Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Need Help Removing Win32/Alureon.G [Solved]

Started by K1500 , Mar 31 2010 10:49 AM

  • This topic is locked This topic is locked

#1
K1500
Posted 31 March 2010 - 10:49 AM

K1500

    Member

  • Member
  • PipPip
  • 68 posts
Yesterday afternoon I became infected with the apparently new Alureon.G trojan (iaStor.sys being the infected file) and neither MalwareBytes nor Microsoft Securty Essentials can remove it. At this point I cannot get on the Internet using my computer with Windows XP Media Center Edition SP3. What steps should I take to remove the trojan? Right now I'm at school, but I was hoping I could get a headstart on what programs I need to get and the first steps I need to perform. Thanks a lot!
  • 0

Advertisements

#2
hammerman
Posted 31 March 2010 - 12:35 PM

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hello K1500 and welcome to GeeksToGo :)
I'm hammerman and I'm going to help you fix your problem.

Before we begin, here are some guidelines which will help us both in fixing your problem.
  • Malware removal is not instantaneous and will take a number of steps to complete. Please continue to carry out the steps requested until I let you know that your computer appears clean.
  • Please do no attach logs or post them in Quote/Code boxes unless requested.
  • I suggest you print or save any instructions I give you for easy reference. We may be using Safe mode and you will not always be able to access this thread. You can copy and paste these instructions into Notepad and then save the text file to your Desktop. If you need any help with this or further clarification, please let me know.
  • When posting logs, please ensure Word Wrap is turned off in Notepad. Open Notepad, select Format on the menu bar and make sure that Word Wrap is unchecked.
  • Please follow the steps exactly in the same order posted. If you can't perform a certain step, or you're unsure on what to do, please stop and let me know.
  • If in doubt about anything, please ask.
Please follow these steps.

-- Step 1 --
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Custom Scan box paste this in

    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    CREATERESTOREPOINT

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
-- Step 2 --

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked. UNCHECK the following boxes
    • Sections
    • IAT/EAT
    • Drives/Partition other than System drive (typically C:\)
    • Show all (important)
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.
Post the contents of GMER.txt in your next reply.
  • 0

#3
K1500
Posted 31 March 2010 - 06:48 PM

K1500

    Member

  • Topic Starter
  • Member
  • PipPip
  • 68 posts
Well, I was trying to wait for GMER to finish, but it's taking a long time so I figured I'd go ahead and post the results from OTL. Here's the data from OTL.txt:

OTL logfile created on: 3/31/2010 4:32:51 PM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Graham\Desktop\Alureon.G
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 79.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.37 Gb Total Space | 13.96 Gb Free Space | 20.12% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 465.76 Gb Total Space | 435.18 Gb Free Space | 93.44% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: XPS400
Current User Name: Graham
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Graham\Desktop\Alureon.G\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
PRC - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe (Raxco Software, Inc.)
PRC - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe (Raxco Software, Inc.)
PRC - C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\snmp.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
PRC - C:\WINDOWS\system32\tcpsvcs.exe (Microsoft Corporation)
PRC - C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
PRC - C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Graham\Desktop\Alureon.G\OTL.exe (OldTimer Tools)


========== Win32 Services (SafeList) ==========

SRV - (WUSB54GCSVC) -- File not found
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (PDAgent) -- C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe (Raxco Software, Inc.)
SRV - (PDEngine) -- C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe (Raxco Software, Inc.)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (SQLWriter) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (SNMP) -- C:\WINDOWS\system32\snmp.exe (Microsoft Corporation)
SRV - (W3SVC) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (SMTPSVC) Simple Mail Transfer Protocol (SMTP) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (MSFtpsvc) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (IISADMIN) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (p2pgasvc) -- C:\WINDOWS\system32\p2pgasvc.dll (Microsoft Corporation)
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (Roxio UPnP Renderer 9) -- C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe (Sonic Solutions)
SRV - (Roxio Upnp Server 9) -- C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe (Sonic Solutions)
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (AOL LLC)
SRV - (IAANTMon) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (SimpTcp) -- C:\WINDOWS\system32\tcpsvcs.exe (Microsoft Corporation)
SRV - (LPDSVC) -- C:\WINDOWS\system32\tcpsvcs.exe (Microsoft Corporation)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\hpzipm12.exe (HP)


========== Driver Services (SafeList) ==========

DRV - (vrnrjlry) -- C:\WINDOWS\system32\drivers\vrnrjlry.sys (Microsoft Corporation)
DRV - (ytzcagnw) -- C:\WINDOWS\system32\drivers\ytzcagnw.sys (Microsoft Corporation)
DRV - (dwvgfncl) -- C:\WINDOWS\system32\drivers\dwvgfncl.sys (Microsoft Corporation)
DRV - (MpKslea9c2abf) -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D60FEA13-4013-43C4-8039-56E68FC1C39C}\MpKslea9c2abf.sys (Microsoft Corporation)
DRV - (pbfilter) -- C:\Program Files\PeerBlock\pbfilter.sys ()
DRV - (DefragFS) -- C:\WINDOWS\system32\drivers\DefragFs.sys (Raxco Software, Inc.)
DRV - (MpFilter) -- C:\WINDOWS\system32\drivers\MpFilter.sys (Microsoft Corporation)
DRV - (timounter) -- C:\WINDOWS\system32\DRIVERS\timntr.sys (Acronis)
DRV - (tifsfilter) -- C:\WINDOWS\system32\drivers\tifsfilt.sys (Acronis)
DRV - (snapman) -- C:\WINDOWS\system32\DRIVERS\snapman.sys (Acronis)
DRV - (tdrpman) -- C:\WINDOWS\system32\DRIVERS\tdrpman.sys (Acronis)
DRV - (adfs) -- C:\WINDOWS\system32\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (xusb21) -- C:\WINDOWS\system32\drivers\xusb21.sys (Microsoft Corporation)
DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
DRV - (USB_RNDIS) -- C:\WINDOWS\system32\drivers\usb8023.sys (Microsoft Corporation)
DRV - (GcKernel) -- C:\WINDOWS\system32\drivers\gckernel.sys (Microsoft Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (motmodem) -- C:\WINDOWS\system32\drivers\motmodem.sys (Motorola)
DRV - (P17) -- C:\WINDOWS\system32\drivers\P17.sys (Creative Technology Ltd.)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (dsunidrv) -- C:\WINDOWS\system32\drivers\dsunidrv.sys (Gteko Ltd.)
DRV - (hamachi_oem) -- C:\WINDOWS\system32\drivers\gan_adapter.sys (Applied Networking Inc.)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\dla\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\dla\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\dla\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\dla\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\dla\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\dla\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\dla\DLADResN.SYS (Sonic Solutions)
DRV - (drvmcdb) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (drvnddm) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Sonic Solutions)
DRV - (sfsync03) StarForce Protection Synchronization Driver (version 3.x) -- C:\WINDOWS\System32\drivers\sfsync03.sys (Protection Technology)
DRV - (RT73) -- C:\WINDOWS\system32\drivers\rt73.sys (Ralink Technology, Corp.)
DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfvfs02.sys (Protection Technology)
DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfsync02.sys (Protection Technology)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology)
DRV - (iastor) -- C:\WINDOWS\system32\drivers\iaStor.sys ()
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology)
DRV - (e1express) Intel® -- C:\WINDOWS\system32\drivers\e1e5132.sys (Intel Corporation)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (P2k) -- C:\WINDOWS\system32\drivers\P2k.sys ()
DRV - (AFS2K) -- C:\WINDOWS\system32\drivers\AFS2K.SYS (Oak Technology Inc.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (ndiscm) -- C:\WINDOWS\system32\drivers\NetMotCM.sys (Motorola Inc.)
DRV - (TIEHDUSB) -- C:\WINDOWS\system32\drivers\tiehdusb.sys (Texas Instruments Incorporated)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (GTNDIS5) -- C:\WINDOWS\system32\GTNDIS5.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)
DRV - (HIDSwvd) -- C:\WINDOWS\system32\drivers\hidswvd.sys (Microsoft Corporation)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 64.34.161.90:80

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.startup.homepage: "chrome://speeddial/content/speeddial.xul"
FF - prefs.js..extensions.enabledItems: {DCBD1271-D228-4082-9FBC-36D9B7660B03}:1.1.9.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.6
FF - prefs.js..extensions.enabledItems: [email protected]:0.6.0.20
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.47
FF - prefs.js..extensions.enabledItems: bug489729@alice0775:1.3
FF - prefs.js..extensions.enabledItems: {1fe12979-ef26-4a7a-911a-ba0f596362bd}:1.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.83.20100316
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.2
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.9
FF - prefs.js..extensions.enabledItems: [email protected]:2.23b1
FF - prefs.js..extensions.enabledItems: {DB2EA31C-58F5-48b7-8D60-CB0739257904}:0.19
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2c}:0.6.4
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:0.7.1
FF - prefs.js..extensions.enabledItems: TFToolbarX@torrent-finder:1.2.5
FF - prefs.js..extensions.enabledItems: {469CEB59-8266-438b-91D9-82F56D595E15}:1.19
FF - prefs.js..extensions.enabledItems: {29c4afe1-db19-4298-8785-fcc94d1d6c1d}:0.6.2009110501
FF - prefs.js..extensions.enabledItems: {de5809e0-2b07-11dd-bd0b-0800200c9a66}:1.1.5
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.gopher: ""
FF - prefs.js..network.proxy.backup.gopher_port: 0
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.ftp: "64.90.179.108"
FF - prefs.js..network.proxy.gopher: "64.90.179.108"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "64.90.179.108"
FF - prefs.js..network.proxy.ssl: "64.90.179.108"
FF - prefs.js..network.proxy.type: 4
FF - prefs.js..splitbrowser.search.loadResultsIn: 2


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/30 17:33:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/30 17:33:44 | 000,000,000 | ---D | M]

[2009/03/07 01:04:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Mozilla\Extensions
[2009/03/07 01:04:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Mozilla\Extensions\[email protected]
[2010/03/31 16:16:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions
[2010/01/26 21:35:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{1fe12979-ef26-4a7a-911a-ba0f596362bd}
[2010/03/30 22:43:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d}
[2010/03/28 20:35:37 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/12/23 00:49:43 | 000,000,000 | ---D | M] (Organize Status Bar) -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2c}
[2009/10/15 07:00:24 | 000,000,000 | ---D | M] (PDF Download) -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2010/01/21 00:34:40 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2010/03/27 12:53:39 | 000,000,000 | ---D | M] (FoxyTunes Skin - OnyxOrbs) -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{469CEB59-8266-438b-91D9-82F56D595E15}
[2010/03/20 10:40:20 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/01/07 04:08:16 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/01/29 18:22:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2009/10/14 04:09:51 | 000,000,000 | ---D | M] (ImageTweak) -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{DB2EA31C-58F5-48b7-8D60-CB0739257904}
[2010/01/27 19:23:36 | 000,000,000 | ---D | M] () -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{DCBD1271-D228-4082-9FBC-36D9B7660B03}
[2010/03/26 16:53:19 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/03/17 21:24:52 | 000,000,000 | ---D | M] (Gradient iCool) -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{de5809e0-2b07-11dd-bd0b-0800200c9a66}
[2010/02/28 11:03:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\[email protected]
[2009/09/13 22:27:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\bug489729@alice0775
[2009/07/01 20:09:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\[email protected]
[2009/07/26 10:21:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\[email protected]
[2008/06/18 12:15:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\[email protected]
[2010/03/23 20:23:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\[email protected]
[2009/12/29 21:20:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\[email protected]
[2008/07/12 12:15:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\[email protected]
[2009/10/28 05:20:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\TFToolbarX@torrent-finder
[2009/11/11 14:06:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\[email protected]
[2009/01/06 00:33:16 | 000,001,447 | ---- | M] () -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\searchplugins\userlogos.xml
[2010/03/31 16:16:26 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/01/01 21:55:03 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2006/10/22 03:01:25 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2008/02/04 18:49:18 | 000,663,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll

O1 HOSTS File: ([2008/12/03 15:51:12 | 000,000,799 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {1FD79A59-37B1-459B-9097-09F9FAB8A523} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (no name) - {9255A473-D67E-4921-ACA1-46C63AB01EE2} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\P17.dll ()
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Auto Detect.lnk = C:\Program Files\iConcepts Music Express\MEAutoDetect.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Save with Download Manager... - C:\Program Files\J River\Media Jukebox\DMDownload.htm ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplane...DC_2.1.1.74.cab (Reg Error: Key error.)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} http://aolcc.aol.com...kup/qdiagcc.cab (Reg Error: Key error.)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.updat...b?1187479030750 (MUCatalogWebControl Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} https://scan.safety....lscbase2213.cab (CwlscInstall Object)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1130464946046 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1131080027541 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} http://69.213.66.54/TSWEB/msrdp.cab (Microsoft RDP Client Control (redist))
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} http://www.systemreq...m/sysreqlab.cab (System Requirements Lab Class)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\vtutrpm: DllName - vtutrpm.dll - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Graham\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Graham\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/19 16:07:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (PDBoot.exe) - C:\WINDOWS\System32\PDBoot.exe (Raxco Software, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/08/19 15:52:10 | 000,000,000 | ---D | M]
NetSvcs: Iprip - C:\WINDOWS\system32\iprip.dll (Microsoft Corporation)
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - Services: "AOL ACS"
MsConfig - Services: "AcrSch2Svc"
MsConfig - Services: "idsvc"
MsConfig - Services: "gusvc"
MsConfig - Services: "DSBrokerService"
MsConfig - Services: "ATI Smart"
MsConfig - Services: "Ati HotKey Poller"
MsConfig - Services: "wlidsvc"
MsConfig - Services: "usnjsvc"
MsConfig - Services: "Roxio Upnp Server 9"
MsConfig - Services: "Roxio UPnP Renderer 9"
MsConfig - Services: "BcmSqlStartupSvc"
MsConfig - Services: "Creative Service for CDROM Access"
MsConfig - StartUpReg: Acronis Scheduler2 Service - hkey= - key= - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
MsConfig - StartUpReg: AcronisTimounterMonitor - hkey= - key= - C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
MsConfig - StartUpReg: AOLDialer - hkey= - key= - C:\Program Files\Common Files\AOL\acs\AOLDial.exe (AOL LLC)
MsConfig - StartUpReg: ATIPTA - hkey= - key= - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
MsConfig - StartUpReg: Avvenu Access n Share Update - hkey= - key= - C:\Program Files\Avvenu\Avvenu_updater.exe File not found
MsConfig - StartUpReg: BitTorrent DNA - hkey= - key= - C:\Program Files\DNA\btdna.exe File not found
MsConfig - StartUpReg: DMXLauncher - hkey= - key= - C:\Program Files\Sonic\Product\Media Experience\DMXLauncher.exe ()
MsConfig - StartUpReg: Google Updater - hkey= - key= - C:\Program Files\Google\Google Updater\GoogleUpdater.exe File not found
MsConfig - StartUpReg: HostManager - hkey= - key= - C:\Program Files\Common Files\AOL\1130467576\EE\aolsoftware.exe (AOL LLC)
MsConfig - StartUpReg: IAAnotif - hkey= - key= - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: StartCCC - hkey= - key= - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
MsConfig - StartUpReg: TrueImageMonitor.exe - hkey= - key= - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 2
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: MsMpSvc - C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: MsMpSvc - C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {1BC46932-21B2-4130-86E0-B4EB4F7A7A7B} - Microsoft .NET Framework 1.0 Hotfix (KB887998)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0
ActiveX: {25DEEA52-F564-10E6-2426-5D36EF9FCB69} - Microsoft .NET Framework 1.0 Hotfix (KB887998)
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {35976B88-3626-B43E-CAF1-6777271E1427} - Microsoft Windows Media Player
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.UnInstall.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - rundll32.exe C:\WINDOWS\system32\Setup\FxsOcm.dll,XP_UninstallProvider
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {BDE0FA43-6952-4BA8-8C58-09AF690F88E1} - Microsoft .NET Framework 1.0 Hotfix (KB930494)
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295)
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3
ActiveX: {ECD292A0-0347-4244-8C24-5DBCE990FB40} - Hotfix for Microsoft .NET Framework 3.0 (KB932471)
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: KB910393 - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.DRAW - DVIDEO.DLL File not found
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
Drivers32: VIDC.MP42 - C:\WINDOWS\System32\MPG4C32.DLL (Microsoft Corporation)
Drivers32: VIDC.MPG4 - C:\WINDOWS\System32\MPG4C32.DLL (Microsoft Corporation)
Drivers32: VIDC.VCR1 - ATIVCR1.DLL File not found
Drivers32: VIDC.VCR2 - ATIVCR2.DLL File not found
Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yvu9 - IYVU9_32.DLL File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16891891626803200)

========== Files/Folders - Created Within 30 Days ==========

[2010/03/31 16:31:06 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Graham\Recent
[2010/03/31 16:22:31 | 000,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\vrnrjlry.sys
[2010/03/31 16:15:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Graham\Desktop\Alureon.G
[2010/03/31 16:13:09 | 000,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ytzcagnw.sys
[2010/03/31 16:10:59 | 000,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dwvgfncl.sys
[2010/03/31 16:05:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/03/31 06:16:38 | 000,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\qsmtxyhd.sys
[2010/03/31 06:15:59 | 000,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mxwgrosu.sys
[2010/03/31 06:02:31 | 000,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\jgrusmgr.sys
[2010/03/31 05:55:13 | 000,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\omfcknfi.sys
[2010/03/31 05:44:43 | 000,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\kdvnnuda.sys
[2010/03/31 05:34:09 | 000,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\skcceric.sys
[2010/03/31 05:23:35 | 000,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ppffjxdr.sys
[2010/03/31 05:13:01 | 000,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gcjcwcnu.sys
[2010/03/31 05:02:26 | 000,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\xiwxqznd.sys
[2010/03/31 04:51:52 | 000,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\thwfuwpr.sys
[2010/03/31 04:41:19 | 000,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\jqzxxgxc.sys
[2010/03/31 04:30:41 | 000,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ihhzoopv.sys
[2010/03/31 04:20:06 | 000,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wlqfqmrp.sys
[2010/03/31 04:09:25 | 000,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\xoedsqzd.sys
[2010/03/31 03:58:43 | 000,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\risqezlr.sys
[2010/03/31 01:29:50 | 000,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sitzofbt.sys
[2010/03/31 00:24:10 | 000,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\opjbontt.sys
[2010/03/31 00:14:49 | 000,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nlzcbevt.sys
[2010/03/31 00:08:31 | 000,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\lwsvgwtn.sys
[2010/03/30 22:04:47 | 000,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gqjzhcnd.sys
[2010/03/30 22:00:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/03/30 22:00:09 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/03/30 22:00:09 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/03/30 22:00:09 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/03/30 22:00:09 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/03/30 17:36:41 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/03/30 17:36:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/03/30 17:29:07 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/03/28 20:33:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/03/28 20:09:07 | 000,000,000 | ---D | C] -- C:\Program Files\PeerBlock
[2010/03/22 20:48:24 | 000,000,000 | ---D | C] -- F:\My Documents\how-a-500-craigslist-car-beat-400k-rally-racers_files
[2010/03/17 21:53:42 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2010/03/17 21:53:42 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2010/03/10 00:04:04 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/03/09 23:33:38 | 001,025,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browseui.dll
[2010/03/09 22:20:28 | 000,000,000 | ---D | C] -- F:\My Documents\print.aw3_files
[2010/03/09 19:27:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Raxco
[2010/03/06 18:06:28 | 000,000,000 | ---D | C] -- F:\My Documents\CCleaner Registry Backups
[2010/03/06 15:44:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/06 15:44:23 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/06 15:44:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/06 15:19:24 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/03/02 09:41:12 | 000,237,320 | ---- | C] (Raxco Software, Inc.) -- C:\WINDOWS\System32\PDBoot.exe
[2010/03/01 16:56:45 | 000,000,000 | ---D | C] -- F:\My Documents\chooseTerm.action_files
[2010/01/06 16:51:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\AOL
[2010/01/06 06:52:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2009/10/23 15:11:15 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/10/12 01:05:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2009/10/08 17:17:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\AOL
[2009/07/31 17:01:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/07/07 01:06:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2007/11/25 15:56:10 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[2007/07/13 20:49:33 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2006/12/07 08:00:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AOL
[32 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/31 16:22:31 | 000,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\vrnrjlry.sys
[2010/03/31 16:13:09 | 000,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ytzcagnw.sys
[2010/03/31 16:10:59 | 000,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dwvgfncl.sys
[2010/03/31 16:10:39 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/31 16:02:16 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/31 16:02:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/31 16:01:57 | 3756,167,168 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/31 06:26:08 | 015,728,640 | -H-- | M] () -- C:\Documents and Settings\Graham\NTUSER.DAT
[2010/03/31 06:26:08 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Graham\ntuser.ini
[2010/03/31 06:16:38 | 000,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\qsmtxyhd.sys
[2010/03/31 06:15:59 | 000,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mxwgrosu.sys
[2010/03/31 06:02:31 | 000,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\jgrusmgr.sys
[2010/03/31 05:55:13 | 000,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\omfcknfi.sys
[2010/03/31 05:44:43 | 000,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\kdvnnuda.sys
[2010/03/31 05:34:09 | 000,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\skcceric.sys
[2010/03/31 05:23:35 | 000,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ppffjxdr.sys
[2010/03/31 05:13:01 | 000,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gcjcwcnu.sys
[2010/03/31 05:02:26 | 000,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\xiwxqznd.sys
[2010/03/31 04:51:52 | 000,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\thwfuwpr.sys
[2010/03/31 04:41:19 | 000,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\jqzxxgxc.sys
[2010/03/31 04:30:41 | 000,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ihhzoopv.sys
[2010/03/31 04:20:06 | 000,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wlqfqmrp.sys
[2010/03/31 04:09:25 | 000,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\xoedsqzd.sys
[2010/03/31 03:58:43 | 000,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\risqezlr.sys
[2010/03/31 01:29:50 | 000,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sitzofbt.sys
[2010/03/31 00:24:10 | 000,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\opjbontt.sys
[2010/03/31 00:14:50 | 000,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nlzcbevt.sys
[2010/03/31 00:13:35 | 000,335,856 | ---- | M] () -- C:\Documents and Settings\Graham\Desktop\R158601.EXE
[2010/03/31 00:08:31 | 000,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\lwsvgwtn.sys
[2010/03/30 23:38:19 | 000,050,176 | ---- | M] () -- C:\Documents and Settings\Graham\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/30 22:49:14 | 049,852,416 | ---- | M] () -- C:\WINDOWS\System32\BOJTEMHCUXKGRSJ
[2010/03/30 22:04:47 | 000,030,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gqjzhcnd.sys
[2010/03/30 21:59:50 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2010/03/30 21:59:50 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/03/30 21:59:50 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/03/30 21:59:50 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/03/30 21:59:50 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/03/30 18:50:27 | 000,169,472 | ---- | M] () -- C:\WINDOWS\Plaqua.exe
[2010/03/30 18:30:06 | 000,011,024 | ---- | M] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp DSP Effects.dat
[2010/03/30 18:30:01 | 003,494,576 | ---- | M] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2010/03/30 18:30:01 | 000,033,846 | ---- | M] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp DSP Effects.bmp
[2010/03/30 18:29:59 | 000,015,607 | ---- | M] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.dat
[2010/03/30 18:29:26 | 000,033,846 | ---- | M] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.bmp
[2010/03/30 17:39:35 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/03/30 17:39:26 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/03/30 17:33:31 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/03/30 17:30:00 | 000,000,392 | -H-- | M] () -- C:\WINDOWS\tasks\{5A946781-7F50-46F7-B9B9-3B43599481E3}_XPS400_Graham.job
[2010/03/30 02:28:19 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\Graham\Desktop\CCleaner.lnk
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/28 23:10:12 | 000,716,992 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/28 23:10:12 | 000,580,318 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/28 23:10:12 | 000,122,036 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/28 22:54:14 | 000,000,000 | ---- | M] () -- C:\FileOut.Cns
[2010/03/28 22:54:14 | 000,000,000 | ---- | M] () -- C:\FileIn.Cns
[2010/03/28 20:25:02 | 000,000,692 | ---- | M] () -- C:\Documents and Settings\Graham\Desktop\WinRAR.lnk
[2010/03/28 20:09:09 | 000,001,608 | ---- | M] () -- C:\Documents and Settings\Graham\Desktop\PeerBlock.lnk
[2010/03/27 23:45:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\HP DArC Task #Hewlett-Packard#hp psc 1300 series#1130474532.job
[2010/03/24 10:36:29 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/03/22 22:09:48 | 000,037,170 | ---- | M] () -- C:\Documents and Settings\Graham\Application Data\wklnhst.dat
[2010/03/22 22:03:51 | 000,013,225 | ---- | M] () -- F:\My Documents\Bill.docx
[2010/03/22 20:48:50 | 000,248,227 | ---- | M] () -- F:\My Documents\how-a-500-craigslist-car-beat-400k-rally-racers.htm
[2010/03/17 21:53:42 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2010/03/17 21:53:42 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2010/03/12 00:30:26 | 000,087,231 | ---- | M] () -- C:\VETlog.dmp
[2010/03/11 23:17:49 | 000,000,966 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/10 00:06:24 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/03/09 23:33:41 | 001,509,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shdocvw.dll
[2010/03/09 23:33:38 | 001,025,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browseui.dll
[2010/03/09 22:20:31 | 000,166,719 | ---- | M] () -- F:\My Documents\print.aw3.htm
[2010/03/09 19:55:17 | 000,000,099 | ---- | M] () -- C:\Documents and Settings\Graham\webct_upload_applet.properties
[2010/03/09 19:52:03 | 000,923,136 | ---- | M] () -- F:\My Documents\Percy Bysshe Shelley.ppt
[2010/03/09 19:27:58 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PerfectDisk 11.lnk
[2010/03/08 06:09:35 | 003,181,524 | -H-- | M] () -- C:\Documents and Settings\Graham\Local Settings\Application Data\IconCache.db
[2010/03/06 15:44:29 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/02 09:41:12 | 000,237,320 | ---- | M] (Raxco Software, Inc.) -- C:\WINDOWS\System32\PDBoot.exe
[2010/03/01 22:40:46 | 000,092,561 | ---- | M] () -- F:\My Documents\PMW Torque Convertor.pdf
[2010/03/01 22:35:30 | 000,417,131 | ---- | M] () -- F:\My Documents\Section4_G23LH_Models.pdf
[2010/03/01 16:56:48 | 000,006,520 | ---- | M] () -- F:\My Documents\chooseTerm.action.htm
[2010/03/01 16:56:37 | 000,066,851 | ---- | M] () -- F:\My Documents\contract.jsp.htm
[32 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/31 00:13:15 | 000,335,856 | ---- | C] () -- C:\Documents and Settings\Graham\Desktop\R158601.EXE
[2010/03/30 22:46:34 | 049,852,416 | ---- | C] () -- C:\WINDOWS\System32\BOJTEMHCUXKGRSJ
[2010/03/30 21:50:59 | 3756,167,168 | -HS- | C] () -- C:\hiberfil.sys
[2010/03/30 18:50:38 | 000,169,472 | ---- | C] () -- C:\WINDOWS\Plaqua.exe
[2010/03/30 18:30:06 | 000,033,846 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp DSP Effects.bmp
[2010/03/30 18:30:06 | 000,011,024 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp DSP Effects.dat
[2010/03/30 18:29:59 | 000,033,846 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.bmp
[2010/03/30 18:29:59 | 000,015,607 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.dat
[2010/03/30 17:37:56 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/03/30 17:33:31 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/03/28 20:09:09 | 000,001,608 | ---- | C] () -- C:\Documents and Settings\Graham\Desktop\PeerBlock.lnk
[2010/03/22 22:03:51 | 000,013,225 | ---- | C] () -- F:\My Documents\Bill.docx
[2010/03/22 20:48:50 | 000,248,227 | ---- | C] () -- F:\My Documents\how-a-500-craigslist-car-beat-400k-rally-racers.htm
[2010/03/09 22:20:28 | 000,166,719 | ---- | C] () -- F:\My Documents\print.aw3.htm
[2010/03/09 19:52:02 | 000,923,136 | ---- | C] () -- F:\My Documents\Percy Bysshe Shelley.ppt
[2010/03/09 19:27:58 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PerfectDisk 11.lnk
[2010/03/06 15:44:29 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/06 15:39:00 | 000,001,548 | ---- | C] () -- C:\Documents and Settings\Graham\Desktop\CCleaner.lnk
[2010/03/01 22:40:46 | 000,092,561 | ---- | C] () -- F:\My Documents\PMW Torque Convertor.pdf
[2010/03/01 22:35:30 | 000,417,131 | ---- | C] () -- F:\My Documents\Section4_G23LH_Models.pdf
[2010/03/01 16:56:45 | 000,006,520 | ---- | C] () -- F:\My Documents\chooseTerm.action.htm
[2010/03/01 16:56:36 | 000,066,851 | ---- | C] () -- F:\My Documents\contract.jsp.htm
[2010/02/06 06:09:29 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/02/06 06:09:29 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/12/23 02:39:50 | 000,000,262 | ---- | C] () -- C:\WINDOWS\w32dasm8.ini
[2009/12/23 00:15:27 | 000,000,576 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\afl.log
[2009/02/15 23:04:48 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Drums
[2009/02/15 23:04:48 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Graham\Application Data\Distortion
[2009/02/15 23:04:48 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLck.DAT
[2009/02/15 23:04:48 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\MIDI Patch Names
[2009/02/15 23:04:33 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\laserjet
[2009/02/15 23:04:33 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Distortion
[2009/02/15 23:04:16 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Dynamic Library
[2009/02/15 23:04:16 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Graham\Application Data\Documentation
[2009/02/15 23:04:16 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Mail
[2009/02/15 22:52:16 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLbx.DAT
[2008/09/19 16:57:34 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/09/19 16:55:10 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/05/31 21:36:50 | 000,001,361 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2007/11/25 15:56:10 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2007/10/01 23:35:57 | 000,000,010 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/08/02 16:55:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\frontpg.ini
[2007/08/02 16:49:52 | 000,007,909 | ---- | C] () -- C:\WINDOWS\System32\ftpctrs.ini
[2007/08/02 16:42:47 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2007/08/02 16:42:46 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2007/08/02 16:41:30 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2007/08/02 16:41:29 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2007/08/02 16:41:27 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2007/07/19 20:14:35 | 000,006,365 | -HS- | C] () -- C:\WINDOWS\System32\oqtwa.ini
[2007/07/19 17:40:58 | 001,810,608 | -HS- | C] () -- C:\WINDOWS\System32\rtutv.ini2
[2007/07/17 23:18:28 | 000,000,295 | -HS- | C] () -- C:\WINDOWS\System32\hoghjcbo.ini
[2007/07/17 22:08:55 | 000,000,295 | -HS- | C] () -- C:\WINDOWS\System32\adtdwuoy.ini
[2007/07/17 21:23:05 | 000,000,295 | -HS- | C] () -- C:\WINDOWS\System32\dyuulkih.ini
[2007/07/17 20:44:03 | 000,000,295 | -HS- | C] () -- C:\WINDOWS\System32\cpumjybo.ini
[2007/07/17 16:07:34 | 000,000,465 | -HS- | C] () -- C:\WINDOWS\System32\hlihnpsp.ini
[2007/07/16 16:57:13 | 000,000,405 | -HS- | C] () -- C:\WINDOWS\System32\efxnfehe.ini
[2007/07/12 17:24:29 | 000,000,405 | -HS- | C] () -- C:\WINDOWS\System32\ojmmlumg.ini
[2007/07/10 16:28:17 | 000,000,355 | -HS- | C] () -- C:\WINDOWS\System32\urgctmwb.ini
[2007/07/09 21:36:52 | 000,000,345 | -HS- | C] () -- C:\WINDOWS\System32\mfvmkqyu.ini
[2007/07/09 16:00:01 | 000,000,415 | -HS- | C] () -- C:\WINDOWS\System32\vrptaxbg.ini
[2007/07/09 04:48:41 | 000,000,355 | -HS- | C] () -- C:\WINDOWS\System32\fjoxfwjf.ini
[2007/07/09 03:59:36 | 001,045,826 | -HS- | C] () -- C:\WINDOWS\System32\qbhobjmk.ini
[2007/07/08 03:55:21 | 001,045,767 | -HS- | C] () -- C:\WINDOWS\System32\dpgynipa.ini
[2007/07/07 15:50:19 | 001,906,404 | -HS- | C] () -- C:\WINDOWS\System32\rtutv.ini
[2007/07/07 12:44:24 | 001,856,491 | -HS- | C] () -- C:\WINDOWS\System32\cbeeg.ini2
[2007/07/07 06:40:35 | 001,045,647 | -HS- | C] () -- C:\WINDOWS\System32\piblinml.ini
[2007/07/06 16:13:29 | 001,045,545 | -HS- | C] () -- C:\WINDOWS\System32\vatimosr.ini
[2007/07/05 14:48:26 | 001,053,789 | -HS- | C] () -- C:\WINDOWS\System32\gwtbqgod.ini
[2007/07/04 19:34:25 | 000,000,345 | -HS- | C] () -- C:\WINDOWS\System32\fbjnablr.ini
[2007/07/04 13:41:22 | 001,032,806 | -HS- | C] () -- C:\WINDOWS\System32\aevopsfe.ini
[2007/07/04 12:52:05 | 000,000,345 | -HS- | C] () -- C:\WINDOWS\System32\jcahuvqh.ini
[2007/07/04 10:47:21 | 001,032,729 | -HS- | C] () -- C:\WINDOWS\System32\truvbvos.ini
[2007/07/03 16:12:36 | 000,000,345 | -HS- | C] () -- C:\WINDOWS\System32\ehbqewey.ini
[2007/07/03 16:08:46 | 001,860,696 | -HS- | C] () -- C:\WINDOWS\System32\cbeeg.ini
[2007/06/29 19:52:14 | 001,856,526 | -HS- | C] () -- C:\WINDOWS\System32\hgjlm.ini2
[2007/06/23 01:51:25 | 000,023,930 | -HS- | C] () -- C:\WINDOWS\System32\hgjlm.ini
[2007/06/22 05:58:23 | 000,000,465 | -HS- | C] () -- C:\WINDOWS\System32\wwwobihf.ini
[2007/06/22 05:40:09 | 000,000,353 | -HS- | C] () -- C:\WINDOWS\System32\xbadd.ini
[2007/06/22 05:40:09 | 000,000,353 | -HS- | C] () -- C:\WINDOWS\System32\cccdd.ini
[2007/06/22 05:40:09 | 000,000,322 | -HS- | C] () -- C:\WINDOWS\System32\xybeg.ini
[2007/05/31 14:43:03 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\Graham\Local Settings\Application Data\.mpid
[2007/05/21 20:45:59 | 000,682,232 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2007/04/24 19:38:05 | 000,000,141 | ---- | C] () -- C:\WINDOWS\mp3wavcon.ini
[2007/04/24 19:37:37 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2007/03/24 04:25:50 | 001,385,984 | ---- | C] () -- C:\WINDOWS\System32\telintf.DLL
[2007/03/05 13:34:28 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2006/12/27 14:19:22 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2006/12/22 21:17:04 | 000,000,045 | ---- | C] () -- C:\WINDOWS\HOTWHEEL.INI
[2006/12/21 15:42:23 | 000,000,058 | ---- | C] () -- C:\WINDOWS\nfsc_patch.ini
[2006/12/10 01:51:08 | 000,000,038 | ---- | C] () -- C:\WINDOWS\System32\sysmwwod.dll
[2006/10/19 00:32:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ATIMMC.INI
[2006/09/02 23:26:21 | 000,016,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\P2k.sys
[2006/08/01 11:02:09 | 000,000,067 | ---- | C] () -- C:\WINDOWS\101_ASB.INI
[2006/07/24 12:53:53 | 000,000,344 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2006/07/23 19:18:42 | 000,000,057 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI
[2006/07/23 14:38:02 | 000,000,921 | ---- | C] () -- C:\WINDOWS\disney.ini
[2006/07/07 17:57:06 | 000,073,814 | ---- | C] () -- C:\WINDOWS\System32\cw.dll
[2006/06/11 01:46:03 | 000,000,158 | ---- | C] () -- C:\WINDOWS\TSDataEx.ini
[2006/03/06 22:52:49 | 000,000,639 | ---- | C] () -- C:\WINDOWS\M3JPEG.INI
[2006/03/04 20:39:32 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\C0EC55B373.sys
[2006/01/27 17:09:57 | 000,000,196 | ---- | C] () -- C:\Documents and Settings\Graham\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
[2005/12/30 20:33:51 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2005/12/25 15:49:00 | 000,000,029 | ---- | C] () -- C:\WINDOWS\dmi.ini
[2005/12/03 21:42:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2005/11/27 01:14:31 | 000,000,008 | ---- | C] () -- C:\WINDOWS\sdcomchk.ini
[2005/11/26 18:45:24 | 000,000,090 | ---- | C] () -- C:\WINDOWS\fdmc.ini
[2005/11/13 20:17:52 | 000,000,074 | ---- | C] () -- C:\Documents and Settings\Graham\Local Settings\Application Data\FASTWiz.log
[2005/11/04 19:40:39 | 000,050,176 | ---- | C] () -- C:\Documents and Settings\Graham\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/11/02 22:12:10 | 000,000,088 | ---- | C] () -- C:\WINDOWS\copmn.ini
[2005/11/01 18:22:58 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2005/10/31 22:26:13 | 000,037,170 | ---- | C] () -- C:\Documents and Settings\Graham\Application Data\wklnhst.dat
[2005/10/31 16:51:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2005/10/29 20:44:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2005/10/28 15:38:29 | 000,005,663 | ---- | C] () -- C:\WINDOWS\System32\LudaP17.ini
[2005/10/28 15:35:30 | 000,000,075 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2005/10/27 23:27:28 | 000,003,558 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2005/10/27 23:27:28 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\73B355ECC0.sys
[2005/10/27 21:40:14 | 000,000,101 | ---- | C] () -- C:\WINDOWS\upst.ini
[2005/10/27 21:40:14 | 000,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2005/10/27 20:43:12 | 000,004,304 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/10/27 20:16:09 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Graham\Local Settings\Application Data\fusioncache.dat
[2005/10/26 14:18:26 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/10/26 14:07:11 | 000,003,091 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/10/26 14:04:03 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/10/26 14:01:28 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2005/10/26 14:01:11 | 000,000,072 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2005/10/26 13:36:14 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[2005/10/26 13:35:48 | 000,872,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\iaStor.sys
[2005/10/26 13:35:30 | 000,000,387 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/08/05 15:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/05/04 20:59:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/12/19 08:29:40 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004/12/19 08:17:10 | 000,614,400 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2004/11/30 04:10:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\besched.dll
[2004/08/19 16:20:39 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/19 15:49:36 | 000,016,161 | ---- | C] () -- C:\WINDOWS\System32\ngjcpb9f.dll
[2003/10/02 01:00:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2003/10/02 01:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
[2002/10/06 13:42:56 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002/10/04 18:04:24 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2002/10/04 18:04:24 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002/10/04 18:04:16 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2002/08/27 11:00:00 | 000,000,052 | ---- | C] () -- C:\WINDOWS\msdfmap32.ini
[2002/08/27 11:00:00 | 000,000,052 | ---- | C] () -- C:\WINDOWS\System32\aclui32.dll
[2002/05/15 18:38:40 | 000,091,136 | ---- | C] () -- C:\WINDOWS\System32\mp4fil32.dll
[2002/04/19 09:23:26 | 000,106,137 | ---- | C] () -- C:\WINDOWS\System32\libpostproc.dll
[1996/04/03 14:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== Custom Scans ==========


< %ALLUSERSPROFILE%\Application Data\*. >
[2009/10/25 02:14:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2010/01/17 01:36:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2005/12/10 00:00:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe Systems
[2009/12/26 06:17:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL
[2009/12/26 05:55:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL Downloads
[2009/03/31 20:57:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL OCP
[2009/06/01 18:11:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2009/03/04 21:17:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2007/11/26 16:22:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ATI
[2006/06/30 23:12:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avanquest Software
[2006/06/30 23:27:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2008/03/27 19:46:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell
[2009/02/15 23:04:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2007/06/22 05:26:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2006/12/10 03:55:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2010/01/30 12:11:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\GTek
[2005/10/26 14:07:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2005/10/26 14:06:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intuit
[2007/10/01 23:00:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Macromedia
[2009/01/20 00:44:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/11/11 17:28:09 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2008/09/29 18:39:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
[2010/03/10 00:15:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2007/03/12 01:58:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2010/03/09 19:27:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Raxco
[2007/08/16 17:56:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sonic
[2010/01/26 21:33:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun
[2009/03/31 21:03:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2009/09/03 00:36:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2009/10/08 17:15:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2005/10/27 23:21:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/03/12 16:45:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/03/30 17:37:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/10 00:27:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/06 16:15:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2009/02/04 13:56:14 | 000,075,112 | ---- | M] (GEAR Software, Inc.) -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86\DifXInstall32.exe
[2006/09/26 13:19:52 | 000,874,808 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\AIMSUD338\AIMinst.exe
[2006/09/26 13:19:38 | 000,430,168 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\AIMSUD338\AIMLang.exe
[2006/09/26 13:19:52 | 000,081,176 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\AIMSUD338\alsetup.exe
[2006/09/26 13:19:52 | 000,601,176 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\AIMSUD338\ampx.exe
[2006/09/26 13:19:54 | 000,104,528 | ---- | M] (Gteko Ltd.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\AIMSUD338\aod.exe
[2006/09/26 13:19:54 | 000,160,336 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\AIMSUD338\inst.exe
[2006/09/26 13:19:54 | 000,044,448 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\AIMSUD338\instopts.exe
[2006/09/26 13:19:54 | 000,163,888 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\AIMSUD338\iphinst.exe
[2006/09/26 13:19:54 | 000,555,736 | ---- | M] (America Online) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\AIMSUD338\muinst.exe
[2006/09/26 13:19:54 | 005,269,312 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\AIMSUD338\ocpinst.exe
[2006/09/26 13:19:58 | 000,034,896 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\AIMSUD338\postproc.exe
[2006/09/26 13:19:58 | 000,312,912 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\AIMSUD338\setup.exe
[2006/09/26 13:20:02 | 000,357,768 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\AIMSUD338\tbsetup.exe
[2006/09/26 13:20:04 | 001,144,760 | ---- | M] (America Online) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\AIMSUD338\toolbar.exe
[2006/09/26 13:20:06 | 000,409,640 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\AIMSUD338\vwpt.exe
[2006/10/09 17:30:50 | 000,792,664 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\aolcom_setupSTUS\setup90.exe
[2006/10/09 17:33:43 | 003,183,256 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\aolcom_setupSTUS\comps\acs\acssetup.exe
[2006/10/09 17:33:50 | 000,553,984 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\aolcom_setupSTUS\comps\flash\flashax.exe
[2006/10/09 17:33:05 | 002,242,759 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\aolcom_setupSTUS\comps\fw\nisale.exe
[2006/10/09 17:34:52 | 000,748,608 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\aolcom_setupSTUS\comps\ocp\ocpinst.exe
[2006/10/09 17:32:52 | 005,111,296 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\aolcom_setupSTUS\comps\rp\realpl8.exe
[2006/10/09 17:32:33 | 004,378,673 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\aolcom_setupSTUS\comps\rp\real_upd.exe
[2006/10/09 17:32:54 | 000,360,448 | ---- | M] ( ) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\aolcom_setupSTUS\comps\rp\rp9codec.exe
[2006/10/09 17:32:56 | 000,474,200 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\aolcom_setupSTUS\comps\sysinfo\sinfinst.exe
[2006/10/09 17:32:16 | 000,590,688 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\aolcom_setupSTUS\comps\tpspd\tssetup.exe
[2006/10/09 17:32:10 | 000,061,440 | ---- | M] (Viewpoint Corporation) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\aolcom_setupSTUS\comps\vwpt\vpprepop.exe
[2006/10/09 17:32:09 | 003,858,056 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\aolcom_setupSTUS\comps\vwpt\vwpt.exe
[2007/05/05 12:58:16 | 001,104,960 | ---- | M] (AOL) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\aoltoolbar\setuptoolbar.exe
[2006/07/13 14:22:12 | 000,299,840 | ---- | M] (America Online) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\CCU_SUITE_1.1.10.4\afixinst.exe
[2006/07/13 14:22:03 | 000,076,736 | ---- | M] (America Online) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\CCU_SUITE_1.1.10.4\afixlang.exe
[2006/07/13 14:22:02 | 000,126,312 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\CCU_SUITE_1.1.10.4\alsetup.exe
[2006/07/13 14:22:54 | 000,256,144 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\CCU_SUITE_1.1.10.4\CCUInst.exe
[2006/07/13 14:22:00 | 000,225,080 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\CCU_SUITE_1.1.10.4\cculang.exe
[2006/07/13 14:22:09 | 000,163,976 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\CCU_SUITE_1.1.10.4\iphinst.exe
[2006/07/13 14:22:07 | 000,552,224 | ---- | M] (America Online) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\CCU_SUITE_1.1.10.4\muinst.exe
[2006/07/13 14:22:52 | 003,083,408 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\CCU_SUITE_1.1.10.4\ocpinst.exe
[2006/07/13 14:22:16 | 000,033,872 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\CCU_SUITE_1.1.10.4\postproc.exe
[2006/07/13 14:22:31 | 000,159,312 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\CCU_SUITE_1.1.10.4\setup.exe
[2006/07/13 14:22:24 | 000,099,096 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\CCU_SUITE_1.1.10.4\sminstlp.exe
[2006/07/13 14:22:29 | 000,174,584 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\CCU_SUITE_1.1.10.4\stmninst.exe
[2006/07/13 14:22:56 | 000,339,616 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\CCU_SUITE_1.1.10.4\tbsetup.exe
[2006/07/13 14:22:26 | 000,215,840 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\CCU_SUITE_1.1.10.4\wsfinst.exe
[2006/11/11 16:19:49 | 000,299,648 | ---- | M] (America Online) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\CCU_SUITE_1.2.17.2\afixinst.exe
[2006/11/11 16:19:42 | 000,076,712 | ---- | M] (America Online) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\CCU_SUITE_1.2.17.2\afixlang.exe
[2006/11/11 16:19:47 | 000,126,336 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\CCU_SUITE_1.2.17.2\alsetup.exe
[2006/11/11 16:20:02 | 000,284,696 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\CCU_SUITE_1.2.17.2\CCUInst.exe
[2006/11/11 16:19:46 | 000,205,080 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\CCU_SUITE_1.2.17.2\cculang.exe
[2006/11/11 16:19:41 | 000,164,824 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\CCU_SUITE_1.2.17.2\iphinst.exe
[2006/11/11 16:19:44 | 000,555,704 | ---- | M] (America Online) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\CCU_SUITE_1.2.17.2\muinst.exe
[2006/11/11 16:20:01 | 003,238,592 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\CCU_SUITE_1.2.17.2\ocpinst.exe
[2006/11/11 16:19:50 | 000,033,840 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\CCU_SUITE_1.2.17.2\postproc.exe
[2006/11/11 16:19:50 | 000,159,280 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\CCU_SUITE_1.2.17.2\setup.exe
[2006/11/11 16:19:41 | 000,099,128 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\CCU_SUITE_1.2.17.2\sminstlp.exe
[2006/11/11 16:19:49 | 000,174,848 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\CCU_SUITE_1.2.17.2\stmninst.exe
[2006/11/11 16:19:45 | 000,215,864 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\CCU_SUITE_1.2.17.2\wsfinst.exe
[2005/12/07 23:01:19 | 000,422,386 | ---- | M] (America Online) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\IETOOLBAR_3.0.44.1\muinst.exe
[2005/12/07 23:01:13 | 000,155,240 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\IETOOLBAR_3.0.44.1\setup.exe
[2005/12/07 23:01:24 | 001,073,120 | ---- | M] (America Online) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\IETOOLBAR_3.0.44.1\toolbar.exe
[2005/10/27 21:45:20 | 022,040,920 | ---- | M] (Apple Computer, Inc. ) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\itunes_setupSTUS\itunessetup.exe
[2005/10/27 21:41:29 | 000,792,664 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\itunes_setupSTUS\setup90.exe
[2005/10/27 21:43:22 | 003,183,256 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\itunes_setupSTUS\comps\acs\acssetup.exe
[2005/10/27 21:42:47 | 007,083,361 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\itunes_setupSTUS\comps\asp\aspsetup.exe
[2005/10/27 21:42:58 | 000,615,424 | ---- | M] (Gtek) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\itunes_setupSTUS\comps\coach\aolcinst.exe
[2005/10/27 21:43:24 | 000,550,512 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\itunes_setupSTUS\comps\deskbar\deskbr.exe
[2005/10/27 21:43:26 | 000,553,984 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\itunes_setupSTUS\comps\flash\flashax.exe
[2005/10/27 21:43:11 | 002,242,759 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\itunes_setupSTUS\comps\fw\nisale.exe
[2005/10/27 21:44:13 | 000,748,608 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\itunes_setupSTUS\comps\ocp\ocpinst.exe
[2005/10/27 21:43:03 | 001,104,004 | ---- | M] (Pure Networks, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\itunes_setupSTUS\comps\port\pmsetup.exe
[2005/10/27 21:42:50 | 000,474,200 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\itunes_setupSTUS\comps\sysinfo\sinfinst.exe
[2005/10/27 21:42:53 | 000,516,032 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\itunes_setupSTUS\comps\tb\tbsetup.exe
[2005/10/27 21:43:29 | 000,620,120 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\itunes_setupSTUS\comps\toolbar\toolbr.exe
[2005/10/27 21:42:27 | 000,590,688 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\itunes_setupSTUS\comps\tpspd\tssetup.exe
[2006/11/07 10:44:22 | 001,177,864 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4023\AIMinst.exe
[2006/11/07 10:44:14 | 000,554,128 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4023\AIMLang.exe
[2006/11/07 10:44:22 | 000,141,944 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4023\alsetup.exe
[2006/11/07 10:44:22 | 000,631,624 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4023\ampx.exe
[2006/11/07 10:44:22 | 000,164,912 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4023\inst.exe
[2006/11/07 10:44:22 | 000,055,200 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4023\instopts.exe
[2006/11/07 10:44:24 | 000,228,912 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4023\migrator.exe
[2006/11/07 10:44:24 | 000,579,248 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4023\muinst.exe
[2006/11/07 10:44:24 | 005,357,264 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4023\ocpinst.exe
[2006/11/07 10:44:28 | 000,035,888 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4023\postproc.exe
[2006/11/07 10:44:28 | 000,312,880 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4023\setup.exe
[2006/11/07 10:44:28 | 000,357,776 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4023\tbsetup.exe
[2006/11/07 10:44:28 | 001,063,368 | ---- | M] (AOL) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4023\toolbar.exe
[2006/11/07 10:44:28 | 000,409,640 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4023\vwpt.exe
[2006/12/01 17:38:46 | 001,178,096 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4024\AIMinst.exe
[2006/12/01 17:38:46 | 000,560,784 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4024\AIMLang.exe
[2006/12/01 17:38:58 | 000,141,944 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4024\alsetup.exe
[2006/12/01 17:38:52 | 000,631,624 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4024\ampx.exe
[2006/12/01 17:38:42 | 000,164,912 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4024\inst.exe
[2006/12/01 17:39:00 | 000,055,200 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4024\instopts.exe
[2006/12/01 17:38:50 | 000,228,912 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4024\migrator.exe
[2006/12/01 17:38:52 | 000,579,248 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4024\muinst.exe
[2006/12/01 17:38:52 | 005,358,864 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4024\ocpinst.exe
[2006/12/01 17:38:42 | 000,035,888 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4024\postproc.exe
[2006/12/01 17:38:56 | 000,312,880 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4024\setup.exe
[2006/12/01 17:38:54 | 000,357,776 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4024\tbsetup.exe
[2006/12/01 17:38:56 | 001,082,064 | ---- | M] (AOL) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4024\toolbar.exe
[2006/12/01 17:38:58 | 000,409,640 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4024\vwpt.exe
[2007/02/27 17:12:40 | 000,299,648 | ---- | M] (America Online) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4059\afixinst.exe
[2007/02/27 17:12:40 | 000,076,712 | ---- | M] (America Online) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4059\afixlang.exe
[2007/02/27 17:12:40 | 000,126,336 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4059\alsetup.exe
[2007/02/27 17:12:28 | 000,284,992 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4059\CCUInst.exe
[2007/02/27 17:12:40 | 000,205,128 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4059\cculang.exe
[2007/02/27 17:12:42 | 000,164,824 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4059\iphinst.exe
[2007/02/27 17:12:42 | 000,555,704 | ---- | M] (America Online) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4059\muinst.exe
[2007/02/27 17:12:42 | 003,238,592 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4059\ocpinst.exe
[2007/02/27 17:12:46 | 000,033,840 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4059\postproc.exe
[2007/02/27 17:12:46 | 000,159,280 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4059\setup.exe
[2007/02/27 17:12:46 | 000,099,128 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4059\sminstlp.exe
[2007/02/27 17:12:46 | 000,174,848 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4059\stmninst.exe
[2007/02/27 17:12:46 | 000,339,640 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4059\tbsetup.exe
[2007/02/27 17:12:46 | 000,215,864 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4059\wsfinst.exe
[2007/08/06 17:12:40 | 000,355,592 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4172\afixinst.exe
[2007/08/06 17:12:42 | 000,127,224 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4172\afixlang.exe
[2007/08/06 17:12:48 | 000,142,040 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4172\alsetup.exe
[2007/08/06 17:12:48 | 000,370,496 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4172\CCUInst.exe
[2007/08/06 17:12:48 | 000,282,056 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4172\cculang.exe
[2007/08/06 17:12:48 | 000,260,040 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4172\ecuinst.exe
[2007/08/06 17:12:50 | 000,580,136 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4172\muinst.exe
[2007/08/06 17:12:50 | 002,439,824 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4172\ocpinsti.exe
[2007/08/06 17:12:50 | 003,147,256 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4172\ocpinsts.exe
[2007/08/06 17:12:52 | 000,036,912 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4172\postproc.exe
[2007/08/06 17:12:52 | 000,170,544 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4172\setup.exe
[2007/08/06 17:12:52 | 000,098,992 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4172\sminstlp.exe
[2007/08/06 17:12:52 | 000,174,752 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4172\stmninst.exe
[2007/08/06 17:12:52 | 000,359,184 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4172\tbsetup.exe
[2007/08/06 17:12:52 | 000,223,152 | ---- | M] (AOL, LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4172\wsfinst.exe
[2007/10/27 13:33:22 | 001,892,192 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4227\waol-0.4334.34.1.exe
[2007/10/27 13:33:28 | 008,139,800 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4227\comps\acs\acssetup.exe
[2007/10/27 13:33:28 | 000,260,040 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4227\comps\acs\ecuinst.exe
[2007/10/27 13:33:28 | 000,355,592 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4227\comps\afix\afixinst.exe
[2007/10/27 13:33:28 | 000,127,224 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4227\comps\afix\afixlang.exe
[2007/10/27 13:33:28 | 000,390,704 | ---- | M] (AOL, LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4227\comps\afix\WinsockFix.exe
[2007/10/27 13:33:28 | 000,223,152 | ---- | M] (AOL, LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4227\comps\afix\wsfinst.exe
[2007/10/27 13:33:32 | 000,142,040 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4227\comps\aolload\alsetup.exe
[2007/10/27 13:33:28 | 002,439,824 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4227\comps\ccu\ocpinsti.exe
[2007/10/27 13:33:32 | 001,134,216 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4227\comps\flash\flash9ex.exe
[2007/10/27 13:33:28 | 000,586,815 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4227\comps\muinst\muinst.exe
[2007/10/27 13:33:28 | 000,062,816 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4227\comps\ocp\ocpgc.exe
[2007/10/27 13:33:28 | 001,475,416 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4227\comps\ocp\ocpinst.exe
[2007/10/27 13:33:30 | 000,054,832 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4227\comps\parcon\AOLParconLink.exe
[2007/10/27 13:33:32 | 000,099,256 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4227\comps\sm\sminstlp.exe
[2007/10/27 13:33:30 | 000,175,280 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4227\comps\sm\stmninst.exe
[2007/10/27 13:33:28 | 000,711,392 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4227\comps\sysinfo\SinfInst.exe
[2007/10/27 13:33:28 | 000,359,184 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4227\comps\tb\tbsetup.exe
[2007/10/27 13:33:28 | 001,104,960 | ---- | M] (AOL) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4227\comps\toolbar\toolbar.exe
[2007/10/27 13:33:28 | 000,607,392 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4227\comps\tpspd\wbsetup.exe
[2007/10/27 13:33:28 | 000,601,728 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4227\comps\unagi\ampx.english.exe
[2007/10/27 13:33:28 | 000,061,440 | ---- | M] (Viewpoint Corporation) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4227\comps\vwpt\VPPrePop.exe
[2007/10/27 13:33:28 | 003,858,056 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4227\comps\vwpt\Vwpt.exe
[2009/12/17 12:45:44 | 001,031,504 | ---- | M] (AOL Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4490\waol-0.4337.174.1.exe
[2009/12/17 12:40:08 | 000,260,040 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4490\comps\acs\ecuinst.exe
[2009/12/17 12:40:10 | 000,035,664 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4490\comps\acs\postproc.exe
[2009/12/17 12:40:10 | 000,168,752 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4490\comps\acs\setup.exe
[2009/12/17 12:39:34 | 001,477,192 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4490\comps\acs\comps\acscore.exe
[2009/12/17 12:39:40 | 000,969,256 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4490\comps\acs\comps\acslaeu.exe
[2009/12/17 12:39:44 | 001,595,720 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4490\comps\acs\comps\acslang.exe
[2009/12/17 12:39:50 | 000,148,264 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4490\comps\acs\comps\acsrollb.exe
[2009/12/17 12:39:52 | 000,021,296 | ---- | M] (AOL Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4490\comps\acs\comps\acsshutd.exe
[2009/12/17 12:39:52 | 000,062,248 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4490\comps\acs\comps\ocpgc.exe
[2009/12/17 12:39:52 | 003,826,712 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4490\comps\acs\comps\ocpinst.exe
[2009/12/17 12:40:12 | 000,355,592 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4490\comps\afix\afixinst.exe
[2009/12/17 12:40:12 | 000,127,224 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4490\comps\afix\afixlang.exe
[2009/12/17 12:40:12 | 000,390,704 | ---- | M] (AOL, LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4490\comps\afix\WinsockFix.exe
[2009/12/17 12:40:14 | 000,223,152 | ---- | M] (AOL, LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4490\comps\afix\wsfinst.exe
[2009/12/17 12:40:14 | 002,439,824 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4490\comps\ccu\ocpinsti.exe
[2009/12/17 12:40:24 | 000,339,808 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4490\comps\desk\dskcore.exe
[2009/12/17 12:40:26 | 002,396,152 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4490\comps\desk\dskcorlp.exe
[2009/12/17 12:40:36 | 000,188,248 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4490\comps\desk\dtblpins.exe
[2009/12/17 12:40:36 | 000,472,296 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4490\comps\desk\dtbsetup.exe
[2009/12/17 12:40:38 | 001,962,544 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4490\comps\flash\flashax.exe
[2009/12/17 12:40:46 | 000,289,960 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4490\comps\gadget\aolDailyScoop.exe
[2009/12/17 12:40:48 | 000,109,552 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4490\comps\gadget\aolSearch.exe
[2009/12/17 12:40:48 | 001,362,936 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4490\comps\msvcr9\msvc9rt.exe
[2009/12/17 12:40:54 | 000,845,814 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4490\comps\muinst\muinst.exe
[2009/12/17 12:40:58 | 000,054,832 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4490\comps\parcon\AOLParconLink.exe
[2009/12/17 12:40:58 | 000,711,104 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4490\comps\sysinfo\SinfInst.exe
[2009/12/17 12:41:02 | 000,416,456 | ---- | M] (AOL Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4490\comps\tb\tbsetup.exe
[2009/12/17 12:41:04 | 001,878,296 | ---- | M] (AOL L.L.C.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4490\comps\toolbar\aol_toolbar.exe
[2009/12/17 12:41:12 | 000,607,392 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4490\comps\tpspd\wbsetup.exe
[2009/12/17 12:41:14 | 000,061,440 | ---- | M] (Viewpoint Corporation) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4490\comps\vwpt\VPPrePop.exe
[2009/12/17 12:41:14 | 003,858,056 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4490\comps\vwpt\Vwpt.exe
[2007/05/05 12:54:05 | 001,272,304 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.41.2\AIMinst.exe
[2007/05/05 12:54:28 | 000,481,432 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.41.2\AIMLang.exe
[2007/05/05 12:54:10 | 000,141,944 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.41.2\alsetup.exe
[2007/05/05 12:54:12 | 000,228,912 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.41.2\migrator.exe
[2007/05/05 12:54:22 | 005,312,840 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.41.2\ocpinst.exe
[2007/05/05 12:54:08 | 000,035,888 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.41.2\postproc.exe
[2007/05/05 12:54:09 | 000,169,520 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.41.2\setup.exe
[2007/05/05 12:54:25 | 000,357,776 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.41.2\tbsetup.exe
[2007/05/05 12:54:27 | 000,376,568 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.41.2\unagi3.exe
[2007/05/05 12:54:38 | 003,858,056 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.41.2\Vwpt.exe
[2006/01/22 18:57:05 | 000,805,064 | ---- | M] (America Online Inc) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.2.2\AIMinst.exe
[2006/01/22 18:57:03 | 000,456,296 | ---- | M] (America Online Inc) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.2.2\AIMLang.exe
[2006/01/22 18:57:01 | 000,081,200 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.2.2\alsetup.exe
[2006/01/22 18:57:03 | 000,601,176 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.2.2\ampx.exe
[2006/01/22 18:57:01 | 000,100,456 | ---- | M] (Gteko Ltd.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.2.2\aod.exe
[2006/01/22 18:57:04 | 000,044,448 | ---- | M] (America Online) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.2.2\instopts.exe
[2006/01/22 18:57:06 | 000,163,136 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.2.2\iphinst.exe
[2006/01/22 18:57:01 | 000,651,952 | ---- | M] (America Online) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.2.2\muinst.exe
[2006/01/22 18:57:09 | 004,982,584 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.2.2\ocpinst.exe
[2006/01/22 18:57:07 | 002,929,248 | ---- | M] (Plaxo, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.2.2\plxoinst.exe
[2006/01/22 18:57:05 | 000,033,896 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.2.2\postproc.exe
[2006/01/22 18:57:02 | 000,308,840 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.2.2\prodpckr.exe
[2006/01/22 18:57:01 | 000,010,344 | ---- | M] (America Online Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.2.2\rmb1.exe
[2006/01/22 18:57:03 | 000,187,496 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.2.2\setup.exe
[2006/01/22 18:57:06 | 000,568,304 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.2.2\SLinst.exe
[2006/01/22 18:57:04 | 000,185,960 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.2.2\SLinstLP.exe
[2006/01/22 18:57:10 | 000,310,288 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.2.2\tbsetup.exe
[2006/01/22 18:57:02 | 000,410,056 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.2.2\vwpt.exe
[2006/04/23 23:26:38 | 000,806,912 | ---- | M] (America Online Inc) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.7.1\AIMinst.exe
[2006/04/23 23:26:04 | 000,456,240 | ---- | M] (America Online Inc) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.7.1\AIMLang.exe
[2006/04/23 23:25:23 | 000,081,200 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.7.1\alsetup.exe
[2006/04/23 23:26:09 | 000,601,176 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.7.1\ampx.exe
[2006/04/23 23:25:47 | 000,100,456 | ---- | M] (Gteko Ltd.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.7.1\aod.exe
[2006/04/23 23:26:20 | 000,044,448 | ---- | M] (America Online) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.7.1\instopts.exe
[2006/04/23 23:25:04 | 000,163,136 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.7.1\iphinst.exe
[2006/04/23 23:25:31 | 000,651,952 | ---- | M] (America Online) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.7.1\muinst.exe
[2006/04/23 23:27:41 | 004,982,584 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.7.1\ocpinst.exe
[2006/04/23 23:27:06 | 002,929,248 | ---- | M] (Plaxo, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.7.1\plxoinst.exe
[2006/04/23 23:26:29 | 000,033,896 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.7.1\postproc.exe
[2006/04/23 23:25:39 | 000,308,840 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.7.1\prodpckr.exe
[2006/04/23 23:25:17 | 000,010,344 | ---- | M] (America Online Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.7.1\rmb1.exe
[2006/04/23 23:26:24 | 000,187,496 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.7.1\setup.exe
[2006/04/23 23:25:53 | 000,568,304 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.7.1\SLinst.exe
[2006/04/23 23:26:17 | 000,185,960 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.7.1\SLinstLP.exe
[2006/04/23 23:25:45 | 000,410,056 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.7.1\vwpt.exe
[2006/06/28 02:32:35 | 000,851,328 | ---- | M] (America Online Inc) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.2.71.1\AIMinst.exe
[2006/06/28 02:33:16 | 000,500,776 | ---- | M] (America Online Inc) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.2.71.1\AIMLang.exe
[2006/06/28 02:32:45 | 000,081,176 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.2.71.1\alsetup.exe
[2006/06/28 02:33:12 | 000,601,152 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.2.71.1\ampx.exe
[2006/06/28 02:33:17 | 000,104,528 | ---- | M] (Gteko Ltd.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.2.71.1\aod.exe
[2006/06/28 02:32:31 | 000,160,336 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.2.71.1\inst.exe
[2006/06/28 02:33:04 | 000,044,448 | ---- | M] (America Online) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.2.71.1\instopts.exe
[2006/06/28 02:32:39 | 000,163,864 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.2.71.1\iphinst.exe
[2006/06/28 02:32:48 | 000,552,392 | ---- | M] (America Online) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.2.71.1\muinst.exe
[2006/06/28 02:33:52 | 005,781,112 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.2.71.1\ocpinst.exe
[2006/06/28 02:33:35 | 002,941,832 | ---- | M] (Plaxo, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.2.71.1\plxoinst.exe
[2006/06/28 02:33:05 | 000,034,896 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.2.71.1\postproc.exe
[2006/06/28 02:33:08 | 000,312,912 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.2.71.1\setup.exe
[2006/06/28 02:32:57 | 000,594,240 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.2.71.1\SLinst.exe
[2006/06/28 02:32:59 | 000,352,112 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.2.71.1\SLinstLP.exe
[2006/06/28 02:33:53 | 000,306,168 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.2.71.1\tbsetup.exe
[2006/06/28 02:33:27 | 001,144,736 | ---- | M] (America Online) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.2.71.1\toolbar.exe
[2006/06/28 02:32:53 | 000,410,032 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.2.71.1\vwpt.exe
[2006/06/28 02:32:50 | 000,138,296 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.2.71.1\WDInst.exe
[2006/11/13 22:44:30 | 001,179,856 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.23.1\AIMinst.exe
[2006/11/13 22:44:00 | 000,554,704 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.23.1\AIMLang.exe
[2006/11/13 22:45:00 | 000,141,944 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.23.1\alsetup.exe
[2006/11/13 22:44:52 | 000,631,624 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.23.1\ampx.exe
[2006/11/13 22:43:51 | 000,164,912 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.23.1\inst.exe
[2006/11/13 22:44:14 | 000,055,200 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.23.1\instopts.exe
[2006/11/13 22:44:44 | 000,228,912 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.23.1\migrator.exe
[2006/11/13 22:44:05 | 000,579,272 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.23.1\muinst.exe
[2006/11/13 22:45:27 | 005,355,656 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.23.1\ocpinst.exe
[2006/11/13 22:44:18 | 000,035,888 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.23.1\postproc.exe
[2006/11/13 22:44:20 | 000,312,880 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.23.1\setup.exe
[2006/11/13 22:45:29 | 000,357,776 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.23.1\tbsetup.exe
[2006/11/13 22:44:48 | 001,063,368 | ---- | M] (AOL) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.23.1\toolbar.exe
[2006/11/13 22:44:16 | 000,409,640 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.23.1\vwpt.exe
[2007/10/01 21:43:58 | 000,854,576 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4327.165.1\waol-0.4327.165.1.exe
[2007/10/01 21:42:14 | 014,972,808 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4327.165.1\comps\acs\acssetup.exe
[2007/10/01 21:40:07 | 000,343,392 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4327.165.1\comps\afix\afixinst.exe
[2007/10/01 21:44:01 | 000,120,112 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4327.165.1\comps\afix\afixlang.exe
[2007/10/01 21:38:48 | 000,390,704 | ---- | M] (AOL, LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4327.165.1\comps\afix\WinsockFix.exe
[2007/10/01 21:39:55 | 000,223,152 | ---- | M] (AOL, LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4327.165.1\comps\afix\wsfinst.exe
[2007/10/01 21:47:32 | 000,142,608 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4327.165.1\comps\aolload\alsetup.exe
[2007/10/01 21:44:11 | 001,134,216 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4327.165.1\comps\flash\flash9ex.exe
[2007/10/01 21:43:50 | 000,573,690 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4327.165.1\comps\muinst\muinst.exe
[2007/10/01 21:39:53 | 000,054,832 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4327.165.1\comps\ocp\ocpgc.exe
[2007/10/01 21:39:08 | 001,387,568 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4327.165.1\comps\ocp\ocpinst.exe
[2007/10/01 21:40:02 | 000,054,832 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4327.165.1\comps\parcon\AOLParconLink.exe
[2007/10/01 21:38:44 | 000,099,464 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4327.165.1\comps\sm\sminstlp.exe
[2007/10/01 21:44:16 | 000,175,488 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4327.165.1\comps\sm\stmninst.exe
[2007/10/01 21:47:45 | 000,686,928 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4327.165.1\comps\sysinfo\SinfInst.exe
[2007/10/01 21:39:59 | 000,357,768 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4327.165.1\comps\tb\tbsetup.exe
[2007/10/01 21:38:38 | 001,104,960 | ---- | M] (AOL) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4327.165.1\comps\toolbar\toolbar.exe
[2007/10/01 21:47:39 | 000,607,392 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4327.165.1\comps\tpspd\wbsetup.exe
[2007/10/01 21:38:39 | 000,061,440 | ---- | M] (Viewpoint Corporation) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4327.165.1\comps\vwpt\VPPrePop.exe
[2007/10/01 21:44:49 | 003,858,056 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4327.165.1\comps\vwpt\Vwpt.exe
[2009/10/08 17:06:08 | 024,910,864 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4337.142.1\noneCodesignFilesBundle.exe
[2009/10/08 17:04:19 | 000,899,944 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4337.142.1\waol-0.4337.142.1.exe
[2009/10/08 17:04:58 | 000,260,040 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4337.142.1\comps\acs\ecuinst.exe
[2009/10/08 17:03:51 | 000,035,688 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4337.142.1\comps\acs\postproc.exe
[2009/10/08 17:04:22 | 000,168,752 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4337.142.1\comps\acs\setup.exe
[2009/10/08 17:04:00 | 001,480,888 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4337.142.1\comps\acs\comps\acscore.exe
[2009/10/08 17:04:40 | 000,964,440 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4337.142.1\comps\acs\comps\acslaeu.exe
[2009/10/08 17:04:13 | 001,613,832 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4337.142.1\comps\acs\comps\acslang.exe
[2009/10/08 17:04:23 | 000,148,232 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4337.142.1\comps\acs\comps\acsrollb.exe
[2009/10/08 17:03:44 | 000,021,296 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4337.142.1\comps\acs\comps\acsshutd.exe
[2009/10/08 17:04:22 | 000,062,248 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4337.142.1\comps\acs\comps\ocpgc.exe
[2009/10/08 17:04:55 | 003,346,736 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4337.142.1\comps\acs\comps\ocpinst.exe
[2009/10/08 17:04:16 | 000,355,592 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4337.142.1\comps\afix\afixinst.exe
[2009/10/08 17:04:21 | 000,127,224 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4337.142.1\comps\afix\afixlang.exe
[2009/10/08 17:04:42 | 000,390,704 | ---- | M] (AOL, LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4337.142.1\comps\afix\WinsockFix.exe
[2009/10/08 17:05:00 | 000,223,152 | ---- | M] (AOL, LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4337.142.1\comps\afix\wsfinst.exe
[2009/10/08 17:04:07 | 002,439,824 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4337.142.1\comps\ccu\ocpinsti.exe
[2009/10/08 17:04:17 | 000,339,632 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4337.142.1\comps\desk\dskcore.exe
[2009/10/08 17:06:30 | 002,396,160 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4337.142.1\comps\desk\dskcorlp.exe
[2009/10/08 17:04:34 | 000,188,176 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4337.142.1\comps\desk\dtblpins.exe
[2009/10/08 17:04:15 | 000,470,232 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4337.142.1\comps\desk\dtbsetup.exe
[2009/09/25 14:33:02 | 001,962,544 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4337.142.1\comps\flash\flashax.exe
[2009/10/08 17:04:09 | 000,289,960 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4337.142.1\comps\gadget\aolDailyScoop.exe
[2009/10/08 17:04:40 | 000,109,552 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4337.142.1\comps\gadget\aolSearch.exe
[2009/10/08 17:04:46 | 001,362,936 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4337.142.1\comps\msvcr9\msvc9rt.exe
[2009/09/25 14:32:54 | 000,845,814 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4337.142.1\comps\muinst\muinst.exe
[2009/10/08 17:03:50 | 000,054,832 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4337.142.1\comps\parcon\AOLParconLink.exe
[2009/10/08 17:04:32 | 000,711,104 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4337.142.1\comps\sysinfo\SinfInst.exe
[2009/10/08 17:06:15 | 000,404,568 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4337.142.1\comps\tb\tbsetup.exe
[2009/10/08 17:04:29 | 001,878,296 | ---- | M] (AOL L.L.C.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4337.142.1\comps\toolbar\aol_toolbar.exe
[2009/10/08 17:04:36 | 000,607,392 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4337.142.1\comps\tpspd\wbsetup.exe
[2009/09/25 14:32:46 | 000,061,440 | ---- | M] (Viewpoint Corporation) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4337.142.1\comps\vwpt\VPPrePop.exe
[2009/09/25 14:32:46 | 003,858,056 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4337.142.1\comps\vwpt\Vwpt.exe
[2009/03/31 21:01:09 | 057,261,736 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4337.29.1\setup.exe
[2008/07/08 02:12:18 | 000,505,245 | ---- | M] (Computer Associates Int'l ) -- C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\PPClean.exe
[87 C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\*.tmp files -> C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\*.tmp -> ]
[2006/05/22 20:08:16 | 000,075,462 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\ASP63C.tmp\aspapp\alsetup.exe
[2006/05/22 20:08:18 | 000,405,070 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\ASP63C.tmp\aspapp\aspinst.exe
[2006/05/22 20:08:24 | 000,422,386 | ---- | M] (America Online) -- C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\ASP63C.tmp\aspapp\muninst.exe
[2006/05/22 20:08:26 | 007,402,510 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\ASP63C.tmp\aspapp\ocpinst.exe
[2006/05/22 20:08:27 | 000,029,184 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\ASP63C.tmp\aspapp\postproc.exe
[2006/05/22 20:08:29 | 000,160,848 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\ASP63C.tmp\aspapp\setup.exe
[2006/05/22 20:08:31 | 000,222,000 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\ASP63C.tmp\aspapp\tbsetup.exe
[2006/05/21 20:01:18 | 000,075,462 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\ASP645.tmp\aspapp\alsetup.exe
[2006/05/21 20:02:24 | 000,405,070 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\ASP645.tmp\aspapp\aspinst.exe
[2006/05/21 20:02:35 | 000,422,386 | ---- | M] (America Online) -- C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\ASP645.tmp\aspapp\muninst.exe
[2006/05/21 20:03:19 | 007,402,510 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\ASP645.tmp\aspapp\ocpinst.exe
[2006/05/21 20:03:20 | 000,029,184 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\ASP645.tmp\aspapp\postproc.exe
[2006/05/21 20:03:22 | 000,160,848 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\ASP645.tmp\aspapp\setup.exe
[2006/05/21 20:03:25 | 000,222,000 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\ASP645.tmp\aspapp\tbsetup.exe
[2006/05/16 17:06:36 | 000,075,462 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\ASP662.tmp\aspapp\alsetup.exe
[2006/05/16 17:06:38 | 000,405,070 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\ASP662.tmp\aspapp\aspinst.exe
[2006/05/16 17:06:44 | 000,422,386 | ---- | M] (America Online) -- C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\ASP662.tmp\aspapp\muninst.exe
[2006/05/16 17:07:13 | 007,389,283 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\ASP662.tmp\aspapp\ocpinst.exe
[2006/05/16 17:07:14 | 000,029,184 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\ASP662.tmp\aspapp\postproc.exe
[2006/05/16 17:07:16 | 000,160,848 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\ASP662.tmp\aspapp\setup.exe
[2006/05/16 17:07:17 | 000,222,000 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\ASP662.tmp\aspapp\tbsetup.exe
[2007/02/05 13:38:28 | 000,245,760 | ---- | M] (CA) -- C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\ppclean\pcodelauncher.exe
[2007/03/16 07:05:13 | 002,304,136 | ---- | M] (AOL, LLC) -- C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\updates\asprtpup.exe
[2007/09/23 20:01:51 | 000,053,248 | ---- | M] (AOL, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\updates\aspapp\sunsetAsp2.exe
[2010/03/30 17:25:00 | 000,073,000 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
[2007/11/13 16:46:00 | 000,135,168 | ---- | M] ( ) -- C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
[2010/03/30 01:12:36 | 005,918,776 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

< %APPDATA%\*. >
[2007/11/08 21:30:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\AccurateRip
[2010/03/28 20:29:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Adobe
[2007/02/01 22:40:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\AdobeUM
[2006/11/14 00:32:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Aim
[2005/12/03 00:35:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Allume Systems
[2007/11/13 03:54:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Amazon
[2009/12/26 06:17:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\AOL
[2009/09/10 00:35:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Apple Computer
[2007/05/23 10:49:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\ATI
[2009/02/17 21:38:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\atitray
[2010/03/30 18:32:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\BitTorrent
[2005/12/20 18:45:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Common Files
[2005/10/27 23:29:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Corel Photo Album
[2005/10/27 21:04:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Creative
[2006/02/05 19:00:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\CyberLink
[2007/01/01 22:15:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\DivX
[2009/02/01 04:26:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\DNA
[2009/10/08 18:50:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Download Manager
[2007/11/14 20:15:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Earthsim
[2010/02/06 06:09:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\GetRightToGo
[2006/10/08 15:47:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Google
[2010/01/30 12:11:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Graham\Application Data\GTek
[2010/02/06 03:18:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\HandBrake
[2005/10/28 21:38:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Help
[2005/12/20 18:45:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\HP
[2004/08/19 16:14:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Identities
[2008/02/08 22:26:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\InstallShield
[2009/11/18 19:08:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\iTSfv
[2009/04/01 17:55:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Kontiki
[2005/10/27 23:25:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Leadertech
[2010/01/17 04:49:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\LEGO Company
[2006/02/26 00:17:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Macromedia
[2009/01/20 00:45:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Malwarebytes
[2009/02/16 22:20:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\MCMPEGEnc
[2009/02/16 06:15:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Media Player Classic
[2009/11/11 17:11:43 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Graham\Application Data\Microsoft
[2007/01/06 21:01:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Microsoft Games
[2009/07/01 03:08:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Mozilla
[2009/02/16 05:59:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\MPEG Streamclip
[2006/05/01 22:51:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\NetMedia Providers
[2009/02/15 23:06:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Nikon
[2009/04/01 17:37:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\OfficeUpdate12
[2005/12/10 01:04:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Opera
[2006/05/01 22:51:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Publish Providers
[2009/02/03 17:45:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Real
[2006/08/08 17:44:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Sereniti
[2005/10/27 23:27:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Sonic
[2006/05/01 22:51:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Sonic Foundry
[2007/11/19 19:25:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Subversion
[2005/10/26 13:55:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Sun
[2009/10/15 17:22:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\SystemRequirementsLab
[2006/09/07 18:54:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Talkback
[2006/12/05 22:22:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Tor
[2010/02/21 22:07:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\U3
[2006/10/02 22:57:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Vidalia
[2009/04/07 18:18:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Viewpoint
[2009/10/23 14:56:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Windows Desktop Search
[2009/10/25 03:37:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Windows Search
[2010/03/28 20:24:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\WinRAR
[2005/10/27 21:47:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\You've Got Pictures Screensaver

< %APPDATA%\*.exe /s >
[2007/02/01 22:39:45 | 021,277,080 | ---- | M] ( ) -- C:\Documents and Settings\Graham\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdr709_en_US.exe
[2010/03/28 20:33:07 | 000,038,784 | ---- | M] () -- C:\Documents and Settings\Graham\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2007/06/04 01:53:01 | 001,163,600 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\Graham\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
[2009/11/12 20:23:35 | 000,003,584 | R--- | M] () -- C:\Documents and Settings\Graham\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
[2009/10/31 21:05:14 | 000,094,208 | R--- | M] () -- C:\Documents and Settings\Graham\Application Data\Microsoft\Installer\{31800004-6386-4999-A519-518F2D78D8F0}\python_icon.exe
[2009/10/05 15:46:49 | 000,057,344 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\Graham\Application Data\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
[2006/10/17 01:03:49 | 000,009,158 | R--- | M] () -- C:\Documents and Settings\Graham\Application Data\Microsoft\Installer\{9A2AF890-B0CD-43DC-85F6-AA0B51024DFF}\ARPPRODUCTICON.exe
[2006/10/17 01:01:10 | 000,009,158 | R--- | M] () -- C:\Documents and Settings\Graham\Application Data\Microsoft\Installer\{C941F1F1-25B3-4DF5-83E6-888C51A1AAB6}\ARPPRODUCTICON.exe
[2009/10/05 15:48:41 | 000,049,152 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\Graham\Application Data\Microsoft\Installer\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\ARPPRODUCTICON.exe
[2006/12/07 10:45:12 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\Graham\Application Data\U3\temp\cleanup.exe
[2006/12/07 10:45:12 | 003,096,576 | -H-- | M] (SanDisk Corporation) -- C:\Documents and Settings\Graham\Application Data\U3\temp\Launchpad Removal.exe

< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/10 05:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2004/08/10 05:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/06/03 06:01:21 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/06/03 06:01:21 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/10 05:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/10 05:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/06/03 06:01:21 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/06/03 06:01:21 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/10 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\i386\eventlog.dll
[2004/08/10 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2007/03/21 12:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\dell\Drivers\R158601\iastor.sys
[2005/06/17 12:33:40 | 000,872,064 | ---- | M] (Intel Corporation) MD5=9A65E42664D1534B68512CAAD0EFE963 -- C:\drivers\storage\sata\onboard\iastor.sys
[2005/06/17 12:33:40 | 000,872,064 | ---- | M] (Intel Corporation) MD5=9A65E42664D1534B68512CAAD0EFE963 -- C:\i386\iaStor.sys
[2005/06/17 12:33:40 | 000,872,064 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/10 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll
[2004/08/10 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/10 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\i386\scecli.dll
[2004/08/10 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/13 19:11:51 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll
[32 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2005/06/17 12:33:40 | 000,872,064 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\iaStor.sys
[2007/05/21 20:46:00 | 000,682,232 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys

< %systemroot%\System32\config\*.sav >
[2004/08/19 15:56:28 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/19 15:56:28 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/19 15:56:28 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

========== Files - Unicode (All) ==========
[2007/06/22 20:11:58 | 000,000,000 | ---D | M](C:\Documents and Settings\Graham\Application Data\A?pPatch) -- C:\Documents and Settings\Graham\Application Data\AрpPatch
[2007/06/22 20:11:58 | 000,000,000 | ---D | M](C:\Documents and Settings\Graham\Application Data\A?pPatch) -- C:\Documents and Settings\Graham\Application Data\AрpPatch
(C:\Documents and Settings\Graham\Application Data\A?pPatch) -- C:\Documents and Settings\Graham\Application Data\AрpPatch

========== Alternate Data Streams ==========

@Alternate Data Stream - 522 bytes -> C:\WINDOWS\System32\drivers\sitzofbt.sys:changelist
@Alternate Data Stream - 522 bytes -> C:\WINDOWS\System32\drivers\lwsvgwtn.sys:changelist
@Alternate Data Stream - 522 bytes -> C:\WINDOWS\System32\drivers\gqjzhcnd.sys:changelist
@Alternate Data Stream - 522 bytes -> C:\WINDOWS\System32\drivers\dwvgfncl.sys:changelist
@Alternate Data Stream - 380 bytes -> C:\WINDOWS\System32\drivers\ytzcagnw.sys:changelist
@Alternate Data Stream - 380 bytes -> C:\WINDOWS\System32\drivers\xoedsqzd.sys:changelist
@Alternate Data Stream - 380 bytes -> C:\WINDOWS\System32\drivers\xiwxqznd.sys:changelist
@Alternate Data Stream - 380 bytes -> C:\WINDOWS\System32\drivers\wlqfqmrp.sys:changelist
@Alternate Data Stream - 380 bytes -> C:\WINDOWS\System32\drivers\vrnrjlry.sys:changelist
@Alternate Data Stream - 380 bytes -> C:\WINDOWS\System32\drivers\thwfuwpr.sys:changelist
@Alternate Data Stream - 380 bytes -> C:\WINDOWS\System32\drivers\skcceric.sys:changelist
@Alternate Data Stream - 380 bytes -> C:\WINDOWS\System32\drivers\risqezlr.sys:changelist
@Alternate Data Stream - 380 bytes -> C:\WINDOWS\System32\drivers\qsmtxyhd.sys:changelist
@Alternate Data Stream - 380 bytes -> C:\WINDOWS\System32\drivers\ppffjxdr.sys:changelist
@Alternate Data Stream - 380 bytes -> C:\WINDOWS\System32\drivers\opjbontt.sys:changelist
@Alternate Data Stream - 380 bytes -> C:\WINDOWS\System32\drivers\omfcknfi.sys:changelist
@Alternate Data Stream - 380 bytes -> C:\WINDOWS\System32\drivers\nlzcbevt.sys:changelist
@Alternate Data Stream - 380 bytes -> C:\WINDOWS\System32\drivers\mxwgrosu.sys:changelist
@Alternate Data Stream - 380 bytes -> C:\WINDOWS\System32\drivers\kdvnnuda.sys:changelist
@Alternate Data Stream - 380 bytes -> C:\WINDOWS\System32\drivers\jqzxxgxc.sys:changelist
@Alternate Data Stream - 380 bytes -> C:\WINDOWS\System32\drivers\jgrusmgr.sys:changelist
@Alternate Data Stream - 380 bytes -> C:\WINDOWS\System32\drivers\ihhzoopv.sys:changelist
@Alternate Data Stream - 380 bytes -> C:\WINDOWS\System32\drivers\gcjcwcnu.sys:changelist
< End of report >
  • 0

#4
K1500
Posted 31 March 2010 - 06:50 PM

K1500

    Member

  • Topic Starter
  • Member
  • PipPip
  • 68 posts
Here's the data from Extras.txt:

OTL Extras logfile created on: 3/31/2010 4:32:51 PM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Graham\Desktop\Alureon.G
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 79.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.37 Gb Total Space | 13.96 Gb Free Space | 20.12% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 465.76 Gb Total Space | 435.18 Gb Free Space | 93.44% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: XPS400
Current User Name: Graham
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] --
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.hta [@ = htafile] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)
"3689:TCP" = 3689:TCP:*:Enabled:iPhone 3G Remote
"5353:TCP" = 5353:TCP:*:Enabled:iPhone 3G Remote
"8889:TCP" = 8889:TCP:*:Enabled:iPhone

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- File not found
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- File not found
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- File not found
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader -- (AOL Inc.)
"C:\Program Files\America Online 9.0a\waol.exe" = C:\Program Files\America Online 9.0a\waol.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon -- File not found
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed -- File not found
"C:\Program Files\Common Files\AOL\1130467576\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1130467576\EE\AOLServiceHost.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" = C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL -- (Gteko Ltd.)
"C:\Program Files\NovaLogic\Armored Fist 3 Demo\Update.exe" = C:\Program Files\NovaLogic\Armored Fist 3 Demo\Update.exe:*:Enabled:Update -- File not found
"C:\Program Files\NovaLogic\MiG-29 Fulcrum\Update.exe" = C:\Program Files\NovaLogic\MiG-29 Fulcrum\Update.exe:*:Enabled:Update -- File not found
"C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard -- (Microsoft Corporation)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\Common Files\AOL\1130467576\EE\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1130467576\EE\aolsoftware.exe:*:Enabled:AOL Services -- (AOL LLC)
"C:\Program Files\Common Files\AOL\1130467576\EE\aim6.exe" = C:\Program Files\Common Files\AOL\1130467576\EE\aim6.exe:*:Enabled:AIM -- (America Online, Inc.)
"C:\WINDOWS\kdx\khost.exe" = C:\WINDOWS\kdx\khost.exe:*:Enabled:Delivery Manager -- (Kontiki Inc.)
"C:\Documents and Settings\Graham\Shared\Limewire Lime Wire Pro v.4.10.0.1 Cracked with Java Runtime Environment\LimeWire\LimeWire.exe" = C:\Documents and Settings\Graham\Shared\Limewire Lime Wire Pro v.4.10.0.1 Cracked with Java Runtime Environment\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\Program Files\Microsoft Games\Flight Simulator 9\fs9.exe" = C:\Program Files\Microsoft Games\Flight Simulator 9\fs9.exe:*:Enabled:Microsoft Flight Simulator -- File not found
"C:\WINDOWS\system32\dpnsvr.exe" = C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation)
"D:\Crack\fs9.exe" = D:\Crack\fs9.exe:*:Enabled:Microsoft Flight Simulator -- File not found
"C:\Program Files\Microsoft Games\Flight Simulator 9\cd4\Crack\fs9.exe" = C:\Program Files\Microsoft Games\Flight Simulator 9\cd4\Crack\fs9.exe:*:Enabled:Microsoft Flight Simulator -- File not found
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- File not found
"C:\Program Files\Microsoft Games\FS2002\fs2002.exe" = C:\Program Files\Microsoft Games\FS2002\fs2002.exe:*:Enabled:Microsoft Flight Simulator Module -- File not found
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Terminal Reality\4x4 Evo2\4x42.exe" = C:\Program Files\Terminal Reality\4x4 Evo2\4x42.exe:*:Enabled:4x4 EVO 2™ -- (Terminal Reality Inc.)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Winamp Remote\bin\Orb.exe" = C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb -- File not found
"C:\Program Files\Winamp Remote\bin\OrbTray.exe" = C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray -- File not found
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe" = C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client -- File not found
"C:\Program Files\Microsoft Games\Rise of Nations\thrones.exe" = C:\Program Files\Microsoft Games\Rise of Nations\thrones.exe:*:Enabled:Rise of Nations -- (Big Huge Games, Inc.)
"C:\WINDOWS\system32\htjitxsk.exe" = C:\WINDOWS\system32\htj
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- File not found
"C:\Program Files\uTorrent\utorrent.exe" = C:\Program Files\uTorrent\utorrent.exe:*:Disabled:µTorrent -- File not found
"C:\Program Files\Motorola\RSD Lite\SDL.exe" = C:\Program Files\Motorola\RSD Lite\SDL.exe:*:Enabled:SDL -- (Motorola)
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe" = C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed -- (AOL LLC)
"C:\Program Files\iSyncTunes\jre\bin\javaw.exe" = C:\Program Files\iSyncTunes\jre\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- File not found
"C:\Program Files\Live for Speed S2\LFS.exe" = C:\Program Files\Live for Speed S2\LFS.exe:*:Enabled:LFS -- ()
"C:\Documents and Settings\Graham\Desktop\Live for Speed\CSR\CSR.exe" = C:\Documents and Settings\Graham\Desktop\Live for Speed\CSR\CSR.exe:*:Enabled:CSR -- File not found
"C:\Program Files\AOL 9.1\waol.exe" = C:\Program Files\AOL 9.1\waol.exe:*:Enabled:AOL -- File not found
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- File not found
"C:\Documents and Settings\Graham\Local Settings\Temp\Rar$EX03.937\LFS.exe" = C:\Documents and Settings\Graham\Local Settings\Temp\Rar$EX03.937\LFS.exe:*:Enabled:LFS -- File not found
"C:\Program Files\AOL 9.5\waol.exe" = C:\Program Files\AOL 9.5\waol.exe:*:Enabled:AOL -- File not found
"C:\Program Files\AOL 9.5a\waol.exe" = C:\Program Files\AOL 9.5a\waol.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:192.168.1.1/255.255.255.255:Disabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Program Files\BitTorrent_DNA\dna.exe" = C:\Program Files\BitTorrent_DNA\dna.exe:*:Disabled:BitTorrent DNA -- File not found
"C:\WINDOWS\system32\dxdiag.exe" = C:\WINDOWS\system32\dxdiag.exe:*:Enabled:Microsoft DirectX Diagnostic Tool -- (Microsoft Corporation)
"C:\Documents and Settings\Graham\Local Settings\Temp\7zS92B.tmp\SymNRT.exe" = C:\Documents and Settings\Graham\Local Settings\Temp\7zS92B.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool -- File not found
"F:\Program Files\NovaLogic\Delta Force Black Hawk Down\UPDATE.EXE" = F:\Program Files\NovaLogic\Delta Force Black Hawk Down\UPDATE.EXE:*:Enabled:UPDATE -- ()
"C:\Program Files\AOL 9.6\waol.exe" = C:\Program Files\AOL 9.6\waol.exe:*:Enabled:AOL -- (AOL Inc.)
"C:\Program Files\AIM7\aim.exe" = C:\Program Files\AIM7\aim.exe:*:Enabled:AIM -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.0+ (r320)
"{0297C87B-CC40-446F-865A-031B4FC0CF22}" = Race Driver 3
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{053A7E07-3D44-4CDB-B79C-EE8755BFD7D6}" = Class_50_Content_Update
"{05410044-64A6-4248-A026-9745C1E9E159}" = Microsoft Encarta Encyclopedia Standard 2005
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0E4BC542-9CFD-4E97-B586-9F1E5516E7B9}" = Microsoft IntelliPoint 6.1
"{0E9804E3-1D94-4D4A-A17D-19777FEF049D}" = Weather Add-in for Windows Live Toolbar
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{10573F8D-B06E-4323-ADB1-004A99E83C01}" = Sonic Foundry Super Duper Music Looper
"{1064CABD-7390-4336-94E4-8A53DFBCB636}_is1" = GT Legends 1.1.0.0
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
"{11FBBEEE-4F17-D27F-299E-73C3F823D9D7}" = Catalyst Control Center Graphics Previews Common
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1A7F8DF6-5A3E-4CDF-BC82-BE26B407E21B}" = The Sims Superstar
"{1F7B8AFF-0E53-8F7A-9134-C4BBE25E295A}" = ccc-utility
"{21289AE2-24FE-11D5-8F73-0050DA0F6297}" = The Sims Menu Editor
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java™ 6 Update 19
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{2E132061-C78A-48D4-A899-1D13B9D189FA}" = Memories Disc Creator 2.0
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{31800004-6386-4999-A519-518F2D78D8F0}" = Python 2.5.1
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{353D20CC-719B-4A60-AD33-D03F88C10330}" = Microsoft Office Accounting PayPal Addin
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{36592557-65CE-4A4D-9970-764F17E0AFD3}" = MSI v2 to redistribute Rigs of Rods
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{3956DD06-7A44-C9E6-EEF4-F56C507485FB}" = ccc-core-static
"{39DAAC18-49A1-1E67-5286-F142A7D2332E}" = Catalyst Control Center Graphics Full Existing
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3F262ADC-5AD2-48E5-A586-44315E04A9E2}" = Microsoft Picture It! Library 10
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40C03514-89C3-41BA-0090-3B440256DB87}" = The Sims 2
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{42756145-9997-4D28-809B-8756BFD00106}" = Microsoft Picture It! Premium 10
"{46614A49-222A-48EF-87A9-BFD603E608E1}" = Microsoft Office Accounting Fixed Asset Manager
"{4847BBB9-EADD-4C92-90BF-4223B0892FF6}" = Microsoft Flight Simulator X Service Pack 2
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C96958A-6562-4143-B820-FF4890D3B734}" = Camera Window DVC
"{4CEA6811-DFAD-4892-828D-49941FE3B779}" = Intel® PROSet for Wired Connections
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{5164E4B0-9CD0-454A-BAC0-6771A15EEB64}" = Air Mouse Server
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{595A6662-6158-11D4-8F73-0050DA0F6297}" = The Sims Art Studio
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FA793A6-0071-42C1-9355-8F69A428C44F}" = Microsoft Office Accounting ADP Payroll Addin
"{6164D2E7-986B-42F5-B3A6-64D5E53FB889}" = Delta Force Black Hawk Down Team Sabre
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{62BFB4C2-8C4E-4D91-BD7D-81C06EAAC3C0}" = Windows Rights Management Client with Service Pack 2
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{637099FB-45FD-4BC7-9651-6FB540DBB749}" = Roxio Backup MyPC
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{661F66A1-D045-47EE-87FE-380C9DADEF00}" = ATI MCE Control Panel
"{66F0AC35-4805-44BC-A3D4-347D4196F9B3}" = Microsoft Xbox 360 Accessories 1.1
"{676C529F-B340-4878-B7F3-67A9937F455B}" = DataPlus Professional
"{67E4EE98-59F4-4210-89A6-A20AF5BEC689}" = Microsoft Streets and Trips 2005
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{720DCEC1-BD81-4AC8-ADE5-D408EC730E38}" = RSDLite
"{721FEDC0-456E-3E8B-C4AF-3C3DC8196DB4}" = ccc-core-preinstall
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}" = overland
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries
"{7AABF28C-E8DC-9859-D016-FCEED1183753}" = Catalyst Control Center Core Implementation
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{7F9C75FD-4057-C67F-54DD-84F00CEEC07A}" = Skins
"{7ff90460-89b7-435b-b583-b37b2815ccc7}" = Python 3.1.1
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{8226A577-657C-4961-8DDC-EAC8DF61B465}" = Microsoft Train Simulator gmax Gamepack
"{83073C45-3003-4671-9A86-243AAADD915A}" = Microsoft Calculator Plus
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{89BC7626-A4B4-0466-1624-B3D44DB47B8B}" = CCC Help English
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A9B8148-DDD7-448F-BD6C-358386D32354}" = Corel Photo Album 6
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{8C711818-076E-475C-B95B-DF11CD9D8DBE}" = Microsoft Office Accounting Equifax Addin
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8FE54D21-8254-4CCF-AEE0-066496AE43F4}" = Delta Force - Black Hawk Down
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_SMALLBUSINESSR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_SMALLBUSINESSR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007
"{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}" = Camera Window DS
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes
"{9A2AF890-B0CD-43DC-85F6-AA0B51024DFF}" = ATI MCE Transcode
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3DD7BA6-37A6-4245-A167-B3AA137B2157}" = TitanTV Client components for ATI
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{A99573E8-AC6A-419F-928A-E7D169F4A12A}" = Microsoft Train Simulator gmax Sample Loco
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio module
"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Roxio Media Experience
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.1
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B0717D5A-1976-482B-9ADF-F19631A541A4}" = Microsoft Office Accounting 2007
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7607FC8-72AD-486D-B6B7-A402D5876309}" = PerfectDisk 11 Professional
"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{BF7C1B99-A250-45EF-B186-0C33B7308F95}" = SD40-2_Content_Update
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C43E4B9C-14C8-4EB0-998B-85211B6EDD61}" = Acronis True Image WD Edition
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C8616041-2802-4DE2-B3BD-6285AAD65C2A}" = NEF Codec
"{C88E49AA-41C5-4420-A08D-BE1B6C5A3A74}" = DAO
"{C894366E-51C4-4162-BA82-ECBEFC1C2C61}" = PayPal Plug-In
"{C941F1F1-25B3-4DF5-83E6-888C51A1AAB6}" = AVIVO Codecs
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB54ABA8-D67F-47AD-A76C-2631BADA9FE5}" = Microsoft Works Suite Add-in for Microsoft Word
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CD704325-6572-7653-B5B2-08FD243E5D46}" = Catalyst Control Center Graphics Light
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEB481CC-F57C-4397-81A0-DADD22257047}" = Sound Blaster Live! 24-bit
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D416059B-C21B-4405-ACC0-010C481E0FDA}" = MoTeC i2 Pro
"{D560A981-FEB3-42F0-A61A-13E9528E0C51}_is1" = GTR 2 1.0.0.0
"{D6A1E429-CCE1-4140-A615-710B806D12BA}" = Motorola Driver Installation 3.2.0
"{D6D4828F-A5B2-11D4-8F73-0050DA0F6297}" = The Sims File Cop
"{DE1AF137-C455-494A-A817-EFE44BCCFDEE}" = Works Upgrade
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E40CE517-0D42-4198-96B4-C8232B257EB5}" = Data Lifeguard Diagnostic for Windows
"{E46B2F8A-6CCD-4949-871D-F9664F2113AB}" = PayPal Plug-In
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E590FD1C-E8C6-4D2E-8CA9-77B403F7EE01}" = Microsoft Antimalware
"{E5D720C6-67A3-DD48-30E0-7B5EAE4DDA13}" = Catalyst Control Center Graphics Full New
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F62D99F9-FD4A-4F5B-AB33-68EFDCDC18F3}" = MSI to redistribute Rigs of Rods
"{F855C3AE-992D-4B84-A09D-07103CDCDAC2}" = Compact Wireless-G USB Adapter
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"18 Wheels of Steel: Haulin'" = 18 Wheels of Steel: Haulin'
"4x4 Evo2" = 4x4 Evo2
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"All ATI Software" = ATI - Software Uninstall Utility
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"AolCoach2_en" = AOL Coach Version 2.0(Build:20041026.5 en)
"ATI Display Driver" = ATI Display Driver
"AVI Codec Pack" = AVI Codec Pack
"BitTorrent" = BitTorrent
"Bus Driver" = Bus Driver 1.0
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"CamQuest6 Cam Selection.0408" = CamQuest6 Cam Selection.0408
"Capture NX 2" = Capture NX 2
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"dBpoweramp DSP Effects" = dBpoweramp DSP Effects
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"Device Control" = Device Control
"Dirt Track Racing" = Dirt Track Racing
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DriverAgent.exe" = DriverAgent by eSupport.com
"drmtool.inf" = Personal License Update Wizard for Windows Media Player
"EAXSet" = Creative EAX Settings
"EFILive V7.5" = EFILive V7.5
"Electronic Arts Game Updater" = Electronic Arts Game Updater
"EngMod 2.0" = EngMod 2.0
"FaceLift" = FaceLift
"FoxyTunesForFirefox" = FoxyTunes for Firefox
"getPlus®_dll" = getPlus®_dll
"Google Video Uploader" = Google Video Uploader
"Graphviz" = Graphviz
"Harley-Davidson® - Race Across America" = Harley-Davidson® - Race Across America
"HD Tune Pro_is1" = HD Tune Pro 3.50
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"InstallShield_{4C96958A-6562-4143-B820-FF4890D3B734}" = Canon Camera Window DVC for ZoomBrowser EX
"InstallShield_{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}" = Canon Camera Window DS for ZoomBrowser EX
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"InstallShield_{C88E49AA-41C5-4420-A08D-BE1B6C5A3A74}" = DAO
"Internet Keyboard Pro # KB535BL" = Internet Keyboard Pro # KB535BL
"iTSfv_is1" = iTSfv 5.61.2.1
"LeaderGL FlexEditor" = LeaderGL FlexEditor 10.4 XP
"LimeWire" = LimeWire PRO 5.4.8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Max Media Creator_is1" = Max Media Creator
"MaxDrive PS2" = MaxDrive PS2
"Media Jukebox 8.0" = Media Jukebox 8.0
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Office Accounting 2007" = Microsoft Office Accounting 2007
"Microsoft Office Accounting Equifax Addin" = Microsoft Office Accounting Equifax Addin
"Microsoft Office Accounting PayPal Addin" = Microsoft Office Accounting PayPal Addin
"Microsoft Security Essentials" = Microsoft Security Essentials
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"mmmusic" = Movie Maker Background Music Files
"mmsounds" = Movie Maker Sound Effects
"mmtitle" = Movie Maker Title Images
"Mod Aston Martin DBR9" = Mod Aston Martin DBR9 v1.1
"Money2005b" = Microsoft Money 2005
"Mozilla Firefox (3.6.2)" = Mozilla Firefox (3.6.2)
"MP3 Splitter & Joiner_is1" = MP3 Splitter & Joiner 3.32
"mplibwiz.inf" = Media Library Management Wizard
"mpxlswiz.inf" = Windows Media Player Playlist Import to Excel Wizard
"mpxptray.inf" = Windows Media Player Tray Control
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Need For Speed - Porsche Unleashed" = Need For Speed - Porsche Unleashed
"New LEGO Digital Designer" = LEGO Digital Designer
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Photags Music Express" = iConcepts Music Express
"PictureItPrem_v10" = Microsoft Picture It! Premium 10
"Porsche Carrera Cup 2006 v1.1 - by GRF" = Porsche Carrera Cup 2006 v1.1 - by GRF
"PROSet" = Intel® PRO Network Connections Drivers
"R8 Gordini Graphic Update" = R8 Gordini Graphic Update
"Rigs of Rods" = Rigs of Rods 0.36.2
"Rigs of Rods Toolkit" = Rigs of Rods Toolkit 0.34-rc3
"RiseOfNations 1.0" = Microsoft Rise Of Nations
"RiseOfNationsExpansion 1.0" = Rise of Nations
"Shockwave" = Shockwave
"SideWinder Precision 2" = SideWinder Precision 2
"SMALLBUSINESSR" = Microsoft Office Small Business 2007
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SP1_9527A496-5DF9-412A-ADC7-168BA5379CA6" = Microsoft Flight Simulator X Service Pack 1
"SPEAKER" = Creative Speaker Settings
"ST5UNST #1" = MoTeC Interpreter
"SystemRequirementsLab" = System Requirements Lab
"Train Simulator 1.0" = Microsoft Train Simulator
"Trials - Mountain Heights" = Trials - Mountain Heights (remove only)
"Trials Construction Yard" = Trials Construction Yard (remove only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"wa2wmp" = Windows Media Player Skin Importer
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"WIC" = Windows Imaging Component
"Windows Live Safety scanner" = Windows Live Safety scanner
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMBK2" = Windows Media Bonus Pack for Windows XP
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"kdx_aolhqvprod" = AOL Hi-Q Video
"mpowerplayer" = mpowerplayer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/31/2010 7:15:32 AM | Computer Name = XPS400 | Source = MSSecurityEssentials | ID = 5000
Description =

Error - 3/31/2010 7:16:18 AM | Computer Name = XPS400 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 2.1.6519.0,
P5 mpsigdwn.dll, P6 2.1.6519.0, P7 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P8 NIL, P9 NIL, P10 NIL.

Error - 3/31/2010 7:16:20 AM | Computer Name = XPS400 | Source = MSSecurityEssentials | ID = 5000
Description =

Error - 3/31/2010 5:19:17 PM | Computer Name = XPS400 | Source = Windows Search Service | ID = 3013
Description = The entry <F:\MY DOCUMENTS\MY MUSIC\ITUNES\TEMP FILE.TMP> in the hash
map cannot be updated. Context: Application, SystemIndex Catalog Details: A device
attached to the system is not functioning. (0x8007001f)

Error - 3/31/2010 5:19:44 PM | Computer Name = XPS400 | Source = Windows Search Service | ID = 3013
Description = The entry <F:\MY DOCUMENTS\MY MUSIC\ITUNES\TEMP FILE.TMP> in the hash
map cannot be updated. Context: Application, SystemIndex Catalog Details: A device
attached to the system is not functioning. (0x8007001f)

Error - 3/31/2010 5:19:52 PM | Computer Name = XPS400 | Source = Windows Search Service | ID = 3013
Description = The entry <F:\MY DOCUMENTS\MY MUSIC\ITUNES\TEMP FILE.TMP> in the hash
map cannot be updated. Context: Application, SystemIndex Catalog Details: A device
attached to the system is not functioning. (0x8007001f)

Error - 3/31/2010 5:26:01 PM | Computer Name = XPS400 | Source = Bonjour Service | ID = 100
Description = 220: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 3/31/2010 5:26:01 PM | Computer Name = XPS400 | Source = Bonjour Service | ID = 100
Description = 228: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 3/31/2010 5:26:01 PM | Computer Name = XPS400 | Source = Bonjour Service | ID = 100
Description = 436: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 3/31/2010 5:26:01 PM | Computer Name = XPS400 | Source = Bonjour Service | ID = 100
Description = 432: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

[ OSession Events ]
Error - 9/16/2007 5:40:38 PM | Computer Name = XPS400 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 24
seconds with 0 seconds of active time. This session ended with a crash.

Error - 9/16/2007 5:45:14 PM | Computer Name = XPS400 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 251
seconds with 60 seconds of active time. This session ended with a crash.

Error - 9/16/2007 5:47:04 PM | Computer Name = XPS400 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 79
seconds with 0 seconds of active time. This session ended with a crash.

Error - 9/16/2007 7:37:05 PM | Computer Name = XPS400 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 6573
seconds with 60 seconds of active time. This session ended with a crash.

Error - 9/17/2007 1:47:08 AM | Computer Name = XPS400 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 13175
seconds with 60 seconds of active time. This session ended with a crash.

Error - 9/17/2007 6:07:36 PM | Computer Name = XPS400 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 155
seconds with 0 seconds of active time. This session ended with a crash.

Error - 4/3/2008 4:51:46 PM | Computer Name = XPS400 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 56
seconds with 0 seconds of active time. This session ended with a crash.

Error - 5/20/2008 4:29:14 PM | Computer Name = XPS400 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 21
seconds with 0 seconds of active time. This session ended with a crash.

Error - 12/21/2008 1:07:56 AM | Computer Name = XPS400 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 58
seconds with 0 seconds of active time. This session ended with a crash.

Error - 2/22/2009 9:46:09 PM | Computer Name = XPS400 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 89
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 3/31/2010 1:33:15 AM | Computer Name = XPS400 | Source = DCOM | ID = 10010
Description = The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register
with DCOM within the required timeout.

Error - 3/31/2010 1:33:15 AM | Computer Name = XPS400 | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.79.812.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.5605.0 Error code: 0x80080005 Error
description: Server execution failed

Error - 3/31/2010 1:39:15 AM | Computer Name = XPS400 | Source = DCOM | ID = 10010
Description = The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register
with DCOM within the required timeout.

Error - 3/31/2010 1:39:15 AM | Computer Name = XPS400 | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.79.812.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.5605.0 Error code: 0x80080005 Error
description: Server execution failed

Error - 3/31/2010 2:08:39 AM | Computer Name = XPS400 | Source = ati2mtag | ID = 45062
Description = CRT invalid display type

Error - 3/31/2010 2:08:42 AM | Computer Name = XPS400 | Source = Print | ID = 23
Description = Printer Fax failed to initialize because a suitable Microsoft Shared
Fax Driver driver could not be found.

Error - 3/31/2010 7:03:23 AM | Computer Name = XPS400 | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.79.812.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.5605.0 Error
code: 0x8024402c Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

Error - 3/31/2010 7:16:18 AM | Computer Name = XPS400 | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.79.812.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.5605.0 Error
code: 0x8024402c Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

Error - 3/31/2010 5:02:19 PM | Computer Name = XPS400 | Source = ati2mtag | ID = 45062
Description = CRT invalid display type

Error - 3/31/2010 5:02:22 PM | Computer Name = XPS400 | Source = Print | ID = 23
Description = Printer Fax failed to initialize because a suitable Microsoft Shared
Fax Driver driver could not be found.


< End of report >

I'll post the log from GMER as soon as it finishes. Thanks a lot for the help, hammerman! :)

Edited by K1500, 31 March 2010 - 06:51 PM.

  • 0

#5
hammerman
Posted 01 April 2010 - 11:30 AM

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hi,

Any luck with the GMER log?
  • 0

#6
K1500
Posted 01 April 2010 - 11:46 AM

K1500

    Member

  • Topic Starter
  • Member
  • PipPip
  • 68 posts

Hi,

Any luck with the GMER log?


My computer became completely locked up last evening and I was unable to save the log, so I had to restart it. As of this morning, my computer was still fully responsive and I made sure I had saved the log at the current point before I left. Hopefully it has finished or will finish by the time I get home. I should have the log posted within three hours. Thanks!
  • 0

#7
K1500
Posted 01 April 2010 - 02:17 PM

K1500

    Member

  • Topic Starter
  • Member
  • PipPip
  • 68 posts
Alright, here are the results from GMER:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-01 15:11:04
Windows 5.1.2600 Service Pack 3
Running: 0wxvv857.exe; Driver: C:\DOCUME~1\Graham\LOCALS~1\Temp\fxtdipod.sys


---- System - GMER 1.0.15 ----

SSDT sptd.sys ZwCreateKey [0xB9EC00D0]
SSDT sptd.sys ZwEnumerateKey [0xB9EC5E2C]
SSDT sptd.sys ZwEnumerateValueKey [0xB9EC61BA]
SSDT sptd.sys ZwOpenKey [0xB9EC00B0]
SSDT sptd.sys ZwQueryKey [0xB9EC6292]
SSDT sptd.sys ZwQueryValueKey [0xB9EC6112]
SSDT sptd.sys ZwSetValueKey [0xB9EC6324]

INT 0x01 \SystemRoot\system32\DRIVERS\ati2mtag.sys (ATI Radeon WindowsNT Miniport Driver/ATI Technologies Inc.) B820D541
INT 0x03 \SystemRoot\system32\DRIVERS\ati2mtag.sys (ATI Radeon WindowsNT Miniport Driver/ATI Technologies Inc.) B820D5E7

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8B8FC1E8
Device \FileSystem\Fastfat \FatCdrom 89B407A0
Device \Driver\usbuhci \Device\USBPDO-0 8ADD01E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8B8FE1E8
Device \Driver\dmio \Device\DmControl\DmConfig 8B8FE1E8
Device \Driver\dmio \Device\DmControl\DmPnP 8B8FE1E8
Device \Driver\dmio \Device\DmControl\DmInfo 8B8FE1E8
Device \Driver\usbuhci \Device\USBPDO-1 8ADD01E8
Device \Driver\usbuhci \Device\USBPDO-2 8ADD01E8
Device \Driver\usbuhci \Device\USBPDO-3 8ADD01E8
Device \Driver\usbehci \Device\USBPDO-4 8ADCD7A0
Device \Driver\Ftdisk \Device\HarddiskVolume1 8B88C1E8

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)

Device \Driver\Ftdisk \Device\HarddiskVolume2 8B88C1E8

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)

Device \Driver\Cdrom \Device\CdRom0 8ADE97A0
Device \Driver\PCI_NTPNP1708 \Device\00000059 sptd.sys
Device \Driver\Cdrom \Device\CdRom1 8ADE97A0
Device \Driver\iastor \Device\Ide\iaStor0 8B8FD1E8
Device \Driver\iastor \Device\Ide\iaStor0 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort0 [B9E14B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [B9E14B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [B9E14B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\iastor \Device\Ide\IAAStorageDevice-0 8B8FD1E8
Device \Driver\iastor \Device\Ide\IAAStorageDevice-0 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\iastor \Device\Ide\IAAStorageDevice-1 8B8FD1E8
Device \Driver\iastor \Device\Ide\IAAStorageDevice-1 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\Ftdisk \Device\HarddiskVolume3 8B88C1E8

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)

Device \Driver\Ftdisk \Device\HarddiskVolume4 8B88C1E8

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)

Device \Driver\NetBT \Device\NetBt_Wins_Export 8AA8B7A0
Device \Driver\USBSTOR \Device\00000078 8A562630
Device \Driver\USBSTOR \Device\00000078 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\NetBT \Device\NetBT_Tcpip_{2F69DF63-90DE-4818-A569-A6BCFA5464FD} 8AA8B7A0
Device \Driver\NetBT \Device\NetbiosSmb 8AA8B7A0
Device \Driver\usbuhci \Device\USBFDO-0 8ADD01E8
Device \Driver\usbuhci \Device\USBFDO-1 8ADD01E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89DD33D0
Device \Driver\usbuhci \Device\USBFDO-2 8ADD01E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 89DD33D0
Device \Driver\USBSTOR \Device\0000007c 8A562630
Device \Driver\USBSTOR \Device\0000007c sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\usbuhci \Device\USBFDO-3 8ADD01E8
Device \Driver\usbehci \Device\USBFDO-4 8ADCD7A0
Device \Driver\Ftdisk \Device\FtControl 8B88C1E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{B4601DA1-8477-4AC8-8770-34FF6E6A5F00} 8AA8B7A0
Device \Driver\aiorcx1f \Device\Scsi\aiorcx1f1 8AD3F7A0
Device \FileSystem\Fastfat \Fat 89B407A0

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs 89B3F7A0

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x90 0x63 0x93 0xD0 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x08 0xDD 0xAB 0x65 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x38 0x7A 0x98 0xB6 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x90 0x63 0x93 0xD0 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x08 0xDD 0xAB 0x65 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x38 0x7A 0x98 0xB6 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x90 0x63 0x93 0xD0 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x08 0xDD 0xAB 0x65 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x38 0x7A 0x98 0xB6 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x90 0x63 0x93 0xD0 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x08 0xDD 0xAB 0x65 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x38 0x7A 0x98 0xB6 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x90 0x63 0x93 0xD0 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x08 0xDD 0xAB 0x65 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x38 0x7A 0x98 0xB6 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x90 0x63 0x93 0xD0 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x08 0xDD 0xAB 0x65 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x38 0x7A 0x98 0xB6 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x90 0x63 0x93 0xD0 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x08 0xDD 0xAB 0x65 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x38 0x7A 0x98 0xB6 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x90 0x63 0x93 0xD0 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x08 0xDD 0xAB 0x65 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x38 0x7A 0x98 0xB6 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x90 0x63 0x93 0xD0 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x08 0xDD 0xAB 0x65 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x38 0x7A 0x98 0xB6 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x90 0x63 0x93 0xD0 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x08 0xDD 0xAB 0x65 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x38 0x7A 0x98 0xB6 ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x90 0x63 0x93 0xD0 ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x08 0xDD 0xAB 0x65 ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x38 0x7A 0x98 0xB6 ...

---- EOF - GMER 1.0.15 ----
  • 0

#8
hammerman
Posted 01 April 2010 - 02:54 PM

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hi,

Please follow these steps.

-- Step 1 --

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
DRV - (vrnrjlry) -- C:\WINDOWS\system32\drivers\vrnrjlry.sys (Microsoft Corporation)
DRV - (ytzcagnw) -- C:\WINDOWS\system32\drivers\ytzcagnw.sys (Microsoft Corporation)
DRV - (dwvgfncl) -- C:\WINDOWS\system32\drivers\dwvgfncl.sys (Microsoft Corporation)
O2 - BHO: (no name) - {1FD79A59-37B1-459B-9097-09F9FAB8A523} - No CLSID value found.
O2 - BHO: (no name) - {9255A473-D67E-4921-ACA1-46C63AB01EE2} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O20 - Winlogon\Notify\vtutrpm: DllName - vtutrpm.dll - File not found
[2010/03/31 16:22:31 | 000,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\vrnrjlry.sys
[2010/03/31 16:13:09 | 000,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ytzcagnw.sys
[2010/03/31 16:10:59 | 000,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dwvgfncl.sys
[2010/03/31 06:16:38 | 000,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\qsmtxyhd.sys
[2010/03/31 06:15:59 | 000,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mxwgrosu.sys
[2010/03/31 06:02:31 | 000,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\jgrusmgr.sys
[2010/03/31 05:55:13 | 000,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\omfcknfi.sys
[2010/03/31 05:44:43 | 000,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\kdvnnuda.sys
[2010/03/31 05:34:09 | 000,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\skcceric.sys
[2010/03/31 05:23:35 | 000,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ppffjxdr.sys
[2010/03/31 05:13:01 | 000,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gcjcwcnu.sys
[2010/03/31 05:02:26 | 000,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\xiwxqznd.sys
[2010/03/31 04:51:52 | 000,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\thwfuwpr.sys
[2010/03/31 04:41:19 | 000,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\jqzxxgxc.sys
[2010/03/31 04:30:41 | 000,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ihhzoopv.sys
[2010/03/31 04:20:06 | 000,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wlqfqmrp.sys
[2010/03/31 04:09:25 | 000,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\xoedsqzd.sys
[2010/03/31 03:58:43 | 000,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\risqezlr.sys
[2010/03/31 01:29:50 | 000,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sitzofbt.sys
[2010/03/31 00:24:10 | 000,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\opjbontt.sys
[2010/03/31 00:14:49 | 000,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nlzcbevt.sys
[2010/03/31 00:08:31 | 000,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\lwsvgwtn.sys
[2010/03/30 22:04:47 | 000,030,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gqjzhcnd.sys
[2007/07/19 20:14:35 | 000,006,365 | -HS- | C] () -- C:\WINDOWS\System32\oqtwa.ini
[2007/07/19 17:40:58 | 001,810,608 | -HS- | C] () -- C:\WINDOWS\System32\rtutv.ini2
[2007/07/17 23:18:28 | 000,000,295 | -HS- | C] () -- C:\WINDOWS\System32\hoghjcbo.ini
[2007/07/17 22:08:55 | 000,000,295 | -HS- | C] () -- C:\WINDOWS\System32\adtdwuoy.ini
[2007/07/17 21:23:05 | 000,000,295 | -HS- | C] () -- C:\WINDOWS\System32\dyuulkih.ini
[2007/07/17 20:44:03 | 000,000,295 | -HS- | C] () -- C:\WINDOWS\System32\cpumjybo.ini
[2007/07/17 16:07:34 | 000,000,465 | -HS- | C] () -- C:\WINDOWS\System32\hlihnpsp.ini
[2007/07/16 16:57:13 | 000,000,405 | -HS- | C] () -- C:\WINDOWS\System32\efxnfehe.ini
[2007/07/12 17:24:29 | 000,000,405 | -HS- | C] () -- C:\WINDOWS\System32\ojmmlumg.ini
[2007/07/10 16:28:17 | 000,000,355 | -HS- | C] () -- C:\WINDOWS\System32\urgctmwb.ini
[2007/07/09 21:36:52 | 000,000,345 | -HS- | C] () -- C:\WINDOWS\System32\mfvmkqyu.ini
[2007/07/09 16:00:01 | 000,000,415 | -HS- | C] () -- C:\WINDOWS\System32\vrptaxbg.ini
[2007/07/09 04:48:41 | 000,000,355 | -HS- | C] () -- C:\WINDOWS\System32\fjoxfwjf.ini
[2007/07/09 03:59:36 | 001,045,826 | -HS- | C] () -- C:\WINDOWS\System32\qbhobjmk.ini
[2007/07/08 03:55:21 | 001,045,767 | -HS- | C] () -- C:\WINDOWS\System32\dpgynipa.ini
[2007/07/07 15:50:19 | 001,906,404 | -HS- | C] () -- C:\WINDOWS\System32\rtutv.ini
[2007/07/07 12:44:24 | 001,856,491 | -HS- | C] () -- C:\WINDOWS\System32\cbeeg.ini2
[2007/07/07 06:40:35 | 001,045,647 | -HS- | C] () -- C:\WINDOWS\System32\piblinml.ini
[2007/07/06 16:13:29 | 001,045,545 | -HS- | C] () -- C:\WINDOWS\System32\vatimosr.ini
[2007/07/05 14:48:26 | 001,053,789 | -HS- | C] () -- C:\WINDOWS\System32\gwtbqgod.ini
[2007/07/04 19:34:25 | 000,000,345 | -HS- | C] () -- C:\WINDOWS\System32\fbjnablr.ini
[2007/07/04 13:41:22 | 001,032,806 | -HS- | C] () -- C:\WINDOWS\System32\aevopsfe.ini
[2007/07/04 12:52:05 | 000,000,345 | -HS- | C] () -- C:\WINDOWS\System32\jcahuvqh.ini
[2007/07/04 10:47:21 | 001,032,729 | -HS- | C] () -- C:\WINDOWS\System32\truvbvos.ini
[2007/07/03 16:12:36 | 000,000,345 | -HS- | C] () -- C:\WINDOWS\System32\ehbqewey.ini
[2007/07/03 16:08:46 | 001,860,696 | -HS- | C] () -- C:\WINDOWS\System32\cbeeg.ini
[2007/06/29 19:52:14 | 001,856,526 | -HS- | C] () -- C:\WINDOWS\System32\hgjlm.ini2
[2007/06/23 01:51:25 | 000,023,930 | -HS- | C] () -- C:\WINDOWS\System32\hgjlm.ini
[2007/06/22 05:58:23 | 000,000,465 | -HS- | C] () -- C:\WINDOWS\System32\wwwobihf.ini
[2007/06/22 05:40:09 | 000,000,353 | -HS- | C] () -- C:\WINDOWS\System32\xbadd.ini
[2007/06/22 05:40:09 | 000,000,353 | -HS- | C] () -- C:\WINDOWS\System32\cccdd.ini
[2007/06/22 05:40:09 | 000,000,322 | -HS- | C] () -- C:\WINDOWS\System32\xybeg.ini

:Services

:Reg

:Files
C:\WINDOWS\system32\drivers\iaStor.sys | C:\i386\iaStor.sys /replace

:Commands
[purity]
[emptytemp]
[emptyflash]
[start explorer]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • This fix will produce a report. Please add this to your reply.
-- Step 2 --

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
  • 0

#9
K1500
Posted 01 April 2010 - 03:06 PM

K1500

    Member

  • Topic Starter
  • Member
  • PipPip
  • 68 posts
Alright, I'll give those a go. Thanks a lot! :)
  • 0

#10
K1500
Posted 01 April 2010 - 03:34 PM

K1500

    Member

  • Topic Starter
  • Member
  • PipPip
  • 68 posts
Here's the report from OTR, I'm about to run ComboFix after posting this:

All processes killed
========== OTL ==========
Error: No service named vrnrjlry was found to stop!
Service\Driver key vrnrjlry not found.
C:\WINDOWS\system32\drivers\vrnrjlry.sys moved successfully.
Error: No service named ytzcagnw was found to stop!
Service\Driver key ytzcagnw not found.
C:\WINDOWS\system32\drivers\ytzcagnw.sys moved successfully.
Error: No service named dwvgfncl was found to stop!
Service\Driver key dwvgfncl not found.
C:\WINDOWS\system32\drivers\dwvgfncl.sys moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD79A59-37B1-459B-9097-09F9FAB8A523}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1FD79A59-37B1-459B-9097-09F9FAB8A523}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9255A473-D67E-4921-ACA1-46C63AB01EE2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9255A473-D67E-4921-ACA1-46C63AB01EE2}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4982D40A-C53B-4615-B15B-B5B5E98D167C}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{5CBE2611-C31B-401F-89BC-4CBB25E853D7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5CBE2611-C31B-401F-89BC-4CBB25E853D7}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F2CF5485-4E02-4F68-819C-B92DE9277049} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F2CF5485-4E02-4F68-819C-B92DE9277049}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\vtutrpm\ deleted successfully.
File C:\WINDOWS\System32\drivers\vrnrjlry.sys not found.
File C:\WINDOWS\System32\drivers\ytzcagnw.sys not found.
File C:\WINDOWS\System32\drivers\dwvgfncl.sys not found.
C:\WINDOWS\system32\drivers\qsmtxyhd.sys moved successfully.
C:\WINDOWS\system32\drivers\mxwgrosu.sys moved successfully.
C:\WINDOWS\system32\drivers\jgrusmgr.sys moved successfully.
C:\WINDOWS\system32\drivers\omfcknfi.sys moved successfully.
C:\WINDOWS\system32\drivers\kdvnnuda.sys moved successfully.
C:\WINDOWS\system32\drivers\skcceric.sys moved successfully.
C:\WINDOWS\system32\drivers\ppffjxdr.sys moved successfully.
C:\WINDOWS\system32\drivers\gcjcwcnu.sys moved successfully.
C:\WINDOWS\system32\drivers\xiwxqznd.sys moved successfully.
C:\WINDOWS\system32\drivers\thwfuwpr.sys moved successfully.
C:\WINDOWS\system32\drivers\jqzxxgxc.sys moved successfully.
C:\WINDOWS\system32\drivers\ihhzoopv.sys moved successfully.
C:\WINDOWS\system32\drivers\wlqfqmrp.sys moved successfully.
C:\WINDOWS\system32\drivers\xoedsqzd.sys moved successfully.
C:\WINDOWS\system32\drivers\risqezlr.sys moved successfully.
C:\WINDOWS\system32\drivers\sitzofbt.sys moved successfully.
C:\WINDOWS\system32\drivers\opjbontt.sys moved successfully.
C:\WINDOWS\system32\drivers\nlzcbevt.sys moved successfully.
C:\WINDOWS\system32\drivers\lwsvgwtn.sys moved successfully.
C:\WINDOWS\system32\drivers\gqjzhcnd.sys moved successfully.
C:\WINDOWS\system32\oqtwa.ini moved successfully.
C:\WINDOWS\system32\rtutv.ini2 moved successfully.
C:\WINDOWS\system32\hoghjcbo.ini moved successfully.
C:\WINDOWS\system32\adtdwuoy.ini moved successfully.
C:\WINDOWS\system32\dyuulkih.ini moved successfully.
C:\WINDOWS\system32\cpumjybo.ini moved successfully.
C:\WINDOWS\system32\hlihnpsp.ini moved successfully.
C:\WINDOWS\system32\efxnfehe.ini moved successfully.
C:\WINDOWS\system32\ojmmlumg.ini moved successfully.
C:\WINDOWS\system32\urgctmwb.ini moved successfully.
C:\WINDOWS\system32\mfvmkqyu.ini moved successfully.
C:\WINDOWS\system32\vrptaxbg.ini moved successfully.
C:\WINDOWS\system32\fjoxfwjf.ini moved successfully.
C:\WINDOWS\system32\qbhobjmk.ini moved successfully.
C:\WINDOWS\system32\dpgynipa.ini moved successfully.
C:\WINDOWS\system32\rtutv.ini moved successfully.
C:\WINDOWS\system32\cbeeg.ini2 moved successfully.
C:\WINDOWS\system32\piblinml.ini moved successfully.
C:\WINDOWS\system32\vatimosr.ini moved successfully.
C:\WINDOWS\system32\gwtbqgod.ini moved successfully.
C:\WINDOWS\system32\fbjnablr.ini moved successfully.
C:\WINDOWS\system32\aevopsfe.ini moved successfully.
C:\WINDOWS\system32\jcahuvqh.ini moved successfully.
C:\WINDOWS\system32\truvbvos.ini moved successfully.
C:\WINDOWS\system32\ehbqewey.ini moved successfully.
C:\WINDOWS\system32\cbeeg.ini moved successfully.
C:\WINDOWS\system32\hgjlm.ini2 moved successfully.
C:\WINDOWS\system32\hgjlm.ini moved successfully.
C:\WINDOWS\system32\wwwobihf.ini moved successfully.
C:\WINDOWS\system32\xbadd.ini moved successfully.
C:\WINDOWS\system32\cccdd.ini moved successfully.
C:\WINDOWS\system32\xybeg.ini moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File C:\WINDOWS\system32\drivers\iaStor.sys successfully replaced with C:\i386\iaStor.sys
========== COMMANDS ==========
C:\Documents and Settings\Graham\Application Data\AрpPatch\AрpPatch folder moved successfully.
C:\Documents and Settings\Graham\Application Data\AрpPatch folder moved successfully.

[EMPTYTEMP]

User: Administrator
->Temporary Internet Files folder emptied: 0 bytes

User: All Users
->Flash cache emptied: 176 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 41620 bytes

User: Graham
->Temp folder emptied: 48500708 bytes
->Temporary Internet Files folder emptied: 82322 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 19107544 bytes
->Flash cache emptied: 1221298 bytes

User: Guest
->Temp folder emptied: 515 bytes
->Temporary Internet Files folder emptied: 170497973 bytes
->Java cache emptied: 3006351 bytes
->FireFox cache emptied: 51964777 bytes
->Flash cache emptied: 109125 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 111893 bytes

User: NetworkService
->Temp folder emptied: 267836 bytes
->Temporary Internet Files folder emptied: 33042 bytes

User: XPS400

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 117873 bytes
%systemroot%\System32 .tmp files removed: 25239702 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6525074 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34318 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 312.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Graham
->Flash cache emptied: 0 bytes

User: Guest
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: XPS400

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.1.37.3 log created on 04012010_162540

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\TMP00000005448A86F7E8A18F6B not found!
File\Folder C:\WINDOWS\temp\TMP0000000609EAE641EAFC34C8 not found!

Registry entries deleted on Reboot...
  • 0

Advertisements

#11
K1500
Posted 01 April 2010 - 04:10 PM

K1500

    Member

  • Topic Starter
  • Member
  • PipPip
  • 68 posts
Here is the log from ComboFix:

ComboFix 10-03-29.04 - Graham 04/01/2010 16:49:14.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.3000 [GMT -5:00]
Running from: c:\documents and settings\Graham\Desktop\Alureon.G\ComboFix.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Graham\Start Menu\Programs\AVI Codec Pack +
c:\documents and settings\Graham\Start Menu\Programs\AVI Codec Pack +\Check For Updates.lnk
c:\documents and settings\Graham\Start Menu\Programs\AVI Codec Pack +\Uninstall.lnk
c:\program files\AVI Codec Pack
c:\program files\AVI Codec Pack\DivX 3.11\DivX.inf
c:\program files\AVI Codec Pack\DivX 3.11\DIVX_c32.ax
c:\program files\AVI Codec Pack\DivX 3.11\DivXa32.acm
c:\program files\AVI Codec Pack\DivX 3.11\DivXc32.dll
c:\program files\AVI Codec Pack\DivX 3.11\DivXc32f.dll
c:\program files\AVI Codec Pack\DivX 3.11\L3codeca.acm
c:\program files\AVI Codec Pack\divx.chm
c:\program files\AVI Codec Pack\ffdhow\ffdshow.ax
c:\program files\AVI Codec Pack\ffdhow\ffdshow.ax.manifest
c:\program files\AVI Codec Pack\ffdhow\libavcodec.dll
c:\program files\AVI Codec Pack\ffdhow\libmpeg2_ff.dll
c:\program files\AVI Codec Pack\ffdhow\libmplayer.dll
c:\program files\AVI Codec Pack\ffdhow\TomsMoComp_ff.dll
c:\program files\AVI Codec Pack\LAYER-3\L3CODECP.ACM
c:\program files\AVI Codec Pack\LAYER-3\RaMp3Cfg.exe
c:\program files\AVI Codec Pack\uninstall.exe
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\eSellerateEngine.dll
c:\windows\system32\Cache
c:\windows\system32\cbeeg.bak1
c:\windows\system32\cbeeg.bak2
c:\windows\system32\Data
c:\windows\system32\hgjlm.bak1
c:\windows\system32\hgjlm.bak2
c:\windows\system32\oqtwa.bak1
c:\windows\system32\rtutv.bak1
c:\windows\system32\rtutv.bak2
c:\windows\system32\Thumbs.db

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IPRIP


((((((((((((((((((((((((( Files Created from 2010-03-01 to 2010-04-01 )))))))))))))))))))))))))))))))
.

2010-04-01 21:25 . 2010-04-01 21:25 -------- d-----w- C:\_OTL
2010-04-01 05:12 . 2010-04-01 05:12 30784 ----a-w- c:\windows\system32\drivers\mytmnpyw.sys
2010-04-01 04:57 . 2010-04-01 04:57 30784 ----a-w- c:\windows\system32\drivers\nbxbgtrr.sys
2010-04-01 04:32 . 2010-04-01 04:32 30784 ----a-w- c:\windows\system32\drivers\gqnndyqw.sys
2010-03-31 21:45 . 2010-03-31 21:45 30784 ----a-w- c:\windows\system32\drivers\kdildowe.sys
2010-03-31 03:00 . 2010-03-31 03:00 -------- d-----w- c:\program files\Common Files\Java
2010-03-30 23:30 . 2010-03-30 23:30 11024 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp DSP Effects.dat
2010-03-30 23:29 . 2010-03-30 23:29 15607 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2010-03-30 22:36 . 2010-03-30 22:37 -------- d-----w- c:\program files\iTunes
2010-03-30 22:36 . 2010-03-30 22:37 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-03-30 22:29 . 2010-03-30 22:29 -------- d-----w- c:\program files\Bonjour
2010-03-29 01:33 . 2010-03-29 01:33 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-03-29 01:09 . 2010-04-01 21:41 -------- d-----w- c:\program files\PeerBlock
2010-03-10 05:04 . 2009-10-23 15:28 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-03-10 04:33 . 2010-03-10 04:33 1025024 ------w- c:\windows\system32\dllcache\browseui.dll
2010-03-10 00:27 . 2010-03-10 00:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Raxco
2010-03-06 20:44 . 2010-03-30 05:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-06 20:44 . 2010-03-30 23:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-06 20:44 . 2010-03-30 05:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-06 20:19 . 2010-03-30 07:28 -------- d-----w- c:\program files\CCleaner

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-31 02:59 . 2008-11-22 01:10 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-30 23:32 . 2006-12-06 22:51 -------- d-----w- c:\documents and settings\Graham\Application Data\BitTorrent
2010-03-30 23:30 . 2007-01-15 01:33 3494576 ----a-w- c:\windows\system32\SpoonUninstall.exe
2010-03-30 22:36 . 2006-11-17 23:04 -------- d-----w- c:\program files\iPod
2010-03-30 22:36 . 2007-06-30 20:12 -------- d-----w- c:\program files\Common Files\Apple
2010-03-30 22:33 . 2006-01-27 03:53 -------- d-----w- c:\program files\QuickTime
2010-03-30 22:25 . 2010-03-30 22:25 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
2010-03-30 06:12 . 2010-03-30 06:12 5918776 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-03-29 01:32 . 2006-03-03 02:43 -------- d-----w- c:\program files\Google
2010-03-29 01:09 . 2008-10-25 22:44 -------- d-----w- c:\program files\PeerGuardian2
2010-03-28 08:26 . 2007-10-13 04:23 -------- d-----w- c:\program files\Live for Speed S2 Modified
2010-03-27 17:57 . 2007-10-08 23:36 -------- d-----w- c:\program files\Live for Speed S2
2010-03-24 15:36 . 2007-05-15 04:13 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-03-23 03:09 . 2005-11-01 03:26 37170 ----a-w- c:\documents and settings\Graham\Application Data\wklnhst.dat
2010-03-17 02:51 . 2010-03-24 01:23 253952 ----a-w- c:\documents and settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\[email protected]\plugins\npCoralIETab.dll
2010-03-10 05:15 . 2007-03-28 00:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-10 05:07 . 2009-10-22 23:57 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-03-10 00:27 . 2010-01-27 02:58 -------- d-----w- c:\program files\Raxco
2010-03-02 14:41 . 2010-03-02 14:41 237320 ----a-w- c:\windows\system32\PDBoot.exe
2010-02-26 05:43 . 2004-08-19 20:49 667136 ----a-w- c:\windows\system32\wininet.dll
2010-02-26 05:43 . 2004-08-19 20:49 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-02-24 15:16 . 2009-10-03 19:56 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-22 03:07 . 2008-04-02 00:42 -------- d-----w- c:\documents and settings\Graham\Application Data\U3
2010-02-21 04:04 . 2006-03-15 03:26 -------- d-----w- c:\program files\limewire
2010-02-20 00:02 . 2010-02-20 00:02 -------- d-----w- c:\program files\Common Files\Software Update Utility
2010-02-13 19:33 . 2010-02-13 19:33 -------- d-----w- c:\program files\BitTorrent
2010-02-12 16:46 . 2010-02-12 16:46 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 16:46 . 2010-02-12 16:46 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-02-06 11:09 . 2010-02-06 11:09 -------- d-----w- c:\program files\Cucusoft
2010-02-06 11:09 . 2010-02-06 11:08 -------- d-----w- c:\documents and settings\Graham\Application Data\GetRightToGo
2010-02-06 11:06 . 2010-02-06 07:28 -------- d-----w- c:\program files\Handbrake
2010-02-06 08:18 . 2010-02-06 07:28 -------- d-----w- c:\documents and settings\Graham\Application Data\HandBrake
2010-01-14 19:14 . 2010-01-14 19:14 575880 ----a-w- c:\windows\system32\RmActivate_isv.exe
2010-01-14 19:14 . 2010-01-14 19:14 567176 ----a-w- c:\windows\system32\RmActivate.exe
2010-01-14 19:14 . 2010-01-14 19:14 562064 ----a-w- c:\windows\system32\SecProc_isv.dll
2010-01-14 19:14 . 2010-01-14 19:14 558984 ----a-w- c:\windows\system32\SecProc.dll
2010-01-14 19:14 . 2010-01-14 19:14 362888 ----a-w- c:\windows\system32\RmActivate_ssp.exe
2010-01-14 19:14 . 2010-01-14 19:14 361872 ----a-w- c:\windows\system32\RmActivate_ssp_isv.exe
2010-01-14 19:14 . 2010-01-14 19:14 339336 ----a-w- c:\windows\system32\msdrm.dll
2010-01-14 19:14 . 2010-01-14 19:14 192912 ----a-w- c:\windows\system32\SecProc_ssp_isv.dll
2010-01-14 19:14 . 2010-01-14 19:14 192904 ----a-w- c:\windows\system32\SecProc_ssp.dll
2008-03-29 20:18 . 2006-03-05 01:39 88 --sh--r- c:\windows\system32\C0EC55B373.sys
2008-03-29 20:18 . 2005-10-28 04:27 3558 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2010-03-09 1738352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"CTSysVol"="c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"P17Helper"="P17.dll" [2005-05-04 64512]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-11-22 842584]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-27 734264]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Auto Detect.lnk - c:\program files\iConcepts Music Express\MEAutoDetect.exe [2007-9-22 270336]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-10-26 24576]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2009-06-10 08:57 136472 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
2009-06-10 09:02 904840 ----a-w- c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
2006-10-23 12:50 71216 ----a-r- c:\program files\Common Files\AOL\acs\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2005-08-06 02:05 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2007-04-02 10:24 113400 ----a-w- c:\program files\Sonic\Product\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2009-07-20 19:52 41264 ----a-w- c:\program files\Common Files\AOL\1130467576\EE\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2005-06-17 12:56 139264 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-03-26 06:10 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 02:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2006-11-10 17:35 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2009-06-10 08:55 1326080 ----a-w- c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOL ACS"=3 (0x3)
"AcrSch2Svc"=3 (0x3)
"idsvc"=3 (0x3)
"gusvc"=2 (0x2)
"DSBrokerService"=3 (0x3)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"wlidsvc"=2 (0x2)
"usnjsvc"=3 (0x3)
"Roxio Upnp Server 9"=3 (0x3)
"Roxio UPnP Renderer 9"=3 (0x3)
"BcmSqlStartupSvc"=2 (0x2)
"Creative Service for CDROM Access"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1130467576\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Common Files\\AOL\\1130467576\\EE\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1130467576\\EE\\aim6.exe"=
"c:\\WINDOWS\\kdx\\khost.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Terminal Reality\\4x4 Evo2\\4x42.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Games\\Rise of Nations\\thrones.exe"=
"c:\\Program Files\\Motorola\\RSD Lite\\SDL.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Live for Speed S2\\LFS.exe"=
"c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe"= c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:192.168.1.1/255.255.255.255:Disabled:Adobe CSI CS4
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"f:\\Program Files\\NovaLogic\\Delta Force Black Hawk Down\\UPDATE.EXE"=
"c:\\Program Files\\AOL 9.6\\waol.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
"3689:TCP"= 3689:TCP:iPhone 3G Remote
"5353:TCP"= 5353:TCP:iPhone 3G Remote
"8889:TCP"= 8889:TCP:iPhone

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [12/6/2005 10:11 AM 35328]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5/21/2007 8:45 PM 682232]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [3/28/2010 8:09 PM 18544]
S0 aqjcfcl;aqjcfcl;c:\windows\system32\drivers\scryg.sys --> c:\windows\system32\drivers\scryg.sys [?]
S3 cpuz126;cpuz126;\??\c:\docume~1\Graham\LOCALS~1\Temp\cpuz.sys --> c:\docume~1\Graham\LOCALS~1\Temp\cpuz.sys [?]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [10/19/2006 10:45 AM 10664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contents of the 'Scheduled Tasks' folder

2010-03-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:34]

2007-04-05 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2006-11-22 01:09]

2010-03-31 c:\windows\Tasks\{5A946781-7F50-46F7-B9B9-3B43599481E3}_XPS400_Graham.job
- c:\windows\system32\mobsync.exe [2004-08-19 00:12]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.dell4me.com/myway
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = 64.34.161.90:80
uInternet Settings,ProxyOverride = *.local
IE: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Save with Download Manager... - c:\program files\J River\Media Jukebox\DMDownload.htm
Trusted Zone: musicmatch.com\online
TCP: {2F69DF63-90DE-4818-A569-A6BCFA5464FD} = 24.177.176.38,24.197.160.18
FF - ProfilePath - c:\documents and settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - prefs.js: network.proxy.ftp - 64.90.179.108
FF - prefs.js: network.proxy.gopher - 64.90.179.108
FF - prefs.js: network.proxy.socks - 64.90.179.108
FF - prefs.js: network.proxy.ssl - 64.90.179.108
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\DictionaryCompressionFF.dll
FF - component: c:\documents and settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - component: c:\documents and settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\[email protected]\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
FF - plugin: c:\documents and settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\[email protected]\plugins\npCoralIETab.dll
FF - plugin: c:\documents and settings\Graham\Application Data\Mozilla\plugins\npcoolirisplugin.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - falsec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-AdobeBridge - (no file)
MSConfigStartUp-Avvenu Access n Share Update - c:\program files\Avvenu\Avvenu_updater.exe
MSConfigStartUp-BitTorrent DNA - c:\program files\DNA\btdna.exe
MSConfigStartUp-Google Updater - c:\program files\Google\Google Updater\GoogleUpdater.exe
AddRemove-AVI Codec Pack - c:\program files\AVI Codec Pack\uninstall.exe
AddRemove-Harley-Davidson® - Race Across America - c:\program files\Harley-Davidson® - Race Across America\Uninst.isu
AddRemove-Need For Speed - Porsche Unleashed - c:\program files\Electronic Arts\Need For Speed - Porsche Unleashed\uninst.log
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-01 16:58
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\TEMP\TMP0000000410B1E3AF873A5784 524288 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys sfsync03.sys hal.dll sfsync02.sys >>UNKNOWN [0x8B8DD1E8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba10cf28
\Driver\ACPI -> ACPI.sys @ 0xb9e7fcb8
\Driver\atapi -> sfsync03.sys @ 0xba0d995c
\Driver\iaStor -> sfsync03.sys @ 0xba0d995c
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-855771979-2752217130-3050068086-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1340)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(1396)
c:\windows\system32\relog_ap.dll

- - - - - - - > 'explorer.exe'(3016)
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\iaantmon.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Raxco\PerfectDisk10\PDAgent.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\System32\snmp.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Raxco\PerfectDisk10\PDEngine.exe
c:\windows\system32\Rundll32.exe
c:\windows\eHome\ehmsas.exe
c:\windows\eHome\ehSched.exe
c:\windows\system32\dllhost.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\SearchProtocolHost.exe
c:\windows\system32\SearchFilterHost.exe
c:\program files\Microsoft Security Essentials\MpCmdRun.exe
.
**************************************************************************
.
Completion time: 2010-04-01 17:07:52 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-01 22:07

Pre-Run: 15,131,348,992 bytes free
Post-Run: 14,922,756,096 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - A64B754AEC9A81AE27203D211AD37020
  • 0

#12
hammerman
Posted 02 April 2010 - 03:29 AM

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hi,

Please follow these steps.

-- Step 1 --

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

File::
c:\windows\system32\drivers\mytmnpyw.sys
c:\windows\system32\drivers\nbxbgtrr.sys
c:\windows\system32\drivers\gqnndyqw.sys
c:\windows\system32\drivers\kdildowe.sys
c:\windows\system32\drivers\scryg.sys

Folder::

Registry::

Driver::
aqjcfcl


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

-- Step 2 --

Download TDSSKiller and save it to your Desktop.

  • Extract the file and run it.
  • Once completed it will create a log in the root directory (usually C:\).
  • Please post the contents of that log in your next reply.

  • 0

#13
K1500
Posted 02 April 2010 - 05:41 AM

K1500

    Member

  • Topic Starter
  • Member
  • PipPip
  • 68 posts
Here is the log from ComboFix:

ComboFix 10-04-01.02 - Graham 04/02/2010 6:17.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2931 [GMT -5:00]
Running from: c:\documents and settings\Graham\Desktop\Alureon.G\ComboFix.exe
Command switches used :: c:\documents and settings\Graham\Desktop\Alureon.G\CFScript.txt
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

FILE ::
"c:\windows\system32\drivers\gqnndyqw.sys"
"c:\windows\system32\drivers\kdildowe.sys"
"c:\windows\system32\drivers\mytmnpyw.sys"
"c:\windows\system32\drivers\nbxbgtrr.sys"
"c:\windows\system32\drivers\scryg.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\AppPatch\AcAdProc.dll
c:\windows\system32\drivers\gqnndyqw.sys
c:\windows\system32\drivers\kdildowe.sys
c:\windows\system32\drivers\mytmnpyw.sys
c:\windows\system32\drivers\nbxbgtrr.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_aqjcfcl


((((((((((((((((((((((((( Files Created from 2010-03-02 to 2010-04-02 )))))))))))))))))))))))))))))))
.

2010-04-02 05:12 . 2010-04-02 05:18 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-04-01 21:25 . 2010-04-01 21:25 -------- d-----w- C:\_OTL
2010-03-31 03:00 . 2010-03-31 03:00 -------- d-----w- c:\program files\Common Files\Java
2010-03-30 23:30 . 2010-03-30 23:30 11024 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp DSP Effects.dat
2010-03-30 23:29 . 2010-03-30 23:29 15607 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2010-03-30 22:36 . 2010-03-30 22:37 -------- d-----w- c:\program files\iTunes
2010-03-30 22:36 . 2010-03-30 22:37 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-03-30 22:29 . 2010-03-30 22:29 -------- d-----w- c:\program files\Bonjour
2010-03-29 01:33 . 2010-03-29 01:33 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-03-29 01:09 . 2010-04-02 11:17 -------- d-----w- c:\program files\PeerBlock
2010-03-10 05:04 . 2009-10-23 15:28 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-03-10 04:33 . 2010-03-10 04:33 1025024 ------w- c:\windows\system32\dllcache\browseui.dll
2010-03-10 00:27 . 2010-03-10 00:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Raxco
2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-03-06 20:44 . 2010-03-30 05:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-06 20:44 . 2010-03-30 23:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-06 20:44 . 2010-03-30 05:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-06 20:19 . 2010-03-30 07:28 -------- d-----w- c:\program files\CCleaner

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-02 05:18 . 2010-04-02 05:18 56766 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-04-02 05:18 . 2007-01-02 02:54 -------- d-----w- c:\program files\DivX
2010-04-02 05:18 . 2010-04-02 05:18 56978 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-04-02 05:18 . 2010-04-02 05:18 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-04-02 05:18 . 2010-04-02 05:18 57677 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-04-02 05:17 . 2007-01-02 03:15 -------- d-----w- c:\documents and settings\Graham\Application Data\DivX
2010-04-02 05:17 . 2010-04-02 05:17 84035 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
2010-04-02 05:17 . 2010-04-02 05:17 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
2010-04-02 05:17 . 2010-04-02 05:17 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
2010-04-02 05:17 . 2010-04-02 05:17 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
2010-04-02 05:17 . 2010-04-02 05:17 56458 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-04-02 05:17 . 2010-04-02 05:17 54174 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe
2010-04-02 05:17 . 2010-04-02 05:17 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-04-02 05:17 . 2010-04-02 05:17 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
2010-04-02 05:17 . 2010-04-02 05:17 54629 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-04-02 05:17 . 2010-04-02 05:17 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-04-02 05:16 . 2010-04-02 05:16 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-04-02 05:16 . 2010-04-02 05:16 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-04-02 05:15 . 2010-04-02 05:15 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-04-02 05:15 . 2010-04-02 05:15 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-04-02 05:15 . 2009-09-01 11:34 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-04-02 05:12 . 2010-04-02 05:18 754984 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-04-02 05:11 . 2010-04-02 05:18 986904 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-04-02 01:56 . 2005-11-01 03:26 37198 ----a-w- c:\documents and settings\Graham\Application Data\wklnhst.dat
2010-03-31 02:59 . 2008-11-22 01:10 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-30 23:32 . 2006-12-06 22:51 -------- d-----w- c:\documents and settings\Graham\Application Data\BitTorrent
2010-03-30 23:30 . 2007-01-15 01:33 3494576 ----a-w- c:\windows\system32\SpoonUninstall.exe
2010-03-30 22:36 . 2006-11-17 23:04 -------- d-----w- c:\program files\iPod
2010-03-30 22:36 . 2007-06-30 20:12 -------- d-----w- c:\program files\Common Files\Apple
2010-03-30 22:33 . 2006-01-27 03:53 -------- d-----w- c:\program files\QuickTime
2010-03-30 22:25 . 2010-03-30 22:25 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
2010-03-30 06:12 . 2010-03-30 06:12 5918776 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-03-29 01:32 . 2006-03-03 02:43 -------- d-----w- c:\program files\Google
2010-03-29 01:09 . 2008-10-25 22:44 -------- d-----w- c:\program files\PeerGuardian2
2010-03-28 08:26 . 2007-10-13 04:23 -------- d-----w- c:\program files\Live for Speed S2 Modified
2010-03-27 17:57 . 2007-10-08 23:36 -------- d-----w- c:\program files\Live for Speed S2
2010-03-24 15:36 . 2007-05-15 04:13 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-03-17 02:51 . 2010-03-24 01:23 253952 ----a-w- c:\documents and settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\[email protected]\plugins\npCoralIETab.dll
2010-03-10 05:15 . 2007-03-28 00:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-10 05:07 . 2009-10-22 23:57 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-03-10 00:27 . 2010-01-27 02:58 -------- d-----w- c:\program files\Raxco
2010-03-02 14:41 . 2010-03-02 14:41 237320 ----a-w- c:\windows\system32\PDBoot.exe
2010-02-26 05:43 . 2004-08-19 20:49 667136 ------w- c:\windows\system32\wininet.dll
2010-02-26 05:43 . 2004-08-19 20:49 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-02-24 15:16 . 2009-10-03 19:56 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-22 03:07 . 2008-04-02 00:42 -------- d-----w- c:\documents and settings\Graham\Application Data\U3
2010-02-21 04:04 . 2006-03-15 03:26 -------- d-----w- c:\program files\limewire
2010-02-20 00:02 . 2010-02-20 00:02 -------- d-----w- c:\program files\Common Files\Software Update Utility
2010-02-19 19:27 . 2010-02-19 19:27 720384 ----a-w- c:\windows\system32\DivX.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2010-02-19 19:27 . 2010-02-19 19:27 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2010-02-19 19:27 . 2010-02-19 19:27 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2010-02-19 19:27 . 2010-02-19 19:27 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2010-02-13 19:33 . 2010-02-13 19:33 -------- d-----w- c:\program files\BitTorrent
2010-02-12 16:46 . 2010-02-12 16:46 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 16:46 . 2010-02-12 16:46 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-02-06 11:09 . 2010-02-06 11:09 -------- d-----w- c:\program files\Cucusoft
2010-02-06 11:09 . 2010-02-06 11:08 -------- d-----w- c:\documents and settings\Graham\Application Data\GetRightToGo
2010-02-06 11:06 . 2010-02-06 07:28 -------- d-----w- c:\program files\Handbrake
2010-02-06 08:18 . 2010-02-06 07:28 -------- d-----w- c:\documents and settings\Graham\Application Data\HandBrake
2010-01-14 19:14 . 2010-01-14 19:14 575880 ----a-w- c:\windows\system32\RmActivate_isv.exe
2010-01-14 19:14 . 2010-01-14 19:14 567176 ----a-w- c:\windows\system32\RmActivate.exe
2010-01-14 19:14 . 2010-01-14 19:14 562064 ----a-w- c:\windows\system32\SecProc_isv.dll
2010-01-14 19:14 . 2010-01-14 19:14 558984 ----a-w- c:\windows\system32\SecProc.dll
2010-01-14 19:14 . 2010-01-14 19:14 362888 ----a-w- c:\windows\system32\RmActivate_ssp.exe
2010-01-14 19:14 . 2010-01-14 19:14 361872 ----a-w- c:\windows\system32\RmActivate_ssp_isv.exe
2010-01-14 19:14 . 2010-01-14 19:14 339336 ----a-w- c:\windows\system32\msdrm.dll
2010-01-14 19:14 . 2010-01-14 19:14 192912 ----a-w- c:\windows\system32\SecProc_ssp_isv.dll
2010-01-14 19:14 . 2010-01-14 19:14 192904 ----a-w- c:\windows\system32\SecProc_ssp.dll
2008-03-29 20:18 . 2006-03-05 01:39 88 --sh--r- c:\windows\system32\C0EC55B373.sys
2008-03-29 20:18 . 2005-10-28 04:27 3558 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2010-03-09 1738352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"CTSysVol"="c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"P17Helper"="P17.dll" [2005-05-04 64512]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-11-22 842584]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-27 734264]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-03-05 1135912]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Auto Detect.lnk - c:\program files\iConcepts Music Express\MEAutoDetect.exe [2007-9-22 270336]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-10-26 24576]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2009-06-10 08:57 136472 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
2009-06-10 09:02 904840 ----a-w- c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
2006-10-23 12:50 71216 ----a-r- c:\program files\Common Files\AOL\acs\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2005-08-06 02:05 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2007-04-02 10:24 113400 ----a-w- c:\program files\Sonic\Product\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2009-07-20 19:52 41264 ----a-w- c:\program files\Common Files\AOL\1130467576\EE\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2005-06-17 12:56 139264 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-03-26 06:10 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 02:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2006-11-10 17:35 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2009-06-10 08:55 1326080 ----a-w- c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOL ACS"=3 (0x3)
"AcrSch2Svc"=3 (0x3)
"idsvc"=3 (0x3)
"gusvc"=2 (0x2)
"DSBrokerService"=3 (0x3)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"wlidsvc"=2 (0x2)
"usnjsvc"=3 (0x3)
"Roxio Upnp Server 9"=3 (0x3)
"Roxio UPnP Renderer 9"=3 (0x3)
"BcmSqlStartupSvc"=2 (0x2)
"Creative Service for CDROM Access"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1130467576\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Common Files\\AOL\\1130467576\\EE\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1130467576\\EE\\aim6.exe"=
"c:\\WINDOWS\\kdx\\khost.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Terminal Reality\\4x4 Evo2\\4x42.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Games\\Rise of Nations\\thrones.exe"=
"c:\\Program Files\\Motorola\\RSD Lite\\SDL.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Live for Speed S2\\LFS.exe"=
"c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe"= c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:192.168.1.1/255.255.255.255:Disabled:Adobe CSI CS4
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"f:\\Program Files\\NovaLogic\\Delta Force Black Hawk Down\\UPDATE.EXE"=
"c:\\Program Files\\AOL 9.6\\waol.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
"3689:TCP"= 3689:TCP:iPhone 3G Remote
"5353:TCP"= 5353:TCP:iPhone 3G Remote
"8889:TCP"= 8889:TCP:iPhone

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [12/6/2005 10:11 AM 35328]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5/21/2007 8:45 PM 682232]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [3/28/2010 8:09 PM 18544]
S3 cpuz126;cpuz126;\??\c:\docume~1\Graham\LOCALS~1\Temp\cpuz.sys --> c:\docume~1\Graham\LOCALS~1\Temp\cpuz.sys [?]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [10/19/2006 10:45 AM 10664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contents of the 'Scheduled Tasks' folder

2010-04-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:34]

2007-04-05 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2006-11-22 01:09]

2010-04-01 c:\windows\Tasks\{5A946781-7F50-46F7-B9B9-3B43599481E3}_XPS400_Graham.job
- c:\windows\system32\mobsync.exe [2004-08-19 00:12]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.dell4me.com/myway
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = 64.34.161.90:80
uInternet Settings,ProxyOverride = *.local
IE: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Save with Download Manager... - c:\program files\J River\Media Jukebox\DMDownload.htm
Trusted Zone: musicmatch.com\online
TCP: {2F69DF63-90DE-4818-A569-A6BCFA5464FD} = 24.177.176.38,24.197.160.18
FF - ProfilePath - c:\documents and settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - prefs.js: network.proxy.ftp - 64.90.179.108
FF - prefs.js: network.proxy.gopher - 64.90.179.108
FF - prefs.js: network.proxy.socks - 64.90.179.108
FF - prefs.js: network.proxy.ssl - 64.90.179.108
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\DictionaryCompressionFF.dll
FF - component: c:\documents and settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - component: c:\documents and settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\[email protected]\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
FF - plugin: c:\documents and settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\[email protected]\plugins\npCoralIETab.dll
FF - plugin: c:\documents and settings\Graham\Application Data\Mozilla\plugins\npcoolirisplugin.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - falsec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-02 06:27
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys sfsync03.sys hal.dll sfsync02.sys >>UNKNOWN [0x8B8DD1E8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba10cf28
\Driver\ACPI -> ACPI.sys @ 0xb9e7fcb8
\Driver\atapi -> sfsync03.sys @ 0xba0d995c
\Driver\iaStor -> sfsync03.sys @ 0xba0d995c
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-855771979-2752217130-3050068086-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1332)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(1388)
c:\windows\system32\relog_ap.dll

- - - - - - - > 'explorer.exe'(2592)
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\iaantmon.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Raxco\PerfectDisk10\PDAgent.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\System32\snmp.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Raxco\PerfectDisk10\PDEngine.exe
c:\windows\system32\Rundll32.exe
c:\windows\eHome\ehmsas.exe
c:\windows\eHome\ehSched.exe
c:\windows\system32\dllhost.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-04-02 06:36:08 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-02 11:36
ComboFix2.txt 2010-04-01 22:07

Pre-Run: 14,768,590,848 bytes free
Post-Run: 14,756,175,872 bytes free

- - End Of File - - 91D22CB6E455842F0264A4E73657C353
  • 0

#14
K1500
Posted 02 April 2010 - 05:42 AM

K1500

    Member

  • Topic Starter
  • Member
  • PipPip
  • 68 posts
Here is the log from TDSSKiller:

06:37:47:718 1200 TDSS rootkit removing tool 2.2.8.1 Mar 22 2010 10:43:04
06:37:47:718 1200 ================================================================================
06:37:47:718 1200 SystemInfo:

06:37:47:718 1200 OS Version: 5.1.2600 ServicePack: 3.0
06:37:47:718 1200 Product type: Workstation
06:37:47:718 1200 ComputerName: XPS400
06:37:47:718 1200 UserName: Graham
06:37:47:718 1200 Windows directory: C:\WINDOWS
06:37:47:718 1200 Processor architecture: Intel x86
06:37:47:718 1200 Number of processors: 2
06:37:47:718 1200 Page size: 0x1000
06:37:47:734 1200 Boot type: Normal boot
06:37:47:734 1200 ================================================================================
06:37:47:734 1200 UnloadDriverW: NtUnloadDriver error 2
06:37:47:734 1200 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
06:37:47:750 1200 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
06:37:47:750 1200 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
06:37:47:750 1200 wfopen_ex: Trying to KLMD file open
06:37:47:750 1200 wfopen_ex: File opened ok (Flags 2)
06:37:47:750 1200 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
06:37:47:750 1200 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
06:37:47:750 1200 wfopen_ex: Trying to KLMD file open
06:37:47:750 1200 wfopen_ex: File opened ok (Flags 2)
06:37:47:750 1200 Initialize success
06:37:47:750 1200
06:37:47:750 1200 Scanning Services ...
06:37:47:875 1200 Raw services enum returned 435 services
06:37:47:890 1200
06:37:47:890 1200 Scanning Kernel memory ...
06:37:47:890 1200 Devices to scan: 8
06:37:47:890 1200
06:37:47:890 1200 Driver Name: Disk
06:37:47:890 1200 IRP_MJ_CREATE : BA10EBB0
06:37:47:890 1200 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
06:37:47:890 1200 IRP_MJ_CLOSE : BA10EBB0
06:37:47:890 1200 IRP_MJ_READ : BA108D1F
06:37:47:890 1200 IRP_MJ_WRITE : BA108D1F
06:37:47:890 1200 IRP_MJ_QUERY_INFORMATION : 804F4562
06:37:47:890 1200 IRP_MJ_SET_INFORMATION : 804F4562
06:37:47:890 1200 IRP_MJ_QUERY_EA : 804F4562
06:37:47:890 1200 IRP_MJ_SET_EA : 804F4562
06:37:47:890 1200 IRP_MJ_FLUSH_BUFFERS : BA1092E2
06:37:47:890 1200 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
06:37:47:890 1200 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
06:37:47:890 1200 IRP_MJ_DIRECTORY_CONTROL : 804F4562
06:37:47:890 1200 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
06:37:47:890 1200 IRP_MJ_DEVICE_CONTROL : BA1093BB
06:37:47:890 1200 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA10CF28
06:37:47:890 1200 IRP_MJ_SHUTDOWN : BA1092E2
06:37:47:890 1200 IRP_MJ_LOCK_CONTROL : 804F4562
06:37:47:890 1200 IRP_MJ_CLEANUP : 804F4562
06:37:47:890 1200 IRP_MJ_CREATE_MAILSLOT : 804F4562
06:37:47:890 1200 IRP_MJ_QUERY_SECURITY : 804F4562
06:37:47:890 1200 IRP_MJ_SET_SECURITY : 804F4562
06:37:47:890 1200 IRP_MJ_POWER : BA10AC82
06:37:47:890 1200 IRP_MJ_SYSTEM_CONTROL : BA10F99E
06:37:47:890 1200 IRP_MJ_DEVICE_CHANGE : 804F4562
06:37:47:890 1200 IRP_MJ_QUERY_QUOTA : 804F4562
06:37:47:890 1200 IRP_MJ_SET_QUOTA : 804F4562
06:37:48:031 1200 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
06:37:48:031 1200
06:37:48:031 1200 Driver Name: USBSTOR
06:37:48:031 1200 IRP_MJ_CREATE : 8A6344D0
06:37:48:031 1200 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
06:37:48:031 1200 IRP_MJ_CLOSE : 8A6344D0
06:37:48:031 1200 IRP_MJ_READ : 8A6344D0
06:37:48:031 1200 IRP_MJ_WRITE : 8A6344D0
06:37:48:031 1200 IRP_MJ_QUERY_INFORMATION : 804F4562
06:37:48:031 1200 IRP_MJ_SET_INFORMATION : 804F4562
06:37:48:031 1200 IRP_MJ_QUERY_EA : 804F4562
06:37:48:031 1200 IRP_MJ_SET_EA : 804F4562
06:37:48:031 1200 IRP_MJ_FLUSH_BUFFERS : 804F4562
06:37:48:031 1200 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
06:37:48:031 1200 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
06:37:48:031 1200 IRP_MJ_DIRECTORY_CONTROL : 804F4562
06:37:48:031 1200 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
06:37:48:031 1200 IRP_MJ_DEVICE_CONTROL : 8A6344D0
06:37:48:031 1200 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA0D995C
06:37:48:031 1200 IRP_MJ_SHUTDOWN : 804F4562
06:37:48:031 1200 IRP_MJ_LOCK_CONTROL : 804F4562
06:37:48:031 1200 IRP_MJ_CLEANUP : 804F4562
06:37:48:031 1200 IRP_MJ_CREATE_MAILSLOT : 804F4562
06:37:48:031 1200 IRP_MJ_QUERY_SECURITY : 804F4562
06:37:48:031 1200 IRP_MJ_SET_SECURITY : 804F4562
06:37:48:031 1200 IRP_MJ_POWER : 8A6344D0
06:37:48:031 1200 IRP_MJ_SYSTEM_CONTROL : 8A6344D0
06:37:48:031 1200 IRP_MJ_DEVICE_CHANGE : 804F4562
06:37:48:031 1200 IRP_MJ_QUERY_QUOTA : 804F4562
06:37:48:031 1200 IRP_MJ_SET_QUOTA : 804F4562
06:37:48:046 1200 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
06:37:48:046 1200
06:37:48:046 1200 Driver Name: Disk
06:37:48:046 1200 IRP_MJ_CREATE : BA10EBB0
06:37:48:046 1200 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
06:37:48:046 1200 IRP_MJ_CLOSE : BA10EBB0
06:37:48:046 1200 IRP_MJ_READ : BA108D1F
06:37:48:046 1200 IRP_MJ_WRITE : BA108D1F
06:37:48:046 1200 IRP_MJ_QUERY_INFORMATION : 804F4562
06:37:48:046 1200 IRP_MJ_SET_INFORMATION : 804F4562
06:37:48:046 1200 IRP_MJ_QUERY_EA : 804F4562
06:37:48:046 1200 IRP_MJ_SET_EA : 804F4562
06:37:48:046 1200 IRP_MJ_FLUSH_BUFFERS : BA1092E2
06:37:48:046 1200 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
06:37:48:046 1200 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
06:37:48:046 1200 IRP_MJ_DIRECTORY_CONTROL : 804F4562
06:37:48:046 1200 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
06:37:48:046 1200 IRP_MJ_DEVICE_CONTROL : BA1093BB
06:37:48:046 1200 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA10CF28
06:37:48:046 1200 IRP_MJ_SHUTDOWN : BA1092E2
06:37:48:046 1200 IRP_MJ_LOCK_CONTROL : 804F4562
06:37:48:046 1200 IRP_MJ_CLEANUP : 804F4562
06:37:48:046 1200 IRP_MJ_CREATE_MAILSLOT : 804F4562
06:37:48:046 1200 IRP_MJ_QUERY_SECURITY : 804F4562
06:37:48:046 1200 IRP_MJ_SET_SECURITY : 804F4562
06:37:48:046 1200 IRP_MJ_POWER : BA10AC82
06:37:48:046 1200 IRP_MJ_SYSTEM_CONTROL : BA10F99E
06:37:48:046 1200 IRP_MJ_DEVICE_CHANGE : 804F4562
06:37:48:046 1200 IRP_MJ_QUERY_QUOTA : 804F4562
06:37:48:046 1200 IRP_MJ_SET_QUOTA : 804F4562
06:37:48:046 1200 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
06:37:48:046 1200
06:37:48:046 1200 Driver Name: Disk
06:37:48:046 1200 IRP_MJ_CREATE : BA10EBB0
06:37:48:046 1200 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
06:37:48:046 1200 IRP_MJ_CLOSE : BA10EBB0
06:37:48:046 1200 IRP_MJ_READ : BA108D1F
06:37:48:046 1200 IRP_MJ_WRITE : BA108D1F
06:37:48:046 1200 IRP_MJ_QUERY_INFORMATION : 804F4562
06:37:48:046 1200 IRP_MJ_SET_INFORMATION : 804F4562
06:37:48:046 1200 IRP_MJ_QUERY_EA : 804F4562
06:37:48:046 1200 IRP_MJ_SET_EA : 804F4562
06:37:48:046 1200 IRP_MJ_FLUSH_BUFFERS : BA1092E2
06:37:48:046 1200 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
06:37:48:046 1200 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
06:37:48:046 1200 IRP_MJ_DIRECTORY_CONTROL : 804F4562
06:37:48:046 1200 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
06:37:48:046 1200 IRP_MJ_DEVICE_CONTROL : BA1093BB
06:37:48:046 1200 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA10CF28
06:37:48:046 1200 IRP_MJ_SHUTDOWN : BA1092E2
06:37:48:046 1200 IRP_MJ_LOCK_CONTROL : 804F4562
06:37:48:046 1200 IRP_MJ_CLEANUP : 804F4562
06:37:48:046 1200 IRP_MJ_CREATE_MAILSLOT : 804F4562
06:37:48:046 1200 IRP_MJ_QUERY_SECURITY : 804F4562
06:37:48:046 1200 IRP_MJ_SET_SECURITY : 804F4562
06:37:48:046 1200 IRP_MJ_POWER : BA10AC82
06:37:48:046 1200 IRP_MJ_SYSTEM_CONTROL : BA10F99E
06:37:48:046 1200 IRP_MJ_DEVICE_CHANGE : 804F4562
06:37:48:046 1200 IRP_MJ_QUERY_QUOTA : 804F4562
06:37:48:046 1200 IRP_MJ_SET_QUOTA : 804F4562
06:37:48:046 1200 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
06:37:48:046 1200
06:37:48:046 1200 Driver Name: Disk
06:37:48:046 1200 IRP_MJ_CREATE : BA10EBB0
06:37:48:046 1200 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
06:37:48:046 1200 IRP_MJ_CLOSE : BA10EBB0
06:37:48:046 1200 IRP_MJ_READ : BA108D1F
06:37:48:046 1200 IRP_MJ_WRITE : BA108D1F
06:37:48:046 1200 IRP_MJ_QUERY_INFORMATION : 804F4562
06:37:48:046 1200 IRP_MJ_SET_INFORMATION : 804F4562
06:37:48:046 1200 IRP_MJ_QUERY_EA : 804F4562
06:37:48:046 1200 IRP_MJ_SET_EA : 804F4562
06:37:48:046 1200 IRP_MJ_FLUSH_BUFFERS : BA1092E2
06:37:48:062 1200 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
06:37:48:062 1200 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
06:37:48:062 1200 IRP_MJ_DIRECTORY_CONTROL : 804F4562
06:37:48:062 1200 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
06:37:48:062 1200 IRP_MJ_DEVICE_CONTROL : BA1093BB
06:37:48:062 1200 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA10CF28
06:37:48:062 1200 IRP_MJ_SHUTDOWN : BA1092E2
06:37:48:062 1200 IRP_MJ_LOCK_CONTROL : 804F4562
06:37:48:062 1200 IRP_MJ_CLEANUP : 804F4562
06:37:48:062 1200 IRP_MJ_CREATE_MAILSLOT : 804F4562
06:37:48:062 1200 IRP_MJ_QUERY_SECURITY : 804F4562
06:37:48:062 1200 IRP_MJ_SET_SECURITY : 804F4562
06:37:48:062 1200 IRP_MJ_POWER : BA10AC82
06:37:48:062 1200 IRP_MJ_SYSTEM_CONTROL : BA10F99E
06:37:48:062 1200 IRP_MJ_DEVICE_CHANGE : 804F4562
06:37:48:062 1200 IRP_MJ_QUERY_QUOTA : 804F4562
06:37:48:062 1200 IRP_MJ_SET_QUOTA : 804F4562
06:37:48:062 1200 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
06:37:48:062 1200
06:37:48:062 1200 Driver Name: Disk
06:37:48:062 1200 IRP_MJ_CREATE : BA10EBB0
06:37:48:062 1200 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
06:37:48:062 1200 IRP_MJ_CLOSE : BA10EBB0
06:37:48:062 1200 IRP_MJ_READ : BA108D1F
06:37:48:062 1200 IRP_MJ_WRITE : BA108D1F
06:37:48:062 1200 IRP_MJ_QUERY_INFORMATION : 804F4562
06:37:48:062 1200 IRP_MJ_SET_INFORMATION : 804F4562
06:37:48:062 1200 IRP_MJ_QUERY_EA : 804F4562
06:37:48:062 1200 IRP_MJ_SET_EA : 804F4562
06:37:48:062 1200 IRP_MJ_FLUSH_BUFFERS : BA1092E2
06:37:48:062 1200 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
06:37:48:062 1200 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
06:37:48:062 1200 IRP_MJ_DIRECTORY_CONTROL : 804F4562
06:37:48:062 1200 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
06:37:48:062 1200 IRP_MJ_DEVICE_CONTROL : BA1093BB
06:37:48:062 1200 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA10CF28
06:37:48:062 1200 IRP_MJ_SHUTDOWN : BA1092E2
06:37:48:062 1200 IRP_MJ_LOCK_CONTROL : 804F4562
06:37:48:062 1200 IRP_MJ_CLEANUP : 804F4562
06:37:48:062 1200 IRP_MJ_CREATE_MAILSLOT : 804F4562
06:37:48:062 1200 IRP_MJ_QUERY_SECURITY : 804F4562
06:37:48:062 1200 IRP_MJ_SET_SECURITY : 804F4562
06:37:48:062 1200 IRP_MJ_POWER : BA10AC82
06:37:48:062 1200 IRP_MJ_SYSTEM_CONTROL : BA10F99E
06:37:48:062 1200 IRP_MJ_DEVICE_CHANGE : 804F4562
06:37:48:062 1200 IRP_MJ_QUERY_QUOTA : 804F4562
06:37:48:062 1200 IRP_MJ_SET_QUOTA : 804F4562
06:37:48:062 1200 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
06:37:48:062 1200
06:37:48:062 1200 Driver Name: iastor
06:37:48:062 1200 IRP_MJ_CREATE : 8B8DD1E8
06:37:48:062 1200 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
06:37:48:062 1200 IRP_MJ_CLOSE : 8B8DD1E8
06:37:48:062 1200 IRP_MJ_READ : 804F4562
06:37:48:062 1200 IRP_MJ_WRITE : 804F4562
06:37:48:062 1200 IRP_MJ_QUERY_INFORMATION : 804F4562
06:37:48:062 1200 IRP_MJ_SET_INFORMATION : 804F4562
06:37:48:062 1200 IRP_MJ_QUERY_EA : 804F4562
06:37:48:062 1200 IRP_MJ_SET_EA : 804F4562
06:37:48:062 1200 IRP_MJ_FLUSH_BUFFERS : 804F4562
06:37:48:062 1200 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
06:37:48:062 1200 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
06:37:48:062 1200 IRP_MJ_DIRECTORY_CONTROL : 804F4562
06:37:48:062 1200 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
06:37:48:062 1200 IRP_MJ_DEVICE_CONTROL : 8B8DD1E8
06:37:48:062 1200 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA0D995C
06:37:48:062 1200 IRP_MJ_SHUTDOWN : 804F4562
06:37:48:062 1200 IRP_MJ_LOCK_CONTROL : 804F4562
06:37:48:062 1200 IRP_MJ_CLEANUP : 804F4562
06:37:48:062 1200 IRP_MJ_CREATE_MAILSLOT : 804F4562
06:37:48:062 1200 IRP_MJ_QUERY_SECURITY : 804F4562
06:37:48:062 1200 IRP_MJ_SET_SECURITY : 804F4562
06:37:48:062 1200 IRP_MJ_POWER : 8B8DD1E8
06:37:48:062 1200 IRP_MJ_SYSTEM_CONTROL : 8B8DD1E8
06:37:48:062 1200 IRP_MJ_DEVICE_CHANGE : 804F4562
06:37:48:062 1200 IRP_MJ_QUERY_QUOTA : 804F4562
06:37:48:062 1200 IRP_MJ_SET_QUOTA : 804F4562
06:37:48:093 1200 C:\WINDOWS\system32\drivers\iastor.sys - Verdict: 1
06:37:48:093 1200
06:37:48:093 1200 Driver Name: iastor
06:37:48:093 1200 IRP_MJ_CREATE : 8B8DD1E8
06:37:48:093 1200 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
06:37:48:093 1200 IRP_MJ_CLOSE : 8B8DD1E8
06:37:48:093 1200 IRP_MJ_READ : 804F4562
06:37:48:093 1200 IRP_MJ_WRITE : 804F4562
06:37:48:093 1200 IRP_MJ_QUERY_INFORMATION : 804F4562
06:37:48:093 1200 IRP_MJ_SET_INFORMATION : 804F4562
06:37:48:093 1200 IRP_MJ_QUERY_EA : 804F4562
06:37:48:093 1200 IRP_MJ_SET_EA : 804F4562
06:37:48:093 1200 IRP_MJ_FLUSH_BUFFERS : 804F4562
06:37:48:093 1200 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
06:37:48:093 1200 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
06:37:48:093 1200 IRP_MJ_DIRECTORY_CONTROL : 804F4562
06:37:48:093 1200 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
06:37:48:093 1200 IRP_MJ_DEVICE_CONTROL : 8B8DD1E8
06:37:48:093 1200 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA0D995C
06:37:48:093 1200 IRP_MJ_SHUTDOWN : 804F4562
06:37:48:093 1200 IRP_MJ_LOCK_CONTROL : 804F4562
06:37:48:093 1200 IRP_MJ_CLEANUP : 804F4562
06:37:48:093 1200 IRP_MJ_CREATE_MAILSLOT : 804F4562
06:37:48:093 1200 IRP_MJ_QUERY_SECURITY : 804F4562
06:37:48:093 1200 IRP_MJ_SET_SECURITY : 804F4562
06:37:48:093 1200 IRP_MJ_POWER : 8B8DD1E8
06:37:48:093 1200 IRP_MJ_SYSTEM_CONTROL : 8B8DD1E8
06:37:48:093 1200 IRP_MJ_DEVICE_CHANGE : 804F4562
06:37:48:093 1200 IRP_MJ_QUERY_QUOTA : 804F4562
06:37:48:093 1200 IRP_MJ_SET_QUOTA : 804F4562
06:37:48:109 1200 C:\WINDOWS\system32\drivers\iastor.sys - Verdict: 1
06:37:48:109 1200
06:37:48:125 1200 Completed
06:37:48:125 1200
06:37:48:125 1200 Results:
06:37:48:125 1200 Memory objects infected / cured / cured on reboot: 0 / 0 / 0
06:37:48:125 1200 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
06:37:48:125 1200 File objects infected / cured / cured on reboot: 0 / 0 / 0
06:37:48:125 1200
06:37:48:125 1200 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
06:37:48:125 1200 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
06:37:48:125 1200 KLMD(ARK) unloaded successfully
  • 0

#15
hammerman
Posted 02 April 2010 - 05:56 AM

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hi,

Please follow these steps.

-- Step 1 --

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

-- Step 2 --

Run Malwarebytes' Anti-Malware.
  • Select the Update tab and then click Check for Updates. If an update is found, it will download and install the latest version.
  • Select the Scanner tab, select "Perform Quick Scan", then click Scan
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

-- Step 3 --

Please do an online scan with Kaspersky WebScanner

Click on Accept

You may be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on Settings
  • In the scan settings, select the following:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan spyware, adware, diallers and other riskware
    Scan Archives
    Scan E-mail databases
  • Click Save
  • Now under ScanSelect My Computer
  • This will start the scanning of your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on View Report and then Save Report
  • Save the file to your desktop as a text file.
  • Copy and paste that information in your next post.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP