Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic of your own. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!
2 Pages V   1 2 >  
 Closed TopicStart new topic
need help removing desot.exe! [Solved]
bizzle
post Sep 2 2009, 02:02 PM
Post #1


New Member
*
Posts: 9
OS: XP
ok so a few days ago i got the windows antivirus pro and desot.exe virus. Windows antivirus pro doesnt pop up anymore, but ever since it stopped popping up no applications work. I cant run ANY .exe files, but i can run other files. any help would be cool
Go to the top of the page
 
+Quote Post
kahdah
post Sep 2 2009, 05:32 PM
Post #2


GeekU Teacher
Group Icon
Posts: 13,543
From: Florida
OS: Windows xp,Vista business



Hello bizzle

Welcome to G2Go. smile.gif
=====================
Download the attached .zip file and then save it to your desktop.
Right click on it and choose extract all.
Then open the newly extracted folder and double click on the xp_exe_fix.reg hit yes to allow it to merge with the registry.

Then your apps should work.
After that do the following to check for anything leftover.

=====================
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

===========
Download This file. Note its name and save it to your root folder, such as C:\.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "Yes" to begin the scan.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

[attachment=33776:xp_exe_fix.zip]
Go to the top of the page
 
+Quote Post
bizzle
post Sep 2 2009, 09:30 PM
Post #3


New Member
*
Posts: 9
OS: XP
OTLlll.TXT

OTL logfile created on: 9/2/2009 10:28:18 PM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Riel\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.48 Mb Total Physical Memory | 518.42 Mb Available Physical Memory | 50.70% Memory free
2.40 Gb Paging File | 2.00 Gb Available in Paging File | 83.19% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.98 Gb Total Space | 205.50 Gb Free Space | 89.75% Space Free | Partition Type: NTFS
Drive D: | 3.89 Gb Total Space | 0.45 Gb Free Space | 11.57% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WEED
Current User Name: Riel
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\System32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\System32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Documents and Settings\Riel\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (AntipPro2009_100 [Auto | Stopped]) -- File not found
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Ati HotKey Poller [Auto | Running]) -- C:\WINDOWS\System32\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (ATI Smart [Auto | Stopped]) -- C:\WINDOWS\System32\ati2sgag.exe ()
SRV - (avg8emc [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg8wd [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (Roxio UPnP Renderer 9 [On_Demand | Stopped]) -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe (Sonic Solutions)
SRV - (Roxio Upnp Server 9 [Auto | Stopped]) -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe (Sonic Solutions)
SRV - (RoxLiveShare9 [Auto | Stopped]) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (Sonic Solutions)
SRV - (RoxMediaDB9 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe (Sonic Solutions)
SRV - (RoxWatch9 [Auto | Stopped]) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe (Sonic Solutions)
SRV - (usnjsvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (AvgLdx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX [System | Running]) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (motmodem [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\motmodem.sys (Motorola)
DRV - (NPPTNT2 [On_Demand | Stopped]) -- C:\WINDOWS\System32\npptNT2.sys (INCA Internet Co., Ltd.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (RimUsb [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\RimUsb.sys (Research In Motion Limited)
DRV - (RimVSerPort [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\RimSerial.sys (Research in Motion Ltd)
DRV - (ROOTMODEM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\RootMdm.sys (Microsoft Corporation)
DRV - (RTL8023xp [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (rtl8139 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\RTL8139.SYS (Realtek Semiconductor Corporation)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (tap0801 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\tap0801.sys (The OpenVPN Project)
DRV - (tap0901 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\tap0901.sys (The OpenVPN Project)
DRV - (tmcomm [Auto | Running]) -- C:\WINDOWS\System32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)

========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=101760&l=dis
IE - URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = ftp=localhost:8080;gopher=localhost:8080;http=localhost:8080;https=localhost:8080;socks=localhost:1080

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://facebook.com/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.13


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/06/18 09:40:00 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared [2009/06/12 09:37:59 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2008/12/06 20:22:07 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/01 23:18:08 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/09 00:49:31 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/04 23:23:27 | 00,000,000 | ---D | M]

[2008/09/20 14:06:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Riel\Application Data\mozilla\Extensions
[2008/09/20 14:06:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Riel\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/09/02 19:53:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Riel\Application Data\mozilla\Firefox\Profiles\dbrcrkr8.default\extensions
[2009/09/02 14:35:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Riel\Application Data\mozilla\Firefox\Profiles\dbrcrkr8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/10/08 20:32:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Riel\Application Data\mozilla\Firefox\Profiles\dbrcrkr8.default\extensions\{d0c29249-27c7-4192-aec8-6c84436aeb80}
[2009/04/22 18:57:57 | 00,000,682 | ---- | M] () -- C:\Documents and Settings\Riel\Application Data\Mozilla\FireFox\Profiles\dbrcrkr8.default\searchplugins\ask.xml
[2009/09/02 19:53:59 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/08/04 23:23:27 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/06/07 19:44:51 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B7D3E479-CC68-42B5-A338-938ECE35F419}
[2008/04/29 22:16:39 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2008/07/14 17:50:03 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2008/12/06 20:22:19 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/04/22 13:01:55 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/06/15 11:44:40 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/08/04 23:23:21 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/04 23:23:21 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/12/06 01:52:44 | 00,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2009/05/21 11:33:58 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2008/11/21 16:45:04 | 01,332,224 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2007/07/02 17:20:48 | 00,069,632 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npijjiFFPlugin1.dll
[2009/08/04 23:23:24 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/06/02 21:44:22 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/06/02 21:44:22 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/06/02 21:44:22 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/06/02 21:44:22 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/06/02 21:44:22 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/06/02 21:44:23 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/06/02 21:44:23 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/04/23 18:47:12 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/04/23 18:47:12 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/06/12 15:36:39 | 00,001,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml
[2009/04/23 18:47:12 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/04/23 18:47:12 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/04/23 18:47:12 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/04/23 18:47:12 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/04/23 18:47:12 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [IpSharkk] C:\Program Files\IpSharkk\IpSharkk.exe File not found
O4 - HKCU..\Run: [MsnMsgr] C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation)
O4 - HKCU..\Run: [PlayNC Launcher] File not found
O4 - HKCU..\Run: [svchost.exe] C:\Documents and Settings\Riel\Application Data\Microsoft\svchost.exe (AversionMedia)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe (Research In Motion Limited)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Riel\Start Menu\Programs\Startup\FrostWire On Startup.lnk = C:\Program Files\FrostWire\FrostWire.exe (FrostWire Group)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\System32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/octet-stream - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - Class Install Handler - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - lzdhtml - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/webviewhtml - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (C:\lsass.exe) - C:\lsass.exe File not found
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\SYSTEM32\Userinit.exe) - C:\WINDOWS\System32\Userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\twext.exe) - C:\WINDOWS\System32\twext.exe [FILE handle not seen by OS]
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\System32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\WlNotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\System32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\System32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\System32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O27 - HKLM IFEO\Your Image File Name Here without a path: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/29 21:48:09 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{a9918be6-976c-11de-8666-0016764eb2c4}\Shell\Auto\command - "" = F:\launcher.exe -- File not found
O33 - MountPoints2\{a9918be6-976c-11de-8666-0016764eb2c4}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a9918be6-976c-11de-8666-0016764eb2c4}\Shell\AutoRun\command - "" = C:\WINDOWS\System32\Shell32.DLL -- [2008/06/17 14:02:19 | 08,461,312 | ---- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[8 C:\WINDOWS\*.tmp files]
[2009/09/02 22:27:21 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Riel\Desktop\OTL.exe
[2009/09/02 22:24:43 | 00,000,745 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\xp_exe_fix.zip
[2009/08/30 15:15:02 | 00,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Riel\Desktop\svchost.scr
[2009/08/30 13:08:52 | 00,002,855 | ---- | C] () -- C:\WINDOWS\System32\desot.PIF
[2009/08/30 13:04:28 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2009/08/29 21:16:49 | 00,102,664 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2009/08/29 17:35:52 | 00,000,000 | ---D | C] -- C:\Winamp
[2009/08/29 16:36:57 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\PokerStarsInstall.exe
[2009/08/29 16:36:08 | 00,000,736 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\PokerStars.lnk
[2009/08/28 12:16:26 | 00,001,382 | ---- | C] () -- C:\WINDOWS\System32\onhelp.htm
[2009/08/28 11:40:05 | 00,390,144 | ---- | C] () -- C:\WINDOWS\System32\desot.exe
[2009/08/28 11:40:05 | 00,000,087 | ---- | C] () -- C:\WINDOWS\System32\sonhelp.htm
[2009/08/28 11:40:05 | 00,000,064 | ---- | C] () -- C:\WINDOWS\ppp4.dat
[2009/08/28 11:40:05 | 00,000,036 | ---- | C] () -- C:\WINDOWS\System32\sysnet.dat
[2009/08/28 11:40:05 | 00,000,009 | ---- | C] () -- C:\WINDOWS\System32\bennuar.old
[2009/08/28 11:40:05 | 00,000,003 | ---- | C] () -- C:\WINDOWS\ppp3.dat
[2009/08/28 11:39:54 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Antivirus Pro
[2009/08/28 10:20:18 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\MSWINSCK.OCX
[2009/08/27 22:53:12 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbscan.sys
[2009/08/27 22:53:12 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[2009/08/27 22:53:12 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll
[2009/08/27 22:53:11 | 00,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll
[2009/08/27 17:20:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Riel\Application Data\UltimateBet
[2009/08/27 17:20:33 | 00,000,000 | ---D | C] -- C:\Program Files\UltimateBet
[2009/08/27 17:20:30 | 00,000,000 | ---D | C] -- C:\Program Files\_uninstallation_info
[2009/08/21 14:31:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Riel\My Documents\Copy of My Music
[2009/08/19 18:24:44 | 06,453,014 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Plies - Please Excuse My Hands (Dirty).mp3
[2009/08/19 18:24:44 | 06,164,413 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Plies - Runnin Momma Crazy.mp3
[2009/08/19 18:24:43 | 05,804,257 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Plies - On My Dick.mp3
[2009/08/19 18:24:43 | 05,581,422 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Plies - Pants Hang Low.mp3
[2009/08/19 18:24:43 | 04,948,262 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Plies - Never Tell On My Dawg (Feat. Trick Daddy).mp3
[2009/08/19 18:24:42 | 07,621,422 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Plies - Most Anticipated.mp3
[2009/08/19 18:24:42 | 07,307,227 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Plies - Money Straight.mp3
[2009/08/19 18:24:42 | 07,213,066 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Plies - Kept It Too Real.mp3
[2009/08/19 18:24:41 | 05,277,699 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Plies - Family Straight.mp3
[2009/08/19 18:24:41 | 02,284,045 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Plies - Drama Found Me.mp3
[2009/08/19 18:24:40 | 06,799,335 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Plies - Definition Of Real - I'm Da Man ft Trey Songz.mp3
[2009/08/19 18:24:40 | 05,187,137 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Plies - Da Realist - 09 - Spend The Night.mp3
[2009/08/19 18:24:39 | 06,947,941 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Plies - Shawty.mp3
[2009/08/19 18:24:39 | 05,840,906 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Plies - 100 Years.mp3
[2009/08/19 18:24:35 | 06,572,516 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Plies Feat Chris J - Put It On Ya.mp3
[2009/08/19 18:24:35 | 05,256,716 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Plies ft. Sean Garrett- Street Lights.mp3
[2009/08/19 18:24:35 | 05,196,825 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Plies & Young Buck-[bleep] What They Talkin Bout-MF.mp3
[2009/08/19 18:24:34 | 05,048,320 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Plies - You (Feat. Tank).mp3
[2009/08/18 18:27:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Riel\Desktop\F u
[2009/08/18 12:06:36 | 01,793,078 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\West Side Conection- The Gangsta, The Killa And The Dope Dealer - Westside Connection.mp3
[2009/08/15 09:39:24 | 06,725,688 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Lil' Wayne Ft. Juelz Santana & Fabolous - You Ain't Got nothing On Me.mp3
[2009/08/13 04:25:04 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dhtmled.ocx
[2009/08/13 04:24:57 | 01,315,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoe.dll
[2009/08/12 09:51:06 | 00,005,508 | ---- | C] () -- C:\Documents and Settings\Riel\My Documents\evan.jpg
[2009/08/12 06:14:52 | 04,929,471 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Ace Hood - White Leather.mp3
[2009/08/12 06:02:29 | 04,376,529 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Classified- Freezin In The Cold.mp3
[2009/08/12 06:02:26 | 06,432,901 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Classified- Fall From Paradise.mp3
[2009/08/12 05:22:48 | 05,399,668 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Fabolous - So Wet (Ft[1]. Ray J) - HotNewHipHop.com.mp3
[2009/08/12 05:20:52 | 07,178,368 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Gorilla Zoe - I Got it Ft. Big Block.mp3
[2009/08/12 05:18:20 | 07,223,488 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Lil Wayne - Every Girl.mp3
[2009/08/12 05:11:00 | 05,624,649 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Lil Wayne - Cannon.mp3
[2009/08/11 01:58:57 | 08,432,429 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Blood Raw feat. Young Jeezy - Louie Bag.mp3
[2009/08/05 20:26:54 | 00,020,775 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\the best playlist.m3u
[2009/08/05 20:26:05 | 04,990,059 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Fabolous Feat. Nate Dogg - Cant Deny It.mp3
[2009/08/05 20:26:00 | 03,593,323 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Fabolous - Trade It All (feat. Jagged Edge).mp3
[2009/08/05 20:25:52 | 03,493,650 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Fat Joe Ft. Terror Squad - Lean Back.mp3
[2009/08/05 20:25:19 | 03,928,064 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Gangstarr & MOP- War Goin On Outside.mp3
[2009/08/05 20:25:00 | 04,110,777 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Gorilla Zoe - Betcha Cant.mp3
[2009/08/05 20:24:52 | 03,408,126 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Gorilla Zoe Feat. Young Jeezy - Hood Figga.mp3
[2009/08/05 20:24:44 | 08,026,458 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Gucci Mane - Is You Geeked Up.mp3
[2009/08/05 20:24:23 | 06,654,475 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Gucci Mane & Plies-Get Wasted (Produced By Fat Boi)-MF.mp3
[2009/08/05 20:23:49 | 06,891,087 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\G-Unit - Beg For Mercy - G'd Up.mp3
[2009/08/05 20:23:36 | 05,276,706 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Ill Bill ft. Necro - Glenwood Projects.mp3
[2009/08/05 20:23:27 | 02,514,408 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Ill Bill, Vinnie Paz ft. & Canibus - In The Hood.mp3
[2009/08/05 20:22:50 | 05,570,531 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Immortal Technique - Harlem Streets.mp3
[2009/08/05 20:22:39 | 04,729,754 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\immortal technique - positive balance.mp3
[2009/08/05 20:22:25 | 07,493,258 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Immortal Technique - You Never Know.mp3
[2009/08/05 20:22:20 | 04,378,225 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Immortal Technique-Industrial Revolution.mp3
[2009/08/05 20:20:36 | 06,755,017 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\jim jones - mind on my money.mp3
[2009/08/05 20:20:29 | 03,232,032 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Jim Jones - Up In Harlem.mp3
[2009/08/05 20:20:16 | 06,731,631 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Jim Jones- Pin The Tail.mp3
[2009/08/05 20:19:56 | 05,516,009 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Joe Buddens- Pump It Up.mp3
[2009/08/05 20:19:45 | 05,518,844 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Juelz Santana - I Am Crack.mp3
[2009/08/05 20:18:57 | 03,140,263 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Juelz santana ft. Skull gang - got money.mp3
[2009/08/05 20:18:47 | 05,761,236 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Juelz Santana Feat. Lil Wayne - Hood [bleep].mp3
[2009/08/05 20:18:47 | 05,439,616 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Juelz Santana Feat. Lil Wayne - Rewind.mp3
[2009/08/05 20:18:12 | 04,194,304 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Juelz Santana Ft. Young Jeezy & Lil Wayne - Make It Work For Ya.mp3
[2009/08/05 20:17:30 | 04,499,730 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Juelz_Santana_Ft_Skull_Gang_-_I_Am_the_Club-.mp3
[2009/08/05 20:17:13 | 05,899,391 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\juelz_santana-shottas_(feat_camron_and_sizzla).mp3
[2009/08/05 20:15:46 | 05,094,375 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Lil Wayne - The Sky Is The Limit.mp3
[2009/08/05 20:15:33 | 02,765,419 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Lil Wayne- Cannon- Dissin Gilly Da Kid.mp3
[2009/08/05 20:14:47 | 04,779,178 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Lil Wayne ft Young Money Ent. - Whoever You Like.mp3
[2009/08/05 20:14:39 | 07,496,693 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Lil Wayne ft. Gucci Mane - We Be Steady Mobbin.mp3
[2009/08/05 20:14:29 | 06,360,756 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Lil Wayne ft. T-Pain - Got Money.mp3
[2009/08/05 20:14:09 | 05,347,862 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Lil Wayne, Jim Jones & Freekey Zeeky-Who The [bleep] Is This Girl-MF.mp3
[2009/08/05 20:13:14 | 03,895,299 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Mark Ronson Ghostface & Nate Dogg - Ooh Wee.mp3
[2009/08/05 20:13:01 | 05,871,409 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Method Man & Redman feat Toni Braxton - I Get So High.mp3
[2009/08/05 20:12:22 | 06,238,796 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Mobb Deep - Burn.mp3
[2009/08/05 20:12:22 | 03,090,432 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Mobb Deep - Drop A Gem On 'Em.mp3
[2009/08/05 20:12:05 | 04,595,840 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Mobb Deep - Eye For An Eye (Feat Nas & Raekwon).mp3
[2009/08/05 20:11:52 | 08,055,256 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Mobb Deep - [bleep] On Earth (Front Lines).mp3
[2009/08/05 20:11:46 | 06,659,984 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Mobb Deep - Got It Twisted Ft. Twista (Dirty Remix).mp3
[2009/08/05 20:11:34 | 06,730,649 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Mobb Deep - Win Or Lose ~remix~ (feat. Jadakiss, Jay-Z & Nas).mp3
[2009/08/05 20:11:27 | 03,590,144 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Mobb Deep- Quiet Storm.mp3
[2009/08/05 20:11:17 | 04,521,126 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Mobb Deep ft. Young Buck- Give It To Me.mp3
[2009/08/05 20:11:01 | 05,915,514 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Mos Def - Mathematics.mp3
[2009/08/05 20:10:52 | 07,372,722 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Nas - Got Yourself A Gun.mp3
[2009/08/05 20:10:38 | 07,460,080 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Obie Trice ft. Eminem - When It Hits The Fan dr.dre, xzibit, eminem, 50 cent, tupac, g unit, weird al, blue collar, rap, the game, , lil wyte, bone thugs.mp3
[2009/08/05 20:10:29 | 06,220,979 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Omarion ft Jim Jones - Ice Box (Remix).mp3
[2009/08/05 20:10:12 | 03,980,225 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\P. Diddy ft.G-Dep and Black Rob - Let's Get It (Dirty).mp3
[2009/08/05 20:10:03 | 05,424,362 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Plies - 1 Mo Time.mp3
[2009/08/05 20:09:57 | 06,148,960 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Planet Asia - G's & Soldiers (Ft. Kurupt).mp3
[2009/08/05 20:09:50 | 05,285,898 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Plies - I Am The Club.mp3
[2009/08/05 20:09:41 | 06,023,392 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Plies - Da Realist -Me and My Goons.mp3
[2009/08/05 20:09:41 | 05,981,259 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Plies - Da Realist - Plenty Money.mp3
[2009/08/05 20:09:34 | 06,256,650 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Plies - Goons Lurking.mp3
[2009/08/05 20:09:28 | 05,831,922 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Plies - Murkin Season.mp3
[2009/08/05 20:09:11 | 04,526,605 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Plies_Ft_Akon-Hypnotized.mp3
[2009/08/05 20:08:57 | 08,317,618 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Q-Tip - Gettin Up.mp3
[2009/08/05 20:08:42 | 07,259,382 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Ray Cash - She A G.mp3
[2009/08/05 20:08:32 | 05,825,976 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Red Cafe Ft. 50 Cent, Fat Joe, Jadakiss, & Fabolous - Paper Touchin (Remix).mp3
[2009/08/05 20:08:19 | 07,737,417 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Reef the lost cauze - eyes of my father.mp3
[2009/08/05 20:07:51 | 06,174,552 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Rick Ross- For Da Low.mp3
[2009/08/05 20:07:51 | 06,070,400 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Rick Ross- Blow.mp3
[2009/08/05 20:07:21 | 02,841,908 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Rick Ross-Dope Boys-MF.mp3
[2009/08/05 20:06:24 | 05,393,721 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Sean Kingston Ft. Lil Wayne - I'm At War.mp3
[2009/08/05 20:06:11 | 06,800,006 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Shawty Lo - lets get it.mp3
[2009/08/05 20:06:03 | 09,448,794 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Shawty Lo Ft. Trey Songz & Lil Wayne - Supplier - HotNewHipHop.com.mp3
[2009/08/05 20:05:42 | 06,447,522 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Snoop Dogg Ft E-40 & Kurupt - Candy.mp3
[2009/08/05 20:05:30 | 03,781,136 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Snoop Doggy Dog f. Xzibit - [bleep] Please.mp3
[2009/08/05 20:03:30 | 02,570,805 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Styles P-Canadian Kush.mp3
[2009/08/05 20:03:01 | 06,107,136 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Sway & King Tech featuring DJ Revolution, RZA, Tech N9NE, Pharoahe Monch, Xzibit, Eminem, Jayo Felony, Kool G Rap, Chino XL, & KRS-One - The Anthem (Instrumental).mp3
[2009/08/05 20:02:17 | 07,203,951 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\T.I ft Justin Timberlake - Dead and Gone.mp3
[2009/08/05 20:02:05 | 06,392,727 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\T.I. -Swing_Your_Rag_feat.Swizz_Beats.mp3
[2009/08/05 20:01:46 | 05,977,861 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\The Diplomats - Dipset Anthem ft Camron & Juelz Santana.mp3
[2009/08/05 20:01:38 | 07,094,901 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\The Diplomats- Diplomatic Immunity- 1st Of Tha Month (feat. Jimmy Jones, Camron, And Juelz Santana).mp3
[2009/08/05 19:58:57 | 04,534,400 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\The Game ft Anthony Hamilton - Hustlers Dream.mp3
[2009/08/05 19:58:03 | 04,992,064 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\The Game ft. Dr Dre - Run.mp3
[2009/08/05 19:57:15 | 04,454,528 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\The Game - Killa Kalli .mp3
[2009/08/05 19:57:09 | 04,434,762 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\The Game - Higher.mp3
[2009/08/05 19:54:25 | 06,298,982 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Xzibit - X.mp3
[2009/08/05 19:54:11 | 04,158,114 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\yo_gotti-m.i.a.-cr.mp3
[2009/08/05 19:54:00 | 04,839,552 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Yung Joc- It's Going Down.mp3
[2009/08/05 19:52:25 | 02,912,656 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Young Jeezy - Halloween Massacre.mp3
[2009/08/05 19:52:04 | 04,143,104 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Dr. Dre with Snoop Dogg - Still Dre.mp3
[2009/08/05 19:50:53 | 08,391,479 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\DJ Khaled Ft. T-Pain, Young Jeezy, Ludacris, Busta Rhymes, Big Boi, Lil' Wayne, Birdman, Fat Joe & Rick Ross - I'm So Hood (Remix).mp3
[2009/08/05 19:50:33 | 04,776,854 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\DJ Khaled f. Young Jeezy, Juelz Santana, Lil Wayne, Fat Joe, Rick Ross & Dre - Brown Paper Bag.mp3
[2009/08/05 19:50:09 | 04,893,328 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\DJ Green Lantern - G Unit - What Up Dipset (Remix).mp3
[2009/08/05 19:49:28 | 08,249,170 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Dipset_Byrd_Gang_Volume_1_All_Eyes_On_Zeke-Who_Shot_Freaky_Zeeky-18-jim_jones_camron_(killa_cam)__juelz_santana-drama_ki-whoa.mp3
[2009/08/05 19:49:18 | 03,596,196 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\dipset Juelz Santana - I Can Feel It In The Air.mp3
[2009/08/05 19:48:18 | 07,377,860 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Dipset - Jim Jones ft. P.Diddy, Jha Jha, Paul Wall - What U Been Drinkin.mp3
[2009/08/05 19:48:06 | 05,035,824 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Dipset - Juelz Santana & Fabolous - So What's It Gonna Be.mp3
[2009/08/05 19:47:53 | 05,602,276 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Dipset - Juelz Santana - Santana's Town.mp3
[2009/08/05 19:47:19 | 04,842,189 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Common ft. Will.I.Am - I Have A Dream.mp3
[2009/08/05 19:46:35 | 04,668,604 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Brooklyn Bomb (Slick Rick, Crooklyn Clan, Bad Boy, Beatnuts, Time Zone, Biggie, Jay-Z, Mase, Mobb Deep & Nas).mp3
[2009/08/05 19:46:12 | 03,976,813 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Boot Camp Click - Smiff N' Wessun feat MOP - Bucktown Remix.mp3
[2009/08/05 19:45:23 | 05,758,976 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Black Rob - Like Whoa.mp3
[2009/08/05 19:45:23 | 05,687,090 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Black Rob - A Star In The Hood.mp3
[2009/08/05 19:44:51 | 08,224,640 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Beatnuts feat Dj Babu - Duck Season.mp3
[2009/08/05 19:44:22 | 07,510,016 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\B.O.B. feat. Rick Ross and Juvenile - Haterz Everywhere Remix.mp3
[2009/08/05 19:42:57 | 05,083,334 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Army of the Pharoahs - Swords Drawn.mp3
[2009/08/05 19:42:57 | 04,753,872 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Aggy-MF.mp3
[2009/08/05 19:42:57 | 04,734,430 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Army of The Pharoahs Revolution.mp3
[2009/08/05 19:42:56 | 06,104,798 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Atmosphere - Little Man.mp3
[2009/08/05 19:42:56 | 04,305,864 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Army of the pharaohs - dump the clip.mp3
[2009/08/05 19:42:56 | 04,226,157 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Army Of The Pharoahs - Murder Death Kill.mp3
[2009/08/05 19:42:56 | 03,687,011 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Army of the Pharoahs - Tear It Down.mp3
[2009/08/05 19:42:55 | 08,260,177 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Akon ft. Lil' Wayne-Im so paid.mp3
[2009/08/05 19:42:55 | 07,030,086 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Ace Hood Final Warning ft. DJ Khaled, Bun B, Blood Raw, Brisco, Bali, Lil Scrappy, Shawty Lo & Rock City.mp3
[2009/08/05 04:01:48 | 00,204,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswebdvd.dll
[2008/10/08 23:25:00 | 00,000,091 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/10/07 17:50:11 | 00,000,100 | ---- | C] () -- C:\WINDOWS\dinksmallwood.ini
[2008/09/16 20:46:08 | 00,000,093 | ---- | C] () -- C:\WINDOWS\RCAMPEG4VC.ini
[2008/09/16 20:45:45 | 00,561,152 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/09/16 20:45:45 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/09/08 19:21:14 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/08/12 18:26:22 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2008/08/12 18:26:22 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2008/08/12 18:26:22 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2008/08/12 18:26:22 | 00,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2008/08/12 18:26:22 | 00,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2008/05/03 15:44:38 | 00,000,031 | ---- | C] () -- C:\WINDOWS\GunzLauncher.INI
[2008/04/30 00:18:35 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2008/04/30 00:16:07 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2008/04/30 00:16:06 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2008/04/30 00:16:06 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2004/08/04 07:00:00 | 00,000,507 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/04 07:00:00 | 00,000,439 | ---- | C] () -- C:\WINDOWS\system.ini

========== Files - Modified Within 30 Days ==========

[14 C:\WINDOWS\System32\*.tmp files]
[8 C:\WINDOWS\*.tmp files]
[2009/09/02 22:27:22 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Riel\Desktop\OTL.exe
[2009/09/02 22:26:30 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/09/02 22:24:44 | 00,000,745 | ---- | M] () -- C:\Documents and Settings\Riel\Desktop\xp_exe_fix.zip
[2009/09/02 14:34:47 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/09/02 14:34:42 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/09/02 14:33:25 | 40,545,176 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/09/02 14:33:25 | 00,076,683 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/09/02 13:31:01 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/09/01 20:49:03 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/09/01 15:24:48 | 00,008,114 | ---- | M] () -- C:\Documents and Settings\Riel\Desktop\straight ballin.m3u
[2009/08/31 22:30:12 | 03,233,318 | -H-- | M] () -- C:\Documents and Settings\Riel\Local Settings\Application Data\IconCache.db
[2009/08/30 15:18:41 | 00,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Riel\Desktop\svchost.scr
[2009/08/30 13:08:52 | 00,002,855 | ---- | M] () -- C:\WINDOWS\System32\desot.PIF
[2009/08/30 13:06:48 | 00,390,144 | ---- | M] () -- C:\WINDOWS\System32\desot.exe
[2009/08/30 13:05:19 | 00,000,439 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/08/29 21:16:23 | 00,102,664 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2009/08/29 17:12:08 | 00,000,736 | ---- | M] () -- C:\Documents and Settings\Riel\Desktop\PokerStars.lnk
[2009/08/29 16:36:57 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Riel\Desktop\PokerStarsInstall.exe
[2009/08/28 12:46:02 | 00,000,064 | ---- | M] () -- C:\WINDOWS\ppp4.dat
[2009/08/28 12:46:02 | 00,000,003 | ---- | M] () -- C:\WINDOWS\ppp3.dat
[2009/08/28 12:32:31 | 00,001,382 | ---- | M] () -- C:\WINDOWS\System32\onhelp.htm
[2009/08/28 12:03:26 | 00,000,009 | ---- | M] () -- C:\WINDOWS\System32\bennuar.old
[2009/08/28 11:49:54 | 00,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2009/08/28 11:40:05 | 00,000,087 | ---- | M] () -- C:\WINDOWS\System32\sonhelp.htm
[2009/08/28 11:40:05 | 00,000,036 | ---- | M] () -- C:\WINDOWS\System32\sysnet.dat
[2009/08/28 11:25:59 | 00,000,594 | ---- | M] () -- C:\Documents and Settings\Riel\My Documents\My Sharing Folders.lnk
[2009/08/28 10:20:18 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\MSWINSCK.OCX
[2009/08/27 17:23:02 | 04,454,528 | ---- | M] () -- C:\Documents and Settings\Riel\Desktop\The Game - Killa Kalli .mp3
[2009/08/27 17:22:44 | 06,664,526 | ---- | M] () -- C:\Documents and Settings\Riel\Desktop\Xzibit ft. The Game, Daz & T-Pain - On bail.mp3
[2009/08/20 17:35:35 | 04,958,336 | ---- | M] () -- C:\Documents and Settings\Riel\Desktop\Eminem vs. Biggie Smalls - Hip-Hop Wars Freestyles.mp3
[2009/08/20 16:52:20 | 00,006,112 | -HS- | M] () -- C:\Documents and Settings\Riel\Desktop\Folder.jpg
[2009/08/20 16:52:20 | 00,001,892 | -HS- | M] () -- C:\Documents and Settings\Riel\Desktop\AlbumArtSmall.jpg
[2009/08/19 10:44:52 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/08/19 10:44:51 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/08/19 10:44:51 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/08/18 21:22:57 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/08/18 12:06:53 | 01,793,078 | ---- | M] () -- C:\Documents and Settings\Riel\Desktop\West Side Conection- The Gangsta, The Killa And The Dope Dealer - Westside Connection.mp3
[2009/08/15 09:39:55 | 06,725,688 | ---- | M] () -- C:\Documents and Settings\Riel\Desktop\Lil' Wayne Ft. Juelz Santana & Fabolous - You Ain't Got nothing On Me.mp3
[2009/08/13 08:20:39 | 00,020,775 | ---- | M] () -- C:\Documents and Settings\Riel\Desktop\the best playlist.m3u
[2009/08/12 09:51:07 | 00,005,508 | ---- | M] () -- C:\Documents and Settings\Riel\My Documents\evan.jpg
[2009/08/12 06:15:14 | 04,929,471 | ---- | M] () -- C:\Documents and Settings\Riel\Desktop\Ace Hood - White Leather.mp3
[2009/08/12 06:06:05 | 04,376,529 | ---- | M] () -- C:\Documents and Settings\Riel\Desktop\Classified- Freezin In The Cold.mp3
[2009/08/12 06:03:22 | 06,432,901 | ---- | M] () -- C:\Documents and Settings\Riel\Desktop\Classified- Fall From Paradise.mp3
[2009/08/12 05:34:43 | 07,178,368 | ---- | M] () -- C:\Documents and Settings\Riel\Desktop\Gorilla Zoe - I Got it Ft. Big Block.mp3
[2009/08/12 05:33:24 | 05,277,699 | ---- | M] () -- C:\Documents and Settings\Riel\Desktop\Plies - Family Straight.mp3
[2009/08/12 05:31:11 | 05,399,668 | ---- | M] () -- C:\Documents and Settings\Riel\Desktop\Fabolous - So Wet (Ft[1]. Ray J) - HotNewHipHop.com.mp3
[2009/08/12 05:23:13 | 07,223,488 | ---- | M] () -- C:\Documents and Settings\Riel\Desktop\Lil Wayne - Every Girl.mp3
[2009/08/12 05:20:18 | 05,624,649 | ---- | M] () -- C:\Documents and Settings\Riel\Desktop\Lil Wayne - Cannon.mp3
[2009/08/11 02:00:37 | 08,432,429 | ---- | M] () -- C:\Documents and Settings\Riel\Desktop\Blood Raw feat. Young Jeezy - Louie Bag.mp3
[2009/08/05 04:01:48 | 00,204,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mswebdvd.dll
[2009/08/05 04:01:48 | 00,204,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswebdvd.dll

========== LOP Check ==========

[2009/06/14 13:15:12 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/03/12 19:00:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/05/09 10:41:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/06/24 20:54:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Age of Empires 3 XPack Trial
[2008/10/08 20:32:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AppRanger
[2008/05/30 13:04:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ATI
[2009/07/01 17:34:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2008/06/07 15:44:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2009/03/19 16:54:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Graboid Inc
[2008/05/03 14:46:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IJJIGame
[2009/06/14 13:15:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pure Networks
[2009/06/01 21:31:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Roxio
[2009/04/28 19:35:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/04/28 21:04:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trymedia
[2008/09/16 20:43:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo
[2009/08/27 17:20:34 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Riel\Application Data
[2008/06/07 16:13:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Riel\Application Data\ArcSoft
[2008/05/30 13:04:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Riel\Application Data\ATI
[2009/06/01 19:57:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Riel\Application Data\AVGTOOLBAR
[2008/08/12 18:17:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Riel\Application Data\Azureus
[2009/09/02 22:26:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Riel\Application Data\FrostWire
[2009/06/04 19:38:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Riel\Application Data\GetRightToGo
[2009/03/19 23:20:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Riel\Application Data\Graboid Inc
[2008/06/14 21:59:56 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Riel\Application Data\ijjigame
[2009/04/22 18:34:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Riel\Application Data\LimeWire
[2009/06/24 17:13:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Riel\Application Data\NotMyIp
[2009/06/01 21:35:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Riel\Application Data\Research In Motion
[2009/07/16 18:19:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Riel\Application Data\Roxio
[2009/08/27 17:22:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Riel\Application Data\UltimateBet
[2009/06/24 22:37:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Riel\Application Data\uTorrent
[2009/09/01 20:49:03 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2004/08/04 07:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/09/02 14:34:47 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\desot.exe:SummaryInformation
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Yung Joc- It's Going Down.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Young Jeezy - Halloween Massacre.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\yo_gotti-m.i.a.-cr.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Xzibit ft. The Game, Daz & T-Pain - On bail.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\The Game ft. Dr Dre - Run.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\The Game ft Anthony Hamilton - Hustlers Dream.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\The Game - Killa Kalli .mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\The Game - Big Dreams (Dirty).mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\The Diplomats- Diplomatic Immunity- 1st Of Tha Month (feat. Jimmy Jones, Camron, And Juelz Santana).mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\The Diplomats - Dipset Anthem ft Camron & Juelz Santana.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\T.I ft Justin Timberlake - Dead and Gone.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Sway & King Tech featuring DJ Revolution, RZA, Tech N9NE, Pharoahe Monch, Xzibit, Eminem, Jayo Felony, Kool G Rap, Chino XL, & KRS-One - The Anthem (Instrumental).mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Suave Smooth - Palm Beach County Anthem.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Styles P-Canadian Kush.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Snoop Doggy Dog f. Xzibit - [bleep] Please.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Snoop Dogg Ft E-40 & Kurupt - Candy.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Slim Thug - Smile.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Shawty Lo Ft. Trey Songz & Lil Wayne - Supplier - HotNewHipHop.com.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Shawty Lo - lets get it.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Sean Kingston Ft. Lil Wayne - I'm At War.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Sean Kingston Feat. The Game & Rick Ross - Colors 2007.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Rick Ross-Dope Boys-MF.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Rick Ross- For Da Low.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Rick Ross- Blow.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Reef the lost cauze - eyes of my father.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Red Cafe Ft. 50 Cent, Fat Joe, Jadakiss, & Fabolous - Paper Touchin (Remix).mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Ray Cash - She A G.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\RA The Rugged Man - Lessons.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Q-Tip - Gettin Up.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Plies_Ft_Akon-Hypnotized.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Plies ft. Sean Garrett- Street Lights.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Plies Feat Chris J - Put It On Ya.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Plies & Young Buck-[bleep] What They Talkin Bout-MF.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Plies - You (Feat. Tank).mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Plies - Runnin Momma Crazy.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Plies - Please Excuse My Hands (Dirty).mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Plies - Pants Hang Low.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Plies - On My Dick.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Plies - Never Tell On My Dawg (Feat. Trick Daddy).mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Plies - Murkin Season.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Plies - Most Anticipated.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Plies - Money Straight.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Plies - Kept It Too Real.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Plies - Goons Lurking.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Plies - Drama Found Me.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Plies - Definition Of Real - I'm Da Man ft Trey Songz.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Plies - Da Realist -Me and My Goons.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Plies - Da Realist - Plenty Money.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Plies - Da Realist - 09 - Spend The Night.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Plies - 100 Years.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Plies - 1 Mo Time.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Plies - Shawty.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Plies - I Am The Club.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Planet Asia- All these beats.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Planet Asia - G's & Soldiers (Ft. Kurupt).mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Papoose - I Get Gully(i get money freestyle).mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Papoose - Alphabetical Slaughter.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\P. Diddy ft.G-Dep and Black Rob - Let's Get It (Dirty).mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Omarion ft Jim Jones - Ice Box (Remix).mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Obie Trice ft. Eminem - When It Hits The Fan dr.dre, xzibit, eminem, 50 cent, tupac, g unit, weird al, blue collar, rap, the game, , lil wyte, bone thugs.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Nas - Got Yourself A Gun.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Mos Def - Mathematics.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Mobb Deep- Quiet Storm.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Mobb Deep ft. Young Buck- Give It To Me.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Mobb Deep - Win Or Lose ~remix~ (feat. Jadakiss, Jay-Z & Nas).mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Mobb Deep - Shook Ones Part II.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Mobb Deep - [bleep] On Earth (Front Lines).mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Mobb Deep - Got It Twisted Ft. Twista (Dirty Remix).mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Mobb Deep - Eye For An Eye (Feat Nas & Raekwon).mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Mobb Deep - Drop A Gem On 'Em.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Mobb Deep - Burn.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Mike Jones & Paul Wall - Still Tippin.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Method Man & Redman feat Toni Braxton - I Get So High.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Masta Ace - Take A Walk.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Mark Ronson Ghostface & Nate Dogg - Ooh Wee.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Lil Wayne, Jim Jones & Freekey Zeeky-Who The [bleep] Is This Girl-MF.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Lil Wayne ft. T-Pain - Got Money.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Lil Wayne Ft. Drake & Young Money - Every Girl.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Lil Wayne ft Young Money Ent. - Whoever You Like.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Lil Wayne- Cannon- Dissin Gilly Da Kid.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Lil Wayne & Juelz Santana- Bonified Hustla.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Lil' Wayne - Weezy's Ambitions.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Lil' Wayne - We Be Steady Mobbin (feat. Gucci Mane).mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Lil Wayne - The Sky Is The Limit.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Lil Wayne - No Nigga (Go getta remix).mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Lil Wayne - Kush.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Lil Wayne - I'm Me (2008).mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Lil Wayne - Da Drought 3 - Sky Is The Limit.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\juelz_santana-shottas_(feat_camron_and_sizzla).mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Juelz_Santana_Ft_Skull_Gang_-_I_Am_the_Club-.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Juelz Santana-Murda Murda.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Juelz Santana Ft. Young Jeezy & Lil Wayne - Make It Work For Ya.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Juelz santana ft. Skull gang - got money.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Juelz Santana Feat. Lil Wayne - Rewind.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Juelz Santana Feat. Lil Wayne - Hood [bleep].mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Juelz Santana - I Am Crack.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Joe Buddens- Pump It Up.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Jim Jones- Pin The Tail.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\jim jones - mind on my money.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Immortal Technique-Industrial Revolution.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Immortal Technique - You Never Know.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\immortal technique - positive balance.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Immortal Technique - Harlem Streets.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Ill Bill, Vinnie Paz ft. & Canibus - In The Hood.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Ill Bill ft. Necro - Glenwood Projects.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Heiroglyphics - Fight Club.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\G-Unit - Beg For Mercy - G'd Up.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Gucci Mane & Plies-Get Wasted (Produced By Fat Boi)-MF.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Gucci Mane - Is You Geeked Up.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Gorilla Zoe Feat. Young Jeezy - Hood Figga.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Gorilla Zoe - Betcha Cant.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Glasses Malone ft. Lil Wayne, Baby - Haters...(Trackfiends.net).mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Gangstarr & MOP- War Goin On Outside.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Fat Joe Ft. Terror Squad - Lean Back.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Fabolous Feat. Nate Dogg - Cant Deny It.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Fabolous - Trade It All (feat. Jagged Edge).mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Eminem vs. Biggie Smalls - Hip-Hop Wars Freestyles.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Eazy E ft 2pac The Game - This Is How We Do (Remix).mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Dr. Dre with Snoop Dogg - Still Dre.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Dr. Dre - The Chronic 2001 - 15 - Murder Inc. .mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\DJ Khaled Ft. T-Pain, Young Jeezy, Ludacris, Busta Rhymes, Big Boi, Lil' Wayne, Birdman, Fat Joe & Rick Ross - I'm So Hood (Remix).mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\DJ Khaled f. Young Jeezy, Juelz Santana, Lil Wayne, Fat Joe, Rick Ross & Dre - Brown Paper Bag.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\DJ Green Lantern - G Unit - What Up Dipset (Remix).mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Dipset_Byrd_Gang_Volume_1_All_Eyes_On_Zeke-Who_Shot_Freaky_Zeeky-18-jim_jones_camron_(killa_cam)__juelz_santana-drama_ki-whoa.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\dipset Juelz Santana - I Can Feel It In The Air.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Dipset - Juelz Santana & Fabolous - So What's It Gonna Be.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Dipset - Juelz Santana - Santana's Town.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Dipset - Jim Jones ft. P.Diddy, Jha Jha, Paul Wall - What U Been Drinkin.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\demigodz, Apathy, 7L & Esoteric feat. Reks - Public Execution.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Demigodz - Paper Thin.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Cunning Linguists ft. Masta Ace - Seasons.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Cunning Linguists - Linguistics.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Common ft. Will.I.Am - I Have A Dream.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Classified - Beatin' It.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Cashis ft.Rikanatti-Lets Ride.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Brooklyn Bomb (Slick Rick, Crooklyn Clan, Bad Boy, Beatnuts, Time Zone, Biggie, Jay-Z, Mase, Mobb Deep & Nas).mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Boot Camp Click - Smiff N' Wessun feat MOP - Bucktown Remix.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Black Rob - Like Whoa.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Black Rob - A Star In The Hood.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Beatnuts feat Dj Babu - Duck Season.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\B.O.B. feat. Rick Ross and Juvenile - Haterz Everywhere Remix.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Atmosphere - Little Man.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Army of The Pharoahs Revolution.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Army of the Pharoahs - Tear It Down.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Army of the Pharoahs - Swords Drawn.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Army Of The Pharoahs - Murder Death Kill.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Army of the pharaohs - dump the clip.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Akon ft. Lil' Wayne-Im so paid.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Aggy-MF.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Ace Hood Final Warning ft. DJ Khaled, Bun B, Blood Raw, Brisco, Bali, Lil Scrappy, Shawty Lo & Rock City.mp3:Roxio EMC Stream
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AC6124CA
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:85091E5D
< End of report >

EXTRAS.TXT

OTL Extras logfile created on: 9/2/2009 10:28:18 PM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Riel\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.48 Mb Total Physical Memory | 518.42 Mb Available Physical Memory | 50.70% Memory free
2.40 Gb Paging File | 2.00 Gb Available in Paging File | 83.19% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.98 Gb Total Space | 205.50 Gb Free Space | 89.75% Space Free | Partition Type: NTFS
Drive D: | 3.89 Gb Total Space | 0.45 Gb Free Space | 11.57% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WEED
Current User Name: Riel
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"2353:TCP" = 2353:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Java\jre1.6.0_05\bin\javaw.exe" = C:\Program Files\Java\jre1.6.0_05\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\ijji\ENGLISH\u_sf\soldierfront.exe" = C:\ijji\ENGLISH\u_sf\soldierfront.exe:*:Enabled:soldierfront -- File not found
"C:\ijji\ENGLISH\u_gunz.exe" = C:\ijji\ENGLISH\u_gunz.exe:*:Enabled:<ijji Downloader> -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)
"C:\Program Files\Azureus\Azureus.exe" = C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus -- File not found
"C:\Program Files\iMesh Applications\iMesh\iMesh.exe" = C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh -- File not found
"C:\Program Files\Steam\SteamApps\altec_109\counter-strike source\hl2.exe" = C:\Program Files\Steam\SteamApps\altec_109\counter-strike source\hl2.exe:*:Enabled:hl2 -- File not found
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\Program Files\dopewars-1.5.12\dopewars.exe" = C:\Program Files\dopewars-1.5.12\dopewars.exe:*:Enabled:dopewars -- File not found
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Graboid\GraboidVideo\1.4.0.0\DLManager\GraboidDLManager.exe" = C:\Program Files\Graboid\GraboidVideo\1.4.0.0\DLManager\GraboidDLManager.exe:*:Enabled:SABnzbd-0.2.5 -- File not found
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- (FrostWire Group)
"C:\Documents and Settings\Riel\Local Settings\Temp\Rar$EX05.265\volley.exe" = C:\Documents and Settings\Riel\Local Settings\Temp\Rar$EX05.265\volley.exe:*:Disabled:volley -- File not found
"C:\Program Files\IpSharkk\IpSharkk.exe" = C:\Program Files\IpSharkk\IpSharkk.exe:*:Enabled:IpSharkk -- File not found
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
"C:\Program Files\Microsoft Games\Age of Empires II Trial\EMPIRES2.EXE" = C:\Program Files\Microsoft Games\Age of Empires II Trial\EMPIRES2.EXE:*:Enabled:Age of Empires II -- File not found
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0F33250B-7C59-5A14-6ED5-FCC251A962D0}" = Skins
"{14378007-ACD5-2482-33A1-F79289A452E7}" = Catalyst Control Center Graphics Full Existing
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail
"{1E1CB0CC-50E9-2618-5D7C-03BE0A27E118}" = Catalyst Control Center Core Implementation
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 14
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36
"{4CA9EA31-65E6-00E2-3DBB-19AF01D51C8D}" = Catalyst Control Center Graphics Light
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{5EF19AD3-1873-9072-D526-E8F4E6A9EE59}" = Catalyst Control Center Graphics Full New
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher
"{68C83D63-C661-C444-7E60-E0328D842ECB}" = ccc-core-preinstall
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72D07FDD-94B7-A4EE-8C28-888C55D33831}" = ccc-core-static
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7FFC95A3-A514-E94D-72A1-B0FF80656519}" = CCC Help English
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{97FA9DC8-B4AF-84EE-DA97-B13FE28381BA}" = ccc-utility
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{B28759B8-5FC6-4F56-9C6C-6EDAD36455A9}" = Roxio Media Manager
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{DAAFA8DE-A2AB-49EE-B804-DB4AF04D2304}" = BlackBerry Desktop Software 4.5
"{DDBB28C8-B2AA-45A1-8DCE-059A798509FB}" = MobileMe Control Panel
"{DE1AF137-C455-494A-A817-EFE44BCCFDEE}" = Works Upgrade
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F73920B1-FD39-6893-4E9B-748311B666AF}" = Catalyst Control Center Graphics Previews Common
"8775AEB6-B596-4e0e-B7DA-2B5F4ED4215F_is1" = DownloadX Free 1.1.1
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Aladdin_is1" = Aladdin
"All ATI Software" = ATI - Software Uninstall Utility
"ASIO4ALL" = ASIO4ALL
"Ask Toolbar_is1" = Ask Toolbar
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.6
"AVG8Uninstall" = AVG 8.5
"BlackBerry_{DAAFA8DE-A2AB-49EE-B804-DB4AF04D2304}" = BlackBerry Desktop Software 4.5
"Championship Pro Am_is1" = Championship Pro Am
"Collab" = Collab
"Diablo II" = Diablo II
"Double Dragon_is1" = Double Dragon
"Duke Nukem 3D_is1" = Duke Nukem 3D
"FL Studio 7" = FL Studio 7
"FrostWire" = FrostWire 4.18.0
"Golden Axe 2_is1" = Golden Axe 2
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"IL Download Manager" = IL Download Manager
"KORG Legacy Collection v1.1.3 " = KORG Legacy Collection v1.1.3
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Monopoly_is1" = Monopoly
"Mozilla Firefox (3.0.13)" = Mozilla Firefox (3.0.13)
"Muhammed Ali Heavyweight Boxing_is1" = Muhammed Ali Heavyweight Boxing
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"oggcodecs" = oggcodecs 0.71.0946
"Poker 770" = Poker 770
"PokerStars" = PokerStars
"Road Rash 2_is1" = Road Rash 2
"Road Rash 3_is1" = Road Rash 3
"Spider-Man and Venom - Maximum Carnage_is1" = Spider-Man and Venom - Maximum Carnage
"Street Fighter 2 Plus Champion Edition_is1" = Street Fighter 2 Plus Champion Edition
"Superman_is1" = Superman
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"Works2006Setup" = Microsoft Works Suite 2006 Setup Launcher
"World Cup Soccer_is1" = World Cup Soccer
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ijji FireFox Launcher" = ijji FireFox Launcher 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/13/2009 12:24:32 AM | Computer Name = WEED | Source = Desktop | ID = 268379920
Description =

Error - 8/13/2009 12:44:09 PM | Computer Name = WEED | Source = Desktop | ID = 268379920
Description =

Error - 8/13/2009 12:44:17 PM | Computer Name = WEED | Source = Desktop | ID = 268379920
Description =

Error - 8/13/2009 12:44:22 PM | Computer Name = WEED | Source = Desktop | ID = 268379920
Description =

Error - 8/14/2009 1:04:50 AM | Computer Name = WEED | Source = Desktop | ID = 268379920
Description =

Error - 8/14/2009 1:05:02 AM | Computer Name = WEED | Source = Desktop | ID = 268379920
Description =

Error - 8/14/2009 1:09:13 AM | Computer Name = WEED | Source = Desktop | ID = 268379920
Description =

Error - 8/14/2009 11:58:35 PM | Computer Name = WEED | Source = Desktop | ID = 268379920
Description =

Error - 8/14/2009 11:58:43 PM | Computer Name = WEED | Source = Desktop | ID = 268379920
Description =

Error - 8/15/2009 12:02:36 AM | Computer Name = WEED | Source = Desktop | ID = 268379920
Description =

[ System Events ]
Error - 9/1/2009 11:34:16 AM | Computer Name = WEED | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
anf0100.sys

Error - 9/1/2009 8:21:36 PM | Computer Name = WEED | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.101 for the Network Card with network
address 0016764EB2C4 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 9/1/2009 8:21:43 PM | Computer Name = WEED | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 9/1/2009 8:21:43 PM | Computer Name = WEED | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 9/2/2009 2:31:49 PM | Computer Name = WEED | Source = Service Control Manager | ID = 7000
Description = The AntipyProex service failed to start due to the following error:
%%2

Error - 9/2/2009 2:31:49 PM | Computer Name = WEED | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 9/2/2009 2:31:50 PM | Computer Name = WEED | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
anf0100.sys

Error - 9/2/2009 3:35:33 PM | Computer Name = WEED | Source = Service Control Manager | ID = 7000
Description = The AntipyProex service failed to start due to the following error:
%%2

Error - 9/2/2009 3:35:33 PM | Computer Name = WEED | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 9/2/2009 3:35:34 PM | Computer Name = WEED | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
anf0100.sys


< End of report >
Go to the top of the page
 
+Quote Post
bizzle
post Sep 2 2009, 09:45 PM
Post #4


New Member
*
Posts: 9
OS: XP
Results.log

GMER 1.0.15.15077 [s3mj74kv.exe] - http://www.gmer.net
Rootkit scan 2009-09-02 22:44:32
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

Code 86B63140 ZwEnumerateKey
Code 86AF0498 ZwFlushInstructionCache
Code 86AF931E ZwSaveKey
Code 86B63DD6 ZwSaveKeyEx
Code 86B0972E IofCallDriver
Code 86B098EE IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!IofCallDriver 804EF1A6 5 Bytes JMP 86B09733
.text ntkrnlpa.exe!IofCompleteRequest 804EF236 5 Bytes JMP 86B098F3
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 805B6812 5 Bytes JMP 86AF049C
PAGE ntkrnlpa.exe!ZwEnumerateKey 80623FF0 5 Bytes JMP 86B63144
PAGE ntkrnlpa.exe!ZwSaveKey 80625264 5 Bytes JMP 86AF9322
PAGE ntkrnlpa.exe!ZwSaveKeyEx 8062534A 5 Bytes JMP 86B63DDA

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.exe[1916] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00B7000A

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\PROGRA~1\AVG\AVG8\avgrsx.exe[348] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135297
IAT C:\PROGRA~1\AVG\AVG8\avgrsx.exe[348] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135229
IAT C:\PROGRA~1\AVG\AVG8\avgrsx.exe[348] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001351EB
IAT C:\PROGRA~1\AVG\AVG8\avgrsx.exe[348] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001351B8
IAT C:\PROGRA~1\AVG\AVG8\avgrsx.exe[348] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\PROGRA~1\AVG\AVG8\avgrsx.exe[348] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\PROGRA~1\AVG\AVG8\avgrsx.exe[348] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\PROGRA~1\AVG\AVG8\avgrsx.exe[348] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\PROGRA~1\AVG\AVG8\avgrsx.exe[348] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\PROGRA~1\AVG\AVG8\avgrsx.exe[348] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135297
IAT C:\PROGRA~1\AVG\AVG8\avgnsx.exe[356] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135297
IAT C:\PROGRA~1\AVG\AVG8\avgnsx.exe[356] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135229
IAT C:\PROGRA~1\AVG\AVG8\avgnsx.exe[356] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001351EB
IAT C:\PROGRA~1\AVG\AVG8\avgnsx.exe[356] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001351B8
IAT C:\PROGRA~1\AVG\AVG8\avgnsx.exe[356] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135297
IAT C:\PROGRA~1\AVG\AVG8\avgnsx.exe[356] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\PROGRA~1\AVG\AVG8\avgnsx.exe[356] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\PROGRA~1\AVG\AVG8\avgnsx.exe[356] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\PROGRA~1\AVG\AVG8\avgnsx.exe[356] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\PROGRA~1\AVG\AVG8\avgnsx.exe[356] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\Program Files\Java\jre6\bin\jqs.exe[596] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135297
IAT C:\Program Files\Java\jre6\bin\jqs.exe[596] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135229
IAT C:\Program Files\Java\jre6\bin\jqs.exe[596] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001351EB
IAT C:\Program Files\Java\jre6\bin\jqs.exe[596] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001351B8
IAT C:\Program Files\Java\jre6\bin\jqs.exe[596] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135297
IAT C:\Program Files\Java\jre6\bin\jqs.exe[596] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\Program Files\Java\jre6\bin\jqs.exe[596] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Program Files\Java\jre6\bin\jqs.exe[596] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Program Files\Java\jre6\bin\jqs.exe[596] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Program Files\Java\jre6\bin\jqs.exe[596] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\WINDOWS\system32\services.exe[708] @ C:\WINDOWS\system32\services.exe [ntdll.dll!NtQueryDirectoryFile] 00D95297
IAT C:\WINDOWS\system32\services.exe[708] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00D95297
IAT C:\WINDOWS\system32\services.exe[708] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00D95229
IAT C:\WINDOWS\system32\services.exe[708] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00D951EB
IAT C:\WINDOWS\system32\services.exe[708] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00D951B8
IAT C:\WINDOWS\system32\services.exe[708] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00D9588A
IAT C:\WINDOWS\system32\services.exe[708] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00D955A9
IAT C:\WINDOWS\system32\services.exe[708] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00D9588A
IAT C:\WINDOWS\system32\services.exe[708] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00D95297
IAT C:\WINDOWS\system32\services.exe[708] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 00D9588A
IAT C:\WINDOWS\system32\services.exe[708] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 00D955A9
IAT C:\WINDOWS\system32\lsass.exe[720] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00E05297
IAT C:\WINDOWS\system32\lsass.exe[720] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00E05229
IAT C:\WINDOWS\system32\lsass.exe[720] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00E051EB
IAT C:\WINDOWS\system32\lsass.exe[720] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00E051B8
IAT C:\WINDOWS\system32\lsass.exe[720] @ C:\WINDOWS\system32\LSASRV.dll [ntdll.dll!LdrLoadDll] 00E05229
IAT C:\WINDOWS\system32\lsass.exe[720] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00E05297
IAT C:\WINDOWS\system32\lsass.exe[720] @ C:\WINDOWS\system32\SAMSRV.dll [ntdll.dll!LdrLoadDll] 00E05229
IAT C:\WINDOWS\system32\lsass.exe[720] @ C:\WINDOWS\system32\SAMSRV.dll [ntdll.dll!LdrGetProcedureAddress] 00E051EB
IAT C:\WINDOWS\system32\lsass.exe[720] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00E055A9
IAT C:\WINDOWS\system32\lsass.exe[720] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00E0588A
IAT C:\WINDOWS\system32\lsass.exe[720] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00E0588A
IAT C:\WINDOWS\system32\lsass.exe[720] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00E055A9
IAT C:\WINDOWS\system32\lsass.exe[720] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00E0588A
IAT C:\WINDOWS\system32\svchost.exe[916] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00EA51B8
IAT C:\WINDOWS\system32\svchost.exe[1024] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00EC5297
IAT C:\WINDOWS\system32\svchost.exe[1024] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00EC5229
IAT C:\WINDOWS\system32\svchost.exe[1024] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00EC51EB
IAT C:\WINDOWS\system32\svchost.exe[1024] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00EC51B8
IAT C:\WINDOWS\system32\svchost.exe[1024] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00EC55A9
IAT C:\WINDOWS\system32\svchost.exe[1024] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00EC588A
IAT C:\WINDOWS\system32\svchost.exe[1024] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00EC588A
IAT C:\WINDOWS\system32\svchost.exe[1024] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00EC55A9
IAT C:\WINDOWS\system32\svchost.exe[1024] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00EC588A
IAT C:\WINDOWS\system32\svchost.exe[1024] @ c:\windows\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00EC5297
IAT C:\WINDOWS\System32\svchost.exe[1124] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00EB5297
IAT C:\WINDOWS\System32\svchost.exe[1124] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00EB5229
IAT C:\WINDOWS\System32\svchost.exe[1124] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00EB51EB
IAT C:\WINDOWS\System32\svchost.exe[1124] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00EB51B8
IAT C:\WINDOWS\System32\svchost.exe[1124] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00EB55A9
IAT C:\WINDOWS\System32\svchost.exe[1124] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00EB588A
IAT C:\WINDOWS\System32\svchost.exe[1124] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00EB588A
IAT C:\WINDOWS\System32\svchost.exe[1124] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00EB55A9
IAT C:\WINDOWS\System32\svchost.exe[1124] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00EB588A
IAT C:\WINDOWS\System32\svchost.exe[1124] @ c:\windows\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00EB5297
IAT C:\WINDOWS\system32\svchost.exe[1172] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00905297
IAT C:\WINDOWS\system32\svchost.exe[1172] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00905229
IAT C:\WINDOWS\system32\svchost.exe[1172] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 009051EB
IAT C:\WINDOWS\system32\svchost.exe[1172] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 009051B8
IAT C:\WINDOWS\system32\svchost.exe[1172] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 009055A9
IAT C:\WINDOWS\system32\svchost.exe[1172] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 0090588A
IAT C:\WINDOWS\system32\svchost.exe[1172] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 0090588A
IAT C:\WINDOWS\system32\svchost.exe[1172] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 009055A9
IAT C:\WINDOWS\system32\svchost.exe[1172] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 0090588A
IAT C:\WINDOWS\system32\svchost.exe[1172] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00905297
IAT C:\WINDOWS\system32\svchost.exe[1224] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00405297
IAT C:\WINDOWS\system32\svchost.exe[1224] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00405229
IAT C:\WINDOWS\system32\svchost.exe[1224] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 004051EB
IAT C:\WINDOWS\system32\svchost.exe[1224] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 004051B8
IAT C:\WINDOWS\system32\svchost.exe[1224] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 004055A9
IAT C:\WINDOWS\system32\svchost.exe[1224] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 0040588A
IAT C:\WINDOWS\system32\svchost.exe[1224] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 0040588A
IAT C:\WINDOWS\system32\svchost.exe[1224] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 004055A9
IAT C:\WINDOWS\system32\svchost.exe[1224] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 0040588A
IAT C:\WINDOWS\system32\svchost.exe[1224] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00405297
IAT C:\Program Files\AVG\AVG8\avgui.exe[1232] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135297
IAT C:\Program Files\AVG\AVG8\avgui.exe[1232] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135229
IAT C:\Program Files\AVG\AVG8\avgui.exe[1232] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001351EB
IAT C:\Program Files\AVG\AVG8\avgui.exe[1232] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001351B8
IAT C:\Program Files\AVG\AVG8\avgui.exe[1232] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Program Files\AVG\AVG8\avgui.exe[1232] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\Program Files\AVG\AVG8\avgui.exe[1232] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Program Files\AVG\AVG8\avgui.exe[1232] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\Program Files\AVG\AVG8\avgui.exe[1232] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Program Files\AVG\AVG8\avgui.exe[1232] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135297
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1300] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135297
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1300] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135229
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1300] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001351EB
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1300] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001351B8
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1300] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135297
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1300] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1300] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1300] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1300] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1300] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1404] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135297
IAT C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1404] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135229
IAT C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1404] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001351EB
IAT C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1404] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001351B8
IAT C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1404] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1404] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1404] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1404] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1404] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1404] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135297
IAT C:\Program Files\Bonjour\mDNSResponder.exe[1504] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135297
IAT C:\Program Files\Bonjour\mDNSResponder.exe[1504] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135229
IAT C:\Program Files\Bonjour\mDNSResponder.exe[1504] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001351EB
IAT C:\Program Files\Bonjour\mDNSResponder.exe[1504] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001351B8
IAT C:\Program Files\Bonjour\mDNSResponder.exe[1504] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135297
IAT C:\Program Files\Bonjour\mDNSResponder.exe[1504] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\Program Files\Bonjour\mDNSResponder.exe[1504] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Program Files\Bonjour\mDNSResponder.exe[1504] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Program Files\Bonjour\mDNSResponder.exe[1504] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Program Files\Bonjour\mDNSResponder.exe[1504] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\WINDOWS\Explorer.exe[1916] @ C:\WINDOWS\Explorer.exe [USER32.dll!TranslateMessage] 0225588A
IAT C:\WINDOWS\Explorer.exe[1916] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 02255297
IAT C:\WINDOWS\Explorer.exe[1916] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 02255229
IAT C:\WINDOWS\Explorer.exe[1916] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 022551EB
IAT C:\WINDOWS\Explorer.exe[1916] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 022551B8
IAT C:\WINDOWS\Explorer.exe[1916] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 022555A9
IAT C:\WINDOWS\Explorer.exe[1916] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 0225588A
IAT C:\WINDOWS\Explorer.exe[1916] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 0225588A
IAT C:\WINDOWS\Explorer.exe[1916] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 0225588A
IAT C:\WINDOWS\Explorer.exe[1916] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 022555A9
IAT C:\WINDOWS\Explorer.exe[1916] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 02255297
IAT C:\WINDOWS\system32\ctfmon.exe[2204] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00085297
IAT C:\WINDOWS\system32\ctfmon.exe[2204] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00085229
IAT C:\WINDOWS\system32\ctfmon.exe[2204] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 000851EB
IAT C:\WINDOWS\system32\ctfmon.exe[2204] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 000851B8
IAT C:\WINDOWS\system32\ctfmon.exe[2204] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 000855A9
IAT C:\WINDOWS\system32\ctfmon.exe[2204] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 0008588A
IAT C:\WINDOWS\system32\ctfmon.exe[2204] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 0008588A
IAT C:\WINDOWS\system32\ctfmon.exe[2204] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 000855A9
IAT C:\WINDOWS\system32\ctfmon.exe[2204] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 0008588A
IAT C:\WINDOWS\system32\ctfmon.exe[2204] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00085297
IAT C:\WINDOWS\system32\svchost.exe[2428] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00405297
IAT C:\WINDOWS\system32\svchost.exe[2428] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00405229
IAT C:\WINDOWS\system32\svchost.exe[2428] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 004051EB
IAT C:\WINDOWS\system32\svchost.exe[2428] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 004051B8
IAT C:\WINDOWS\system32\svchost.exe[2428] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 004055A9
IAT C:\WINDOWS\system32\svchost.exe[2428] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 0040588A
IAT C:\WINDOWS\system32\svchost.exe[2428] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 0040588A
IAT C:\WINDOWS\system32\svchost.exe[2428] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 004055A9
IAT C:\WINDOWS\system32\svchost.exe[2428] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 0040588A
IAT C:\WINDOWS\system32\svchost.exe[2428] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00405297
IAT C:\PROGRA~1\AVG\AVG8\avgemc.exe[2532] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135297
IAT C:\PROGRA~1\AVG\AVG8\avgemc.exe[2532] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135229
IAT C:\PROGRA~1\AVG\AVG8\avgemc.exe[2532] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001351EB
IAT C:\PROGRA~1\AVG\AVG8\avgemc.exe[2532] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001351B8
IAT C:\PROGRA~1\AVG\AVG8\avgemc.exe[2532] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135297
IAT C:\PROGRA~1\AVG\AVG8\avgemc.exe[2532] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\PROGRA~1\AVG\AVG8\avgemc.exe[2532] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\PROGRA~1\AVG\AVG8\avgemc.exe[2532] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\PROGRA~1\AVG\AVG8\avgemc.exe[2532] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\PROGRA~1\AVG\AVG8\avgemc.exe[2532] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\Program Files\AVG\AVG8\avgcsrvx.exe[2688] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135297
IAT C:\Program Files\AVG\AVG8\avgcsrvx.exe[2688] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135229
IAT C:\Program Files\AVG\AVG8\avgcsrvx.exe[2688] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001351EB
IAT C:\Program Files\AVG\AVG8\avgcsrvx.exe[2688] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001351B8
IAT C:\Program Files\AVG\AVG8\avgcsrvx.exe[2688] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Program Files\AVG\AVG8\avgcsrvx.exe[2688] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\Program Files\AVG\AVG8\avgcsrvx.exe[2688] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Program Files\AVG\AVG8\avgcsrvx.exe[2688] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Program Files\AVG\AVG8\avgcsrvx.exe[2688] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\Program Files\AVG\AVG8\avgcsrvx.exe[2688] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135297
IAT C:\WINDOWS\System32\alg.exe[3100] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00405297
IAT C:\WINDOWS\System32\alg.exe[3100] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00405229
IAT C:\WINDOWS\System32\alg.exe[3100] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 004051EB
IAT C:\WINDOWS\System32\alg.exe[3100] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 004051B8
IAT C:\WINDOWS\System32\alg.exe[3100] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 004055A9
IAT C:\WINDOWS\System32\alg.exe[3100] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 0040588A
IAT C:\WINDOWS\System32\alg.exe[3100] @ C:\WINDOWS\System32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00405297
IAT C:\WINDOWS\System32\alg.exe[3100] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 0040588A
IAT C:\WINDOWS\System32\alg.exe[3100] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 004055A9
IAT C:\WINDOWS\System32\alg.exe[3100] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 0040588A
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3560] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135297
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3560] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135229
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3560] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001351EB
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3560] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001351B8
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3560] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135297
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3560] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3560] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3560] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3560] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3560] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Program Files\AVG\AVG8\avgtray.exe[3568] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135297
IAT C:\Program Files\AVG\AVG8\avgtray.exe[3568] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135229
IAT C:\Program Files\AVG\AVG8\avgtray.exe[3568] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001351EB
IAT C:\Program Files\AVG\AVG8\avgtray.exe[3568] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001351B8
IAT C:\Program Files\AVG\AVG8\avgtray.exe[3568] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Program Files\AVG\AVG8\avgtray.exe[3568] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\Program Files\AVG\AVG8\avgtray.exe[3568] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Program Files\AVG\AVG8\avgtray.exe[3568] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\Program Files\AVG\AVG8\avgtray.exe[3568] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Program Files\AVG\AVG8\avgtray.exe[3568] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135297
IAT C:\s3mj74kv.exe[3768] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135297
IAT C:\s3mj74kv.exe[3768] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135229
IAT C:\s3mj74kv.exe[3768] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001351EB
IAT C:\s3mj74kv.exe[3768] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001351B8
IAT C:\s3mj74kv.exe[3768] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\s3mj74kv.exe[3768] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\s3mj74kv.exe[3768] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\s3mj74kv.exe[3768] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\s3mj74kv.exe[3768] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\s3mj74kv.exe[3768] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135297
IAT C:\Program Files\iPod\bin\iPodService.exe[3880] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135297
IAT C:\Program Files\iPod\bin\iPodService.exe[3880] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135229
IAT C:\Program Files\iPod\bin\iPodService.exe[3880] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001351EB
IAT C:\Program Files\iPod\bin\iPodService.exe[3880] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001351B8
IAT C:\Program Files\iPod\bin\iPodService.exe[3880] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\Program Files\iPod\bin\iPodService.exe[3880] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Program Files\iPod\bin\iPodService.exe[3880] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Program Files\iPod\bin\iPodService.exe[3880] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Program Files\iPod\bin\iPodService.exe[3880] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\Program Files\iPod\bin\iPodService.exe[3880] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135297

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\drivers\kbiwkmyqqjlklt.sys (*** hidden *** ) [SYSTEM] kbiwkmikmsqrov <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmikmsqrov
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmikmsqrov@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmikmsqrov@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmikmsqrov@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmikmsqrov@imagepath \systemroot\system32\drivers\kbiwkmyqqjlklt.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmikmsqrov\main
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmikmsqrov\main@aid 10162
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmikmsqrov\main@sid 9
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmikmsqrov\main@cmddelay 14400
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmikmsqrov\main\delete
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmikmsqrov\main\injector
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmikmsqrov\main\injector@* kbiwkmwsp.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmikmsqrov\main\tasks
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmikmsqrov\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmikmsqrov\modules@kbiwkmrk.sys \systemroot\system32\drivers\kbiwkmyqqjlklt.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmikmsqrov\modules@kbiwkmcmd.dll \systemroot\system32\kbiwkmimxepxet.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmikmsqrov\modules@kbiwkmlog.dat \systemroot\system32\kbiwkmowkseypu.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmikmsqrov\modules@kbiwkmwsp.dll \systemroot\system32\kbiwkmkfuxjioq.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmikmsqrov\modules@kbiwkm.dat \systemroot\system32\kbiwkmekttkrsa.dat
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmikmsqrov (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmikmsqrov@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmikmsqrov@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmikmsqrov@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmikmsqrov@imagepath \systemroot\system32\drivers\kbiwkmyqqjlklt.sys
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmikmsqrov\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmikmsqrov\main@aid 10162
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmikmsqrov\main@sid 9
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmikmsqrov\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmikmsqrov\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmikmsqrov\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmikmsqrov\main\injector@* kbiwkmwsp.dll
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmikmsqrov\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmikmsqrov\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmikmsqrov\modules@kbiwkmrk.sys \systemroot\system32\drivers\kbiwkmyqqjlklt.sys
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmikmsqrov\modules@kbiwkmcmd.dll \systemroot\system32\kbiwkmimxepxet.dll
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmikmsqrov\modules@kbiwkmlog.dat \systemroot\system32\kbiwkmowkseypu.dat
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmikmsqrov\modules@kbiwkmwsp.dll \systemroot\system32\kbiwkmkfuxjioq.dll
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmikmsqrov\modules@kbiwkm.dat \systemroot\system32\kbiwkmekttkrsa.dat

---- EOF - GMER 1.0.15 ----
Go to the top of the page
 
+Quote Post
kahdah
post Sep 3 2009, 06:05 AM
Post #5


GeekU Teacher
Group Icon
Posts: 13,543
From: Florida
OS: Windows xp,Vista business



First temporarily disable any antivirus program or any real time shields that are present:
If you do not know how then you can refer to this link:
http://www.bleepingcomputer.com/forums/topic114351.html
================
Then Download Combofix from any of the links below. You must rename it before saving it. Rename it to kahdah then save it to your desktop.
Link 1
Link 2
--------------------------------------------------------------------

Double click on kahdah.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Go to the top of the page
 
+Quote Post
bizzle
post Sep 3 2009, 08:04 PM
Post #6


New Member
*
Posts: 9
OS: XP
ComboFix.txt

ComboFix 09-09-03.02 - Riel 09/03/2009 20:47.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.642 [GMT -5:00]
Running from: c:\documents and settings\Riel\Desktop\kahdah.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Riel\LOCALS~1\Temp\1.wmv
c:\documents and settings\LocalService\Application Data\twain_32
c:\documents and settings\LocalService\Application Data\twain_32\user.ds
c:\documents and settings\Riel\Application Data\ClipExtractor-Activation.info
c:\documents and settings\Riel\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat
c:\documents and settings\Riel\Local Settings\Temporary Internet Files\ijjistarter2.exe
c:\program files\Windows Antivirus Pro
c:\program files\Windows Antivirus Pro\msvcm80.dll
c:\program files\Windows Antivirus Pro\msvcp80.dll
c:\program files\Windows Antivirus Pro\msvcr80.dll
c:\program files\Windows Antivirus Pro\tmp\dbsinit.exe
c:\program files\Windows Antivirus Pro\tmp\images\i1.gif
c:\program files\Windows Antivirus Pro\tmp\images\i2.gif
c:\program files\Windows Antivirus Pro\tmp\images\i3.gif
c:\program files\Windows Antivirus Pro\tmp\images\j1.gif
c:\program files\Windows Antivirus Pro\tmp\images\j2.gif
c:\program files\Windows Antivirus Pro\tmp\images\j3.gif
c:\program files\Windows Antivirus Pro\tmp\images\jj1.gif
c:\program files\Windows Antivirus Pro\tmp\images\jj2.gif
c:\program files\Windows Antivirus Pro\tmp\images\jj3.gif
c:\program files\Windows Antivirus Pro\tmp\images\l1.gif
c:\program files\Windows Antivirus Pro\tmp\images\l2.gif
c:\program files\Windows Antivirus Pro\tmp\images\l3.gif
c:\program files\Windows Antivirus Pro\tmp\images\pix.gif
c:\program files\Windows Antivirus Pro\tmp\images\t1.gif
c:\program files\Windows Antivirus Pro\tmp\images\t2.gif
c:\program files\Windows Antivirus Pro\tmp\images\up1.gif
c:\program files\Windows Antivirus Pro\tmp\images\up2.gif
c:\program files\Windows Antivirus Pro\tmp\images\w1.gif
c:\program files\Windows Antivirus Pro\tmp\images\w11.gif
c:\program files\Windows Antivirus Pro\tmp\images\w2.gif
c:\program files\Windows Antivirus Pro\tmp\images\w3.gif
c:\program files\Windows Antivirus Pro\tmp\images\w3.jpg
c:\program files\Windows Antivirus Pro\tmp\images\wt1.gif
c:\program files\Windows Antivirus Pro\tmp\images\wt2.gif
c:\program files\Windows Antivirus Pro\tmp\images\wt3.gif
c:\program files\Windows Antivirus Pro\tmp\wispex.html
c:\program files\Windows Antivirus Pro\Windows Antivirus Pro.exe
c:\windows\Installer\9b7827.msi
c:\windows\ppp3.dat
c:\windows\ppp4.dat
c:\windows\system32\bennuar.old
c:\windows\system32\config\systemprofile\Start Menu\Programs\Windows Antivirus Pro
c:\windows\system32\config\systemprofile\Start Menu\Programs\Windows Antivirus Pro\Windows Antivirus Pro.lnk
c:\windows\system32\desot.exe
c:\windows\system32\drivers\kbiwkmyqqjlklt.sys
c:\windows\system32\kbiwkmekttkrsa.dat
c:\windows\system32\kbiwkmimxepxet.dll
c:\windows\system32\kbiwkmkfuxjioq.dll
c:\windows\system32\kbiwkmowkseypu.dat
c:\windows\system32\onhelp.htm
c:\windows\system32\sonhelp.htm
c:\windows\system32\sysnet.dat
c:\windows\system32\twain_32
c:\windows\system32\twain_32\local.ds
c:\windows\system32\twain_32\user.ds
c:\windows\system32\twain_32\user.ds.cla
c:\windows\system32\twext.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_kbiwkmikmsqrov
-------\Legacy_kbiwkmikmsqrov
-------\Legacy_ANTIPPRO2009_100
-------\Service_AntipPro2009_100


((((((((((((((((((((((((( Files Created from 2009-08-04 to 2009-09-04 )))))))))))))))))))))))))))))))
.

2009-09-03 03:31 . 2009-09-03 03:31 288768 ----a-w- C:\s3mj74kv.exe
2009-08-30 18:08 . 2009-08-30 18:08 2855 ----a-w- c:\windows\system32\desot.PIF
2009-08-30 18:04 . 2009-08-30 18:04 -------- d--h--w- c:\windows\PIF
2009-08-30 17:53 . 2009-08-30 17:53 -------- d-s---w- c:\documents and settings\Riel\%SystemDrive%
2009-08-30 02:16 . 2009-08-30 02:16 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-08-30 02:16 . 2009-08-30 02:17 -------- d-----w- c:\documents and settings\Riel\.housecall6.6
2009-08-29 22:35 . 2009-08-29 22:35 -------- d-----w- C:\Winamp
2009-08-28 03:53 . 2008-04-13 16:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-08-28 03:53 . 2008-04-13 16:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-08-28 03:53 . 2001-08-18 03:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-08-28 03:53 . 2008-04-13 22:12 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-08-27 22:20 . 2009-08-27 22:22 -------- d-----w- c:\documents and settings\Riel\Application Data\UltimateBet
2009-08-27 22:20 . 2009-08-27 22:25 -------- d-----w- c:\program files\UltimateBet
2009-08-27 22:20 . 2009-08-27 22:20 -------- d-----w- c:\program files\_uninstallation_info
2009-08-27 16:21 . 2009-08-27 16:21 -------- d-sh--w- c:\documents and settings\Riel\IECompatCache
2009-08-25 02:05 . 2009-08-25 02:05 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-08-25 01:55 . 2009-08-25 01:55 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-08-13 09:24 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-05 09:01 . 2009-08-05 09:01 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-04 02:00 . 2009-02-20 02:00 256 ----a-w- c:\windows\system32\pool.bin
2009-09-04 01:27 . 2009-04-22 23:32 -------- d-----w- c:\documents and settings\Riel\Application Data\FrostWire
2009-08-28 16:48 . 2008-10-09 01:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Avg8
2009-08-25 22:22 . 2008-09-29 01:58 -------- d-----w- c:\program files\PokerStars
2009-08-19 15:44 . 2009-03-30 00:32 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-19 15:44 . 2009-03-30 00:32 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-19 15:44 . 2009-03-30 00:32 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-18 01:58 . 2009-07-16 23:15 256 ----a-w- c:\documents and settings\Riel\pool.bin
2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-26 20:04 . 2009-07-26 20:03 -------- d-----w- c:\program files\iTunes
2009-07-26 20:04 . 2009-07-26 20:04 -------- d-----w- c:\program files\iPod
2009-07-26 20:03 . 2008-06-29 20:03 -------- d-----w- c:\program files\Common Files\Apple
2009-07-22 16:55 . 2009-06-14 02:03 -------- d-----w- c:\program files\AskBarDis
2009-07-17 19:01 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-16 23:19 . 2009-06-02 02:37 -------- d-----w- c:\documents and settings\Riel\Application Data\Roxio
2009-07-14 04:43 . 2004-08-04 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-13 02:32 . 2009-07-13 02:32 -------- d-----w- c:\program files\Monopoly
2009-07-13 02:31 . 2009-07-13 02:31 -------- d-----w- c:\program files\Muhammed Ali Heavyweight Boxing
2009-07-13 02:30 . 2009-07-13 02:30 -------- d-----w- c:\program files\Street Fighter 2 Plus Champion Edition
2009-07-13 02:30 . 2009-07-13 02:30 -------- d-----w- c:\program files\World Cup Soccer
2009-07-13 02:30 . 2009-06-25 02:15 -------- d-----w- c:\program files\Road Rash 3
2009-07-13 02:30 . 2009-07-13 02:30 -------- d-----w- c:\program files\Spider-Man and Venom - Maximum Carnage
2009-07-13 02:30 . 2009-07-13 02:30 -------- d-----w- c:\program files\Golden Axe 2
2009-07-13 02:30 . 2009-07-13 02:30 -------- d-----w- c:\program files\Championship Pro Am
2009-07-13 02:29 . 2009-07-13 02:29 -------- d-----w- c:\program files\Superman
2009-07-13 01:46 . 2009-07-13 01:46 -------- d-----w- c:\program files\Duke Nukem 3D
2009-07-12 21:16 . 2009-07-12 21:16 -------- d-----w- c:\program files\Aladdin
2009-07-12 21:02 . 2009-07-12 21:02 -------- d-----w- c:\program files\Double Dragon
2009-07-12 18:36 . 2009-07-12 18:36 -------- d-----w- c:\program files\Road Rash 2
2009-07-03 17:09 . 2004-08-04 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-01 23:57 . 2008-04-30 03:08 49208 ----a-w- c:\documents and settings\Riel\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-01 20:33 . 2009-07-01 20:33 61268 ----a-w- c:\windows\system32\sndvol32.zip
2009-06-25 08:25 . 2004-08-04 12:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2004-08-04 12:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2004-08-04 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2004-08-04 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2004-08-04 12:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2004-08-04 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-24 22:13 . 2009-06-24 22:13 8704 ----a-w- c:\windows\system32\SpOrder.dll
2009-06-24 11:18 . 2004-08-04 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:36 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 12:31 . 2004-08-04 12:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:19 . 2008-04-30 02:43 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 14:13 . 2004-08-04 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:14 . 2004-08-04 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-29 22:24 325000 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-07-24 14:55 1090816 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-19 2007832]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-03-06 236016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-01-09 16859648]

c:\documents and settings\Riel\Start Menu\Programs\Startup\
FrostWire On Startup.lnk - c:\program files\FrostWire\FrostWire.exe [2008-9-3 114688]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2008-5-30 1508624]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-19 15:44 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Java\\jre1.6.0_05\\bin\\javaw.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2353:TCP"= 2353:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [3/29/2009 7:32 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3/29/2009 7:32 PM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [8/19/2009 10:44 AM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [8/19/2009 10:44 AM 297752]
S1 anf0100.sys;anf0100.sys;\??\c:\windows\system32\drivers\anf0100.sys --> c:\windows\system32\drivers\anf0100.sys [?]
S3 dump_wmimmc;dump_wmimmc;\??\c:\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys --> c:\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys [?]
S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [10/1/2006 7:37 AM 26624]
S3 tap0901;TAP-Win32 Adapter V9;c:\windows\system32\drivers\tap0901.sys [1/29/2008 7:41 PM 25216]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-09-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-IpSharkk - c:\program files\IpSharkk\IpSharkk.exe
HKCU-Run-PlayNC Launcher - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com/?o=101760&l=dis
uInternet Settings,ProxyServer = ftp=localhost:8080;gopher=localhost:8080;http=localhost:8080;https=localhost:8080;socks=localhost:1080
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\documents and settings\Riel\Application Data\Mozilla\Firefox\Profiles\dbrcrkr8.default\
FF - prefs.js: browser.startup.homepage - hxxp://facebook.com/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-03 21:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(676)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(5144)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
c:\program files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
.
**************************************************************************
.
Completion time: 2009-09-04 21:03 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-04 02:02

Pre-Run: 220,514,381,824 bytes free
Post-Run: 221,748,133,888 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
d:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

288 --- E O F --- 2009-09-02 04:18
Go to the top of the page
 
+Quote Post
kahdah
post Sep 4 2009, 05:52 AM
Post #7


GeekU Teacher
Group Icon
Posts: 13,543
From: Florida
OS: Windows xp,Vista business



First: Download and run Malwarebytes

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
=====
Second: Online Scanner
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Go to the top of the page
 
+Quote Post
bizzle
post Sep 4 2009, 12:42 PM
Post #8


New Member
*
Posts: 9
OS: XP
mbam-log

Malwarebytes' Anti-Malware 1.40
Database version: 2741
Windows 5.1.2600 Service Pack 3

9/4/2009 12:48:53 PM
mbam-log-2009-09-04 (12-48-53).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 168224
Time elapsed: 42 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 11

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_USERS\S-1-5-18\SOFTWARE\Windows antiVirus pro (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\Image-Line\FL Studio 7\Plugins\VST\KORG\KORG Legacy\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\Windows Antivirus Pro\Windows Antivirus Pro.exe.vir (Antivirus2009) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\Windows Antivirus Pro\tmp\dbsinit.exe.vir (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\kbiwkmimxepxet.dll.vir (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\kbiwkmkfuxjioq.dll.vir (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CAEC8569-408D-442E-9720-128FD85BCF93}\RP0\A0000003.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CAEC8569-408D-442E-9720-128FD85BCF93}\RP0\A0000004.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CAEC8569-408D-442E-9720-128FD85BCF93}\RP1\A0000032.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CAEC8569-408D-442E-9720-128FD85BCF93}\RP1\A0000033.exe (Antivirus2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\Riel\Application Data\Microsoft\svchost.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Riel\Desktop\svchost.scr (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
Go to the top of the page
 
+Quote Post
kahdah
post Sep 4 2009, 04:56 PM
Post #9


GeekU Teacher
Group Icon
Posts: 13,543
From: Florida
OS: Windows xp,Vista business



Ok post the kaspersky scan when you can.
Go to the top of the page
 
+Quote Post
bizzle
post Sep 4 2009, 08:51 PM
Post #10


New Member
*
Posts: 9
OS: XP
GMER 1.0.15.15077 [s3mj74kv.exe] - http://www.gmer.net
Rootkit scan 2009-09-02 22:44:32
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

Code 86B63140 ZwEnumerateKey
Code 86AF0498 ZwFlushInstructionCache
Code 86AF931E ZwSaveKey
Code 86B63DD6 ZwSaveKeyEx
Code 86B0972E IofCallDriver
Code 86B098EE IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!IofCallDriver 804EF1A6 5 Bytes JMP 86B09733
.text ntkrnlpa.exe!IofCompleteRequest 804EF236 5 Bytes JMP 86B098F3
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 805B6812 5 Bytes JMP 86AF049C
PAGE ntkrnlpa.exe!ZwEnumerateKey 80623FF0 5 Bytes JMP 86B63144
PAGE ntkrnlpa.exe!ZwSaveKey 80625264 5 Bytes JMP 86AF9322
PAGE ntkrnlpa.exe!ZwSaveKeyEx 8062534A 5 Bytes JMP 86B63DDA

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.exe[1916] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00B7000A

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\PROGRA~1\AVG\AVG8\avgrsx.exe[348] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135297
IAT C:\PROGRA~1\AVG\AVG8\avgrsx.exe[348] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135229
IAT C:\PROGRA~1\AVG\AVG8\avgrsx.exe[348] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001351EB
IAT C:\PROGRA~1\AVG\AVG8\avgrsx.exe[348] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001351B8
IAT C:\PROGRA~1\AVG\AVG8\avgrsx.exe[348] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\PROGRA~1\AVG\AVG8\avgrsx.exe[348] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\PROGRA~1\AVG\AVG8\avgrsx.exe[348] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\PROGRA~1\AVG\AVG8\avgrsx.exe[348] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\PROGRA~1\AVG\AVG8\avgrsx.exe[348] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\PROGRA~1\AVG\AVG8\avgrsx.exe[348] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135297
IAT C:\PROGRA~1\AVG\AVG8\avgnsx.exe[356] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135297
IAT C:\PROGRA~1\AVG\AVG8\avgnsx.exe[356] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135229
IAT C:\PROGRA~1\AVG\AVG8\avgnsx.exe[356] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001351EB
IAT C:\PROGRA~1\AVG\AVG8\avgnsx.exe[356] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001351B8
IAT C:\PROGRA~1\AVG\AVG8\avgnsx.exe[356] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135297
IAT C:\PROGRA~1\AVG\AVG8\avgnsx.exe[356] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\PROGRA~1\AVG\AVG8\avgnsx.exe[356] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\PROGRA~1\AVG\AVG8\avgnsx.exe[356] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\PROGRA~1\AVG\AVG8\avgnsx.exe[356] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\PROGRA~1\AVG\AVG8\avgnsx.exe[356] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\Program Files\Java\jre6\bin\jqs.exe[596] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135297
IAT C:\Program Files\Java\jre6\bin\jqs.exe[596] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135229
IAT C:\Program Files\Java\jre6\bin\jqs.exe[596] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001351EB
IAT C:\Program Files\Java\jre6\bin\jqs.exe[596] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001351B8
IAT C:\Program Files\Java\jre6\bin\jqs.exe[596] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135297
IAT C:\Program Files\Java\jre6\bin\jqs.exe[596] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\Program Files\Java\jre6\bin\jqs.exe[596] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Program Files\Java\jre6\bin\jqs.exe[596] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Program Files\Java\jre6\bin\jqs.exe[596] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Program Files\Java\jre6\bin\jqs.exe[596] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\WINDOWS\system32\services.exe[708] @ C:\WINDOWS\system32\services.exe [ntdll.dll!NtQueryDirectoryFile] 00D95297
IAT C:\WINDOWS\system32\services.exe[708] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00D95297
IAT C:\WINDOWS\system32\services.exe[708] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00D95229
IAT C:\WINDOWS\system32\services.exe[708] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00D951EB
IAT C:\WINDOWS\system32\services.exe[708] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00D951B8
IAT C:\WINDOWS\system32\services.exe[708] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00D9588A
IAT C:\WINDOWS\system32\services.exe[708] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00D955A9
IAT C:\WINDOWS\system32\services.exe[708] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00D9588A
IAT C:\WINDOWS\system32\services.exe[708] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00D95297
IAT C:\WINDOWS\system32\services.exe[708] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 00D9588A
IAT C:\WINDOWS\system32\services.exe[708] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 00D955A9
IAT C:\WINDOWS\system32\lsass.exe[720] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00E05297
IAT C:\WINDOWS\system32\lsass.exe[720] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00E05229
IAT C:\WINDOWS\system32\lsass.exe[720] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00E051EB
IAT C:\WINDOWS\system32\lsass.exe[720] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00E051B8
IAT C:\WINDOWS\system32\lsass.exe[720] @ C:\WINDOWS\system32\LSASRV.dll [ntdll.dll!LdrLoadDll] 00E05229
IAT C:\WINDOWS\system32\lsass.exe[720] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00E05297
IAT C:\WINDOWS\system32\lsass.exe[720] @ C:\WINDOWS\system32\SAMSRV.dll [ntdll.dll!LdrLoadDll] 00E05229
IAT C:\WINDOWS\system32\lsass.exe[720] @ C:\WINDOWS\system32\SAMSRV.dll [ntdll.dll!LdrGetProcedureAddress] 00E051EB
IAT C:\WINDOWS\system32\lsass.exe[720] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00E055A9
IAT C:\WINDOWS\system32\lsass.exe[720] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00E0588A
IAT C:\WINDOWS\system32\lsass.exe[720] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00E0588A
IAT C:\WINDOWS\system32\lsass.exe[720] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00E055A9
IAT C:\WINDOWS\system32\lsass.exe[720] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00E0588A
IAT C:\WINDOWS\system32\svchost.exe[916] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00EA51B8
IAT C:\WINDOWS\system32\svchost.exe[1024] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00EC5297
IAT C:\WINDOWS\system32\svchost.exe[1024] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00EC5229
IAT C:\WINDOWS\system32\svchost.exe[1024] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00EC51EB
IAT C:\WINDOWS\system32\svchost.exe[1024] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00EC51B8
IAT C:\WINDOWS\system32\svchost.exe[1024] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00EC55A9
IAT C:\WINDOWS\system32\svchost.exe[1024] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00EC588A
IAT C:\WINDOWS\system32\svchost.exe[1024] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00EC588A
IAT C:\WINDOWS\system32\svchost.exe[1024] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00EC55A9
IAT C:\WINDOWS\system32\svchost.exe[1024] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00EC588A
IAT C:\WINDOWS\system32\svchost.exe[1024] @ c:\windows\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00EC5297
IAT C:\WINDOWS\System32\svchost.exe[1124] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00EB5297
IAT C:\WINDOWS\System32\svchost.exe[1124] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00EB5229
IAT C:\WINDOWS\System32\svchost.exe[1124] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00EB51EB
IAT C:\WINDOWS\System32\svchost.exe[1124] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00EB51B8
IAT C:\WINDOWS\System32\svchost.exe[1124] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00EB55A9
IAT C:\WINDOWS\System32\svchost.exe[1124] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00EB588A
IAT C:\WINDOWS\System32\svchost.exe[1124] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00EB588A
IAT C:\WINDOWS\System32\svchost.exe[1124] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00EB55A9
IAT C:\WINDOWS\System32\svchost.exe[1124] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00EB588A
IAT C:\WINDOWS\System32\svchost.exe[1124] @ c:\windows\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00EB5297
IAT C:\WINDOWS\system32\svchost.exe[1172] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00905297
IAT C:\WINDOWS\system32\svchost.exe[1172] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00905229
IAT C:\WINDOWS\system32\svchost.exe[1172] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 009051EB
IAT C:\WINDOWS\system32\svchost.exe[1172] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 009051B8
IAT C:\WINDOWS\system32\svchost.exe[1172] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 009055A9
IAT C:\WINDOWS\system32\svchost.exe[1172] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 0090588A
IAT C:\WINDOWS\system32\svchost.exe[1172] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 0090588A
IAT C:\WINDOWS\system32\svchost.exe[1172] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 009055A9
IAT C:\WINDOWS\system32\svchost.exe[1172] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 0090588A
IAT C:\WINDOWS\system32\svchost.exe[1172] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00905297
IAT C:\WINDOWS\system32\svchost.exe[1224] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00405297
IAT C:\WINDOWS\system32\svchost.exe[1224] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00405229
IAT C:\WINDOWS\system32\svchost.exe[1224] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 004051EB
IAT C:\WINDOWS\system32\svchost.exe[1224] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 004051B8
IAT C:\WINDOWS\system32\svchost.exe[1224] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 004055A9
IAT C:\WINDOWS\system32\svchost.exe[1224] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 0040588A
IAT C:\WINDOWS\system32\svchost.exe[1224] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 0040588A
IAT C:\WINDOWS\system32\svchost.exe[1224] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 004055A9
IAT C:\WINDOWS\system32\svchost.exe[1224] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 0040588A
IAT C:\WINDOWS\system32\svchost.exe[1224] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00405297
IAT C:\Program Files\AVG\AVG8\avgui.exe[1232] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135297
IAT C:\Program Files\AVG\AVG8\avgui.exe[1232] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135229
IAT C:\Program Files\AVG\AVG8\avgui.exe[1232] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001351EB
IAT C:\Program Files\AVG\AVG8\avgui.exe[1232] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001351B8
IAT C:\Program Files\AVG\AVG8\avgui.exe[1232] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Program Files\AVG\AVG8\avgui.exe[1232] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\Program Files\AVG\AVG8\avgui.exe[1232] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Program Files\AVG\AVG8\avgui.exe[1232] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\Program Files\AVG\AVG8\avgui.exe[1232] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Program Files\AVG\AVG8\avgui.exe[1232] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135297
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1300] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135297
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1300] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135229
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1300] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001351EB
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1300] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001351B8
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1300] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135297
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1300] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1300] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1300] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1300] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1300] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1404] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135297
IAT C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1404] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135229
IAT C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1404] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001351EB
IAT C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1404] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001351B8
IAT C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1404] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1404] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1404] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1404] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1404] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1404] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135297
IAT C:\Program Files\Bonjour\mDNSResponder.exe[1504] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135297
IAT C:\Program Files\Bonjour\mDNSResponder.exe[1504] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135229
IAT C:\Program Files\Bonjour\mDNSResponder.exe[1504] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001351EB
IAT C:\Program Files\Bonjour\mDNSResponder.exe[1504] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001351B8
IAT C:\Program Files\Bonjour\mDNSResponder.exe[1504] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135297
IAT C:\Program Files\Bonjour\mDNSResponder.exe[1504] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\Program Files\Bonjour\mDNSResponder.exe[1504] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Program Files\Bonjour\mDNSResponder.exe[1504] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Program Files\Bonjour\mDNSResponder.exe[1504] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Program Files\Bonjour\mDNSResponder.exe[1504] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\WINDOWS\Explorer.exe[1916] @ C:\WINDOWS\Explorer.exe [USER32.dll!TranslateMessage] 0225588A
IAT C:\WINDOWS\Explorer.exe[1916] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 02255297
IAT C:\WINDOWS\Explorer.exe[1916] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 02255229
IAT C:\WINDOWS\Explorer.exe[1916] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 022551EB
IAT C:\WINDOWS\Explorer.exe[1916] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 022551B8
IAT C:\WINDOWS\Explorer.exe[1916] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 022555A9
IAT C:\WINDOWS\Explorer.exe[1916] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 0225588A
IAT C:\WINDOWS\Explorer.exe[1916] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 0225588A
IAT C:\WINDOWS\Explorer.exe[1916] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 0225588A
IAT C:\WINDOWS\Explorer.exe[1916] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 022555A9
IAT C:\WINDOWS\Explorer.exe[1916] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 02255297
IAT C:\WINDOWS\system32\ctfmon.exe[2204] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00085297
IAT C:\WINDOWS\system32\ctfmon.exe[2204] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00085229
IAT C:\WINDOWS\system32\ctfmon.exe[2204] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 000851EB
IAT C:\WINDOWS\system32\ctfmon.exe[2204] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 000851B8
IAT C:\WINDOWS\system32\ctfmon.exe[2204] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 000855A9
IAT C:\WINDOWS\system32\ctfmon.exe[2204] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 0008588A
IAT C:\WINDOWS\system32\ctfmon.exe[2204] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 0008588A
IAT C:\WINDOWS\system32\ctfmon.exe[2204] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 000855A9
IAT C:\WINDOWS\system32\ctfmon.exe[2204] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 0008588A
IAT C:\WINDOWS\system32\ctfmon.exe[2204] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00085297
IAT C:\WINDOWS\system32\svchost.exe[2428] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00405297
IAT C:\WINDOWS\system32\svchost.exe[2428] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00405229
IAT C:\WINDOWS\system32\svchost.exe[2428] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 004051EB
IAT C:\WINDOWS\system32\svchost.exe[2428] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 004051B8
IAT C:\WINDOWS\system32\svchost.exe[2428] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 004055A9
IAT C:\WINDOWS\system32\svchost.exe[2428] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 0040588A
IAT C:\WINDOWS\system32\svchost.exe[2428] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 0040588A
IAT C:\WINDOWS\system32\svchost.exe[2428] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 004055A9
IAT C:\WINDOWS\system32\svchost.exe[2428] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 0040588A
IAT C:\WINDOWS\system32\svchost.exe[2428] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00405297
IAT C:\PROGRA~1\AVG\AVG8\avgemc.exe[2532] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135297
IAT C:\PROGRA~1\AVG\AVG8\avgemc.exe[2532] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135229
IAT C:\PROGRA~1\AVG\AVG8\avgemc.exe[2532] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001351EB
IAT C:\PROGRA~1\AVG\AVG8\avgemc.exe[2532] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001351B8
IAT C:\PROGRA~1\AVG\AVG8\avgemc.exe[2532] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135297
IAT C:\PROGRA~1\AVG\AVG8\avgemc.exe[2532] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\PROGRA~1\AVG\AVG8\avgemc.exe[2532] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\PROGRA~1\AVG\AVG8\avgemc.exe[2532] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\PROGRA~1\AVG\AVG8\avgemc.exe[2532] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\PROGRA~1\AVG\AVG8\avgemc.exe[2532] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\Program Files\AVG\AVG8\avgcsrvx.exe[2688] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135297
IAT C:\Program Files\AVG\AVG8\avgcsrvx.exe[2688] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135229
IAT C:\Program Files\AVG\AVG8\avgcsrvx.exe[2688] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001351EB
IAT C:\Program Files\AVG\AVG8\avgcsrvx.exe[2688] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001351B8
IAT C:\Program Files\AVG\AVG8\avgcsrvx.exe[2688] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Program Files\AVG\AVG8\avgcsrvx.exe[2688] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\Program Files\AVG\AVG8\avgcsrvx.exe[2688] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Program Files\AVG\AVG8\avgcsrvx.exe[2688] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Program Files\AVG\AVG8\avgcsrvx.exe[2688] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\Program Files\AVG\AVG8\avgcsrvx.exe[2688] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135297
IAT C:\WINDOWS\System32\alg.exe[3100] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00405297
IAT C:\WINDOWS\System32\alg.exe[3100] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00405229
IAT C:\WINDOWS\System32\alg.exe[3100] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 004051EB
IAT C:\WINDOWS\System32\alg.exe[3100] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 004051B8
IAT C:\WINDOWS\System32\alg.exe[3100] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 004055A9
IAT C:\WINDOWS\System32\alg.exe[3100] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 0040588A
IAT C:\WINDOWS\System32\alg.exe[3100] @ C:\WINDOWS\System32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00405297
IAT C:\WINDOWS\System32\alg.exe[3100] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 0040588A
IAT C:\WINDOWS\System32\alg.exe[3100] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 004055A9
IAT C:\WINDOWS\System32\alg.exe[3100] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 0040588A
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3560] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135297
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3560] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135229
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3560] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001351EB
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3560] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001351B8
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3560] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135297
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3560] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3560] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3560] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3560] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3560] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Program Files\AVG\AVG8\avgtray.exe[3568] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135297
IAT C:\Program Files\AVG\AVG8\avgtray.exe[3568] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135229
IAT C:\Program Files\AVG\AVG8\avgtray.exe[3568] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001351EB
IAT C:\Program Files\AVG\AVG8\avgtray.exe[3568] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001351B8
IAT C:\Program Files\AVG\AVG8\avgtray.exe[3568] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Program Files\AVG\AVG8\avgtray.exe[3568] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\Program Files\AVG\AVG8\avgtray.exe[3568] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Program Files\AVG\AVG8\avgtray.exe[3568] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\Program Files\AVG\AVG8\avgtray.exe[3568] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Program Files\AVG\AVG8\avgtray.exe[3568] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135297
IAT C:\s3mj74kv.exe[3768] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135297
IAT C:\s3mj74kv.exe[3768] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135229
IAT C:\s3mj74kv.exe[3768] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001351EB
IAT C:\s3mj74kv.exe[3768] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001351B8
IAT C:\s3mj74kv.exe[3768] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\s3mj74kv.exe[3768] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\s3mj74kv.exe[3768] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\s3mj74kv.exe[3768] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\s3mj74kv.exe[3768] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\s3mj74kv.exe[3768] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135297
IAT C:\Program Files\iPod\bin\iPodService.exe[3880] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135297
IAT C:\Program Files\iPod\bin\iPodService.exe[3880] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135229
IAT C:\Program Files\iPod\bin\iPodService.exe[3880] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001351EB
IAT C:\Program Files\iPod\bin\iPodService.exe[3880] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001351B8
IAT C:\Program Files\iPod\bin\iPodService.exe[3880] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\Program Files\iPod\bin\iPodService.exe[3880] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Program Files\iPod\bin\iPodService.exe[3880] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Program Files\iPod\bin\iPodService.exe[3880] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Program Files\iPod\bin\iPodService.exe[3880] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\Program Files\iPod\bin\iPodService.exe[3880] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135297

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\drivers\kbiwkmyqqjlklt.sys (*** hidden *** ) [SYSTEM] kbiwkmikmsqrov <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmikmsqrov
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmikmsqrov@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmikmsqrov@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmikmsqrov@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmikmsqrov@imagepath \systemroot\system32\drivers\kbiwkmyqqjlklt.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmikmsqrov\main
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmikmsqrov\main@aid 10162
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmikmsqrov\main@sid 9
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmikmsqrov\main@cmddelay 14400
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmikmsqrov\main\delete
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmikmsqrov\main\injector
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmikmsqrov\main\injector@* kbiwkmwsp.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmikmsqrov\main\tasks
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmikmsqrov\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmikmsqrov\modules@kbiwkmrk.sys \systemroot\system32\drivers\kbiwkmyqqjlklt.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmikmsqrov\modules@kbiwkmcmd.dll \systemroot\system32\kbiwkmimxepxet.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmikmsqrov\modules@kbiwkmlog.dat \systemroot\system32\kbiwkmowkseypu.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmikmsqrov\modules@kbiwkmwsp.dll \systemroot\system32\kbiwkmkfuxjioq.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmikmsqrov\modules@kbiwkm.dat \systemroot\system32\kbiwkmekttkrsa.dat
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmikmsqrov (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmikmsqrov@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmikmsqrov@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmikmsqrov@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmikmsqrov@imagepath \systemroot\system32\drivers\kbiwkmyqqjlklt.sys
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmikmsqrov\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmikmsqrov\main@aid 10162
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmikmsqrov\main@sid 9
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmikmsqrov\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmikmsqrov\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmikmsqrov\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmikmsqrov\main\injector@* kbiwkmwsp.dll
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmikmsqrov\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmikmsqrov\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmikmsqrov\modules@kbiwkmrk.sys \systemroot\system32\drivers\kbiwkmyqqjlklt.sys
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmikmsqrov\modules@kbiwkmcmd.dll \systemroot\system32\kbiwkmimxepxet.dll
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmikmsqrov\modules@kbiwkmlog.dat \systemroot\system32\kbiwkmowkseypu.dat
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmikmsqrov\modules@kbiwkmwsp.dll \systemroot\system32\kbiwkmkfuxjioq.dll
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmikmsqrov\modules@kbiwkm.dat \systemroot\system32\kbiwkmekttkrsa.dat

---- EOF - GMER 1.0.15 ----
Go to the top of the page
 
+Quote Post
kahdah
post Sep 5 2009, 05:24 AM
Post #11


GeekU Teacher
Group Icon
Posts: 13,543
From: Florida
OS: Windows xp,Vista business



Hi that is the gmer scan.

Please do the following:

Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Go to the top of the page
 
+Quote Post
bizzle
post Sep 7 2009, 06:18 PM
Post #12


New Member
*
Posts: 9
OS: XP
sorry about that, heres the report

Tuesday, September 8, 2009
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, September 07, 2009 21:54:50
Records in database: 2757384
Scan settings
scan using the following database extended
Scan archives yes
Scan e-mail databases yes
Scan area My Computer
A:\
C:\
D:\
E:\
Scan statistics
Objects scanned 76104
Threats found 4
Infected objects found 5
Suspicious objects found 0
Scan duration 01:54:12

File name Threat Threats count
C:\Documents and Settings\Riel\My Documents\My Music\Evans music\ghetto fabolous.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Documents and Settings\Riel\My Documents\My Music\Evans music\how high.mp3 Infected: Trojan-Downloader.WMA.GetCodec.r 1
C:\Documents and Settings\Riel\My Documents\My Music\Evans music\nickname qadir.mp3 Infected: Trojan-Downloader.WMA.GetCodec.y 1
C:\Documents and Settings\Riel\My Documents\My Music\Evans music\Wutang Clan - Jump Off 2000.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\_kbiwkmyqqjlklt_.sys.zip Infected: Packed.Win32.TDSS.z 1
Selected area has been scanned.
Go to the top of the page
 
+Quote Post
kahdah
post Sep 7 2009, 06:35 PM
Post #13


GeekU Teacher
Group Icon
Posts: 13,543
From: Florida
OS: Windows xp,Vista business



Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    CODE
    :Files
    C:\Documents and Settings\Riel\My Documents\My Music\Evans music\ghetto fabolous.mp3    
    C:\Documents and Settings\Riel\My Documents\My Music\Evans music\how high.mp3    
    C:\Documents and Settings\Riel\My Documents\My Music\Evans music\nickname qadir.mp3    
    C:\Documents and Settings\Riel\My Documents\My Music\Evans music\Wutang Clan - Jump Off 2000.mp3
  • Then click the Run Fix button at the top
  • Let the program run unhindered,when it is done it will say "Fix Complete press ok to open log"
  • Please post that log in your next reply.


================================Follow up scan=================================
  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.
Go to the top of the page
 
+Quote Post
bizzle
post Sep 7 2009, 06:45 PM
Post #14


New Member
*
Posts: 9
OS: XP
========== FILES ==========
C:\Documents and Settings\Riel\My Documents\My Music\Evans music\ghetto fabolous.mp3 moved successfully.
C:\Documents and Settings\Riel\My Documents\My Music\Evans music\how high.mp3 moved successfully.
C:\Documents and Settings\Riel\My Documents\My Music\Evans music\nickname qadir.mp3 moved successfully.
C:\Documents and Settings\Riel\My Documents\My Music\Evans music\Wutang Clan - Jump Off 2000.mp3 moved successfully.

OTL by OldTimer - Version 3.0.10.7 log created on 09082009_064003



follow up scan

OTL logfile created on: 9/8/2009 6:41:23 AM - Run 2
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Riel\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.48 Mb Total Physical Memory | 685.70 Mb Available Physical Memory | 67.06% Memory free
2.40 Gb Paging File | 1.95 Gb Available in Paging File | 81.35% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.98 Gb Total Space | 207.57 Gb Free Space | 90.65% Space Free | Partition Type: NTFS
Drive D: | 3.89 Gb Total Space | 0.44 Gb Free Space | 11.35% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WEED
Current User Name: Riel
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\System32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\System32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Advanced Micro Devices Inc.)
PRC - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe (ATI Technologies Inc.)
PRC - C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\WINDOWS\notepad.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\Riel\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Ati HotKey Poller [Auto | Running]) -- C:\WINDOWS\System32\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (ATI Smart [Auto | Stopped]) -- C:\WINDOWS\System32\ati2sgag.exe ()
SRV - (avg8emc [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg8wd [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (Roxio UPnP Renderer 9 [On_Demand | Stopped]) -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe (Sonic Solutions)
SRV - (Roxio Upnp Server 9 [Auto | Stopped]) -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe (Sonic Solutions)
SRV - (RoxLiveShare9 [Auto | Stopped]) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (Sonic Solutions)
SRV - (RoxMediaDB9 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe (Sonic Solutions)
SRV - (RoxWatch9 [Auto | Stopped]) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe (Sonic Solutions)
SRV - (usnjsvc [On_Demand | Running]) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (AvgLdx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX [System | Running]) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (motmodem [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\motmodem.sys (Motorola)
DRV - (NPPTNT2 [On_Demand | Stopped]) -- C:\WINDOWS\System32\npptNT2.sys (INCA Internet Co., Ltd.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (RimUsb [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\RimUsb.sys (Research In Motion Limited)
DRV - (RimVSerPort [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\RimSerial.sys (Research in Motion Ltd)
DRV - (ROOTMODEM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\RootMdm.sys (Microsoft Corporation)
DRV - (RTL8023xp [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (rtl8139 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\RTL8139.SYS (Realtek Semiconductor Corporation)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (tap0801 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\tap0801.sys (The OpenVPN Project)
DRV - (tap0901 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\tap0901.sys (The OpenVPN Project)
DRV - (tmcomm [Auto | Running]) -- C:\WINDOWS\System32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)

========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=101760&l=dis
IE - URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = ftp=localhost:8080;gopher=localhost:8080;http=localhost:8080;https=localhost:8080;socks=localhost:1080

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://facebook.com/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.13


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/06/18 09:40:00 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared [2009/06/12 09:37:59 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2008/12/06 20:22:07 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/01 23:18:08 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/09 00:49:31 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/04 23:23:27 | 00,000,000 | ---D | M]

[2008/09/20 14:06:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Riel\Application Data\mozilla\Extensions
[2008/09/20 14:06:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Riel\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/09/08 00:17:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Riel\Application Data\mozilla\Firefox\Profiles\dbrcrkr8.default\extensions
[2009/09/02 14:35:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Riel\Application Data\mozilla\Firefox\Profiles\dbrcrkr8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/10/08 20:32:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Riel\Application Data\mozilla\Firefox\Profiles\dbrcrkr8.default\extensions\{d0c29249-27c7-4192-aec8-6c84436aeb80}
[2009/04/22 18:57:57 | 00,000,682 | ---- | M] () -- C:\Documents and Settings\Riel\Application Data\Mozilla\FireFox\Profiles\dbrcrkr8.default\searchplugins\ask.xml
[2009/09/08 00:17:03 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/08/04 23:23:27 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/06/07 19:44:51 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B7D3E479-CC68-42B5-A338-938ECE35F419}
[2008/04/29 22:16:39 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2008/07/14 17:50:03 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2008/12/06 20:22:19 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/04/22 13:01:55 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/06/15 11:44:40 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/08/04 23:23:21 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/04 23:23:21 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/12/06 01:52:44 | 00,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2009/05/21 11:33:58 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2008/11/21 16:45:04 | 01,332,224 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2007/07/02 17:20:48 | 00,069,632 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npijjiFFPlugin1.dll
[2009/08/04 23:23:24 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/06/02 21:44:22 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/06/02 21:44:22 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/06/02 21:44:22 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/06/02 21:44:22 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/06/02 21:44:22 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/06/02 21:44:23 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/06/02 21:44:23 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/04/23 18:47:12 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/04/23 18:47:12 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/06/12 15:36:39 | 00,001,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml
[2009/04/23 18:47:12 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/04/23 18:47:12 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/04/23 18:47:12 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/04/23 18:47:12 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/04/23 18:47:12 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MsnMsgr] C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe (Research In Motion Limited)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Riel\Start Menu\Programs\Startup\FrostWire On Startup.lnk = C:\Program Files\FrostWire\FrostWire.exe (FrostWire Group)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\System32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/octet-stream - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - Class Install Handler - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - lzdhtml - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/webviewhtml - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\System32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\WlNotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\System32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\System32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\System32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O27 - HKLM IFEO\Your Image File Name Here without a path: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/29 21:48:09 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[8 C:\WINDOWS\*.tmp files]
[2009/09/08 06:40:03 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/09/08 06:17:48 | 00,003,915 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\reportt.html
[2009/09/08 04:11:15 | 00,006,946 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\m_de704d4aafbe979a9fee04064ee5b476.jpg
[2009/09/07 05:08:23 | 00,456,934 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\IMG00141.jpg
[2009/09/04 21:50:55 | 00,003,695 | ---- | C] () -- C:\Documents and Settings\Riel\My Documents\report.html
[2009/09/04 17:41:47 | 00,016,087 | ---- | C] () -- C:\Program Files\5 star.m3u
[2009/09/04 17:21:26 | 00,010,836 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\5 star.m3u
[2009/09/04 12:02:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Riel\Application Data\Malwarebytes
[2009/09/04 12:02:49 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/04 12:02:46 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/04 12:02:45 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/09/04 12:02:45 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/09/04 12:02:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/09/04 12:01:07 | 03,942,048 | ---- | C] (Malwarebytes Corporation ) -- C:\mbam-setup.exe
[2009/09/03 22:19:24 | 10,277,728 | ---- | C] (Nullsoft, Inc.) -- C:\Documents and Settings\Riel\Desktop\winamp556_full_emusic-7plus_en-us.exe
[2009/09/03 22:03:36 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/09/03 21:01:58 | 01,614,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfcfiles.dll
[2009/09/03 21:01:58 | 00,574,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntfs.sys
[2009/09/03 21:01:58 | 00,435,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntmssvc.dll
[2009/09/03 21:01:58 | 00,409,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\qmgr.dll
[2009/09/03 21:01:58 | 00,407,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\netlogon.dll
[2009/09/03 21:01:58 | 00,253,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\es.dll
[2009/09/03 21:01:58 | 00,249,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\tapisrv.dll
[2009/09/03 21:01:58 | 00,245,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mswsock.dll
[2009/09/03 21:01:58 | 00,198,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\netman.dll
[2009/09/03 21:01:58 | 00,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\schedsvc.dll
[2009/09/03 21:01:58 | 00,185,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\upnphost.dll
[2009/09/03 21:01:58 | 00,181,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\scecli.dll
[2009/09/03 21:01:58 | 00,171,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\srsvc.dll
[2009/09/03 21:01:58 | 00,142,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\aec.sys
[2009/09/03 21:01:58 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\shsvcs.dll
[2009/09/03 21:01:58 | 00,129,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\xmlprov.dll
[2009/09/03 21:01:58 | 00,088,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\rasauto.dll
[2009/09/03 21:01:58 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\browser.dll
[2009/09/03 21:01:58 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ssdpsrv.dll
[2009/09/03 21:01:58 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\cryptsvc.dll
[2009/09/03 21:01:58 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\regsvc.dll
[2009/09/03 21:01:58 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\eventlog.dll
[2009/09/03 21:01:58 | 00,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mspmsnsv.dll
[2009/09/03 21:01:58 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\linkinfo.dll
[2009/09/03 21:01:58 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\asyncmac.sys
[2009/09/03 21:01:58 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wscntfy.exe
[2009/09/03 21:01:57 | 05,937,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mshtml.dll
[2009/09/03 21:01:57 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntoskrnl.exe
[2009/09/03 21:01:57 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntkrnlpa.exe
[2009/09/03 21:01:57 | 01,033,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\explorer.exe
[2009/09/03 21:01:57 | 00,989,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kernel32.dll
[2009/09/03 21:01:57 | 00,927,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mfc40u.dll
[2009/09/03 21:01:57 | 00,915,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wininet.dll
[2009/09/03 21:01:57 | 00,792,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\comres.dll
[2009/09/03 21:01:57 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\comctl32.dll
[2009/09/03 21:01:57 | 00,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\user32.dll
[2009/09/03 21:01:57 | 00,507,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\winlogon.exe
[2009/09/03 21:01:57 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\rpcss.dll
[2009/09/03 21:01:57 | 00,361,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\tcpip.sys
[2009/09/03 21:01:57 | 00,295,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\termsrv.dll
[2009/09/03 21:01:57 | 00,182,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ndis.sys
[2009/09/03 21:01:57 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\services.exe
[2009/09/03 21:01:57 | 00,110,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\imm32.dll
[2009/09/03 21:01:57 | 00,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ws2_32.dll
[2009/09/03 21:01:57 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\spoolsv.exe
[2009/09/03 21:01:57 | 00,051,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wuauclt.exe
[2009/09/03 21:01:57 | 00,036,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ip6fw.sys
[2009/09/03 21:01:57 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\msgsvc.dll
[2009/09/03 21:01:57 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\userinit.exe
[2009/09/03 21:01:57 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kbdclass.sys
[2009/09/03 21:01:57 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lpk.dll
[2009/09/03 21:01:57 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\powrprof.dll
[2009/09/03 21:01:57 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ctfmon.exe
[2009/09/03 21:01:57 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\svchost.exe
[2009/09/03 21:01:57 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lsass.exe
[2009/09/03 21:01:57 | 00,011,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\acpiec.sys
[2009/09/03 21:01:57 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfc.dll
[2009/09/03 21:01:57 | 00,004,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\beep.sys
[2009/09/03 21:01:57 | 00,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\null.sys
[2009/09/03 21:01:56 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dllcache\cache
[2009/09/03 20:52:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/09/03 20:31:55 | 00,230,912 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/09/03 20:31:55 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/09/03 20:31:55 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/09/03 20:31:55 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/09/03 20:31:55 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/09/03 20:31:55 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/09/03 20:31:55 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/09/03 20:31:55 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/09/03 20:31:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/09/03 20:30:52 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/09/03 20:30:29 | 03,192,102 | R--- | C] () -- C:\Documents and Settings\Riel\Desktop\kahdah.exe
[2009/09/02 22:31:21 | 00,288,768 | ---- | C] () -- C:\s3mj74kv.exe
[2009/09/02 22:27:21 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Riel\Desktop\OTL.exe
[2009/08/30 13:08:52 | 00,002,855 | ---- | C] () -- C:\WINDOWS\System32\desot.PIF
[2009/08/30 13:04:28 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2009/08/29 21:16:49 | 00,102,664 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2009/08/29 17:35:52 | 00,000,000 | ---D | C] -- C:\Winamp
[2009/08/29 16:36:57 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\PokerStarsInstall.exe
[2009/08/29 16:36:08 | 00,000,736 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\PokerStars.lnk
[2009/08/28 10:20:18 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\MSWINSCK.OCX
[2009/08/27 22:53:12 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbscan.sys
[2009/08/27 22:53:12 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[2009/08/27 22:53:12 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll
[2009/08/27 22:53:11 | 00,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll
[2009/08/27 17:20:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Riel\Application Data\UltimateBet
[2009/08/27 17:20:33 | 00,000,000 | ---D | C] -- C:\Program Files\UltimateBet
[2009/08/27 17:20:30 | 00,000,000 | ---D | C] -- C:\Program Files\_uninstallation_info
[2009/08/21 14:31:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Riel\My Documents\Copy of My Music
[2009/08/19 18:24:44 | 06,453,014 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Plies - Please Excuse My Hands (Dirty).mp3
[2009/08/19 18:24:44 | 06,164,413 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Plies - Runnin Momma Crazy.mp3
[2009/08/19 18:24:43 | 05,804,257 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Plies - On My Dick.mp3
[2009/08/19 18:24:43 | 05,581,422 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Plies - Pants Hang Low.mp3
[2009/08/19 18:24:43 | 04,948,262 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Plies - Never Tell On My Dawg (Feat. Trick Daddy).mp3
[2009/08/19 18:24:42 | 07,621,422 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Plies - Most Anticipated.mp3
[2009/08/19 18:24:42 | 07,307,227 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Plies - Money Straight.mp3
[2009/08/19 18:24:42 | 07,213,066 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Plies - Kept It Too Real.mp3
[2009/08/19 18:24:41 | 05,277,699 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Plies - Family Straight.mp3
[2009/08/19 18:24:41 | 02,284,045 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Plies - Drama Found Me.mp3
[2009/08/19 18:24:40 | 06,799,335 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Plies - Definition Of Real - I'm Da Man ft Trey Songz.mp3
[2009/08/19 18:24:40 | 05,187,137 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Plies - Da Realist - 09 - Spend The Night.mp3
[2009/08/19 18:24:39 | 06,947,941 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Plies - Shawty.mp3
[2009/08/19 18:24:39 | 05,840,906 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Plies - 100 Years.mp3
[2009/08/19 18:24:35 | 06,572,516 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Plies Feat Chris J - Put It On Ya.mp3
[2009/08/19 18:24:35 | 05,256,716 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Plies ft. Sean Garrett- Street Lights.mp3
[2009/08/19 18:24:35 | 05,196,825 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Plies & Young Buck-[bleep] What They Talkin Bout-MF.mp3
[2009/08/19 18:24:34 | 05,048,320 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Plies - You (Feat. Tank).mp3
[2009/08/18 18:27:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Riel\Desktop\F u
[2009/08/18 12:06:36 | 01,793,078 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\West Side Conection- The Gangsta, The Killa And The Dope Dealer - Westside Connection.mp3
[2009/08/13 04:25:04 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dhtmled.ocx
[2009/08/13 04:24:57 | 01,315,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoe.dll
[2009/08/12 09:51:06 | 00,005,508 | ---- | C] () -- C:\Documents and Settings\Riel\My Documents\evan.jpg
[2009/08/12 06:02:29 | 04,376,529 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Classified- Freezin In The Cold.mp3
[2009/08/12 06:02:26 | 06,432,901 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Classified- Fall From Paradise.mp3
[2009/08/12 05:22:48 | 05,399,668 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Fabolous - So Wet (Ft[1]. Ray J) - HotNewHipHop.com.mp3
[2009/08/12 05:20:52 | 07,178,368 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Gorilla Zoe - I Got it Ft. Big Block.mp3
[2009/08/12 05:18:20 | 07,223,488 | ---- | C] () -- C:\Documents and Settings\Riel\Desktop\Lil Wayne - Every Girl.mp3
[2008/10/08 23:25:00 | 00,000,091 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/10/07 17:50:11 | 00,000,100 | ---- | C] () -- C:\WINDOWS\dinksmallwood.ini
[2008/09/16 20:46:08 | 00,000,093 | ---- | C] () -- C:\WINDOWS\RCAMPEG4VC.ini
[2008/09/16 20:45:45 | 00,561,152 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/09/16 20:45:45 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/09/08 19:21:14 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/08/12 18:26:22 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2008/08/12 18:26:22 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2008/08/12 18:26:22 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2008/08/12 18:26:22 | 00,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2008/08/12 18:26:22 | 00,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2008/05/03 15:44:38 | 00,000,031 | ---- | C] () -- C:\WINDOWS\GunzLauncher.INI
[2008/04/30 00:18:35 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2008/04/30 00:16:07 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2008/04/30 00:16:06 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2008/04/30 00:16:06 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2004/08/04 07:00:00 | 00,000,507 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/04 07:00:00 | 00,000,435 | ---- | C] () -- C:\WINDOWS\system.ini

========== Files - Modified Within 30 Days ==========

[14 C:\WINDOWS\System32\*.tmp files]
[8 C:\WINDOWS\*.tmp files]
[2009/09/08 06:17:48 | 00,003,915 | ---- | M] () -- C:\Documents and Settings\Riel\Desktop\reportt.html
[2009/09/08 04:12:44 | 00,010,836 | ---- | M] () -- C:\Documents and Settings\Riel\Desktop\5 star.m3u
[2009/09/08 04:11:17 | 00,006,946 | ---- | M] () -- C:\Documents and Settings\Riel\Desktop\m_de704d4aafbe979a9fee04064ee5b476.jpg
[2009/09/08 00:06:27 | 00,000,594 | ---- | M] () -- C:\Documents and Settings\Riel\My Documents\My Sharing Folders.lnk
[2009/09/08 00:06:16 | 00,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2009/09/08 00:01:10 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/09/08 00:01:08 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/09/07 09:32:34 | 04,827,586 | -H-- | M] () -- C:\Documents and Settings\Riel\Local Settings\Application Data\IconCache.db
[2009/09/07 08:20:54 | 40,691,794 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/09/07 08:20:54 | 00,085,665 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/09/07 07:31:12 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/09/07 05:08:24 | 00,456,934 | ---- | M] () -- C:\Documents and Settings\Riel\Desktop\IMG00141.jpg
[2009/09/04 21:50:55 | 00,003,695 | ---- | M] () -- C:\Documents and Settings\Riel\My Documents\report.html
[2009/09/04 17:41:47 | 00,016,087 | ---- | M] () -- C:\Program Files\5 star.m3u
[2009/09/04 12:02:49 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/04 12:02:00 | 03,942,048 | ---- | M] (Malwarebytes Corporation ) -- C:\mbam-setup.exe
[2009/09/03 22:25:22 | 00,230,912 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/09/03 22:20:30 | 00,000,664 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Winamp.lnk
[2009/09/03 22:19:30 | 10,277,728 | ---- | M] (Nullsoft, Inc.) -- C:\Documents and Settings\Riel\Desktop\winamp556_full_emusic-7plus_en-us.exe
[2009/09/03 21:00:09 | 00,000,435 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/09/03 20:59:54 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/09/03 20:30:29 | 03,192,102 | R--- | M] () -- C:\Documents and Settings\Riel\Desktop\kahdah.exe
[2009/09/02 22:31:22 | 00,288,768 | ---- | M] () -- C:\s3mj74kv.exe
[2009/09/02 22:27:22 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Riel\Desktop\OTL.exe
[2009/09/02 13:31:01 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/09/01 20:49:03 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/09/01 15:24:48 | 00,008,114 | ---- | M] () -- C:\Documents and Settings\Riel\Desktop\straight ballin.m3u
[2009/08/30 13:08:52 | 00,002,855 | ---- | M] () -- C:\WINDOWS\System32\desot.PIF
[2009/08/29 21:16:23 | 00,102,664 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2009/08/29 17:12:08 | 00,000,736 | ---- | M] () -- C:\Documents and Settings\Riel\Desktop\PokerStars.lnk
[2009/08/29 16:36:57 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Riel\Desktop\PokerStarsInstall.exe
[2009/08/28 10:20:18 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\MSWINSCK.OCX
[2009/08/27 17:23:02 | 04,454,528 | ---- | M] () -- C:\Documents and Settings\Riel\Desktop\The Game - Killa Kalli .mp3
[2009/08/27 17:22:44 | 06,664,526 | ---- | M] () -- C:\Documents and Settings\Riel\Desktop\Xzibit ft. The Game, Daz & T-Pain - On bail.mp3
[2009/08/20 17:35:35 | 04,958,336 | ---- | M] () -- C:\Documents and Settings\Riel\Desktop\Eminem vs. Biggie Smalls - Hip-Hop Wars Freestyles.mp3
[2009/08/20 16:52:20 | 00,006,112 | -HS- | M] () -- C:\Documents and Settings\Riel\Desktop\Folder.jpg
[2009/08/20 16:52:20 | 00,001,892 | -HS- | M] () -- C:\Documents and Settings\Riel\Desktop\AlbumArtSmall.jpg
[2009/08/19 10:44:52 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/08/19 10:44:51 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/08/19 10:44:51 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/08/18 21:22:57 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/08/18 12:06:53 | 01,793,078 | ---- | M] () -- C:\Documents and Settings\Riel\Desktop\West Side Conection- The Gangsta, The Killa And The Dope Dealer - Westside Connection.mp3
[2009/08/13 08:20:39 | 00,020,775 | ---- | M] () -- C:\Documents and Settings\Riel\Desktop\the best playlist.m3u
[2009/08/12 09:51:07 | 00,005,508 | ---- | M] () -- C:\Documents and Settings\Riel\My Documents\evan.jpg
[2009/08/12 06:06:05 | 04,376,529 | ---- | M] () -- C:\Documents and Settings\Riel\Desktop\Classified- Freezin In The Cold.mp3
[2009/08/12 06:03:22 | 06,432,901 | ---- | M] () -- C:\Documents and Settings\Riel\Desktop\Classified- Fall From Paradise.mp3
[2009/08/12 05:34:43 | 07,178,368 | ---- | M] () -- C:\Documents and Settings\Riel\Desktop\Gorilla Zoe - I Got it Ft. Big Block.mp3
[2009/08/12 05:33:24 | 05,277,699 | ---- | M] () -- C:\Documents and Settings\Riel\Desktop\Plies - Family Straight.mp3
[2009/08/12 05:31:11 | 05,399,668 | ---- | M] () -- C:\Documents and Settings\Riel\Desktop\Fabolous - So Wet (Ft[1]. Ray J) - HotNewHipHop.com.mp3
[2009/08/12 05:23:13 | 07,223,488 | ---- | M] () -- C:\Documents and Settings\Riel\Desktop\Lil Wayne - Every Girl.mp3

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Yung Joc- It's Going Down.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\yo_gotti-m.i.a.-cr.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Xzibit ft. The Game, Daz & T-Pain - On bail.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\The Game ft. Dr Dre - Run.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\The Game ft Anthony Hamilton - Hustlers Dream.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\The Game - Killa Kalli .mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\The Game - Big Dreams (Dirty).mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\The Diplomats- Diplomatic Immunity- 1st Of Tha Month (feat. Jimmy Jones, Camron, And Juelz Santana).mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\The Diplomats - Dipset Anthem ft Camron & Juelz Santana.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\T.I ft Justin Timberlake - Dead and Gone.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Sway & King Tech featuring DJ Revolution, RZA, Tech N9NE, Pharoahe Monch, Xzibit, Eminem, Jayo Felony, Kool G Rap, Chino XL, & KRS-One - The Anthem (Instrumental).mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Styles P-Canadian Kush.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Snoop Doggy Dog f. Xzibit - [bleep] Please.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Snoop Dogg Ft E-40 & Kurupt - Candy.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Shawty Lo Ft. Trey Songz & Lil Wayne - Supplier - HotNewHipHop.com.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Sean Kingston Ft. Lil Wayne - I'm At War.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Reef the lost cauze - eyes of my father.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Ray Cash - She A G.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\RA The Rugged Man - Lessons.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Q-Tip - Gettin Up.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Plies_Ft_Akon-Hypnotized.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Plies ft. Sean Garrett- Street Lights.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Plies Feat Chris J - Put It On Ya.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Plies & Young Buck-[bleep] What They Talkin Bout-MF.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Plies - You (Feat. Tank).mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Plies - Runnin Momma Crazy.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Plies - Please Excuse My Hands (Dirty).mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Plies - Pants Hang Low.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Plies - On My Dick.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Plies - Never Tell On My Dawg (Feat. Trick Daddy).mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Plies - Murkin Season.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Plies - Most Anticipated.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Plies - Money Straight.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Plies - Kept It Too Real.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Plies - Goons Lurking.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Plies - Drama Found Me.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Plies - Definition Of Real - I'm Da Man ft Trey Songz.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Plies - Da Realist - 09 - Spend The Night.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Plies - 100 Years.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Plies - 1 Mo Time.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Plies - Shawty.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Plies - I Am The Club.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Planet Asia- All these beats.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Planet Asia - G's & Soldiers (Ft. Kurupt).mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Papoose - I Get Gully(i get money freestyle).mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Papoose - Alphabetical Slaughter.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\P. Diddy ft.G-Dep and Black Rob - Let's Get It (Dirty).mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Omarion ft Jim Jones - Ice Box (Remix).mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Obie Trice ft. Eminem - When It Hits The Fan dr.dre, xzibit, eminem, 50 cent, tupac, g unit, weird al, blue collar, rap, the game, , lil wyte, bone thugs.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Nas - Got Yourself A Gun.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Mos Def - Mathematics.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Mobb Deep- Quiet Storm.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Mobb Deep ft. Young Buck- Give It To Me.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Mobb Deep - Win Or Lose ~remix~ (feat. Jadakiss, Jay-Z & Nas).mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Mobb Deep - Got It Twisted Ft. Twista (Dirty Remix).mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Mobb Deep - Eye For An Eye (Feat Nas & Raekwon).mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Mobb Deep - Drop A Gem On 'Em.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Mobb Deep - Burn.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Method Man & Redman feat Toni Braxton - I Get So High.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Masta Ace - Take A Walk.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Mark Ronson Ghostface & Nate Dogg - Ooh Wee.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Lil Wayne, Jim Jones & Freekey Zeeky-Who The [bleep] Is This Girl-MF.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Lil Wayne ft. T-Pain - Got Money.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Lil Wayne Ft. Drake & Young Money - Every Girl.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Lil Wayne- Cannon- Dissin Gilly Da Kid.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Lil' Wayne - Weezy's Ambitions.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Lil' Wayne - We Be Steady Mobbin (feat. Gucci Mane).mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Lil Wayne - The Sky Is The Limit.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Lil Wayne - Da Drought 3 - Sky Is The Limit.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\juelz_santana-shottas_(feat_camron_and_sizzla).mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Juelz_Santana_Ft_Skull_Gang_-_I_Am_the_Club-.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Juelz Santana-Murda Murda.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Juelz Santana Ft. Young Jeezy & Lil Wayne - Make It Work For Ya.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Juelz Santana Feat. Lil Wayne - Rewind.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Juelz Santana - I Am Crack.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Joe Buddens- Pump It Up.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Immortal Technique-Industrial Revolution.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Immortal Technique - You Never Know.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\immortal technique - positive balance.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Immortal Technique - Harlem Streets.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\IMG00141.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Ill Bill, Vinnie Paz ft. & Canibus - In The Hood.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Ill Bill ft. Necro - Glenwood Projects.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Heiroglyphics - Fight Club.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\G-Unit - Beg For Mercy - G'd Up.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Gucci Mane & Plies-Get Wasted (Produced By Fat Boi)-MF.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Gucci Mane - Is You Geeked Up.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Gorilla Zoe Feat. Young Jeezy - Hood Figga.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Gorilla Zoe - Betcha Cant.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Gangstarr & MOP- War Goin On Outside.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Fabolous Feat. Nate Dogg - Cant Deny It.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Fabolous - Trade It All (feat. Jagged Edge).mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Eminem vs. Biggie Smalls - Hip-Hop Wars Freestyles.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Eazy E ft 2pac The Game - This Is How We Do (Remix).mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Dr. Dre with Snoop Dogg - Still Dre.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Dr. Dre - The Chronic 2001 - 15 - Murder Inc. .mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\DJ Khaled Ft. T-Pain, Young Jeezy, Ludacris, Busta Rhymes, Big Boi, Lil' Wayne, Birdman, Fat Joe & Rick Ross - I'm So Hood (Remix).mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\DJ Khaled f. Young Jeezy, Juelz Santana, Lil Wayne, Fat Joe, Rick Ross & Dre - Brown Paper Bag.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\DJ Green Lantern - G Unit - What Up Dipset (Remix).mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Dipset_Byrd_Gang_Volume_1_All_Eyes_On_Zeke-Who_Shot_Freaky_Zeeky-18-jim_jones_camron_(killa_cam)__juelz_santana-drama_ki-whoa.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\dipset Juelz Santana - I Can Feel It In The Air.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Dipset - Juelz Santana & Fabolous - So What's It Gonna Be.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Dipset - Juelz Santana - Santana's Town.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\demigodz, Apathy, 7L & Esoteric feat. Reks - Public Execution.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Demigodz - Paper Thin.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Cunning Linguists ft. Masta Ace - Seasons.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Cunning Linguists - Linguistics.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Common ft. Will.I.Am - I Have A Dream.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Classified - Beatin' It.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Cashis ft.Rikanatti-Lets Ride.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Brooklyn Bomb (Slick Rick, Crooklyn Clan, Bad Boy, Beatnuts, Time Zone, Biggie, Jay-Z, Mase, Mobb Deep & Nas).mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Boot Camp Click - Smiff N' Wessun feat MOP - Bucktown Remix.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Black Rob - A Star In The Hood.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Beatnuts feat Dj Babu - Duck Season.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\B.O.B. feat. Rick Ross and Juvenile - Haterz Everywhere Remix.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Atmosphere - Little Man.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Army of The Pharoahs Revolution.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Army of the Pharoahs - Tear It Down.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Army of the Pharoahs - Swords Drawn.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Army Of The Pharoahs - Murder Death Kill.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Army of the pharaohs - dump the clip.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Akon ft. Lil' Wayne-Im so paid.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Aggy-MF.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Riel\Desktop\Ace Hood Final Warning ft. DJ Khaled, Bun B, Blood Raw, Brisco, Bali, Lil Scrappy, Shawty Lo & Rock City.mp3:Roxio EMC Stream
< End of report >
Go to the top of the page
 
+Quote Post
kahdah
post Sep 8 2009, 02:53 AM
Post #15


GeekU Teacher
Group Icon
Posts: 13,543
From: Florida
OS: Windows xp,Vista business



Please uninstall Ask Toolbar.

=======Cleanup=======
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.

======Next======
  1. Please double click on OTL it to run it.
  2. Then click on Clean up.
  3. Restart your computer when prompted.
  4. This will remove what tools we used.

===============Update Java===============

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java SE Runtime Environment (JRE) and save it to your desktop.
  • Scroll down to where it says "Java SE Runtime Environment (JRE) 6 Update 16...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u10-windows-i586-p.exe to install the newest version.

======================System Restore======================


Then we need to reset your System Restore points.
The link below shows how to do this.
How to Turn On and Turn Off System Restore in Windows XP
http://support.microsoft.com/kb/310405/en-us

If you are using Vista then see this link: http://www.bleepingcomputer.com/tutorials/...143.html#manual

Delete\uninstall anything else that we have used that is leftover.

=====================================
After that your all set. thumbsup.gif


The following are some articles and a Windows Update link that I like to suggest to people to prevent malware and general PC maintenance.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Prevention article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.

If your computer is slow Is a tutorial on what you can do if your computer is slow.
Go to the top of the page
 
+Quote Post
 

2 Pages V   1 2 >
Closed TopicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 
RSS Time is now: 21st November 2009 - 12:54 AM

Advertisements do not imply our endorsement of that product or service. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks mentioned on this page are the property of their respective owners.

© Geeks to Go, Inc. | All Rights Reserved | Privacy Policy | Advertising
Powered By IP.Board © 2009  IPS, Inc.