[jaydee97]

Hi folks, I have used the information on this site over the weekend to successfully remove malware that was reluctant to shift, thank you. Entirely coincidentally my son has a similar problem. He thought he had cleared it up himself using the various tools that are available, but it's come back when he's switched on again this morning. He thought he had removed IE and had started to use Firefox instead, but today the popups still appear to be using IE. Anyway, this is his HijackThis log, so we would be very grateful if anyone could help.

I see something called nidle in there, which is perhaps a virus?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:03:00, on 09/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\PSIService.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\QuickTime\qttask.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Documents and Settings\Chris and Lisa\Application Data\nidle\nidle.exe
D:\WINDOWS\system32\wdfmgr.exe
D:\WINDOWS\System32\alg.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
D:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.client...fo/bt_side.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [nidle] "D:\Documents and Settings\Chris and Lisa\Application Data\nidle\nidle.exe" 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKCU\..\Run: [A00F100EFD.exe] D:\DOCUME~1\CHRISA~1\LOCALS~1\Temp\_A00F100EFD.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://D:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Open in new background tab - res://D:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?ab609c13894c41bd84cf921c6791476e
O8 - Extra context menu item: Open in new foreground tab - res://D:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?ab609c13894c41bd84cf921c6791476e
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebo...toUploader5.cab
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/...oader.5.1.4.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://help.broadban...tivePreQual.cab
O20 - AppInit_DLLs: D:\WINDOWS\system32\tuyubeva.dll,D:\WINDOWS\System32\d3drm32.dll ,D:\WINDOWS\System32\d3drm32.dll ,D:\WINDOWS\System32\d3drm32.dll ,D:\WINDOWS\System32\d3drm32.dll
O20 - Winlogon Notify: 142e77eb548 - D:\WINDOWS\System32\d3drm32.dll
O23 - Service: ProtexisLicensing - Unknown owner - D:\WINDOWS\system32\PSIService.exe

[Advertisements]

Hello jaydee97 !

Welcome to the site! My nickname is heir and I'll be helping clean up your computer.

Before we proceed to clean your computer from malware, let's go over some points that will help both me and you, and prevent causing damage to your computer:

• To make sure that you receive an email when I reply to this topic, please click here and check that this topic is listed under Malware Removal - HijackThis™ Logs Go Here.
• Please don't be afraid to ask questions! No question is considered dumb here. It's better to be safe than sorry!
• When posting logs, please ensure Wordwrap is turned off in Notepad (to check, open Notepad in the menubar click on Format and make sure that Word Wrap is unchecked)
• Please follow the steps exactly in the same order posted. If you can't perform a certain step, or you're unsure on what to do, please stop and let me know.
• NEVER fix anything in HijackThis or other programs on your own! This can be very dangerous and cause harm to your system. If you see a certain entry or program you're unsure about, please don't hesitate to ask!
• Make sure you reply to this thread using the Add Reply button:

Please read my posts completely before following the instructions.
It may be easier for you if you copy and paste a post to a new text document or print it for reference later.
This is required when you won't have access to Internet.

Do not follow directions in other threads in forums as they are tailored for that specific user. Doing so can severely cripple you computer.

That HJT-log was incomplete (cut of at the end). Please make sure that the complete logs are posted from now on. Check post after you've made the post to make sure everything fitted into the post.

Let's take a deeper look at this befor we start removing stuff.

Step 1.
OTL2-scan:

• Download OTListIt2 to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

Step 2.
Lop S&D:

Disable resident protections (Antivirus...); you'll re-enable them after the scan

Download Lop S&D < here and save it to the desktop

Double-click Lop S&D.exe
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)

Step 3.
Things I would like to see in your reply:

• The content of OTListIt.txt and Extras.txt from step 1.
• The content of C:\lopR.txt from step 2.

[heir]

Hello jaydee97 !

Welcome to the site! My nickname is heir and I'll be helping clean up your computer.

Before we proceed to clean your computer from malware, let's go over some points that will help both me and you, and prevent causing damage to your computer:

• To make sure that you receive an email when I reply to this topic, please click here and check that this topic is listed under Malware Removal - HijackThis™ Logs Go Here.
• Please don't be afraid to ask questions! No question is considered dumb here. It's better to be safe than sorry!
• When posting logs, please ensure Wordwrap is turned off in Notepad (to check, open Notepad in the menubar click on Format and make sure that Word Wrap is unchecked)
• Please follow the steps exactly in the same order posted. If you can't perform a certain step, or you're unsure on what to do, please stop and let me know.
• NEVER fix anything in HijackThis or other programs on your own! This can be very dangerous and cause harm to your system. If you see a certain entry or program you're unsure about, please don't hesitate to ask!
• Make sure you reply to this thread using the Add Reply button:

Please read my posts completely before following the instructions.
It may be easier for you if you copy and paste a post to a new text document or print it for reference later.
This is required when you won't have access to Internet.

Do not follow directions in other threads in forums as they are tailored for that specific user. Doing so can severely cripple you computer.

That HJT-log was incomplete (cut of at the end). Please make sure that the complete logs are posted from now on. Check post after you've made the post to make sure everything fitted into the post.

Let's take a deeper look at this befor we start removing stuff.

Step 1.
OTL2-scan:

• Download OTListIt2 to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

Step 2.
Lop S&D:

Disable resident protections (Antivirus...); you'll re-enable them after the scan

Download Lop S&D < here and save it to the desktop

Double-click Lop S&D.exe
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)

Step 3.
Things I would like to see in your reply:

• The content of OTListIt.txt and Extras.txt from step 1.
• The content of C:\lopR.txt from step 2.

[jaydee97]

Hi, thanks for this. Please bear in mind I'm relaying this myself and can't see the PC from here!

I've attached OTListIt.txt, Extras.txt and LopR.txt (or at least I think I have!)

Cheers

Attached Files

•  Extras.txt   12.91KB   581 downloads
•  OTListIt.txt   24.07KB   360 downloads
•  LopR.txt   10.41KB   218 downloads

[heir]

Please do NOT aatch logs if I don't specifically ask you to.

I'll paste them here for you.

OTListIt logfile created on: 09/03/2009 12:03:58 - Run 1
OTListIt2 by OldTimer - Version 2.0.3.5 Folder = D:\Documents and Settings\Chris and Lisa\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

255.48 Mb Total Physical Memory | 121.16 Mb Available Physical Memory | 47.42% Memory free
1.01 Gb Paging File | 0.78 Gb Available in Paging File | 76.97% Paging File free
Paging file location(s): D:\pagefile.sys 800 800;

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 7.82 Mb Total Space | 0.16 Mb Free Space | 2.00% Space Free | Partition Type: FAT
Drive D: | 7.86 Gb Total Space | 0.12 Gb Free Space | 1.56% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHRIS
Current User Name: Chris and Lisa
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - D:\WINDOWS\system32\PSIService.exe ()
PRC - D:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
PRC - D:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)
PRC - D:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
PRC - D:\Documents and Settings\Chris and Lisa\Application Data\nidle\nidle.exe ()
PRC - D:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - D:\Program Files\Prevx\prevx.exe (Prevx)
PRC - D:\Program Files\Prevx\prevx.exe (Prevx)
PRC - D:\Documents and Settings\Chris and Lisa\Application Data\Twain\Twain.exe ()
PRC - D:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - D:\Program Files\VnrPack\VnrPack26.exe ()
PRC - D:\Program Files\Common Files\iumk\iumkm.exe ()
PRC - D:\Program Files\Common Files\iumk\iumka.exe ()
PRC - D:\Program Files\Outlook Express\msimn.exe (Microsoft Corporation)
PRC - D:\Documents and Settings\Chris and Lisa\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (aspnet_state [On_Demand | Stopped]) -- File not found
SRV - (helpsvc [Auto | Running]) -- D:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (Irmon [Auto | Running]) -- D:\WINDOWS\System32\irmon.dll (Microsoft Corporation)
SRV - (NMSAccessU [Auto | Stopped]) -- File not found
SRV - (ProtexisLicensing [Auto | Start_Pending]) -- D:\WINDOWS\system32\PSIService.exe ()
SRV - (UMWdf [Auto | Running]) -- D:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
SRV - (CSIScanner [Auto | Running]) -- D:\Program Files\Prevx\prevx.exe (Prevx)

========== Driver Services (SafeList) ==========

DRV - (cmpci [On_Demand | Running]) -- D:\WINDOWS\system32\drivers\cmaudio.sys (C-Media Inc)
DRV - (cwcspud [On_Demand | Running]) -- D:\WINDOWS\system32\drivers\cwcspud.sys (Crystal Semiconductor Corp.)
DRV - (cwcwdm [On_Demand | Running]) -- D:\WINDOWS\system32\drivers\cwcwdm.sys (Crystal Semiconductor Corp.)
DRV - (E100B [On_Demand | Stopped]) -- D:\WINDOWS\System32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (G200 [On_Demand | Running]) -- D:\WINDOWS\System32\DRIVERS\G200m.sys (Matrox Graphics Inc.)
DRV - (gameenum [On_Demand | Running]) -- D:\WINDOWS\System32\DRIVERS\gameenum.sys (Microsoft Corporation)
DRV - (KS-959 [On_Demand | Stopped]) -- D:\WINDOWS\system32\DRIVERS\KS-959.sys (Kingsun Corporation)
DRV - (MODEMCSA [On_Demand | Stopped]) -- D:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (Ptilink [On_Demand | Running]) -- D:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- D:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ROOTMODEM [On_Demand | Stopped]) -- D:\WINDOWS\System32\Drivers\RootMdm.sys (Microsoft Corporation)
DRV - (rtl8139 [On_Demand | Running]) -- D:\WINDOWS\system32\DRIVERS\R8139n51.SYS (Realtek Semiconductor Corporation)
DRV - (Secdrv [On_Demand | Stopped]) -- D:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (usbsermpt [On_Demand | Stopped]) -- D:\WINDOWS\system32\DRIVERS\usbsermpt.sys (Microsoft Corporation)
DRV - (USB_RNDIS [On_Demand | Stopped]) -- D:\WINDOWS\system32\DRIVERS\usb8023.sys (Microsoft Corporation)
DRV - (wceusbsh [On_Demand | Stopped]) -- D:\WINDOWS\system32\DRIVERS\wceusbsh.sys (Microsoft Corporation)
DRV - (pxscan [Boot | Running]) -- D:\WINDOWS\System32\drivers\pxscan.sys (Prevx)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = D:\WINDOWS\SYSTEM32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://uk.red.client...fo/bt_side.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - URLSearchHook: {4E2F75EB-16A7-E1F0-7101-153AF1C38B99} - Reg Error: Key error. File not found

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.co.uk/
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - presf.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.7
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Components -> %ProgramFiles%\MOZILLA FIREFOX\COMPONENTS [D:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2009/03/08 16:51:29 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Plugins -> %ProgramFiles%\MOZILLA FIREFOX\PLUGINS [D:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2009/03/08 16:51:28 00,000,000 | ---D | M]
FF - D:\Documents and Settings\Chris and Lisa\Application Data\mozilla\Extensions [2009/03/08 16:51:49 00,000,000 | ---D | M]
FF - D:\Documents and Settings\Chris and Lisa\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009/03/08 16:51:49 00,000,000 | ---D | M]
FF - D:\Documents and Settings\Chris and Lisa\Application Data\mozilla\Extensions\[email protected] [2009/03/06 15:59:39 00,000,000 | ---D | M]
FF - D:\Documents and Settings\Chris and Lisa\Application Data\mozilla\Firefox\Profiles\h5bysufo.default\extensions [2007/04/10 18:42:55 00,000,000 | ---D | M]
FF - D:\Program Files\mozilla firefox\extensions [2009/03/08 16:51:52 00,000,000 | ---D | M]
FF - D:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009/03/08 16:51:28 00,000,000 | ---D | M]

O1 HOSTS File: (27 bytes) - D:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (Jcore class) - {D88E1558-7C2D-407A-953A-C044F5607CEA} - D:\Program Files\Jcore\Jcore2.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc.)
O4 - HKCU..\Run: [iumk] D:\PROGRA~1\COMMON~1\iumk\iumkm.exe ()
O4 - HKCU..\Run: [nidle] "D:\Documents and Settings\Chris and Lisa\Application Data\nidle\nidle.exe" 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310 ()
O4 - HKCU..\Run: [Twain] D:\Documents and Settings\Chris and Lisa\Application Data\Twain\Twain.exe ()
O4 - HKCU..\Run: [VnrPack26] "D:\Program Files\VnrPack\VnrPack26.exe" ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Windows Live Search - res://D:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Open in new background tab - res://D:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?ab609c13894c41bd84cf921c6791476e
O8 - Extra context menu item: Open in new foreground tab - res://D:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?ab609c13894c41bd84cf921c6791476e
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O12 - Plugin for: .spop - D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: v21net.co.uk ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 23 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5)
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} http://www.bebo.com/...oader.5.1.4.cab (Bebo Uploader Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} http://help.broadban...tivePreQual.cab (PreQualifier Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java (Reg Error: Key error.)
O18 - Protocol\Handler\ipp Reg Error: Value error. - Reg Error: Key error. File not found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp Reg Error: Value error. - Reg Error: Key error. File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\142e77eb548: DllName - D:\WINDOWS\System32\d3drm32.dll - D:\WINDOWS\System32\d3drm32.dll ()
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ FAT ]

========== Files/Folders - Created Within 30 Days ==========

[1 D:\WINDOWS\System32\*.tmp files]
[2009/03/09 12:02:56 | 00,497,664 | ---- | C] (OldTimer Tools) -- D:\Documents and Settings\Chris and Lisa\Desktop\OTListIt2.exe
[2009/03/09 11:35:43 | 00,127,578 | ---- | C] () -- D:\WINDOWS\System32\tsuninst.exe
[2009/03/09 11:35:43 | 00,000,000 | ---D | C] -- D:\WINDOWS\iumk
[2009/03/09 11:35:43 | 00,000,000 | ---D | C] -- D:\Program Files\Common Files\iumk
[2009/03/09 11:35:28 | 00,000,000 | ---D | C] -- D:\Program Files\InetGet2
[2009/03/09 11:10:00 | 00,000,000 | ---D | C] -- D:\Program Files\VnrPack
[2009/03/09 11:10:00 | 00,000,000 | ---D | C] -- D:\Program Files\iCheck
[2009/03/09 10:57:08 | 00,022,536 | ---- | C] (Prevx) -- D:\WINDOWS\System32\drivers\pxscan.sys
[2009/03/09 10:57:08 | 00,000,000 | ---D | C] -- D:\Program Files\Prevx
[2009/03/09 10:57:03 | 00,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\PrevxCSI
[2009/03/09 10:56:45 | 00,866,360 | ---- | C] (Prevx) -- D:\Documents and Settings\Chris and Lisa\Desktop\77D1E394E6A84E93B7CF.EXE
[2009/03/09 10:54:30 | 00,000,000 | -HSD | C] -- D:\RECYCLER
[2009/03/09 10:48:53 | 00,000,000 | ---D | C] -- D:\WINDOWS\temp
[2009/03/09 10:48:11 | 00,009,486 | ---- | C] () -- D:\WINDOWS\GnuHashes.ini
[2009/03/09 10:39:31 | 00,005,518 | -HS- | C] () -- D:\Documents and Settings\Chris and Lisa\Application Data\02000000dd27d387548C.manifest
[2009/03/09 10:39:31 | 00,001,529 | -HS- | C] () -- D:\Documents and Settings\Chris and Lisa\Application Data\02000000dd27d387548P.manifest
[2009/03/09 10:39:31 | 00,000,407 | -HS- | C] () -- D:\Documents and Settings\Chris and Lisa\Application Data\02000000dd27d387548O.manifest
[2009/03/09 10:39:31 | 00,000,011 | -HS- | C] () -- D:\Documents and Settings\Chris and Lisa\Application Data\02000000dd27d387548S.manifest
[2009/03/09 10:38:56 | 00,001,430 | -HS- | C] () -- D:\WINDOWS\System32\GroupPolicy000.dat
[2009/03/09 10:38:55 | 00,000,000 | -HSD | C] -- D:\WINDOWS\System32\LocalService32
[2009/03/09 10:23:45 | 00,212,480 | ---- | C] (SteelWerX) -- D:\WINDOWS\SWXCACLS.exe
[2009/03/09 10:23:45 | 00,161,792 | ---- | C] (SteelWerX) -- D:\WINDOWS\SWREG.exe
[2009/03/09 10:23:45 | 00,136,704 | ---- | C] (SteelWerX) -- D:\WINDOWS\SWSC.exe
[2009/03/09 10:23:45 | 00,098,816 | ---- | C] () -- D:\WINDOWS\sed.exe
[2009/03/09 10:23:45 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- D:\WINDOWS\fdsv.exe
[2009/03/09 10:23:45 | 00,080,412 | ---- | C] () -- D:\WINDOWS\grep.exe
[2009/03/09 10:23:45 | 00,068,096 | ---- | C] () -- D:\WINDOWS\zip.exe
[2009/03/09 10:23:45 | 00,049,152 | ---- | C] () -- D:\WINDOWS\VFIND.exe
[2009/03/09 10:23:45 | 00,029,696 | ---- | C] (NirSoft) -- D:\WINDOWS\NIRCMD.exe
[2009/03/09 10:23:25 | 00,000,000 | ---D | C] -- D:\Qoobox
[2009/03/09 10:23:05 | 00,000,000 | ---D | C] -- D:\32788R22FWJFW
[2009/03/09 10:22:31 | 02,933,448 | R--- | C] () -- D:\Documents and Settings\Chris and Lisa\Desktop\ComboFix.exe
[2009/03/09 10:02:20 | 00,001,734 | ---- | C] () -- D:\Documents and Settings\Chris and Lisa\Desktop\HijackThis.lnk
[2009/03/09 10:02:19 | 00,000,000 | ---D | C] -- D:\Program Files\Trend Micro
[2009/03/08 17:40:47 | 00,000,230 | ---- | C] () -- D:\WINDOWS\System32\spupdsvc.inf
[2009/03/08 16:51:32 | 00,001,602 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/03/08 16:51:26 | 00,000,000 | ---D | C] -- D:\Program Files\Mozilla Firefox
[2009/03/08 15:50:03 | 00,000,000 | ---D | C] -- D:\Program Files\PC Registry Cleaner
[2009/03/08 14:09:18 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Chris and Lisa\Application Data\Malwarebytes
[2009/03/08 14:08:55 | 00,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/03/08 13:58:30 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Chris and Lisa\Application Data\Twain
[2009/03/08 13:51:29 | 00,000,000 | ---D | C] -- D:\Program Files\Jcore
[2009/03/08 13:08:58 | 00,000,000 | ---D | C] -- D:\WINDOWS\ERDNT
[2009/03/07 12:55:04 | 00,040,245 | ---- | C] () -- D:\WINDOWS\wininit.ini
[2009/03/07 09:06:51 | 00,000,000 | ---D | C] -- D:\Program Files\Spybot - Search & Destroy
[2009/03/07 08:54:51 | 00,000,513 | ---- | C] () -- D:\WINDOWS\Shortcut to LDC Theory Test 2006.lnk
[2009/03/06 17:25:21 | 00,000,000 | ---D | C] -- D:\Incomplete
[2009/03/06 17:13:23 | 00,147,456 | ---- | C] (Info-ZIP) -- D:\WINDOWS\System32\vbzip10.dll
[2009/03/06 17:10:13 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Chris and Lisa\Application Data\nidle
[2009/03/06 17:09:58 | 00,000,000 | ---D | C] -- D:\WINDOWS\System32\ep2
[2009/03/06 17:09:39 | 00,000,000 | ---D | C] -- D:\WINDOWS\System32\aNI02
[2009/03/06 16:30:04 | 00,139,264 | ---- | C] () -- D:\WINDOWS\System32\d3drm32.dll
[2009/03/06 15:57:16 | 00,000,000 | ---D | C] -- D:\WINDOWS\Sun
[2009/03/06 15:55:28 | 00,000,000 | ---D | C] -- D:\Program Files\Java
[2009/03/06 14:55:22 | 00,000,000 | ---D | C] -- D:\My Downloads
[2009/02/22 12:19:15 | 00,000,000 | ---D | C] -- D:\Program Files\Eusing Free Registry Cleaner
[2009/02/09 18:19:08 | 00,000,000 | ---D | C] -- D:\Program Files\MSN

========== Files - Modified Within 30 Days ==========

[1 D:\WINDOWS\System32\drivers\*.tmp files]
[1 D:\WINDOWS\System32\*.tmp files]
[2009/03/09 12:06:01 | 00,005,518 | -HS- | M] () -- D:\Documents and Settings\Chris and Lisa\Application Data\02000000dd27d387548C.manifest
[2009/03/09 12:06:01 | 00,001,529 | -HS- | M] () -- D:\Documents and Settings\Chris and Lisa\Application Data\02000000dd27d387548P.manifest
[2009/03/09 12:02:57 | 00,497,664 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Chris and Lisa\Desktop\OTListIt2.exe
[2009/03/09 11:42:50 | 00,000,407 | -HS- | M] () -- D:\Documents and Settings\Chris and Lisa\Application Data\02000000dd27d387548O.manifest
[2009/03/09 11:05:06 | 00,040,245 | ---- | M] () -- D:\WINDOWS\wininit.ini
[2009/03/09 10:57:09 | 00,022,536 | ---- | M] (Prevx) -- D:\WINDOWS\System32\drivers\pxscan.sys
[2009/03/09 10:56:48 | 00,866,360 | ---- | M] (Prevx) -- D:\Documents and Settings\Chris and Lisa\Desktop\77D1E394E6A84E93B7CF.EXE
[2009/03/09 10:48:44 | 00,000,011 | -HS- | M] () -- D:\Documents and Settings\Chris and Lisa\Application Data\02000000dd27d387548S.manifest
[2009/03/09 10:48:11 | 00,009,486 | ---- | M] () -- D:\WINDOWS\GnuHashes.ini
[2009/03/09 10:38:56 | 00,001,430 | -HS- | M] () -- D:\WINDOWS\System32\GroupPolicy000.dat
[2009/03/09 10:38:54 | 00,000,227 | ---- | M] () -- D:\WINDOWS\system.ini
[2009/03/09 10:38:42 | 00,002,206 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl
[2009/03/09 10:38:22 | 00,000,027 | ---- | M] () -- D:\WINDOWS\System32\drivers\etc\hosts
[2009/03/09 10:38:09 | 00,000,006 | -H-- | M] () -- D:\WINDOWS\tasks\SA.DAT
[2009/03/09 10:38:02 | 00,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat
[2009/03/09 10:22:47 | 02,933,448 | R--- | M] () -- D:\Documents and Settings\Chris and Lisa\Desktop\ComboFix.exe
[2009/03/09 10:02:20 | 00,001,734 | ---- | M] () -- D:\Documents and Settings\Chris and Lisa\Desktop\HijackThis.lnk
[2009/03/09 06:03:23 | 00,060,048 | ---- | M] () -- D:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/08 20:16:42 | 03,748,910 | -H-- | M] () -- D:\Documents and Settings\Chris and Lisa\Local Settings\Application Data\IconCache.db
[2009/03/08 19:06:23 | 00,516,190 | ---- | M] () -- D:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/08 19:06:23 | 00,433,034 | ---- | M] () -- D:\WINDOWS\System32\perfh009.dat
[2009/03/08 19:06:23 | 00,075,734 | ---- | M] () -- D:\WINDOWS\System32\perfc009.dat
[2009/03/08 18:57:41 | 00,005,301 | ---- | M] () -- D:\WINDOWS\imsins.BAK
[2009/03/08 17:40:47 | 00,000,230 | ---- | M] () -- D:\WINDOWS\System32\spupdsvc.inf
[2009/03/08 16:51:32 | 00,001,602 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/03/08 14:29:57 | 00,006,456 | -H-- | M] () -- D:\WINDOWS\System32\degugeyi
[2009/03/07 17:15:30 | 00,084,992 | -HS- | M] () -- D:\WINDOWS\System32\hefihiru.dll
[2009/03/07 17:15:30 | 00,079,872 | ---- | M] () -- D:\WINDOWS\System32\baguteja.dll
[2009/03/07 08:54:51 | 00,000,513 | ---- | M] () -- D:\WINDOWS\Shortcut to LDC Theory Test 2006.lnk
[2009/03/07 05:15:22 | 00,084,992 | -HS- | M] () -- D:\WINDOWS\System32\fofugapi.dll
[2009/03/06 17:15:04 | 00,084,992 | -HS- | M] () -- D:\WINDOWS\System32\damorume.dll
[2009/03/06 17:13:23 | 00,147,456 | ---- | M] (Info-ZIP) -- D:\WINDOWS\System32\vbzip10.dll
[2009/03/06 16:30:04 | 00,139,264 | ---- | M] () -- D:\WINDOWS\System32\d3drm32.dll
[2009/02/28 18:28:46 | 00,001,852 | ---- | M] () -- D:\WINDOWS\System32\d3d9caps.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 3567 bytes -> D:\WINDOWS\yklhw.dat:pvvbms
@Alternate Data Stream - 3567 bytes -> D:\WINDOWS\bootstat.dat:blgzin
@Alternate Data Stream - 116 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 112 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:44DAF2F1
@Alternate Data Stream - 0 bytes -> D:\WINDOWS\zplvp.txt:ynwvxs
< End of report >

[heir]

OTListIt Extras logfile created on: 09/03/2009 12:03:58 - Run 1
OTListIt2 by OldTimer - Version 2.0.3.5 Folder = D:\Documents and Settings\Chris and Lisa\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

255.48 Mb Total Physical Memory | 121.16 Mb Available Physical Memory | 47.42% Memory free
1.01 Gb Paging File | 0.78 Gb Available in Paging File | 76.97% Paging File free
Paging file location(s): D:\pagefile.sys 800 800;

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 7.82 Mb Total Space | 0.16 Mb Free Space | 2.00% Space Free | Partition Type: FAT
Drive D: | 7.86 Gb Total Space | 0.12 Gb Free Space | 1.56% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHRIS
Current User Name: Chris and Lisa
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- D:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]



HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
D:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) File not found
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
D:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 File not found
D:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
D:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger (Microsoft Corporation)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1707BF02-0F5C-4A6C-8F17-053BB73E443F}" = Tabbed Browsing (Windows Live Toolbar)
"{1967D67C-6F3F-4001-9644-BAC704F7EE84}" = Samsung PC Studio
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" =
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3727B920-F5A3-46A4-AC02-94F421A039C7}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{38024121-D084-4E7D-B1A2-1A04CB5C4CF3}" = Windows Live Toolbar Feed Detector (Windows Live Toolbar)
"{47FBF7F9-FBD3-43EF-823B-7684D56C1962}" = Tabbed Browsing (Windows Live Toolbar)
"{68108E66-D13A-4EE8-A6F4-40E4B90C2A26}" = Windows Live Toolbar Feed Detector (Windows Live Toolbar)
"{95FC661A-A0C5-4B18-92CE-90347DA79CC9}" = Smart Menus (Windows Live Toolbar)
"{9DA72A9F-4246-4C10-B0FA-D8C1037D45F8}" = Windows Live Toolbar
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D271DAE0-8D68-4C97-8356-A126D48A1D8C}" = Ulead Photo Explorer 8.0 SE Basic
"{D3F28364-8B10-45F1-8C2D-0037F4538BBB}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F843C6A3-224D-4615-94F8-3C461BD9AEA0}" = Jasc Paint Shop Pro 9
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"BT Yahoo! Applications" = BT Yahoo! Applications
"BT Yahoo! TrueSwitch Wizard" = BT Yahoo! TrueSwitch Wizard
"DXTXTRA" = Microsoft DirectX Transform optional components
"HijackThis" = HijackThis 2.0.2
"iCheck" = Internet Speed Monitor
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.0.7)" = Mozilla Firefox (3.0.7)
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Office8.0" = Microsoft Office 97, Professional Edition
"PCI Audio Driver" = PCI Audio Driver
"PCSI" = Prevx CSI
"Shockwave" = Shockwave
"TSA" = TargetSaver
"Tweak UI 2.10" = Tweak UI
"WinAce Archiver 2.0" = WinAce Archiver 2.0
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinRAR archiver" = WinRAR archiver

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 07/03/2009 04:51:04 | Computer Name = CHRIS | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 07/03/2009 05:04:03 | Computer Name = CHRIS | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 07/03/2009 11:37:18 | Computer Name = CHRIS | Source = Application Error | ID = 1000
Description = Faulting application mrt.exe, version 0.0.0.0, faulting module , version
0.0.0.0, fault address 0x00000000.

Error - 07/03/2009 11:42:18 | Computer Name = CHRIS | Source = Application Error | ID = 1000
Description = Faulting application mrt.exe, version 0.0.0.0, faulting module , version
0.0.0.0, fault address 0x00000000.

Error - 07/03/2009 13:22:14 | Computer Name = CHRIS | Source = Application Error | ID = 1000
Description = Faulting application ctfmon.exe, version 5.1.2600.2180, faulting module
unknown, version 0.0.0.0, fault address 0x77124c05.

Error - 08/03/2009 09:14:12 | Computer Name = CHRIS | Source = Application Error | ID = 1000
Description = Faulting application extract.cfexe, version 0.0.0.0, faulting module
crtdll.dll, version 4.0.1183.1, fault address 0x000115ce.

Error - 08/03/2009 12:18:12 | Computer Name = CHRIS | Source = MsiInstaller | ID = 11722
Description = Product: PC Registry Cleaner -- Error 1722. There is a problem with
this Windows Installer package. A program run as part of the setup did not finish
as expected. Contact your support personnel or package vendor. Action Action,
location: D:\WINDOWS\Installer\MSI16.tmp, command:

Error - 08/03/2009 12:18:25 | Computer Name = CHRIS | Source = MsiInstaller | ID = 11722
Description = Product: PC Registry Cleaner -- Error 1722. There is a problem with
this Windows Installer package. A program run as part of the setup did not finish
as expected. Contact your support personnel or package vendor. Action Action,
location: D:\WINDOWS\Installer\MSI17.tmp, command:

Error - 08/03/2009 12:19:08 | Computer Name = CHRIS | Source = MsiInstaller | ID = 11722
Description = Product: PC Registry Cleaner -- Error 1722. There is a problem with
this Windows Installer package. A program run as part of the setup did not finish
as expected. Contact your support personnel or package vendor. Action Action,
location: D:\WINDOWS\Installer\MSI18.tmp, command:

Error - 09/03/2009 06:27:48 | Computer Name = CHRIS | Source = Application Error | ID = 1000
Description = Faulting application extract.cfexe, version 0.0.0.0, faulting module
crtdll.dll, version 4.0.1183.1, fault address 0x000115ce.

[ System Events ]
Error - 09/03/2009 02:03:48 | Computer Name = CHRIS | Source = ACPI | ID = 327684
Description = AMLI: ACPI BIOS is attempting to read from an illegal IO port address
(0x4d1), which lies in the 0x4d0 - 0x4d1 protected address range. This could lead
to system instability. Please contact your system vendor for technical assistance.

Error - 09/03/2009 02:03:48 | Computer Name = CHRIS | Source = ACPI | ID = 327685
Description = AMLI: ACPI BIOS is attempting to write to an illegal IO port address
(0x4d1), which lies in the 0x4d0 - 0x4d1 protected address range. This could lead
to system instability. Please contact your system vendor for technical assistance.

Error - 09/03/2009 02:03:49 | Computer Name = CHRIS | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 0008544467D0 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 09/03/2009 02:04:07 | Computer Name = CHRIS | Source = Service Control Manager | ID = 7000
Description = The NMSAccessU service failed to start due to the following error:
%%3

Error - 09/03/2009 04:43:59 | Computer Name = CHRIS | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{BCDA25E2-2EEE-483F-A0C4-6DC362D8AC5C}
because another computer on the network has the same name. The server could not
start.

Error - 09/03/2009 06:38:27 | Computer Name = CHRIS | Source = ACPI | ID = 327684
Description = AMLI: ACPI BIOS is attempting to read from an illegal IO port address
(0x4d1), which lies in the 0x4d0 - 0x4d1 protected address range. This could lead
to system instability. Please contact your system vendor for technical assistance.

Error - 09/03/2009 06:38:27 | Computer Name = CHRIS | Source = ACPI | ID = 327685
Description = AMLI: ACPI BIOS is attempting to write to an illegal IO port address
(0x4d1), which lies in the 0x4d0 - 0x4d1 protected address range. This could lead
to system instability. Please contact your system vendor for technical assistance.

Error - 09/03/2009 06:38:29 | Computer Name = CHRIS | Source = Service Control Manager | ID = 7000
Description = The NMSAccessU service failed to start due to the following error:
%%3

Error - 09/03/2009 07:13:21 | Computer Name = CHRIS | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 0008544467D0 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 09/03/2009 07:34:23 | Computer Name = CHRIS | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 0008544467D0 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).


< End of report >

[heir]

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Intel Pentium III processor )
BIOS : Award Modular BIOS v6.00PG
USER : Chris and Lisa ( Administrator )
BOOT : Normal boot
A:\ (USB)
C:\ (Local Disk) - FAT - Total:0 Go (Free:0 Go)
D:\ (Local Disk) - NTFS - Total:7 Go (Free:0 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)

"D:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 09/03/2009|12:54 )

--------------------\\ Listing folders in APPLIC~1

[25/05/2008|06:02] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[21/09/2006|17:46] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Avanquest Software
[15/04/2007|10:05] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Avg7
[18/10/2006|18:55] D:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRP Software
[17/01/2007|16:04] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Corel
[28/08/2006|16:47] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Downloaded Installations
[26/07/2006|15:25] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Driving Test Success
[11/07/2006|18:38] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Hazard Perception Training
[09/09/2008|18:00] D:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[08/03/2009|14:08] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[09/01/2009|15:56] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[28/06/2006|18:32] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Motive
[24/02/2006|16:07] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony
[07/03/2009|13:12] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[08/03/2009|15:17] D:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[19/05/2008|07:32] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems
[09/12/2005|10:59] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[09/08/2006|06:39] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
[31/05/2007|20:38] D:\DOCUME~1\ALLUSE~1\APPLIC~1\yahoo!

[03/11/2008|11:46] D:\DOCUME~1\CHRISA~1\APPLIC~1\Adobe
[26/12/2007|19:36] D:\DOCUME~1\CHRISA~1\APPLIC~1\AdobeUM
[25/12/2005|13:25] D:\DOCUME~1\CHRISA~1\APPLIC~1\Business Logic
[18/01/2007|17:06] D:\DOCUME~1\CHRISA~1\APPLIC~1\Corel
[11/08/2006|21:15] D:\DOCUME~1\CHRISA~1\APPLIC~1\DataLayer
[25/09/2006|12:09] D:\DOCUME~1\CHRISA~1\APPLIC~1\Google
[31/10/2005|12:04] D:\DOCUME~1\CHRISA~1\APPLIC~1\Help
[22/07/2006|20:33] D:\DOCUME~1\CHRISA~1\APPLIC~1\Identities
[13/11/2006|12:30] D:\DOCUME~1\CHRISA~1\APPLIC~1\InterTrust
[22/01/2007|20:05] D:\DOCUME~1\CHRISA~1\APPLIC~1\Jasc
[11/08/2008|14:26] D:\DOCUME~1\CHRISA~1\APPLIC~1\Jasc Software Inc
[08/11/2005|20:58] D:\DOCUME~1\CHRISA~1\APPLIC~1\Macromedia
[08/03/2009|14:09] D:\DOCUME~1\CHRISA~1\APPLIC~1\Malwarebytes
[29/05/2008|19:10] D:\DOCUME~1\CHRISA~1\APPLIC~1\Microsoft
[11/08/2006|21:10] D:\DOCUME~1\CHRISA~1\APPLIC~1\MobileAction
[08/06/2006|21:15] D:\DOCUME~1\CHRISA~1\APPLIC~1\Motive
[06/03/2009|15:59] D:\DOCUME~1\CHRISA~1\APPLIC~1\Mozilla
[28/05/2006|11:49] D:\DOCUME~1\CHRISA~1\APPLIC~1\NetMedia Providers
[06/03/2009|17:10] D:\DOCUME~1\CHRISA~1\APPLIC~1\nidle
[12/08/2006|09:48] D:\DOCUME~1\CHRISA~1\APPLIC~1\Nokia Multimedia Player
[05/08/2006|09:39] D:\DOCUME~1\CHRISA~1\APPLIC~1\PC Suite
[09/09/2008|16:41] D:\DOCUME~1\CHRISA~1\APPLIC~1\Publish Providers
[19/05/2008|12:29] D:\DOCUME~1\CHRISA~1\APPLIC~1\Real
[21/10/2007|18:24] D:\DOCUME~1\CHRISA~1\APPLIC~1\Registry Cleaner
[18/07/2006|15:05] D:\DOCUME~1\CHRISA~1\APPLIC~1\Snapfish
[22/05/2006|16:14] D:\DOCUME~1\CHRISA~1\APPLIC~1\Sonic Foundry
[30/07/2006|17:53] D:\DOCUME~1\CHRISA~1\APPLIC~1\Sun
[26/11/2006|20:22] D:\DOCUME~1\CHRISA~1\APPLIC~1\SUPERAntiSpyware.com
[10/04/2007|18:45] D:\DOCUME~1\CHRISA~1\APPLIC~1\Talkback
[09/03/2009|11:04] D:\DOCUME~1\CHRISA~1\APPLIC~1\Twain
[29/10/2005|18:15] D:\DOCUME~1\CHRISA~1\APPLIC~1\Ulead Systems
[04/07/2007|11:29] D:\DOCUME~1\CHRISA~1\APPLIC~1\WinRAR
[31/05/2007|20:55] D:\DOCUME~1\CHRISA~1\APPLIC~1\Yahoo!

[22/10/2005|16:28] D:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[19/10/2007|20:51] D:\DOCUME~1\LOCALS~1\APPLIC~1\Identities
[15/04/2007|10:05] D:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[19/10/2007|20:53] D:\DOCUME~1\LOCALS~1\APPLIC~1\Real

[11/07/2007|20:54] D:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

--------------------\\ Scheduled Tasks located in D:\WINDOWS\Tasks

[09/03/2009 10:38][--ah-----] D:\WINDOWS\tasks\SA.DAT
[29/08/2002 12:00][-r-h-c---] D:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in D:\Program Files

[29/10/2005|10:57] D:\Program Files\ABBYY FineReader 6.0
[30/03/2007|17:30] D:\Program Files\Abexo
[25/05/2008|06:02] D:\Program Files\Adobe
[24/08/2007|20:43] D:\Program Files\Alwil Software
[22/07/2006|18:45] D:\Program Files\BT Broadband 210
[13/04/2008|07:32] D:\Program Files\BT Broadband Desktop Help
[09/03/2009|11:35] D:\Program Files\Common Files
[14/10/2007|10:50] D:\Program Files\Comodo
[07/09/2008|10:51] D:\Program Files\Corel
[02/07/2006|19:07] D:\Program Files\Diktyon Ltd
[11/07/2006|08:52] D:\Program Files\directx
[01/01/2006|13:35] D:\Program Files\Eidos Interactive
[08/03/2009|15:32] D:\Program Files\Eusing Free Registry Cleaner
[03/12/2008|20:07] D:\Program Files\Google
[22/02/2007|17:24] D:\Program Files\Grisoft
[11/08/2006|21:13] D:\Program Files\Handset Manager
[30/03/2007|18:14] D:\Program Files\History Cleaner
[09/03/2009|11:38] D:\Program Files\InetGet2
[28/02/2009|18:44] D:\Program Files\InstallShield Installation Information
[08/03/2009|18:41] D:\Program Files\Internet Explorer
[07/11/2006|12:56] D:\Program Files\IObit
[18/10/2006|18:53] D:\Program Files\IrfanView
[10/09/2008|05:40] D:\Program Files\Jasc Software Inc
[06/03/2009|15:55] D:\Program Files\Java
[09/03/2009|10:40] D:\Program Files\Jcore
[06/08/2008|11:24] D:\Program Files\Kaspersky Lab
[07/08/2008|04:15] D:\Program Files\Keygoldsecure
[29/09/2008|19:48] D:\Program Files\Messenger
[01/06/2007|15:28] D:\Program Files\Microsoft ActiveSync
[12/12/2005|10:01] D:\Program Files\Microsoft AntiSpyware
[31/05/2007|21:10] D:\Program Files\Microsoft CAPICOM 2.1.0.2
[22/10/2005|16:30] D:\Program Files\microsoft frontpage
[12/11/2005|12:28] D:\Program Files\Microsoft Office
[25/12/2005|14:18] D:\Program Files\Movie Maker
[09/03/2009|12:51] D:\Program Files\Mozilla Firefox
[09/02/2009|18:19] D:\Program Files\MSN
[22/10/2005|16:20] D:\Program Files\MSN Gaming Zone
[25/12/2005|14:12] D:\Program Files\NetMeeting
[29/10/2005|13:24] D:\Program Files\Online Services
[13/06/2007|20:38] D:\Program Files\Outlook Express
[08/03/2009|16:49] D:\Program Files\PC Registry Cleaner
[02/08/2006|19:57] D:\Program Files\PCI Audio Applications
[17/11/2008|15:40] D:\Program Files\Perfect Uninstaller
[23/01/2007|22:13] D:\Program Files\QuickTime
[08/07/2006|18:19] D:\Program Files\Real
[07/03/2009|12:40] D:\Program Files\RegistryFix
[09/09/2008|17:23] D:\Program Files\Sonic Foundry
[22/05/2006|16:10] D:\Program Files\Sonic Foundry Setup
[09/09/2008|13:08] D:\Program Files\Sony
[07/03/2009|13:15] D:\Program Files\Spybot - Search & Destroy
[18/07/2008|06:45] D:\Program Files\Spyware Doctor
[18/11/2006|10:07] D:\Program Files\StompSoft
[09/03/2009|10:02] D:\Program Files\Trend Micro
[23/07/2006|07:07] D:\Program Files\TrueAssistant
[23/07/2006|07:07] D:\Program Files\TrueSwitch
[23/07/2006|07:07] D:\Program Files\TrueSwitchBTYahoo
[24/02/2006|16:06] D:\Program Files\Uninstall Information
[09/03/2009|12:37] D:\Program Files\VnrPack
[05/06/2007|12:27] D:\Program Files\WinAce
[25/05/2008|06:04] D:\Program Files\Winamp
[25/05/2008|07:33] D:\Program Files\Windows Live Toolbar
[16/08/2006|10:02] D:\Program Files\Windows Media Player
[08/03/2009|18:57] D:\Program Files\Windows NT
[09/12/2005|10:38] D:\Program Files\WindowsUpdate
[19/05/2008|12:30] D:\Program Files\WinRAR
[21/02/2007|22:35] D:\Program Files\WordBiz
[22/10/2005|16:30] D:\Program Files\xerox
[25/05/2008|07:30] D:\Program Files\Yahoo!

--------------------\\ Listing Folders in D:\Program Files\Common Files

[25/05/2008|06:02] D:\Program Files\Common Files\Adobe
[17/11/2008|15:49] D:\Program Files\Common Files\InstallShield
[09/03/2009|11:38] D:\Program Files\Common Files\iumk
[10/09/2008|05:42] D:\Program Files\Common Files\Jasc Software Inc
[09/01/2009|15:56] D:\Program Files\Common Files\Microsoft Shared
[13/04/2008|07:32] D:\Program Files\Common Files\Motive
[22/10/2005|16:23] D:\Program Files\Common Files\MSSoap
[22/10/2005|17:08] D:\Program Files\Common Files\ODBC
[19/05/2008|12:29] D:\Program Files\Common Files\Real
[31/05/2007|20:25] D:\Program Files\Common Files\Scanner
[22/10/2005|16:23] D:\Program Files\Common Files\Services
[22/10/2005|17:08] D:\Program Files\Common Files\SpeechEngines
[01/06/2007|15:24] D:\Program Files\Common Files\Symantec Shared
[13/06/2007|20:38] D:\Program Files\Common Files\System

--------------------\\ Process

( 30 Processes )

iexplore.exe ~ [PID:1676]

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

D:\DOCUME~1\CHRISA~1\Cookies\chris and lisa@lasvegascasino-web[2].txt
D:\DOCUME~1\CHRISA~1\Cookies\chris and lisa@888[1].txt
D:\DOCUME~1\CHRISA~1\Cookies\chris and lisa@888[2].txt

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-09 12:57:46
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 204

--------------------\\ Searching for other infections


No other infections found !

[F:9][D:1]-> D:\DOCUME~1\CHRISA~1\LOCALS~1\Temp
[F:61][D:0]-> D:\DOCUME~1\CHRISA~1\Cookies
[F:311][D:4]-> D:\DOCUME~1\CHRISA~1\LOCALS~1\TEMPOR~1\content.IE5

1 - "D:\Lop SD\LopR_1.txt" - 09/03/2009|12:32 - Option : [1]
2 - "D:\Lop SD\LopR_2.txt" - 09/03/2009|13:00 - Option : [1]

--------------------\\ Scan completed at 13:00:22

[jaydee97]

Please do NOT aatch logs if I don't specifically ask you to.

I'll paste them here for you.

Eek, sorry, thought it would be easier/tidier

[heir]

It's OK
Makes my work easier when they are pasted.

I'm a bit busy atm but I'll be back in a couple of hours.

[heir]

I can see that you've ran ComboFix.

Running powerful tools like that without supervision is not advised as you might severely cripple your computer.

Now that you've run it can you please post the content of the log from it. Do NOT run the tool again.

The log is located here C:\ComboFix.txt.

Please post the content of that log.

[jaydee97]

I can see that you've ran ComboFix.

Running powerful tools like that without supervision is not advised as you might severely cripple your computer.

Now that you've run it can you please post the content of the log from it. Do NOT run the tool again.

The log is located here C:\ComboFix.txt.

Please post the content of that log.

Sorry, that was my fault, I suggested he ran various from a list and that was one of them. Hopefully he'll still have the log...

I feel like I'm being told off again :-)

[jaydee97]

Thanks for your patience, here's the ComboFix log. I'm not entirely sure what recovery console is (sorry I pressed send before I'd finished typing, I'm not having a good day!). Anyway, just wanted to say that this pc is extremely limited on space and therefore the opportunity to create backups, etc. is limited.

ComboFix 09-03-06.02 - Chris and Lisa 2009-03-09 10:28:20.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.255.129 [GMT 0:00]
Running from: d:\documents and settings\Chris and Lisa\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

d:\documents and settings\Chris and Lisa\Application Data\02000000dd27d387548C.manifest
d:\documents and settings\Chris and Lisa\Application Data\02000000dd27d387548O.manifest
d:\documents and settings\Chris and Lisa\Application Data\02000000dd27d387548P.manifest
d:\documents and settings\Chris and Lisa\Application Data\02000000dd27d387548S.manifest
d:\documents and settings\Chris and Lisa\Local Settings\Temporary Internet Files\bestwiner.stt
d:\documents and settings\Chris and Lisa\Local Settings\Temporary Internet Files\fbk.sts
d:\windows\GnuHashes.ini

.
((((((((((((((((((((((((( Files Created from 2009-02-09 to 2009-03-09 )))))))))))))))))))))))))))))))
.

2009-03-09 10:38 . 2009-03-09 10:39 <DIR> d--hs---- d:\windows\system32\LocalService32
2009-03-09 10:38 . 2009-03-09 10:38 374,272 --ahs---- d:\windows\system32\1.tmp
2009-03-09 10:38 . 2009-03-09 10:38 1,430 --ahs---- d:\windows\system32\GroupPolicy000.dat
2009-03-09 10:02 . 2009-03-09 10:02 <DIR> d-------- d:\program files\Trend Micro
2009-03-08 17:40 . 2009-03-08 17:40 230 --a------ d:\windows\system32\spupdsvc.inf
2009-03-08 15:50 . 2009-03-08 16:49 <DIR> d-------- d:\program files\PC Registry Cleaner
2009-03-08 14:09 . 2009-03-08 14:09 <DIR> d----c--- d:\documents and settings\Chris and Lisa\Application Data\Malwarebytes
2009-03-08 14:08 . 2009-03-08 14:08 <DIR> d----c--- d:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-08 13:58 . 2009-03-08 14:31 <DIR> d----c--- d:\documents and settings\Chris and Lisa\Application Data\Twain
2009-03-08 13:51 . 2009-03-09 10:40 <DIR> d-------- d:\program files\Jcore
2009-03-07 12:55 . 2009-03-07 13:01 40,213 --a------ d:\windows\wininit.ini
2009-03-07 09:06 . 2009-03-07 13:15 <DIR> d-------- d:\program files\Spybot - Search & Destroy
2009-03-07 08:54 . 2009-03-07 08:54 513 --a------ d:\windows\Shortcut to LDC Theory Test 2006.lnk
2009-03-06 17:25 . 2009-03-06 17:25 <DIR> d-------- D:\Incomplete
2009-03-06 17:13 . 2009-03-06 17:13 147,456 --a------ d:\windows\system32\vbzip10.dll
2009-03-06 17:10 . 2009-03-06 17:10 <DIR> d-------- d:\documents and settings\Chris and Lisa\Application Data\nidle
2009-03-06 17:09 . 2009-03-06 17:10 <DIR> d-------- d:\windows\system32\ep2
2009-03-06 17:09 . 2009-03-06 17:09 <DIR> d-------- d:\windows\system32\aNI02
2009-03-06 16:30 . 2009-03-06 16:30 139,264 --a------ d:\windows\system32\d3drm32.dll
2009-03-06 15:57 . 2009-03-06 15:57 <DIR> d-------- d:\windows\Sun
2009-03-06 15:56 . 2009-03-06 15:55 410,984 --a------ d:\windows\system32\deploytk.dll
2009-03-06 15:55 . 2009-03-06 15:55 <DIR> d-------- d:\program files\Java
2009-03-06 14:55 . 2009-03-07 08:54 <DIR> d-------- D:\My Downloads
2009-02-22 12:19 . 2009-03-08 15:32 <DIR> d-------- d:\program files\Eusing Free Registry Cleaner

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-08 15:17 --------- dc--a-w d:\documents and settings\All Users\Application Data\TEMP
2009-03-07 13:12 --------- dc----w d:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-07 12:40 --------- d-----w d:\program files\RegistryFix
2009-02-28 18:44 --------- d--h--w d:\program files\InstallShield Installation Information
2007-01-17 16:06 1,115,728 -c--a-w d:\documents and settings\All Users\Application Data\pswi_preloaded.exe
2006-08-03 12:35 24,192 -c--a-w d:\documents and settings\Chris and Lisa\usbsermptxp.sys
2006-08-03 12:35 22,768 -c--a-w d:\documents and settings\Chris and Lisa\usbsermpt.sys
2001-11-23 04:08 712,704 -c--a-w d:\windows\inf\OTHER\AUDIO3D.DLL
2008-09-09 16:07 56 -csh--r d:\windows\system32\47B16A5C59.sys
2007-01-18 17:06 88 -csh--r d:\windows\system32\595C6AB147.sys
2008-09-09 16:07 5,852 -csha-w d:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D88E1558-7C2D-407A-953A-C044F5607CEA}]
2009-03-09 10:40 135168 --a------ d:\program files\Jcore\Jcore2.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="d:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"nidle"="d:\documents and settings\Chris and Lisa\Application Data\nidle\nidle.exe" [2009-03-06 56832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="d:\program files\QuickTime\qttask.exe" [2007-01-23 282624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\System32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\142e77eb548]
2009-03-06 16:30 139264 d:\windows\system32\d3drm32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /M:d03be8292

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"d:\\Program Files\\Messenger\\msmsgs.exe"=
"d:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58818:TCP"= 58818:TCP:*:Disabled:Pando P2P TCP Listening Port
"58818:UDP"= 58818:UDP:*:Disabled:Pando P2P UDP Listening Port
"59067:TCP"= 59067:TCP:*:Disabled:Pando P2P TCP Listening Port
"59067:UDP"= 59067:UDP:*:Disabled:Pando P2P UDP Listening Port
"58446:TCP"= 58446:TCP:*:Disabled:Pando P2P TCP Listening Port
"58446:UDP"= 58446:UDP:*:Disabled:Pando P2P UDP Listening Port
"59036:TCP"= 59036:TCP:*:Disabled:Pando P2P TCP Listening Port
"59036:UDP"= 59036:UDP:*:Disabled:Pando P2P UDP Listening Port

R3 G200;G200;d:\windows\system32\drivers\G200m.sys [2005-10-22 320384]
S0 szkg5;szkg;d:\windows\system32\DRIVERS\szkg.sys --> d:\windows\system32\DRIVERS\szkg.sys [?]
S3 KS-959;Kingsun KS-959 USB Infrared Adapter;d:\windows\system32\drivers\KS-959.sys [2006-08-11 19034]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Windows Live Search - d:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Open in new background tab - d:\program files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?ab609c13894c41bd84cf921c6791476e
IE: Open in new foreground tab - d:\program files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?ab609c13894c41bd84cf921c6791476e
Trusted Zone: v21net.co.uk\www
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
FF - ProfilePath - d:\documents and settings\Chris and Lisa\Application Data\Mozilla\Firefox\Profiles\h5bysufo.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-09 10:38:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


d:\windows\system32\LocalService32
d:\windows\system32\GroupPolicy000.dat 1430 bytes

scan completed successfully
hidden files: 2

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(556)
d:\windows\System32\d3drm32.dll
.
------------------------ Other Running Processes ------------------------
.
d:\windows\system32\PSIService.exe
d:\windows\system32\wdfmgr.exe
d:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-03-09 10:48:38 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-09 10:48:32

Pre-Run: 163,622,912 bytes free
Post-Run: 139,395,072 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

144 --- E O F --- 2009-02-25 09:26:26

Edited by jaydee97, 09 March 2009 - 11:23 AM.

[heir]

Let's start removing stuff then.

It looks as there has been different security programs installed and then removed. I want to remove some leftovers from those and we'll see if we can free up some space as it looks as there is no Antivirus software installed. One is needed to prevent getting reinfected.

Which Antivirus, Antispyware and firewall softwares and registry tools have been installed and removed?
From what I see these might have been installed.

AVG7
Spybot - Search & Destroy
SUPERAntiSpyware
!avast
Comodo
Spyware Doctor

There seems to have been a couple of registry Cleaners/registry tools also - Registry cleaner are of almost no benefit at all and should not be used.

Registry Cleaner
Eusing Free Registry Cleaner
RegistryFix


Step 1.
Filescan:

• Please go to VirSCAN.org FREE on-line scan service
• Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page:
  
  
  • D:\WINDOWS\System32\vbzip10.dll
• Click on the Upload button
• Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
• Paste the contents of the Clipboard in your next reply.

Step 2.
Uninstall unwanted software:

Please go to Start > Control Panel > Add/Remove Programs and remove the following:

Internet Speed Monitor

Step 3.
OTL2-fix:

Run OTListIt2.exe

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTLI
  PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
  PRC - D:\Documents and Settings\Chris and Lisa\Application Data\nidle\nidle.exe ()
  PRC - D:\Program Files\VnrPack\VnrPack26.exe ()
  PRC - D:\Program Files\Common Files\iumk\iumkm.exe ()
  PRC - D:\Program Files\Common Files\iumk\iumka.exe ()
  IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/cs/*http://uk.docs.yahoo.com/info/bt_side.html
  IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
  O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
  O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - Reg Error: Key error. File not found
  O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
  O4 - HKCU..\Run: [iumk] D:\PROGRA~1\COMMON~1\iumk\iumkm.exe ()
  O4 - HKCU..\Run: [nidle] "D:\Documents and Settings\Chris and Lisa\Application Data\nidle\nidle.exe" 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310 ()
  O4 - HKCU..\Run: [VnrPack26] "D:\Program Files\VnrPack\VnrPack26.exe" ()
  O15 - HKCU\..Trusted Domains: v21net.co.uk ([www] https in Trusted sites)
  O20 - Winlogon\Notify\142e77eb548: DllName - D:\WINDOWS\System32\d3drm32.dll - D:\WINDOWS\System32\d3drm32.dll ()
  [2009/03/09 11:35:43 | 00,127,578 | ---- | C] () -- D:\WINDOWS\System32\tsuninst.exe
  [2009/03/09 11:35:43 | 00,000,000 | ---D | C] -- D:\WINDOWS\iumk
  [2009/03/09 11:35:43 | 00,000,000 | ---D | C] -- D:\Program Files\Common Files\iumk
  [2009/03/09 11:35:28 | 00,000,000 | ---D | C] -- D:\Program Files\InetGet2
  [2009/03/09 11:10:00 | 00,000,000 | ---D | C] -- D:\Program Files\VnrPack
  [2009/03/09 11:10:00 | 00,000,000 | ---D | C] -- D:\Program Files\iCheck
  [2009/03/08 15:50:03 | 00,000,000 | ---D | C] -- D:\Program Files\PC Registry Cleaner
  [2009/03/06 17:10:13 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Chris and Lisa\Application Data\nidle
  [2009/03/06 17:09:58 | 00,000,000 | ---D | C] -- D:\WINDOWS\System32\ep2
  [2009/03/06 17:09:39 | 00,000,000 | ---D | C] -- D:\WINDOWS\System32\aNI02
  [2009/03/06 16:30:04 | 00,139,264 | ---- | C] () -- D:\WINDOWS\System32\d3drm32.dll
  [2009/02/22 12:19:15 | 00,000,000 | ---D | C] -- D:\Program Files\Eusing Free Registry Cleaner
  [2009/03/08 14:29:57 | 00,006,456 | -H-- | M] () -- D:\WINDOWS\System32\degugeyi
  [2009/03/07 17:15:30 | 00,084,992 | -HS- | M] () -- D:\WINDOWS\System32\hefihiru.dll
  [2009/03/07 17:15:30 | 00,079,872 | ---- | M] () -- D:\WINDOWS\System32\baguteja.dll
  [2009/03/07 05:15:22 | 00,084,992 | -HS- | M] () -- D:\WINDOWS\System32\fofugapi.dll
  [2009/03/06 17:15:04 | 00,084,992 | -HS- | M] () -- D:\WINDOWS\System32\damorume.dll
  [2009/03/06 17:13:23 | 00,147,456 | ---- | M] (Info-ZIP) -- D:\WINDOWS\System32\vbzip10.dll
  [2009/03/06 16:30:04 | 00,139,264 | ---- | M] () -- D:\WINDOWS\System32\d3drm32.dll
  :Files
  @D:\WINDOWS\yklhw.dat:pvvbms
  @D:\WINDOWS\bootstat.dat:blgzin
  @D:\WINDOWS\zplvp.txt:ynwvxs
  D:\WINDOWS\yklhw.dat
  D:\WINDOWS\zplvp.txt
  D:\DOCUME~1\CHRISA~1\APPLIC~1\nidle
  D:\Program Files\InetGet2
  D:\Program Files\VnrPack
  D:\Program Files\Common Files\iumk
  :Commands
  [purity]
  [emptytemp]
  [start explorer]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot when it is done
• Then post the OTL2 fixlog

Step 4.
OTL2-scan:

• Double click on OTListIt2.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Standard Output.
• Under the Custom Scans/Fixes box at the bottom left paste the following in
  
  D:\DOCUME~1\ALLUSE~1\APPLIC~1\Avg7\*.* /s
  D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\*.* /s
  D:\DOCUME~1\CHRISA~1\APPLIC~1\Registry Cleaner\*.* /s
  D:\DOCUME~1\CHRISA~1\APPLIC~1\SUPERAntiSpyware.com\*.* /s
  D:\Program Files\Alwil Software\*.* /s
  D:\Program Files\Comodo\*.* /s
  D:\Program Files\Eusing Free Registry Cleaner\*.* /s
  D:\Program Files\Grisoft\*.* /s
  D:\Program Files\Kaspersky Lab\*.* /s
  D:\Program Files\PC Registry Cleaner\*.* /s
  D:\Program Files\RegistryFix\*.* /s
  D:\Program Files\Spybot - Search & Destroy\*.* /s
  D:\Program Files\Spyware Doctor\*.* /s
  
  
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open a notepad window with OTListIt.Txt, that's saved in the same location as OTListIt2.
• Please copy (Edit->Select All, Edit->Copy) the content of the file and post it with your next reply.

Step 4.
Things I would like to see in your reply:

• Answer to my question in the beginning of this post
• The result from the filescan in step 1.
• The content of the OTL2 fixlog from step 3.
• The content of the OTListIt.txt from step 4.

[jaydee97]

I forgot how difficult it is to sort these things out from a distance:-)

Answer to first question - all those listed have been installed while trying to sort this problem out and have all since been uninstalled.

Step 1
a-squared 4.0.0.32 20090309180419 2009-03-09

-

2.295 AhnLab V3 2009.03.10.00 2009.03.10 2009-03-10

-

1.046 AntiVir 7.9.0.107 7.1.2.142 2009-03-09

-

1.935 Antiy 2.0.18 20090310.2213631 2009-03-10

-

0.120 Authentium 5.1.1 200903092111 2009-03-09

-

1.225 AVAST! 3.0.1 090309-0 2009-03-09

-

0.002 AVG 7.5.52.442 270.11.9/1992 2009-03-09

-

1.932 BitDefender 7.81008.2773804 7.24089 2009-03-10

-

2.538 CA (VET) 9.0.0.143 31.6.6388 2009-03-10

-

5.354 ClamAV 0.94.2 9083 2009-03-10

-

0.003 Comodo 3.8 1039 2009-03-09

-

0.500 CP Secure 1.1.0.715 2009.03.10 2009-03-10

-

7.238 Dr.Web 4.44.0.9170 2009.03.10 2009-03-10

-

4.167 F-Prot 4.4.4.56 20090309 2009-03-09

-

1.071 F-Secure 5.51.6100 2009.03.10.03 2009-03-10

-

4.793 Fortinet 2.81-3.117 10.139 2009-03-09

-

0.145 GData 19.3801/19.255 20090310 2009-03-10

-

3.671 Ikarus T3.1.01.45 2009.03.10.72406 2009-03-10

-

3.984 JiangMin 11.0.706 2009.03.10 2009-03-10

-

1.548 Kaspersky 5.5.10 2009.03.10 2009-03-10

-

0.022 KingSoft 2009.2.5.15 2009.3.10.14 2009-03-10

-

0.605 McAfee 5.3.00 5548 2009-03-09

-

2.713 Microsoft 1.4405 2009.03.10 2009-03-10

-

4.480 mks_vir 2.01 2009.03.09 2009-03-09

-

2.742 Norman 6.00.06 6.00.00 2009-03-06

-

8.010 nProtect 20090310.01 3306831 2009-03-10

-

3.892 Panda 9.05.01 2009.03.09 2009-03-09

-

1.772 Quick Heal 10.00 2009.03.09 2009-03-09

-

1.029 Rising 20.0 21.20.10.00 2009-03-10

-

0.245 Sophos 2.84.1 4.39 2009-03-10

-

2.062 Sunbelt 5033 5033 2009-03-09

-

0.530 Symantec 1.3.0.24 20090309.003 2009-03-09

-

0.203 The Hacker 6.3.2.7 v00278 2009-03-10

-

0.573 Trend Micro 8.700-1004 5.887.00 2009-03-09

-

0.020 VBA32 3.12.10.1 20090309.1748 2009-03-09

-

1.713 ViRobot 20090309 2009.03.09 2009-03-09

-

0.399 VirusBuster 4.5.11.10 10.102.4/969634 2009-03-09

-

1.194


Step 2 - done
Step 3 - Opened OTListIt2.exe and pasted the stuff where you said, then ran the programme but it goes for about 5 seconds and then its not responding and at the bottom it says -

Processing IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error File not found

File was not responding and neither was anything else, had to turn it off manually.

Thanks

[heir]

Ah I'll modify the fix do step 3. like this:

Step 3.
OTL2-fix:

Run OTListIt2.exe

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTLI
  PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
  PRC - D:\Documents and Settings\Chris and Lisa\Application Data\nidle\nidle.exe ()
  PRC - D:\Program Files\VnrPack\VnrPack26.exe ()
  PRC - D:\Program Files\Common Files\iumk\iumkm.exe ()
  PRC - D:\Program Files\Common Files\iumk\iumka.exe ()
  IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/cs/*http://uk.docs.yahoo.com/info/bt_side.html
  O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
  O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - Reg Error: Key error. File not found
  O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
  O4 - HKCU..\Run: [iumk] D:\PROGRA~1\COMMON~1\iumk\iumkm.exe ()
  O4 - HKCU..\Run: [nidle] "D:\Documents and Settings\Chris and Lisa\Application Data\nidle\nidle.exe" 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310 ()
  O4 - HKCU..\Run: [VnrPack26] "D:\Program Files\VnrPack\VnrPack26.exe" ()
  O15 - HKCU\..Trusted Domains: v21net.co.uk ([www] https in Trusted sites)
  O20 - Winlogon\Notify\142e77eb548: DllName - D:\WINDOWS\System32\d3drm32.dll - D:\WINDOWS\System32\d3drm32.dll ()
  [2009/03/09 11:35:43 | 00,127,578 | ---- | C] () -- D:\WINDOWS\System32\tsuninst.exe
  [2009/03/09 11:35:43 | 00,000,000 | ---D | C] -- D:\WINDOWS\iumk
  [2009/03/09 11:35:43 | 00,000,000 | ---D | C] -- D:\Program Files\Common Files\iumk
  [2009/03/09 11:35:28 | 00,000,000 | ---D | C] -- D:\Program Files\InetGet2
  [2009/03/09 11:10:00 | 00,000,000 | ---D | C] -- D:\Program Files\VnrPack
  [2009/03/09 11:10:00 | 00,000,000 | ---D | C] -- D:\Program Files\iCheck
  [2009/03/08 15:50:03 | 00,000,000 | ---D | C] -- D:\Program Files\PC Registry Cleaner
  [2009/03/06 17:10:13 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Chris and Lisa\Application Data\nidle
  [2009/03/06 17:09:58 | 00,000,000 | ---D | C] -- D:\WINDOWS\System32\ep2
  [2009/03/06 17:09:39 | 00,000,000 | ---D | C] -- D:\WINDOWS\System32\aNI02
  [2009/03/06 16:30:04 | 00,139,264 | ---- | C] () -- D:\WINDOWS\System32\d3drm32.dll
  [2009/02/22 12:19:15 | 00,000,000 | ---D | C] -- D:\Program Files\Eusing Free Registry Cleaner
  [2009/03/08 14:29:57 | 00,006,456 | -H-- | M] () -- D:\WINDOWS\System32\degugeyi
  [2009/03/07 17:15:30 | 00,084,992 | -HS- | M] () -- D:\WINDOWS\System32\hefihiru.dll
  [2009/03/07 17:15:30 | 00,079,872 | ---- | M] () -- D:\WINDOWS\System32\baguteja.dll
  [2009/03/07 05:15:22 | 00,084,992 | -HS- | M] () -- D:\WINDOWS\System32\fofugapi.dll
  [2009/03/06 17:15:04 | 00,084,992 | -HS- | M] () -- D:\WINDOWS\System32\damorume.dll
  [2009/03/06 17:13:23 | 00,147,456 | ---- | M] (Info-ZIP) -- D:\WINDOWS\System32\vbzip10.dll
  [2009/03/06 16:30:04 | 00,139,264 | ---- | M] () -- D:\WINDOWS\System32\d3drm32.dll
  :Files
  @D:\WINDOWS\yklhw.dat:pvvbms
  @D:\WINDOWS\bootstat.dat:blgzin
  @D:\WINDOWS\zplvp.txt:ynwvxs
  D:\WINDOWS\yklhw.dat
  D:\WINDOWS\zplvp.txt
  D:\DOCUME~1\CHRISA~1\APPLIC~1\nidle
  D:\Program Files\InetGet2
  D:\Program Files\VnrPack
  D:\Program Files\Common Files\iumk
  :Commands
  [purity]
  [emptytemp]
  [start explorer]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot when it is done
• Then post the OTL2 fixlog

Then please proceed with the rest of the steps.

Edited by heir, 10 March 2009 - 03:32 AM.

[jaydee97]

Results of Step 3
========== OTLISTIT ==========
Process explorer.exe killed successfully!
Process nidle.exe killed successfully!
No active process named VnrPack26.exe was found!
Process iumkm.exe killed successfully!
Process iumka.exe killed successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\CustomSearch| /E : value set successfully!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\iumk deleted successfully.
D:\Program Files\Common Files\iumk\iumkm.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\nidle deleted successfully.
D:\Documents and Settings\Chris and Lisa\Application Data\nidle\nidle.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\VnrPack26 not found.
D:\Program Files\VnrPack\VnrPack26.exe moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\v21net.co.uk\www\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\142e77eb548\ deleted successfully.
DllUnregisterServer procedure not found in D:\WINDOWS\System32\d3drm32.dll
D:\WINDOWS\System32\d3drm32.dll NOT unregistered.
D:\WINDOWS\System32\d3drm32.dll moved successfully.
D:\WINDOWS\System32\tsuninst.exe moved successfully.
Folder D:\WINDOWS\iumk not found.
Folder D:\Program Files\Common Files\iumk not found.
Folder D:\Program Files\InetGet2 not found.
Folder D:\Program Files\VnrPack not found.
Folder D:\Program Files\iCheck not found.
Folder D:\Program Files\PC Registry Cleaner not found.
Folder D:\Documents and Settings\Chris and Lisa\Application Data\nidle not found.
Folder D:\WINDOWS\System32\ep2 not found.
Folder D:\WINDOWS\System32\aNI02 not found.
File D:\WINDOWS\System32\d3drm32.dll not found.
Folder D:\Program Files\Eusing Free Registry Cleaner not found.
D:\WINDOWS\System32\degugeyi moved successfully.
DllUnregisterServer procedure not found in D:\WINDOWS\System32\hefihiru.dll
D:\WINDOWS\System32\hefihiru.dll NOT unregistered.
D:\WINDOWS\System32\hefihiru.dll moved successfully.
DllUnregisterServer procedure not found in D:\WINDOWS\System32\baguteja.dll
D:\WINDOWS\System32\baguteja.dll NOT unregistered.
D:\WINDOWS\System32\baguteja.dll moved successfully.
DllUnregisterServer procedure not found in D:\WINDOWS\System32\fofugapi.dll
D:\WINDOWS\System32\fofugapi.dll NOT unregistered.
D:\WINDOWS\System32\fofugapi.dll moved successfully.
DllUnregisterServer procedure not found in D:\WINDOWS\System32\damorume.dll
D:\WINDOWS\System32\damorume.dll NOT unregistered.
D:\WINDOWS\System32\damorume.dll moved successfully.
DllUnregisterServer procedure not found in D:\WINDOWS\System32\vbzip10.dll
D:\WINDOWS\System32\vbzip10.dll NOT unregistered.
D:\WINDOWS\System32\vbzip10.dll moved successfully.
DllUnregisterServer procedure not found in D:\WINDOWS\System32\d3drm32.dll
D:\WINDOWS\System32\d3drm32.dll NOT unregistered.
File move failed. D:\WINDOWS\System32\d3drm32.dll scheduled to be moved on reboot.
========== FILES ==========
ADS D:\WINDOWS\yklhw.dat:pvvbms deleted successfully.
ADS D:\WINDOWS\bootstat.dat:blgzin deleted successfully.
ADS D:\WINDOWS\zplvp.txt:ynwvxs deleted successfully.
D:\WINDOWS\yklhw.dat moved successfully.
D:\WINDOWS\zplvp.txt moved successfully.
D:\DOCUME~1\CHRISA~1\APPLIC~1\nidle moved successfully.
D:\Program Files\InetGet2 moved successfully.
D:\Program Files\VnrPack moved successfully.
D:\Program Files\Common Files\iumk\iumkd moved successfully.
D:\Program Files\Common Files\iumk moved successfully.
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTListIt2 by OldTimer - Version 2.0.3.5 log created on 03102009_123650

Files moved on Reboot...
DllUnregisterServer procedure not found in D:\WINDOWS\System32\d3drm32.dll
D:\WINDOWS\System32\d3drm32.dll NOT unregistered.
D:\WINDOWS\System32\d3drm32.dll moved successfully.

Registry entries deleted on Reboot...

and Step 4

OTListIt logfile created on: 10/03/2009 12:49:44 - Run 7
OTListIt2 by OldTimer - Version 2.0.3.5 Folder = D:\Documents and Settings\Chris and Lisa\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

255.48 Mb Total Physical Memory | 94.15 Mb Available Physical Memory | 36.85% Memory free
1.01 Gb Paging File | 0.91 Gb Available in Paging File | 89.70% Paging File free
Paging file location(s): D:\pagefile.sys 800 800;

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 7.82 Mb Total Space | 0.16 Mb Free Space | 2.00% Space Free | Partition Type: FAT
Drive D: | 7.86 Gb Total Space | 0.18 Gb Free Space | 2.25% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHRIS
Current User Name: Chris and Lisa
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\smss.exe
PRC - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\system32\csrss.exe
PRC - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\system32\winlogon.exe
PRC - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\system32\services.exe
PRC - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\system32\lsass.exe
PRC - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\system32\svchost.exe
PRC - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\system32\svchost.exe
PRC - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\svchost.exe
PRC - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\svchost.exe
PRC - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\Explorer.EXE
PRC - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\system32\spoolsv.exe
PRC - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\system32\PSIService.exe
PRC - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\system32\svchost.exe
PRC - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\system32\wdfmgr.exe
PRC - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\system32\wscntfy.exe
PRC - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\alg.exe
PRC - [File Corrupted - Detail Data unreadable] -- D:\Program Files\QuickTime\qttask.exe
PRC - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\system32\ctfmon.exe
PRC - [File Corrupted - Detail Data unreadable] -- D:\Documents and Settings\Chris and Lisa\Application Data\Twain\Twain.exe
PRC - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\system32\wuauclt.exe
PRC - [File Corrupted - Detail Data unreadable] -- D:\Documents and Settings\Chris and Lisa\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\system32\alrsvc.dll -- (Alerter [Disabled | Stopped])
SRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\alg.exe -- (ALG [On_Demand | Running])
SRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\appmgmts.dll -- (AppMgmt [On_Demand | Stopped])
SRV - File not found -- -- (aspnet_state [On_Demand | Stopped])
SRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\audiosrv.dll -- (AudioSrv [Auto | Running])
SRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\system32\qmgr.dll -- (BITS [On_Demand | Stopped])
SRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\browser.dll -- (Browser [On_Demand | Stopped])
SRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\system32\cisvc.exe -- (CiSvc [On_Demand | Stopped])
SRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\system32\clipsrv.exe -- (ClipSrv [Disabled | Stopped])
SRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\dllhost.exe -- (COMSysApp [On_Demand | Stopped])
SRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\cryptsvc.dll -- (CryptSvc [Auto | Running])
SRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\system32\rpcss.dll -- (DcomLaunch [Auto | Running])
SRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\dhcpcsvc.dll -- (Dhcp [Auto | Running])
SRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\dmadmin.exe -- (dmadmin [On_Demand | Stopped])
SRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\dmserver.dll -- (dmserver [Auto | Running])
SRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\dnsrslvr.dll -- (Dnscache [Auto | Running])
SRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\ersvc.dll -- (ERSvc [Auto | Running])
SRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\system32\services.exe -- (Eventlog [Auto | Running])
SRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\es.dll -- (EventSystem [On_Demand | Running])
SRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\shsvcs.dll -- (FastUserSwitchingCompatibility [On_Demand | Running])
SRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\hidserv.dll -- (HidServ [Auto | Running])
SRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\w3ssl.dll -- (HTTPFilter [On_Demand | Stopped])
SRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\system32\imapi.exe -- (ImapiService [On_Demand | Stopped])
SRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\irmon.dll -- (Irmon [Auto | Running])
SRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\srvsvc.dll -- (lanmanserver [Auto | Running])
SRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\wkssvc.dll -- (lanmanworkstation [Auto | Running])
SRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\lmhsvc.dll -- (LmHosts [On_Demand | Stopped])
SRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\msgsvc.dll -- (Messenger [Disabled | Stopped])
SRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\mnmsrvc.exe -- (mnmsrvc [On_Demand | Stopped])
SRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\msdtc.exe -- (MSDTC [On_Demand | Stopped])
SRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\system32\msiexec.exe -- (MSIServer [On_Demand | Stopped])
SRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\system32\netdde.exe -- (NetDDE [Disabled | Stopped])
SRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\system32\netdde.exe -- (NetDDEdsdm [Disabled | Stopped])
SRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\system32\lsass.exe -- (Netlogon [On_Demand | Stopped])
SRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\netman.dll -- (Netman [On_Demand | Running])
SRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\mswsock.dll -- (Nla [On_Demand | Running])
SRV - File not found -- -- (NMSAccessU [Auto | Stopped])
SRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\lsass.exe -- (NtLmSsp [On_Demand | Stopped])
SRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc [On_Demand | Stopped])
SRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\system32\services.exe -- (PlugPlay [Auto | Running])
SRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\system32\lsass.exe -- (PolicyAgent [On_Demand | Stopped])
SRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\system32\lsass.exe -- (ProtectedStorage [Auto | Running])
SRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing [Auto | Running])
SRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\rasauto.dll -- (RasAuto [On_Demand | Stopped])
SRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\rasmans.dll -- (RasMan [On_Demand | Running])
SRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\system32\sessmgr.exe -- (RDSessMgr [On_Demand | Stopped])
SRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\mprdim.dll -- (RemoteAccess [On_Demand | Stopped])
SRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\system32\regsvc.dll -- (RemoteRegistry [Auto | Running])
SRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\locator.exe -- (RpcLocator [On_Demand | Stopped])
SRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\rpcss.dll -- (RpcSs [Auto | Running])
SRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\rsvp.exe -- (RSVP [On_Demand | Stopped])
SRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\system32\lsass.exe -- (SamSs [Auto | Running])
SRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\SCardSvr.exe -- (SCardSvr [On_Demand | Stopped])
SRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\system32\schedsvc.dll -- (Schedule [Auto | Running])
SRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\seclogon.dll -- (seclogon [Auto | Running])
SRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\system32\sens.dll -- (SENS [Auto | Running])
SRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\ipnathlp.dll -- (SharedAccess [Auto | Running])
SRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\shsvcs.dll -- (ShellHWDetection [Auto | Running])
SRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\system32\spoolsv.exe -- (Spooler [Auto | Running])
SRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\srsvc.dll -- (srservice [Auto | Running])
SRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\ssdpsrv.dll -- (SSDPSRV [Disabled | Stopped])
SRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\system32\wiaservc.dll -- (stisvc [On_Demand | Stopped])
SRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\dllhost.exe -- (SwPrv [On_Demand | Stopped])
SRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\system32\smlogsvc.exe -- (SysmonLog [On_Demand | Stopped])
SRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\tapisrv.dll -- (TapiSrv [On_Demand | Running])
SRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\termsrv.dll -- (TermService [On_Demand | Running])
SRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\shsvcs.dll -- (Themes [Auto | Running])
SRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\tlntsvr.exe -- (TlntSvr [Disabled | Stopped])
SRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\system32\trkwks.dll -- (TrkWks [Auto | Running])
SRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running])
SRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\upnphost.dll -- (upnphost [On_Demand | Stopped])
SRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\ups.exe -- (UPS [On_Demand | Stopped])
SRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\vssvc.exe -- (VSS [On_Demand | Stopped])
SRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\system32\w32time.dll -- (W32Time [Auto | Running])
SRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\webclnt.dll -- (WebClient [On_Demand | Stopped])
SRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\system32\wbem\WMIsvc.dll -- (winmgmt [Auto | Running])
SRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\system32\MsPMSNSv.dll -- (WmdmPmSN [On_Demand | Stopped])
SRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\advapi32.dll -- (Wmi [On_Demand | Stopped])
SRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\wbem\wmiapsrv.exe -- (WmiApSrv [On_Demand | Stopped])
SRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\system32\wscsvc.dll -- (wscsvc [Auto | Running])
SRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\system32\wuauserv.dll -- (wuauserv [Auto | Running])
SRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\wzcsvc.dll -- (WZCSVC [Auto | Running])
SRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\xmlprov.dll -- (xmlprov [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\DRIVERS\ACPI.sys -- (ACPI [Boot | Running])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\drivers\acpiec.sys -- (ACPIEC [Disabled | Stopped])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\system32\drivers\aec.sys -- (aec [On_Demand | Stopped])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\drivers\afd.sys -- (AFD [System | Running])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\DRIVERS\agp440.sys -- (agp440 [Boot | Running])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\system32\DRIVERS\asyncmac.sys -- (AsyncMac [On_Demand | Stopped])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\DRIVERS\atapi.sys -- (atapi [Boot | Running])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\DRIVERS\atmarpc.sys -- (Atmarpc [On_Demand | Stopped])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\DRIVERS\audstub.sys -- (audstub [On_Demand | Running])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\drivers\beep.sys -- (Beep [System | Running])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k [Disabled | Stopped])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\drivers\cdaudio.sys -- (Cdaudio [System | Stopped])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\drivers\cdfs.sys -- (Cdfs [Disabled | Running])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\DRIVERS\cdrom.sys -- (Cdrom [System | Running])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\system32\drivers\cmaudio.sys -- (cmpci [On_Demand | Running])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\system32\drivers\cwcspud.sys -- (cwcspud [On_Demand | Running])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\system32\drivers\cwcwdm.sys -- (cwcwdm [On_Demand | Running])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\DRIVERS\disk.sys -- (Disk [Boot | Running])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\drivers\dmboot.sys -- (dmboot [Disabled | Stopped])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\drivers\dmio.sys -- (dmio [Boot | Running])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\drivers\dmload.sys -- (dmload [Boot | Running])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\system32\drivers\DMusic.sys -- (DMusic [On_Demand | Stopped])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\system32\drivers\drmkaud.sys -- (drmkaud [On_Demand | Stopped])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Stopped])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\drivers\fastfat.sys -- (Fastfat [Disabled | Running])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\DRIVERS\fdc.sys -- (Fdc [On_Demand | Running])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\drivers\fips.sys -- (Fips [System | Running])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\DRIVERS\flpydisk.sys -- (Flpydisk [On_Demand | Running])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\system32\drivers\fltmgr.sys -- (FltMgr [Boot | Running])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\DRIVERS\ftdisk.sys -- (Ftdisk [Boot | Running])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\DRIVERS\G200m.sys -- (G200 [On_Demand | Running])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\DRIVERS\gameenum.sys -- (gameenum [On_Demand | Running])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\DRIVERS\msgpc.sys -- (Gpc [On_Demand | Running])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\system32\DRIVERS\hidusb.sys -- (HidUsb [On_Demand | Stopped])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\Drivers\HTTP.sys -- (HTTP [On_Demand | Stopped])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\DRIVERS\i8042prt.sys -- (i8042prt [System | Running])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\DRIVERS\imapi.sys -- (Imapi [System | Running])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\DRIVERS\intelide.sys -- (IntelIde [Boot | Running])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\system32\drivers\ip6fw.sys -- (ip6fw [On_Demand | Stopped])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\DRIVERS\ipfltdrv.sys -- (IpFilterDriver [On_Demand | Stopped])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\DRIVERS\ipinip.sys -- (IpInIp [On_Demand | Stopped])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\DRIVERS\ipnat.sys -- (IpNat [On_Demand | Running])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\DRIVERS\ipsec.sys -- (IPSec [System | Running])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\system32\DRIVERS\irda.sys -- (irda [Auto | Running])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\DRIVERS\irenum.sys -- (IRENUM [On_Demand | Stopped])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\DRIVERS\isapnp.sys -- (isapnp [Boot | Running])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\DRIVERS\kbdclass.sys -- (Kbdclass [System | Running])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\system32\DRIVERS\kbdhid.sys -- (kbdhid [System | Stopped])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\system32\drivers\kmixer.sys -- (kmixer [On_Demand | Running])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\system32\DRIVERS\KS-959.sys -- (KS-959 [On_Demand | Stopped])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\drivers\ksecdd.sys -- (KSecDD [Boot | Running])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\drivers\mnmdd.sys -- (mnmdd [System | Running])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\drivers\modem.sys -- (Modem [On_Demand | Stopped])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Stopped])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\DRIVERS\mouclass.sys -- (Mouclass [System | Running])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\DRIVERS\mouhid.sys -- (mouhid [On_Demand | Stopped])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\drivers\mountmgr.sys -- (MountMgr [Boot | Running])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\DRIVERS\mrxdav.sys -- (MRxDAV [On_Demand | Stopped])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\DRIVERS\mrxsmb.sys -- (MRxSmb [System | Running])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\drivers\msfs.sys -- (Msfs [System | Running])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\system32\drivers\MSKSSRV.sys -- (MSKSSRV [On_Demand | Stopped])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\system32\drivers\MSPCLOCK.sys -- (MSPCLOCK [On_Demand | Stopped])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\system32\drivers\MSPQM.sys -- (MSPQM [On_Demand | Stopped])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\DRIVERS\mssmbios.sys -- (mssmbios [On_Demand | Running])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\drivers\mup.sys -- (Mup [Boot | Running])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\drivers\ndis.sys -- (NDIS [Boot | Running])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\DRIVERS\ndistapi.sys -- (NdisTapi [On_Demand | Running])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\DRIVERS\ndisuio.sys -- (Ndisuio [On_Demand | Running])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\DRIVERS\ndiswan.sys -- (NdisWan [On_Demand | Running])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\drivers\ndproxy.sys -- (NDProxy [On_Demand | Running])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\DRIVERS\netbios.sys -- (NetBIOS [System | Running])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\DRIVERS\netbt.sys -- (NetBT [System | Running])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\drivers\npfs.sys -- (Npfs [System | Running])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\drivers\ntfs.sys -- (Ntfs [Disabled | Running])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\drivers\null.sys -- (Null [System | Running])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt [On_Demand | Stopped])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd [On_Demand | Stopped])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\DRIVERS\parport.sys -- (Parport [On_Demand | Running])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\drivers\partmgr.sys -- (PartMgr [Boot | Running])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\drivers\parvdm.sys -- (ParVdm [Auto | Running])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\DRIVERS\pci.sys -- (PCI [Boot | Running])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\drivers\pcmcia.sys -- (Pcmcia [Disabled | Stopped])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\DRIVERS\raspptp.sys -- (PptpMiniport [On_Demand | Running])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\DRIVERS\processr.sys -- (Processor [System | Running])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\DRIVERS\psched.sys -- (PSched [On_Demand | Running])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\DRIVERS\rasacd.sys -- (RasAcd [System | Running])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\DRIVERS\rasirda.sys -- (Rasirda [On_Demand | Running])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\DRIVERS\rasl2tp.sys -- (Rasl2tp [On_Demand | Running])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\DRIVERS\raspppoe.sys -- (RasPppoe [On_Demand | Running])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\DRIVERS\raspti.sys -- (Raspti [On_Demand | Running])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\DRIVERS\rdbss.sys -- (Rdbss [System | Running])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\DRIVERS\RDPCDD.sys -- (RDPCDD [System | Running])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\DRIVERS\rdpdr.sys -- (rdpdr [On_Demand | Running])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\drivers\rdpwd.sys -- (RDPWD [On_Demand | Stopped])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\DRIVERS\redbook.sys -- (redbook [System | Running])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\Drivers\RootMdm.sys -- (ROOTMODEM [On_Demand | Stopped])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\system32\DRIVERS\R8139n51.SYS -- (rtl8139 [On_Demand | Running])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\DRIVERS\serenum.sys -- (serenum [On_Demand | Running])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\DRIVERS\serial.sys -- (Serial [System | Running])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\DRIVERS\sfloppy.sys -- (Sfloppy [On_Demand | Stopped])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\system32\drivers\splitter.sys -- (splitter [On_Demand | Stopped])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\DRIVERS\sr.sys -- (sr [Boot | Running])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\DRIVERS\srv.sys -- (Srv [On_Demand | Running])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\DRIVERS\swenum.sys -- (swenum [On_Demand | Running])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\system32\drivers\swmidi.sys -- (swmidi [On_Demand | Stopped])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\system32\drivers\sysaudio.sys -- (sysaudio [On_Demand | Running])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\DRIVERS\tcpip.sys -- (Tcpip [System | Running])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\drivers\tdpipe.sys -- (TDPIPE [On_Demand | Stopped])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\drivers\tdtcp.sys -- (TDTCP [On_Demand | Stopped])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\DRIVERS\termdd.sys -- (TermDD [System | Running])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\drivers\udfs.sys -- (Udfs [Disabled | Stopped])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\DRIVERS\update.sys -- (Update [On_Demand | Running])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\DRIVERS\usbccgp.sys -- (usbccgp [On_Demand | Stopped])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\DRIVERS\usbhub.sys -- (usbhub [On_Demand | Running])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\DRIVERS\usbprint.sys -- (usbprint [On_Demand | Stopped])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\DRIVERS\usbscan.sys -- (usbscan [On_Demand | Stopped])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\system32\DRIVERS\usbsermpt.sys -- (usbsermpt [On_Demand | Stopped])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\DRIVERS\USBSTOR.SYS -- (USBSTOR [On_Demand | Stopped])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\DRIVERS\usbuhci.sys -- (usbuhci [On_Demand | Running])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\system32\DRIVERS\usb8023.sys -- (USB_RNDIS [On_Demand | Stopped])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\drivers\vga.sys -- (VgaSave [System | Running])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\drivers\volsnap.sys -- (VolSnap [Boot | Running])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\DRIVERS\wanarp.sys -- (Wanarp [On_Demand | Running])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\system32\DRIVERS\wceusbsh.sys -- (wceusbsh [On_Demand | Stopped])
DRV - [File Corrupted - Detail Data unreadable] -- D:\WINDOWS\system32\drivers\wdmaud.sys -- (wdmaud [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = D:\WINDOWS\SYSTEM32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - URLSearchHook: {4E2F75EB-16A7-E1F0-7101-153AF1C38B99} - Reg Error: Key error. File not found

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.co.uk/
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - presf.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.7
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Components -> %ProgramFiles%\MOZILLA FIREFOX\COMPONENTS [D:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2009/03/09 19:57:03 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Plugins -> %ProgramFiles%\MOZILLA FIREFOX\PLUGINS [D:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2009/03/08 16:51:28 00,000,000 | ---D | M]
FF - D:\Documents and Settings\Chris and Lisa\Application Data\mozilla\Extensions [2009/03/08 16:51:49 00,000,000 | ---D | M]
FF - D:\Documents and Settings\Chris and Lisa\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009/03/08 16:51:49 00,000,000 | ---D | M]
FF - D:\Documents and Settings\Chris and Lisa\Application Data\mozilla\Extensions\[email protected] [2009/03/06 15:59:39 00,000,000 | ---D | M]
FF - D:\Documents and Settings\Chris and Lisa\Application Data\mozilla\Firefox\Profiles\h5bysufo.default\extensions [2007/04/10 18:42:55 00,000,000 | ---D | M]
FF - D:\Program Files\mozilla firefox\extensions [2009/03/08 16:51:52 00,000,000 | ---D | M]
FF - D:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009/03/08 16:51:28 00,000,000 | ---D | M]

O1 HOSTS File: (27 bytes) - D:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll [File Corrupted - Detail Data unreadable]
O2 - BHO: (Jcore class) - {D88E1558-7C2D-407A-953A-C044F5607CEA} - D:\Program Files\Jcore\Jcore2.dll [File Corrupted - Detail Data unreadable]
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll [File Corrupted - Detail Data unreadable]
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll [File Corrupted - Detail Data unreadable]
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - D:\WINDOWS\System32\browseui.dll [File Corrupted - Detail Data unreadable]
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - D:\WINDOWS\system32\SHELL32.dll [File Corrupted - Detail Data unreadable]
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - D:\WINDOWS\System32\browseui.dll [File Corrupted - Detail Data unreadable]
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - D:\WINDOWS\system32\SHELL32.dll [File Corrupted - Detail Data unreadable]
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll [File Corrupted - Detail Data unreadable]
O4 - HKLM..\Run: [CPM171d44d8] Rundll32.exe "D:\WINDOWS\System32\hefihiru.dll",a File not found
O4 - HKLM..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime [File Corrupted - Detail Data unreadable]
O4 - HKCU..\Run: [A00F3E98E.exe] D:\DOCUME~1\CHRISA~1\LOCALS~1\Temp\_A00F3E98E.exe [File Corrupted - Detail Data unreadable]
O4 - HKCU..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe [File Corrupted - Detail Data unreadable]
O4 - HKCU..\Run: [Twain] D:\Documents and Settings\Chris and Lisa\Application Data\Twain\Twain.exe [File Corrupted - Detail Data unreadable]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Windows Live Search - res://D:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Open in new background tab - res://D:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?ab609c13894c41bd84cf921c6791476e
O8 - Extra context menu item: Open in new foreground tab - res://D:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?ab609c13894c41bd84cf921c6791476e
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe [File Corrupted - Detail Data unreadable]
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe [File Corrupted - Detail Data unreadable]
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe [File Corrupted - Detail Data unreadable]
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [Tcpip] - D:\WINDOWS\System32\mswsock.dll [File Corrupted - Detail Data unreadable]
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [NTDS] - D:\WINDOWS\System32\winrnr.dll [File Corrupted - Detail Data unreadable]
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [Network Location Awareness (NLA) Namespace] - D:\WINDOWS\System32\mswsock.dll [File Corrupted - Detail Data unreadable]
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - D:\WINDOWS\system32\mswsock.dll [File Corrupted - Detail Data unreadable]
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - D:\WINDOWS\system32\mswsock.dll [File Corrupted - Detail Data unreadable]
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - D:\WINDOWS\system32\mswsock.dll [File Corrupted - Detail Data unreadable]
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - D:\WINDOWS\system32\mswsock.dll [File Corrupted - Detail Data unreadable]
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - D:\WINDOWS\system32\mswsock.dll [File Corrupted - Detail Data unreadable]
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - D:\WINDOWS\system32\mswsock.dll [File Corrupted - Detail Data unreadable]
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - D:\WINDOWS\system32\mswsock.dll [File Corrupted - Detail Data unreadable]
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - D:\WINDOWS\system32\mswsock.dll [File Corrupted - Detail Data unreadable]
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - D:\WINDOWS\system32\mswsock.dll [File Corrupted - Detail Data unreadable]
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - D:\WINDOWS\system32\mswsock.dll [File Corrupted - Detail Data unreadable]
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - D:\WINDOWS\system32\mswsock.dll [File Corrupted - Detail Data unreadable]
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - D:\WINDOWS\system32\mswsock.dll [File Corrupted - Detail Data unreadable]
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - D:\WINDOWS\system32\mswsock.dll [File Corrupted - Detail Data unreadable]
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - D:\WINDOWS\system32\mswsock.dll [File Corrupted - Detail Data unreadable]
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - D:\WINDOWS\system32\mswsock.dll [File Corrupted - Detail Data unreadable]
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - D:\WINDOWS\system32\mswsock.dll [File Corrupted - Detail Data unreadable]
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - D:\WINDOWS\system32\mswsock.dll [File Corrupted - Detail Data unreadable]
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - D:\WINDOWS\system32\mswsock.dll [File Corrupted - Detail Data unreadable]
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - D:\WINDOWS\system32\mswsock.dll [File Corrupted - Detail Data unreadable]
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - D:\WINDOWS\system32\mswsock.dll [File Corrupted - Detail Data unreadable]
O12 - Plugin for: .spop - D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll [File Corrupted - Detail Data unreadable]
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 23 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5)
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} http://www.bebo.com/...oader.5.1.4.cab (Bebo Uploader Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} http://help.broadban...tivePreQual.cab (PreQualifier Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java (Reg Error: Key error.)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINDOWS\System32\mshtml.dll [File Corrupted - Detail Data unreadable]
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - D:\WINDOWS\system32\urlmon.dll [File Corrupted - Detail Data unreadable]
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - D:\WINDOWS\system32\msvidctl.dll [File Corrupted - Detail Data unreadable]
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - D:\WINDOWS\system32\urlmon.dll [File Corrupted - Detail Data unreadable]
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - D:\WINDOWS\system32\urlmon.dll [File Corrupted - Detail Data unreadable]
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - D:\WINDOWS\system32\urlmon.dll [File Corrupted - Detail Data unreadable]
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - D:\WINDOWS\system32\urlmon.dll [File Corrupted - Detail Data unreadable]
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\OLE DB\msdaipp.dll [File Corrupted - Detail Data unreadable]
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\OLE DB\msdaipp.dll [File Corrupted - Detail Data unreadable]
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - D:\WINDOWS\system32\urlmon.dll [File Corrupted - Detail Data unreadable]
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\OLE DB\msdaipp.dll [File Corrupted - Detail Data unreadable]
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\OLE DB\msdaipp.dll [File Corrupted - Detail Data unreadable]
O18 - Protocol\Handler\ipp Reg Error: Value error. - Reg Error: Key error. File not found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\OLE DB\msdaipp.dll [File Corrupted - Detail Data unreadable]
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - D:\WINDOWS\System32\itss.dll [File Corrupted - Detail Data unreadable]
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINDOWS\System32\mshtml.dll [File Corrupted - Detail Data unreadable]
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - D:\WINDOWS\system32\urlmon.dll [File Corrupted - Detail Data unreadable]
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINDOWS\System32\mshtml.dll [File Corrupted - Detail Data unreadable]
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - D:\WINDOWS\System32\inetcomm.dll [File Corrupted - Detail Data unreadable]
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - D:\WINDOWS\system32\urlmon.dll [File Corrupted - Detail Data unreadable]
O18 - Protocol\Handler\msdaipp Reg Error: Value error. - Reg Error: Key error. File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\OLE DB\msdaipp.dll [File Corrupted - Detail Data unreadable]
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\OLE DB\msdaipp.dll [File Corrupted - Detail Data unreadable]
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - D:\WINDOWS\System32\itss.dll [File Corrupted - Detail Data unreadable]
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINDOWS\System32\mshtml.dll [File Corrupted - Detail Data unreadable]
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - D:\WINDOWS\System32\mshtml.dll [File Corrupted - Detail Data unreadable]
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - D:\WINDOWS\system32\msvidctl.dll [File Corrupted - Detail Data unreadable]
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINDOWS\System32\mshtml.dll [File Corrupted - Detail Data unreadable]
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - D:\WINDOWS\System32\wiascr.dll [File Corrupted - Detail Data unreadable]
O18 - Protocol\Filter: - application/octet-stream - D:\WINDOWS\system32\mscoree.dll [File Corrupted - Detail Data unreadable]
O18 - Protocol\Filter: - application/x-complus - D:\WINDOWS\system32\mscoree.dll [File Corrupted - Detail Data unreadable]
O18 - Protocol\Filter: - application/x-msdownload - D:\WINDOWS\system32\mscoree.dll [File Corrupted - Detail Data unreadable]
O18 - Protocol\Filter: - Class Install Handler - D:\WINDOWS\system32\urlmon.dll [File Corrupted - Detail Data unreadable]
O18 - Protocol\Filter: - deflate - D:\WINDOWS\system32\urlmon.dll [File Corrupted - Detail Data unreadable]
O18 - Protocol\Filter: - gzip - D:\WINDOWS\system32\urlmon.dll [File Corrupted - Detail Data unreadable]
O18 - Protocol\Filter: - lzdhtml - D:\WINDOWS\system32\urlmon.dll [File Corrupted - Detail Data unreadable]
O18 - Protocol\Filter: - text/webviewhtml - D:\WINDOWS\system32\SHELL32.dll [File Corrupted - Detail Data unreadable]
O20 - AppInit_DLLs: (d:\windows\system32\hefihiru.dll) - d:\windows\system32\hefihiru.dll File not found
O20 - AppInit_DLLs: (D:\WINDOWS\System32\d3drm32.dll) - D:\WINDOWS\System32\d3drm32.dll [File Corrupted - Detail Data unreadable]
O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\Explorer.exe [File Corrupted - Detail Data unreadable]
O20 - HKLM Winlogon: UserInit - (D:\WINDOWS\system32\userinit.exe) - D:\WINDOWS\system32\userinit.exe [File Corrupted - Detail Data unreadable]
O20 - HKLM Winlogon: UIHost - (logonui.exe) - D:\WINDOWS\system32\logonui.exe [File Corrupted - Detail Data unreadable]
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - D:\WINDOWS\System32\shell32.dll [File Corrupted - Detail Data unreadable]
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - D:\WINDOWS\system32\sysdm.cpl [File Corrupted - Detail Data unreadable]
O20 - Winlogon\Notify\__c0060B90: DllName - D:\WINDOWS\system32\__c0060B90.dat - D:\WINDOWS\system32\__c0060B90.dat [File Corrupted - Detail Data unreadable]
O20 - Winlogon\Notify\142e77eb548: DllName - D:\WINDOWS\System32\d3drm32.dll - D:\WINDOWS\System32\d3drm32.dll [File Corrupted - Detail Data unreadable]
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - D:\WINDOWS\system32\crypt32.dll [File Corrupted - Detail Data unreadable]
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - D:\WINDOWS\system32\cryptnet.dll [File Corrupted - Detail Data unreadable]
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - D:\WINDOWS\system32\cscdll.dll [File Corrupted - Detail Data unreadable]
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - D:\WINDOWS\system32\wlnotify.dll [File Corrupted - Detail Data unreadable]
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - D:\WINDOWS\system32\wlnotify.dll [File Corrupted - Detail Data unreadable]
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - D:\WINDOWS\system32\sclgntfy.dll [File Corrupted - Detail Data unreadable]
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - D:\WINDOWS\system32\WlNotify.dll [File Corrupted - Detail Data unreadable]
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - D:\WINDOWS\system32\wlnotify.dll [File Corrupted - Detail Data unreadable]
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - D:\WINDOWS\system32\WgaLogon.dll [File Corrupted - Detail Data unreadable]
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - D:\WINDOWS\system32\wlnotify.dll [File Corrupted - Detail Data unreadable]
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - D:\WINDOWS\system32\SHELL32.dll [File Corrupted - Detail Data unreadable]
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - D:\WINDOWS\system32\SHELL32.dll [File Corrupted - Detail Data unreadable]
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - d:\windows\system32\hefihiru.dll File not found
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - D:\WINDOWS\system32\stobject.dll [File Corrupted - Detail Data unreadable]
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - D:\WINDOWS\System32\webcheck.dll [File Corrupted - Detail Data unreadable]
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - D:\WINDOWS\System32\browseui.dll [File Corrupted - Detail Data unreadable]
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - D:\WINDOWS\System32\browseui.dll [File Corrupted - Detail Data unreadable]
O22 - SharedTaskScheduler: {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - STS - d:\windows\system32\hefihiru.dll File not found
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O27 - HKLM IFEO\Your Image File Name Here without a path: Debugger - D:\WINDOWS\System32\ntsd.exe [File Corrupted - Detail Data unreadable]
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - D:\WINDOWS\system32\shell32.dll [File Corrupted - Detail Data unreadable]
O29 - HKLM SecurityProviders - (msapsspc.dll) - D:\WINDOWS\system32\msapsspc.dll [File Corrupted - Detail Data unreadable]
O29 - HKLM SecurityProviders - ( schannel.dll) - D:\WINDOWS\system32\schannel.dll [File Corrupted - Detail Data unreadable]
O29 - HKLM SecurityProviders - ( digest.dll) - D:\WINDOWS\system32\digest.dll [File Corrupted - Detail Data unreadable]
O29 - HKLM SecurityProviders - ( msnsspc.dll) - D:\WINDOWS\system32\msnsspc.dll [File Corrupted - Detail Data unreadable]
O30 - LSA: Authentication Packages - (msv1_0) - D:\WINDOWS\System32\msv1_0.dll [File Corrupted - Detail Data unreadable]
O30 - LSA: Security Packages - (kerberos) - D:\WINDOWS\System32\kerberos.dll [File Corrupted - Detail Data unreadable]
O30 - LSA: Security Packages - (msv1_0) - D:\WINDOWS\System32\msv1_0.dll [File Corrupted - Detail Data unreadable]
O30 - LSA: Security Packages - (schannel) - D:\WINDOWS\System32\schannel.dll [File Corrupted - Detail Data unreadable]
O30 - LSA: Security Packages - (wdigest) - D:\WINDOWS\System32\wdigest.dll [File Corrupted - Detail Data unreadable]
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [File Corrupted - Detail Data unreadable] - C:\AUTOEXEC.BAT -- [ FAT ]

========== Files/Folders - Created Within 30 Days ==========

[1 D:\WINDOWS\System32\*.tmp files]
[File Corrupted - Detail Data unreadable] -- D:\WINDOWS\zip.exe
[File Corrupted - Detail Data unreadable] -- D:\WINDOWS\wininit.ini
[File Corrupted - Detail Data unreadable] -- D:\WINDOWS\VFIND.exe
[File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\spupdsvc.inf
[File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\GroupPolicy000.dat
[File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\deploytk.dll
[File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\d3drm32.dll
[File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\__c0060B90.dat
[File Corrupted - Detail Data unreadable] -- D:\WINDOWS\SWXCACLS.exe
[File Corrupted - Detail Data unreadable] -- D:\WINDOWS\SWSC.exe
[File Corrupted - Detail Data unreadable] -- D:\WINDOWS\SWREG.exe
[File Corrupted - Detail Data unreadable] -- D:\WINDOWS\Shortcut to LDC Theory Test 2006.lnk
[File Corrupted - Detail Data unreadable] -- D:\WINDOWS\sed.exe
[File Corrupted - Detail Data unreadable] -- D:\WINDOWS\NIRCMD.exe
[File Corrupted - Detail Data unreadable] -- D:\WINDOWS\grep.exe
[File Corrupted - Detail Data unreadable] -- D:\WINDOWS\GnuHashes.ini
[File Corrupted - Detail Data unreadable] -- D:\WINDOWS\fdsv.exe
[File Corrupted - Detail Data unreadable] -- D:\Documents and Settings\Chris and Lisa\Desktop\OTListIt2.exe
[File Corrupted - Detail Data unreadable] -- D:\Documents and Settings\Chris and Lisa\Desktop\LopSD.exe
[File Corrupted - Detail Data unreadable] -- D:\Documents and Settings\Chris and Lisa\Application Data\02000000dd27d387548S.manifest
[File Corrupted - Detail Data unreadable] -- D:\Documents and Settings\Chris and Lisa\Application Data\02000000dd27d387548P.manifest
[File Corrupted - Detail Data unreadable] -- D:\Documents and Settings\Chris and Lisa\Application Data\02000000dd27d387548O.manifest
[File Corrupted - Detail Data unreadable] -- D:\Documents and Settings\Chris and Lisa\Application Data\02000000dd27d387548C.manifest
[File Corrupted - Detail Data unreadable] -- D:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/03/10 08:04:41 | 00,000,000 | ---D | C] -- D:\_OTListIt
[2009/03/09 12:23:12 | 00,000,000 | ---D | C] -- D:\Lop SD
[2009/03/09 11:35:43 | 00,000,000 | ---D | C] -- D:\WINDOWS\iumk
[2009/03/09 10:54:30 | 00,000,000 | -HSD | C] -- D:\RECYCLER
[2009/03/09 10:48:53 | 00,000,000 | ---D | C] -- D:\WINDOWS\temp
[2009/03/09 10:38:55 | 00,000,000 | -HSD | C] -- D:\WINDOWS\System32\LocalService32
[2009/03/09 10:23:25 | 00,000,000 | ---D | C] -- D:\Qoobox
[2009/03/09 10:23:05 | 00,000,000 | ---D | C] -- D:\32788R22FWJFW
[2009/03/09 10:02:19 | 00,000,000 | ---D | C] -- D:\Program Files\Trend Micro
[2009/03/08 16:51:26 | 00,000,000 | ---D | C] -- D:\Program Files\Mozilla Firefox
[2009/03/08 15:50:03 | 00,000,000 | ---D | C] -- D:\Program Files\PC Registry Cleaner
[2009/03/08 14:09:18 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Chris and Lisa\Application Data\Malwarebytes
[2009/03/08 14:08:55 | 00,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/03/08 13:58:30 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Chris and Lisa\Application Data\Twain
[2009/03/08 13:51:29 | 00,000,000 | ---D | C] -- D:\Program Files\Jcore
[2009/03/08 13:08:58 | 00,000,000 | ---D | C] -- D:\WINDOWS\ERDNT
[2009/03/07 09:06:51 | 00,000,000 | ---D | C] -- D:\Program Files\Spybot - Search & Destroy
[2009/03/06 17:25:21 | 00,000,000 | ---D | C] -- D:\Incomplete
[2009/03/06 17:09:58 | 00,000,000 | ---D | C] -- D:\WINDOWS\System32\ep2
[2009/03/06 17:09:39 | 00,000,000 | ---D | C] -- D:\WINDOWS\System32\aNI02
[2009/03/06 15:57:16 | 00,000,000 | ---D | C] -- D:\WINDOWS\Sun
[2009/03/06 15:55:28 | 00,000,000 | ---D | C] -- D:\Program Files\Java
[2009/03/06 14:55:22 | 00,000,000 | ---D | C] -- D:\My Downloads
[2009/02/22 12:19:15 | 00,000,000 | ---D | C] -- D:\Program Files\Eusing Free Registry Cleaner
[2009/02/09 18:19:08 | 00,000,000 | ---D | C] -- D:\Program Files\MSN

========== Files - Modified Within 30 Days ==========

[1 D:\WINDOWS\System32\drivers\*.tmp files]
[1 D:\WINDOWS\System32\*.tmp files]
[File Corrupted - Detail Data unreadable] -- D:\WINDOWS\wininit.ini
[File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\wpa.dbl
[File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\spupdsvc.inf
[File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\PerfStringBackup.INI
[File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\perfh009.dat
[File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\perfc009.dat
[File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\GroupPolicy000.dat
[File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\FNTCACHE.DAT
[File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\drivers\etc\hosts
[File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\deploytk.dll
[File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\d3drm32.dll
[File Corrupted - Detail Data unreadable] -- D:\WINDOWS\System32\d3d9caps.dat
[File Corrupted - Detail Data unreadable] -- D:\WINDOWS\system.ini
[File Corrupted - Detail Data unreadable] -- D:\WINDOWS\Shortcut to LDC Theory Test 2006.lnk
[File Corrupted - Detail Data unreadable] -- D:\WINDOWS\imsins.BAK
[File Corrupted - Detail Data unreadable] -- D:\WINDOWS\GnuHashes.ini
[File Corrupted - Detail Data unreadable] -- D:\WINDOWS\bootstat.dat
[2009/03/10 12:51:00 | 00,005,518 | -HS- | M] () -- D:\Documents and Settings\Chris and Lisa\Application Data\02000000dd27d387548C.manifest
[2009/03/10 12:51:00 | 00,001,529 | -HS- | M] () -- D:\Documents and Settings\Chris and Lisa\Application Data\02000000dd27d387548P.manifest
[2009/03/10 12:42:58 | 00,000,407 | -HS- | M] () -- D:\Documents and Settings\Chris and Lisa\Application Data\02000000dd27d387548O.manifest
[2009/03/10 12:42:47 | 00,000,011 | -HS- | M] () -- D:\Documents and Settings\Chris and Lisa\Application Data\02000000dd27d387548S.manifest
[2009/03/10 12:41:51 | 00,000,006 | -H-- | M] () -- D:\WINDOWS\tasks\SA.DAT
[2009/03/10 07:47:12 | 04,279,144 | -H-- | M] () -- D:\Documents and Settings\Chris and Lisa\Local Settings\Application Data\IconCache.db
[2009/03/09 12:22:58 | 00,530,106 | ---- | M] () -- D:\Documents and Settings\Chris and Lisa\Desktop\LopSD.exe
[2009/03/09 12:02:57 | 00,497,664 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Chris and Lisa\Desktop\OTListIt2.exe
[2009/03/08 16:51:32 | 00,001,602 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

========== Custom Scans ==========


< D:\DOCUME~1\ALLUSE~1\APPLIC~1\Avg7\*.* /s >

< D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\*.* /s >
[2009/03/07 13:12:13 | 00,001,366 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\ProcCache.sbc
[2007/03/03 11:26:25 | 00,000,191 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Logs\Checks.070303-1126.log
[2007/03/04 10:16:10 | 00,000,241 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Logs\Checks.070304-0929.log
[2007/03/04 10:16:14 | 00,001,345 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Logs\Checks.070304-1016.txt
[2007/03/25 09:25:07 | 00,000,993 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Logs\Checks.070325-0942.log
[2007/03/25 09:25:10 | 00,002,044 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Logs\Checks.070325-1025.txt
[2007/04/22 09:40:27 | 00,000,241 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Logs\Checks.070422-1007.log
[2007/04/22 09:40:28 | 00,001,345 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Logs\Checks.070422-1040.txt
[2007/06/21 20:00:13 | 00,000,191 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Logs\Checks.070621-2100.log
[2007/06/21 20:17:58 | 00,001,284 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Logs\Checks.070621-2117.txt
[2007/08/12 09:29:10 | 00,000,526 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Logs\Checks.070812-0950.log
[2007/08/12 09:29:10 | 00,001,660 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Logs\Checks.070812-1029.txt
[2007/08/25 07:06:22 | 00,000,191 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Logs\Checks.070825-0806.log
[2007/08/25 07:37:04 | 00,001,284 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Logs\Checks.070825-0837.txt
[2007/09/15 12:12:18 | 00,000,241 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Logs\Checks.070915-1230.log
[2007/09/15 12:12:21 | 00,001,345 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Logs\Checks.070915-1312.txt
[2007/10/19 10:25:50 | 00,000,426 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Logs\Checks.071019-1046.log
[2007/10/19 10:25:50 | 00,001,652 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Logs\Checks.071019-1125.txt
[2007/11/29 18:59:54 | 00,000,241 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Logs\Checks.071129-1820.log
[2007/11/29 18:59:55 | 00,001,345 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Logs\Checks.071129-1859.txt
[2008/02/17 06:16:37 | 00,000,241 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Logs\Checks.080217-0542.log
[2008/02/17 06:16:38 | 00,001,345 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Logs\Checks.080217-0616.txt
[2009/03/07 12:35:53 | 00,189,610 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Logs\Checks.090307-0911.log
[2009/03/07 12:40:34 | 00,979,844 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Logs\Checks.090307-1240.txt
[2007/03/25 11:17:01 | 00,001,988 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Logs\Fixes.070325-1217.txt
[2007/08/12 10:26:36 | 00,001,639 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Logs\Fixes.070812-1126.txt
[2007/10/19 14:02:32 | 00,001,638 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Logs\Fixes.071019-1502.txt
[2009/03/07 13:12:41 | 00,004,826 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Logs\Resident.log
[2009/03/07 13:03:30 | 00,000,265 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Logs\SDHelper.log
[2007/03/03 11:25:46 | 00,002,875 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Logs\Update downloads.log
[2005/12/17 19:17:20 | 00,000,922 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\AlexaRelated.zip
[2006/11/26 22:09:36 | 00,014,132 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\CoolWWWSearch.zip
[2006/11/26 22:09:36 | 00,014,134 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\CoolWWWSearch1.zip
[2005/12/17 19:17:20 | 00,000,746 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit.zip
[2005/12/17 19:17:20 | 00,000,801 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit1.zip
[2005/12/17 22:43:30 | 00,000,746 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit10.zip
[2006/02/02 19:06:53 | 00,000,747 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit100.zip
[2006/02/02 19:06:54 | 00,000,801 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit101.zip
[2006/02/02 19:06:54 | 00,000,746 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit102.zip
[2006/02/02 19:06:54 | 00,000,747 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit103.zip
[2006/02/02 19:06:54 | 00,000,748 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit104.zip
[2006/02/08 07:42:24 | 00,000,746 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit105.zip
[2006/02/08 07:42:24 | 00,000,801 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit106.zip
[2006/02/08 07:42:25 | 00,000,746 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit107.zip
[2006/02/08 07:42:25 | 00,000,748 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit108.zip
[2006/02/08 07:42:25 | 00,000,749 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit109.zip
[2005/12/17 22:43:30 | 00,000,801 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit11.zip
[2006/02/15 17:35:24 | 00,000,747 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit110.zip
[2006/02/15 17:35:25 | 00,000,801 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit111.zip
[2006/02/15 17:35:25 | 00,000,746 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit112.zip
[2006/02/15 17:35:25 | 00,000,747 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit113.zip
[2006/02/15 17:35:25 | 00,000,749 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit114.zip
[2006/02/19 20:41:17 | 00,000,746 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit115.zip
[2006/02/19 20:41:17 | 00,000,801 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit116.zip
[2006/02/19 20:41:17 | 00,000,746 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit117.zip
[2006/02/19 20:41:18 | 00,000,747 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit118.zip
[2006/02/19 20:41:18 | 00,000,748 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit119.zip
[2005/12/17 22:43:30 | 00,000,746 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit12.zip
[2006/02/24 20:36:04 | 00,000,746 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit120.zip
[2006/02/24 20:36:04 | 00,000,801 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit121.zip
[2006/02/24 20:36:04 | 00,000,746 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit122.zip
[2006/02/24 20:36:05 | 00,000,747 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit123.zip
[2006/02/24 20:36:05 | 00,000,748 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit124.zip
[2006/05/22 14:53:16 | 00,000,746 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit125.zip
[2006/05/22 14:53:17 | 00,000,801 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit126.zip
[2006/05/22 14:53:17 | 00,000,746 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit127.zip
[2006/05/22 14:53:17 | 00,000,747 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit128.zip
[2006/05/22 14:53:17 | 00,000,749 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit129.zip
[2005/12/17 22:43:30 | 00,000,747 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit13.zip
[2006/05/23 07:46:18 | 00,000,747 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit130.zip
[2006/05/23 07:46:18 | 00,000,801 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit131.zip
[2006/05/23 07:46:18 | 00,000,746 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit132.zip
[2006/05/23 07:46:18 | 00,000,748 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit133.zip
[2006/05/23 07:46:19 | 00,000,749 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit134.zip
[2006/05/24 20:03:53 | 00,000,747 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit135.zip
[2006/05/24 20:03:53 | 00,000,802 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit136.zip
[2006/05/24 20:03:54 | 00,000,747 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit137.zip
[2006/05/24 20:03:54 | 00,000,747 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit138.zip
[2006/05/24 20:03:54 | 00,000,748 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit139.zip
[2005/12/17 22:43:30 | 00,000,748 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit14.zip
[2006/05/25 21:21:15 | 00,000,746 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit140.zip
[2006/05/25 21:21:16 | 00,000,801 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit141.zip
[2006/05/25 21:21:16 | 00,000,746 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit142.zip
[2006/05/25 21:21:16 | 00,000,747 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit143.zip
[2006/05/25 21:21:16 | 00,000,748 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit144.zip
[2006/05/27 20:24:55 | 00,000,747 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit145.zip
[2006/05/27 20:24:55 | 00,000,801 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit146.zip
[2006/05/27 20:24:55 | 00,000,746 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit147.zip
[2006/05/27 20:24:55 | 00,000,747 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit148.zip
[2006/05/27 20:24:56 | 00,000,749 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit149.zip
[2005/12/18 09:47:43 | 00,000,747 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit15.zip
[2006/05/27 20:35:36 | 00,000,747 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit150.zip
[2006/05/27 20:35:37 | 00,000,801 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit151.zip
[2006/05/27 20:35:37 | 00,000,746 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit152.zip
[2006/05/27 20:35:37 | 00,000,748 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit153.zip
[2006/05/27 20:35:37 | 00,000,749 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit154.zip
[2006/05/29 18:28:35 | 00,000,747 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit155.zip
[2006/05/29 18:28:35 | 00,000,802 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit156.zip
[2006/05/29 18:28:35 | 00,000,747 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit157.zip
[2006/05/29 18:28:36 | 00,000,748 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit158.zip
[2006/05/29 18:28:36 | 00,000,749 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit159.zip
[2005/12/18 09:47:43 | 00,000,802 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit16.zip
[2006/05/31 16:41:06 | 00,000,746 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit160.zip
[2006/05/31 16:41:07 | 00,000,802 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit161.zip
[2006/05/31 16:41:07 | 00,000,746 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit162.zip
[2006/05/31 16:41:07 | 00,000,747 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit163.zip
[2006/05/31 16:41:08 | 00,000,748 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit164.zip
[2006/06/01 08:05:53 | 00,000,747 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit165.zip
[2006/06/01 08:05:53 | 00,000,802 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit166.zip
[2006/06/01 08:05:53 | 00,000,747 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit167.zip
[2006/06/01 08:05:54 | 00,000,747 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit168.zip
[2006/06/01 08:05:54 | 00,000,748 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit169.zip
[2005/12/18 09:47:43 | 00,000,747 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit17.zip
[2006/06/01 15:42:55 | 00,000,746 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit170.zip
[2006/06/01 15:42:55 | 00,000,801 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit171.zip
[2006/06/01 15:42:55 | 00,000,746 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit172.zip
[2006/06/01 15:42:55 | 00,000,747 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit173.zip
[2006/06/01 15:42:55 | 00,000,748 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit174.zip
[2006/06/04 08:31:55 | 00,000,747 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit175.zip
[2006/06/04 08:31:55 | 00,000,801 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit176.zip
[2006/06/04 08:31:55 | 00,000,746 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit177.zip
[2006/06/04 08:31:55 | 00,000,747 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit178.zip
[2006/06/04 08:31:55 | 00,000,748 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit179.zip
[2005/12/18 09:47:43 | 00,000,748 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit18.zip
[2006/06/08 20:44:33 | 00,000,747 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit180.zip
[2006/06/08 20:44:33 | 00,000,801 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit181.zip
[2006/06/08 20:44:33 | 00,000,747 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit182.zip
[2006/06/08 20:44:34 | 00,000,748 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit183.zip
[2006/06/08 20:44:34 | 00,000,748 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit184.zip
[2006/06/09 21:10:04 | 00,000,746 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit185.zip
[2006/06/09 21:10:04 | 00,000,801 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit186.zip
[2006/06/09 21:10:04 | 00,000,746 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit187.zip
[2006/06/09 21:10:05 | 00,000,747 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit188.zip
[2006/06/09 21:10:05 | 00,000,748 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit189.zip
[2005/12/18 09:47:43 | 00,000,749 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit19.zip
[2006/06/12 14:58:16 | 00,000,746 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit190.zip
[2006/06/12 14:58:16 | 00,000,801 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit191.zip
[2006/06/12 14:58:16 | 00,000,746 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit192.zip
[2006/06/12 14:58:17 | 00,000,748 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit193.zip
[2006/06/12 14:58:17 | 00,000,749 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit194.zip
[2006/06/25 08:19:47 | 00,000,747 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit195.zip
[2006/06/25 08:19:48 | 00,000,802 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit196.zip
[2006/06/25 08:19:48 | 00,000,747 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit197.zip
[2006/06/25 08:19:48 | 00,000,748 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit198.zip
[2006/06/25 08:19:48 | 00,000,749 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit199.zip
[2005/12/17 19:17:20 | 00,000,746 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit2.zip
[2005/12/19 18:28:51 | 00,000,746 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit20.zip
[2006/07/06 20:30:21 | 00,000,746 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit200.zip
[2006/07/06 20:30:21 | 00,000,801 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit201.zip
[2006/07/06 20:30:21 | 00,000,746 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit202.zip
[2006/07/06 20:30:21 | 00,000,747 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit203.zip
[2006/07/06 20:30:21 | 00,000,748 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit204.zip
[2006/07/16 08:47:37 | 00,000,747 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit205.zip
[2006/07/16 08:47:37 | 00,000,802 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit206.zip
[2006/07/16 08:47:37 | 00,000,747 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit207.zip
[2006/07/16 08:47:38 | 00,000,748 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit208.zip
[2006/07/16 08:47:38 | 00,000,749 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit209.zip
[2005/12/19 18:28:51 | 00,000,801 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit21.zip
[2006/08/03 21:17:52 | 00,000,747 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit210.zip
[2006/08/03 21:17:52 | 00,000,801 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit211.zip
[2006/08/03 21:17:53 | 00,000,746 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit212.zip
[2006/08/03 21:17:53 | 00,000,749 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit213.zip
[2006/08/03 21:17:53 | 00,000,749 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit214.zip
[2006/08/13 07:17:43 | 00,000,747 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit215.zip
[2006/08/13 07:17:43 | 00,000,802 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit216.zip
[2006/08/13 07:17:43 | 00,000,747 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit217.zip
[2006/08/13 07:17:43 | 00,000,749 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit218.zip
[2006/08/13 07:17:43 | 00,000,749 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit219.zip
[2005/12/19 18:28:51 | 00,000,746 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit22.zip
[2006/09/03 17:48:23 | 00,000,748 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit220.zip
[2006/09/03 17:48:23 | 00,000,802 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit221.zip
[2006/09/03 17:48:24 | 00,000,747 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit222.zip
[2006/09/03 17:48:24 | 00,000,748 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit223.zip
[2006/09/03 17:48:24 | 00,000,749 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit224.zip
[2006/10/22 08:10:01 | 00,000,745 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit225.zip
[2006/10/22 08:10:01 | 00,000,801 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit226.zip
[2006/10/22 08:10:02 | 00,000,745 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit227.zip
[2006/10/22 08:10:02 | 00,000,747 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit228.zip
[2006/10/22 08:10:02 | 00,000,747 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit229.zip
[2005/12/19 18:28:51 | 00,000,747 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit23.zip
[2006/10/29 17:22:55 | 00,000,747 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit230.zip
[2006/10/29 17:22:55 | 00,000,802 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit231.zip
[2006/10/29 17:22:55 | 00,000,746 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit232.zip
[2006/10/29 17:22:55 | 00,000,747 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit233.zip
[2006/10/29 17:22:55 | 00,000,748 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit234.zip
[2006/10/31 18:48:10 | 00,000,746 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit235.zip
[2006/10/31 18:48:10 | 00,000,801 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit236.zip
[2006/10/31 18:48:10 | 00,000,746 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit237.zip
[2006/10/31 18:48:10 | 00,000,747 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit238.zip
[2006/10/31 18:48:10 | 00,000,748 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit239.zip
[2005/12/19 18:28:52 | 00,000,748 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit24.zip
[2006/11/14 18:24:35 | 00,000,746 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit240.zip
[2006/11/14 18:24:36 | 00,000,801 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit241.zip
[2006/11/14 18:24:36 | 00,000,746 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit242.zip
[2006/11/14 18:24:36 | 00,000,748 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit243.zip
[2006/11/14 18:24:36 | 00,000,748 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit244.zip
[2006/11/14 18:35:06 | 00,000,746 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit245.zip
[2006/11/14 18:35:06 | 00,000,801 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit246.zip
[2006/11/14 18:35:06 | 00,000,746 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit247.zip
[2006/11/14 18:35:07 | 00,000,747 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit248.zip
[2006/11/14 18:35:07 | 00,000,749 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit249.zip
[2005/12/20 12:00:21 | 00,000,745 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit25.zip
[2006/11/19 08:36:15 | 00,000,746 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit250.zip
[2006/11/19 08:36:15 | 00,000,801 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit251.zip
[2006/11/19 08:36:15 | 00,000,746 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit252.zip
[2006/11/19 08:36:15 | 00,000,747 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit253.zip
[2006/11/19 08:36:15 | 00,000,748 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit254.zip
[2006/11/22 18:27:58 | 00,000,746 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit255.zip
[2006/11/22 18:27:58 | 00,000,801 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit256.zip
[2006/11/22 18:27:58 | 00,000,746 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit257.zip
[2006/11/22 18:27:58 | 00,000,748 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit258.zip
[2006/11/22 18:27:59 | 00,000,748 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit259.zip
[2005/12/20 12:00:21 | 00,000,800 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit26.zip
[2006/11/26 09:11:29 | 00,000,746 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit260.zip
[2006/11/26 09:11:29 | 00,000,801 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit261.zip
[2006/11/26 09:11:29 | 00,000,746 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit262.zip
[2006/11/26 09:11:30 | 00,000,747 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit263.zip
[2006/11/26 09:11:30 | 00,000,748 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit264.zip
[2005/12/20 12:00:21 | 00,000,744 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit27.zip
[2005/12/20 12:00:21 | 00,000,746 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit28.zip
[2005/12/20 12:00:21 | 00,000,746 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit29.zip
[2005/12/17 19:17:21 | 00,000,747 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit3.zip
[2005/12/21 08:12:48 | 00,000,746 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit30.zip
[2005/12/21 08:12:48 | 00,000,801 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit31.zip
[2005/12/21 08:12:48 | 00,000,746 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit32.zip
[2005/12/21 08:12:48 | 00,000,747 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit33.zip
[2005/12/21 08:12:48 | 00,000,748 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit34.zip
[2005/12/21 09:30:27 | 00,000,746 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit35.zip
[2005/12/21 09:30:28 | 00,000,801 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit36.zip
[2005/12/21 09:30:28 | 00,000,746 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit37.zip
[2005/12/21 09:30:28 | 00,000,747 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit38.zip
[2005/12/21 09:30:28 | 00,000,748 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit39.zip
[2005/12/17 19:17:21 | 00,000,748 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit4.zip
[2005/12/21 21:31:08 | 00,000,746 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit40.zip
[2005/12/21 21:31:08 | 00,000,800 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit41.zip
[2005/12/21 21:31:08 | 00,000,745 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit42.zip
[2005/12/21 21:31:08 | 00,000,747 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit43.zip
[2005/12/21 21:31:09 | 00,000,748 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit44.zip
[2005/12/23 10:59:47 | 00,000,747 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit45.zip
[2005/12/23 10:59:48 | 00,000,801 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit46.zip
[2005/12/23 10:59:48 | 00,000,746 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit47.zip
[2005/12/23 10:59:48 | 00,000,748 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit48.zip
[2005/12/23 10:59:48 | 00,000,749 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit49.zip
[2005/12/17 19:51:41 | 00,000,746 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit5.zip
[2005/12/24 16:58:20 | 00,000,747 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit50.zip
[2005/12/24 16:58:20 | 00,000,801 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit51.zip
[2005/12/24 16:58:20 | 00,000,746 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit52.zip
[2005/12/24 16:58:20 | 00,000,747 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit53.zip
[2005/12/24 16:58:20 | 00,000,748 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit54.zip
[2005/12/25 15:02:36 | 00,000,746 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit55.zip
[2005/12/25 15:02:36 | 00,000,801 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit56.zip
[2005/12/25 15:02:36 | 00,000,746 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit57.zip
[2005/12/25 15:02:36 | 00,000,747 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit58.zip
[2005/12/25 15:02:36 | 00,000,748 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit59.zip
[2005/12/17 19:51:41 | 00,000,802 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit6.zip
[2005/12/27 09:43:43 | 00,000,747 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit60.zip
[2005/12/27 09:43:43 | 00,000,801 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit61.zip
[2005/12/27 09:43:43 | 00,000,747 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit62.zip
[2005/12/27 09:43:43 | 00,000,748 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit63.zip
[2005/12/27 09:43:43 | 00,000,748 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit64.zip
[2006/01/01 13:08:04 | 00,000,745 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit65.zip
[2006/01/01 13:08:04 | 00,000,800 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit66.zip
[2006/01/01 13:08:04 | 00,000,745 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit67.zip
[2006/01/01 13:08:05 | 00,000,746 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit68.zip
[2006/01/01 13:08:05 | 00,000,747 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit69.zip
[2005/12/17 19:51:41 | 00,000,746 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit7.zip
[2006/01/04 09:20:14 | 00,000,746 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit70.zip
[2006/01/04 09:20:14 | 00,000,801 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit71.zip
[2006/01/04 09:20:14 | 00,000,745 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit72.zip
[2006/01/04 09:20:15 | 00,000,747 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit73.zip
[2006/01/04 09:20:15 | 00,000,748 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit74.zip
[2006/01/05 08:40:45 | 00,000,746 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit75.zip
[2006/01/05 08:40:45 | 00,000,801 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit76.zip
[2006/01/05 08:40:45 | 00,000,746 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit77.zip
[2006/01/05 08:40:45 | 00,000,747 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit78.zip
[2006/01/05 08:40:45 | 00,000,748 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit79.zip
[2005/12/17 19:51:41 | 00,000,747 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit8.zip
[2006/01/06 21:38:53 | 00,000,747 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit80.zip
[2006/01/06 21:38:53 | 00,000,802 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit81.zip
[2006/01/06 21:38:53 | 00,000,747 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit82.zip
[2006/01/06 21:38:53 | 00,000,748 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit83.zip
[2006/01/06 21:38:54 | 00,000,749 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit84.zip
[2006/01/09 09:17:16 | 00,000,746 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit85.zip
[2006/01/09 09:17:16 | 00,000,802 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit86.zip
[2006/01/09 09:17:16 | 00,000,746 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit87.zip
[2006/01/09 09:17:16 | 00,000,747 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit88.zip
[2006/01/09 09:17:16 | 00,000,748 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit89.zip
[2005/12/17 19:51:41 | 00,000,748 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit9.zip
[2006/01/29 09:12:46 | 00,000,747 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit90.zip
[2006/01/29 09:12:46 | 00,000,801 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit91.zip
[2006/01/29 09:12:46 | 00,000,746 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit92.zip
[2006/01/29 09:12:46 | 00,000,747 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit93.zip
[2006/01/29 09:12:46 | 00,000,748 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit94.zip
[2006/02/02 18:58:33 | 00,000,747 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit95.zip
[2006/02/02 18:58:33 | 00,000,800 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit96.zip
[2006/02/02 18:58:33 | 00,000,747 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit97.zip
[2006/02/02 18:58:33 | 00,000,748 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit98.zip
[2006/02/02 18:58:34 | 00,000,748 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\DSOExploit99.zip
[2006/11/26 22:09:37 | 00,000,648 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\LSA.zip
[2006/11/26 22:09:37 | 00,000,714 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\LSA1.zip
[2006/11/26 22:09:38 | 00,000,629 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\LSA2.zip
[2007/10/19 14:02:22 | 00,000,780 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusDisableNotify.zip
[2006/11/26 22:09:38 | 00,000,768 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusOverride.zip
[2007/08/12 10:26:31 | 00,000,767 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusOverride1.zip
[2007/10/19 14:02:25 | 00,000,768 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusOverride2.zip
[2009/03/07 12:40:59 | 00,061,115 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\Noadware.zip
[2006/05/22 14:58:16 | 00,044,111 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\Overview.ini
[2009/03/07 12:40:59 | 00,001,921 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\RegistryFix.zip
[2009/03/07 12:40:59 | 00,003,937 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\RegistryFix1.zip
[2006/11/26 22:09:38 | 00,000,698 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\SpyFighter.zip
[2006/11/26 22:09:39 | 00,002,010 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\SpyFighter1.zip
[2006/11/26 22:09:40 | 00,000,959 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\SpywareCleaner.zip
[2006/11/26 22:09:41 | 00,000,818 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\SpywareCleaner1.zip
[2006/11/26 22:09:42 | 00,000,670 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\SpywareCleaner2.zip
[2006/11/26 22:09:42 | 00,000,700 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\SpywareCleaner3.zip
[2006/11/26 22:09:42 | 00,000,666 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\SpywareCleaner4.zip
[2006/11/26 22:09:43 | 00,004,142 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\TrekBlueErrorNuker.zip
[2009/03/07 12:54:55 | 40,904,2983 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy\Recovery\WinAgentcmn.zip

< D:\DOCUME~1\CHRISA~1\APPLIC~1\Registry Cleaner\*.* /s >
[2007/10/21 18:19:19 | 00,000,031 | ---- | M] () -- D:\DOCUME~1\CHRISA~1\APPLIC~1\Registry Cleaner\Regclean.ini
[2007/10/21 18:25:16 | 00,040,830 | ---- | M] () -- D:\DOCUME~1\CHRISA~1\APPLIC~1\Registry Cleaner\Backups\2007-10-21,19-24 38 975.zip

< D:\DOCUME~1\CHRISA~1\APPLIC~1\SUPERAntiSpyware.com\*.* /s >

< D:\Program Files\Alwil Software\*.* /s >
[2007/09/15 12:09:52 | 00,000,093 | ---- | M] () -- D:\Program Files\Alwil Software\Avast4\DATA\Avast4.ini

< D:\Program Files\Comodo\*.* /s >
[2007/08/08 18:49:46 | 00,338,432 | ---- | M] (COMODO) -- D:\Program Files\Comodo\CBOClean\BOC425.EXE
[2007/08/07 03:59:34 | 00,069,632 | ---- | M] (COMODO) -- D:\Program Files\Comodo\CBOClean\BOCore.exe

< D:\Program Files\Eusing Free Registry Cleaner\*.* /s >
[2009/03/08 10:32:32 | 00,000,457 | ---- | M] () -- D:\Program Files\Eusing Free Registry Cleaner\options.ini
[2009/03/08 10:32:29 | 00,000,159 | ---- | M] () -- D:\Program Files\Eusing Free Registry Cleaner\Backup\Backup20090308103229.reg

< D:\Program Files\Grisoft\*.* /s >
[2006/11/27 09:07:09 | 00,001,201 | ---- | M] () -- D:\Program Files\Grisoft\AVG Free\license.txt
[2006/11/27 09:07:09 | 00,013,578 | ---- | M] () -- D:\Program Files\Grisoft\AVG Free\loadsos.bin
[2007/03/28 06:49:37 | 00,000,000 | ---- | M] () -- D:\Program Files\Grisoft\AVG7\avgemc.dmp

< D:\Program Files\Kaspersky Lab\*.* /s >

< D:\Program Files\PC Registry Cleaner\*.* /s >

< D:\Program Files\RegistryFix\*.* /s >

< D:\Program Files\Spybot - Search & Destroy\*.* /s >
[2009/01/26 15:30:58 | 01,287,000 | ---- | M] (Safer Networking Limited) -- D:\Program Files\Spybot - Search & Destroy\advcheck.dll
[2009/01/26 15:31:16 | 02,144,088 | ---- | M] (Safer Networking Limited) -- D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

< D:\Program Files\Spyware Doctor\*.* /s >
[2008/04/13 07:36:49 | 00,000,019 | ---- | M] () -- D:\Program Files\Spyware Doctor\history\syslog.dad
[2008/04/13 07:37:30 | 00,000,019 | ---- | M] () -- D:\Program Files\Spyware Doctor\history\syslog.das
[2008/04/13 07:36:53 | 00,527,613 | ---- | M] () -- D:\Program Files\Spyware Doctor\history\userlog.dad
[2008/04/13 07:37:30 | 02,713,601 | ---- | M] () -- D:\Program Files\Spyware Doctor\history\userlog.das
[2007/12/18 16:15:34 | 00,161,672 | ---- | M] () -- D:\Program Files\Spyware Doctor\NetworkLayer\Driver.exe
[2008/02/01 12:55:54 | 00,497,544 | ---- | M] (PC Tools) -- D:\Program Files\Spyware Doctor\NetworkLayer\InterfaceDLL.dll
[2008/01/08 11:23:52 | 00,499,712 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Spyware Doctor\NetworkLayer\msvcp71.dll
[2008/01/08 11:23:52 | 00,348,160 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Spyware Doctor\NetworkLayer\msvcr71.dll
[2007/12/10 14:53:34 | 00,071,560 | ---- | M] (PC Tools Research Pty Ltd.) -- D:\Program Files\Spyware Doctor\NetworkLayer\PCTCFFix.exe
[2007/12/10 14:53:34 | 00,104,328 | ---- | M] () -- D:\Program Files\Spyware Doctor\NetworkLayer\PCTCFHook.dll
[2007/12/10 14:53:34 | 00,218,504 | ---- | M] (PC Tools) -- D:\Program Files\Spyware Doctor\NetworkLayer\pctfw2.sys
[2007/12/10 14:53:36 | 00,190,344 | ---- | M] (PC Tools Research Pty Ltd.) -- D:\Program Files\Spyware Doctor\NetworkLayer\PCTLsp.dll
[2007/11/13 18:09:40 | 00,102,680 | ---- | M] () -- D:\Program Files\Spyware Doctor\quarantine\01A1E505-B4A3-4B44-BEC6-CA8C6311E02D.sfs
[2007/11/27 19:40:10 | 00,069,912 | ---- | M] () -- D:\Program Files\Spyware Doctor\quarantine\037D6137-D931-4EB9-A836-FCE18DEDC1CB.sfs
[2007/10/19 20:49:00 | 00,200,984 | ---- | M] () -- D:\Program Files\Spyware Doctor\quarantine\03CFABDF-211B-43D4-97B2-54E690DFC135.sfs
[2008/03/12 21:12:01 | 00,102,680 | ---- | M] () -- D:\Program Files\Spyware Doctor\quarantine\08046CDC-1133-4D7E-8437-C5A042E078C4.sfs
[2008/01/27 19:01:18 | 00,069,912 | ---- | M] () -- D:\Program Files\Spyware Doctor\quarantine\0BD89027-B65C-437E-B4CF-652D5E181774.sfs
[2007/10/19 20:50:12 | 00,069,912 | ---- | M] () -- D:\Program Files\Spyware Doctor\quarantine\0D8CF6D9-7913-420C-95AD-CC1CABDD1281.sfs
[2008/03/01 18:07:01 | 00,168,216 | ---- | M] () -- D:\Program Files\Spyware Doctor\quarantine\0F1E9F07-43EE-4572-9DF1-8DFCDAEE058D.sfs
[2007/11/13 18:09:39 | 00,069,912 | ---- | M] () -- D:\Program Files\Spyware Doctor\quarantine\130F898E-F750-416E-987C-B48BD34E4953.sfs
[2008/03/18 18:05:28 | 00,102,680 | ---- | M] () -- D:\Program Files\Spyware Doctor\quarantine\162349D3-1BDC-4D14-9485-EEBB28504054.sfs
[2007/10/19 20:49:03 | 00,332,056 | ---- | M] () -- D:\Program Files\Spyware Doctor\quarantine\180D2AB3-5DA9-447C-984D-FBE327BD3C15.sfs
[2008/03/12 21:12:03 | 00,069,912 | ---- | M] () -- D:\Program Files\Spyware Doctor\quarantine\18F5A017-DD13-41F2-8BFF-B3F45C59FD2D.sfs
[2007/12/29 18:11:36 | 00,102,680 | ---- | M] () -- D:\Program Files\Spyware Doctor\quarantine\1AE97724-EABF-437C-97F6-262B6268DDDB.sfs
[2008/03/05 19:47:22 | 00,069,912 | ---- | M] () -- D:\Program Files\Spyware Doctor\quarantine\1B395504-6E80-4FE9-94ED-F02B06D84D05.sfs
[2007/12/19 19:56:03 | 00,069,912 | ---- | M] () -- D:\Program Files\Spyware Doctor\quarantine\241BD7FE-C982-4DAC-84DC-C1FB94FE5C57.sfs
[2007/11/17 18:37:41 | 00,102,680 | ---- | M] () -- D:\Program Files\Spyware Doctor\quarantine\2BDCA983-34A3-41AD-B36D-BD240125E864.sfs
[2007/12/14 19:23:53 | 00,069,912 | ---- | M] () -- D:\Program Files\Spyware Doctor\quarantine\2CA7F3E8-E1EB-44A9-BE0A-7CE3E1D83E56.sfs
[2007/11/27 19:40:09 | 00,102,680 | ---- | M] () -- D:\Program Files\Spyware Doctor\quarantine\30047399-3C4A-4125-9C24-1A2E96A03D78.sfs
[2007/10/19 20:49:23 | 00,069,912 | ---- | M] () -- D:\Program Files\Spyware Doctor\quarantine\30AF04D6-CA02-4967-B864-F90C492DD61A.sfs
[2008/02/13 21:36:16 | 00,069,912 | ---- | M] () -- D:\Program Files\Spyware Doctor\quarantine\326A199F-78C2-4600-B513-7004905FE45B.sfs
[2007/10/19 20:49:22 | 00,069,912 | ---- | M] () -- D:\Program Files\Spyware Doctor\quarantine\341AC775-4E90-4B9A-B0BA-BE4A841876CF.sfs
[2008/03/01 18:07:00 | 00,135,448 | ---- | M] () -- D:\Program Files\Spyware Doctor\quarantine\37209141-BC2B-4896-AB54-BC075A956B3F.sfs
[2007/10/19 20:49:19 | 04,854,040 | ---- | M] () -- D:\Program Files\Spyware Doctor\quarantine\3B48B7A2-C22C-43DE-B0ED-9077A5C52EF0.sfs
[2008/01/08 20:02:27 | 00,069,912 | ---- | M] () -- D:\Program Files\Spyware Doctor\quarantine\412A128B-AB11-440D-86C1-F6A17E2431AD.sfs
[2008/02/18 19:05:16 | 00,069,912 | ---- | M] () -- D:\Program Files\Spyware Doctor\quarantine\41F84C53-BD89-4667-A423-780CF2AFFC25.sfs
[2008/01/07 22:40:46 | 00,069,912 | ---- | M] () -- D:\Program Files\Spyware Doctor\quarantine\425D6E72-846A-4026-A9CB-950C5AAFD1D8.sfs
[2008/02/13 21:36:16 | 00,069,912 | ---- | M] () -- D:\Program Files\Spyware Doctor\quarantine\4BC8A8A9-855B-46E6-A9A5-DE750A6317AB.sfs
[2008/01/28 21:47:18 | 00,102,680 | ---- | M] () -- D:\Program Files\Spyware Doctor\quarantine\51127364-BB77-4EA1-B5DD-9BEA76413296.sfs
[2007/12/09 20:13:29 | 00,102,680 | ---- | M] () -- D:\Program Files\Spyware Doctor\quarantine\53DE504E-1575-4EC4-8FD7-C893BDC1CCBE.sfs
[2008/01/04 20:37:00 | 00,069,912 | ---- | M] () -- D:\Program Files\Spyware Doctor\quarantine\54155B48-9C07-4B81-BBAD-E652451F176F.sfs
[2007/10/21 18:01:43 | 00,069,912 | ---- | M] () -- D:\Program Files\Spyware Doctor\quarantine\54335801-C2E6-472C-99A9-6F9F97B9E296.sfs
[2007/10/19 20:49:01 | 00,069,912 | ---- | M] () -- D:\Program Files\Spyware Doctor\quarantine\5765E20D-3736-4FA3-B4EA-F457085E2533.sfs
[2008/03/19 19:59:54 | 00,069,912 | ---- | M] () -- D:\Program Files\Spyware Doctor\quarantine\58D9E2D6-80E5-4A4A-BB5C-50F7C4E84CEA.sfs
[2007/12/19 19:56:04 | 00,069,912 | ---- | M] () -- D:\Program Files\Spyware Doctor\quarantine\59755FFC-1F05-47C2-8032-0DBD15E87A1A.sfs
[2007/12/13 18:56:35 | 00,102,680 | ---- | M] () -- D:\Program Files\Spyware Doctor\quarantine\5E42C753-2E65-4B91-ADCC-5D3EFCA7DB92.sfs
[2007/11/29 18:13:27 | 00,069,912 | ---- | M] () -- D:\Program Files\Spyware Doctor\quarantine\64F6D505-F2FB-41A3-A0EB-B1A4D0D23F76.sfs
[2007/12/25 20:00:06 | 00,069,912 | ---- | M] () -- D:\Program Files\Spyware Doctor\quarantine\65806953-1F68-4B5F-891C-3F48C5EC5696.sfs
[2007/10/21 18:01:43 | 00,102,680 | ---- | M] () -- D:\Program Files\Spyware Doctor\quarantine\66C6CAE7-AE7C-4C81-86F7-297B2334A4BA.sfs
[2008/03/19 19:59:55 | 00,069,912 | ---- | M] () -- D:\Program Files\Spyware Doctor\quarantine\674CEF19-A5D0-47A2-9CC7-8A0F3FAC7999.sfs
[2007/11/29 18:13:28 | 00,069,912 | ---- | M] () -- D:\Program Files\Spyware Doctor\quarantine\6A818CD5-FD62-4549-ABB2-E4966CF19822.sfs
[2008/02/13 21:36:15 | 00,102,680 | ---- | M] () -- D:\Program Files\Spyware Doctor\quarantine\6CE44E25-0490-4A98-B088-074CC254617F.sfs
[2008/01/18 19:19:32 | 00,069,912 | ---- | M] () -- D:\Program Files\Spyware Doctor\quarantine\76230230-0813-4463-8E71-30A6FC3B0A30.sfs
[2007/12/09 20:13:30 | 00,069,912 | ---- | M] () -- D:\Program Files\Spyware Doctor\quarantine\7746DE33-2B9E-49EB-B6DF-74296B9410BC.sfs
[2007/12/04 20:13:16 | 00,102,680 | ---- | M] () -- D:\Program Files\Spyware Doctor\quarantine\8180EE09-C1F9-4D99-BB13-38CDF6F1A8C6.sfs
[2007/11/25 19:29:29 | 00,102,680 | ---- | M] () -- D:\Program Files\Spyware Doctor\quarantine\84F106B9-9D38-4AF8-A6A0-9ECFFA5347C4.sfs
[2007/12/23 18:05:22 | 00,069,912 | ---- | M] () -- D:\Program Files\Spyware Doctor\quarantine\86330959-9AD3-4238-BE51-73363B77F823.sfs
[2007/11/27 19:40:10 | 00,069,912 | ---- | M] () -- D:\Program Files\Spyware Doctor\quarantine\86973F88-4765-4637-B6F0-0311869E0A1F.sfs
[2007/11/30 18:47:27 | 00,069,912 | ---- | M] () -- D:\Program Files\Spyware Doctor\quarantine\8903AFF7-21A7-4593-9914-3078B42A416A.sfs
[2007/10/21 18:01:44 | 00,069,912 | ---- | M] () -- D:\Program Files\Spyware Doctor\quarantine\8ACF67D7-1910-476B-9CEC-C81FD1B48B8A.sfs
[2008/03/05 19:47:21 | 00,102,680 | ---- | M] () -- D:\Program Files\Spyware Doctor\quarantine\95FE1866-345C-43E2-97C0-9648D40B5809.sfs
[2008/03/12 21:12:02 | 00,102,680 | ---- | M] () -- D:\Program Files\Spyware Doctor\quarantine\98886BFC-25AF-4038-AB50-1AB8FC86FBAB.sfs
[2008/01/07 22:40:45 | 00,102,680 | ---- | M] () -- D:\Program Files\Spyware Doctor\quarantine\98CFA657-D56B-4C47-A46E-0F353CCDE44E.sfs
[2007/10/21 18:01:42 | 00,102,680 | ---- | M] () -- D:\Program Files\Spyware Doctor\quarantine\9A0F7247-57A3-4BB0-AF5C-E9AD579F5DDA.sfs
[2008/03/18 18:05:28 | 00,102,680 | ---- | M] () -- D:\Program Files\Spyware Doctor\quarantine\9F23144C-F140-4445-8F1F-38AB913E0937.sfs
[2007/12/23 18:05:22 | 00,069,912 | ---- | M] () -- D:\Program Files\Spyware Doctor\quarantine\A00A27C7-AF25-43F0-8D82-AB0F5F6E51B9.sfs
[2007/10/19 20:49:25 | 00,626,968 | ---- | M] () -- D:\Program Files\Spyware Doctor\quarantine\A010CB6C-937B-473F-9AFE-DE5764F23079.sfs
[2008/01/28 21:47:19 | 00,069,912 | ---- | M] () -- D:\Program Files\Spyware Doctor\quarantine\A347014E-766C-41DF-812E-F8F9EE75A3DD.sfs
[2007/12/04 20:13:17 | 00,069,912 | ---- | M] () -- D:\Program Files\Spyware Doctor\quarantine\A448E5AE-CDF5-4A31-AE1D-630B6A9314F0.sfs
[2007/12/31 18:15:20 | 00,069,912 | ---- | M] () -- D:\Program Files\Spyware Doctor\quarantine\A6342DA2-E415-4D77-91DA-E4F1D5B2DC95.sfs
[2007/10/19 20:49:21 | 00,069,912 | ---- | M] () -- D:\Program Files\Spyware Doctor\quarantine\A6E45436-5D71-4B41-94EF-96075D5411E7.sfs
[2007/11/30 18:47:27 | 00,069,912 | ---- | M] () -- D:\Program Files\Spyware Doctor\quarantine\AAD8E2C3-85AE-434A-A068-8391790D6AC3.sfs
[2007/12/29 18:11:35 | 00,102,680 | ---- | M] () -- D:\Program Files\Spyware Doctor\quarantine\ABAD0B70-FC8C-407D-87BB-64B8B348D00F.sfs
[2007/11/17 18:37:42 | 00,069,912 | ---- | M] () -- D:\Program Files\Spyware Doctor\quarantine\AD2DEAB1-2127-446F-8FCF-2E9EF8E9295E.sfs
[2008/02/18 19:05:16 | 00,069,912 | ---- | M] () -- D:\Program Files\Spyware Doctor\quarantine\AECD3736-A66F-4A5B-827C-2F36C216DEA7.sfs
[2007/11/21 18:22:39 | 00,102,680 | ---- | M] () -- D:\Program Files\Spyware Doctor\quarantine\B1349A8D-92CB-43B3-898A-9DC02322E523.sfs
[2007/12/13 18:56:36 | 00,069,912 | ---- | M] () -- D:\Program Files\Spyware Doctor\quarantine\B467A7F8-3F47-4A73-803D-89C419F8A9C6.sfs
[2007/11/13 18:09:39 | 00,102,680 | ---- | M] () -- D:\Program Files\Spyware Doctor\quarantine\B489C8B7-8E23-4BDE-A6E6-54FF58B28621.sfs
[2007/12/09 20:13:29 | 00,069,912 | ---- | M] () -- D:\Program Files\Spyware Doctor\quarantine\B62A8C76-E2F8-4EBD-BE43-601BA5738DD6.sfs
[2008/01/28 21:47:19 | 00,069,912 | ---- | M] () -- D:\Program Files\Spyware Doctor\quarantine\B6D42A1F-5C33-42B4-9E6B-8EC12FC313C1.sfs
[2007/12/16 20:47:43 | 00,069,912 | ---- | M] () -- D:\Program Files\Spyware Doctor\quarantine\BA1D923C-50E6-4A31-88CF-9FE66806BFBC.sfs
[2007/12/31 18:15:21 | 00,135,448 | ---- | M] () -- D:\Program Files\Spyware Doctor\quarantine\BA5E4534-5526-4962-8455-6E902B8D5679.sfs
[2008/02/02 20:56:17 | 00,069,912 | ---- | M] () -- D:\Program Files\Spyware Doctor\quarantine\C08F5427-D97B-4DC9-8712-3790B0149670.sfs
[2008/01/12 19:52:49 | 00,069,912 | ---- | M] () -- D:\Program Files\Spyware Doctor\quarantine\C0FC1531-ECB2-4C61-AFE1-475C16F3D31A.sfs
[2007/12/19 19:56:03 | 00,102,680 | ---- | M] () -- D:\Program Files\Spyware Doctor\quarantine\C47884BA-40C2-40DF-B831-38DDF484DD3F.sfs
[2008/02/02 20:56:18 | 00,069,912 | ---- | M] () -- D:\Program Files\Spyware Doctor\quarantine\CB37CF85-F226-4A05-846D-357E7D8DD63E.sfs
[2007/12/16 20:47:42 | 00,069,912 | ---- | M] () -- D:\Program Files\Spyware Doctor\quarantine\CC2A9582-6781-4581-932F-64558492372D.sfs
[2007/11/25 19:29:30 | 00,135,448 | ---- | M] () -- D:\Program Files\Spyware Doctor\quarantine\CD011FF5-B799-44FF-AD2A-1FF5B0FD6B2A.sfs
[2008/01/07 22:40:46 | 00,069,912 | ---- | M] () -- D:\Program Files\Spyware Doctor\quarantine\D08ED635-F2BE-4D63-BDE4-4A5686B80360.sfs
[2008/01/12 19:52:49 | 00,069,912 | ---- | M] () -- D:\Program Files\Spyware Doctor\quarantine\D1089A98-3345-461B-981F-981E20F1B4C2.sfs
[2007/11/17 18:37:41 | 00,069,912 | ---- | M] () -- D:\Program Files\Spyware Doctor\quarantine\D7D95082-FA06-49F9-9E86-15B58E202850.sfs
[2007/12/31 18:15:20 | 00,069,912 | ---- | M] () -- D:\Program Files\Spyware Doctor\quarantine\D91178FE-0A95-41EE-8545-6EE1EAD47D01.sfs
[2008/02/02 20:56:15 | 00,102,680 | ---- | M] () -- D:\Program Files\Spyware Doctor\quarantine\D96734B8-80EA-4D58-8295-ECB31684EF05.sfs
[2008/01/18 19:19:31 | 00,102,680 | ---- | M] () -- D:\Program Files\Spyware Doctor\quarantine\DB9CF340-80E2-4109-A73F-46289043D971.sfs
[2008/01/04 20:37:00 | 00,069,912 | ---- | M] () -- D:\Program Files\Spyware Doctor\quarantine\DF87AE09-2310-40D0-A330-25DEB6095994.sfs
[2007/10/19 20:49:05 | 00,135,448 | ---- | M] () -- D:\Program Files\Spyware Doctor\quarantine\E2A66DDD-F518-4805-A17C-179FA1A5259A.sfs
[2008/01/08 20:02:26 | 00,069,912 | ---- | M] () -- D:\Program Files\Spyware Doctor\quarantine\E4DAC40A-9CDD-4A60-944C-56168567996C.sfs
[2008/01/27 19:01:17 | 00,069,912 | ---- | M] () -- D:\Program Files\Spyware Doctor\quarantine\E83E5B39-973D-4AA7-9D52-37980DA7FDB5.sfs
[2007/10/19 20:49:20 | 00,069,912 | ---- | M] () -- D:\Program Files\Spyware Doctor\quarantine\EC048C78-C8D6-40BE-B674-AEE718005875.sfs
[2007/11/21 18:22:39 | 00,069,912 | ---- | M] () -- D:\Program Files\Spyware Doctor\quarantine\ED39573B-9B49-41F7-A148-2C78470AA389.sfs
[2007/12/09 20:13:31 | 00,102,680 | ---- | M] () -- D:\Program Files\Spyware Doctor\quarantine\F58346D2-99FC-4A71-B1AE-09059FC44B3C.sfs
[2007/11/21 18:22:39 | 00,135,448 | ---- | M] () -- D:\Program Files\Spyware Doctor\quarantine\F67D91B1-E3E6-4984-9488-3CEEA6A09515.sfs
[2007/12/25 20:00:07 | 00,069,912 | ---- | M] () -- D:\Program Files\Spyware Doctor\quarantine\F8958066-081D-494F-9272-C88E9A8E9DD0.sfs
[2008/01/23 10:16:36 | 00,002,160 | ---- | M] () -- D:\Program Files\Spyware Doctor\ugLng\ChineseSimp.lng
[2008/01/23 10:16:36 | 00,002,150 | ---- | M] () -- D:\Program Files\Spyware Doctor\ugLng\ChineseTrad.lng
[2008/01/23 10:16:36 | 00,003,404 | ---- | M] () -- D:\Program Files\Spyware Doctor\ugLng\Czech.lng
[2008/01/23 10:16:36 | 00,003,404 | ---- | M] () -- D:\Program Files\Spyware Doctor\ugLng\Danish.lng
[2008/01/23 10:16:36 | 00,004,022 | ---- | M] () -- D:\Program Files\Spyware Doctor\ugLng\Deutsch.lng
[2008/01/23 10:16:36 | 00,003,698 | ---- | M] () -- D:\Program Files\Spyware Doctor\ugLng\Dutch.lng
[2008/01/23 10:16:36 | 00,003,402 | ---- | M] () -- D:\Program Files\Spyware Doctor\ugLng\English.lng
[2008/01/23 10:16:38 | 00,003,402 | ---- | M] () -- D:\Program Files\Spyware Doctor\ugLng\EnglishBritish.lng
[2008/01/23 10:16:38 | 00,003,404 | ---- | M] () -- D:\Program Files\Spyware Doctor\ugLng\Finnish.lng
[2008/01/23 10:16:38 | 00,004,196 | ---- | M] () -- D:\Program Files\Spyware Doctor\ugLng\French.lng
[2008/01/23 10:16:38 | 00,003,404 | ---- | M] () -- D:\Program Files\Spyware Doctor\ugLng\Greek.lng
[2008/01/23 10:16:38 | 00,003,926 | ---- | M] () -- D:\Program Files\Spyware Doctor\ugLng\Italian.lng
[2008/01/23 10:16:38 | 00,002,654 | ---- | M] () -- D:\Program Files\Spyware Doctor\ugLng\Korean.lng
[2008/01/23 10:16:38 | 00,003,404 | ---- | M] () -- D:\Program Files\Spyware Doctor\ugLng\Norwegian.lng
[2008/01/23 10:16:38 | 00,003,794 | ---- | M] () -- D:\Program Files\Spyware Doctor\ugLng\Polski.lng
[2008/01/23 10:16:38 | 00,003,866 | ---- | M] () -- D:\Program Files\Spyware Doctor\ugLng\Portuguese.lng
[2008/01/23 10:16:38 | 00,003,766 | ---- | M] () -- D:\Program Files\Spyware Doctor\ugLng\PortugueseBrazilian.lng
[2008/01/23 10:16:38 | 00,003,694 | ---- | M] () -- D:\Program Files\Spyware Doctor\ugLng\Russian.lng
[2008/01/23 10:16:38 | 00,003,810 | ---- | M] () -- D:\Program Files\Spyware Doctor\ugLng\Spanish.lng
[2008/01/23 10:16:38 | 00,003,404 | ---- | M] () -- D:\Program Files\Spyware Doctor\ugLng\Swedish.lng
[2008/01/23 10:16:38 | 00,003,404 | ---- | M] () -- D:\Program Files\Spyware Doctor\ugLng\Thai.lng
[2008/01/23 10:16:38 | 00,003,404 | ---- | M] () -- D:\Program Files\Spyware Doctor\ugLng\Turkish.lng

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 116 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 112 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:44DAF2F1
< End of report >