDisk\PDAgent.exe
PRC - [2003/12/15 14:39:16 | 00,221,696 | ---- | M] (O&O Software GmbH) -- C:\WINDOWS\system32\oodag.exe
PRC - [2002/09/20 16:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
PRC - [2002/07/02 17:56:00 | 00,024,576 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTHELPER.EXE
PRC - [2001/08/17 19:36:54 | 00,086,016 | ---- | M] (PCtel, Inc.) -- C:\WINDOWS\system32\pctspk.exe
PRC - [2001/08/01 02:00:00 | 00,191,488 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\ShareDLL\CTNotify.exe
PRC - [2001/08/01 02:00:00 | 00,166,912 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\ShareDLL\Mediadet.exe
PRC - [2000/06/26 07:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MsPMSPSv.exe
PRC - [1999/12/13 01:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE
 
 
[color=\"#E56717\"]========== Modules (SafeList) ==========[/color]
 
MOD - [2009/12/08 22:40:09 | 00,536,576 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jmal\Desktop\OTL.exe
MOD - [2009/05/24 22:41:34 | 00,304,128 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll
MOD - [2008/04/13 21:11:56 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\linkinfo.dll
MOD - [2008/04/13 21:11:52 | 00,367,616 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dsound.dll
MOD - [2006/10/22 12:22:00 | 01,470,464 | ---- | M] () -- C:\WINDOWS\system32\nview.dll
MOD - [2006/10/22 12:22:00 | 00,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvwddi.dll
MOD - [2002/12/14 12:57:38 | 00,118,784 | ---- | M] () -- C:\WINDOWS\system32\DrvTrNTl.dll
MOD - [2002/12/14 12:56:48 | 00,049,152 | ---- | M] (High Criteria inc.) -- C:\WINDOWS\system32\DrvTrNTm.dll
MOD - [2002/11/06 20:00:38 | 00,040,820 | ---- | M] (SoundMAX) -- C:\WINDOWS\system32\Syncor11.dll
MOD - [2002/11/05 11:05:30 | 00,061,440 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTAGENT.DLL
 
 
[color=\"#E56717\"]========== Win32 Services (SafeList) ==========[/color]
 
SRV - [2009/10/24 11:00:55 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2009/10/24 11:00:54 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/08/17 13:01:44 | 00,099,176 | ---- | M] (SiSoftware) -- C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2009.SP4\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2009/06/10 03:57:36 | 00,431,384 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2007/09/20 15:35:38 | 00,382,248 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2007/09/20 10:36:16 | 01,440,552 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2007/09/20 09:51:46 | 00,853,288 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe -- (Nero BackItUp Scheduler 3)
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/10/22 12:22:00 | 00,159,810 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2006/10/10 14:35:36 | 00,603,664 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk\PDEngine.exe -- (PDEngine)
SRV - [2006/10/10 14:35:24 | 00,402,960 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe -- (PDAgent)
SRV - [2005/06/13 07:44:18 | 00,155,648 | ---- | M] (Allume Systems, Inc.) -- C:\Program Files\Allume\StuffIt\MXTask.exe -- (StuffIt Task Manager)
SRV - [2003/12/15 14:39:16 | 00,221,696 | ---- | M] (O&O Software GmbH) -- C:\WINDOWS\system32\oodag.exe -- (O&O Defrag)
SRV - [2002/09/20 16:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))
SRV - [2001/08/17 19:36:54 | 00,086,016 | ---- | M] (PCtel, Inc.) -- C:\WINDOWS\system32\pctspk.exe -- (Pctspk)
SRV - [2000/06/26 07:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MsPMSPSv.exe -- (WMDM PMSP Service)
SRV - [1999/12/13 01:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE -- (Creative Service for CDROM Access)
 
 
[color=\"#E56717\"]========== Driver Services (SafeList) ==========[/color]
 
DRV - [2009/11/19 19:22:09 | 00,441,760 | ---- | M] (Acronis) -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2009/11/19 19:22:09 | 00,044,384 | ---- | M] (Acronis) -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2009/11/19 19:21:59 | 00,132,480 | ---- | M] (Acronis) -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2009/11/19 19:21:44 | 00,368,480 | ---- | M] (Acronis) -- C:\WINDOWS\system32\DRIVERS\tdrpman.sys -- (tdrpman)
DRV - [2009/11/13 21:49:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2009/11/10 09:51:01 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/10/24 11:01:14 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/10/24 11:01:14 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/08/07 23:46:56 | 00,023,112 | ---- | M] (SiSoftware) -- C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2009.SP4\WNt500x86\sandra.sys -- (SANDRA)
DRV - [2009/07/28 21:31:52 | 00,020,616 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\WINDOWS\system32\drivers\eufs.sys -- (EUFS)
DRV - [2009/07/28 21:31:50 | 00,014,216 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\WINDOWS\system32\drivers\eudskacs.sys -- (EUDSKACS)
DRV - [2009/07/28 21:31:48 | 00,026,120 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\WINDOWS\system32\drivers\eubakup.sys -- (EUBAKUP)
DRV - [2009/07/28 21:31:46 | 00,122,504 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\WINDOWS\system32\drivers\EuDisk.sys -- (EuDisk)
DRV - [2009/04/22 14:28:08 | 00,008,704 | ---- | M] () -- C:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv)
DRV - [2009/04/22 14:28:06 | 00,003,072 | ---- | M] () -- C:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2008/04/13 15:45:30 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/13 13:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/11/16 11:55:00 | 00,165,496 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel®
DRV - [2007/09/20 10:36:16 | 00,040,488 | ---- | M] (Nero AG) -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)
DRV - [2007/09/20 10:36:06 | 00,125,864 | ---- | M] (Nero AG) -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2007/09/20 10:36:06 | 00,038,952 | ---- | M] (Nero AG) -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2006/10/22 12:22:00 | 03,994,624 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006/09/15 12:09:28 | 00,062,992 | ---- | M] (Raxco Software, Inc.) -- C:\WINDOWS\system32\drivers\DefragFs.sys -- (DefragFS)
DRV - [2005/04/29 11:38:52 | 00,393,984 | ---- | M] (Allume Systems) -- C:\WINDOWS\system32\DRIVERS\zmxpzip.sys -- (zmxpzip)
DRV - [2004/12/16 13:36:30 | 00,042,496 | ---- | M] (VIA Technologies, Inc.              ) -- C:\WINDOWS\system32\drivers\fetnd5bv.sys -- (FETND5BV)
DRV - [2003/07/15 16:00:00 | 00,578,368 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm)
DRV - [2003/07/02 04:42:00 | 00,027,904 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2002/09/16 17:14:32 | 00,004,228 | ---- | M] (PowerQuest Corporation) -- C:\WINDOWS\system32\drivers\PQNTDRV.sys -- (PQNTDrv)
DRV - [2002/07/24 13:52:26 | 00,998,004 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2002/07/19 10:48:32 | 00,156,604 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2002/07/19 10:48:22 | 00,213,860 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2002/07/19 10:48:08 | 00,011,068 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2002/07/19 10:48:04 | 00,195,432 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2002/07/19 10:47:52 | 00,837,548 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2002/07/19 10:46:28 | 00,127,948 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2002/04/01 14:15:00 | 00,004,816 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio)
DRV - [2001/08/31 10:37:58 | 00,036,992 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\sfman.sys -- (sfman) Creative SoundFont Manager Driver (WDM)
DRV - [2001/08/23 09:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2001/08/17 10:28:16 | 00,397,502 | ---- | M] (PCtel, Inc.) -- C:\WINDOWS\system32\DRIVERS\vpctcom.sys -- (Vpctcom)
DRV - [2001/08/17 10:28:16 | 00,064,605 | ---- | M] (PCtel, Inc.) -- C:\WINDOWS\system32\DRIVERS\vvoice.sys -- (Vvoice)
DRV - [2001/08/17 10:28:14 | 00,604,253 | ---- | M] (PCTEL, INC.) -- C:\WINDOWS\system32\DRIVERS\vmodem.sys -- (Vmodem)
DRV - [2001/08/17 10:28:14 | 00,112,574 | ---- | M] (PCTEL, INC.) -- C:\WINDOWS\system32\drivers\ptserlp.sys -- (Ptserlp)
DRV - [2001/08/17 09:19:20 | 00,003,712 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)
DRV - [2001/08/17 09:13:08 | 00,027,165 | ---- | M] (VIA Technologies, Inc.              ) -- C:\WINDOWS\system32\drivers\fetnd5.sys -- (FETNDIS)
DRV - [2001/08/17 09:11:06 | 00,066,591 | ---- | M] (3Com Corporation) -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)
DRV - [2001/08/14 12:17:52 | 00,775,296 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\emu10k1f.sys -- (emu10k) Creative SB Live! series(WDM)
DRV - [2001/07/11 08:34:52 | 00,006,912 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\ctlface.sys -- (emu10k1) Creative Interface Manager Driver (WDM)
DRV - [1999/12/17 01:00:00 | 00,006,752 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\PFMODNT.SYS -- (PfModNT)
DRV - [1997/04/22 10:16:00 | 00,006,272 | ---- | M] () -- C:\WINDOWS\system32\drivers\ASLM75.SYS -- (aslm75)
 
 
[color=\"#E56717\"]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=\"#E56717\"]========== Internet Explorer ==========[/color]
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 04 19 8B 4D 4D 5F CA 01  [binary data]
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=\"#E56717\"]========== FireFox ==========[/color]
 
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.10
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/06 08:46:28 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/28 21:53:19 | 00,000,000 | ---D | M]
 
[2009/10/24 17:05:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\jmal\Application Data\Mozilla\Extensions
[2009/12/07 23:00:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\jmal\Application Data\Mozilla\Firefox\Profiles\xjhel9yg.default\extensions
[2009/10/24 17:12:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\jmal\Application Data\Mozilla\Firefox\Profiles\xjhel9yg.default\extensions\[email protected]
[2009/12/08 22:37:24 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/07/31 13:06:48 | 01,654,784 | ---- | M] (LizardTech) -- C:\Program Files\Mozilla Firefox\plugins\npdjvu.dll
[2009/08/24 16:33:25 | 00,004,080 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\drae.xml
[2009/08/24 16:33:25 | 00,002,480 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mercadolibre-ar.xml
[2009/08/24 16:33:25 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-es.xml
[2009/08/24 16:33:25 | 00,000,838 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-ar.xml
 
O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CTNotify.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe (HP)
O4 - HKLM..\Run: [InCD] C:\Program Files\Nero\Nero8\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [Jet Detection] C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe ()
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SecurDisc] C:\Program Files\Nero\Nero8\InCD\NBHGui.exe (Nero AG)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [WINDVDPatch] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKCU..\Run: [HDDHealth] C:\Program Files\HDD Health\HDDHealth.exe (PANTERASoft)
O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = _ [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:  =
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Agregar entrada - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Agregar entrada en Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdat...b?1256388789062 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1256388777328 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/24 09:15:52 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (PDBoot.exe) - C:\WINDOWS\System32\PDBoot.exe (Raxco Software, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (OODBS) - C:\WINDOWS\System32\OODBS.exe (O&O Software GmbH)
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
 
[color=\"#E56717\"]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2009/12/08 22:40:06 | 00,536,576 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\jmal\Desktop\OTL.exe
[2009/12/07 20:21:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\jmal\DoctorWeb
[2009/12/05 20:26:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\jmal\My Documents\My Library
[2009/12/05 20:25:36 | 00,057,436 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\DASShp.dll
[2009/12/05 20:25:36 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Reader
[2009/12/03 19:09:20 | 00,000,000 | ---D | C] -- C:\Program Files\WinUHA
[2009/12/01 19:32:26 | 00,000,000 | ---D | C] -- C:\Winstar User
[2009/12/01 19:32:21 | 00,000,000 | ---D | C] -- C:\Winstar Tmp
[2009/12/01 19:32:17 | 00,000,000 | ---D | C] -- C:\Winstar Hits
[2009/12/01 19:32:13 | 00,000,000 | ---D | C] -- C:\Winstar Chartsdb
[2009/12/01 19:10:05 | 00,000,000 | ---D | C] -- C:\KEPWIN95
[2009/11/29 19:50:47 | 00,995,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MSAJT200.DLL
[2009/11/29 19:50:47 | 00,710,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MSAJT110.DLL
[2009/11/29 19:50:47 | 00,313,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\OLE2.DLL
[2009/11/29 19:50:47 | 00,286,720 | ---- | C] (Bits Per Second Ltd) -- C:\WINDOWS\System\GSW.EXE
[2009/11/29 19:50:47 | 00,147,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\OLE2NLS.DLL
[2009/11/29 19:50:47 | 00,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\COMPOBJ.DLL
[2009/11/29 19:50:47 | 00,098,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\OLE2DISP.DLL
[2009/11/29 19:50:47 | 00,095,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VBDB300.DLL
[2009/11/29 19:50:47 | 00,072,192 | ---- | C] (Bits Per Second Ltd) -- C:\WINDOWS\System\GSWDLL.DLL
[2009/11/29 19:50:47 | 00,070,800 | ---- | C] (Bits Per Second Ltd) -- C:\WINDOWS\System\GRAPH.VBX
[2009/11/29 19:50:47 | 00,045,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\GRID.VBX
[2009/11/29 19:50:47 | 00,033,280 | ---- | C] (Microsoft Corp.) -- C:\WINDOWS\System\MSAES110.DLL
[2009/11/29 19:50:47 | 00,017,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MSAJT112.DLL
[2009/11/29 19:50:47 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VBOA300.DLL
[2009/11/29 19:49:58 | 00,000,000 | ---D | C] -- C:\WINSTAR
[2009/11/29 19:49:58 | 00,000,000 | ---D | C] -- C:\TMATLAS
[2009/11/29 19:49:50 | 00,398,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VBRUN300.DLL
[2009/11/29 18:51:38 | 00,000,000 | ---D | C] -- C:\KEPDBASE
[2009/11/28 21:53:17 | 00,000,000 | ---D | C] -- C:\Program Files\LizardTech
[2009/11/28 19:28:08 | 00,000,000 | ---D | C] -- C:\Program Files\Q-Dir
[2009/11/26 17:59:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\jmal\My Documents\My Burnt CDs
[2009/11/26 17:46:08 | 00,000,000 | ---D | C] -- C:\MyBootCD
[2009/11/26 01:59:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\jmal\Application Data\DivX
[2009/11/26 01:55:11 | 00,120,056 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpyi64.exe
[2009/11/26 01:55:11 | 00,118,520 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsi64.exe
[2009/11/26 01:55:11 | 00,066,296 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpya64.exe
[2009/11/26 01:55:11 | 00,064,760 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsa64.exe
[2009/11/26 01:55:11 | 00,043,528 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\PxHelp20.sys
[2009/11/26 01:55:11 | 00,009,464 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys
[2009/11/26 01:55:11 | 00,009,336 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys
[2009/11/26 01:55:10 | 01,628,920 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxsfs.dll
[2009/11/26 01:55:10 | 00,551,672 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\px.dll
[2009/11/26 01:55:10 | 00,518,904 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxdrv.dll
[2009/11/26 01:55:10 | 00,379,640 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxwave.dll
[2009/11/26 01:55:10 | 00,187,128 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxmas.dll
[2009/11/26 01:55:10 | 00,129,784 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxafs.dll
[2009/11/26 01:55:10 | 00,088,824 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\vxblock.dll
[2009/11/26 01:55:10 | 00,072,440 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxhpinst.exe
[2009/11/26 01:54:39 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2009/11/26 01:54:39 | 00,000,000 | ---D | C] -- C:\Program Files\DivX
[2009/11/26 01:43:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2009/11/26 01:40:31 | 00,000,000 | ---D | C] -- C:\Program Files\SlySoft
[2009/11/24 10:21:50 | 01,885,464 | ---- | C] (Acronis) -- C:\WINDOWS\System32\AutoPartNt.exe
[2009/11/20 21:36:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2009/11/20 11:08:36 | 00,000,000 | ---D | C] -- C:\Program Files\Passware
[2009/11/19 19:22:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2009/11/19 19:22:09 | 00,441,760 | ---- | C] (Acronis) -- C:\WINDOWS\System32\drivers\timntr.sys
[2009/11/19 19:22:09 | 00,044,384 | ---- | C] (Acronis) -- C:\WINDOWS\System32\drivers\tifsfilt.sys
[2009/11/19 19:21:59 | 00,132,480 | ---- | C] (Acronis) -- C:\WINDOWS\System32\drivers\snapman.sys
[2009/11/19 19:21:44 | 00,368,480 | ---- | C] (Acronis) -- C:\WINDOWS\System32\drivers\tdrpman.sys
[2009/11/19 19:21:17 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Acronis
[2009/11/19 19:21:14 | 00,000,000 | ---D | C] -- C:\Program Files\Acronis
[2009/11/19 14:46:18 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2009/11/19 00:32:18 | 00,020,616 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\WINDOWS\System32\drivers\eufs.sys
[2009/11/19 00:32:05 | 00,014,216 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\WINDOWS\System32\drivers\eudskacs.sys
[2009/11/19 00:32:04 | 00,026,120 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\WINDOWS\System32\drivers\eubakup.sys
[2009/11/19 00:32:01 | 00,122,504 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\WINDOWS\System32\drivers\EuDisk.sys
[2009/11/18 15:22:25 | 00,000,000 | ---D | C] -- C:\Program Files\EASEUS
[2009/11/17 23:44:44 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{D2A6A317-7450-472F-8C72-17783BD2E5E3}
[2009/11/17 23:44:43 | 00,000,000 | ---D | C] -- C:\Program Files\Viewer
[2009/11/15 22:18:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\jmal\Application Data\Media Player Classic
[2009/11/15 22:06:38 | 00,000,000 | ---D | C] -- C:\Program Files\XP Codec Pack
[2009/11/14 18:31:16 | 00,000,000 | ---D | C] -- C:\Program Files\Free Screen Video Capture by Topviewsoft
[2009/11/13 21:47:32 | 00,090,112 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\dpl100.dll
[2009/11/13 21:47:28 | 00,856,064 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx0c.dll
[2009/11/13 21:47:28 | 00,856,064 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx07.dll
[2009/11/13 21:47:28 | 00,847,872 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx0a.dll
[2009/11/13 21:47:28 | 00,843,776 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx16.dll
[2009/11/13 21:47:28 | 00,839,680 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx11.dll
[2009/11/13 21:47:28 | 00,696,320 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\DivX.dll
[2009/11/13 16:01:05 | 00,000,000 | ---D | C] -- C:\Program Files\Intel
[2009/11/13 16:00:48 | 00,256,712 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\PROUnstl.exe
[2009/11/13 11:23:41 | 01,285,632 | ---- | C] (Analog Devices) -- C:\WINDOWS\System32\SMMedia.dll
[2009/11/13 11:23:41 | 00,030,208 | ---- | C] (Analog Devices Inc.) -- C:\WINDOWS\System32\wdmioctl.dll
[2009/11/13 11:23:41 | 00,004,816 | ---- | C] (Andrea Electronics Corporation) -- C:\WINDOWS\System32\drivers\aeaudio.sys
[2009/11/13 11:23:41 | 00,003,744 | ---- | C] (Analog Devices, Inc.) -- C:\WINDOWS\System32\drivers\smsens.sys
[2009/11/13 11:23:40 | 00,978,944 | ---- | C] (Analog Devices, Inc.) -- C:\WINDOWS\SynthCoreA.Dll
[2009/11/13 11:23:40 | 00,380,928 | ---- | C] (Analog Devices, Inc.) -- C:\WINDOWS\SynCor.exe
[2009/11/13 11:23:39 | 00,991,232 | ---- | C] (Sensaura) -- C:\WINDOWS\System32\virtear.dll
[2009/11/13 11:23:39 | 00,765,952 | ---- | C] (Sensaura Ltd) -- C:\WINDOWS\System\crlds3d.dll
[2009/11/13 11:23:39 | 00,720,896 | ---- | C] (Sensaura Ltd) -- C:\WINDOWS\System32\Audio3d.dll
[2009/11/13 11:23:39 | 00,578,368 | ---- | C] (Analog Devices, Inc.) -- C:\WINDOWS\System32\drivers\smwdm.sys
[2009/11/13 11:23:39 | 00,049,152 | ---- | C] (SoundMAX) -- C:\WINDOWS\System32\S11thk32.dll
[2009/11/13 11:23:39 | 00,045,056 | ---- | C] (Analog Devices, Inc.) -- C:\WINDOWS\System32\SynthCore11Resources.dll
[2009/11/13 11:23:39 | 00,040,820 | ---- | C] (SoundMAX) -- C:\WINDOWS\System32\Syncor11.dll
[2009/11/13 11:23:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\VirtualEar
[2009/11/13 11:23:38 | 00,049,152 | ---- | C] (Analog Devices Inc.) -- C:\WINDOWS\System32\DSndUp.exe
[2009/11/13 11:23:38 | 00,045,056 | ---- | C] (adi) -- C:\WINDOWS\System32\CleanUp.exe
[2009/11/13 11:23:38 | 00,000,000 | ---D | C] -- C:\Program Files\Analog Devices
[2009/11/13 10:04:14 | 00,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2009/11/13 10:04:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\jmal\Application Data\Uniblue
[2009/11/13 10:04:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2009/11/13 10:03:21 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}
[2009/11/13 08:52:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\jmal\My Documents\Clarinadas_files
[2009/11/12 09:17:55 | 00,184,386 | ---- | C] (HP) -- C:\WINDOWS\System32\hpzsnt07.dll
[2009/11/11 12:37:03 | 00,266,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TweakUI.exe
[2009/11/11 11:59:53 | 00,000,000 | ---D | C] -- C:\Program Files\Gravity
[2009/11/11 11:09:58 | 00,025,600 | R--- | C] (Gibson Research Corp.) -- C:\WINDOWS\LeakTest.exe
[2009/11/10 22:43:02 | 00,000,000 | ---D | C] -- C:\Program Files\IrfanView
[2009/11/10 22:43:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\jmal\Application Data\IrfanView
[2009/11/09 13:56:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\jmal\Application Data\Real
[2009/11/09 11:57:28 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\COWON
[2009/11/09 11:57:26 | 00,000,000 | ---D | C] -- C:\Program Files\JetAudio
[2009/11/09 11:54:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\jmal\Application Data\InstallShield
[2009/11/09 02:19:02 | 00,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2004/11/24 15:25:52 | 00,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
[color=\"#E56717\"]========== Files - Modified Within 30 Days ==========[/color]
 
[2009/12/08 22:43:36 | 00,010,217 | ---- | M] () -- C:\WINDOWS\Q-Dir.ini
[2009/12/08 22:40:09 | 00,536,576 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jmal\Desktop\OTL.exe
[2009/12/08 22:29:28 | 03,374,149 | ---- | M] () -- C:\WINDOWS\{00000000-00000000-0000000D-00001102-00000002-80611102}.CDF
[2009/12/08 22:29:28 | 03,374,149 | ---- | M] () -- C:\WINDOWS\{00000000-00000000-0000000D-00001102-00000002-80611102}.BAK
[2009/12/08 22:29:21 | 00,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/12/08 22:29:12 | 00,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2009/12/08 22:26:48 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/08 22:26:43 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/08 22:26:39 | 10,733,19936 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/08 22:25:55 | 00,024,888 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000000-00000000-0000000D-00001102-00000002-80611102}.rfx
[2009/12/08 22:25:55 | 00,024,888 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000000-00000000-0000000D-00001102-00000002-80611102}.rfx
[2009/12/08 22:25:55 | 00,016,420 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000000-00000000-0000000D-00001102-00000002-80611102}.rfx
[2009/12/08 22:25:55 | 00,016,420 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000000-00000000-0000000D-00001102-00000002-80611102}.rfx
[2009/12/08 22:25:55 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2009/12/08 22:25:55 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2009/12/08 22:25:55 | 00,000,024 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000000-00000000-0000000D-00001102-00000002-80611102}.dat
[2009/12/08 22:25:55 | 00,000,024 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000000-00000000-0000000D-00001102-00000002-80611102}.dat
[2009/12/08 22:25:32 | 05,242,880 | ---- | M] () -- C:\Documents and Settings\jmal\NTUSER.DAT
[2009/12/08 22:25:32 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\jmal\ntuser.ini
[2009/12/08 17:14:10 | 00,002,515 | ---- | M] () -- C:\Documents and Settings\jmal\Desktop\MS Word 2007.lnk
[2009/12/08 15:51:41 | 46,359,526 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/12/08 15:51:12 | 00,116,698 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/12/07 22:23:57 | 00,002,521 | ---- | M] () -- C:\Documents and Settings\jmal\Desktop\MS Outlook 2007.lnk
[2009/12/06 19:27:54 | 00,000,523 | ---- | M] () -- C:\hpfr3320.xml
[2009/12/06 17:29:55 | 00,074,944 | ---- | M] () -- C:\Documents and Settings\jmal\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/12/06 17:22:06 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/06 17:21:59 | 00,296,456 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/12/05 20:26:20 | 00,001,564 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Reader.lnk
[2009/12/03 19:26:26 | 00,000,630 | ---- | M] () -- C:\Documents and Settings\jmal\Desktop\µTorrent.lnk
[2009/12/03 19:15:15 | 00,000,630 | ---- | M] () -- C:\Documents and Settings\jmal\Desktop\Passprom.lnk
[2009/12/03 19:09:25 | 00,000,618 | ---- | M] () -- C:\Documents and Settings\jmal\Desktop\WinUHA.lnk
[2009/12/02 00:54:00 | 00,000,026 | ---- | M] () -- C:\WINDOWS\passprom.ini
[2009/12/01 18:26:09 | 00,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2009/11/29 19:51:45 | 00,000,530 | ---- | M] () -- C:\Documents and Settings\jmal\Desktop\Win_Star.lnk
[2009/11/29 19:37:11 | 00,000,064 | ---- | M] () -- C:\Documents and Settings\jmal\default.pls
[2009/11/29 19:37:07 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/11/29 12:22:41 | 00,000,040 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2009/11/28 19:28:09 | 00,001,504 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Q-Dir.lnk
[2009/11/27 23:46:43 | 00,001,519 | ---- | M] () -- C:\Documents and Settings\jmal\Desktop\Notepad.lnk
[2009/11/26 01:55:17 | 00,000,807 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Player.lnk
[2009/11/26 01:55:09 | 00,000,843 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Converter.lnk
[2009/11/26 01:54:39 | 00,001,478 | ---- | M] () -- C:\Documents and Settings\jmal\Desktop\DivX Movies.lnk
[2009/11/25 14:35:31 | 00,005,120 | ---- | M] () -- C:\Documents and Settings\jmal\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/24 23:25:00 | 00,001,322 | ---- | M] () -- C:\Documents and Settings\jmal\Desktop\Apagar el monitor.lnk
[2009/11/24 20:25:10 | 00,001,487 | ---- | M] () -- C:\Documents and Settings\jmal\Desktop\Windows Explorer.lnk
[2009/11/24 20:06:07 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/11/24 13:06:57 | 00,001,123 | RH-- | M] () -- C:\WINDOWS\EPMBatch.ept
[2009/11/24 10:23:08 | 00,001,024 | ---- | M] () -- C:\WINDOWS\System32\AutoPartNt.let
[2009/11/24 10:21:50 | 01,885,464 | ---- | M] (Acronis) -- C:\WINDOWS\System32\AutoPartNt.exe
[2009/11/20 23:37:32 | 00,002,256 | ---- | M] () -- C:\Documents and Settings\jmal\Desktop\Nero BackItUp.lnk
[2009/11/20 23:36:56 | 00,002,249 | ---- | M] () -- C:\Documents and Settings\jmal\Desktop\Nero Burning ROM.lnk
[2009/11/20 17:14:05 | 00,000,109 | ---- | M] () -- C:\WINDOWS\oodcnt.INI
[2009/11/20 11:25:50 | 08,916,992 | ---- | M] () -- C:\Documents and Settings\jmal\My Documents\WindowsKey.iso
[2009/11/19 19:22:09 | 00,441,760 | ---- | M] (Acronis) -- C:\WINDOWS\System32\drivers\timntr.sys
[2009/11/19 19:22:09 | 00,044,384 | ---- | M] (Acronis) -- C:\WINDOWS\System32\drivers\tifsfilt.sys
[2009/11/19 19:21:59 | 00,132,480 | ---- | M] (Acronis) -- C:\WINDOWS\System32\drivers\snapman.sys
[2009/11/19 19:21:44 | 00,368,480 | ---- | M] (Acronis) -- C:\WINDOWS\System32\drivers\tdrpman.sys
[2009/11/19 19:21:44 | 00,000,824 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Acronis True Image WD Edition.lnk
[2009/11/19 01:56:29 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\jmal\Format
[2009/11/19 00:33:20 | 00,456,304 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/19 00:33:20 | 00,075,210 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/19 00:33:19 | 00,542,182 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/19 00:32:03 | 00,000,931 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\EASEUS Todo Backup 1.0.lnk
[2009/11/18 15:22:42 | 00,002,009 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\EASEUS Partition Master 4.0 Server Edition.lnk
[2009/11/17 23:44:43 | 00,000,658 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\File viewer.lnk
[2009/11/16 03:44:20 | 03,294,182 | -H-- | M] () -- C:\Documents and Settings\jmal\Local Settings\Application Data\IconCache.db
[2009/11/15 22:06:53 | 00,000,755 | ---- | M] () -- C:\Documents and Settings\jmal\Desktop\Media Player Classic.lnk
[2009/11/15 18:48:57 | 00,115,817 | ---- | M] () -- C:\Documents and Settings\jmal\My Documents\Break_thew_News_to_Mother_American_Songs_XIXthCry_2.jpg
[2009/11/15 18:47:54 | 00,117,523 | ---- | M] () -- C:\Documents and Settings\jmal\My Documents\Break_thew_News_to_Mother_American_Songs_XIXthCry.jpg
[2009/11/14 18:31:27 | 00,000,810 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Free Screen Video Capture by Topviewsoft.lnk
[2009/11/14 17:58:13 | 00,010,322 | ---- | M] () -- C:\Documents and Settings\jmal\My Documents\CominThru.jpg
[2009/11/13 21:49:00 | 01,628,920 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\pxsfs.dll
[2009/11/13 21:49:00 | 00,551,672 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\px.dll
[2009/11/13 21:49:00 | 00,518,904 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\pxdrv.dll
[2009/11/13 21:49:00 | 00,379,640 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\pxwave.dll
[2009/11/13 21:49:00 | 00,187,128 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\pxmas.dll
[2009/11/13 21:49:00 | 00,129,784 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\pxafs.dll
[2009/11/13 21:49:00 | 00,120,056 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpyi64.exe
[2009/11/13 21:49:00 | 00,118,520 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsi64.exe
[2009/11/13 21:49:00 | 00,088,824 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\vxblock.dll
[2009/11/13 21:49:00 | 00,072,440 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\pxhpinst.exe
[2009/11/13 21:49:00 | 00,066,296 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpya64.exe
[2009/11/13 21:49:00 | 00,064,760 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsa64.exe
[2009/11/13 21:49:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\PxHelp20.sys
[2009/11/13 21:49:00 | 00,009,464 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys
[2009/11/13 21:49:00 | 00,009,336 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys
[2009/11/13 21:47:32 | 00,090,112 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\dpl100.dll
[2009/11/13 21:47:28 | 00,856,064 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx0c.dll
[2009/11/13 21:47:28 | 00,856,064 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx07.dll
[2009/11/13 21:47:28 | 00,847,872 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx0a.dll
[2009/11/13 21:47:28 | 00,843,776 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx16.dll
[2009/11/13 21:47:28 | 00,839,680 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx11.dll
[2009/11/13 21:47:28 | 00,696,320 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\DivX.dll
[2009/11/13 11:23:38 | 00,000,044 | ---- | M] () -- C:\WINDOWS\System32\msssc.dll
[2009/11/13 10:04:18 | 00,000,842 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DriverScanner.lnk
[2009/11/13 08:52:29 | 00,024,733 | ---- | M] () -- C:\Documents and Settings\jmal\My Documents\Clarinadas.htm
[2009/11/12 23:42:38 | 00,013,720 | ---- | M] () -- C:\Documents and Settings\jmal\My Documents\Mirlo común.docx
[2009/11/12 09:18:18 | 00,000,800 | ---- | M] () -- C:\WINDOWS\hpinfo.lnk
[2009/11/12 08:53:33 | 00,000,000 | ---- | M] () -- C:\temp.html
[2009/11/11 12:37:03 | 00,000,501 | ---- | M] () -- C:\Documents and Settings\jmal\Desktop\Tweak UI.lnk
[2009/11/11 12:20:28 | 00,000,628 | ---- | M] () -- C:\Documents and Settings\jmal\Desktop\Gravity.lnk
[2009/11/11 11:09:58 | 00,025,600 | R--- | M] (Gibson Research Corp.) -- C:\WINDOWS\LeakTest.exe
[2009/11/11 09:56:28 | 00,038,912 | ---- | M] () -- C:\WINDOWS\wizmo.exe
[2009/11/10 22:43:23 | 00,001,565 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\IrfanView Thumbnails.lnk
[2009/11/10 22:43:23 | 00,000,685 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\IrfanView.lnk
[2009/11/10 09:51:01 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/11/09 11:57:49 | 00,001,496 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\COWON Media Center - jetAudio.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
[color=\"#E56717\"]========== Files Created - No Company Name ==========[/color]
 
[2009/12/05 20:26:20 | 00,001,564 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Reader.lnk
[2009/12/03 19:26:26 | 00,000,630 | ---- | C] () -- C:\Documents and Settings\jmal\Desktop\µTorrent.lnk
[2009/12/03 19:09:25 | 00,000,618 | ---- | C] () -- C:\Documents and Settings\jmal\Desktop\WinUHA.lnk
[2009/11/29 19:51:45 | 00,000,530 | ---- | C] () -- C:\Documents and Settings\jmal\Desktop\Win_Star.lnk
[2009/11/29 19:51:07 | 00,052,116 | ---- | C] () -- C:\WINDOWS\System\ASTROMTX.TTF
[2009/11/29 19:51:07 | 00,048,887 | ---- | C] () -- C:\WINDOWS\System\WSTARTT.TTF
[2009/11/29 19:51:07 | 00,046,656 | ---- | C] () -- C:\WINDOWS\System\!ASMASTR.TTF
[2009/11/29 19:50:47 | 00,157,184 | ---- | C] () -- C:\WINDOWS\System\STORAGE.DLL
[2009/11/29 19:49:50 | 00,070,978 | ---- | C] () -- C:\WINDOWS\WPLUSCD.EXE
[2009/11/29 19:49:50 | 00,007,008 | ---- | C] () -- C:\WINDOWS\System\SETUPKIT.DLL
[2009/11/29 19:41:59 | 00,013,030 | ---- | C] () -- C:\PDOXUSRS.NET
[2009/11/28 19:28:08 | 00,001,504 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Q-Dir.lnk
[2009/11/26 01:55:17 | 00,000,807 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Player.lnk
[2009/11/26 01:55:09 | 00,000,843 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Converter.lnk
[2009/11/26 01:54:39 | 00,001,478 | ---- | C] () -- C:\Documents and Settings\jmal\Desktop\DivX Movies.lnk
[2009/11/26 01:43:28 | 00,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2009/11/25 06:55:33 | 00,005,120 | ---- | C] () -- C:\Documents and Settings\jmal\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/24 12:52:49 | 10,733,19936 | -HS- | C] () -- C:\hiberfil.sys
[2009/11/24 10:21:50 | 00,001,024 | ---- | C] () -- C:\WINDOWS\System32\AutoPartNt.let
[2009/11/20 23:37:32 | 00,002,256 | ---- | C] () -- C:\Documents and Settings\jmal\Desktop\Nero BackItUp.lnk
[2009/11/20 23:36:56 | 00,002,249 | ---- | C] () -- C:\Documents and Settings\jmal\Desktop\Nero Burning ROM.lnk
[2009/11/20 18:20:44 | 00,001,123 | RH-- | C] () -- C:\WINDOWS\EPMBatch.ept
[2009/11/20 11:25:38 | 08,916,992 | ---- | C] () -- C:\Documents and Settings\jmal\My Documents\WindowsKey.iso
[2009/11/19 19:21:44 | 00,000,824 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Acronis True Image WD Edition.lnk
[2009/11/19 01:55:36 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\jmal\Format
[2009/11/19 00:32:03 | 00,000,931 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\EASEUS Todo Backup 1.0.lnk
[2009/11/18 15:22:42 | 00,014,848 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2009/11/18 15:22:42 | 00,002,009 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\EASEUS Partition Master 4.0 Server Edition.lnk
[2009/11/18 15:22:41 | 01,663,488 | ---- | C] () -- C:\WINDOWS\System32\BootMan.exe
[2009/11/18 15:22:41 | 00,086,408 | ---- | C] () -- C:\WINDOWS\System32\setupempdrv03.exe
[2009/11/18 15:22:41 | 00,008,704 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2009/11/18 15:22:41 | 00,003,072 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2009/11/17 23:44:43 | 00,000,658 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\File viewer.lnk
[2009/11/15 22:06:53 | 00,000,755 | ---- | C] () -- C:\Documents and Settings\jmal\Desktop\Media Player Classic.lnk
[2009/11/15 22:06:51 | 00,421,888 | ---- | C] () -- C:\WINDOWS\System32\ac3filter.acm
[2009/11/15 18:48:57 | 00,115,817 | ---- | C] () -- C:\Documents and Settings\jmal\My Documents\Break_thew_News_to_Mother_American_Songs_XIXthCry_2.jpg
[2009/11/15 18:47:54 | 00,117,523 | ---- | C] () -- C:\Documents and Settings\jmal\My Documents\Break_thew_News_to_Mother_American_Songs_XIXthCry.jpg
[2009/11/14 18:31:27 | 00,000,810 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Free Screen Video Capture by Topviewsoft.lnk
[2009/11/14 17:53:09 | 00,010,322 | ---- | C] () -- C:\Documents and Settings\jmal\My Documents\CominThru.jpg
[2009/11/13 16:00:48 | 00,001,904 | ---- | C] () -- C:\WINDOWS\System32\SetupBD.din
[2009/11/13 11:23:38 | 00,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2009/11/13 10:04:18 | 00,000,842 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DriverScanner.lnk
[2009/11/13 08:52:28 | 00,024,733 | ---- | C] () -- C:\Documents and Settings\jmal\My Documents\Clarinadas.htm
[2009/11/12 23:42:38 | 00,013,720 | ---- | C] () -- C:\Documents and Settings\jmal\My Documents\Mirlo común.docx
[2009/11/12 10:07:09 | 00,000,523 | ---- | C] () -- C:\hpfr3320.xml
[2009/11/12 08:53:33 | 00,000,000 | ---- | C] () -- C:\temp.html
[2009/11/11 12:37:03 | 00,160,217 | ---- | C] () -- C:\WINDOWS\System32\PowerToysLicense.rtf
[2009/11/11 12:37:03 | 00,000,501 | ---- | C] () -- C:\Documents and Settings\jmal\Desktop\Tweak UI.lnk
[2009/11/11 12:20:28 | 00,000,628 | ---- | C] () -- C:\Documents and Settings\jmal\Desktop\Gravity.lnk
[2009/11/11 10:53:24 | 00,001,322 | ---- | C] () -- C:\Documents and Settings\jmal\Desktop\Apagar el monitor.lnk
[2009/11/11 10:52:17 | 00,038,912 | ---- | C] () -- C:\WINDOWS\wizmo.exe
[2009/11/10 22:43:23 | 00,001,565 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\IrfanView Thumbnails.lnk
[2009/11/10 22:43:23 | 00,000,685 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\IrfanView.lnk
[2009/11/09 11:57:49 | 00,001,496 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\COWON Media Center - jetAudio.lnk
[2009/11/02 22:41:35 | 11,808,768 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sandra.mda
[2009/11/01 21:27:40 | 00,000,754 | ---- | C] () -- C:\WIND
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Is it or Isn't it?
« Reply #3 on: December 08, 2009, 11:22:27 PM »
Let's do the following please
Download [color=\"#0000FF\"]TFC[/color][/b] by OldTimer to your desktop.
Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
       
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job.

Once its finished it should automatically reboot your machine, if it doesn't, manually reboot to ensure a complete clean

Download Malwarebytes' Anti-Malware from Here or Here
Save the installer to desktop

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
       
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
       
  • Make sure that everything is checked, and click Remove Selected.
        * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
       
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
« Last Edit: December 08, 2009, 11:23:14 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Bertran

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Is it or Isn't it?
« Reply #4 on: December 10, 2009, 06:18:17 PM »
I did as you suggested (by the way leaving the machine working overnight, since Malware Bytes' program is thorough but S-L-O-W) and nothing earth-shattering turned up: a "rogue installer" in the Hardcopy program and a Backdoor IrcBot where it was most likely to appear. No registry entries were affected since neither program had been installed.

The important thing to me is that my surmise as regards the SRunners.vbs was confirmed: it is not malware.

Thank you very much for your kind help! http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\':D\' />

[quote name=\'guestolo\' post=\'466752\' date=\'Dec 9 2009, 01:22 AM\']Let's do the following please
Download [color=\"#0000ff\"]TFC[/color][/b] by OldTimer to your desktop.
Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job.

Once its finished it should automatically reboot your machine, if it doesn't, manually reboot to ensure a complete clean

Download Malwarebytes' Anti-Malware from Here or Here
Save the installer to desktop

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
        * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.[/quote]
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Is it or Isn't it?
« Reply #5 on: December 10, 2009, 07:27:02 PM »
sorry, I meant for you to run the Quick scan from MalwareBytes
There was no need for the full scan
You didn't post the log from Malwarebytes?
Can you open Malwarebytes and click on the Logs tab, open the log and post the contents back here

Is srunner.vbs still around? It may not be after running TFC.exe
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Pages: [1]
« previous next »