Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Possible Rootkit

Started by amd300 , Feb 25 2010 08:50 AM

  • Please log in to reply

#1
amd300
Posted 25 February 2010 - 08:50 AM

amd300

    New Member

  • Member
  • Pip
  • 4 posts
My computer got infected with a bunch of scareware, and I think a rootkit is still lingering around.

MBAM Log:

Malwarebytes' Anti-Malware 1.39
Database version: 2522
Windows 5.1.2600 Service Pack 3

2/22/2010 9:48:29 PM
mbam-log-2010-02-22 (21-48-29).txt

Scan type: Full Scan (C:\|)
Objects scanned: 321322
Time elapsed: 2 hour(s), 27 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Program Files\Norton Internet Security\Engine\17.5.0.127\msl.dll (Adware.Agent) -> Delete on reboot.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files\norton internet security\Engine\17.5.0.127\msl.dll (Adware.Agent) -> Delete on reboot.


OTL Log

OTL logfile created on: 2/24/2010 7:16:03 PM - Run 1
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Documents and Settings\Ron Voog\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 62.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 40.86 Gb Free Space | 54.88% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RON-INDBLYXC08J
Current User Name: Ron Voog
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/02/24 19:15:29 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ron Voog\My Documents\Downloads\OTL.exe
PRC - [2010/02/24 19:12:19 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Ron Voog\My Documents\Downloads\gmer\gmer.exe
PRC - [2010/02/24 19:06:42 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/02/24 19:05:14 | 000,492,840 | ---- | M] (eBay) -- C:\Program Files\tbh\base\bin\tbhSystray.exe
PRC - [2010/02/24 19:05:12 | 000,062,760 | ---- | M] () -- c:\Program Files\tbh\base\bin\tbhDaemon.exe
PRC - [2009/10/22 13:57:44 | 000,070,952 | ---- | M] () -- C:\Program Files\tbh\monitor\bin\tbhMonitor.exe
PRC - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2008/10/22 06:54:28 | 001,310,720 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
PRC - [2008/04/13 18:12:41 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/03 18:28:08 | 001,392,640 | R--- | M] (PalmSource, Inc) -- C:\Program Files\Palm\Hotsync.exe
PRC - [2007/10/04 02:12:20 | 000,115,928 | ---- | M] () -- C:\Program Files\PdaReach\UsbMan.exe
PRC - [2007/10/04 02:12:10 | 000,218,328 | ---- | M] () -- C:\Program Files\PdaReach\PdaReach.exe
PRC - [2007/01/04 15:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/03/12 12:51:38 | 000,090,112 | ---- | M] (Palm, Inc.) -- C:\Program Files\Common Files\JFTech\PalmOneLiveConnect.exe
PRC - [2005/10/07 19:01:52 | 003,032,576 | ---- | M] () -- C:\Program Files\StorageSync\StrgSync.exe
PRC - [2004/11/10 21:15:32 | 000,111,816 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2004/10/14 13:42:54 | 001,404,928 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2000/06/26 06:44:20 | 000,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MsPMSPSv.exe
PRC - [1999/12/13 00:01:00 | 000,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTsvcCDA.EXE


========== Modules (SafeList) ==========

MOD - [2010/02/24 19:15:29 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ron Voog\My Documents\Downloads\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2009/10/22 13:57:44 | 000,070,952 | ---- | M] () [Auto | Running] -- C:\Program Files\tbh\monitor\bin\tbhMonitor.exe -- (tbhMonitor.exe)
SRV - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/03/23 19:40:23 | 000,183,280 | ---- | M] (Google) [Auto | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/03/17 12:12:20 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) [Disabled | Stopped] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/02/27 22:24:37 | 000,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9995c7e4bf85e) Google Update Service (gupdate1c9995c7e4bf85e)
SRV - [2009/01/19 17:02:20 | 000,038,296 | ---- | M] (Eastman Kodak Company) [Disabled | Stopped] -- C:\Program Files\Kodak\AiO\center\KodakSvc.exe -- (KodakSvc)
SRV - [2009/01/19 17:01:58 | 000,279,960 | ---- | M] (Eastman Kodak Company) [Disabled | Stopped] -- C:\Program Files\Kodak\AiO\Center\EKDiscovery.exe -- (Kodak AiO Network Discovery Service)
SRV - [2008/03/06 12:49:12 | 000,081,920 | R--- | M] (Orb Networks) [Disabled | Stopped] -- C:\Program Files\Kodak\Digital Display\OrbKodakLauncher\DllStartupService.exe -- (KodakDigitalDisplayService)
SRV - [2007/01/04 15:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/10/26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005/04/04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2000/06/26 06:44:20 | 000,053,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\MsPMSPSv.exe -- (WMDM PMSP Service)
SRV - [1999/12/13 00:01:00 | 000,044,032 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\WINDOWS\system32\CTsvcCDA.EXE -- (Creative Service for CDROM Access)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.startup.homepage: "http://www.foxnews.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.16601.2
FF - prefs.js..keyword.URL: "http://slirsredirect...ir=2706&query="

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/24 19:06:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/24 19:06:49 | 000,000,000 | ---D | M]

[2009/01/08 12:25:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ron Voog\Application Data\Mozilla\Extensions
[2010/02/24 19:07:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ron Voog\Application Data\Mozilla\Firefox\Profiles\8xi6i0o8.default\extensions
[2010/02/24 19:07:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ron Voog\Application Data\Mozilla\Firefox\Profiles\8xi6i0o8.default\extensions\[email protected]
[2010/02/23 09:42:23 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/05/27 16:35:23 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

O1 HOSTS File: ([2008/08/06 08:01:58 | 000,000,781 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-C7D7-6BAD84E32FCB} - No CLSID value found.
O4 - HKLM..\Run: [Conime] C:\WINDOWS\system32\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [StrgSync.exe] C:\Program Files\StorageSync\StrgSync.exe ()
O4 - HKLM..\Run: [tbhSystray] C:\Program Files\tbh\base\bin\tbhSystray.exe (eBay)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKCU..\Run: [Aim6] C:\Program Files\AIM6\aim6.exe (AOL LLC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe (PalmSource, Inc)
O4 - Startup: C:\Documents and Settings\Ron Voog\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Ron Voog\Start Menu\Programs\Startup\palmOne Registration.lnk = C:\Program Files\Palm\register.exe File not found
O4 - Startup: C:\Documents and Settings\Ron Voog\Start Menu\Programs\Startup\PdaReach Desktop.lnk = C:\Program Files\PdaReach\PdaReach.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThemesTab = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoColorChoice = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSizeChoice = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVisualStyleChoice = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase5483.cab (Windows Live Safety Center Base Module)
O16 - DPF: {63F5866B-A7C5-40B4-9A89-0CCA99726C8D} https://secure.logme...eDownloader.cab (LogMeIn Rescue Applet Downloader)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} https://ediagnostics....com/serval.cab (Lexmark eDiagnostics Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Ron Voog\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Ron Voog\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/03 16:27:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/08/03 21:58:38 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16891891626803200)

========== Files/Folders - Created Within 14 Days ==========

[2010/02/24 19:11:34 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/02/24 17:03:59 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Ron Voog\Recent
[2010/02/24 00:43:53 | 000,000,000 | --SD | C] -- C:\comfix29111c
[2010/02/24 00:33:51 | 000,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2010/02/24 00:27:30 | 000,000,000 | --SD | C] -- C:\comfix
[2010/02/23 09:33:17 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/02/23 01:41:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/02/23 01:40:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ron Voog\Application Data\SUPERAntiSpyware.com
[2010/02/23 01:40:41 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/02/23 01:39:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/02/21 20:40:40 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/02/21 20:40:40 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/02/21 20:40:40 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/02/21 20:40:40 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/02/21 20:40:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/02/21 20:39:36 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/02/18 16:43:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync
[2010/02/18 16:42:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/02/18 14:54:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/02/18 14:22:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ron Voog\Local Settings\Application Data\Microsoft Help
[2010/02/15 22:00:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/02/13 20:59:19 | 000,000,000 | ---D | C] -- C:\Program Files\tbh
[2010/02/13 20:58:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2010/01/19 12:23:52 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/01/19 12:22:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\IsolatedStorage
[2009/09/10 11:58:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/09/10 11:58:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Google
[2009/08/07 11:25:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2009/07/31 21:57:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/07/27 15:57:59 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/07/18 18:07:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2009/03/17 12:36:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2008/12/10 19:01:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Eastman Kodak Company
[2008/09/30 15:51:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Help
[2008/08/16 16:59:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2008/08/09 17:04:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\X10 Commander
[2008/08/09 17:04:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2008/08/09 17:04:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Help
[2008/08/08 06:58:13 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[13 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/02/24 19:11:37 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Ron Voog\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/02/24 19:11:34 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Ron Voog\Desktop\NTREGOPT.lnk
[2010/02/24 19:11:34 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Ron Voog\Desktop\ERUNT.lnk
[2010/02/24 19:05:21 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/02/24 19:05:14 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/24 19:05:03 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/24 19:05:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/24 19:04:03 | 009,961,472 | ---- | M] () -- C:\Documents and Settings\Ron Voog\NTUSER.DAT
[2010/02/24 19:04:03 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Ron Voog\ntuser.ini
[2010/02/24 18:48:11 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/24 17:00:27 | 000,004,260 | ---- | M] () -- C:\cc_20100224_170025.reg
[2010/02/24 17:00:16 | 000,378,164 | ---- | M] () -- C:\cc_20100224_170006.reg
[2010/02/24 16:58:15 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\Ron Voog\Desktop\HiJackThis.lnk
[2010/02/24 00:23:12 | 003,870,269 | R--- | M] () -- C:\Documents and Settings\Ron Voog\Desktop\comfix.exe
[2010/02/24 00:20:06 | 000,002,444 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/24 00:12:08 | 002,116,464 | -H-- | M] () -- C:\Documents and Settings\Ron Voog\Local Settings\Application Data\IconCache.db
[2010/02/23 01:40:52 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/02/22 12:51:00 | 000,000,362 | ---- | M] () -- C:\WINDOWS\tasks\Kodak AiO Scheduled Maintenance.job
[2010/02/19 08:15:28 | 000,101,696 | ---- | M] () -- C:\Documents and Settings\Ron Voog\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/02/19 08:11:15 | 000,351,384 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/02/18 16:52:28 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/02/18 16:45:25 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/02/18 15:50:37 | 000,465,072 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/02/18 15:50:37 | 000,078,958 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/02/18 15:50:36 | 000,551,782 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/02/18 14:48:58 | 000,000,740 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/02/18 13:50:09 | 000,002,519 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Jasc Paint Shop Pro 8.lnk
[2010/02/17 12:49:01 | 000,000,442 | ---- | M] () -- C:\WINDOWS\tasks\EasyShare Registration Task.job
[2010/02/17 09:20:52 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\Ron Voog\My Documents\Vera Expense's.xls
[2010/02/15 13:36:54 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Ron Voog\My Documents\Alan.doc
[2010/02/14 12:28:59 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\Ron Voog\My Documents\2010 Drug Expense.xls
[2010/02/12 10:09:45 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\Ron Voog\My Documents\2010 SVG'S.xls
[2010/02/11 10:42:49 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\Ron Voog\My Documents\As one reviews the map and its statics it.doc
[13 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/24 19:11:37 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Ron Voog\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/02/24 19:11:34 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Ron Voog\Desktop\NTREGOPT.lnk
[2010/02/24 19:11:34 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Ron Voog\Desktop\ERUNT.lnk
[2010/02/24 17:00:26 | 000,004,260 | ---- | C] () -- C:\cc_20100224_170025.reg
[2010/02/24 17:00:13 | 000,378,164 | ---- | C] () -- C:\cc_20100224_170006.reg
[2010/02/24 00:33:51 | 000,002,447 | ---- | C] () -- C:\Documents and Settings\Ron Voog\Desktop\HiJackThis.lnk
[2010/02/23 01:40:52 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/02/21 20:40:40 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/02/21 20:40:40 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/02/21 20:40:40 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/02/21 20:40:40 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/02/21 20:40:40 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/02/21 20:39:06 | 003,870,269 | R--- | C] () -- C:\Documents and Settings\Ron Voog\Desktop\comfix.exe
[2010/02/13 13:58:01 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\Ron Voog\My Documents\Alan.doc
[2010/02/11 10:42:49 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\Ron Voog\My Documents\As one reviews the map and its statics it.doc
[2010/01/19 21:39:08 | 000,161,384 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/04/30 07:29:41 | 000,000,365 | ---- | C] () -- C:\WINDOWS\AIM.INI
[2009/03/20 15:24:01 | 000,001,571 | ---- | C] () -- C:\WINDOWS\Faxcpp1.ini
[2009/03/20 15:24:01 | 000,000,422 | ---- | C] () -- C:\WINDOWS\Faxcpp.ini
[2009/03/20 15:23:46 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\Twscan32.dll
[2009/03/20 15:23:45 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\Image32.dll
[2009/03/20 15:23:45 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\Png32.dll
[2009/03/20 15:23:45 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[2009/03/20 15:23:45 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Tga32.dll
[2009/03/20 15:23:45 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Pcx32.dll
[2009/02/26 14:35:00 | 000,000,177 | ---- | C] () -- C:\Documents and Settings\Ron Voog\Local Settings\Application Data\LaunchHomeCenter.log
[2009/02/26 14:30:50 | 000,012,800 | ---- | C] () -- C:\WINDOWS\System32\EKDeviceServices.dll
[2009/02/26 12:50:05 | 001,247,956 | ---- | C] () -- C:\Documents and Settings\Ron Voog\Local Settings\Application Data\installer.log
[2009/01/12 18:18:15 | 000,000,048 | ---- | C] () -- C:\WINDOWS\FileNamesinQueue.ini
[2009/01/06 11:54:06 | 000,000,094 | ---- | C] () -- C:\WINDOWS\family.ini
[2009/01/05 16:32:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2008/08/08 11:12:52 | 017,681,920 | ---- | C] () -- C:\Program Files\CJXP85LE.exe
[2008/08/08 06:58:59 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2008/08/08 06:58:16 | 000,002,158 | ---- | C] () -- C:\WINDOWS\System32\P16X.ini
[2008/08/08 06:58:16 | 000,000,026 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2008/08/08 06:58:13 | 000,047,616 | ---- | C] () -- C:\WINDOWS\System32\P16X.dll
[2008/08/08 06:58:10 | 000,002,572 | ---- | C] () -- C:\WINDOWS\MIXDEF.INI
[2008/08/08 06:58:08 | 000,000,064 | ---- | C] () -- C:\WINDOWS\P16x.ini
[2008/08/08 06:56:33 | 000,000,245 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2008/08/08 06:26:54 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/08/07 19:06:43 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/08/06 10:02:23 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2008/08/04 20:39:58 | 000,018,944 | ---- | C] () -- C:\Documents and Settings\Ron Voog\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/08/04 14:12:28 | 000,000,431 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2008/08/04 12:05:48 | 000,000,082 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2008/08/03 20:26:32 | 000,000,097 | ---- | C] () -- C:\WINDOWS\lotus.ini
[2008/08/03 20:25:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\winhelp.ini
[2008/08/03 18:25:23 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Ron Voog\Application Data\PFP120JPR.{PB
[2008/08/03 18:25:23 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Ron Voog\Application Data\PFP120JCM.{PB
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/09/18 17:40:16 | 000,000,643 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[1995/09/25 19:23:00 | 000,014,928 | ---- | C] () -- C:\WINDOWS\System32\wingen.drv
[1994/04/07 19:23:00 | 000,000,462 | ---- | C] () -- C:\WINDOWS\lodbf09.ini

========== LOP Check ==========

[2009/06/30 11:02:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AB
[2009/03/22 20:06:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2008/12/24 14:46:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Eastman Kodak Company
[2010/01/24 21:40:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileCure
[2009/01/13 09:56:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2008/12/11 11:34:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kds_kodak
[2008/08/14 11:53:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\KEDDS
[2008/08/09 17:00:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MipKukSoft
[2009/05/27 16:35:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
[2008/08/09 17:00:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2008/12/10 20:25:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nova Development
[2008/08/09 17:00:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OLYMPUS
[2008/08/14 11:41:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OrbNetworks
[2008/08/08 08:19:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/03/10 15:01:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Transparent
[2009/05/09 07:41:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/08/09 16:56:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{A695AD8D-651B-4C8A-91DF-51F853449A57}
[2010/01/08 10:48:17 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Ron Voog\Application Data\.#
[2008/08/07 11:55:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ron Voog\Application Data\acccore
[2008/10/06 17:08:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ron Voog\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/05/27 16:34:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ron Voog\Application Data\GameHouse
[2009/01/13 09:34:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ron Voog\Application Data\HotSync
[2009/01/12 18:24:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ron Voog\Application Data\Leadertech
[2008/08/04 12:05:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ron Voog\Application Data\MyFamily.com
[2008/12/10 20:26:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ron Voog\Application Data\SierraHome
[2008/08/07 12:36:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ron Voog\Application Data\Skinux
[2010/02/18 09:21:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ron Voog\Application Data\Temp
[2009/01/16 08:24:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ron Voog\Application Data\Viewpoint
[2008/08/06 12:28:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ron Voog\Application Data\Windows Desktop Search
[2009/03/11 10:28:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ron Voog\Application Data\Windows Search
[2010/02/17 12:49:01 | 000,000,442 | ---- | M] () -- C:\WINDOWS\Tasks\EasyShare Registration Task.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2008/08/08 11:11:49 | 017,681,920 | ---- | M] () -- C:\CJXP85LE.exe


< MD5 for: AGP440.SYS >
[2004/10/08 06:55:52 | 022,245,337 | ---- | M] () .cab file -- C:\StorageSync\Drive_C\WINDOWS\Driver Cache\I386\sp2.cab:AGP440.sys
[2004/10/08 06:55:52 | 022,245,337 | ---- | M] () .cab file -- C:\StorageSync\Drive_C\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2004/08/12 08:06:15 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/08/06 08:19:27 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/08/06 08:19:27 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 12:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 12:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\StorageSync\Drive_C\WINDOWS\ServicePackFiles\i386\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\StorageSync\Drive_C\WINDOWS\SYSTEM32\DRIVERS\agp440.sys
[2004/08/12 08:06:15 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2004/08/12 08:06:15 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2002/08/29 04:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\StorageSync\Drive_C\WINDOWS\Driver Cache\I386\sp1.cab:atapi.sys
[2004/10/08 06:55:52 | 022,245,337 | ---- | M] () .cab file -- C:\StorageSync\Drive_C\WINDOWS\Driver Cache\I386\sp2.cab:atapi.sys
[2004/10/08 06:55:52 | 022,245,337 | ---- | M] () .cab file -- C:\StorageSync\Drive_C\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2004/08/12 08:06:15 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/08/06 08:19:27 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/08/06 08:19:27 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2002/08/29 00:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\StorageSync\Drive_C\WINDOWS\SYSTEM32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
[2002/08/29 00:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\StorageSync\Drive_C\WINDOWS\SYSTEM32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\StorageSync\Drive_C\WINDOWS\ServicePackFiles\i386\atapi.sys
[2004/08/03 22:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\StorageSync\Drive_C\WINDOWS\SYSTEM32\DRIVERS\atapi.sys
[2004/08/12 07:55:51 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 18:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 18:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 00:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\StorageSync\Drive_C\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2004/08/04 00:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\StorageSync\Drive_C\WINDOWS\SYSTEM32\eventlog.dll
[2004/08/12 07:57:17 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2004/08/12 08:11:50 | 000,467,200 | ---- | M] (Intel Corporation) MD5=F26BFD48B1C314E0F23BF77ACFA75940 -- C:\WINDOWS\dell\iastor\iastor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 18:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 18:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 00:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\StorageSync\Drive_C\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2004/08/04 00:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\StorageSync\Drive_C\WINDOWS\SYSTEM32\netlogon.dll
[2004/08/12 08:02:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 00:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\StorageSync\Drive_C\WINDOWS\ServicePackFiles\i386\scecli.dll
[2004/08/04 00:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\StorageSync\Drive_C\WINDOWS\SYSTEM32\scecli.dll
[2004/08/12 08:04:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 18:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 18:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2010/01/05 04:00:20 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2010/01/05 04:00:21 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/08/03 14:52:21 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/08/03 21:45:09 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav
[2008/08/03 14:52:21 | 010,485,760 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/08/03 14:52:21 | 003,145,728 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< End of report >


GMER Log


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-25 08:49:08
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\RONVOO~1\LOCALS~1\Temp\kgaiifoc.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@LoadAppInit_DLLs 1

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\MR752WMY\$INX_intraday[1].gif 1047 bytes
File C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\MR752WMY\01456121[1].htm 357 bytes
File C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\MR752WMY\015[1].jpg 0 bytes
File C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\MR752WMY\01[1].htm 0 bytes
File C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\MR752WMY\03[1].jpg 0 bytes
File C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\MR752WMY\041507_iraq1[1].jpg 0 bytes
File C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\MR752WMY\041607_19481[1].jpg 0 bytes
File C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\MR752WMY\041607_shooting6[1].jpg 0 bytes
File C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\MR752WMY\041607_VATechShooting2[1].jpg 0 bytes
File C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\MR752WMY\35KCAJQB6Q7CAO0O1QOCAXKMJLICAK5A7U1CAKY9XI4CA2AD9X8CASD6IVCCAYZZ462CAPHLV8NCA6B2TFQCAK1LKM2CAXDLZH9CAB2FEOICAA0AT0D
CA31MYHMCA1NJ1N4CAGWAZQTCAM2FKFBCA65JQBCCA7BIS4S 0 bytes
File C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\MR752WMY\393CAKP4N0CCAPU0HBBCA4DXDB4CAOKTOVBCA7ZWCPCCA3HWA15CANCO3Y8CAQ295WHCA3Q4FJ3CAPS00VOCACFUPWACAW3I3Q8CAXE6WT7CAQI56H1
CAC3TRBCCACYFCLMCAQP5CJECAM1T0NFCALFZRWSCA2QJE3N 0 bytes
File C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\MR752WMY\3DRCA3TBIQYCAMHHDAUCA7VHUT3CAIYBAJWCA9QQ69SCAKGGZKGCAJ26M5ECAOEXEPICAGNI3XHCAITDVS0CAEHXREBCASG03ZECAKD1X1UCATHEM74
CAS22QHOCAW0LSM8CA3ZK0BPCABMVHCNCAMPD5VECAZFDRPH 0 bytes
File C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\MR752WMY\;fnc=ad;pop=on;sz=728x90;ord=2398410[1] 0 bytes
File C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\MR752WMY\;pid=16724355;aid=97369197;ko=0;cid=20733418;rid=20751311;rv=1;&timestamp=1176748152046;eid1=2;ecn1=0;etm1=70;eid3=1058;ecn3=0;etm3=70;eid4=12;ecn4=0;etm4=70;[1].gi 0 bytes
File C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\MR752WMY\;pid=16724355;aid=97369197;ko=0;cid=20789933;rid=20807826;rv=1;&timestamp=1176906333921;eid1=2;ecn1=0;etm1=10;eid3=1058;ecn3=0;etm3=10;eid4=12;ecn4=0;etm4=10;[1].gi 0 bytes
File C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\MR752WMY\=1 0 bytes
File C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\MR752WMY\@Classified[1].htm 0 bytes
File C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\MR752WMY\A0UCAS597L4CAKFV7FSCATXF2U6CA2VRINUCAXNKJMQCAITHIJ7CAGIINX7CABY6UE9CA5G26DLCAQ7VCANCA9QE8SZCAW57MGZCATLIK5VCA4KXOPX
CAZ15I6JCACQ7EULCAAW1ME0CAN69FYZCAZWUPVCCANX0T1M 0 bytes
File C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\MR752WMY\7JBCARYE51MCAZ4ERP0CAWL5AFXCANF8927CAJCEW33CASH841RCAAZRS3SCASV7X6QCA73K759CAHCNT9ACA92CWGNCAWRFXURCA2LE5IJCA8NWUNE
CAR21QO1CAYILVKJCAXE6ERACAGXKCPWCA936C8MCAE4AZJJ 0 bytes
File C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\MR752WMY\7OTCA1EZ3UBCADFNYKYCAGP6UPKCAXSX1NACAY7JD5OCAJ122XDCA8HM77CCAFJXG7ZCAIXGAZ3CAKJ7R5PCA3D8A6NCAH7OPZCCA6FIKNCCABU0CG2
CA7YQD1OCAS7G558CAGTG9T1CAV8P228CAREICP1CA61C3HK 0 bytes
File C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\MR752WMY\7SSale[1].gif 0 bytes
File C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\MR752WMY\7UFCA4WF22CCAKJWRMKCA6U0ECCCAG2QAZCCA5N7L2QCAV749ZECAC22BZXCAXPWRVICAQ4LXE0CABFWB1UCAX2TOHQCA8OKFXJCAWW6KZYCALHR7L0
CAN7RJETCAQ065F0CAG73979CAVI4L6KCAHPXLPRCATZ8UJK 0 bytes
File C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\MR752WMY\805[1].gif 0 bytes
File C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\OTUD8NCH\.root;comp=;s1=;s2=;pos=twinright;url=;fnc=ad;segs=e05510_10218;segs=e05510_10152;segs=e05510_10176;segs=e05510_101
81;segs=e05510_10178;sz=125x125;tile=5;ord=245513 264 bytes
File C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\OTUD8NCH\.root;comp=;s1=;s2=;pos=twinright;url=;fnc=ad;segs=e05510_10218;segs=e05510_10179;segs=e05510_10152;segs=e05510_101
76;segs=e05510_10181;sz=125x125;tile=5;ord=014009 257 bytes
File C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\OTUD8NCH\.root;comp=;s1=;s2=;pos=twinright;url=;fnc=ad;segs=e05510_10218;segs=e05510_10179;segs=e05510_10152;segs=e05510_101
76;segs=e05510_10181;sz=125x125;tile=5;ord=075489 257 bytes
File C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\OTUD8NCH\.root;comp=;s1=;s2=;pos=twinright;url=;fnc=ad;segs=e05510_10218;segs=e05510_10179;segs=e05510_10152;segs=e05510_101
76;segs=e05510_10181;sz=125x125;tile=5;ord=110770 257 bytes
File C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\OTUD8NCH\.root;comp=;s1=;s2=;pos=twinright;url=;fnc=ad;segs=e05510_10218;segs=e05510_10179;segs=e05510_10152;segs=e05510_101
76;segs=e05510_10181;sz=125x125;tile=5;ord=493176 251 bytes
File C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\OTUD8NCH\.root;comp=;s1=;s2=;pos=twinright;url=;fnc=ad;segs=e05510_10218;segs=e05510_10179;segs=e05510_10152;segs=e05510_101
76;segs=e05510_10181;sz=125x125;tile=5;ord=737687 257 bytes
File C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\OTUD8NCH\.root;comp=;s1=;s2=;pos=twinright;url=;fnc=ad;segs=e05510_10218;segs=e05510_10179;segs=e05510_10152;segs=e05510_101
76;segs=e05510_10181;sz=125x125;tile=5;ord=786314 257 bytes
File C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\OTUD8NCH\.root;comp=;s1=;s2=;pos=twinright;url=;fnc=ad;segs=e05510_10218;segs=e05510_10179;segs=e05510_10152;segs=e05510_101
76;segs=e05510_10181;sz=125x125;tile=5;ord=876763 257 bytes
File C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\OTUD8NCH\.root;dcopt=ist;comp=;s1=;s2=;pos=top;url=;fnc=ad;segs=e05510_10218;segs=e05510_10152;segs=e05510_10181;segs=e05510
_10178;segs=e05510_29;sz=728x90;tile=1;ord=334944 450 bytes
File C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\OTUD8NCH\.root;dcopt=ist;comp=;s1=;s2=;pos=top;url=;fnc=ad;segs=e05510_10218;segs=e05510_10152;segs=e05510_10181;segs=e05510
_10178;segs=e05510_29;sz=728x90;tile=1;ord=602525 436 bytes
File C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\OTUD8NCH\.root;dcopt=ist;comp=;s1=;s2=;pos=top;url=;fnc=ad;segs=e05510_10218;segs=e05510_10152;segs=e05510_10181;segs=e05510
_10178;segs=e05510_29;sz=728x90;tile=1;ord=625777 436 bytes
File C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\OTUD8NCH\.root;dcopt=ist;comp=;s1=;s2=;pos=top;url=;fnc=ad;segs=e05510_10218;segs=e05510_10152;segs=e05510_10181;segs=e05510
_10178;segs=e05510_29;sz=728x90;tile=1;ord=982636 631 bytes
File C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\OTUD8NCH\.root;comp=;s1=;s2=;pos=twinright;url=;fnc=ad;segs=e05510_10218;segs=e05510_10179;segs=e05510_10152;segs=e05510_101
76;segs=e05510_10181;sz=125x125;tile=5;ord=195713 257 bytes
File C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\OTUD8NCH\.root;comp=;s1=;s2=;pos=twinright;url=;fnc=ad;segs=e05510_10218;segs=e05510_10179;segs=e05510_10152;segs=e05510_101
76;segs=e05510_10181;sz=125x125;tile=5;ord=913992 257 bytes
File C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\Q1GV29Q1\.root;comp=54906907;s1=;s2=;pos=left;url=;fnc=ad;segs=e05510_10218;segs=e05510_10152;segs=e05510_10047;segs=e05510_
10085;segs=e05510_29;sz=125x125;tile=2;ord=899857 258 bytes
File C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\Q1GV29Q1\.root;dcopt=ist;comp=;s1=;s2=;pos=top;url=;fnc=ad;segs=e05510_10218;segs=e05510_10152;segs=e05510_10047;segs=e05510
_10085;segs=e05510_29;sz=728x90;tile=1;ord=046441 252 bytes
File C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\Q1GV29Q1\.root;dcopt=ist;comp=;s1=;s2=;pos=top;url=;fnc=ad;segs=e05510_10218;segs=e05510_10152;segs=e05510_10047;segs=e05510
_10085;segs=e05510_29;sz=728x90;tile=1;ord=740063 441 bytes
File C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\Q1GV29Q1\.root;dcopt=ist;comp=;s1=;s2=;pos=top;url=;fnc=ad;segs=e05510_10218;segs=e05510_10152;segs=e05510_10047;segs=e05510
_10085;segs=e05510_29;sz=728x90;tile=1;ord=922345 1360 bytes
File C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\Q1GV29Q1\0,4344,20,00[1].js 1683 bytes
File C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\Q1GV29Q1\0,4855,3,00[1].htm 2225 bytes
File C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\Q1GV29Q1\01&10190[1].html 420 bytes
File C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\Q1GV29Q1\01&19793[1].htm 6355 bytes
File C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\Q1GV29Q1\01&31128[1].html 6372 bytes
File C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\Q1GV29Q1\01&9081[1].html 0 bytes
File C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\Q1GV29Q1\01[1].html 0 bytes
File C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\Q1GV29Q1\02466494000[1] 0 bytes
File C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\Q1GV29Q1\030726419X.01._PE40_OU01_SCTHUMBZZZ_V65791194_[1].jpg 0 bytes
File C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\Q1GV29Q1\0345438671.01._PIsitb-st-arrow,TopLeft,-1,-14_OU01_SCTHUMBZZZ_[1].jpg 0 bytes
File C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\Q1GV29Q1\039_5x5[1].gif 0 bytes
File C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\Q1GV29Q1\03[1].gif 0 bytes
File C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\Q1GV29Q1\.root;dcopt=ist;comp=;s1=;s2=;pos=top;url=;fnc=ad;segs=e05510_10218;segs=e05510_10152;segs=e05510_10085;segs=e05510
_10135;segs=e05510_29;sz=728x90;tile=1;ord=150033 0 bytes
File C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\Q1GV29Q1\0_51_mt_hood_90[1].jpg 0 bytes
File C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\Q1GV29Q1\1561586102.01._PIsitb-dp-500-arrow,TopRight,45,-64_OU01_SCLZZZZZZZ_SS130_SL130_[1].jpg 0 bytes
File C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\Q1GV29Q1\32363736353566613433633636356530[1].htm 4128 bytes
File C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\RR5DT1LY\.root;comp=;s1=;s2=;pos=twinright;url=;fnc=ad;segs=e05510_10218;segs=e05510_10179;segs=e05510_10152;segs=e05510_101
76;segs=e05510_10181;sz=125x125;tile=5;ord=455528 257 bytes
File C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\RR5DT1LY\.root;comp=;s1=;s2=;pos=twinright;url=;fnc=ad;segs=e05510_10179;segs=e05510_10152;segs=e05510_10176;segs=e05510_101
81;segs=e05510_10178;sz=125x125;tile=5;ord=051355 264 bytes
File C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\RR5DT1LY\.root;comp=;s1=;s2=;pos=twinright;url=;fnc=ad;segs=e05510_10179;segs=e05510_10152;segs=e05510_10176;segs=e05510_101
81;segs=e05510_10178;sz=125x125;tile=5;ord=051822 264 bytes
File C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\RR5DT1LY\.root;comp=;s1=;s2=;pos=twinright;url=;fnc=ad;segs=e05510_10179;segs=e05510_10152;segs=e05510_10176;segs=e05510_101
81;segs=e05510_10178;sz=125x125;tile=5;ord=534463 257 bytes
File C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\RR5DT1LY\.root;comp=;s1=;s2=;pos=twinright;url=;fnc=ad;segs=e05510_10179;segs=e05510_10152;segs=e05510_10176;segs=e05510_101
81;segs=e05510_10178;sz=125x125;tile=5;ord=645532 258 bytes
File C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\RR5DT1LY\.root;comp=;s1=;s2=;pos=twinright;url=;fnc=ad;segs=e05510_10218;segs=e05510_10179;segs=e05510_10152;segs=e05510_101
76;segs=e05510_10181;sz=125x125;tile=5;ord=559106 257 bytes
File C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\RR5DT1LY\.root;comp=;s1=;s2=;pos=twinright;url=;fnc=ad;segs=e05510_10218;segs=e05510_10179;segs=e05510_10152;segs=e05510_101
76;segs=e05510_10181;sz=125x125;tile=5;ord=641542 257 bytes
File C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\RR5DT1LY\.root;comp=;s1=;s2=;pos=twinright;url=;fnc=ad;segs=e05510_10218;segs=e05510_10179;segs=e05510_10152;segs=e05510_101
76;segs=e05510_10181;sz=125x125;tile=5;ord=665905 257 bytes
File C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\RR5DT1LY\.root;comp=;s1=;s2=;pos=twinright;url=;fnc=ad;segs=e05510_10218;segs=e05510_10179;segs=e05510_10152;segs=e05510_101
76;segs=e05510_10181;sz=125x125;tile=5;ord=921741 257 bytes
File C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\RSGOP9J6\$INX_intraday[1].gif 952 bytes
File C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\RSGOP9J6\.root;comp=51020683;s1=;s2=;pos=left;url=;fnc=ad;segs=e05510_10218;segs=e05510_10152;segs=e05510_10178;segs=e05510_
10047;segs=e05510_29;sz=125x125;tile=2;ord=635260 258 bytes
File C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\RSGOP9J6\0,4644,1307,00[1].htm 38447 bytes
File C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\RSGOP9J6\0,4855,72,00[1].htm 0 bytes
File C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\RSGOP9J6\0,4855,72,00[2].htm 2454 bytes
File C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\RSGOP9J6\0,4913,2,00[1].htm 837 bytes
File C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\RSGOP9J6\0,4913,4,00[1].htm 0 bytes
File C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\RSGOP9J6\0,4913,4,00[2].htm 8370 bytes
File C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\RSGOP9J6\00000_86_swa_a_0000[1].gif 99 bytes
File C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\RSGOP9J6\01&19474[1].html 6095 bytes
File C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\RSGOP9J6\01&22404[1].html 427 bytes
File C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\RSGOP9J6\0375505091.01._PE40_OU01_SCTZZZZZZZ_V61155474_[1].jpg 0 bytes
File C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\RSGOP9J6\110406_iraq_carbomb[1].jpeg 0 bytes
File C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\RSGOP9J6\1220061443_M_122006_snow6[1].jpg 0 bytes
File C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\RSGOP9J6\1592_l[1].jpg 0 bytes
File C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\RSGOP9J6\1_13_b[1].gif 0 bytes
File C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\RSGOP9J6\20116Red[1].jpg 0 bytes
File C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\RSGOP9J6\2800605974418080_0[1].jpg 0 bytes
File C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\RSGOP9J6\485226472405_0_SM[1].jpeg 0 bytes
File C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\RSGOP9J6\0_51_121306_flying[1].jpg 0 bytes
File C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\RSGOP9J6\0_51_411_hargitay_mariska[1].jpg 0 bytes
File C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\RSGOP9J6\0_51_video_cam_canon_hv10[1].jpg 0 bytes
File C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\RSGOP9J6\1%3B%3B~sscs%3D%3f;ord=7423755[1].htm 0 bytes
File C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\RSGOP9J6\101[1].gif 0 bytes
File C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\RSGOP9J6\105[1].gif 0 bytes
File C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\RSGOP9J6\105[2].gif 0 bytes
File C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\RSGOP9J6\01&25725[1].html 0 bytes
File C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\RSGOP9J6\01&26489[1].htm 0 bytes
File C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\RSGOP9J6\01&28277[1].htm 0 bytes
File C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\RSGOP9J6\01&28444[1].html 0 bytes
File C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\RSGOP9J6\01[1].htm 0 bytes
File C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\RSGOP9J6\024C2025000[1] 0 bytes
File C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\RSGOP9J6\0310205719[1].jpg 0 bytes
File C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\RSGOP9J6\0345475690.01._PIsitb-st-arrow,TopLeft,-1,-14_OU01_SCTHUMBZZZ_[1].jpg 0 bytes

---- EOF - GMER 1.0.15 ----
  • 0

Advertisements

#2
amd300
Posted 25 February 2010 - 06:22 PM

amd300

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Sorry for the triple posts, browse was stuck on refresh when I hooked it back up to the web.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP