Log in

1wiseguy · 1 Computer infected with Packed.Delf.Crypt. on Mon Jan 11, 2010 2:47 am

1wiseguy

Member
Member

It was recommended to me to download HijackThis and post the log file here to see if you can help me remove this malware.
AVG 8.5 is able to detect it but is unable to remove it. When I select remove all infected files, the program locks up the computer and I have to reboot it.

So here is my log file and any help you can offer is greatly appreciated.
-------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:31:39 PM, on 1/10/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\16.0.0.125\InstStub.exe
C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\NewSoft\Presto! PageManager 8 for EP\PMSpeed.exe
C:\Program Files (x86)\Toshiba\TOSHIBA WUSB\WQ_Tray2.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\Toshiba\Utilities\KeNotify.exe
C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe
C:\Program Files (x86)\AVG\AVG8\avgtray.exe
C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe
C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
C:\Program Files (x86)\AVG\AVG8\avgui.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\IPSBHO.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\coIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [cfFncEnabler.exe] cfFncEnabler.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] "C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" SVPwUTIL
O4 - HKLM\..\Run: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe"
O4 - HKLM\..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60
O4 - HKLM\..\Run: [PCMAgent] "C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe"
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~2\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Carbonite Backup] "C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
O4 - HKLM\..\Run: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] "C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"
O4 - HKLM\..\Run: [LTCM Client] "C:\Program Files (x86)\LTCM Client\ltcmClient.exe" /startup
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\ApcMain.exe -m
O4 - HKCU\..\Run: [EPSON WorkForce 610 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFJA.EXE /FU "C:\Windows\TEMP\E_S68C3.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [WorkForce 610(Network)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFJA.EXE /FU "C:\Windows\TEMP\E_SFC99.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [PMSpeed] C:\Program Files (x86)\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: YPOPs.lnk = ?
O4 - Global Startup: Wireless USB Manager.lnk = C:\Program Files (x86)\Toshiba\TOSHIBA WUSB\WQ_Tray2.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files (x86)\Carbonite\Carbonite Backup\carboniteservice.exe
O23 - Service: ConfigFree Gadget Service - TOSHIBA Corporation. - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: SpyHunter3 Service - Enigma Software Group, Inc. - C:\Program Files (x86)\Enigma Software Group\SpyHunter\SHService.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~2\COMMON~1\X10\Common\x10nets.exe

--
End of file - 14206 bytes

DragonMaster Jay · 2 Re: Computer infected with Packed.Delf.Crypt. on Mon Jan 11, 2010 3:13 am

DragonMaster Jay

Site Owner

Please download Malwarebytes Anti-Malware from here.
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

1wiseguy · 3 Re: Computer infected with Packed.Delf.Crypt. on Mon Jan 11, 2010 11:53 am

1wiseguy

Member
Member

Thanks for the help! I'm going to learn how to fight these SOB's and as soon as I do I'm going to join you folks and pay it forward.

Here is the log after I removed all the infections.

Point of note: I ran the anti-Malware program again and while the log says there are no infections, AVG window kept popping up saying that there are multi=incidents of the Packed.DelfCrypt infections. Just FYI...

Malwarebytes' Anti-Malware 1.44
Database version: 3539
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18865

1/11/2010 8:45:32 AM
mbam-log-2010-01-11 (08-45-32).txt

Scan type: Full Scan (C:\|)
Objects scanned: 297548
Time elapsed: 1 hour(s), 31 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
-----------------------------------------------------------------
What should I do next? The log is clear but AVG says there are still infections.

regards,

John

John

DragonMaster Jay · 4 Re: Computer infected with Packed.Delf.Crypt. on Mon Jan 11, 2010 4:13 pm

DragonMaster Jay

Site Owner

If you would like to join us or GeekPolice.net in the fight against malware, we offer a free program. I have just updated this thread with the details about it: http://www.helpmyos.com/malware-threat-removal-f6/do-you-want-to-learn-how-to-fight-malware-t1296.htm

===

Please run a free online scan with the ESET Online Scanner

Tick the box next to YES, I accept the Terms of Use
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats and the option Scan unwanted applications is checked
Click Scan (This scan can take several hours, so please be patient)
Once the scan is completed, you may close the window
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

1wiseguy · 5 Re: Computer infected with Packed.Delf.Crypt. on Tue Jan 12, 2010 12:43 am

1wiseguy

Member
Member

Thanks again.

Here is the logfile you requested. I still have Packed.DelfCrypt virus.

ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=94e7866f3bbf3848bb37707716ee8c9a
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-01-12 05:40:04
# local_time=2010-01-11 09:40:04 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777215 100 0 11792888 11792888 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=3588 16777213 100 93 30278205 30278209 0 0
# compatibility_mode=5892 16776573 100 56 0 99868309 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=184464
# found=0
# cleaned=0
# scan_time=5202

DragonMaster Jay · 6 Re: Computer infected with Packed.Delf.Crypt. on Tue Jan 12, 2010 1:21 am

DragonMaster Jay

Site Owner

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Under the Custom Scan box paste this in

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%systemroot%\*. /mp /s
c:\$recycle.bin\*.* /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
nvstor32.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
explorer.exe
svchost.exe
userinit.exe
qmgr.dll
ws2_32.dll
proquota.exe
imm32.dll
kernel32.dll
ndis.sys
autochk.exe
spoolsv.exe
xmlprov.dll
ntmssvc.dll
mswsock.dll
Beep.SYS
ntfs.sys
termsrv.dll
sfcfiles.dll
st3shark.sys
ahcix86.sys
srsvc.dll
nvrd32.sys
/md5stop
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time

1wiseguy · 7 Re: Computer infected with Packed.Delf.Crypt. on Tue Jan 12, 2010 9:47 am

1wiseguy

Member
Member

I am unable to post the OTL.txt or the Extras.txt files here. I keep getting "the posted message is too big" error. even if I try to post them seperately.... So I have parsed the OTL.txt file in 6 parts.

Last edited by 1wiseguy on Tue Jan 12, 2010 10:28 am; edited 1 time in total

1wiseguy · 8 OTL.txt report part 1 on Tue Jan 12, 2010 9:51 am

1wiseguy

Member
Member

OTL logfile created on: 1/12/2010 5:25:54 AM - Run 1
OTL by OldTimer - Version 3.1.24.0 Folder = C:\Users\John\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 35.00% Memory free
8.00 Gb Paging File | 5.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.88 Gb Total Space | 34.77 Gb Free Space | 12.16% Space Free | Partition Type: NTFS
Drive D: | 688.58 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JOHN-LAPTOP
Current User Name: John
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - File not found -- C:\Windows\SysWow64\spool\drivers\x64\3\WrtProc.exe
PRC - File not found -- C:\Windows\SysWow64\spool\drivers\x64\3\WrtMon.exe
PRC - [2010/01/12 05:20:46 | 00,544,256 | ---- | M] (OldTimer Tools) -- C:\Users\John\Downloads\OTL.exe
PRC - [2010/01/06 07:02:26 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2009/12/10 09:05:35 | 02,043,160 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgtray.exe
PRC - [2009/11/10 10:28:08 | 00,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2009/10/10 12:32:18 | 00,305,664 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2009/10/10 12:32:18 | 00,203,264 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2009/09/28 08:42:50 | 00,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/08/18 08:25:41 | 00,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgcsrvx.exe
PRC - [2009/08/18 08:25:31 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe
PRC - [2009/08/18 08:25:29 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgemc.exe
PRC - [2009/08/18 08:25:29 | 00,832,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgam.exe
PRC - [2009/07/28 20:49:24 | 01,984,656 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) -- C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteService.exe
PRC - [2009/07/28 20:49:22 | 00,671,376 | R--- | M] (Carbonite, Inc.) -- C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
PRC - [2009/04/10 17:54:28 | 00,200,704 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe
PRC - [2009/04/10 17:54:22 | 00,143,360 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe
PRC - [2009/04/07 08:13:10 | 00,673,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2009/02/05 23:00:00 | 00,843,776 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
PRC - [2009/01/15 18:37:41 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/01/15 18:36:37 | 00,115,560 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
PRC - [2009/01/15 18:35:34 | 00,968,232 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\16.0.0.125\InstStub.exe
PRC - [2008/12/09 08:32:06 | 00,055,120 | ---- | M] (NewSoft Technology Corporation) -- C:\Program Files (x86)\NewSoft\Presto! PageManager 8 for EP\PMSpeed.exe
PRC - [2008/11/14 19:20:02 | 00,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/05/02 09:41:28 | 01,846,328 | ---- | M] (WiQuest Communications, Inc.) -- C:\Program Files (x86)\Toshiba\TOSHIBA WUSB\WQ_Tray2.exe
PRC - [2008/04/17 00:21:24 | 01,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe
PRC - [2008/04/17 00:19:48 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2008/04/17 00:19:16 | 00,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
PRC - [2008/04/03 21:01:28 | 00,036,864 | ---- | M] (TOSHIBA Corporation.) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe
PRC - [2008/01/23 13:48:04 | 00,376,832 | ---- | M] (Enigma Software Group, Inc.) -- C:\Program Files (x86)\Enigma Software Group\SpyHunter\SHService.exe
PRC - [2007/09/28 16:03:46 | 00,075,136 | ---- | M] ( TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
PRC - [2006/12/19 17:23:20 | 00,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
PRC - [2006/11/06 17:14:44 | 00,034,352 | ---- | M] () -- C:\Program Files (x86)\Toshiba\Utilities\KeNotify.exe
PRC - [2006/08/23 16:39:48 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2001/11/12 14:31:48 | 00,020,480 | ---- | M] (X10) -- C:\Program Files (x86)\Common Files\X10\Common\X10nets.exe

========== Modules (SafeList) ==========

MOD - [2010/01/12 05:20:46 | 00,544,256 | ---- | M] (OldTimer Tools) -- C:\Users\John\Downloads\OTL.exe

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/09/24 17:26:26 | 01,142,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2008/11/04 15:54:42 | 00,487,776 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2008/07/17 10:00:14 | 00,139,776 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV:64bit: - [2008/04/30 19:20:42 | 01,371,136 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2008/04/30 18:42:20 | 00,826,368 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2008/04/24 17:57:40 | 00,084,992 | ---- | M] (Toshiba) [On_Demand | Running] -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)
SRV:64bit: - [2008/01/20 18:47:32 | 00,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/11/21 15:53:16 | 00,135,168 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2009/11/10 10:28:08 | 00,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/11/06 14:29:22 | 01,141,712 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/10/30 11:18:16 | 00,359,624 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/09/28 08:42:50 | 00,109,056 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/08/18 08:25:31 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/08/18 08:25:29 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/08/17 17:14:02 | 00,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/07/28 20:49:24 | 01,984,656 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files (x86)\Carbonite\Carbonite Backup\carboniteservice.exe -- (CarboniteService)
SRV - [2009/04/01 17:10:58 | 00,062,776 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/03/29 20:39:54 | 00,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2009/01/15 18:36:37 | 00,115,560 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe -- (Norton Internet Security)
SRV - [2008/11/14 19:20:02 | 00,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/09/15 18:00:54 | 00,164,600 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/04/17 00:19:48 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/04/11 11:58:10 | 00,158,568 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2008/04/03 21:01:28 | 00,036,864 | ---- | M] (TOSHIBA Corporation.) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service)
SRV - [2008/01/23 13:48:04 | 00,376,832 | ---- | M] (Enigma Software Group, Inc.) [Auto | Running] -- C:\Program Files (x86)\Enigma Software Group\SpyHunter\SHService.exe -- (SpyHunter3 Service)
SRV - [2006/12/19 17:23:20 | 00,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
SRV - [2006/11/02 05:34:14 | 00,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2006/11/01 22:35:15 | 00,060,994 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006/11/01 22:35:15 | 00,055,846 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)
SRV - [2006/08/23 16:39:48 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2005/11/14 01:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2001/11/12 14:31:48 | 00,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Program Files (x86)\Common Files\X10\Common\X10nets.exe -- (x10nets)

1wiseguy · 9 OTL.txt report part 2 on Tue Jan 12, 2010 9:58 am

1wiseguy

Member
Member

(OTL.txt file continued part2)...

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: *{00A6FAF6-072E-44cf-8957-5838F569A31D} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://gateway.andohs.net/player/default_noax.aspx?nid=2920&sid=5864&customlogo=&shownav=&showfav=&showtuner=&nometa=#|http://www.calguns.net/calgunforum/showthread.php?t=213432&page=5|http://capwiz.com/legislativecenter/mailapp/|http://mail.google.com/mail/#inbox/1233e28c35856f89|http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: avg@igeared:3.011.025.005
FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p="

FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files (x86)\AVG\AVG8\Toolbar\Firefox\avg@igeared [2010/01/06 07:02:13 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/01/06 07:02:28 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/01/10 18:20:23 | 00,000,000 | ---D | M]

[2009/08/17 17:14:28 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Mozilla\Extensions
[2010/01/11 17:16:59 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ynx7rqeg.default\extensions
[2009/11/25 03:36:54 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ynx7rqeg.default\extensions\thepiratebay@toolbar-trash
[2009/09/26 07:08:29 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

O1 HOSTS File: (761 bytes) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg64.dll (Google Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll ()
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [WrtMon.exe] C:\Windows\SysNative\spool\drivers\x64\3\WrtMon.exe (NewSoft Technology Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files (x86)\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [cfFncEnabler.exe] File not found
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe ()
O4 - HKLM..\Run: [LTCM Client] C:\Program Files (x86)\LTCM Client\ltcmClient.exe (Leader Technologies Inc.)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [PCMAgent] C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [EPSON WorkForce 610 Series] C:\Windows\SysWow64\spool\DRIVERS\x64\3\E_IATIFJA.EXE File not found
O4 - HKCU..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\ApcMain.exe File not found
O4 - HKCU..\Run: [PMSpeed] C:\Program Files (x86)\NewSoft\Presto! PageManager 8 for EP\PMSpeed.exe (NewSoft Technology Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - HKCU..\Run: [WorkForce 610(Network)] C:\Windows\SysWow64\spool\DRIVERS\x64\3\E_IATIFJA.EXE File not found
O4 - Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\YPOPs.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - ..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKLM\..Trusted Domains: localhost ([]http in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files (x86)\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - Reg Error: Key error. File not found
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs:64bit: Ias - C:\Windows\SysNative\ias [2008/01/20 19:06:38 | 00,000,000 | ---D | M]
NetSvcs:64bit: Irmon - C:\Windows\SysNative\irmon.dll (Microsoft Corporation)
NetSvcs:64bit: Wmi - C:\Windows\SysNative\wmi.dll (Microsoft Corporation)
NetSvcs: Ias - C:\Windows\SysWOW64\ias [2008/01/20 19:08:35 | 00,000,000 | ---D | M]
NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation)

1wiseguy · 10 OTL.TXT continued PART 3 on Tue Jan 12, 2010 10:03 am

1wiseguy

Member
Member

(OTL.TXT continued PART 3)

SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: VDS - C:\Windows\SysWOW64\wbem\vds.mof ()
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfPf - Driver
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: MPSDrv - C:\Windows\SysWOW64\wbem\mpsdrv.mof ()
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: Tcpip - C:\Windows\SysWOW64\wbem\tcpip.mof ()
SafeBootNet: TDI - Driver Group
SafeBootNet: VDS - C:\Windows\SysWOW64\wbem\vds.mof ()
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: aux - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midimapper - C:\Windows\SysNative\midimap.dll (Microsoft Corporation)
Drivers32:64bit: mixer - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: msacm.imaadpcm - C:\Windows\SysNative\imaadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\SysNative\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: msacm.msadpcm - C:\Windows\SysNative\msadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msg711 - C:\Windows\SysNative\msg711.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msgsm610 - C:\Windows\SysNative\msgsm32.acm (Microsoft Corporation)
Drivers32:64bit: MSVideo8 - C:\Windows\SysNative\vfwwdm32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.i420 - C:\Windows\SysNative\iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.IYUV - C:\Windows\SysNative\iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.mrle - C:\Windows\SysNative\msrle32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.msvc - C:\Windows\SysNative\msvidc32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.UYVY - C:\Windows\SysNative\msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YUY2 - C:\Windows\SysNative\msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVU9 - C:\Windows\SysNative\tsbyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVYU - C:\Windows\SysNative\msyuv.dll (Microsoft Corporation)
Drivers32:64bit: wave - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wavemapper - C:\Windows\SysNative\msacm32.drv (Microsoft Corporation)
Drivers32: msacm.ac3acm - C:\Windows\SysWow64\AC3ACM.acm (fccHandler)
Drivers32: msacm.alf2cd - C:\Windows\SysWow64\alf2cd.acm (NCT Company)
Drivers32: msacm.dvacm - C:\Program Files (x86)\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.scg726 - C:\Windows\SysWow64\Scg726.acm (SHARP Corporation)
Drivers32: msacm.voxacm160 - C:\Windows\SysWow64\vct3216.acm (Voxware, Inc.)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\divx.dll (DivXNetworks, Inc.)
Drivers32: vidc.dvsd - C:\Windows\SysWow64\mcdvd_32.dll (MainConcept)
Drivers32: vidc.iv50 - C:\Windows\SysWow64\ir50_32.dll (Intel Corporation)
Drivers32: vidc.mp42 - C:\Windows\SysWow64\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mp43 - C:\Windows\SysWow64\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mpg4 - C:\Windows\SysWow64\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.xvid - C:\Windows\SysWow64\xvidvfw.dll ()

========== Files/Folders - Created Within 14 Days ==========

[2010/01/11 17:12:56 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2010/01/10 23:30:35 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/01/10 18:08:15 | 00,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Malwarebytes
[2010/01/10 18:08:10 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/01/10 18:08:08 | 00,022,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/01/10 18:08:08 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/01/10 18:08:08 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/01/10 17:44:55 | 00,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2010/01/10 17:44:54 | 01,640,400 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2010/01/10 17:44:54 | 00,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2010/01/10 17:37:12 | 00,306,648 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctgntdi64.sys
[2010/01/10 17:37:12 | 00,132,048 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctwfpfilter64.sys
[2010/01/10 17:37:01 | 00,218,056 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTCore64.sys
[2010/01/10 17:36:50 | 00,092,896 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctplsg64.sys
[2010/01/10 17:36:40 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Doctor
[2010/01/10 17:36:40 | 00,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\PC Tools
[2010/01/10 17:36:40 | 00,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010/01/10 17:36:40 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2010/01/10 17:09:05 | 00,000,000 | ---D | C] -- C:\ProgramData\AVP 2009
[2010/01/10 07:56:19 | 00,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\CocoonSoftware
[2010/01/10 07:56:09 | 00,000,000 | ---D | C] -- C:\Program Files\QuickMediaConverter
[2010/01/10 07:55:39 | 00,000,000 | ---D | C] -- C:\Users\John\AppData\Local\WDSetup
[2010/01/09 22:57:49 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\YouTube Downloader
[2010/01/04 19:06:55 | 00,000,000 | ---D | C] -- C:\Users\John\Documents\New Folder
[2010/01/04 18:47:24 | 00,000,000 | ---D | C] -- C:\Users\John\Documents\CD-DVD Lables
[2009/12/29 12:37:00 | 00,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2009/12/29 12:35:27 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\TweetDeck
[2009/12/29 12:34:30 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2009/09/10 18:08:02 | 00,082,816 | ---- | C] (VSO Software) -- C:\Users\John\AppData\Roaming\pcouffin.sys
[6 C:\Users\John\Documents\*.tmp files -> C:\Users\John\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/01/12 05:33:51 | 02,621,440 | -HS- | M] () -- C:\Users\John\NTUSER.DAT
[2010/01/12 04:57:23 | 00,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/01/12 04:57:23 | 00,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/01/12 04:38:30 | 47,727,135 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/01/12 04:38:30 | 00,138,891 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\microavi.avg
[2010/01/11 23:44:15 | 00,032,768 | ---- | M] () -- C:\Users\John\Documents\Director Job Description.doc
[2010/01/11 19:57:14 | 00,085,504 | ---- | M] () -- C:\Users\John\Documents\Director_Business_Card.zdl
[2010/01/11 06:34:00 | 00,042,464 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/01/11 06:31:30 | 00,524,288 | -HS- | M] () -- C:\Users\John\NTUSER.DAT{249532c7-fdec-11de-b067-0022fa9b7616}.TMContainer00000000000000000001.regtrans-ms
[2010/01/11 06:31:30 | 00,065,536 | -HS- | M] () -- C:\Users\John\NTUSER.DAT{249532c7-fdec-11de-b067-0022fa9b7616}.TM.blf
[2010/01/11 01:03:55 | 00,694,964 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/01/11 01:03:55 | 00,598,588 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/01/11 01:03:55 | 00,102,194 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/01/11 00:57:25 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/01/11 00:57:22 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/01/11 00:57:11 | 42,896,05632 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/10 23:30:36 | 00,001,939 | ---- | M] () -- C:\Users\John\Desktop\HijackThis.lnk
[2010/01/10 22:18:15 | 02,214,355 | -H-- | M] () -- C:\Users\John\AppData\Local\IconCache.db
[2010/01/10 18:08:12 | 00,000,859 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/10 17:36:55 | 00,001,824 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010/01/10 17:09:05 | 00,000,000 | ---- | M] () -- C:\Windows\SysWow64\MSVolumeAMP.dll
[2010/01/10 09:15:22 | 00,707,710 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/01/10 07:56:23 | 00,000,823 | ---- | M] () -- C:\Users\Public\Desktop\QUICKMEDIACONVERTER.lnk
[2010/01/10 05:30:01 | 00,524,288 | -HS- | M] () -- C:\Users\John\NTUSER.DAT{249532c7-fdec-11de-b067-0022fa9b7616}.TMContainer00000000000000000002.regtrans-ms
[2010/01/09 23:37:36 | 20,890,288 | ---- | M] () -- C:\Users\John\Documents\The Log Cabin Quilt DAR Jan 4 2010.3gp
[2010/01/09 23:21:12 | 16,754,1641 | ---- | M] () -- C:\Users\John\Documents\The Log Cabin Quilt DAR Jan 4 2010.wmv
[2010/01/09 22:57:50 | 00,000,972 | ---- | M] () -- C:\Users\John\Desktop\YouTube Downloader.lnk
[2010/01/09 17:18:08 | 00,034,304 | ---- | M] () -- C:\Users\John\Documents\GO APE WITH NETWORKING.doc
[2010/01/09 11:17:03 | 00,065,536 | -HS- | M] () -- C:\Users\John\NTUSER.DAT{4d7753dd-a774-11de-a29f-0022fa9b7616}.TM.blf
[2010/01/09 11:17:02 | 00,524,288 | -HS- | M] () -- C:\Users\John\NTUSER.DAT{4d7753dd-a774-11de-a29f-0022fa9b7616}.TMContainer00000000000000000001.regtrans-ms
[2010/01/08 17:48:24 | 00,033,280 | ---- | M] () -- C:\Users\John\Documents\GOING APE.doc
[2010/01/08 13:13:00 | 00,000,162 | -H-- | M] () -- C:\Users\John\Documents\~$ING APE.doc
[2010/01/08 09:59:17 | 62,019,7536 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/01/07 16:07:06 | 00,022,104 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/01/07 14:20:57 | 00,934,912 | ---- | M] () -- C:\Users\John\Documents\ZombieLand 1.ppt
[2010/01/06 18:20:04 | 00,030,208 | ---- | M] () -- C:\Users\John\Documents\Charlie Isaacs.doc
[2010/01/06 10:14:41 | 01,029,357 | ---- | M] () -- C:\Users\John\Documents\Dress Rehearsal 003.jpg
[2010/01/06 10:12:47 | 01,164,230 | ---- | M] () -- C:\Users\John\Documents\Dress Rehearsal 002.jpg
[2010/01/06 10:10:30 | 01,252,182 | ---- | M] () -- C:\Users\John\Documents\Dress Rehearsal 001.jpg
[2010/01/04 17:44:44 | 00,655,664 | ---- | M] () -- C:\Users\John\Documents\DVD Lable Nights At The Museum 2.jpg
[2010/01/04 17:37:31 | 01,027,613 | ---- | M] () -- C:\Users\John\Documents\DVD Lable Nights At The Museum 2002.jpg
[2010/01/02 05:56:41 | 00,042,464 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2009/12/31 08:58:18 | 00,026,624 | ---- | M] () -- C:\Users\John\Documents\Proof Snopes Not Neutral.doc
[2009/12/29 12:35:54 | 00,000,803 | ---- | M] () -- C:\Users\Public\Desktop\TweetDeck.lnk
[6 C:\Users\John\Documents\*.tmp files -> C:\Users\John\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

1wiseguy · 11 Re: Computer infected with Packed.Delf.Crypt. on Tue Jan 12, 2010 10:12 am

1wiseguy

Member
Member

(OTL.TXT PART4)

========== Files - Modified Within 14 Days ==========

[2010/01/12 05:33:51 | 02,621,440 | -HS- | M] () -- C:\Users\John\NTUSER.DAT
[2010/01/12 04:57:23 | 00,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/01/12 04:57:23 | 00,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/01/12 04:38:30 | 47,727,135 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/01/12 04:38:30 | 00,138,891 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\microavi.avg
[2010/01/11 23:44:15 | 00,032,768 | ---- | M] () -- C:\Users\John\Documents\Director Job Description.doc
[2010/01/11 19:57:14 | 00,085,504 | ---- | M] () -- C:\Users\John\Documents\Director_Business_Card.zdl
[2010/01/11 06:34:00 | 00,042,464 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/01/11 06:31:30 | 00,524,288 | -HS- | M] () -- C:\Users\John\NTUSER.DAT{249532c7-fdec-11de-b067-0022fa9b7616}.TMContainer00000000000000000001.regtrans-ms
[2010/01/11 06:31:30 | 00,065,536 | -HS- | M] () -- C:\Users\John\NTUSER.DAT{249532c7-fdec-11de-b067-0022fa9b7616}.TM.blf
[2010/01/11 01:03:55 | 00,694,964 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/01/11 01:03:55 | 00,598,588 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/01/11 01:03:55 | 00,102,194 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/01/11 00:57:25 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/01/11 00:57:22 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/01/11 00:57:11 | 42,896,05632 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/10 23:30:36 | 00,001,939 | ---- | M] () -- C:\Users\John\Desktop\HijackThis.lnk
[2010/01/10 22:18:15 | 02,214,355 | -H-- | M] () -- C:\Users\John\AppData\Local\IconCache.db
[2010/01/10 18:08:12 | 00,000,859 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/10 17:36:55 | 00,001,824 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010/01/10 17:09:05 | 00,000,000 | ---- | M] () -- C:\Windows\SysWow64\MSVolumeAMP.dll
[2010/01/10 09:15:22 | 00,707,710 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/01/10 07:56:23 | 00,000,823 | ---- | M] () -- C:\Users\Public\Desktop\QUICKMEDIACONVERTER.lnk
[2010/01/10 05:30:01 | 00,524,288 | -HS- | M] () -- C:\Users\John\NTUSER.DAT{249532c7-fdec-11de-b067-0022fa9b7616}.TMContainer00000000000000000002.regtrans-ms
[2010/01/09 23:37:36 | 20,890,288 | ---- | M] () -- C:\Users\John\Documents\The Log Cabin Quilt DAR Jan 4 2010.3gp
[2010/01/09 23:21:12 | 16,754,1641 | ---- | M] () -- C:\Users\John\Documents\The Log Cabin Quilt DAR Jan 4 2010.wmv
[2010/01/09 22:57:50 | 00,000,972 | ---- | M] () -- C:\Users\John\Desktop\YouTube Downloader.lnk
[2010/01/09 17:18:08 | 00,034,304 | ---- | M] () -- C:\Users\John\Documents\GO APE WITH NETWORKING.doc
[2010/01/09 11:17:03 | 00,065,536 | -HS- | M] () -- C:\Users\John\NTUSER.DAT{4d7753dd-a774-11de-a29f-0022fa9b7616}.TM.blf
[2010/01/09 11:17:02 | 00,524,288 | -HS- | M] () -- C:\Users\John\NTUSER.DAT{4d7753dd-a774-11de-a29f-0022fa9b7616}.TMContainer00000000000000000001.regtrans-ms
[2010/01/08 17:48:24 | 00,033,280 | ---- | M] () -- C:\Users\John\Documents\GOING APE.doc
[2010/01/08 13:13:00 | 00,000,162 | -H-- | M] () -- C:\Users\John\Documents\~$ING APE.doc
[2010/01/08 09:59:17 | 62,019,7536 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/01/07 16:07:06 | 00,022,104 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/01/07 14:20:57 | 00,934,912 | ---- | M] () -- C:\Users\John\Documents\ZombieLand 1.ppt
[2010/01/06 18:20:04 | 00,030,208 | ---- | M] () -- C:\Users\John\Documents\Charlie Isaacs.doc
[2010/01/06 10:14:41 | 01,029,357 | ---- | M] () -- C:\Users\John\Documents\Dress Rehearsal 003.jpg
[2010/01/06 10:12:47 | 01,164,230 | ---- | M] () -- C:\Users\John\Documents\Dress Rehearsal 002.jpg
[2010/01/06 10:10:30 | 01,252,182 | ---- | M] () -- C:\Users\John\Documents\Dress Rehearsal 001.jpg
[2010/01/04 17:44:44 | 00,655,664 | ---- | M] () -- C:\Users\John\Documents\DVD Lable Nights At The Museum 2.jpg
[2010/01/04 17:37:31 | 01,027,613 | ---- | M] () -- C:\Users\John\Documents\DVD Lable Nights At The Museum 2002.jpg
[2010/01/02 05:56:41 | 00,042,464 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2009/12/31 08:58:18 | 00,026,624 | ---- | M] () -- C:\Users\John\Documents\Proof Snopes Not Neutral.doc
[2009/12/29 12:35:54 | 00,000,803 | ---- | M] () -- C:\Users\Public\Desktop\TweetDeck.lnk
[6 C:\Users\John\Documents\*.tmp files -> C:\Users\John\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/11 23:44:15 | 00,032,768 | ---- | C] () -- C:\Users\John\Documents\Director Job Description.doc
[2010/01/11 19:49:50 | 00,085,504 | ---- | C] () -- C:\Users\John\Documents\Director_Business_Card.zdl
[2010/01/10 23:30:36 | 00,001,939 | ---- | C] () -- C:\Users\John\Desktop\HijackThis.lnk
[2010/01/10 18:08:12 | 00,000,859 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/10 17:44:55 | 00,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2010/01/10 17:44:55 | 00,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2010/01/10 17:44:55 | 00,000,880 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2010/01/10 17:44:55 | 00,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2010/01/10 17:44:54 | 01,152,444 | ---- | C] () -- C:\Windows\UDB.zip
[2010/01/10 17:37:12 | 00,007,357 | ---- | C] () -- C:\Windows\SysNative\drivers\pctgntdi64.cat
[2010/01/10 17:37:01 | 00,007,353 | ---- | C] () -- C:\Windows\SysNative\drivers\pctcore64.cat
[2010/01/10 17:36:55 | 00,001,824 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010/01/10 17:36:50 | 00,007,353 | ---- | C] () -- C:\Windows\SysNative\drivers\pctplsg64.cat
[2010/01/10 17:36:43 | 00,437,800 | ---- | C] () -- C:\Users\John\AppData\Local\dd_vcredistMSI6A6F.txt
[2010/01/10 17:36:43 | 00,010,662 | ---- | C] () -- C:\Users\John\AppData\Local\dd_vcredistUI6A75.txt
[2010/01/10 17:36:41 | 00,011,362 | ---- | C] () -- C:\Users\John\AppData\Local\dd_vcredistUI6A6F.txt
[2010/01/10 17:09:05 | 00,000,000 | ---- | C] () -- C:\Windows\SysWow64\MSVolumeAMP.dll
[2010/01/10 09:50:44 | 42,896,05632 | -HS- | C] () -- C:\hiberfil.sys
[2010/01/10 09:15:22 | 00,707,710 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/01/10 07:56:23 | 00,000,823 | ---- | C] () -- C:\Users\Public\Desktop\QUICKMEDIACONVERTER.lnk
[2010/01/10 05:30:00 | 00,524,288 | -HS- | C] () -- C:\Users\John\NTUSER.DAT{249532c7-fdec-11de-b067-0022fa9b7616}.TMContainer00000000000000000002.regtrans-ms
[2010/01/10 05:29:59 | 00,524,288 | -HS- | C] () -- C:\Users\John\NTUSER.DAT{249532c7-fdec-11de-b067-0022fa9b7616}.TMContainer00000000000000000001.regtrans-ms
[2010/01/10 05:29:59 | 00,065,536 | -HS- | C] () -- C:\Users\John\NTUSER.DAT{249532c7-fdec-11de-b067-0022fa9b7616}.TM.blf
[2010/01/09 23:33:36 | 20,890,288 | ---- | C] () -- C:\Users\John\Documents\The Log Cabin Quilt DAR Jan 4 2010.3gp
[2010/01/09 23:20:41 | 16,754,1641 | ---- | C] () -- C:\Users\John\Documents\The Log Cabin Quilt DAR Jan 4 2010.wmv
[2010/01/09 22:57:50 | 00,000,972 | ---- | C] () -- C:\Users\John\Desktop\YouTube Downloader.lnk
[2010/01/09 17:01:01 | 00,034,304 | ---- | C] () -- C:\Users\John\Documents\GO APE WITH NETWORKING.doc
[2010/01/08 13:13:00 | 00,000,162 | -H-- | C] () -- C:\Users\John\Documents\~$ING APE.doc
[2010/01/08 13:12:59 | 00,033,280 | ---- | C] () -- C:\Users\John\Documents\GOING APE.doc
[2010/01/06 18:20:04 | 00,030,208 | ---- | C] () -- C:\Users\John\Documents\Charlie Isaacs.doc
[2010/01/06 10:14:40 | 01,029,357 | ---- | C] () -- C:\Users\John\Documents\Dress Rehearsal 003.jpg
[2010/01/06 10:12:46 | 01,164,230 | ---- | C] () -- C:\Users\John\Documents\Dress Rehearsal 002.jpg
[2010/01/06 10:10:28 | 01,252,182 | ---- | C] () -- C:\Users\John\Documents\Dress Rehearsal 001.jpg
[2010/01/04 17:44:43 | 00,655,664 | ---- | C] () -- C:\Users\John\Documents\DVD Lable Nights At The Museum 2.jpg
[2010/01/04 17:35:22 | 01,027,613 | ---- | C] () -- C:\Users\John\Documents\DVD Lable Nights At The Museum 2002.jpg
[2009/12/31 08:58:17 | 00,026,624 | ---- | C] () -- C:\Users\John\Documents\Proof Snopes Not Neutral.doc
[2009/12/29 12:35:54 | 00,000,803 | ---- | C] () -- C:\Users\Public\Desktop\TweetDeck.lnk
[2009/12/10 13:41:02 | 00,582,341 | ---- | C] () -- C:\Program Files (x86)\ActiveHome_suite5_236.zip
[2009/12/02 19:51:25 | 00,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/12/02 19:49:58 | 00,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/12/01 13:59:59 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\d3dim7003232.dll
[2009/12/01 13:38:59 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\cscdll3232323232323232.dll
[2009/12/01 13:21:59 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\crtdll32323232323232.dll
[2009/12/01 13:14:55 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\comuid323232323232323232323232.dll
[2009/12/01 13:13:52 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\comsvcs32323232323232.dll
[2009/12/01 13:13:41 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\CompatUI3232323232.dll
[2009/12/01 13:12:36 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\COLORCNV323232323232.dll
[2009/12/01 13:12:34 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\colbact3232323232.dll
[2009/12/01 13:11:33 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\cnvfat3232.dll
[2009/12/01 13:11:32 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\cngaudit3232323232.dll
[2009/12/01 13:10:59 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\connect323232323232.dll
[2009/12/01 13:10:30 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\cmstplua3232.dll
[2009/12/01 13:09:59 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\connect3232323232.dll
[2009/12/01 13:08:32 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\cmutil323232.dll
[2009/12/01 13:07:58 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\comuid3232323232323232323232.dll
[2009/12/01 13:06:50 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\comres32323232323232.dll
[2009/12/01 13:05:58 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\comuid32323232323232323232.dll
[2009/12/01 13:04:55 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\comsvcs323232323232.dll
[2009/12/01 13:04:53 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\comsnap32323232323232.dll
[2009/12/01 13:03:53 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\comsnap323232323232.dll
[2009/12/01 13:03:45 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\CompatUI32323232.dll
[2009/12/01 13:02:42 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\comcat323232.dll
[2009/12/01 13:02:40 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\COLORCNV3232323232.dll
[2009/12/01 13:01:41 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\colorui3232.dll
[2009/12/01 13:01:40 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\COLORCNV32323232.dll
[2009/12/01 13:00:40 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\COLORCNV323232.dll
[2009/12/01 13:00:37 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\cngaudit32323232.dll
[2009/12/01 12:54:59 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\dbnmpntw3232.dll
[2009/12/01 12:52:59 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\dbghelp323232.dll
[2009/12/01 12:50:53 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\d3dim3232.dll
[2009/12/01 12:49:52 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\d3d8thk323232323232.dll
[2009/12/01 12:49:50 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\d3d83232323232.dll
[2009/12/01 12:48:45 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\d3d10323232323232.dll
[2009/12/01 12:48:37 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\ctl3d32323232.dll
[2009/12/01 12:47:51 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\d3d832323232.dll
[2009/12/01 12:47:36 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\cscdll32323232323232.dll
[2009/12/01 12:47:16 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\credssp323232323232.dll
[2009/12/01 12:46:53 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\d3d8thk3232323232.dll
[2009/12/01 12:46:31 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\cryptsvc323232323232.dll
[2009/12/01 12:46:23 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\crypt32323232323232323232.dll
[2009/12/01 12:45:57 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\d3dramp3232323232.dll
[2009/12/01 12:45:53 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\d3d8thk32323232.dll
[2009/12/01 12:45:16 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\corpol3232323232.dll
[2009/12/01 12:45:14 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\console32323232.dll
[2009/12/01 12:44:32 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\cryptsvc3232323232.dll
[2009/12/01 12:44:30 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\cryptnet3232323232.dll
[2009/12/01 12:43:57 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\d3dramp32323232.dll
[2009/12/01 12:43:48 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\d3d10core3232.dll
[2009/12/01 12:43:27 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\cryptdll323232.dll
[2009/12/01 12:43:13 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\comuid323232323232323232.dll
[2009/12/01 12:42:42 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\CTL3DV2323232323232.dll
[2009/12/01 12:42:18 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\corpol32323232.dll
[2009/12/01 12:42:11 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\comsvcs3232323232.dll
[2009/12/01 12:41:48 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\d3d10core32.dll
[2009/12/01 12:41:33 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\cryptsvc32323232.dll
[2009/12/01 12:41:17 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\console323232.dll
[2009/12/01 12:40:48 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\d3d103232323232.dll
[2009/12/01 12:40:46 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\C_ISCII3232.dll
[2009/12/01 12:40:17 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\connect32323232.dll
[2009/12/01 12:40:11 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\comsnap3232323232.dll
[2009/12/01 12:39:46 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\C_ISCII32.dll
[2009/12/01 12:39:27 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\crypt323232323232323232.dll
[2009/12/01 12:39:16 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\comuid3232323232323232.dll
[2009/12/01 12:38:46 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\C_IS20223232323232.dll
[2009/12/01 12:38:43 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\CTL3DV23232323232.dll
[2009/12/01 12:38:08 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\compstui3232.dll
[2009/12/01 12:38:07 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\compobj32323232.dll
[2009/12/01 12:37:32 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\cryptext323232323232.dll
[2009/12/01 12:37:28 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\crypt3232323232323232.dll
[2009/12/01 12:37:01 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\colbact32323232.dll
[2009/12/01 12:36:50 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\d3d10_1323232323232.dll
[2009/12/01 12:36:26 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\crtdll323232323232.dll
[2009/12/01 12:36:19 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\connect323232.dll
[2009/12/01 12:35:38 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\cscapi323232323232.dll
[2009/12/01 12:35:34 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\cryptnet32323232.dll
[2009/12/01 12:35:08 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\CompatUI323232.dll
[2009/12/01 12:35:01 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\cngaudit323232.dll
[2009/12/01 12:34:38 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\cscapi3232323232.dll
[2009/12/01 12:34:30 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\cryptdlg3232.dll
[2009/12/01 12:34:05 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\colorui32.dll
[2009/12/01 12:33:50 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\d3d10_13232323232.dll
[2009/12/01 12:33:33 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\cryptext3232323232.dll
[2009/12/01 12:33:20 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\comuid32323232323232.dll
[2009/12/01 12:32:48 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\d3d1032323232.dll
[2009/12/01 12:32:30 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\crypt32323232323232.dll
[2009/12/01 12:32:15 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\comres323232323232.dll
[2009/12/01 12:31:52 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\d3d8323232.dll
[2009/12/01 12:31:44 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\CTL3DV232323232.dll
[2009/12/01 12:31:22 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\connect3232.dll
[2009/12/01 12:31:12 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\compobj323232.dll
[2009/12/01 12:30:48 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\d3d10323232.dll
[2009/12/01 12:30:41 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\cscdll323232323232.dll
[2009/12/01 12:30:18 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\comsnap32323232.dll
[2009/12/01 12:29:58 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\d3dx9_323232323232.dll
[2009/12/01 12:29:47 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\C_IS202232323232.dll
[2009/12/01 12:29:24 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\console3232.dll
[2009/12/01 12:29:12 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\comdlg323232.dll
[2009/12/01 12:28:51 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\d3d10_1core3232.dll
[2009/12/01 12:28:40 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\cscapi32323232.dll
[2009/12/01 12:28:21 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\comsvcs32323232.dll
[2009/12/01 12:27:50 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\d3d10_132323232.dll
[2009/12/01 12:27:34 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\cryptdll3232.dll
[2009/12/01 12:27:20 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\comsnap323232.dll
[2009/12/01 12:26:47 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\C_IS2022323232.dll
[2009/12/01 12:26:31 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\crtdll3232323232.dll
[2009/12/01 12:26:15 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\CompatUI3232.dll
[2009/12/01 12:25:44 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\ctl3d323232.dll
[2009/12/01 12:25:31 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\crtdll32323232.dll
[2009/12/01 12:25:12 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\COLORCNV3232.dll
[2009/12/01 12:24:42 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\cscdll3232323232.dll
[2009/12/01 12:24:30 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\credui3232.dll
[2009/12/01 12:23:57 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\d3dx9_3232323232.dll
[2009/12/01 12:23:36 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\cryptext32323232.dll
[2009/12/01 12:23:22 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\comsnap3232.dll
[2009/12/01 12:22:48 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\d3d103232.dll
[2009/12/01 12:22:30 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\credssp3232323232.dll
[2009/12/01 12:22:16 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\comctl323232.dll
[2009/12/01 12:21:45 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\CTL3DV2323232.dll
[2009/12/01 12:21:30 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\credssp32323232.dll
[2009/12/01 12:21:14 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\colbact323232.dll
[2009/12/01 12:20:44 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\ctl3d3232.dll
[2009/12/01 12:20:29 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\corpol323232.dll
[2009/12/01 12:20:12 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\cmutil3232.dll
[2009/12/01 12:19:40 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\cryptui3232.dll
[2009/12/01 12:19:25 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\comsvcs323232.dll
[2009/12/01 12:18:55 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\d3dramp323232.dll
[2009/12/01 12:18:37 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\cryptext323232.dll
[2009/12/01 12:18:24 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\comres3232323232.dll
[2009/12/01 12:17:51 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\d3d83232.dll
[2009/12/01 12:17:35 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\crypt323232323232.dll
[2009/12/01 12:17:21 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\compobj3232.dll
[2009/12/01 12:16:50 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\d3d10_1core32.dll
[2009/12/01 12:16:29 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\connect32.dll
[2009/12/01 12:15:57 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\d3dxof3232.dll
[2009/12/01 12:15:42 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\cscapi323232.dll
[2009/12/01 12:14:55 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\d3dramp3232.dll
[2009/12/01 12:14:42 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\cscapi3232.dll
[2009/12/01 12:13:50 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\d3d10_1323232.dll
[2009/12/01 12:13:33 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\credssp323232.dll
[2009/12/01 12:13:19 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\colbact3232.dll
[2009/12/01 12:12:41 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\cryptsvc323232.dll
[2009/12/01 12:12:33 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\credssp3232.dll
[2009/12/01 12:11:54 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\d3dim70032.dll
[2009/12/01 12:11:41 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\cryptsvc3232.dll
[2009/12/01 12:11:22 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\comcat3232.dll
[2009/12/01 12:10:52 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\d3d8thk323232.dll
[2009/12/01 12:10:41 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\cryptsvc32.dll
[2009/12/01 12:09:46 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\CTL3DV23232.dll
[2009/12/01 12:09:38 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\cryptdlg32.dll
[2009/12/01 12:08:44 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\cscdll32323232.dll
[2009/12/01 12:08:38 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\crypt3232323232.dll
[2009/12/01 12:07:35 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\credssp32.dll
[2009/12/01 12:06:41 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\cryptnet323232.dll
[2009/12/01 12:06:33 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\comuid323232323232.dll
[2009/12/01 12:05:38 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\crypt32323232.dll
[2009/12/01 12:05:33 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\comuid3232323232.dll
[2009/12/01 12:04:38 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\crypt323232.dll
[2009/12/01 12:04:33 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\comuid32323232.dll
[2009/12/01 12:03:37 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\crtdll323232.dll
[2009/12/01 12:03:32 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\comsvcs3232.dll
[2009/12/01 12:02:37 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\crtdll3232.dll
[2009/12/01 12:02:31 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\comres32323232.dll
[2009/12/01 12:01:31 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\comres323232.dll
[2009/12/01 12:01:30 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\comrepl323232.dll
[2009/12/01 12:00:30 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\comrepl3232.dll
[2009/12/01 11:59:59 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\EBLib3232.dll
[2009/12/01 11:58:59 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\EBAPI32.dll
[2009/12/01 11:57:59 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\eappprxy3232.dll
[2009/12/01 11:56:59 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\eapphost32.dll
[2009/12/01 11:55:59 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\eappcfg32.dll
[2009/12/01 11:54:59 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\dxva232.dll
[2009/12/01 11:52:59 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\dxgi32.dll
[2009/12/01 11:45:57 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\drmmgrtn3232.dll
[2009/12/01 11:44:57 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\dpx32.dll
[2009/12/01 11:44:56 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\dpnlobby3232.dll
[2009/12/01 11:43:56 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\dpnhpast32323232.dll
[2009/12/01 11:43:53 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\dpnaddr3232323232.dll
[2009/12/01 11:42:46 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\dot3cfg3232.dll
[2009/12/01 11:42:45 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\dot3api3232.dll
[2009/12/01 11:41:43 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\dmvdsitf3232.dll
[2009/12/01 11:41:40 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\dmstyle323232.dll
[2009/12/01 11:40:40 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\dmscript32323232.dll
[2009/12/01 11:40:38 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\dmloader3232.dll
[2009/12/01 11:39:37 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\dmdskres232.dll
[2009/12/01 11:38:35 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\dmband3232.dll
[2009/12/01 11:37:33 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\dimsroam3232.dll
[2009/12/01 11:37:32 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\difxapi32.dll
[2009/12/01 11:36:32 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\dhcpsapi3232.dll
[2009/12/01 11:36:31 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\DHCPQEC32.dll
[2009/12/01 11:35:30 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\dfshim32.dll
[2009/12/01 11:34:57 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\dpnaddr32323232.dll
[2009/12/01 11:34:30 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\dfrgifps32.dll
[2009/12/01 11:34:27 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\deskadp3232.dll
[2009/12/01 11:33:55 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\dplayx323232.dll
[2009/12/01 11:33:27 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\ddrawex3232.dll
[2009/12/01 11:33:25 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\dciman32323232.dll
[2009/12/01 11:31:52 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\dot3gpclnt3232.dll
[2009/12/01 11:31:48 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\dnshc3232.dll
[2009/12/01 11:31:21 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\d3dx9_32323232.dll
[2009/12/01 11:31:18 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\d3d8thk3232.dll
[2009/12/01 11:30:51 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\dot3dlg323232.dll
[2009/12/01 11:30:48 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\dnshc32.dll
[2009/12/01 11:30:18 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\d3d832.dll
[2009/12/01 11:30:17 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\d3d10_13232.dll
[2009/12/01 11:29:44 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\dmscript323232.dll
[2009/12/01 11:29:15 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\C_G180303232.dll
[2009/12/01 11:29:14 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\CTL3DV232.dll
[2009/12/01 11:28:12 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\cscapi32.dll
[2009/12/01 11:27:59 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\dpnhpast323232.dll
[2009/12/01 11:26:57 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\dpnaddr323232.dll
[2009/12/01 11:26:28 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\dbnetlib3232.dll
[2009/12/01 11:26:27 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\dbghelp3232.dll
[2009/12/01 11:25:58 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\dpnathlp3232.dll
[2009/12/01 11:25:23 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\d3d93232.dll
[2009/12/01 11:24:52 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\dot3dlg3232.dll
[2009/12/01 11:24:50 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\docprop3232.dll
[2009/12/01 11:24:20 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\C_IS20223232.dll
[2009/12/01 11:23:51 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\dot3cfg32.dll
[2009/12/01 11:23:48 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\dmusic3232.dll
[2009/12/01 11:23:19 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\CSVer3232.dll
[2009/12/01 11:23:18 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\cscdll323232.dll
[2009/12/01 11:22:49 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\dmvdsitf32.dll
[2009/12/01 11:22:17 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\cryptnet3232.dll
[2009/12/01 11:22:16 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\cryptext3232.dll
[2009/12/01 11:21:45 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\dmintf3232.dll
[2009/12/01 11:21:13 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\corpol3232.dll
[2009/12/01 11:20:12 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\comuid323232.dll
[2009/12/01 11:19:40 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\dimsroam32.dll
[2009/12/01 11:19:11 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\comres3232.dll
[2009/12/01 11:18:36 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\devmgr3232.dll
[2009/12/01 11:18:09 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\comdlg3232.dll
[2009/12/01 11:18:06 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\cngaudit3232.dll
[2009/12/01 11:17:35 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\deskperf3232.dll
[2009/12/01 11:14:31 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\davclnt3232.dll
[2009/12/01 11:12:30 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\d3dx9_323232.dll
[2009/12/01 11:12:25 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\C_IS202232.dll
[2009/12/01 11:11:55 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\dpnathlp32.dll
[2009/12/01 11:11:30 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\d3dx9_3232.dll
[2009/12/01 11:11:24 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\CSVer32.dll
[2009/12/01 11:10:54 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\dpmodemx3232.dll
[2009/12/01 11:10:29 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\d3d932.dll
[2009/12/01 11:10:24 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\cscdll3232.dll
[2009/12/01 11:09:28 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\d3d10_132.dll
[2009/12/01 11:09:23 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\cryptnet32.dll
[2009/12/01 11:08:58 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\drmmgrtn32.dll
[2009/12/01 11:08:53 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\dot3ui3232.dll
[2009/12/01 11:08:27 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\C_G1803032.dll
[2009/12/01 11:08:23 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\cryptdll32.dll
[2009/12/01 11:07:53 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\dot3ui32.dll
[2009/12/01 11:06:51 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\dot3dlg32.dll
[2009/12/01 11:06:25 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\cryptext32.dll
[2009/12/01 11:06:21 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\comuid3232.dll
[2009/12/01 11:05:20 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\comres32.dll
[2009/12/01 11:04:54 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\dplayx3232.dll
[2009/12/01 11:04:24 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\credui32.dll
[2009/12/01 11:04:18 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\comcat32.dll
[2009/12/01 11:03:18 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\COLORCNV32.dll
[2009/12/01 11:02:53 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\dot3msm3232.dll
[2009/12/01 11:02:23 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\comsvcs32.dll
[2009/12/01 11:02:18 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\cngaudit32.dll
[2009/12/01 11:01:53 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\dot3msm32.dll
[2009/12/01 11:00:52 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\dot3gpclnt32.dll
[2009/12/01 10:59:52 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\IMJP10K32.dll
[2009/12/01 10:59:47 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\ifsutil3232.dll
[2009/12/01 10:59:21 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\findnetprinters32.dll
[2009/12/01 10:58:51 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\imapi232.dll
[2009/12/01 10:58:47 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\ifsutil32.dll
[2009/12/01 10:58:20 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\fdWNet32.dll
[2009/12/01 10:58:17 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\f3ahvoas3232.dll
[2009/12/01 10:57:50 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\imagesp13232.dll
[2009/12/01 10:57:46 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\iesysprep323232.dll
[2009/12/01 10:57:20 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\fdWCN32.dll
[2009/12/01 10:57:16 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\evr32.dll
[2009/12/01 10:56:50 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\imagesp132.dll
[2009/12/01 10:56:46 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\iesysprep3232.dll
[2009/12/01 10:56:20 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\fdProxy32.dll
[2009/12/01 10:55:49 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\imagehlp3232.dll
[2009/12/01 10:55:46 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\iesysprep32.dll
[2009/12/01 10:53:49 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\ifxcardm32.dll
[2009/12/01 10:52:48 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\ieui32.dll
[2009/12/01 10:52:18 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\EpPicPrt32.dll
[2009/12/01 10:51:18 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\encapi32.dll
[2009/12/01 10:50:48 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\iertutil32.dll
[2009/12/01 10:49:17 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\EBLib32.dll
[2009/12/01 10:48:17 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\eappprxy32.dll
[2009/12/01 10:47:17 | 00,122,368 | ---- | C] () -- C:\Windows\SysWow64\eappgnui32.dll
[2009/10/29 14:28:58 | 00,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2009/10/29 14:27:19 | 00,000,100 | ---- | C] () -- C:\Windows\EPWF610.ini
[2009/10/21 15:28:24 | 00,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009/09/29 18:05:43 | 02,720,337 | R--- | C] () -- C:\Program Files (x86)\Magic ISO 5.4 + serial.rar
[2009/09/10 18:09:18 | 00,000,034 | ---- | C] () -- C:\Users\John\AppData\Roaming\pcouffin.log
[2009/09/10 18:08:02 | 00,099,384 | ---- | C] () -- C:\Users\John\AppData\Roaming\inst.exe
[2009/09/10 18:08:02 | 00,007,859 | ---- | C] () -- C:\Users\John\AppData\Roaming\pcouffin.cat
[2009/09/10 18:08:02 | 00,001,167 | ---- | C] () -- C:\Users\John\AppData\Roaming\pcouffin.inf
[2009/08/30 07:42:47 | 03,991,908 | ---- | C] () -- C:\Program Files (x86)\YouTube Movie Downloader v2.2 [ kentuckykiid ].rar
[2009/08/19 16:47:10 | 00,036,605 | ---- | C] () -- C:\Users\John\AppData\Roaming\Comma Separated Values (Windows).ADR
[2009/08/18 11:58:56 | 08,637,210 | R--- | C] () -- C:\Program Files (x86)\SpyHunter Security Suite v3.4.9+Crack-HeartBug.rar
[2009/08/18 11:57:55 | 00,851,065 | R--- | C] () -- C:\Program Files (x86)\DVD Shrink.rar
[2009/08/18 11:56:33 | 08,911,588 | R--- | C] () -- C:\Program Files (x86)\DVDFab 5.rar
[2009/08/18 08:39:04 | 00,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/08/17 21:44:11 | 00,524,288 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/08/17 21:44:11 | 00,139,264 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/08/17 19:21:43 | 00,041,984 | ---- | C] () -- C:\Users\John\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/17 16:52:35 | 00,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/08/17 16:22:51 | 00,042,464 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/08/17 16:16:59 | 00,042,464 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/08/17 15:53:11 | 00,000,015 | RHS- | C] () -- C:\Windows\SysWow64\drivers\fbd.sys
[2009/01/15 18:49:34 | 00,204,800 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeW7.dll
[2009/01/15 18:49:34 | 00,200,704 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeA6.dll
[2009/01/15 18:49:34 | 00,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeP6.dll
[2009/01/15 18:49:34 | 00,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeM6.dll
[2009/01/15 18:49:34 | 00,188,416 | ---- | C] () -- C:\Windows\SysWow64\IVIresizePX.dll
[2009/01/15 18:49:34 | 00,020,480 | ---- | C] () -- C:\Windows\SysWow64\IVIresize.dll
[2009/01/15 17:38:26 | 00,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/01/20 18:50:05 | 00,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007/12/21 16:46:32 | 00,118,784 | ---- | C] () -- C:\Windows\SysWow64\TosBtAcc.dll
[2005/11/23 13:55:42 | 00,024,576 | ---- | C] () -- C:\Windows\SysWow64\SPCtl.dll
[2005/07/22 21:30:18 | 00,065,536 | ---- | C] () -- C:\Windows\SysWow64\TosCommAPI.dll
[2003/01/07 14:05:08 | 00,002,695 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI

1wiseguy · 12 Re: Computer infected with Packed.Delf.Crypt. on Tue Jan 12, 2010 10:18 am

1wiseguy

Member
Member

(OTL.TXT PART 5)

========== LOP Check ==========

[2010/01/11 06:34:01 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\.oit
[2009/12/17 15:09:47 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Avery
[2010/01/10 07:56:19 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\CocoonSoftware
[2009/09/05 06:42:07 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\DVDFab
[2009/10/30 08:36:17 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Epson
[2009/08/29 11:39:22 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\GrabPro
[2009/10/30 15:01:13 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Leader Technologies
[2009/10/29 15:56:15 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Leadertech
[2009/12/29 23:30:53 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\LimeWire
[2009/08/29 11:55:09 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Orbit
[2009/11/06 07:46:29 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\PowerCinema
[2009/08/18 21:02:55 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\TOSHIBA
[2009/12/29 12:37:00 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2009/08/30 16:52:49 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\uniblue
[2009/12/23 06:36:34 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Vso
[2009/10/12 15:42:11 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\WinBatch
[2010/01/10 22:18:19 | 00,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< %systemroot%\*. /mp /s >

< c:\$recycle.bin\*.* /s >
[2009/08/25 19:53:38 | 00,000,129 | -HS- | M] () -- c:\$recycle.bin\S-1-5-20\desktop.ini
[2010/01/11 20:10:53 | 00,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2457276182-857627301-3671099424-1000\$IUL0GF3.txt
[2010/01/11 19:58:30 | 00,001,680 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2457276182-857627301-3671099424-1000\$RUL0GF3.txt
[2009/08/17 15:53:28 | 00,000,129 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-2457276182-857627301-3671099424-1000\desktop.ini
[2009/08/17 15:46:29 | 00,000,129 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-2457276182-857627301-3671099424-500\desktop.ini

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< MD5 for: AGP440.SYS >
[2008/03/25 19:53:12 | 00,064,568 | ---- | M] (Microsoft Corporation) MD5=18369BF8FD59C22E4C12ABD2A3A5AB2D -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6000.20800_none_14d4e8ca930556b0\AGP440.sys
[2008/03/24 19:56:03 | 00,064,568 | ---- | M] (Microsoft Corporation) MD5=82EB67122D92A53BBBC33FC731682E10 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.22142_none_1691e66e904a8cec\AGP440.sys
[2008/01/20 18:46:51 | 00,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008/01/20 18:46:51 | 00,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/01/20 18:46:50 | 00,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2008/06/02 21:44:43 | 00,022,584 | ---- | M] (Microsoft Corporation) MD5=35137384FFB6FB4B4C3063CEB5DB34BE -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6000.20847_none_37d5e5fef5f86cf7\atapi.sys
[2008/03/11 22:55:44 | 00,022,584 | ---- | M] (Microsoft Corporation) MD5=5EB9EF6EEC5D873E94992095A1719BF6 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_39c3f1ccf31998cb\atapi.sys
[2008/06/02 20:12:37 | 00,022,584 | ---- | M] (Microsoft Corporation) MD5=B388797CAAB36D523840347CC6A39B96 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.22193_none_398211faf34b271a\atapi.sys
[2009/04/10 23:15:00 | 00,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
[2008/03/11 22:53:06 | 00,022,584 | ---- | M] (Microsoft Corporation) MD5=F988BB0690CD660318037908E9B8DBF7 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_393a5501d9fbf901\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2009/04/10 22:27:20 | 00,643,072 | ---- | M] (Microsoft Corporation) MD5=10761177A6EBE45843F443E99509F5E7 -- C:\Windows\SysWOW64\autochk.exe
[2009/04/10 22:27:20 | 00,643,072 | ---- | M] (Microsoft Corporation) MD5=10761177A6EBE45843F443E99509F5E7 -- C:\Windows\SysWOW64\autochk.exe
[2009/04/10 22:27:20 | 00,643,072 | ---- | M] (Microsoft Corporation) MD5=10761177A6EBE45843F443E99509F5E7 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6002.18005_none_e3df6655bee2ee3b\autochk.exe
[2008/01/20 03:48:00 | 00,642,560 | ---- | M] (Microsoft Corporation) MD5=2FC5BE79B51714B479809358E4908FC3 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6001.18000_none_e1f3ed49c1c122ef\autochk.exe
[2009/04/10 23:09:58 | 00,734,720 | ---- | M] (Microsoft Corporation) MD5=E24D4475713CB382A720D003BDDA9628 -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.0.6002.18005_none_3ffe01d977405f71\autochk.exe
[2008/01/20 03:47:00 | 00,733,696 | ---- | M] (Microsoft Corporation) MD5=F74203F70337352EEABADAE16A05EAEA -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.0.6001.18000_none_3e1288cd7a1e9425\autochk.exe

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 03:16:48 | 00,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006/11/02 01:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 01:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 01:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: EXPLORER.EXE >
[2008/10/28 22:20:29 | 02,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2008/10/28 22:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2008/10/28 22:15:50 | 03,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2008/10/29 19:59:17 | 02,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2009/04/10 23:10:17 | 03,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe
[2009/04/10 23:10:17 | 03,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2008/10/27 18:30:12 | 03,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2008/10/28 22:49:22 | 03,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2009/04/10 22:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009/04/10 22:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009/04/10 22:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2008/10/29 21:30:07 | 03,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2008/10/27 18:15:02 | 02,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2008/01/20 18:48:44 | 03,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008/01/20 18:49:23 | 02,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe

< MD5 for: IASTOR.SYS >
[2008/07/20 16:44:44 | 00,324,120 | ---- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2008/07/20 16:44:54 | 00,402,456 | ---- | M] (Intel Corporation) MD5=FC28E90F2204D8FD147FA9BFA8A51C01 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys

< MD5 for: IASTORV.SYS >
[2008/01/20 18:46:59 | 00,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys

< MD5 for: IMM32.DLL >
[2008/01/20 18:48:44 | 00,163,840 | ---- | M] (Microsoft Corporation) MD5=8D2C00D198598AAE77B1648FFBF39895 -- C:\Windows\winsxs\amd64_microsoft-windows-imm32_31bf3856ad364e35_6.0.6001.18000_none_b874b99a32c86e38\imm32.dll
[2009/04/10 22:26:43 | 00,116,224 | ---- | M] (Microsoft Corporation) MD5=B8FBE5F40B09F5D20E1E5CCFEF893D62 -- C:\Windows\SysWOW64\imm32.dll
[2009/04/10 22:26:43 | 00,116,224 | ---- | M] (Microsoft Corporation) MD5=B8FBE5F40B09F5D20E1E5CCFEF893D62 -- C:\Windows\SysWOW64\imm32.dll
[2009/04/10 22:26:43 | 00,116,224 | ---- | M] (Microsoft Corporation) MD5=B8FBE5F40B09F5D20E1E5CCFEF893D62 -- C:\Windows\winsxs\wow64_microsoft-windows-imm32_31bf3856ad364e35_6.0.6002.18005_none_c4b4dcf8644afb7f\imm32.dll
[2008/01/20 18:49:24 | 00,116,224 | ---- | M] (Microsoft Corporation) MD5=CA3091655E2257B3E3EA86F79A696C56 -- C:\Windows\winsxs\wow64_microsoft-windows-imm32_31bf3856ad364e35_6.0.6001.18000_none_c2c963ec67293033\imm32.dll
[2009/04/10 23:11:15 | 00,163,840 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-imm32_31bf3856ad364e35_6.0.6002.18005_none_ba6032a62fea3984\imm32.dll

< MD5 for: KERNEL32.DLL >
[2009/02/12 23:24:13 | 01,233,920 | ---- | M] (Microsoft Corporation) MD5=08E8EF6A8D18BD1D89896903DCD103D2 -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.21010_none_ee74eaec2aa8523e\kernel32.dll
[2008/01/20 18:48:14 | 01,213,952 | ---- | M] (Microsoft Corporation) MD5=1122C8BE4BC4F392598A9543DC1014E0 -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18000_none_efdc80c50ea8f9e4\kernel32.dll
[2009/02/12 23:47:27 | 01,233,408 | ---- | M] (Microsoft Corporation) MD5=1A5CE3CDE414ED758D4E1616F422C20B -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.16820_none_ede0a61311929b23\kernel32.dll
[2009/02/13 00:19:50 | 00,858,112 | ---- | M] (Microsoft Corporation) MD5=1B5BE39A927C36B3162ADA23B6CA001E -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.22376_none_fa751df65c5ab198\kernel32.dll
[2009/02/13 00:54:16 | 01,210,880 | ---- | M] (Microsoft Corporation) MD5=2EEE45C483BA534A84CACC9D8001FE0E -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.22376_none_f02073a427f9ef9d\kernel32.dll
[2009/02/12 23:16:20 | 00,841,216 | ---- | M] (Microsoft Corporation) MD5=4118366CDDA655F8AEDB20CD03DEBAE9 -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.21010_none_f8c9953e5f091439\kernel32.dll
[2009/02/12 23:25:34 | 00,840,704 | ---- | M] (Microsoft Corporation) MD5=444A00544B4EDFEDD8FCCD281EDE3ED4 -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.16820_none_f835506545f35d1e\kernel32.dll
[2008/01/20 18:48:58 | 00,855,552 | ---- | M] (Microsoft Corporation) MD5=799EEDF377F3B72DB30192AD9FD3C7F3 -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18000_none_fa312b174309bbdf\kernel32.dll
[2009/02/13 00:57:39 | 01,208,832 | ---- | M] (Microsoft Corporation) MD5=8331C9E592358DE5157169699BD836D7 -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18215_none_efd6b6170eac8ed6\kernel32.dll
[2009/04/10 22:26:44 | 00,858,112 | ---- | M] (Microsoft Corporation) MD5=A5830F679B5B38AE9700A72087178745 -- C:\Windows\SysWOW64\kernel32.dll
[2009/04/10 22:26:44 | 00,858,112 | ---- | M] (Microsoft Corporation) MD5=A5830F679B5B38AE9700A72087178745 -- C:\Windows\SysWOW64\kernel32.dll
[2009/04/10 22:26:44 | 00,858,112 | ---- | M] (Microsoft Corporation) MD5=A5830F679B5B38AE9700A72087178745 -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6002.18005_none_fc1ca423402b872b\kernel32.dll
[2009/02/13 00:47:47 | 00,855,552 | ---- | M] (Microsoft Corporation) MD5=D4902D1DC60CB71197EFE4474A582841 -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18215_none_fa2b6069430d50d1\kernel32.dll
[2009/04/10 23:11:15 | 01,217,536 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6002.18005_none_f1c7f9d10bcac530\kernel32.dll

< MD5 for: MSWSOCK.DLL >
[2008/01/20 18:50:56 | 00,304,128 | ---- | M] (Microsoft Corporation) MD5=66306D7E90650EBE667811C1AF010BAC -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6001.18000_none_1471f289e5a92fc4\mswsock.dll
[2009/04/10 22:28:22 | 00,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\SysWOW64\mswsock.dll
[2009/04/10 22:28:22 | 00,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\SysWOW64\mswsock.dll
[2009/04/10 22:28:22 | 00,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6002.18005_none_ba3ed0122a6d89da\mswsock.dll
[2008/01/20 18:48:39 | 00,223,232 | ---- | M] (Microsoft Corporation) MD5=89FD0595EEA4E505CABEFCF7008F2612 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6001.18000_none_b85357062d4bbe8e\mswsock.dll
[2009/04/10 23:11:16 | 00,304,128 | ---- | M] (Microsoft Corporation) MD5=BB08D93011B82883EC33C7707A9627BE -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6002.18005_none_165d6b95e2cafb10\mswsock.dll

< MD5 for: NDIS.SYS >
[2008/01/20 18:50:38 | 00,739,384 | ---- | M] (Microsoft Corporation) MD5=2A2EE457AF36C5C9A6808C768BD3A12B -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.18000_none_03e5c74ad46c7e4e\ndis.sys
[2009/04/10 23:15:34 | 00,738,264 | ---- | M] (Microsoft Corporation) MD5=65950E07329FCEE8E6516B17C8D0ABB6 -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.0.6002.18005_none_05d14056d18e499a\ndis.sys

< MD5 for: NETLOGON.DLL >
[2008/01/20 18:51:03 | 00,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2009/04/10 22:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll
[2009/04/10 22:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll
[2009/04/10 22:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009/04/10 23:11:16 | 00,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2008/01/20 18:48:28 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll

< MD5 for: NTFS.SYS >
[2009/04/10 23:15:34 | 01,515,496 | ---- | M] (Microsoft Corporation) MD5=BAC869DFB98E499BA4D9BB1FB43270E1 -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6002.18005_none_047b3e4cd26ad615\ntfs.sys
[2008/01/20 18:50:39 | 01,540,152 | ---- | M] (Microsoft Corporation) MD5=FE86BA5AC3B50E2CA911E9C60C07B638 -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6001.18000_none_028fc540d5490ac9\ntfs.sys

< MD5 for: NTMSSVC.DLL >
[2008/01/20 18:52:05 | 00,521,216 | ---- | M] (Microsoft Corporation) MD5=96E310EC2BB1FC55FA4D32839AA990A2 -- C:\Windows\winsxs\amd64_microsoft-windows-r..emanagement-service_31bf3856ad364e35_6.0.6001.18000_none_6a5ccd73c670213d\ntmssvc.dll

< MD5 for: NVSTOR.SYS >
[2008/01/20 18:46:54 | 00,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys

< MD5 for: PROQUOTA.EXE >
[2006/11/02 03:16:03 | 00,031,232 | ---- | M] (Microsoft Corporation) MD5=98559F204D7547D50176CEE965B623A1 -- C:\Windows\winsxs\amd64_microsoft-windows-proquota_31bf3856ad364e35_6.0.6000.16386_none_81aed15f4dd7884b\proquota.exe
[2006/11/02 01:45:33 | 00,027,648 | ---- | M] (Microsoft Corporation) MD5=C31AE90F24870B9A51655C36A9EB4BF3 -- C:\Windows\SysWOW64\proquota.exe
[2006/11/02 01:45:33 | 00,027,648 | ---- | M] (Microsoft Corporation) MD5=C31AE90F24870B9A51655C36A9EB4BF3 -- C:\Windows\SysWOW64\proquota.exe
[2006/11/02 01:45:33 | 00,027,648 | ---- | M] (Microsoft Corporation) MD5=C31AE90F24870B9A51655C36A9EB4BF3 -- C:\Windows\winsxs\x86_microsoft-windows-proquota_31bf3856ad364e35_6.0.6000.16386_none_259035db957a1715\proquota.exe

< MD5 for: QMGR.DLL >
[2009/04/10 23:11:22 | 01,081,856 | ---- | M] (Microsoft Corporation) MD5=6D316F4859634071CC25C4FD4589AD2C -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6002.18005_none_819ad97caef1480e\qmgr.dll
[2008/01/20 18:50:12 | 01,082,368 | ---- | M] (Microsoft Corporation) MD5=D896A0D43F8AB81ECB1FC6C24DECFD58 -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6001.18000_none_7faf6070b1cf7cc2\qmgr.dll

< MD5 for: SCECLI.DLL >
[2008/01/20 18:50:28 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2008/01/20 18:49:49 | 00,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2009/04/10 22:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll
[2009/04/10 22:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll
[2009/04/10 22:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009/04/10 23:11:23 | 00,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll

< MD5 for: SPOOLSV.EXE >
[2008/01/20 18:49:35 | 00,267,264 | ---- | M] (Microsoft Corporation) MD5=E6519A9E756D74DC51C697BA62162F51 -- C:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6001.18000_none_326a3ea579e6364c\spoolsv.exe
[2009/04/10 23:10:56 | 00,268,288 | ---- | M] (Microsoft Corporation) MD5=EADA445EAEDD1D7DF4C5EB42B3612729 -- C:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6002.18005_none_3455b7b177080198\spoolsv.exe

< MD5 for: SVCHOST.EXE >
[2008/01/20 18:48:05 | 00,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\SysWOW64\svchost.exe
[2008/01/20 18:48:05 | 00,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\SysWOW64\svchost.exe
[2008/01/20 18:48:05 | 00,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2008/01/20 18:50:24 | 00,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_11d9f524bdab2f1b\svchost.exe

< MD5 for: TERMSRV.DLL >
[2009/04/10 23:11:26 | 00,547,328 | ---- | M] (Microsoft Corporation) MD5=5CDD30BC217082DAC71A9878D9BFD566 -- C:\Windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.0.6002.18005_none_eca9565809c353e4\termsrv.dll
[2008/01/20 18:48:12 | 00,546,816 | ---- | M] (Microsoft Corporation) MD5=F870A5589D6A94B426EFB13689023946 -- C:\Windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.0.6001.18000_none_eabddd4c0ca18898\termsrv.dll

< MD5 for: USERINIT.EXE >
[2008/01/20 18:50:36 | 00,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008/01/20 18:50:36 | 00,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008/01/20 18:50:36 | 00,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008/01/20 18:49:46 | 00,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe

1wiseguy · 13 Re: Computer infected with Packed.Delf.Crypt. on Tue Jan 12, 2010 10:23 am

1wiseguy

Member
Member

(OTL PART 6)

< MD5 for: WS2_32.DLL >
[2008/01/20 18:49:45 | 00,265,216 | ---- | M] (Microsoft Corporation) MD5=63944ECFE4878C1C4889689324CABFAB -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6001.18000_none_4ed64c4686b376fa\ws2_32.dll
[2008/01/20 18:50:35 | 00,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\Windows\SysWOW64\ws2_32.dll
[2008/01/20 18:50:35 | 00,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\Windows\SysWOW64\ws2_32.dll
[2008/01/20 18:50:35 | 00,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6001.18000_none_f2b7b0c2ce5605c4\ws2_32.dll
[2008/01/20 18:50:35 | 00,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6002.18005_none_f4a329cecb77d110\ws2_32.dll
[2009/04/10 23:11:31 | 00,264,704 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6002.18005_none_50c1c55283d54246\ws2_32.dll

< %systemroot%\system32\*.dll /lockedfiles >
[2009/12/01 13:10:30 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\cmstplua3232.dll
[2009/12/01 12:20:12 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\cmutil3232.dll
[2009/12/01 13:08:32 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\cmutil323232.dll
[2009/12/01 11:02:18 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\cngaudit32.dll
[2009/12/01 11:18:06 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\cngaudit3232.dll
[2009/12/01 12:35:01 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\cngaudit323232.dll
[2009/12/01 13:00:37 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\cngaudit32323232.dll
[2009/12/01 13:11:32 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\cngaudit3232323232.dll
[2009/12/01 13:11:33 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\cnvfat3232.dll
[2009/12/01 12:13:19 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\colbact3232.dll
[2009/12/01 12:21:14 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\colbact323232.dll
[2009/12/01 12:37:01 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\colbact32323232.dll
[2009/12/01 13:12:34 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\colbact3232323232.dll
[2009/12/01 11:03:18 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\COLORCNV32.dll
[2009/12/01 12:25:12 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\COLORCNV3232.dll
[2009/12/01 13:00:40 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\COLORCNV323232.dll
[2009/12/01 13:01:40 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\COLORCNV32323232.dll
[2009/12/01 13:02:40 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\COLORCNV3232323232.dll
[2009/12/01 13:12:36 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\COLORCNV323232323232.dll
[2009/12/01 12:34:05 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\colorui32.dll
[2009/12/01 13:01:41 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\colorui3232.dll
[2009/12/01 11:04:18 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\comcat32.dll
[2009/12/01 12:11:22 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\comcat3232.dll
[2009/12/01 13:02:42 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\comcat323232.dll
[2009/12/01 12:22:16 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\comctl323232.dll
[2009/12/01 11:18:09 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\comdlg3232.dll
[2009/12/01 12:29:12 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\comdlg323232.dll
[2009/12/01 12:26:15 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\CompatUI3232.dll
[2009/12/01 12:35:08 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\CompatUI323232.dll
[2009/12/01 13:03:45 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\CompatUI32323232.dll
[2009/12/01 13:13:41 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\CompatUI3232323232.dll
[2009/12/01 12:17:21 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\compobj3232.dll
[2009/12/01 12:31:12 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\compobj323232.dll
[2009/12/01 12:38:07 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\compobj32323232.dll
[2009/12/01 12:38:08 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\compstui3232.dll
[2009/12/01 12:00:30 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\comrepl3232.dll
[2009/12/01 12:01:30 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\comrepl323232.dll
[2009/12/01 11:05:20 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\comres32.dll
[2009/12/01 11:19:11 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\comres3232.dll
[2009/12/01 12:01:31 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\comres323232.dll
[2009/12/01 12:02:31 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\comres32323232.dll
[2009/12/01 12:18:24 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\comres3232323232.dll
[2009/12/01 12:32:15 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\comres323232323232.dll
[2009/12/01 13:06:50 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\comres32323232323232.dll
[2009/12/01 12:23:22 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\comsnap3232.dll
[2009/12/01 12:27:20 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\comsnap323232.dll
[2009/12/01 12:30:18 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\comsnap32323232.dll
[2009/12/01 12:40:11 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\comsnap3232323232.dll
[2009/12/01 13:03:53 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\comsnap323232323232.dll
[2009/12/01 13:04:53 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\comsnap32323232323232.dll
[2009/12/01 11:02:23 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\comsvcs32.dll
[2009/12/01 12:03:32 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\comsvcs3232.dll
[2009/12/01 12:19:25 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\comsvcs323232.dll
[2009/12/01 12:28:21 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\comsvcs32323232.dll
[2009/12/01 12:42:11 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\comsvcs3232323232.dll
[2009/12/01 13:04:55 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\comsvcs323232323232.dll
[2009/12/01 13:13:52 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\comsvcs32323232323232.dll
[2009/12/01 11:06:21 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\comuid3232.dll
[2009/12/01 11:20:12 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\comuid323232.dll
[2009/12/01 12:04:33 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\comuid32323232.dll
[2009/12/01 12:05:33 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\comuid3232323232.dll
[2009/12/01 12:06:33 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\comuid323232323232.dll
[2009/12/01 12:33:20 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\comuid32323232323232.dll
[2009/12/01 12:39:16 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\comuid3232323232323232.dll
[2009/12/01 12:43:13 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\comuid323232323232323232.dll
[2009/12/01 13:05:58 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\comuid32323232323232323232.dll
[2009/12/01 13:07:58 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\comuid3232323232323232323232.dll
[2009/12/01 13:14:55 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\comuid323232323232323232323232.dll
[2009/12/01 12:16:29 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\connect32.dll
[2009/12/01 12:31:22 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\connect3232.dll
[2009/12/01 12:36:19 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\connect323232.dll
[2009/12/01 12:40:17 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\connect32323232.dll
[2009/12/01 13:09:59 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\connect3232323232.dll
[2009/12/01 13:10:59 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\connect323232323232.dll
[2009/12/01 12:29:24 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\console3232.dll
[2009/12/01 12:41:17 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\console323232.dll
[2009/12/01 12:45:14 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\console32323232.dll
[2009/12/01 11:21:13 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\corpol3232.dll
[2009/12/01 12:20:29 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\corpol323232.dll
[2009/12/01 12:42:18 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\corpol32323232.dll
[2009/12/01 12:45:16 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\corpol3232323232.dll
[2009/12/01 12:07:35 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\credssp32.dll
[2009/12/01 12:12:33 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\credssp3232.dll
[2009/12/01 12:13:33 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\credssp323232.dll
[2009/12/01 12:21:30 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\credssp32323232.dll
[2009/12/01 12:22:30 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\credssp3232323232.dll
[2009/12/01 12:47:16 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\credssp323232323232.dll
[2009/12/01 11:04:24 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\credui32.dll
[2009/12/01 12:24:30 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\credui3232.dll
[2009/12/01 12:02:37 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\crtdll3232.dll
[2009/12/01 12:03:37 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\crtdll323232.dll
[2009/12/01 12:25:31 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\crtdll32323232.dll
[2009/12/01 12:26:31 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\crtdll3232323232.dll
[2009/12/01 12:36:26 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\crtdll323232323232.dll
[2009/12/01 13:21:59 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\crtdll32323232323232.dll
[2009/12/01 12:04:38 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\crypt323232.dll
[2009/12/01 12:05:38 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\crypt32323232.dll
[2009/12/01 12:08:38 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\crypt3232323232.dll
[2009/12/01 12:17:35 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\crypt323232323232.dll
[2009/12/01 12:32:30 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\crypt32323232323232.dll
[2009/12/01 12:37:28 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\crypt3232323232323232.dll
[2009/12/01 12:39:27 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\crypt323232323232323232.dll
[2009/12/01 12:46:23 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\crypt32323232323232323232.dll
[2009/12/01 12:09:38 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\cryptdlg32.dll
[2009/12/01 12:34:30 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\cryptdlg3232.dll
[2009/12/01 11:08:23 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\cryptdll32.dll
[2009/12/01 12:27:34 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\cryptdll3232.dll
[2009/12/01 12:43:27 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\cryptdll323232.dll
[2009/12/01 11:06:25 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\cryptext32.dll
[2009/12/01 11:22:16 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\cryptext3232.dll
[2009/12/01 12:18:37 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\cryptext323232.dll
[2009/12/01 12:23:36 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\cryptext32323232.dll
[2009/12/01 12:33:33 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\cryptext3232323232.dll
[2009/12/01 12:37:32 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\cryptext323232323232.dll
[2009/12/01 11:09:23 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\cryptnet32.dll
[2009/12/01 11:22:17 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\cryptnet3232.dll
[2009/12/01 12:06:41 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\cryptnet323232.dll
[2009/12/01 12:35:34 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\cryptnet32323232.dll
[2009/12/01 12:44:30 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\cryptnet3232323232.dll
[2009/12/01 12:10:41 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\cryptsvc32.dll
[2009/12/01 12:11:41 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\cryptsvc3232.dll
[2009/12/01 12:12:42 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\cryptsvc323232.dll
[2009/12/01 12:41:33 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\cryptsvc32323232.dll
[2009/12/01 12:44:32 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\cryptsvc3232323232.dll
[2009/12/01 12:46:31 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\cryptsvc323232323232.dll
[2009/12/01 12:19:40 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\cryptui3232.dll
[2009/12/01 11:28:12 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\cscapi32.dll
[2009/12/01 12:14:42 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\cscapi3232.dll
[2009/12/01 12:15:42 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\cscapi323232.dll
[2009/12/01 12:28:40 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\cscapi32323232.dll
[2009/12/01 12:34:38 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\cscapi3232323232.dll
[2009/12/01 12:35:38 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\cscapi323232323232.dll
[2009/12/01 11:10:24 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\cscdll3232.dll
[2009/12/01 11:23:18 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\cscdll323232.dll
[2009/12/01 12:08:44 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\cscdll32323232.dll
[2009/12/01 12:24:42 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\cscdll3232323232.dll
[2009/12/01 12:30:41 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\cscdll323232323232.dll
[2009/12/01 12:47:36 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\cscdll32323232323232.dll
[2009/12/01 13:38:59 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\cscdll3232323232323232.dll
[2009/12/01 11:11:24 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\CSVer32.dll
[2009/12/01 11:23:19 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\CSVer3232.dll
[2009/12/01 12:20:44 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\ctl3d3232.dll
[2009/12/01 12:25:44 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\ctl3d323232.dll
[2009/12/01 12:48:37 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\ctl3d32323232.dll
[2009/12/01 11:29:14 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\CTL3DV232.dll
[2009/12/01 12:09:46 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\CTL3DV23232.dll
[2009/12/01 12:21:45 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\CTL3DV2323232.dll
[2009/12/01 12:31:44 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\CTL3DV232323232.dll
[2009/12/01 12:38:43 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\CTL3DV23232323232.dll
[2009/12/01 12:42:42 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\CTL3DV2323232323232.dll
[2009/12/01 11:08:27 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\C_G1803032.dll
[2009/12/01 11:29:15 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\C_G180303232.dll
[2009/12/01 11:12:25 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\C_IS202232.dll
[2009/12/01 11:24:20 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\C_IS20223232.dll
[2009/12/01 12:26:47 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\C_IS2022323232.dll
[2009/12/01 12:29:47 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\C_IS202232323232.dll
[2009/12/01 12:38:46 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\C_IS20223232323232.dll
[2009/12/01 12:39:46 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\C_ISCII32.dll
[2009/12/01 12:40:46 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\C_ISCII3232.dll
[2009/12/01 12:22:48 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\d3d103232.dll
[2009/12/01 12:30:48 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\d3d10323232.dll
[2009/12/01 12:32:48 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\d3d1032323232.dll
[2009/12/01 12:40:48 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\d3d103232323232.dll
[2009/12/01 12:48:45 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\d3d10323232323232.dll
[2009/12/01 12:41:48 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\d3d10core32.dll
[2009/12/01 12:43:48 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\d3d10core3232.dll
[2009/12/01 11:09:28 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\d3d10_132.dll
[2009/12/01 11:30:17 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\d3d10_13232.dll
[2009/12/01 12:13:50 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\d3d10_1323232.dll
[2009/12/01 12:27:50 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\d3d10_132323232.dll
[2009/12/01 12:33:50 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\d3d10_13232323232.dll
[2009/12/01 12:36:50 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\d3d10_1323232323232.dll
[2009/12/01 12:16:50 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\d3d10_1core32.dll
[2009/12/01 12:28:51 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\d3d10_1core3232.dll
[2009/12/01 11:30:18 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\d3d832.dll
[2009/12/01 12:17:51 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\d3d83232.dll
[2009/12/01 12:31:52 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\d3d8323232.dll
[2009/12/01 12:47:51 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\d3d832323232.dll
[2009/12/01 12:49:50 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\d3d83232323232.dll
[2009/12/01 11:31:18 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\d3d8thk3232.dll
[2009/12/01 12:10:52 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\d3d8thk323232.dll
[2009/12/01 12:45:53 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\d3d8thk32323232.dll
[2009/12/01 12:46:54 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\d3d8thk3232323232.dll
[2009/12/01 12:49:52 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\d3d8thk323232323232.dll
[2009/12/01 11:10:29 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\d3d932.dll
[2009/12/01 11:25:23 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\d3d93232.dll
[2009/12/01 12:50:53 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\d3dim3232.dll
[2009/12/01 12:11:54 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\d3dim70032.dll
[2009/12/01 13:59:59 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\d3dim7003232.dll
[2009/12/01 12:14:55 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\d3dramp3232.dll
[2009/12/01 12:18:55 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\d3dramp323232.dll
[2009/12/01 12:43:57 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\d3dramp32323232.dll
[2009/12/01 12:45:57 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\d3dramp3232323232.dll
[2009/12/01 11:11:30 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\d3dx9_3232.dll
[2009/12/01 11:12:30 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\d3dx9_323232.dll
[2009/12/01 11:31:21 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\d3dx9_32323232.dll
[2009/12/01 12:23:57 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\d3dx9_3232323232.dll
[2009/12/01 12:29:58 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\d3dx9_323232323232.dll
[2009/12/01 12:15:57 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\d3dxof3232.dll
[2009/12/01 11:14:31 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\davclnt3232.dll
[2009/12/01 11:26:27 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\dbghelp3232.dll
[2009/12/01 12:52:59 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\dbghelp323232.dll
[2009/12/01 11:26:28 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\dbnetlib3232.dll
[2009/12/01 12:54:59 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\dbnmpntw3232.dll
[2009/12/01 11:33:25 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\dciman32323232.dll
[2009/12/01 11:33:27 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\ddrawex3232.dll
[2009/12/01 11:34:27 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\deskadp3232.dll
[2009/12/01 11:17:35 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\deskperf3232.dll
[2009/12/01 11:18:36 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\devmgr3232.dll
[2009/12/01 11:34:30 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\dfrgifps32.dll
[2009/12/01 11:35:30 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\dfshim32.dll
[2009/12/01 11:36:31 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\DHCPQEC32.dll
[2009/12/01 11:36:32 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\dhcpsapi3232.dll
[2009/12/01 11:37:32 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\difxapi32.dll
[2009/12/01 11:19:40 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\dimsroam32.dll
[2009/12/01 11:37:33 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\dimsroam3232.dll
[2009/12/01 11:38:35 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\dmband3232.dll
[2009/12/01 11:39:37 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\dmdskres232.dll
[2009/12/01 11:21:45 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\dmintf3232.dll
[2009/12/01 11:40:38 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\dmloader3232.dll
[2009/12/01 11:29:44 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\dmscript323232.dll
[2009/12/01 11:40:40 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\dmscript32323232.dll
[2009/12/01 11:41:40 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\dmstyle323232.dll
[2009/12/01 11:23:48 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\dmusic3232.dll
[2009/12/01 11:22:49 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\dmvdsitf32.dll
[2009/12/01 11:41:43 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\dmvdsitf3232.dll
[2009/12/01 11:30:48 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\dnshc32.dll
[2009/12/01 11:31:48 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\dnshc3232.dll
[2009/12/01 11:24:50 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\docprop3232.dll
[2009/12/01 11:42:45 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\dot3api3232.dll
[2009/12/01 11:23:51 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\dot3cfg32.dll
[2009/12/01 11:42:46 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\dot3cfg3232.dll
[2009/12/01 11:06:51 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\dot3dlg32.dll
[2009/12/01 11:24:52 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\dot3dlg3232.dll
[2009/12/01 11:30:51 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\dot3dlg323232.dll
[2009/12/01 11:00:52 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\dot3gpclnt32.dll
[2009/12/01 11:31:52 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\dot3gpclnt3232.dll
[2009/12/01 11:01:53 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\dot3msm32.dll
[2009/12/01 11:02:53 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\dot3msm3232.dll
[2009/12/01 11:07:53 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\dot3ui32.dll
[2009/12/01 11:08:53 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\dot3ui3232.dll
[2009/12/01 11:04:54 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\dplayx3232.dll
[2009/12/01 11:33:55 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\dplayx323232.dll
[2009/12/01 11:10:54 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\dpmodemx3232.dll
[2009/12/01 11:26:57 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\dpnaddr323232.dll
[2009/12/01 11:34:57 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\dpnaddr32323232.dll
[2009/12/01 11:43:53 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\dpnaddr3232323232.dll
[2009/12/01 11:11:55 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\dpnathlp32.dll
[2009/12/01 11:25:58 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\dpnathlp3232.dll
[2009/12/01 11:27:59 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\dpnhpast323232.dll
[2009/12/01 11:43:56 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\dpnhpast32323232.dll
[2009/12/01 11:44:56 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\dpnlobby3232.dll
[2009/12/01 11:44:57 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\dpx32.dll
[2009/12/01 11:08:58 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\drmmgrtn32.dll
[2009/12/01 11:45:57 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\drmmgrtn3232.dll
[2009/12/01 11:52:59 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\dxgi32.dll
[2009/12/01 11:54:59 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\dxva232.dll
[2009/12/01 11:55:59 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\eappcfg32.dll
[2009/12/01 10:47:17 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\eappgnui32.dll
[2009/12/01 11:56:59 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\eapphost32.dll
[2009/12/01 10:48:17 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\eappprxy32.dll
[2009/12/01 11:57:59 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\eappprxy3232.dll
[2009/12/01 11:58:59 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\EBAPI32.dll
[2009/12/01 10:49:17 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\EBLib32.dll
[2009/12/01 11:59:59 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\EBLib3232.dll
[2009/12/01 10:51:18 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\encapi32.dll
[2009/12/01 10:52:18 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\EpPicPrt32.dll
[2009/12/01 10:57:16 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\evr32.dll
[2009/12/01 10:58:17 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\f3ahvoas3232.dll
[2009/12/01 10:56:20 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\fdProxy32.dll
[2009/12/01 10:57:20 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\fdWCN32.dll
[2009/12/01 10:58:20 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\fdWNet32.dll
[2009/12/01 10:59:21 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\findnetprinters32.dll
[2009/12/01 10:50:48 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\iertutil32.dll
[2009/12/01 10:55:46 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\iesysprep32.dll
[2009/12/01 10:56:46 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\iesysprep3232.dll
[2009/12/01 10:57:46 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\iesysprep323232.dll
[2009/12/01 10:52:48 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\ieui32.dll
[2009/12/01 10:58:47 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\ifsutil32.dll
[2009/12/01 10:59:47 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\ifsutil3232.dll
[2009/12/01 10:53:49 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\ifxcardm32.dll
[2009/12/01 10:55:49 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\imagehlp3232.dll
[2009/12/01 10:56:50 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\imagesp132.dll
[2009/12/01 10:57:50 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\imagesp13232.dll
[2009/12/01 10:58:51 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\imapi232.dll
[2009/12/01 10:59:52 | 00,122,368 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\IMJP10K32.dll
[2009/09/10 08:49:49 | 10,626,560 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\wmp.dll

< %systemroot%\Tasks\*.job /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 158 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:A8ADE5D8
< End of report >

1wiseguy · 14 Re: Computer infected with Packed.Delf.Crypt. on Tue Jan 12, 2010 10:25 am

1wiseguy

Member
Member

NOW THE OTL EXTRAS.TXT REPORT....

OTL Extras logfile created on: 1/12/2010 5:25:54 AM - Run 1
OTL by OldTimer - Version 3.1.24.0 Folder = C:\Users\John\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 35.00% Memory free
8.00 Gb Paging File | 5.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.88 Gb Total Space | 34.77 Gb Free Space | 12.16% Space Free | Partition Type: NTFS
Drive D: | 688.58 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JOHN-LAPTOP
Current User Name: John
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 36 97 8F 16 ED 78 CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02687A58-F38C-478A-A7FA-A8499C77BE09}" = lport=137 | protocol=17 | dir=in | app=system |
"{05868998-8489-4E1B-9673-519630848F1A}" = rport=138 | protocol=17 | dir=out | app=system |
"{1AC894AF-F995-4CC3-9D80-E0EE2FDC39AE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1AC9C727-028D-4D41-922F-A238A4D61CEB}" = lport=445 | protocol=6 | dir=in | app=system |
"{1F656EF9-3F9E-45A0-B3D5-1E5E6F5C0241}" = rport=137 | protocol=17 | dir=out | app=system |
"{45FF20B2-5CE9-423D-9996-374C7C676BD1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4A402DD3-6E31-4B6A-8060-A5C52037B590}" = rport=139 | protocol=6 | dir=out | app=system |
"{4C838323-D678-4E26-BC17-DE537C317031}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{542CFA33-8809-43AE-BA9F-477A4013E40F}" = rport=10243 | protocol=6 | dir=out | app=system |
"{5BC92A12-B964-46C4-BF37-D2454C9FABC9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5C90714E-FF4E-4BB0-A5EB-F5508662EEAE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7A669BC7-FD13-4280-9454-4593952F1493}" = lport=10243 | protocol=6 | dir=in | app=system |
"{86DBB152-9C8C-44A3-A41B-0EBD5B93D429}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{908064F8-3F49-4099-B48D-887299C24C2B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{9641B4FA-2762-4629-BE83-49A7DB3786A2}" = lport=139 | protocol=6 | dir=in | app=system |
"{A6AF7C6A-B8A7-4F90-8519-EB0FF41D7846}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B01DC153-6619-4FE7-ADBC-F2C4ED92F25B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B57D88BD-9DE8-413F-9010-25F802C182E7}" = lport=138 | protocol=17 | dir=in | app=system |
"{ECB92B64-703F-43C4-9876-6997112F3C20}" = rport=445 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0008AB71-055D-4904-A9CE-31E1F1B47B9D}" = dir=in | app=c:\program files (x86)\cyberlink\powercinema for toshiba\powercinema.exe |
"{01AD5B47-E6E6-40C9-9578-FB3E0A49EBE7}" = protocol=6 | dir=in | app=%systemroot%\explorer.exe |
"{0C5BECBF-B123-455D-A8A7-33E84A439D89}" = protocol=17 | dir=in | app=c:\program files (x86)\epsonnet\epsonnet setup\tool09\eneasyapp.exe |
"{10EAB1CD-EF60-44D6-900D-87A34C6BFDC7}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{111207DC-E755-41B3-B350-4659E39777C1}" = dir=in | app=c:\program files (x86)\cyberlink\powercinema for toshiba\kernel\dms\clmsservice.exe |
"{1AEC875F-8A80-4C0F-8F71-7E26D13F6C02}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{21AF8426-3BE4-44A6-99DC-74B33C288685}" = protocol=6 | dir=out | app=%systemroot%\explorer.exe |
"{227043EC-CD6C-4755-A4BD-0D7858A9A2A7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{349CAE9D-6569-4000-B7F2-F3FFE82EF6F6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{415F79CB-6650-4D4A-A17A-EB055870AB2A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{42F56E87-818A-43E4-930B-32C461F0B980}" = protocol=6 | dir=out | app=%systemroot%\explorer.exe |
"{467AB63D-2DCE-4234-9A40-6C526020E4F3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{55A72765-FA31-4B96-932C-F8434E23B3D2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{62035667-8A8D-496E-9AF5-742E4E030332}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{64AFE07E-29A7-455B-B1E0-554CE0A080A5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6EE91529-6501-4FB7-A05A-39C65AD4D238}" = protocol=6 | dir=in | app=%systemroot%\explorer.exe |
"{77B00A35-E853-4589-86A3-B8EEE26313F3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{7E5E7249-858B-4E2E-94DF-2AB90D011CDD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{87800B39-B2BA-413A-ACF0-FD26F946BDBF}" = dir=in | app=c:\program files (x86)\avg\avg8\avgemc.exe |
"{8FAD4CF3-BEE1-45F6-8322-61F9E2A4ED96}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9191655E-9F69-41E5-BDD5-F6438892048E}" = dir=in | app=c:\program files (x86)\avg\avg8\avgam.exe |
"{9FB8AFE7-1B82-4AB2-8001-EE31C7AFA618}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B352FEF8-F698-40F0-97B9-BC4B2D33965D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B43FE1EB-4EF0-497B-9C7F-AE76A5851F13}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BACC7C46-8F2F-4E0A-8DF9-69D3A29F0D96}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BBE84074-0936-4E67-992B-2D859F99570B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BDB6BD7F-5084-4A70-AE6A-88317095B816}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BFF12C15-ABEA-4425-8DF0-07ECFD3E96BF}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{CBD42561-04DE-4936-A16D-E2450A41B2C5}" = dir=in | app=c:\program files (x86)\avg\avg8\avgnsa.exe |
"{CBFE1966-69CA-4B88-9F9F-3F38B541E5A8}" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"{D11824AB-A564-4D36-A661-948DE2E175DC}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DFAA621E-8A9F-47A1-989D-725F5CF13D19}" = protocol=6 | dir=out | app=system |
"{E0287BA1-7CBB-4FE7-B1F4-3105F29B4C37}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E485ADC4-9CB9-4AC5-BD92-0C7F67F609EE}" = dir=in | app=c:\program files (x86)\cyberlink\powercinema for toshiba\pcmservice.exe |
"{E9D9CC51-0569-44DB-AF1C-9DD9FA96F68C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{F2AFFD54-2F4B-4077-97C0-4587905BC044}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F3E68CB1-F6E4-4C01-A83A-60EB4F4CA83F}" = protocol=6 | dir=in | app=c:\program files (x86)\epsonnet\epsonnet setup\tool09\eneasyapp.exe |
"{F534FA55-0682-4DAB-9D4E-AE2B43CF4C8B}" = dir=in | app=c:\program files (x86)\avg\avg8\avgupd.exe |
"{F6227508-8B69-4298-BE2F-A6F03245DF6E}" = dir=in | app=c:\program files (x86)\cyberlink\powercinema for toshiba\kernel\dmp\clbrowserengine.exe |
"{FF0B95AF-223D-4434-8386-9208476256B6}" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"{FF95DC70-B2FC-4293-B1D3-76AF07B3C6B0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"TCP Query User{A6D93B0F-85B7-4C46-BAB6-E379D005F553}C:\program files (x86)\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"TCP Query User{BF38E3F9-A044-466C-8654-BB235104E2A7}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{DED20248-B54A-4177-9D08-18F149FFB0C7}C:\program files (x86)\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"UDP Query User{E7B75B4C-91E0-45DC-BED9-5CE8292AF219}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1F8E2B4C-BAD5-4F40-A95C-4EEFE4A994F3}" = Dolby Control Center
"{26921B2E-3E62-47F9-A514-1FC4A83BD738}" = Intel(R) PROSet/Wireless WiFi Software
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{86B5E5AF-3D50-4979-9C81-687C1B3C586D}" = TOSHIBA WUSB
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"EPSON WorkForce 610 Series" = EPSON WorkForce 610 Series Printer Uninstall
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Drivers" = NVIDIA Drivers
"ProInst" = Intel PROSet Wireless

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{01A1A019-E1D8-482A-BE17-5E118D17C0A0}" = ArcSoft Print Creations - Brochures & Flyers
"{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{03CE1BCB-03F5-4C6A-B37E-69799AA3C544}" = SpyHunter
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.3
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = Toshiba Assist
"{21526716-DFD8-4B90-86D9-EF9F47057B3E}" = Toshiba Resources Page
"{224821ED-CADA-4A8A-AC8D-3734CC0F0931}" = Amazon Links
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = CyberLink PowerCinema for TOSHIBA
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4C3F3228-13BE-41D0-A782-3DDE7CB2479A}" = CD/DVD Drive Acoustic Silencer
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}" = DesignPro 5.4 Limited Edition
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73CD9967-000C-49C6-A900-C87D5B2D253F}" = Presto! PageManager 8.15.01 SE
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{890EF3F8-742F-46BD-9E8E-084B3A1F4364}" = QuickBooks Financial Center
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E9DB7EF-5DD3-499E-BA2A-A1F3153A4DF8}" = Adobe Flash Player 9 ActiveX
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = Toshiba Application Installer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{BC66FD90-7BF4-4026-8119-04161D02A2F3}" = ArcSoft Print Creations
"{BF5A20B4-55F7-49B8-9302-FAC7C459AF3D}" = Skype Launcher
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C485E390-78F5-4D5B-B56A-20A4C59B022A}" = FM Tuner Utility
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D16A31F9-276D-4968-A753-FFEAC56995D0}" = Epson Print CD
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F19F7B24-AAD4-4236-8475-5335483DA676}" = Avery Wizard 3.1
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F751C062-87DA-4D33-8A12-6E7F1D4C051C}" = Netflix in Windows Media Center
"{FBD4A73E-1479-142D-181A-790551DDAE27}" = TweetDeck
"{FFFAE01B-466F-4C07-9821-A94FD753BDDA}" = EpsonNet Setup
"ActiveHomePro" = ActiveHome Pro
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AntiMalwarePro_is1" = AntiMalware Pro 2.1
"AVG8Uninstall" = AVG 8.5
"Browser Defender_is1" = Browser Defender 2.0.6.11
"Carbonite Backup" = Carbonite
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DVD Shrink_is1" = DVD Shrink 3.2
"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
"EPSON Scanner" = EPSON Scan
"ESET Online Scanner" = ESET Online Scanner v3
"HijackThis" = HijackThis 2.0.2
"Ideal DVD Copy_is1" = Ideal DVD Copy V3.2.2
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = CyberLink PowerCinema for TOSHIBA
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}" = DesignPro 5.4 Limited Edition
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"LimeWire" = LimeWire PRO 4.17.0
"LTCM Client" = LTCM Client
"Magic ISO Maker v5.4 (build 0239)" = Magic ISO Maker v5.4 (build 0239)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"NIS" = Norton Internet Security
"Picasa2" = Picasa 2
"Spyware Doctor" = Spyware Doctor 7.0
"TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1" = TweetDeck
"WildTangent toshiba Master Uninstall" = WildTangent Games
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinRAR archiver" = WinRAR archiver
"YouTube Movie Downloader_is1" = YouTube Movie Downloader V2.2.0
"YPOPs_is1" = YPOPs! 0.9.7.3

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"QUICKMEDIACONVERTER" = QMC

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

DragonMaster Jay · 15 Re: Computer infected with Packed.Delf.Crypt. on Tue Jan 12, 2010 4:33 pm

DragonMaster Jay

Site Owner

Please download the latest version of Kaspersky GetSystemInfo (GSI) from Kaspersky and save it to your Desktop.

Please close all other applications running on your system.

Please double click GetSystemInfo.exe to open it.

Click the Settings button.

Set it to Maximum

IMPORTANT! Then please click Customize - choose Driver / Ports tab and uncheck Scan Ports.

Click Create Report to run it.

It will create a zip folder called GetSystemInfo_XXXXXXXXXXXXXX.zip on your Desktop. Please upload the folder to Kaspersky GSI Parser and click the Submit button.

Please copy and paste the url of the GSI Parser report (not the log) in your next reply.

Ad Bot

Ad Bot

1 Computer infected with Packed.Delf.Crypt. on Mon Jan 11, 2010 2:47 am

1wiseguy

2 Re: Computer infected with Packed.Delf.Crypt. on Mon Jan 11, 2010 3:13 am

DragonMaster Jay

3 Re: Computer infected with Packed.Delf.Crypt. on Mon Jan 11, 2010 11:53 am

1wiseguy

4 Re: Computer infected with Packed.Delf.Crypt. on Mon Jan 11, 2010 4:13 pm

DragonMaster Jay

5 Re: Computer infected with Packed.Delf.Crypt. on Tue Jan 12, 2010 12:43 am

1wiseguy

6 Re: Computer infected with Packed.Delf.Crypt. on Tue Jan 12, 2010 1:21 am

DragonMaster Jay

7 Re: Computer infected with Packed.Delf.Crypt. on Tue Jan 12, 2010 9:47 am

1wiseguy

8 OTL.txt report part 1 on Tue Jan 12, 2010 9:51 am

1wiseguy

9 OTL.txt report part 2 on Tue Jan 12, 2010 9:58 am

1wiseguy

10 OTL.TXT continued PART 3 on Tue Jan 12, 2010 10:03 am

1wiseguy

11 Re: Computer infected with Packed.Delf.Crypt. on Tue Jan 12, 2010 10:12 am

1wiseguy

12 Re: Computer infected with Packed.Delf.Crypt. on Tue Jan 12, 2010 10:18 am

1wiseguy

13 Re: Computer infected with Packed.Delf.Crypt. on Tue Jan 12, 2010 10:23 am

1wiseguy

14 Re: Computer infected with Packed.Delf.Crypt. on Tue Jan 12, 2010 10:25 am

1wiseguy

15 Re: Computer infected with Packed.Delf.Crypt. on Tue Jan 12, 2010 4:33 pm

DragonMaster Jay

Ad Bot

Log in