Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Ads Running in Background/Malware Protection

Started by TFriend , May 02 2011 07:58 AM

  • This topic is locked This topic is locked

#1
TFriend
Posted 02 May 2011 - 07:58 AM

TFriend

    New Member

  • Member
  • Pip
  • 9 posts
I have tried to follow a few of the instructions listed already, but I am still not having any luck.

I have run Malwarebytes; however, no infections were found (this time- I have found them recently and quarantined those:


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/2/2011 9:14:15 AM
mbam-log-2011-05-02 (09-14-15).txt

Scan type: Quick scan
Objects scanned: 112393
Time elapsed: 4 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

I have also ran GooredFix:
GooredFix by jpshortstuff (03.07.10.1)
Log created at 09:45 on 02/05/2011 (Administrator)
Firefox version 3.6.13 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [22:10 02/03/2010]
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [03:29 18/03/2010]

C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rga5jn12.default\extensions\
[email protected] [22:14 02/03/2010]
{20a82645-c095-46ed-80e3-08825760534b} [14:49 29/06/2010]
{4217f6d7-406e-4b66-856d-d1a373e4f41a} [04:35 23/12/2010]
{71bfcce7-421d-4042-95d4-a585a821cbca} [04:34 23/12/2010]
{896642E4-C556-4ED3-85D1-9AC431603E7D} [17:18 12/07/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"[email protected]"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [03:29 18/03/2010]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [00:04 05/04/2010]
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext" [00:56 29/09/2010]
"{1E73965B-8B48-48be-9C8D-68B920ABC1C4}"="C:\Program Files\AVG\AVG10\Firefox4\" [14:05 30/03/2011]

-=E.O.F=-

I have tried to run Tdsskill but I cannot seem to get it to run. All of these took several tries due to the Malware Protection popup saying that it can not start because it is infected with 32/Blaster.worm

This started several weeks ago with slow computer, constant ads running in the background (audio only) and then script errors. Now the Malware Protection icon is in my tray and constantly puts warnings up. Any help will be greatly appreciated! Thanks!
  • 0

Advertisements

#2
Essexboy
Posted 02 May 2011 - 08:02 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there lets try some different tools

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image

THEN

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#3
TFriend
Posted 02 May 2011 - 08:18 AM

TFriend

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Ok, here they are:
aswMRBlog:

aswMBR version 0.9.5.247 Copyright© 2011 AVAST Software
Run date: 2011-05-02 10:07:38
-----------------------------
10:07:38.625 OS Version: Windows 5.1.2600 Service Pack 3
10:07:38.625 Number of processors: 2 586 0x6B01
10:07:38.640 ComputerName: MIKEF-052DB53A0 UserName: Administrator
10:07:40.375 Initialize success
10:07:41.734 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
10:07:41.734 Disk 0 Vendor: ST3250820AS 3.ADG Size: 238418MB BusType: 3
10:07:43.765 Disk 0 MBR read successfully
10:07:43.765 Disk 0 MBR scan
10:07:43.765 Disk 0 Windows XP default MBR code
10:07:45.765 Disk 0 scanning sectors +488263545
10:07:45.796 Disk 0 scanning C:\WINDOWS\system32\drivers
10:07:51.125 Service scanning
10:07:52.328 Disk 0 trace - called modules:
10:07:52.437 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x856d71ed]<<
10:07:52.437 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8574eab8]
10:07:52.437 3 CLASSPNP.SYS[f74c7fd7] -> nt!IofCallDriver -> \Device\00000065[0x85709510]
10:07:52.437 5 ACPI.sys[f735e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x85764940]
10:07:52.437 \Driver\atapi[0x8577d030] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x856d71ed
10:07:52.437 Scan finished successfully
10:09:32.203 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
10:09:32.203 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBRlog.txt"


OTL:
OTL logfile created on: 5/2/2011 10:12:01 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.00 Mb Total Physical Memory | 400.00 Mb Available Physical Memory | 42.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 124.17 Gb Free Space | 55.74% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.97 Gb Free Space | 59.70% Space Free | Partition Type: NTFS
Drive E: | 3.83 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MIKEF-052DB53A0 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/02 10:10:04 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL (1).exe
PRC - [2011/05/01 21:52:37 | 000,926,208 | ---- | M] (BitDefender) -- C:\Documents and Settings\All Users\Application Data\defender.exe
PRC - [2011/01/07 02:22:44 | 001,084,256 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/01/06 16:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/12/05 17:26:40 | 000,654,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/12/05 17:26:12 | 000,650,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2010/11/19 14:29:00 | 004,916,568 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2010/10/22 05:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/10/22 05:56:58 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2010/07/13 13:11:20 | 000,560,848 | ---- | M] (CrossLoop Inc) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\CrossLoop\CrossLoopService.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/05/02 10:10:04 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL (1).exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (stllssvr)
SRV - [2011/01/06 16:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/11/25 10:49:46 | 000,517,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/11/19 14:29:00 | 004,916,568 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2010/10/22 05:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/07/13 13:11:20 | 000,560,848 | ---- | M] (CrossLoop Inc) [Auto | Running] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\CrossLoop\CrossLoopService.exe -- (CrossLoopService)
SRV - [2010/03/22 14:37:56 | 001,587,352 | ---- | M] (UltraVNC) [On_Demand | Stopped] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\CrossLoop\winvnc.exe -- (uvnc_service)
SRV - [2004/10/22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2010/12/08 05:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/12 14:19:38 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/13 16:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 04:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 04:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/03 16:23:36 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/08/03 16:23:34 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/03 16:23:32 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2008/04/14 00:11:00 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\changer.sys -- (Changer)
DRV - [2008/04/14 00:10:28 | 000,034,688 | ---- | M] (Toshiba Corp.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\lbrtfdc.sys -- (lbrtfdc)
DRV - [2006/11/21 05:25:44 | 000,045,568 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/07/27 15:24:28 | 001,171,464 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/04/21 03:10:30 | 000,013,335 | R--- | M] (Microsystems Corp) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbcm.sys -- (usbcm)
DRV - [2003/11/17 16:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 16:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 16:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - File not found
IE - HKCU\..\URLSearchHook: {ce18769b-c7fa-42d2-860d-17c4662c70ad} - File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaulturl: "http://search.babylo...earch&AF=14542"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.63.20091024
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209
FF - prefs.js..keyword.URL: "http://bing.zugotool...s&site=Bing&q="

FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/09/28 20:56:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/04/22 13:22:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/29 16:32:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/22 09:18:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: G:\FireFox\components
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: G:\FireFox\plugins
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2010/03/17 23:31:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/03/17 23:31:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\[email protected]
[2011/04/22 09:00:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rga5jn12.default\extensions
[2010/06/29 10:49:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rga5jn12.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/23 00:35:48 | 000,000,000 | ---D | M] (StOgame) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rga5jn12.default\extensions\{4217f6d7-406e-4b66-856d-d1a373e4f41a}
[2010/12/23 00:34:55 | 000,000,000 | ---D | M] (Galaxytoolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rga5jn12.default\extensions\{71bfcce7-421d-4042-95d4-a585a821cbca}
[2010/07/12 13:18:35 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rga5jn12.default\extensions\{896642E4-C556-4ED3-85D1-9AC431603E7D}
[2010/03/02 18:14:11 | 000,000,000 | ---D | M] (Coral IE Tab) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rga5jn12.default\extensions\[email protected]
[2010/12/23 00:17:35 | 000,002,427 | -H-- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rga5jn12.default\searchplugins\askcom.xml
[2010/09/26 12:37:36 | 000,002,267 | -H-- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rga5jn12.default\searchplugins\bing-zugo.xml
[2011/04/22 09:17:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/28 20:56:31 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2010/03/17 23:29:42 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

O1 HOSTS File: ([2011/05/02 08:18:21 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Babylon-English Toolbar) - {ce18769b-c7fa-42d2-860d-17c4662c70ad} - File not found
O2 - BHO: (TBSB05974 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - File not found
O3 - HKLM\..\Toolbar: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - File not found
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Babylon-English Toolbar) - {ce18769b-c7fa-42d2-860d-17c4662c70ad} - File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - File not found
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Babylon-English Toolbar) - {CE18769B-C7FA-42D2-860D-17C4662C70AD} - File not found
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [CrossLoop] C:\Documents and Settings\Administrator\Local Settings\Application Data\CrossLoop\CrossLoopConnect.exe (CrossLoop)
O4 - HKCU..\Run: [doubleTwist] File not found
O4 - HKCU..\Run: [DW6] File not found
O4 - HKCU..\Run: [Malware Protection] C:\Documents and Settings\All Users\Application Data\defender.exe (BitDefender)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1267607659062 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/...aploader_v6.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.68.166 68.87.74.166 0.0.0.0
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/03/03 04:14:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/12/12 17:13:15 | 000,000,090 | ---- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{44fb2f41-269d-11df-ada8-9db62213848b}\Shell\AutoRun\command - "" = F:\Setup.exe
O33 - MountPoints2\{5570483a-00ae-11e0-ae48-00137230f3f9}\Shell - "" = AutoRun
O33 - MountPoints2\{5570483a-00ae-11e0-ae48-00137230f3f9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5570483a-00ae-11e0-ae48-00137230f3f9}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{86fcd259-2829-11e0-ae61-00137230f3f9}\Shell\AutoRun\command - "" = F:\urDrive.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: asr_conv - (C:\WINDOWS\system32\MRTonce.dll) - File not found
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2011/05/02 10:10:02 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL (1).exe
[2011/05/02 10:05:10 | 000,576,512 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Administrator\Desktop\aswMBR.exe
[2011/05/02 09:45:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\GooredFix Backups
[2011/05/02 08:28:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\tdsskiller
[2011/05/02 08:26:27 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Administrator\Desktop\GooredFix.exe
[2011/05/02 08:18:20 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/05/02 08:15:03 | 000,519,680 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTM.exe
[2011/05/02 08:14:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/05/02 08:14:17 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/05/02 08:14:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/05/01 21:52:36 | 000,926,208 | ---- | C] (BitDefender) -- C:\Documents and Settings\All Users\Application Data\defender.exe
[2011/04/30 08:49:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/04/30 08:49:22 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/04/30 08:49:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/04/30 08:21:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2011/04/30 08:21:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/30 08:21:00 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/30 07:41:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Misc Pics
[2011/04/25 21:00:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Google Chrome
[2011/04/25 20:59:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Deployment
[2011/04/22 09:17:15 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2011/04/22 08:41:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/04/20 17:45:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\T
[2011/04/20 16:09:00 | 000,000,000 | ---D | C] -- C:\crystalreportviewers12
[2011/04/20 16:07:52 | 000,000,000 | ---D | C] -- C:\Program Files\Business Objects
[2011/04/20 16:04:41 | 000,000,000 | ---D | C] -- C:\Program Files\Sage Software
[2011/04/20 14:36:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\Profiles
[2011/04/16 15:33:38 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW(2)
[2011/04/16 14:46:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/04/15 16:00:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes(2)
[2011/04/14 23:45:36 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/04/14 22:31:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/04/14 22:31:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/13 15:14:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Jen and Jesse
[2011/04/09 20:53:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\FrostWire(2)
[2011/04/09 20:48:40 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\My Documents\My Received Files
[2010/09/12 18:54:58 | 000,850,200 | ---- | C] (DivX, Inc. ) -- C:\Documents and Settings\Administrator\Application Data\DivXInstaller.exe
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/02 10:10:04 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL (1).exe
[2011/05/02 10:09:32 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
[2011/05/02 10:05:15 | 000,576,512 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Administrator\Desktop\aswMBR.exe
[2011/05/02 10:04:00 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-1715567821-725345543-500UA.job
[2011/05/02 09:26:54 | 113,938,578 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/05/02 08:38:02 | 000,081,191 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/05/02 08:37:55 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1659004503-1715567821-725345543-500.job
[2011/05/02 08:37:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/02 08:32:59 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1659004503-1715567821-725345543-500.job
[2011/05/02 08:28:05 | 001,263,721 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\tdsskiller.zip
[2011/05/02 08:26:35 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Administrator\Desktop\GooredFix.exe
[2011/05/02 08:24:08 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/02 08:18:21 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/05/02 08:15:22 | 000,519,680 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTM.exe
[2011/05/02 08:14:19 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\NTREGOPT.lnk
[2011/05/02 08:14:19 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk
[2011/05/01 21:52:45 | 000,000,791 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malware Protection.lnk
[2011/05/01 21:52:37 | 000,926,208 | ---- | M] (BitDefender) -- C:\Documents and Settings\All Users\Application Data\defender.exe
[2011/05/01 21:04:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-1715567821-725345543-500Core.job
[2011/04/30 21:05:08 | 000,002,344 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
[2011/04/30 21:05:08 | 000,002,322 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/04/30 08:49:31 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/04/30 08:49:31 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Spybot - Search & Destroy.lnk
[2011/04/30 08:21:03 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/27 13:50:06 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/04/23 14:54:03 | 000,279,744 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/23 14:43:02 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/23 14:41:28 | 000,463,676 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/23 14:41:28 | 000,080,166 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/22 13:22:37 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/04/22 08:47:52 | 000,013,364 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\y47t1n5644x5845h1ovg73v
[2011/04/22 08:47:52 | 000,013,364 | -HS- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\y47t1n5644x5845h1ovg73v
[2011/04/20 17:36:15 | 000,040,890 | ---- | M] () -- C:\WINDOWS\PeachWLog.XML
[2011/04/20 11:52:30 | 000,062,410 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\phone return.pdf
[2011/04/14 23:06:20 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~18472756
[2011/04/14 23:06:19 | 000,000,152 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~18472756r
[2011/04/14 22:21:18 | 000,000,392 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\18472756
[2011/04/08 21:34:53 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_smhwadb_01005.Wdf
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/02 10:09:32 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
[2011/05/02 08:27:22 | 001,263,721 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\tdsskiller.zip
[2011/05/02 08:14:19 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\NTREGOPT.lnk
[2011/05/02 08:14:19 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk
[2011/05/01 21:52:44 | 000,000,791 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malware Protection.lnk
[2011/04/30 08:49:31 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/04/30 08:49:31 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Spybot - Search & Destroy.lnk
[2011/04/30 08:21:03 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/25 21:00:59 | 000,002,322 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/04/25 21:00:58 | 000,002,344 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
[2011/04/25 20:59:48 | 000,001,010 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-1715567821-725345543-500UA.job
[2011/04/25 20:59:47 | 000,000,958 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-1715567821-725345543-500Core.job
[2011/04/23 14:38:08 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/04/21 19:39:39 | 000,013,364 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\y47t1n5644x5845h1ovg73v
[2011/04/21 19:39:39 | 000,013,364 | -HS- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\y47t1n5644x5845h1ovg73v
[2011/04/20 16:01:52 | 000,040,890 | ---- | C] () -- C:\WINDOWS\PeachWLog.XML
[2011/04/20 11:52:30 | 000,062,410 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\phone return.pdf
[2011/04/14 23:06:19 | 000,000,152 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~18472756r
[2011/04/14 23:06:18 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~18472756
[2011/04/14 22:09:22 | 000,000,392 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\18472756
[2011/04/08 21:34:53 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_smhwadb_01005.Wdf
[2011/01/22 12:51:46 | 000,163,568 | -H-- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/12/27 13:52:13 | 000,058,236 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/08/28 09:08:31 | 000,000,024 | -H-- | C] () -- C:\Documents and Settings\NetworkService\Application Data\hngmfc.dat
[2010/08/21 21:57:01 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll
[2010/08/16 20:30:26 | 000,000,127 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2010/08/16 20:27:50 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/07/27 13:34:31 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/06/25 23:37:17 | 000,002,528 | -H-- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc
[2010/06/09 21:27:42 | 000,000,216 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/06/06 22:52:09 | 000,054,272 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/06 23:09:11 | 000,002,528 | -H-- | C] () -- C:\Documents and Settings\Administrator\Application Data\$_hpcst$.hpc
[2010/03/03 04:16:18 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/03/03 04:11:58 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/03/02 23:05:12 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/03/02 23:04:22 | 000,279,744 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/03/02 18:12:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/03/02 15:41:24 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2010/03/02 15:41:24 | 001,617,920 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2010/03/02 15:41:24 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2010/03/02 15:41:23 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2010/03/02 15:41:23 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2010/03/02 15:41:23 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2010/03/02 15:41:23 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2010/03/02 15:41:23 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2010/03/02 15:41:22 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2010/03/02 15:41:22 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2010/03/02 15:41:22 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2006/02/28 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/28 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 08:00:00 | 000,463,676 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/28 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 08:00:00 | 000,080,166 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/28 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 08:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/28 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/28 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[1999/01/22 14:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/01/12 04:00:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL

========== LOP Check ==========

[2011/02/28 07:03:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AVG10
[2010/07/17 19:26:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/04/22 08:58:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FrostWire
[2011/03/17 08:33:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\KeyingTool
[2010/11/29 20:22:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\NCH Swift Sound
[2011/01/13 18:38:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Research In Motion
[2010/12/22 22:21:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Unity
[2010/06/06 20:43:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Xilisoft
[2011/03/11 16:32:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Ysewt
[2011/03/17 08:32:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ancestry.com
[2011/02/28 07:32:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011/04/14 22:09:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/02/28 06:56:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/08/16 20:27:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\doubleTwist Corporation
[2010/03/02 16:16:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010/11/29 13:03:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leapfrog
[2011/05/01 21:49:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/11/29 20:22:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010/12/13 21:58:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2011/01/13 18:36:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/07/27 13:36:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
[2010/07/12 13:18:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Toolbar4
[2010/04/15 18:04:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/03/19 09:10:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/02/26 09:31:01 | 000,000,300 | ---- | M] () -- C:\WINDOWS\Tasks\doxillionShakeIcon.job
[2010/12/13 11:10:01 | 000,000,298 | ---- | M] () -- C:\WINDOWS\Tasks\expressShakeIcon.job
[2010/12/05 20:28:02 | 000,000,294 | ---- | M] () -- C:\WINDOWS\Tasks\scribeShakeIcon.job
[2011/02/16 17:51:01 | 000,000,294 | ---- | M] () -- C:\WINDOWS\Tasks\switchShakeIcon.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2010/11/25 10:18:55 | 000,835,712 | ---- | M] (WinRecovery Software ) -- C:\cardrecovery_setup.exe
[2010/11/29 19:39:16 | 000,860,744 | ---- | M] (NCH Software) -- C:\essetup.exe


< MD5 for: EXPLORER.EXE >
[2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2006/02/28 08:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 06:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 06:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2006/02/28 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2006/02/28 08:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 06:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 06:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2006/02/28 08:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/14 06:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 06:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "G:\FireFox\uninstall\helper.exe" /HideShortcuts
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "G:\FireFox\uninstall\helper.exe" /ShowShortcuts
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "G:\FireFox\uninstall\helper.exe" /SetAsDefaultAppGlobal
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: G:\FireFox\firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "G:\FireFox\firefox.exe" -preferences
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "G:\FireFox\firefox.exe" -safe-mode
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/04/28 06:15:17 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/04/28 06:15:17 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/04/28 06:15:17 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/04/28 06:15:17 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/18 07:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/18 07:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/18 07:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2010/11/03 20:11:24 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2010/11/03 20:11:24 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2010/11/03 20:11:24 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2010/11/03 20:11:24 | 002,388,264 | ---- | M] (Apple Inc.)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "G:\FireFox\uninstall\helper.exe" /HideShortcuts
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "G:\FireFox\uninstall\helper.exe" /ShowShortcuts
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "G:\FireFox\uninstall\helper.exe" /SetAsDefaultAppGlobal
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: G:\FireFox\firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "G:\FireFox\firefox.exe" -preferences
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "G:\FireFox\firefox.exe" -safe-mode
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/04/28 06:15:17 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/04/28 06:15:17 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/04/28 06:15:17 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/04/28 06:15:17 | 001,010,232 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/18 07:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/18 07:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/18 07:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2010/11/03 20:11:24 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2010/11/03 20:11:24 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2010/11/03 20:11:24 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2010/11/03 20:11:24 | 002,388,264 | ---- | M] (Apple Inc.)

< End of report >

Extras:
OTL Extras logfile created on: 5/2/2011 10:12:01 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.00 Mb Total Physical Memory | 400.00 Mb Available Physical Memory | 42.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 124.17 Gb Free Space | 55.74% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.97 Gb Free Space | 59.70% Space Free | Partition Type: NTFS
Drive E: | 3.83 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MIKEF-052DB53A0 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"5910:TCP" = 5910:TCP:*:Enabled:vnc5910
"4481:TCP" = 4481:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync data transfer
"4481:UDP" = 4481:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync discovery
"4482:TCP" = 4482:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync data transfer
"4482:UDP" = 4482:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync discovery

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe" = C:\Program Files\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe:*:Enabled:LeapFrog Connect -- (LeapFrog Enterprises, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox -- (Mozilla Corporation)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
"F:\SecondLifeViewer2\SLVoice.exe" = F:\SecondLifeViewer2\SLVoice.exe:*:Enabled:SLVoice
"I:\SecondLifeViewer2\SLVoice.exe" = I:\SecondLifeViewer2\SLVoice.exe:*:Enabled:SLVoice
"C:\Documents and Settings\Administrator\My Documents\Jake\SecondLifeViewer2\SLVoice.exe" = C:\Documents and Settings\Administrator\My Documents\Jake\SecondLifeViewer2\SLVoice.exe:*:Enabled:SLVoice
"F:\FLASHDRIVE\SecondLifeViewer2\SLVoice.exe" = F:\FLASHDRIVE\SecondLifeViewer2\SLVoice.exe:*:Enabled:SLVoice
"C:\Documents and Settings\Administrator\Local Settings\Application Data\CrossLoop\vncviewer.exe" = C:\Documents and Settings\Administrator\Local Settings\Application Data\CrossLoop\vncviewer.exe:*:Enabled:vncviewer.exe -- (UltraVNC)
"F:\FLASHDRIVE\MediaPlayerSetup.exe" = F:\FLASHDRIVE\MediaPlayerSetup.exe:*:Enabled:Video Player
"C:\Documents and Settings\Administrator\My Documents\Jake\Halo CE CE\haloce.exe" = C:\Documents and Settings\Administrator\My Documents\Jake\Halo CE CE\haloce.exe:*:Enabled:Halo
"C:\Program Files\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe" = C:\Program Files\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe:*:Enabled:LeapFrog Connect -- (LeapFrog Enterprises, Inc.)
"G:\FrostWire\FrostWire.exe" = G:\FrostWire\FrostWire.exe:*:Enabled:FrostWire
"C:\Documents and Settings\Administrator\Application Data\U3\0000183D877512CF\0DE4F643-C398-46ec-9339-2362F2311932\Exec\skype.exe" = C:\Documents and Settings\Administrator\Application Data\U3\0000183D877512CF\0DE4F643-C398-46ec-9339-2362F2311932\Exec\skype.exe:*:Enabled:Skype. Take a deep breath
"H:\FrostWire\FrostWire.exe" = H:\FrostWire\FrostWire.exe:*:Enabled:FrostWire
"G:\Halo CE CE\haloce.exe" = G:\Halo CE CE\haloce.exe:*:Enabled:Halo
"C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe" = C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe:*:Enabled:BlackBerry Desktop Software -- (Research In Motion)
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgdiagex.exe" = C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW® Graphics Suite X4
"_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW® Graphics Suite X4 - Windows Shell Extension
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{1A9DAB4D-46CD-4CBF-A9FC-28D8AA8D2FCF}" = CorelDRAW Graphics Suite X4 - Lang BR
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 18
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{612B9183-67A9-4B44-9877-2F059E35B86A}" = Broadcom 440x 10/100 Integrated Controller
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{7F05E704-30A6-421A-97A7-8EEB1C7FF000}" = CorelDRAW Graphics Suite X4
"{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW Graphics SUite X4 - ICA
"{7F05E704-30A6-421A-97A7-8EEB1C7FF012}" = CorelDRAW Graphics Suite X4 - Capture
"{7F05E704-30A6-421A-97A7-8EEB1C7FF013}" = CorelDRAW Graphics Suite X4 - Draw
"{7F05E704-30A6-421A-97A7-8EEB1C7FF014}" = CorelDRAW Graphics Suite X4 - PP
"{7F05E704-30A6-421A-97A7-8EEB1C7FF016}" = CorelDRAW Graphics Suite X4 - Content
"{7F05E704-30A6-421A-97A7-8EEB1C7FF017}" = CorelDRAW Graphics Suite X4 - Filters
"{7F05E704-30A6-421A-97A7-8EEB1C7FF019}" = CorelDRAW Graphics Suite X4 - FontNav
"{7F05E704-30A6-421A-97A7-8EEB1C7FF100}" = CorelDRAW Graphics Suite X4 - Lang EN
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84A78614-0E4B-4A4E-BA8C-2B0A05A08E4E}" = BlackBerry Desktop Software 6.0.1
"{88D68A69-D247-466B-90DD-575F6BE16230}_is1" = CardRecovery 5.30
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D0798D0-AF6C-4E62-94B1-AEBF1A43E00A}" = CorelDRAW Graphics Suite X4 - IPM
"{9D306690-3173-42CD-94C6-9EF9318AF24B}" = CorelDRAW Graphics Suite X4 - Lang FR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3AEF776-7FFF-4C50-A402-9119E3849EE0}" = AVG 2011
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B61D21B6-469D-4423-B161-62DB20B8A70E}" = Visual Basic for Applications ® Core - English
"{BB77DC4C-B818-4FD4-8D1D-5D3B617B78B4}" = LeapFrog My Pals Plugin
"{BF439B41-0252-48DE-8B8B-0430CB26A181}" = CorelDRAW Graphics Suite X4 - VBA
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3D03E8A-2E48-40EB-9ACD-A34AAECBFD22}" = BlackBerry Device Software v6.0.0 for the BlackBerry 9780 smartphone
"{C6359569-E03E-4CDC-98E8-CDD080C6EEB5}" = LeapFrog Connect
"{C8F7C1E5-0150-11D6-A96C-00D05908F85D}" = USB Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW® Graphics Suite X4 - Windows Shell Extension
"{D2827848-7D2A-4547-9AD1-C965FB3E6344}" = CorelDRAW Graphics Suite X4 - Lang ES
"{D4E53304-1F6C-4111-9872-1BCD2CF5B642}" = AVG 2011
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{DB81779E-7CC5-4630-BCFC-754004956444}" = Visual Basic for Applications ® Core
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E7C97E98-4C2D-BEAF-5D2F-CC45A2F95D90}" = Acrobat.com
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{FAE36873-1941-4076-A9A5-48812B5EA0B7}" = iTunes
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVG" = AVG 2011
"AviSynth" = AviSynth 2.5
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0.1
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CrossLoop_is1" = CrossLoop 2.73
"DivX Setup.divx.com" = DivX Setup
"Doxillion" = Doxillion Document Converter
"ERUNT_is1" = ERUNT 1.1j
"Express" = Express Dictate
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MyPalsPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog My Pals Plugin)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"RealPlayer 12.0" = RealPlayer
"Scribe" = Express Scribe
"Switch" = Switch Sound File Converter
"UPCShell" = LeapFrog Connect
"VLC media player" = VideoLAN VLC media player 0.8.6f
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = Roblox for Administrator
"Google Chrome" = Google Chrome
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/22/2010 4:37:33 PM | Computer Name = MIKEF-052DB53A0 | Source = Application Error | ID = 1000
Description = Faulting application powder.exe, version 0.0.0.0, faulting module
msvcr100d.dll, version 10.0.30319.1, fault address 0x0004c9d0.

Error - 12/23/2010 7:51:10 AM | Computer Name = MIKEF-052DB53A0 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.

Error - 12/24/2010 2:48:04 AM | Computer Name = MIKEF-052DB53A0 | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.2.3989, faulting module
unknown, version 0.0.0.0, fault address 0xbf80d2bd.

Error - 12/27/2010 10:55:24 PM | Computer Name = MIKEF-052DB53A0 | Source = Application Error | ID = 1000
Description = Faulting application powder.exe, version 0.0.0.0, faulting module
msvcr100d.dll, version 10.0.30319.1, fault address 0x0004c9d0.

Error - 12/27/2010 10:55:37 PM | Computer Name = MIKEF-052DB53A0 | Source = Application Error | ID = 1000
Description = Faulting application powder.exe, version 0.0.0.0, faulting module
msvcr100d.dll, version 10.0.30319.1, fault address 0x0004c9d0.

Error - 12/27/2010 10:55:57 PM | Computer Name = MIKEF-052DB53A0 | Source = Application Error | ID = 1000
Description = Faulting application powder.exe, version 0.0.0.0, faulting module
msvcr100d.dll, version 10.0.30319.1, fault address 0x0004c9d0.

Error - 12/27/2010 10:56:01 PM | Computer Name = MIKEF-052DB53A0 | Source = Application Error | ID = 1000
Description = Faulting application powder.exe, version 0.0.0.0, faulting module
msvcr100d.dll, version 10.0.30319.1, fault address 0x0004c9d0.

Error - 12/28/2010 12:00:59 AM | Computer Name = MIKEF-052DB53A0 | Source = Halo | ID = 1000
Description =

Error - 12/28/2010 10:44:57 PM | Computer Name = MIKEF-052DB53A0 | Source = .NET Runtime | ID = 1023
Description = .NET Runtime version 2.0.50727.3615 - Fatal Execution Engine Error
(7A0979AE) (80131506)

Error - 12/28/2010 10:45:05 PM | Computer Name = MIKEF-052DB53A0 | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application doubletwist.devicehelper.exe, version 2.7.0.0,
stamp 4c041e57, faulting module mscorwks.dll, version 2.0.50727.3615, stamp 4be902c7,
debug? 0, fault address 0x00159cf9.

[ System Events ]
Error - 4/23/2011 2:42:39 PM | Computer Name = MIKEF-052DB53A0 | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 192.168.0.101
with the system having network hardware address 00:12:FB:2F:83:D8. Network operations
on this system may be disrupted as a result.

Error - 4/24/2011 10:09:40 AM | Computer Name = MIKEF-052DB53A0 | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 192.168.0.101
with the system having network hardware address 00:12:FB:2F:83:D8. Network operations
on this system may be disrupted as a result.

Error - 4/24/2011 10:29:39 AM | Computer Name = MIKEF-052DB53A0 | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 192.168.0.101
with the system having network hardware address 00:12:FB:2F:83:D8. Network operations
on this system may be disrupted as a result.

Error - 4/24/2011 12:26:52 PM | Computer Name = MIKEF-052DB53A0 | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 192.168.0.101
with the system having network hardware address 00:12:FB:2F:83:D8. Network operations
on this system may be disrupted as a result.

Error - 5/2/2011 8:18:20 AM | Computer Name = MIKEF-052DB53A0 | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 5/2/2011 8:18:20 AM | Computer Name = MIKEF-052DB53A0 | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 5/2/2011 8:18:20 AM | Computer Name = MIKEF-052DB53A0 | Source = Service Control Manager | ID = 7034
Description = The LeapFrog Connect Device Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 5/2/2011 8:18:20 AM | Computer Name = MIKEF-052DB53A0 | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 5/2/2011 8:18:20 AM | Computer Name = MIKEF-052DB53A0 | Source = Service Control Manager | ID = 7034
Description = The Bonjour Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 5/2/2011 8:18:20 AM | Computer Name = MIKEF-052DB53A0 | Source = Service Control Manager | ID = 7034
Description = The CrossLoop Service service terminated unexpectedly. It has done
this 1 time(s).


< End of report >

Thanks again!
  • 0

#4
Essexboy
Posted 02 May 2011 - 08:30 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
On completion of this run could you retry TDSSKiller again please - If it should fail I will need you to remove AVG before we can proceed

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O4 - HKCU..\Run: [Malware Protection] C:\Documents and Settings\All Users\Application Data\defender.exe (BitDefender)
    [2011/05/01 21:52:36 | 000,926,208 | ---- | C] (BitDefender) -- C:\Documents and Settings\All Users\Application Data\defender.exe
    [2011/05/01 21:52:45 | 000,000,791 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malware Protection.lnk
    [2011/05/01 21:52:37 | 000,926,208 | ---- | M] (BitDefender) -- C:\Documents and Settings\All Users\Application Data\defender.exe
    [2011/04/22 08:47:52 | 000,013,364 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\y47t1n5644x5845h1ovg73v
    [2011/04/22 08:47:52 | 000,013,364 | -HS- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\y47t1n5644x5845h1ovg73v
    [2011/04/14 23:06:20 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~18472756
    [2011/04/14 23:06:19 | 000,000,152 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~18472756r
    [2011/04/14 22:21:18 | 000,000,392 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\18472756
    [2011/05/01 21:52:44 | 000,000,791 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malware Protection.lnk
    [2011/04/21 19:39:39 | 000,013,364 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\y47t1n5644x5845h1ovg73v
    [2011/04/21 19:39:39 | 000,013,364 | -HS- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\y47t1n5644x5845h1ovg73v
    [2011/04/14 23:06:19 | 000,000,152 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~18472756r
    [2011/04/14 23:06:18 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~18472756
    [2011/04/14 22:09:22 | 000,000,392 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\18472756

    :Files
    ipconfig /flushdns /c
    C:\Documents and Settings\All Users\Application Data\y47t1n5644x5845h1ovg73v
    C:\Documents and Settings\Administrator\Local Settings\Application Data\y47t1n5644x5845h1ovg73v

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Run TDSSKiller again please
  • 0

#5
TFriend
Posted 02 May 2011 - 08:51 AM

TFriend

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
I tried to run TDSS but again, it wouldn't start. So I then tried to uninstall AVG, the process started and then shut down and now I cannot open anything again. I get the same message as before: 32/Blaster.worm. Should I reboot and try again or do something else? This is driving me crazy!
  • 0

#6
Essexboy
Posted 02 May 2011 - 08:54 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Looks like we have a new variant here - reboot and I will use a different programme



Download Dr Web from here http://www.freedrweb.com/?lng=en link on the top right of the page, tick the EULA and then download

It will download as an 8 digit file save it to your desktop

Restart in safe mode and run
Accept the enhanced version
Then run the quick scan
About halfway through you will be prompted to buy - just X the box closed
Once finished it will generate a log please attach that
  • 0

#7
TFriend
Posted 02 May 2011 - 10:26 AM

TFriend

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
I hope this works- I had to save it to a flashdrive while in safe mode.

=============================================================================
Dr.Web Scanner for Windows v6.00.8 (6.00.8.03140)
© Doctor Web, Ltd., 1992-2011
Log generated on: 2011-05-02, 11:16:27 [Administrator]
Command line: "C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\07885_xp.exe" /lng /ini:setup_xp.ini /fast
Operating system: Windows XP Professional x86 (Build 2600), Service Pack 3
=============================================================================
DwShield started
Engine version: 5.00 (5.00.2.03300)
Engine API version: 2.02
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\29630369 - 1975 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\e63ec017 - 1 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\cb12a38c - 24447 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\9b3d620a - 21471 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\a4d25cf0 - 17824 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\fe008b16 - 18737 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\57dbe365 - 8998 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\0d842d1a - 9352 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\2c62c0cc - 4901 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\ec1fee60 - 7472 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\f8e1abe1 - 13720 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\5e923b2a - 12944 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\5b943fbf - 17300 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\b024b18d - 17443 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\06be8b9f - 18483 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\130dddb1 - 14834 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\ad609f8f - 14185 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\6d72e70b - 13370 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\3b4c18ee - 7482 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\859fa31f - 11624 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\0dc96967 - 10523 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\c101e152 - 10122 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\55bcb70a - 10453 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\5b2dc336 - 10778 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\2707c49d - 9822 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\89c125fb - 14045 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\49749972 - 7028 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\e8aca8b9 - 8674 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\40cf462c - 8626 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\20b2863a - 8231 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\29e32b6e - 10397 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\b6dbe4d6 - 11234 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\e31ad6b1 - 10356 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\0dd0fc52 - 11383 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\eadf9692 - 8957 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\1866fae4 - 11015 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\f07dbaa2 - 11168 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\70383a4a - 7798 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\5e293074 - 7873 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\89d8ef15 - 6904 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\73cfb089 - 6503 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\9aaae60e - 9823 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\b55bf129 - 7572 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\569f856f - 6996 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\4ae5d743 - 16360 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\e58e671e - 29168 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\2a71a035 - 34202 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\f2baa6fe - 28292 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\ec371383 - 27164 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\84308731 - 25131 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\345bba19 - 31464 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\b6e9adce - 18281 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\c661837b - 18009 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\266abe77 - 24685 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\dcf7e43c - 13651 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\2ea379f8 - 16025 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\8fcb6075 - 15644 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\956b04f7 - 23265 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\d9842ac7 - 23135 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\57f8ddf1 - 20510 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\9644a867 - 25475 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\35ca3d92 - 16298 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\5f4302c7 - 19357 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\695998bf - 18381 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\4e61a935 - 19562 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\a35bff68 - 27102 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\231addc5 - 21223 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\8c8ea2bd - 24847 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\4f7ebb91 - 23251 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\31096d92 - 14982 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\0565ede0 - 16778 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\f8719a21 - 18725 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\24e72805 - 18429 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\fed9a01c - 6220 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\bb44e28f - 142240 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\a98e1605 - 66726 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\f91951c6 - 24512 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\6ff44cec - 82762 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\70301e34 - 508543 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\83d2c05e - 1283 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\5d429a45 - 1578 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\42f980fe - 1959 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\4d256eb9 - 2033 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\725605b9 - 1812 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\d734f5d0 - 1738 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\9823d60a - 1885 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\25692e92 - 2091 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\7fad5c86 - 1569 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\437712cd - 1834 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\bdd27f42 - 2057 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\05a26934 - 1819 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\494c195a - 2229 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\e6296f40 - 1833 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\77b796fb - 1614 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\4e38bda6 - 2297 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\e5122ecc - 2110 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\706922c0 - 2007 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\f9459288 - 2370 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\feba28b3 - 2241 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\8022bb8d - 2596 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\f8605730 - 2024 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\2c308258 - 1609 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\d19b9492 - 1471 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\14a8f450 - 1445 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\10b95d51 - 1895 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\391c12cf - 2312 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\e51d7644 - 3006 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\33b35c93 - 2146 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\f1c863c3 - 1714 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\89c5acc4 - 2095 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\9e787114 - 2715 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\d8eacacb - 2545 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\0bc452ca - 2801 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\2e90c9ea - 6197 virus records
[Virus database] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\226092ce - 28348 virus records
Total virus records: 2046521
[Self-checking] C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\07885_xp.exe
Key file: C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\setup.key
License key number: 0013622856
Registered to: An unauthorized User
License key activates on: 2011-03-10
License key expires on: 2012-03-11
Process in memory: System:4 - OK
Process in memory: \SystemRoot\System32\smss.exe:168 - OK
Process in memory: \??\C:\WINDOWS\system32\csrss.exe:232 - OK
Process in memory: \??\C:\WINDOWS\system32\winlogon.exe:256 - OK
Process in memory: C:\WINDOWS\system32\services.exe:300 - OK
Process in memory: C:\WINDOWS\system32\lsass.exe:316 - OK
Process in memory: C:\WINDOWS\system32\svchost.exe:488 - OK
Process in memory: C:\WINDOWS\system32\svchost.exe:532 - OK
Process in memory: C:\WINDOWS\system32\svchost.exe:584 - OK
[Memory scanning] Process in memory: C:\WINDOWS\Explorer.EXE:832 infected with BackDoor.Tdss.565 - eradicated
Process in memory: C:\WINDOWS\Explorer.EXE:832 - OK
Process in memory: C:\Documents and Settings\Administrator\Desktop\5ba74879.exe:1128 - OK
Process in memory: C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\4087db.exe:1232 - OK
Process in memory: C:\Documents and Settings\Administrator\Local Settings\Temp\7504A284-25D0A6C6-6ED4187-16DF50A4\07885_xp.exe:1248 - OK
Master Boot Record HDD1 - OK
Active OS/2 or WinNT Boot Sector HDD1 - OK

[Scan path] C:\WINDOWS\system32
C:\WINDOWS\system32\$winnt$.inf - OK
C:\WINDOWS\system32\12520437.cpx - OK
C:\WINDOWS\system32\12520850.cpx - OK
C:\WINDOWS\system32\6to4svc.dll - OK
C:\WINDOWS\system32\aaaamon.dll - OK
C:\WINDOWS\system32\aaclient.dll - OK
C:\WINDOWS\system32\access.cpl - OK
C:\WINDOWS\system32\acctres.dll - OK
C:\WINDOWS\system32\accwiz.exe - OK
C:\WINDOWS\system32\acelpdec.ax - OK
C:\WINDOWS\system32\acledit.dll - OK
C:\WINDOWS\system32\aclui.dll - OK
C:\WINDOWS\system32\activeds.dll - OK
C:\WINDOWS\system32\activeds.tlb - OK
C:\WINDOWS\system32\actmovie.exe - OK
C:\WINDOWS\system32\actxprxy.dll - OK
C:\WINDOWS\system32\admparse.dll - OK
C:\WINDOWS\system32\adptif.dll - OK
C:\WINDOWS\system32\adsldp.dll - OK
C:\WINDOWS\system32\adsldpc.dll - OK
C:\WINDOWS\system32\adsmsext.dll - OK
C:\WINDOWS\system32\adsnds.dll - OK
C:\WINDOWS\system32\adsnt.dll - OK
C:\WINDOWS\system32\adsnw.dll - OK
C:\WINDOWS\system32\advapi32.dll - OK
C:\WINDOWS\system32\advpack.dll - OK
C:\WINDOWS\system32\advpack.dll.mui - OK
C:\WINDOWS\system32\ahui.exe - OK
C:\WINDOWS\system32\alg.exe - OK
C:\WINDOWS\system32\alrsvc.dll - OK
C:\WINDOWS\system32\amcompat.tlb - OK
C:\WINDOWS\system32\amstream.dll - OK
C:\WINDOWS\system32\ansi.sys - OK
C:\WINDOWS\system32\apcups.dll - OK
C:\WINDOWS\system32\append.exe - OK
C:\WINDOWS\system32\apphelp.dll - OK
C:\WINDOWS\system32\appmgmts.dll - OK
C:\WINDOWS\system32\appmgr.dll - OK
C:\WINDOWS\system32\appwiz.cpl - archive BINARYRES
>C:\WINDOWS\system32\appwiz.cpl/data001 - OK
>C:\WINDOWS\system32\appwiz.cpl/data002 - OK
>C:\WINDOWS\system32\appwiz.cpl/data003 - archive HTML
>>C:\WINDOWS\system32\appwiz.cpl/data003/JavaScript.0 - OK
>C:\WINDOWS\system32\appwiz.cpl/data003 - OK
>C:\WINDOWS\system32\appwiz.cpl/data004 - archive HTML
>>C:\WINDOWS\system32\appwiz.cpl/data004/JavaScript.0 - OK
>C:\WINDOWS\system32\appwiz.cpl/data004 - OK
>C:\WINDOWS\system32\appwiz.cpl/data005 - OK
>C:\WINDOWS\system32\appwiz.cpl/data006 - archive HTML
>>C:\WINDOWS\system32\appwiz.cpl/data006/JavaScript.0 - OK
>C:\WINDOWS\system32\appwiz.cpl/data006 - OK
>C:\WINDOWS\system32\appwiz.cpl/data007 - OK
>C:\WINDOWS\system32\appwiz.cpl/data008 - archive HTML
>>C:\WINDOWS\system32\appwiz.cpl/data008/JavaScript.0 - OK
>C:\WINDOWS\system32\appwiz.cpl/data008 - OK
>C:\WINDOWS\system32\appwiz.cpl/data009 - archive HTML
>>C:\WINDOWS\system32\appwiz.cpl/data009/JavaScript.0 - OK
>C:\WINDOWS\system32\appwiz.cpl/data009 - OK
>C:\WINDOWS\system32\appwiz.cpl/data010 - OK
>C:\WINDOWS\system32\appwiz.cpl/data011 - archive HTML
>>C:\WINDOWS\system32\appwiz.cpl/data011/JavaScript.0 - OK
>C:\WINDOWS\system32\appwiz.cpl/data011 - OK
>C:\WINDOWS\system32\appwiz.cpl/data012 - archive HTML
>>C:\WINDOWS\system32\appwiz.cpl/data012/JavaScript.0 - OK
>C:\WINDOWS\system32\appwiz.cpl/data012 - OK
>C:\WINDOWS\system32\appwiz.cpl/data013 - OK
>C:\WINDOWS\system32\appwiz.cpl/data014 - archive HTML
>>C:\WINDOWS\system32\appwiz.cpl/data014/javascript.0 - OK
>C:\WINDOWS\system32\appwiz.cpl/data014 - OK
>C:\WINDOWS\system32\appwiz.cpl/data015 - archive HTML
>>C:\WINDOWS\system32\appwiz.cpl/data015/javascript.0 - OK
>C:\WINDOWS\system32\appwiz.cpl/data015 - OK
>C:\WINDOWS\system32\appwiz.cpl/data016 - archive HTML
>>C:\WINDOWS\system32\appwiz.cpl/data016/javascript.0 - OK
>C:\WINDOWS\system32\appwiz.cpl/data016 - OK
C:\WINDOWS\system32\appwiz.cpl - OK
C:\WINDOWS\system32\arp.exe - OK
C:\WINDOWS\system32\asctrls.ocx - OK
C:\WINDOWS\system32\asferror.dll - OK
C:\WINDOWS\system32\asr_fmt.exe - OK
C:\WINDOWS\system32\asr_ldm.exe - OK
C:\WINDOWS\system32\asr_pfu.exe - OK
C:\WINDOWS\system32\asycfilt.dll - OK
C:\WINDOWS\system32\at.exe - OK
C:\WINDOWS\system32\ati2cqag.dll - OK
C:\WINDOWS\system32\ati2dvaa.dll - OK
C:\WINDOWS\system32\ati2dvag.dll - OK
C:\WINDOWS\system32\ati3d1ag.dll - OK
C:\WINDOWS\system32\ati3duag.dll - OK
C:\WINDOWS\system32\ativdaxx.ax - OK
C:\WINDOWS\system32\ativmvxx.ax - OK
C:\WINDOWS\system32\ativtmxx.dll - OK
C:\WINDOWS\system32\ativvaxx.dll - OK
C:\WINDOWS\system32\atkctrs.dll - OK
C:\WINDOWS\system32\atl.dll - OK
C:\WINDOWS\system32\atl71.dll - OK
C:\WINDOWS\system32\atmadm.exe - OK
C:\WINDOWS\system32\atmfd(3).dll - OK
C:\WINDOWS\system32\atmfd.dll - OK
C:\WINDOWS\system32\atmlib.dll - OK
C:\WINDOWS\system32\atmpvcno.dll - OK
C:\WINDOWS\system32\atrace.dll - OK
C:\WINDOWS\system32\attrib.exe - OK
C:\WINDOWS\system32\audiodev.dll packed by PESTUB
>C:\WINDOWS\system32\audiodev.dll - OK
C:\WINDOWS\system32\audiosrv.dll - OK
C:\WINDOWS\system32\auditusr.exe - OK
C:\WINDOWS\system32\authz.dll - OK
C:\WINDOWS\system32\autochk.exe - OK
C:\WINDOWS\system32\autoconv.exe - OK
C:\WINDOWS\system32\autodisc.dll - OK
C:\WINDOWS\system32\AUTOEXEC.NT - OK
C:\WINDOWS\system32\autofmt.exe - OK
C:\WINDOWS\system32\autolfn.exe packed by FLY-CODE
>C:\WINDOWS\system32\autolfn.exe - OK
C:\WINDOWS\system32\avicap.dll - OK
C:\WINDOWS\system32\avicap32.dll - OK
C:\WINDOWS\system32\avifil32.dll - OK
C:\WINDOWS\system32\avifile.dll - OK
C:\WINDOWS\system32\avisynth.dll packed by UPX
>C:\WINDOWS\system32\avisynth.dll - OK
C:\WINDOWS\system32\avmeter.dll - OK
C:\WINDOWS\system32\avtapi.dll - OK
C:\WINDOWS\system32\avwav.dll - OK
C:\WINDOWS\system32\azroles.dll - OK
C:\WINDOWS\system32\Band4 - OK
C:\WINDOWS\system32\basesrv.dll - OK
C:\WINDOWS\system32\batmeter.dll - OK
C:\WINDOWS\system32\batt.dll - OK
C:\WINDOWS\system32\bidispl.dll - OK
C:\WINDOWS\system32\bios1.rom - OK
C:\WINDOWS\system32\bios4.rom - OK
C:\WINDOWS\system32\bitsprx2.dll - OK
C:\WINDOWS\system32\bitsprx3.dll - OK
C:\WINDOWS\system32\bitsprx4.dll - OK
C:\WINDOWS\system32\blackbox.dll - OK
C:\WINDOWS\system32\blastcln.exe - OK
C:\WINDOWS\system32\bootcfg.exe - OK
C:\WINDOWS\system32\bootok.exe - OK
C:\WINDOWS\system32\bootvid.dll - OK
C:\WINDOWS\system32\bootvrfy.exe - OK
C:\WINDOWS\system32\bopomofo.uce - OK
C:\WINDOWS\system32\browselc.dll - archive BINARYRES
>C:\WINDOWS\system32\browselc.dll/data001 - OK
>C:\WINDOWS\system32\browselc.dll/data002 - OK
>C:\WINDOWS\system32\browselc.dll/data003 - OK
>C:\WINDOWS\system32\browselc.dll/data004 - archive HTML
>>C:\WINDOWS\system32\browselc.dll/data004/Script.0 - OK
>C:\WINDOWS\system32\browselc.dll/data004 - OK
>C:\WINDOWS\system32\browselc.dll/data005 - OK
>C:\WINDOWS\system32\browselc.dll/data006 - OK
>C:\WINDOWS\system32\browselc.dll/data007 - OK
>C:\WINDOWS\system32\browselc.dll/data008 - archive HTML
>>C:\WINDOWS\system32\browselc.dll/data008/Script.0 - OK
>C:\WINDOWS\system32\browselc.dll/data008 - OK
>C:\WINDOWS\system32\browselc.dll/data009 - OK
>C:\WINDOWS\system32\browselc.dll/data010 - OK
>C:\WINDOWS\system32\browselc.dll/data011 - OK
>C:\WINDOWS\system32\browselc.dll/data012 - archive HTML
>>C:\WINDOWS\system32\browselc.dll/data012/Script.0 - OK
>C:\WINDOWS\system32\browselc.dll/data012 - OK
>C:\WINDOWS\system32\browselc.dll/data013 packed by ZLIB
>>C:\WINDOWS\system32\browselc.dll/data013 - archive BINARYRES
>>>C:\WINDOWS\system32\browselc.dll/data013/data001 - OK
>>C:\WINDOWS\system32\browselc.dll/data013 - OK
C:\WINDOWS\system32\browselc.dll - OK
C:\WINDOWS\system32\browser.dll - OK
C:\WINDOWS\system32\browseui.dll - OK
C:\WINDOWS\system32\browsewm.dll - OK
C:\WINDOWS\system32\bthci.dll - OK
C:\WINDOWS\system32\bthprops.cpl - OK
C:\WINDOWS\system32\bthserv.dll - OK
C:\WINDOWS\system32\btpanui.dll - OK
C:\WINDOWS\system32\btwapi.dll - OK
C:\WINDOWS\system32\cabinet.dll - OK
C:\WINDOWS\system32\cabview.dll - OK
C:\WINDOWS\system32\cacls.exe - OK
C:\WINDOWS\system32\calc.exe - OK
C:\WINDOWS\system32\camocx.dll - OK
C:\WINDOWS\system32\capesnpn.dll - OK
C:\WINDOWS\system32\cards.dll - OK
C:\WINDOWS\system32\catsrv.dll - OK
C:\WINDOWS\system32\catsrvps.dll - OK
C:\WINDOWS\system32\catsrvut.dll - OK
C:\WINDOWS\system32\ccfgnt.dll - OK
C:\WINDOWS\system32\cdfview.dll - archive BINARYRES
>C:\WINDOWS\system32\cdfview.dll/data001 - archive HTML
>>C:\WINDOWS\system32\cdfview.dll/data001/JavaScript.0 - OK
>>C:\WINDOWS\system32\cdfview.dll/data001/JavaScript.1 - OK
>C:\WINDOWS\system32\cdfview.dll/data001 - OK
>C:\WINDOWS\system32\cdfview.dll/data002 - archive HTML
>>C:\WINDOWS\system32\cdfview.dll/data002/JavaScript.0 - OK
>>C:\WINDOWS\system32\cdfview.dll/data002/JavaScript.1 - OK
>C:\WINDOWS\system32\cdfview.dll/data002 - OK
>C:\WINDOWS\system32\cdfview.dll/data003 - OK
C:\WINDOWS\system32\cdfview.dll - OK
C:\WINDOWS\system32\cdm.dll - OK
C:\WINDOWS\system32\cdmodem.dll - OK
C:\WINDOWS\system32\cdosys.dll - archive BINARYRES
>C:\WINDOWS\system32\cdosys.dll/data001 - OK
>C:\WINDOWS\system32\cdosys.dll/data002 - OK
C:\WINDOWS\system32\cdosys.dll - OK
C:\WINDOWS\system32\cdplayer.exe.manifest - OK
C:\WINDOWS\system32\certcli.dll - OK
C:\WINDOWS\system32\certmgr.dll - OK
C:\WINDOWS\system32\certmgr.msc - OK
C:\WINDOWS\system32\cewmdm.dll packed by PESTUB
>C:\WINDOWS\system32\cewmdm.dll - OK
C:\WINDOWS\system32\cfgbkend.dll - OK
C:\WINDOWS\system32\cfgmgr32.dll - OK
C:\WINDOWS\system32\charmap.exe - OK
C:\WINDOWS\system32\chcp.com - OK
C:\WINDOWS\system32\chkdsk.exe - OK
C:\WINDOWS\system32\chkntfs.exe - OK
C:\WINDOWS\system32\ciadmin.dll - OK
C:\WINDOWS\system32\ciadv.msc - OK
C:\WINDOWS\system32\cic.dll - OK
C:\WINDOWS\system32\cidaemon.exe - OK
C:\WINDOWS\system32\ciodm.dll - OK
C:\WINDOWS\system32\cipher.exe - OK
C:\WINDOWS\system32\cisvc.exe - OK
C:\WINDOWS\system32\ckcnv.exe - OK
C:\WINDOWS\system32\Class14 - OK
C:\WINDOWS\system32\clb.dll - OK
C:\WINDOWS\system32\clbcatex.dll - OK
C:\WINDOWS\system32\clbcatq.dll - OK
C:\WINDOWS\system32\cleanmgr.exe - OK
C:\WINDOWS\system32\cliconf.chm - archive CHM
>C:\WINDOWS\system32\cliconf.chm/#IDXHDR - OK
>C:\WINDOWS\system32\cliconf.chm/#ITBITS - OK
>C:\WINDOWS\system32\cliconf.chm/#IVB - OK
>C:\WINDOWS\system32\cliconf.chm/#STRINGS - OK
>C:\WINDOWS\system32\cliconf.chm/#SYSTEM - OK
>C:\WINDOWS\system32\cliconf.chm/#TOCIDX - OK
>C:\WINDOWS\system32\cliconf.chm/#TOPICS - OK
>C:\WINDOWS\system32\cliconf.chm/#URLSTR - OK
>C:\WINDOWS\system32\cliconf.chm/#URLTBL - OK
>C:\WINDOWS\system32\cliconf.chm/#WINDOWS - OK
>C:\WINDOWS\system32\cliconf.chm/$FIftiMain - OK
>C:\WINDOWS\system32\cliconf.chm/$OBJINST - OK
>C:\WINDOWS\system32\cliconf.chm/$WWAssociativeLinks/Property - OK
>C:\WINDOWS\system32\cliconf.chm/$WWKeywordLinks/Property - OK
>C:\WINDOWS\system32\cliconf.chm/_add_(or_edit)_via_library_configuration.htm - OK
>C:\WINDOWS\system32\cliconf.chm/_appletalk_protocol_default_value_setup.htm - OK
>C:\WINDOWS\system32\cliconf.chm/_banyan_vines_protocol_default_value_setup.htm - OK
>C:\WINDOWS\system32\cliconf.chm/_helphow_to_alias_a_client_to_an_alternate_pipe.htm - OK
>C:\WINDOWS\system32\cliconf.chm/_helphow_to_check_the_library_version_numbers.htm - OK
>C:\WINDOWS\system32\cliconf.chm/_helphow_to_use_the_windows_sockets_net.2d.library_.28.windows.2d_.or_windows_nt.2d.based_clients.29.htm - OK
>C:\WINDOWS\system32\cliconf.chm/_helphow_to_verify_that_sql_server_is_listening_on_appletalk_and_can_accept_a_client_connection.htm - OK
>C:\WINDOWS\system32\cliconf.chm/_how_to_add_a_network_protocol_configuration_.28.client_configuration_utility.29.htm - OK
>C:\WINDOWS\system32\cliconf.chm/_how_to_check_the_odbc_sql_server_driver_version_.28.windows_95.2d.based_clients.29.htm - OK
>C:\WINDOWS\system32\cliconf.chm/_how_to_configure_a_client_to_a_nonstandard_network_protocol.htm - OK
>C:\WINDOWS\system32\cliconf.chm/_how_to_configure_a_client_to_use_the_appletalk_network_protocol.htm - OK
>C:\WINDOWS\system32\cliconf.chm/_how_to_configure_a_client_to_use_the_banyan_vines_network_protocol.htm - OK
>C:\WINDOWS\system32\cliconf.chm/_how_to_configure_a_client_to_use_the_nwlink_ipx.2f.spx_network_protocol.htm - OK
>C:\WINDOWS\system32\cliconf.chm/_how_to_configure_a_client_to_use_the_via_network_library_(client_network_utility).htm - OK
>C:\WINDOWS\system32\cliconf.chm/_how_to_create_an_alias_for_a_specific_server_name_to_use_the_multi.2d.protocol_net.2d.library.htm - OK
>C:\WINDOWS\system32\cliconf.chm/_how_to_delete_a_network_protocol_configuration_.28.client_configuration_utility.29.htm - OK
>C:\WINDOWS\system32\cliconf.chm/_how_to_edit_a_network_protocol_configuration_.28.client_configuration_utility.29.htm - OK
>C:\WINDOWS\system32\cliconf.chm/_how_to_set_db.2d.library_conversion_preference.htm - OK
>C:\WINDOWS\system32\cliconf.chm/_how_to_start_the_sql_client_configuration_utility_.28.windows_nt.2d_.or_windows_95.2d_.based_client.29.htm - OK
>C:\WINDOWS\system32\cliconf.chm/_managing_clients.htm - OK
>C:\WINDOWS\system32\cliconf.chm/_multiprotocol_protocol_default_value_setup.htm - OK
>C:\WINDOWS\system32\cliconf.chm/_named_pipes_protocol_default_value_setup.htm - OK
>C:\WINDOWS\system32\cliconf.chm/_nwlink_ipx!spx_protocol_default_value_setup.htm - OK
>C:\WINDOWS\system32\cliconf.chm/_sql_server_2000_copyright_and_disclaimer.htm - OK
>C:\WINDOWS\system32\cliconf.chm/_tcp!ip_protocol_default_value_setup.htm - OK
>C:\WINDOWS\system32\cliconf.chm/_topic_unavailable_in_help.htm - OK
>C:\WINDOWS\system32\cliconf.chm/_via_protocol_default_value_setup.htm - OK
>C:\WINDOWS\system32\cliconf.chm/_what_is_microsoft_sql_server_client_configurationy.htm - OK
>C:\WINDOWS\system32\cliconf.chm/Basics/banner.gif - OK
>C:\WINDOWS\system32\cliconf.chm/Basics/banner2.gif - OK
>C:\WINDOWS\system32\cliconf.chm/Basics/banner_.gif - OK
>C:\WINDOWS\system32\cliconf.chm/Basics/banner_2.gif - OK
>C:\WINDOWS\system32\cliconf.chm/Basics/caution.gif - OK
>C:\WINDOWS\system32\cliconf.chm/Basics/coC.gif - OK
>C:\WINDOWS\system32\cliconf.chm/Basics/coCb.gif - OK
>C:\WINDOWS\system32\cliconf.chm/Basics/coE.gif - OK
>C:\WINDOWS\system32\cliconf.chm/Basics/coEb.gif - OK
>C:\WINDOWS\system32\cliconf.chm/Basics/coUA.css - OK
>C:\WINDOWS\system32\cliconf.chm/Basics/coUA_Ex.css - OK
>C:\WINDOWS\system32\cliconf.chm/Basics/coUA_Print.css - OK
>C:\WINDOWS\system32\cliconf.chm/Basics/elle.gif - OK
>C:\WINDOWS\system32\cliconf.chm/Basics/important.gif - OK
>C:\WINDOWS\system32\cliconf.chm/Basics/keybrd.gif - OK
>C:\WINDOWS\system32\cliconf.chm/Basics/keybrd_.gif - OK
>C:\WINDOWS\system32\cliconf.chm/Basics/keybrd_c.gif - OK
>C:\WINDOWS\system32\cliconf.chm/Basics/mailto.css - OK
>C:\WINDOWS\system32\cliconf.chm/Basics/mailto.gif - OK
>C:\WINDOWS\system32\cliconf.chm/Basics/mailto.js - OK
>C:\WINDOWS\system32\cliconf.chm/Basics/mailto_.gif - OK
>C:\WINDOWS\system32\cliconf.chm/Basics/mailto_c.gif - OK
>C:\WINDOWS\system32\cliconf.chm/Basics/note.gif - OK
>C:\WINDOWS\system32\cliconf.chm/Basics/relglyph.gif - OK
>C:\WINDOWS\system32\cliconf.chm/Basics/relglyph_.gif - OK
>C:\WINDOWS\system32\cliconf.chm/Basics/relglyph_c.gif - OK
>C:\WINDOWS\system32\cliconf.chm/Basics/shared.js - OK
>C:\WINDOWS\system32\cliconf.chm/Basics/shortcutclick.gif - OK
>C:\WINDOWS\system32\cliconf.chm/Basics/shortcutcold.gif - OK
>C:\WINDOWS\system32\cliconf.chm/Basics/shortcuthot.gif - OK
>C:\WINDOWS\system32\cliconf.chm/Basics/spacer.gif - OK
>C:\WINDOWS\system32\cliconf.chm/Basics/vs70.js - OK
>C:\WINDOWS\system32\cliconf.chm/Basics/vs70_5.css - OK
>C:\WINDOWS\system32\cliconf.chm/Basics/vs70link.js - OK
>C:\WINDOWS\system32\cliconf.chm/Basics/warning.gif - OK
>C:\WINDOWS\system32\cliconf.chm/cliconf.hhc - OK
>C:\WINDOWS\system32\cliconf.chm/idh_add_apple.htm - OK
>C:\WINDOWS\system32\cliconf.chm/idh_add_ipxspx1.htm - OK
>C:\WINDOWS\system32\cliconf.chm/idh_add_ipxspx2.htm - OK
>C:\WINDOWS\system32\cliconf.chm/idh_add_multi.htm - OK
>C:\WINDOWS\system32\cliconf.chm/idh_add_namedpipes.htm - OK
>C:\WINDOWS\system32\cliconf.chm/idh_add_others.htm - OK
>C:\WINDOWS\system32\cliconf.chm/idh_add_tcpip.htm - OK
>C:\WINDOWS\system32\cliconf.chm/idh_add_vines.htm - OK
>C:\WINDOWS\system32\cliconf.chm/idh_alias.htm - OK
>C:\WINDOWS\system32\cliconf.chm/idh_dblib.htm - OK
>C:\WINDOWS\system32\cliconf.chm/idh_general.htm - OK
>C:\WINDOWS\system32\cliconf.chm/idh_netlib.htm - OK
C:\WINDOWS\system32\cliconf.chm - OK
C:\WINDOWS\system32\cliconfg.dll - OK
C:\WINDOWS\system32\cliconfg.exe - OK
C:\WINDOWS\system32\cliconfg.rll - OK
C:\WINDOWS\system32\clipbrd.exe - OK
C:\WINDOWS\system32\clipsrv.exe - OK
C:\WINDOWS\system32\clusapi.dll - OK
C:\WINDOWS\system32\cmcfg32.dll - OK
C:\WINDOWS\system32\cmd.exe - OK
C:\WINDOWS\system32\cmdial32.dll - OK
C:\WINDOWS\system32\cmdl32.exe - OK
C:\WINDOWS\system32\cmdlib.wsc - OK
C:\WINDOWS\system32\cmmgr32.hlp - OK
C:\WINDOWS\system32\cmmon32.exe - OK
C:\WINDOWS\system32\cmos.ram - OK
C:\WINDOWS\system32\cmpbk32.dll - OK
C:\WINDOWS\system32\cmprops.dll - OK
C:\WINDOWS\system32\cmsetacl.dll - OK
C:\WINDOWS\system32\cmstp.exe - OK
C:\WINDOWS\system32\cmutil.dll - OK
C:\WINDOWS\system32\cnbjmon.dll - OK
C:\WINDOWS\system32\cnetcfg.dll - OK
C:\WINDOWS\system32\cnvfat.dll - OK
C:\WINDOWS\system32\colbact.dll - OK
C:\WINDOWS\system32\comaddin.dll - OK
C:\WINDOWS\system32\comcat.dll - OK
C:\WINDOWS\system32\comct232.ocx - OK
C:\WINDOWS\system32\comct332.ocx - OK
C:\WINDOWS\system32\comctl32.dll - OK
C:\WINDOWS\system32\COMCTL32.OCA - OK
C:\WINDOWS\system32\comctl32.ocx - OK
C:\WINDOWS\system32\comdlg32.dll - OK
C:\WINDOWS\system32\COMDLG32.OCA - OK
C:\WINDOWS\system32\comdlg32.ocx - OK
C:\WINDOWS\system32\comm.drv - OK
C:\WINDOWS\system32\command.com - OK
C:\WINDOWS\system32\commdlg.dll - OK
C:\WINDOWS\system32\comp.exe - OK
C:\WINDOWS\system32\compact.exe - OK
C:\WINDOWS\system32\compatui.dll - archive BINARYRES
>C:\WINDOWS\system32\compatui.dll/data001 - OK
>C:\WINDOWS\system32\compatui.dll/data002 - archive HTML
>>C:\WINDOWS\system32\compatui.dll/data002/javascript.0 - OK
>C:\WINDOWS\system32\compatui.dll/data002 - OK
C:\WINDOWS\system32\compatui.dll - OK
C:\WINDOWS\system32\compmgmt.msc - OK
C:\WINDOWS\system32\compobj.dll - OK
C:\WINDOWS\system32\compstui.dll - OK
C:\WINDOWS\system32\comrepl.dll - OK
C:\WINDOWS\system32\comres.dll - OK
C:\WINDOWS\system32\comsdupd.exe - OK
C:\WINDOWS\system32\comsnap.dll - OK
C:\WINDOWS\system32\comsvcs.dll - OK
C:\WINDOWS\system32\comuid.dll - OK
C:\WINDOWS\system32\CONFIG.NT - OK
C:\WINDOWS\system32\confmsp.dll - OK
C:\WINDOWS\system32\conime.exe - OK
C:\WINDOWS\system32\console.dll - OK
C:\WINDOWS\system32\control.exe - OK
C:\WINDOWS\system32\convert.exe - OK
C:\WINDOWS\system32\corpol.dll - OK
C:\WINDOWS\system32\country.sys - OK
C:\WINDOWS\system32\credssp.dll - OK
C:\WINDOWS\system32\credui.dll - OK
C:\WINDOWS\system32\crtdll.dll - OK
C:\WINDOWS\system32\crypt32.dll - OK
C:\WINDOWS\system32\cryptdlg.dll - OK
C:\WINDOWS\system32\cryptdll.dll - OK
C:\WINDOWS\system32\cryptext.dll - OK
C:\WINDOWS\system32\cryptnet.dll - OK
C:\WINDOWS\system32\cryptsvc.dll - OK
C:\WINDOWS\system32\cryptui.dll - OK
C:\WINDOWS\system32\cscdll.dll - OK
C:\WINDOWS\system32\cscript.exe - OK
C:\WINDOWS\system32\cscui.dll - OK
C:\WINDOWS\system32\csrsrv.dll - OK
C:\WINDOWS\system32\csrss.exe - OK
C:\WINDOWS\system32\csseqchk.dll - OK
C:\WINDOWS\system32\ctfmon.exe - OK
C:\WINDOWS\system32\ctl3d32.dll - OK
C:\WINDOWS\system32\ctl3dv2.dll - OK
C:\WINDOWS\system32\ctype.nls - OK
C:\WINDOWS\system32\c_037.nls - OK
C:\WINDOWS\system32\c_10000.nls - OK
C:\WINDOWS\system32\c_10006.nls - OK
C:\WINDOWS\system32\c_10007.nls - OK
C:\WINDOWS\system32\c_10010.nls - OK
C:\WINDOWS\system32\c_10017.nls - OK
C:\WINDOWS\system32\c_10029.nls - OK
C:\WINDOWS\system32\c_10079.nls - OK
C:\WINDOWS\system32\c_10081.nls - OK
C:\WINDOWS\system32\c_10082.nls - OK
C:\WINDOWS\system32\c_1026.nls - OK
C:\WINDOWS\system32\c_1250.nls - OK
C:\WINDOWS\system32\c_1251.nls - OK
C:\WINDOWS\system32\c_1252.nls - OK
C:\WINDOWS\system32\c_1253.nls - OK
C:\WINDOWS\system32\c_1254.nls - OK
C:\WINDOWS\system32\c_1255.nls - OK
C:\WINDOWS\system32\c_1256.nls - OK
C:\WINDOWS\system32\c_1257.nls - OK
C:\WINDOWS\system32\c_1258.nls - OK
C:\WINDOWS\system32\c_20127.nls - OK
C:\WINDOWS\system32\c_20261.nls - OK
C:\WINDOWS\system32\c_20866.nls - OK
C:\WINDOWS\system32\c_20905.nls - OK
C:\WINDOWS\system32\c_21866.nls - OK
C:\WINDOWS\system32\c_28591.nls - OK
C:\WINDOWS\system32\c_28592.nls - OK
C:\WINDOWS\system32\c_28593.nls - OK
C:\WINDOWS\system32\C_28594.NLS - OK
C:\WINDOWS\system32\C_28595.NLS - OK
C:\WINDOWS\system32\C_28597.NLS - OK
C:\WINDOWS\system32\c_28598.nls - OK
C:\WINDOWS\system32\c_28599.nls - OK
C:\WINDOWS\system32\c_28603.nls - OK
C:\WINDOWS\system32\c_28605.nls - OK
C:\WINDOWS\system32\c_437.nls - OK
C:\WINDOWS\system32\c_500.nls - OK
C:\WINDOWS\system32\c_737.nls - OK
C:\WINDOWS\system32\c_775.nls - OK
C:\WINDOWS\system32\c_850.nls - OK
C:\WINDOWS\system32\c_852.nls - OK
C:\WINDOWS\system32\c_855.nls - OK
C:\WINDOWS\system32\c_857.nls - OK
C:\WINDOWS\system32\c_860.nls - OK
C:\WINDOWS\system32\c_861.nls - OK
C:\WINDOWS\system32\c_863.nls - OK
C:\WINDOWS\system32\c_865.nls - OK
C:\WINDOWS\system32\c_866.nls - OK
C:\WINDOWS\system32\c_869.nls - OK
C:\WINDOWS\system32\c_874.nls - OK
C:\WINDOWS\system32\c_875.nls - OK
C:\WINDOWS\system32\c_932.nls - OK
C:\WINDOWS\system32\c_936.nls - OK
C:\WINDOWS\system32\c_949.nls - OK
C:\WINDOWS\system32\c_950.nls - OK
C:\WINDOWS\system32\d3d8.dll - OK
C:\WINDOWS\system32\d3d8thk.dll - OK
C:\WINDOWS\system32\d3d9.dll - OK
C:\WINDOWS\system32\d3dim.dll - OK
C:\WINDOWS\system32\d3dim700.dll - OK
C:\WINDOWS\system32\d3dpmesh.dll - OK
C:\WINDOWS\system32\d3dramp.dll - OK
C:\WINDOWS\system32\d3drm.dll - OK
C:\WINDOWS\system32\D3DX81ab.dll - OK
C:\WINDOWS\system32\d3dx9.dll - OK
C:\WINDOWS\system32\d3dx9_30.dll - OK
C:\WINDOWS\system32\d3dxof.dll - OK
C:\WINDOWS\system32\danim.dll - OK
C:\WINDOWS\system32\dataclen.dll - OK
C:\WINDOWS\system32\datime.dll - OK
C:\WINDOWS\system32\davclnt.dll - OK
C:\WINDOWS\system32\daxctle.ocx - OK
C:\WINDOWS\system32\dbgeng.dll - OK
C:\WINDOWS\system32\dbghelp.dll - OK
C:\WINDOWS\system32\dbmsrpcn.dll - OK
C:\WINDOWS\system32\dbnetlib.dll - OK
C:\WINDOWS\system32\dbnmpntw.dll - OK
C:\WINDOWS\system32\dcache.bin - OK
C:\WINDOWS\system32\dciman32.dll - OK
C:\WINDOWS\system32\dcomcnfg.exe - OK
C:\WINDOWS\system32\DDAO36.DLL - OK
C:\WINDOWS\system32\ddeml.dll - OK
C:\WINDOWS\system32\ddeshare.exe - OK
C:\WINDOWS\system32\ddraw.dll - OK
C:\WINDOWS\system32\ddrawex.dll - OK
C:\WINDOWS\system32\debug.exe packed by EXEPACK
>C:\WINDOWS\system32\debug.exe - OK
C:\WINDOWS\system32\defrag.exe - OK
C:\WINDOWS\system32\deploytk.dll - OK
C:\WINDOWS\system32\desk.cpl - OK
C:\WINDOWS\system32\deskadp.dll - OK
C:\WINDOWS\system32\deskmon.dll - OK
C:\WINDOWS\system32\deskperf.dll - OK
C:\WINDOWS\system32\desktop.ini - OK
C:\WINDOWS\system32\devenum.dll - OK
C:\WINDOWS\system32\devil.dll - OK
C:\WINDOWS\system32\devmgmt.msc - OK
C:\WINDOWS\system32\devmgr.dll - OK
C:\WINDOWS\system32\dfrg.msc - OK
C:\WINDOWS\system32\dfrgfat.exe - OK
C:\WINDOWS\system32\dfrgntfs.exe - OK
C:\WINDOWS\system32\dfrgres.dll - archive BINARYRES
>C:\WINDOWS\system32\dfrgres.dll/data001 - OK
C:\WINDOWS\system32\dfrgres.dll - OK
C:\WINDOWS\system32\dfrgsnap.dll - OK
C:\WINDOWS\system32\dfrgui.dll - OK
C:\WINDOWS\system32\dfshim.dll - OK
C:\WINDOWS\system32\dfsshlex.dll - OK
C:\WINDOWS\system32\dgnet.dll - OK
C:\WINDOWS\system32\dgrpsetu.dll - OK
C:\WINDOWS\system32\dgsetup.dll - OK
C:\WINDOWS\system32\dhcpcsvc.dll - OK
C:\WINDOWS\system32\dhcpmon.dll - OK
C:\WINDOWS\system32\dhcpqec.dll - OK
C:\WINDOWS\system32\dhcpsapi.dll - OK
C:\WINDOWS\system32\diactfrm.dll - OK
C:\WINDOWS\system32\diantz.exe - OK
C:\WINDOWS\system32\digest.dll - OK
C:\WINDOWS\system32\dimap.dll - OK
C:\WINDOWS\system32\dimsntfy.dll - OK
C:\WINDOWS\system32\dimsroam.dll - OK
C:\WINDOWS\system32\dinput.dll - OK
C:\WINDOWS\system32\dinput8.dll - OK
C:\WINDOWS\system32\dir.txt - OK
C:\WINDOWS\system32\diskcomp.com - OK
C:\WINDOWS\system32\diskcopy.com - OK
C:\WINDOWS\system32\diskcopy.dll - OK
C:\WINDOWS\system32\diskmgmt.msc - OK
C:\WINDOWS\system32\diskpart.exe - OK
C:\WINDOWS\system32\diskperf.exe - OK
C:\WINDOWS\system32\dispex.dll - OK
C:\WINDOWS\system32\DivX.dll packed by PECOMPACT
>C:\WINDOWS\system32\DivX.dll - OK
C:\WINDOWS\system32\DivXControlPanelApplet.cpl - OK
C:\WINDOWS\system32\divx_xx07.dll - OK
C:\WINDOWS\system32\divx_xx0a.dll - OK
C:\WINDOWS\system32\divx_xx0c.dll - OK
C:\WINDOWS\system32\divx_xx11.dll - OK
C:\WINDOWS\system32\divx_xx16.dll - OK
C:\WINDOWS\system32\dllhost.exe - OK
C:\WINDOWS\system32\dllhst3g.exe - OK
C:\WINDOWS\system32\dmadmin.exe - OK
C:\WINDOWS\system32\dmband.dll - OK
C:\WINDOWS\system32\dmcompos.dll - OK
C:\WINDOWS\system32\dmconfig.dll - OK
C:\WINDOWS\system32\dmdlgs.dll - OK
C:\WINDOWS\system32\dmdskmgr.dll - OK
C:\WINDOWS\system32\dmdskres.dll - OK
C:\WINDOWS\system32\dmime.dll - OK
C:\WINDOWS\system32\dmintf.dll - OK
C:\WINDOWS\system32\dmloader.dll - OK
C:\WINDOWS\system32\dmocx.dll - OK
C:\WINDOWS\system32\dmremote.exe - OK
C:\WINDOWS\system32\dmscript.dll - OK
C:\WINDOWS\system32\dmserver.dll - OK
C:\WINDOWS\system32\dmstyle.dll - OK
C:\WINDOWS\system32\dmsynth.dll - OK
C:\WINDOWS\system32\dmusic.dll - OK
C:\WINDOWS\system32\dmutil.dll - OK
C:\WINDOWS\system32\dmview.ocx - OK
C:\WINDOWS\system32\dns-sd.exe - OK
C:\WINDOWS\system32\dnsapi.dll - OK
C:\WINDOWS\system32\dnsrslvr.dll - OK
C:\WINDOWS\system32\dnssd.dll - OK
C:\WINDOWS\system32\docprop.dll - OK
C:\WINDOWS\system32\docprop2.dll - OK
C:\WINDOWS\system32\doskey.exe - OK
C:\WINDOWS\system32\dosx.exe - OK
C:\WINDOWS\system32\dot3api.dll - OK
C:\WINDOWS\system32\dot3cfg.dll - OK
C:\WINDOWS\system32\dot3dlg.dll - OK
C:\WINDOWS\system32\dot3gpclnt.dll - OK
C:\WINDOWS\system32\dot3msm.dll - OK
C:\WINDOWS\system32\dot3svc.dll - OK
C:\WINDOWS\system32\dot3ui.dll - OK
C:\WINDOWS\system32\dpcdll.dll - OK
C:\WINDOWS\system32\dpl100.dll - OK
C:\WINDOWS\system32\dplay.dll - OK
C:\WINDOWS\system32\dplaysvr.exe - OK
C:\WINDOWS\system32\dplayx.dll - OK
C:\WINDOWS\system32\dpmodemx.dll - OK
C:\WINDOWS\system32\dpnaddr.dll - OK
C:\WINDOWS\system32\dpnet.dll - OK
C:\WINDOWS\system32\dpnhpast.dll - OK
C:\WINDOWS\system32\dpnhupnp.dll - OK
C:\WINDOWS\system32\dpnlobby.dll - OK
C:\WINDOWS\system32\dpnmodem.dll - OK
C:\WINDOWS\system32\dpnsvr.exe - OK
C:\WINDOWS\system32\dpnwsock.dll - OK
C:\WINDOWS\system32\dpserial.dll - OK
C:\WINDOWS\system32\dpvacm.dll - OK
C:\WINDOWS\system32\dpvoice.dll - OK
C:\WINDOWS\system32\dpvsetup.exe - OK
C:\WINDOWS\system32\dpvvox.dll - OK
C:\WINDOWS\system32\dpwsock.dll - OK
C:\WINDOWS\system32\dpwsockx.dll - OK
C:\WINDOWS\system32\driverquery.exe - OK
C:\WINDOWS\system32\drmclien.dll - OK
C:\WINDOWS\system32\drmstor.dll - OK
C:\WINDOWS\system32\drmupgds.exe packed by FLY-CODE
>C:\WINDOWS\system32\drmupgds.exe - OK
C:\WINDOWS\system32\drmv2clt.dll - archive BINARYRES
>C:\WINDOWS\system32\drmv2clt.dll/data001 - archive HTML
>>C:\WINDOWS\system32\drmv2clt.dll/data001/JavaScript.0 - OK
>C:\WINDOWS\system32\drmv2clt.dll/data001 - OK
C:\WINDOWS\system32\drmv2clt.dll - OK
C:\WINDOWS\system32\drprov.dll - OK
C:\WINDOWS\system32\drvins64.exe - OK
C:\WINDOWS\system32\drwatson.exe - OK
C:\WINDOWS\system32\drwtsn32.exe - OK
C:\WINDOWS\system32\ds16gt.dLL - OK
C:\WINDOWS\system32\ds32gt.dll - OK
C:\WINDOWS\system32\dsauth.dll - OK
C:\WINDOWS\system32\dsdmo.dll - OK
C:\WINDOWS\system32\dsdmoprp.dll - OK
C:\WINDOWS\system32\dskquota.dll - OK
C:\WINDOWS\system32\dskquoui.dll - OK
C:\WINDOWS\system32\dsound.dll - OK
C:\WINDOWS\system32\dsound.vxd - OK
C:\WINDOWS\system32\dsound3d.dll - OK
C:\WINDOWS\system32\dsprop.dll - OK
C:\WINDOWS\system32\dsprpres.dll - OK
C:\WINDOWS\system32\dsquery.dll - OK
C:\WINDOWS\system32\dssec.dat - OK
C:\WINDOWS\system32\dssec.dll - OK
C:\WINDOWS\system32\dssenh.dll - OK
C:\WINDOWS\system32\dsuiext.dll - OK
C:\WINDOWS\system32\dswave.dll - OK
C:\WINDOWS\system32\dumprep.exe - OK
C:\WINDOWS\system32\duser.dll - OK
C:\WINDOWS\system32\dvdplay.exe - OK
C:\WINDOWS\system32\dvdupgrd.exe - OK
C:\WINDOWS\system32\dwwin.exe - OK
C:\WINDOWS\system32\dx7vb.dll - OK
C:\WINDOWS\system32\dx8vb.dll - OK
C:\WINDOWS\system32\dxdiag.exe - OK
C:\WINDOWS\system32\dxdiagn.dll - OK
C:\WINDOWS\system32\dxmasf.dll - OK
C:\WINDOWS\system32\dxtmsft.dll - OK
C:\WINDOWS\system32\dxtrans.dll - OK
C:\WINDOWS\system32\dxva2.dll - OK
C:\WINDOWS\system32\eapolqec.dll - OK
C:\WINDOWS\system32\eapp3hst.dll - OK
C:\WINDOWS\system32\eappcfg.dll - OK
C:\WINDOWS\system32\eappgnui.dll - OK
C:\WINDOWS\system32\eapphost.dll - OK
C:\WINDOWS\system32\eappprxy.dll - OK
C:\WINDOWS\system32\eapqec.dll - OK
C:\WINDOWS\system32\eapsvc.dll - OK
C:\WINDOWS\system32\edit.com packed by EXEPACK
>C:\WINDOWS\system32\edit.com - OK
C:\WINDOWS\system32\edit.hlp - OK
C:\WINDOWS\system32\edlin.exe packed by EXEPACK
>C:\WINDOWS\system32\edlin.exe - OK
C:\WINDOWS\system32\efsadu.dll - OK
C:\WINDOWS\system32\ega.cpi - OK
C:\WINDOWS\system32\els.dll - OK
C:\WINDOWS\system32\EMDAZ32.DLL - OK
C:\WINDOWS\system32\EMLCNS32.DLL - OK
C:\WINDOWS\system32\emptyregdb.dat - OK
C:\WINDOWS\system32\encapi.dll - OK
C:\WINDOWS\system32\encdec.dll - OK
C:\WINDOWS\system32\enceula.txt - OK
C:\WINDOWS\system32\encread.txt - OK
C:\WINDOWS\system32\EqnClass.Dll - OK
C:\WINDOWS\system32\ersvc.dll - OK
C:\WINDOWS\system32\es.dll - OK
C:\WINDOWS\system32\esent.dll - OK
C:\WINDOWS\system32\esent97.dll - OK
C:\WINDOWS\system32\esentprf.dll - OK
C:\WINDOWS\system32\esentprf.hxx - OK
C:\WINDOWS\system32\esentprf.ini - OK
C:\WINDOWS\system32\esentutl.exe - OK
C:\WINDOWS\system32\eudcedit.exe - OK
C:\WINDOWS\system32\eula.txt - OK
C:\WINDOWS\system32\eventcls.dll - OK
C:\WINDOWS\system32\eventcreate.exe - OK
C:\WINDOWS\system32\eventlog.dll - OK
C:\WINDOWS\system32\eventquery.vbs - OK
C:\WINDOWS\system32\eventtriggers.exe - OK
C:\WINDOWS\system32\eventvwr.exe - OK
C:\WINDOWS\system32\eventvwr.msc - OK
C:\WINDOWS\system32\evr.dll - OK
C:\WINDOWS\system32\exe2bin.exe packed by EXEPACK
>C:\WINDOWS\system32\exe2bin.exe - OK
C:\WINDOWS\system32\expand.exe packed by BINARYRES
>C:\WINDOWS\system32\expand.exe packed by MS COMPRESS
>>C:\WINDOWS\system32\expand.exe - OK
C:\WINDOWS\system32\expsrv.dll - OK
C:\WINDOWS\system32\EXSEC32.DLL - OK
C:\WINDOWS\system32\extmgr.dll - OK
C:\WINDOWS\system32\extrac32.exe - OK
C:\WINDOWS\system32\exts.dll - OK
C:\WINDOWS\system32\fastopen.exe packed by EXEPACK
>C:\WINDOWS\system32\fastopen.exe packed by COM2EXE
>>C:\WINDOWS\system32\fastopen.exe - OK
C:\WINDOWS\system32\faultrep.dll - OK
C:\WINDOWS\system32\faxpatch.exe - OK
C:\WINDOWS\system32\fc.exe - OK
C:\WINDOWS\system32\fde.dll - OK
C:\WINDOWS\system32\fdeploy.dll - OK
C:\WINDOWS\system32\feclient.dll - OK
C:\WINDOWS\system32\ff_vfw.dll - OK
C:\WINDOWS\system32\ff_vfw.dll.manifest - OK
C:\WINDOWS\system32\filemgmt.dll - OK
C:\WINDOWS\system32\find.exe - OK
C:\WINDOWS\system32\findstr.exe - OK
C:\WINDOWS\system32\finger.exe - OK
C:\WINDOWS\system32\firewall.cpl - OK
C:\WINDOWS\system32\fixmapi.exe - OK
C:\WINDOWS\system32\fldrclnr.dll - OK
C:\WINDOWS\system32\fltlib.dll - OK
C:\WINDOWS\system32\fltmc.exe - OK
C:\WINDOWS\system32\FM20.DLL - OK
C:\WINDOWS\system32\FM20ENU.DLL - OK
C:\WINDOWS\system32\fmifs.dll - OK
C:\WINDOWS\system32\FNTCACHE.DAT - OK
C:\WINDOWS\system32\fontext.dll - archive BINARYRES
>C:\WINDOWS\system32\fontext.dll/data001 packed by MS COMPRESS
>>C:\WINDOWS\system32\fontext.dll/data001 - OK
>C:\WINDOWS\system32\fontext.dll/data002 packed by MS COMPRESS
>>C:\WINDOWS\system32\fontext.dll/data002 - OK
C:\WINDOWS\system32\fontext.dll - OK
C:\WINDOWS\system32\fontsub.dll - OK
C:\WINDOWS\system32\fontview.exe - OK
C:\WINDOWS\system32\forcedos.exe - OK
C:\WINDOWS\system32\format.com - OK
C:\WINDOWS\system32\framebuf.dll - OK
C:\WINDOWS\system32\freecell.exe - OK
C:\WINDOWS\system32\fsmgmt.msc - OK
C:\WINDOWS\system32\fsquirt.exe - OK
C:\WINDOWS\system32\fsusd.dll - OK
C:\WINDOWS\system32\fsutil.exe - OK
C:\WINDOWS\system32\ftp.exe - OK
C:\WINDOWS\system32\ftsrch.dll - OK
C:\WINDOWS\system32\fwcfg.dll - OK
C:\WINDOWS\system32\g711codc.ax - OK
C:\WINDOWS\system32\gb2312.uce - OK
C:\WINDOWS\system32\gcdef.dll - OK
C:\WINDOWS\system32\gdi.exe - OK
C:\WINDOWS\system32\gdi32.dll - OK
C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT - OK
C:\WINDOWS\system32\GdiPlus.dll - OK
C:\WINDOWS\system32\GEARAspi.dll - OK
C:\WINDOWS\system32\geo.nls - OK
C:\WINDOWS\system32\getmac.exe - OK
C:\WINDOWS\system32\getuname.dll - OK
C:\WINDOWS\system32\glmf32.dll - OK
C:\WINDOWS\system32\glu32.dll - OK
C:\WINDOWS\system32\gpedit.dll - OK
C:\WINDOWS\system32\gpedit.msc - OK
C:\WINDOWS\system32\gpkcsp.dll - OK
C:\WINDOWS\system32\gpkrsrc.dll - OK
C:\WINDOWS\system32\gpresult.exe - OK
C:\WINDOWS\system32\gptext.dll - OK
C:\WINDOWS\system32\gpupdate.exe - OK
C:\WINDOWS\system32\graftabl.com - OK
C:\WINDOWS\system32\graphics.com - OK
C:\WINDOWS\system32\graphics.pro - OK
C:\WINDOWS\system32\grpconv.exe - OK
C:\WINDOWS\system32\h323.tsp - OK
C:\WINDOWS\system32\h323log.txt - OK
C:\WINDOWS\system32\h323msp.dll - OK
C:\WINDOWS\system32\HAL.DLL - OK
C:\WINDOWS\system32\hccoin.dll - OK
C:\WINDOWS\system32\hdwwiz.cpl - OK
C:\WINDOWS\system32\help.exe - OK
C:\WINDOWS\system32\hhctrl.ocx - OK
C:\WINDOWS\system32\hhsetup.dll - OK
C:\WINDOWS\system32\hid.dll - OK
C:\WINDOWS\system32\hidphone.tsp - OK
C:\WINDOWS\system32\hidserv.dll - OK
C:\WINDOWS\system32\himem.sys - OK
C:\WINDOWS\system32\hlink.dll - OK
C:\WINDOWS\system32\hnetcfg.dll - OK
C:\WINDOWS\system32\hnetmon.dll - OK
C:\WINDOWS\system32\hnetwiz.dll - OK
C:\WINDOWS\system32\homepage.inf - OK
C:\WINDOWS\system32\hostname.exe - OK
C:\WINDOWS\system32\hotplug.dll - OK
C:\WINDOWS\system32\HSFCI008.dll - OK
C:\WINDOWS\system32\hsfcisp2.dll - OK
C:\WINDOWS\system32\hticons.dll - OK
C:\WINDOWS\system32\html.iec packed by PESTUB
>C:\WINDOWS\system32\html.iec - OK
C:\WINDOWS\system32\httpapi.dll - OK
C:\WINDOWS\system32\htui.dll - OK
C:\WINDOWS\system32\hypertrm.dll - OK
C:\WINDOWS\system32\iac25_32.ax - OK
C:\WINDOWS\system32\iasacct.dll - OK
C:\WINDOWS\system32\iasads.dll - OK
C:\WINDOWS\system32\iashlpr.dll - OK
C:\WINDOWS\system32\iasnap.dll - OK
C:\WINDOWS\system32\iaspolcy.dll - OK
C:\WINDOWS\system32\iasrad.dll - OK
C:\WINDOWS\system32\iasrecst.dll - OK
C:\WINDOWS\system32\iassam.dll - OK
C:\WINDOWS\system32\iassdo.dll - OK
C:\WINDOWS\system32\iassvcs.dll - OK
C:\WINDOWS\system32\icaapi.dll - OK
C:\WINDOWS\system32\icardagt.exe - OK
C:\WINDOWS\system32\icardie.dll - OK
C:\WINDOWS\system32\icardres.dll - OK
C:\WINDOWS\system32\icardres.dll.mui - archive BINARYRES
>C:\WINDOWS\system32\icardres.dll.mui/data001 - OK
>C:\WINDOWS\system32\icardres.dll.mui/data002 - OK
>C:\WINDOWS\system32\icardres.dll.mui/data003 - OK
>C:\WINDOWS\system32\icardres.dll.mui/data004 - OK
>C:\WINDOWS\system32\icardres.dll.mui/data005 - OK
>C:\WINDOWS\system32\icardres.dll.mui/data006 - OK
>C:\WINDOWS\system32\icardres.dll.mui/data007 - OK
>C:\WINDOWS\system32\icardres.dll.mui/data008 - OK
>C:\WINDOWS\system32\icardres.dll.mui/data009 - OK
>C:\WINDOWS\system32\icardres.dll.mui/data010 - OK
C:\WINDOWS\system32\icardres.dll.mui - OK
C:\WINDOWS\system32\iccvid.dll - OK
C:\WINDOWS\system32\icfgnt5.dll - OK
C:\WINDOWS\system32\icm32.dll - OK
C:\WINDOWS\system32\icmp.dll - OK
C:\WINDOWS\system32\icmui.dll - OK
C:\WINDOWS\system32\icrav03.rat - OK
C:\WINDOWS\system32\icwdial.dll - OK
C:\WINDOWS\system32\icwphbk.dll - OK
C:\WINDOWS\system32\ideograf.uce - OK
C:\WINDOWS\system32\idndl.dll - OK
C:\WINDOWS\system32\idq.dll - OK
C:\WINDOWS\system32\ie4uinit.exe - OK
C:\WINDOWS\system32\ie4uinit.exe.mui - OK
C:\WINDOWS\system32\IE7Eula.rtf - OK
C:\WINDOWS\system32\IE8Eula.rtf - OK
C:\WINDOWS\system32\ieakeng.dll - OK
C:\WINDOWS\system32\ieaksie.dll - OK
C:\WINDOWS\system32\ieakui.dll - OK
C:\WINDOWS\system32\ieapfltr.dat - OK
C:\WINDOWS\system32\ieapfltr.dll - OK
C:\WINDOWS\system32\iedkcs32.dll - OK
C:\WINDOWS\system32\iedkcs32.dll.mui - OK
C:\WINDOWS\system32\ieframe.dll - OK
C:\WINDOWS\system32\ieframe.dll.mui - OK
C:\WINDOWS\system32\iepeers(2).dll - OK
C:\WINDOWS\system32\iepeers.dll - OK
C:\WINDOWS\system32\iernonce.dll - OK
C:\WINDOWS\system32\iertutil.dll - OK
C:\WINDOWS\system32\iesetup.dll - OK
C:\WINDOWS\system32\ieudinit.exe - OK
C:\WINDOWS\system32\ieui.dll - OK
C:\WINDOWS\system32\ieuinit.inf - OK
C:\WINDOWS\system32\iexpress.exe - OK
C:\WINDOWS\system32\ifmon.dll - OK
C:\WINDOWS\system32\ifsutil.dll - OK
C:\WINDOWS\system32\igmpagnt.dll - OK
C:\WINDOWS\system32\iissuba.dll - OK
C:\WINDOWS\system32\ils.dll - OK
C:\WINDOWS\system32\imaadp32.acm - OK
C:\WINDOWS\system32\imagehlp.dll - OK
C:\WINDOWS\system32\imapi.exe - OK
C:\WINDOWS\system32\imeshare.dll - OK
C:\WINDOWS\system32\imgutil.dll - OK
C:\WINDOWS\system32\imm32.dll - OK
C:\WINDOWS\system32\IMMC.EXE - archive CAB
C:\WINDOWS\system32\inetcfg.dll - OK
C:\WINDOWS\system32\inetcomm.dll - OK
C:\WINDOWS\system32\inetcpl.cpl - OK
C:\WINDOWS\system32\inetcplc.dll - OK
C:\WINDOWS\system32\inetmib1.dll - OK
C:\WINDOWS\system32\inetpp.dll - OK
C:\WINDOWS\system32\inetppui.dll - OK
C:\WINDOWS\system32\inetres.dll - archive BINARYRES
>C:\WINDOWS\system32\inetres.dll/data001 - archive HTML
>>C:\WINDOWS\system32\inetres.dll/data001/JavaScript.0 - OK
>C:\WINDOWS\system32\inetres.dll/data001 - OK
C:\WINDOWS\system32\inetres.dll - OK
C:\WINDOWS\system32\infocardapi.dll - OK
C:\WINDOWS\system32\infocardcpl.cpl - OK
C:\WINDOWS\system32\infosoft.dll - OK
C:\WINDOWS\system32\initpki.dll - OK
C:\WINDOWS\system32\input.dll - OK
C:\WINDOWS\system32\inseng.dll - OK
C:\WINDOWS\system32\instcat.sql - OK
C:\WINDOWS\system32\intl.cpl - OK
C:\WINDOWS\system32\iologmsg.dll - OK
C:\WINDOWS\system32\ipconf.tsp - OK
C:\WINDOWS\system32\ipconfig.exe - OK
C:\WINDOWS\system32\iphlpapi.dll - OK
C:\WINDOWS\system32\ipmontr.dll - OK
C:\WINDOWS\system32\ipnathlp.dll - OK
C:\WINDOWS\system32\ippromon.dll - OK
C:\WINDOWS\system32\iprop.dll - OK
C:\WINDOWS\system32\iprtprio.dll - OK
C:\WINDOWS\system32\iprtrmgr.dll - OK
C:\WINDOWS\system32\ipsec6.exe - OK
C:\WINDOWS\system32\ipsecsnp.dll - OK
C:\WINDOWS\system32\ipsecsvc.dll - OK
C:\WINDOWS\system32\ipsmsnap.dll - OK
C:\WINDOWS\system32\ipv6.exe - OK
C:\WINDOWS\system32\ipv6mon.dll - OK
C:\WINDOWS\system32\ipxmontr.dll - OK
C:\WINDOWS\system32\ipxpromn.dll - OK
C:\WINDOWS\system32\ipxrip.dll - OK
C:\WINDOWS\system32\ipxroute.exe - OK
C:\WINDOWS\system32\ipxrtmgr.dll - OK
C:\WINDOWS\system32\ipxsap.dll - OK
C:\WINDOWS\system32\ipxwan.dll - OK
C:\WINDOWS\system32\ir32_32.dll - OK
C:\WINDOWS\system32\ir41_32.ax - OK
C:\WINDOWS\system32\ir41_qc.dll - OK
C:\WINDOWS\system32\ir41_qcx.dll - OK
C:\WINDOWS\system32\ir50_32.dll - OK
C:\WINDOWS\system32\ir50_qc.dll - OK
C:\WINDOWS\system32\ir50_qcx.dll - OK
C:\WINDOWS\system32\irclass.dll - OK
C:\WINDOWS\system32\irprops.cpl - OK
C:\WINDOWS\system32\isign32.dll - OK
C:\WINDOWS\system32\isrdbg32.dll - OK
C:\WINDOWS\system32\ISUSPM.cpl - OK
C:\WINDOWS\system32\itircl.dll - OK
C:\WINDOWS\system32\itss.dll - OK
C:\WINDOWS\system32\iuengine.dll - OK
C:\WINDOWS\system32\ivfsrc.ax - OK
C:\WINDOWS\system32\ixsso.dll - OK
C:\WINDOWS\system32\iyuv_32.dll - OK
C:\WINDOWS\system32\java.exe - OK
C:\WINDOWS\system32\javacpl.cpl - OK
C:\WINDOWS\system32\javaw.exe - OK
C:\WINDOWS\system32\javaws.exe - OK
C:\WINDOWS\system32\jet500.dll - OK
C:\WINDOWS\system32\jgaw400.dll - OK
C:\WINDOWS\system32\jgdw400.dll - OK
C:\WINDOWS\system32\jgmd400.dll - OK
C:\WINDOWS\system32\jgpl400.dll - OK
C:\WINDOWS\system32\jgsd400.dll - OK
C:\WINDOWS\system32\jgsh400.dll - OK
C:\WINDOWS\system32\jobexec.dll - OK
C:\WINDOWS\system32\joy.cpl - OK
C:\WINDOWS\system32\jscript(2).dll - OK
C:\WINDOWS\system32\jscript.dll - OK
C:\WINDOWS\system32\jsproxy.dll - OK
C:\WINDOWS\system32\kanji_1.uce - OK
C:\WINDOWS\system32\kanji_2.uce - OK
C:\WINDOWS\system32\kb16.com - OK
C:\WINDOWS\system32\KBDAL.DLL - OK
C:\WINDOWS\system32\kbdaze.dll - OK
C:\WINDOWS\system32\kbdazel.dll - OK
C:\WINDOWS\system32\kbdbe.dll - OK
C:\WINDOWS\system32\kbdbene.dll - OK
C:\WINDOWS\system32\kbdbhc.dll - OK
C:\WINDOWS\system32\kbdblr.dll - OK
C:\WINDOWS\system32\kbdbr.dll - OK
C:\WINDOWS\system32\kbdbu.dll - OK
C:\WINDOWS\system32\kbdca.dll - OK
C:\WINDOWS\system32\kbdcan.dll - OK
C:\WINDOWS\system32\kbdcr.dll - OK
C:\WINDOWS\system32\kbdcz.dll - OK
C:\WINDOWS\system32\kbdcz1.dll - OK
C:\WINDOWS\system32\kbdcz2.dll - OK
C:\WINDOWS\system32\kbdda.dll - OK
C:\WINDOWS\system32\kbddv.dll - OK
C:\WINDOWS\system32\kbdes.dll - OK
C:\WINDOWS\system32\kbdest.dll - OK
C:\WINDOWS\system32\kbdfc.dll - OK
C:\WINDOWS\system32\kbdfi.dll - OK
C:\WINDOWS\system32\kbdfi1.dll - OK
C:\WINDOWS\system32\kbdfo.dll - OK
C:\WINDOWS\system32\kbdfr.dll - OK
C:\WINDOWS\system32\kbdgae.dll - OK
C:\WINDOWS\system32\kbdgkl.dll - OK
C:\WINDOWS\system32\kbdgr.dll - OK
C:\WINDOWS\system32\kbdgr1.dll - OK
C:\WINDOWS\system32\kbdhe.dll - OK
C:\WINDOWS\system32\kbdhe220.dll - OK
C:\WINDOWS\system32\kbdhe319.dll - OK
C:\WINDOWS\system32\kbdhela2.dll - OK
C:\WINDOWS\system32\kbdhela3.dll - OK
C:\WINDOWS\system32\kbdhept.dll - OK
C:\WINDOWS\system32\kbdhu.dll - OK
C:\WINDOWS\system32\kbdhu1.dll - OK
C:\WINDOWS\system32\kbdic.dll - OK
C:\WINDOWS\system32\kbdinbe1.dll - OK
C:\WINDOWS\system32\kbdinben.dll - OK
C:\WINDOWS\system32\kbdinmal.dll - OK
C:\WINDOWS\system32\kbdir.dll - OK
C:\WINDOWS\system32\kbdit.dll - OK
C:\WINDOWS\system32\kbdit142.dll - OK
C:\WINDOWS\system32\kbdiultn.dll - OK
C:\WINDOWS\system32\kbdkaz.dll - OK
C:\WINDOWS\system32\kbdkyr.dll - OK
C:\WINDOWS\system32\kbdla.dll - OK
C:\WINDOWS\system32\kbdlt.dll - OK
C:\WINDOWS\system32\kbdlt1.dll - OK
C:\WINDOWS\system32\kbdlv.dll - OK
C:\WINDOWS\system32\kbdlv1.dll - OK
C:\WINDOWS\system32\kbdmac.dll - OK
C:\WINDOWS\system32\kbdmaori.dll - OK
C:\WINDOWS\system32\kbdmlt47.dll - OK
C:\WINDOWS\system32\kbdmlt48.dll - OK
C:\WINDOWS\system32\kbdmon.dll - OK
C:\WINDOWS\system32\kbdne.dll - OK
C:\WINDOWS\system32\kbdnec.dll - OK
C:\WINDOWS\system32\kbdnepr.dll - OK
C:\WINDOWS\system32\kbdno.dll - OK
C:\WINDOWS\system32\kbdno1.dll - OK
C:\WINDOWS\system32\kbdpash.dll - OK
C:\WINDOWS\system32\kbdpl.dll - OK
C:\WINDOWS\system32\kbdpl1.dll - OK
C:\WINDOWS\system32\kbdpo.dll - OK
C:\WINDOWS\system32\kbdro.dll - OK
C:\WINDOWS\system32\kbdru.dll - OK
C:\WINDOWS\system32\kbdru1.dll - OK
C:\WINDOWS\system32\kbdsf.dll - OK
C:\WINDOWS\system32\kbdsg.dll - OK
C:\WINDOWS\system32\kbdsl.dll - OK
C:\WINDOWS\system32\kbdsl1.dll - OK
C:\WINDOWS\system32\kbdsmsfi.dll - OK
C:\WINDOWS\system32\kbdsmsno.dll - OK
C:\WINDOWS\system32\kbdsp.dll - OK
C:\WINDOWS\system32\kbdsw.dll - OK
C:\WINDOWS\system32\kbdtat.dll - OK
C:\WINDOWS\system32\kbdtuf.dll - OK
C:\WINDOWS\system32\kbdtuq.dll - OK
C:\WINDOWS\system32\kbduk.dll - OK
C:\WINDOWS\system32\kbdukx.dll - OK
C:\WINDOWS\system32\kbdur.dll - OK
C:\WINDOWS\system32\kbdus.dll - OK
C:\WINDOWS\system32\kbdusl.dll - OK
C:\WINDOWS\system32\kbdusr.dll - OK
C:\WINDOWS\system32\kbdusx.dll - OK
C:\WINDOWS\system32\kbduzb.dll - OK
C:\WINDOWS\system32\kbdycc.dll - OK
C:\WINDOWS\system32\kbdycl.dll - OK
C:\WINDOWS\system32\kd1394.dll - OK
C:\WINDOWS\system32\kdcom.dll - OK
C:\WINDOWS\system32\kerberos.dll - OK
C:\WINDOWS\system32\kernel32.dll - OK
C:\WINDOWS\system32\key01.sys - OK
C:\WINDOWS\system32\keyboard.drv - OK
C:\WINDOWS\system32\keyboard.sys - OK
C:\WINDOWS\system32\keymgr.dll - OK
C:\WINDOWS\system32\keystone.exe - OK
C:\WINDOWS\system32\kmddsp.tsp - OK
C:\WINDOWS\system32\kmsvc.dll - OK
C:\WINDOWS\system32\korean.uce - OK
C:\WINDOWS\system32\krnl386.exe - OK
C:\WINDOWS\system32\ksproxy.ax - OK
C:\WINDOWS\system32\ksuser.dll - OK
C:\WINDOWS\system32\l2gpstore.dll - OK
C:\WINDOWS\system32\l3codeca.acm - OK
C:\WINDOWS\system32\l3codecx.ax - OK
C:\WINDOWS\system32\label.exe - OK
C:\WINDOWS\system32\langwrbk.dll - OK
C:\WINDOWS\system32\lanman.drv - OK
C:\WINDOWS\system32\LAPRXY.dll packed by PESTUB
>C:\WINDOWS\system32\LAPRXY.dll - OK
C:\WINDOWS\system32\LegitCheckControl.dll - OK
C:\WINDOWS\system32\licdll.dll - OK
C:\WINDOWS\system32\licmgr10.dll - OK
C:\WINDOWS\system32\licwmi.dll - OK
C:\WINDOWS\system32\lights.exe - OK
C:\WINDOWS\system32\linkinfo.dll - OK
C:\WINDOWS\system32\lmhsvc.dll - OK
C:\WINDOWS\system32\lmrt.dll - OK
C:\WINDOWS\system32\lnkstub.exe - OK
C:\WINDOWS\system32\loadfix.com - OK
C:\WINDOWS\system32\loadperf.dll - OK
C:\WINDOWS\system32\locale.nls - OK
C:\WINDOWS\system32\localsec.dll - OK
C:\WINDOWS\system32\localspl.dll - OK
C:\WINDOWS\system32\localui.dll - OK
C:\WINDOWS\system32\locator.exe - OK
C:\WINDOWS\system32\lodctr.exe - OK
C:\WINDOWS\system32\logagent.exe - OK
C:\WINDOWS\system32\loghours.dll - OK
C:\WINDOWS\system32\login.cmd - OK
C:\WINDOWS\system32\logman.exe - OK
C:\WINDOWS\system32\logoff.exe - OK
C:\WINDOWS\system32\logon.scr - OK
C:\WINDOWS\system32\logonui.exe - OK
C:\WINDOWS\system32\logonui.exe.manifest - OK
C:\WINDOWS\system32\lpk.dll - OK
C:\WINDOWS\system32\lpq.exe - OK
C:\WINDOWS\system32\lpr.exe - OK
C:\WINDOWS\system32\lprhelp.dll - OK
C:\WINDOWS\system32\lprmonui.dll - OK
C:\WINDOWS\system32\lsasrv.dll - OK
C:\WINDOWS\system32\lsass.exe - OK
C:\WINDOWS\system32\lusrmgr.msc - OK
C:\WINDOWS\system32\lz32.dll - OK
C:\WINDOWS\system32\lzexpand.dll - OK
C:\WINDOWS\system32\l_except.nls - OK
C:\WINDOWS\system32\l_intl.nls - OK
C:\WINDOWS\system32\magnify.exe - OK
C:\WINDOWS\system32\mag_hook.dll - OK
C:\WINDOWS\system32\main.cpl - OK
C:\WINDOWS\system32\makecab.exe - OK
C:\WINDOWS\system32\MAPI.DLL - OK
C:\WINDOWS\system32\mapi32.dll - OK
C:\WINDOWS\system32\MAPISRVR.EXE - OK
C:\WINDOWS\system32\mapistub.dll - OK
C:\WINDOWS\system32\mcastmib.dll - OK
C:\WINDOWS\system32\mcd32.dll - OK
C:\WINDOWS\system32\mcdsrv32.dll - OK
C:\WINDOWS\system32\mchgrcoi.dll - OK
C:\WINDOWS\system32\mciavi.drv - OK
C:\WINDOWS\system32\mciavi32.dll - OK
C:\WINDOWS\system32\mcicda.dll - OK
C:\WINDOWS\system32\mciole16.dll - OK
C:\WINDOWS\system32\mciole32.dll - OK
C:\WINDOWS\system32\mciqtz32.dll - OK
C:\WINDOWS\system32\mciseq.dll - OK
C:\WINDOWS\system32\mciseq.drv - OK
C:\WINDOWS\system32\mciwave.dll - OK
C:\WINDOWS\system32\mciwave.drv - OK
C:\WINDOWS\system32\mdhcp.dll - OK
C:\WINDOWS\system32\mdminst.dll - OK
C:\WINDOWS\system32\mdmxsdk.dll - OK
C:\WINDOWS\system32\MDT2FW95.DLL - OK
C:\WINDOWS\system32\mdwmdmsp.dll - OK
C:\WINDOWS\system32\mem.exe packed by EXEPACK
>C:\WINDOWS\system32\mem.exe - OK
C:\WINDOWS\system32\mf3216.dll - OK
C:\WINDOWS\system32\mfc40.dll - OK
C:\WINDOWS\system32\mfc40u.dll - OK
C:\WINDOWS\system32\mfc42.dll - OK
C:\WINDOWS\system32\MFC42ENU.DLL - OK
C:\WINDOWS\system32\mfc42u(2).dll - OK
C:\WINDOWS\system32\mfc42u.dll - OK
C:\WINDOWS\system32\mfc70.dll - OK
C:\WINDOWS\system32\mfc71.dll - OK
C:\WINDOWS\system32\MFC71CHS.DLL - OK
C:\WINDOWS\system32\MFC71CHT.DLL - OK
C:\WINDOWS\system32\MFC71DEU.DLL - OK
C:\WINDOWS\system32\MFC71ENU.DLL - OK
C:\WINDOWS\system32\MFC71ESP.DLL - OK
C:\WINDOWS\system32\MFC71FRA.DLL - OK
C:\WINDOWS\system32\MFC71ITA.DLL - OK
C:\WINDOWS\system32\MFC71JPN.DLL - OK
C:\WINDOWS\system32\MFC71KOR.DLL - OK
C:\WINDOWS\system32\mfc71u.dll - OK
C:\WINDOWS\system32\mfcsubs.dll - OK
C:\WINDOWS\system32\MFPLAT.dll - OK
C:\WINDOWS\system32\mgmtapi.dll - OK
C:\WINDOWS\system32\mib.bin - OK
C:\WINDOWS\system32\microsoft.managementconsole.dll - OK
C:\WINDOWS\system32\midimap.dll - OK
C:\WINDOWS\system32\miglibnt.dll - OK
C:\WINDOWS\system32\migpwd.exe - OK
C:\WINDOWS\system32\mimefilt.dll - OK
C:\WINDOWS\system32\mlang.dat - OK
C:\WINDOWS\system32\mlang.dll - OK
C:\WINDOWS\system32\mlfcache.dat - OK
C:\WINDOWS\system32\mll_hp.dll - OK
C:\WINDOWS\system32\mll_mtf.dll - OK
C:\WINDOWS\system32\mll_qic.dll - OK
C:\WINDOWS\system32\mmc.exe - archive BINARYRES
>C:\WINDOWS\system32\mmc.exe/data001 - archive HTML
>>C:\WINDOWS\system32\mmc.exe/data001/JavaScript.0 - OK
>C:\WINDOWS\system32\mmc.exe/data001 - OK
>C:\WINDOWS\system32\mmc.exe/data002 - archive HTML
>>C:\WINDOWS\system32\mmc.exe/data002/JavaScript.0 - OK
>C:\WINDOWS\system32\mmc.exe/data002 - OK
>C:\WINDOWS\system32\mmc.exe/data003 - archive HTML
>>C:\WINDOWS\system32\mmc.exe/data003/JavaScript.0 - OK
>C:\WINDOWS\system32\mmc.exe/data003 - OK
>C:\WINDOWS\system32\mmc.exe/data004 - archive HTML
>>C:\WINDOWS\system32\mmc.exe/data004/JavaScript.0 - OK
>C:\WINDOWS\system32\mmc.exe/data004 - OK
>C:\WINDOWS\system32\mmc.exe/data005 - archive HTML
>>C:\WINDOWS\system32\mmc.exe/data005/JavaScript.0 - OK
>C:\WINDOWS\system32\mmc.exe/data005 - OK
>C:\WINDOWS\system32\mmc.exe/data006 - archive HTML
>>C:\WINDOWS\system32\mmc.exe/data006/JavaScript.0 - OK
>C:\WINDOWS\system32\mmc.exe/data006 - OK
>C:\WINDOWS\system32\mmc.exe/data007 - OK
C:\WINDOWS\system32\mmc.exe - OK
C:\WINDOWS\system32\mmcbase.dll - OK
C:\WINDOWS\system32\mmcex.dll - OK
C:\WINDOWS\system32\mmcfxcommon.dll - OK
C:\WINDOWS\system32\mmcndmgr.dll - archive BINARYRES
>C:\WINDOWS\system32\mmcndmgr.dll/data001 - archive HTML
>>C:\WINDOWS\system32\mmcndmgr.dll/data001/JavaScript.0 - OK
>>C:\WINDOWS\system32\mmcndmgr.dll/data001/JavaScript.1 - OK
>>C:\WINDOWS\system32\mmcndmgr.dll/data001/JavaScript.2 - OK
>>C:\WINDOWS\system32\mmcndmgr.dll/data001/JavaScript.3 - OK
>>C:\WINDOWS\system32\mmcndmgr.dll/data001/JavaScript.4 - OK
>>C:\WINDOWS\system32\mmcndmgr.dll/data001/JavaScript.5 - OK
>C:\WINDOWS\system32\mmcndmgr.dll/data001 - OK
C:\WINDOWS\system32\mmcndmgr.dll - OK
C:\WINDOWS\system32\mmcperf.exe - OK
C:\WINDOWS\system32\mmcshext.dll - OK
C:\WINDOWS\system32\mmdriver.inf - OK
C:\WINDOWS\system32\mmdrv.dll - OK
C:\WINDOWS\system32\mmfutil.dll - OK
C:\WINDOWS\system32\mmsys.cpl - OK
C:\WINDOWS\system32\mmsystem.dll - OK
C:\WINDOWS\system32\mmtask.tsk - OK
C:\WINDOWS\system32\mmutilse.dll - OK
C:\WINDOWS\system32\mnmdd.dll - OK
C:\WINDOWS\system32\mnmsrvc.exe - OK
C:\WINDOWS\system32\mobsync.dll - OK
C:\WINDOWS\system32\mobsync.exe - OK
C:\WINDOWS\system32\mode.com - OK
C:\WINDOWS\system32\modemui.dll - OK
C:\WINDOWS\system32\modex.dll - OK
C:\WINDOWS\system32\more.com - OK
C:\WINDOWS\system32\moricons.dll - OK
C:\WINDOWS\system32\mountvol.exe - OK
C:\WINDOWS\system32\mouse.drv - OK
C:\WINDOWS\system32\MP43DECD.dll - OK
C:\WINDOWS\system32\MP43DMOD.dll - OK
C:\WINDOWS\system32\MP4SDECD.dll - OK
C:\WINDOWS\system32\MP4SDMOD.dll - OK
C:\WINDOWS\system32\mpeg2data.ax - OK
C:\WINDOWS\system32\mpg2splt.ax - OK
C:\WINDOWS\system32\MPG4DECD.dll - OK
C:\WINDOWS\system32\MPG4DMOD.dll - OK
C:\WINDOWS\system32\mpg4ds32.ax - OK
C:\WINDOWS\system32\mplay32.exe - OK
C:\WINDOWS\system32\mpnotify.exe - OK
C:\WINDOWS\system32\mpr.dll - OK
C:\WINDOWS\system32\mprapi.dll - OK
C:\WINDOWS\system32\mprddm.dll - OK
C:\WINDOWS\system32\mprdim.dll - OK
C:\WINDOWS\system32\mprmsg.dll - OK
C:\WINDOWS\system32\mprui.dll - OK
C:\WINDOWS\system32\mqad.dll - OK
C:\WINDOWS\system32\mqbkup.exe - OK
C:\WINDOWS\system32\mqcertui.dll - OK
C:\WINDOWS\system32\mqdscli.dll - OK
C:\WINDOWS\system32\mqgentr.dll - OK
C:\WINDOWS\system32\mqise.dll - OK
C:\WINDOWS\system32\mqlogmgr.dll - OK
C:\WINDOWS\system32\mqoa.dll - OK
C:\WINDOWS\system32\mqoa.tlb - OK
C:\WINDOWS\system32\mqoa10.tlb - OK
C:\WINDOWS\system32\mqoa20.tlb - OK
C:\WINDOWS\system32\mqperf.dll - OK
C:\WINDOWS\system32\mqperf.ini - OK
C:\WINDOWS\system32\mqprfsym.h - OK
C:\WINDOWS\system32\mqqm.dll - OK
C:\WINDOWS\system32\mqrt.dll - OK
C:\WINDOWS\system32\mqrtdep.dll - OK
C:\WINDOWS\system32\mqsec.dll - OK
C:\WINDOWS\system32\mqsnap.dll - OK
C:\WINDOWS\system32\mqsvc.exe - OK
C:\WINDOWS\system32\mqtgsvc.exe - OK
C:\WINDOWS\system32\mqtrig.dll - OK
C:\WINDOWS\system32\mqupgrd.dll - OK
C:\WINDOWS\system32\mqutil.dll - OK
C:\WINDOWS\system32\mrinfo.exe - OK
C:\WINDOWS\system32\MRT.exe - archive BINARYRES
>C:\WINDOWS\system32\MRT.exe/data001 - archive BINARYRES
>>C:\WINDOWS\system32\MRT.exe/data001/data001 - OK
>>C:\WINDOWS\system32\MRT.exe/data001/data002 - OK
>>C:\WINDOWS\system32\MRT.exe/data001/data003 - OK
>C:\WINDOWS\system32\MRT.exe/data001 - OK
>C:\WINDOWS\system32\MRT.exe/data002 - OK
C:\WINDOWS\system32\MRT.exe - OK
C:\WINDOWS\system32\MSAAP.XLA - OK
C:\WINDOWS\system32\msaatext.dll - OK
C:\WINDOWS\system32\msacm.dll - OK
C:\WINDOWS\system32\msacm32.dll - OK
C:\WINDOWS\system32\msacm32.drv - OK
C:\WINDOWS\system32\msadds32.ax - OK
C:\WINDOWS\system32\MSADODC.OCX - OK
C:\WINDOWS\system32\msadp32.acm - OK
C:\WINDOWS\system32\msafd.dll - OK
C:\WINDOWS\system32\msapsspc.dll - OK
C:\WINDOWS\system32\msasn1.dll - OK
C:\WINDOWS\system32\msaud32.acm - OK
C:\WINDOWS\system32\msaudite.dll - OK
C:\WINDOWS\system32\mscat32.dll - OK
C:\WINDOWS\system32\mscdexnt.exe - OK
C:\WINDOWS\system32\mscms.dll - OK
C:\WINDOWS\system32\mscomct2.ocx - OK
C:\WINDOWS\system32\mscomctl.ocx - OK
C:\WINDOWS\system32\msconf.dll - OK
C:\WINDOWS\system32\mscoree.dll - OK
C:\WINDOWS\system32\mscorier.dll - OK
C:\WINDOWS\system32\mscories.dll - OK
C:\WINDOWS\system32\mscpx32r.dll - OK
C:\WINDOWS\system32\mscpxl32.dll - OK
C:\WINDOWS\system32\msctf.dll - OK
C:\WINDOWS\system32\msctfime.ime - OK
C:\WINDOWS\system32\msctfp.dll - OK
C:\WINDOWS\system32\msdadiag.dll - OK
C:\WINDOWS\system32\msdart.dll - OK
C:\WINDOWS\system32\MSDATGRD.OCX - OK
C:\WINDOWS\system32\msdatsrc.tlb - OK
C:\WINDOWS\system32\msdbg2.dll - OK
C:\WINDOWS\system32\msdmo.dll - OK
C:\WINDOWS\system32\msdtc.exe - OK
C:\WINDOWS\system32\msdtclog.dll - OK
C:\WINDOWS\system32\msdtcprf.h - OK
C:\WINDOWS\system32\msdtcprf.ini - OK
C:\WINDOWS\system32\msdtcprx.dll - OK
C:\WINDOWS\system32\msdtctm.dll - OK
C:\WINDOWS\system32\msdtcuiu.dll - OK
C:\WINDOWS\system32\msdxm.ocx - OK
C:\WINDOWS\system32\msdxmlc.dll - OK
C:\WINDOWS\system32\msencode.dll - OK
C:\WINDOWS\system32\msexch40.dll - OK
C:\WINDOWS\system32\msexcl40.dll - OK
C:\WINDOWS\system32\msfeeds.dll - OK
C:\WINDOWS\system32\msfeedsbs.dll - OK
C:\WINDOWS\system32\msfeedssync.exe - OK
C:\WINDOWS\system32\msftedit.dll - OK
C:\WINDOWS\system32\msg.exe - OK
C:\WINDOWS\system32\msg711.acm - OK
C:\WINDOWS\system32\msg723.acm - OK
C:\WINDOWS\system32\msgina.dll - OK
C:\WINDOWS\system32\msgsm32.acm - OK
C:\WINDOWS\system32\msgsvc.dll - OK
C:\WINDOWS\system32\msh261.drv - OK
C:\WINDOWS\system32\msh263.drv - OK
C:\WINDOWS\system32\mshearts.exe - OK
C:\WINDOWS\system32\mshta.exe - OK
C:\WINDOWS\system32\mshta.exe.mui - OK
C:\WINDOWS\system32\mshtml.dll - OK
C:\WINDOWS\system32\mshtml.tlb - OK
C:\WINDOWS\system32\mshtmled.dll - OK
C:\WINDOWS\system32\mshtmler.dll - OK
C:\WINDOWS\system32\msi.dll - OK
C:\WINDOWS\system32\msident.dll - OK
C:\WINDOWS\system32\msidle.dll - OK
C:\WINDOWS\system32\msidntld.dll - OK
C:\WINDOWS\system32\msieftp.dll - OK
C:\WINDOWS\system32\msiexec.exe - OK
C:\WINDOWS\system32\msihnd.dll - OK
C:\WINDOWS\system32\msimg32.dll - OK
C:\WINDOWS\system32\MSIMRT.DLL - OK
C:\WINDOWS\system32\MSIMRT16.DLL - OK
C:\WINDOWS\system32\MSIMRT32.DLL - OK
C:\WINDOWS\system32\msimsg.dll - OK
C:\WINDOWS\system32\msimtf.dll - OK
C:\WINDOWS\system32\MSIMUSIC.DLL - OK
C:\WINDOWS\system32\msisip.dll - OK
C:\WINDOWS\system32\msjet40.dll - OK
C:\WINDOWS\system32\msjetoledb40.dll - OK
C:\WINDOWS\system32\msjint40.dll - OK
C:\WINDOWS\system32\msjter40.dll - OK
C:\WINDOWS\system32\msjtes40.dll - OK
C:\WINDOWS\system32\mslbui.dll - OK
C:\WINDOWS\system32\MSLS2.DLL - OK
C:\WINDOWS\system32\msls31.dll - OK
C:\WINDOWS\system32\msltus40.dll - OK
C:\WINDOWS\system32\msnetobj.dll - OK
C:\WINDOWS\system32\msnsspc.dll - OK
C:\WINDOWS\system32\msobjs.dll - OK
C:\WINDOWS\system32\msoeacct.dll - OK
C:\WINDOWS\system32\msoert2.dll - OK
C:\WINDOWS\system32\msorc32r.dll - OK
C:\WINDOWS\system32\msorcl32.dll - OK
C:\WINDOWS\system32\mspaint.exe - OK
C:\WINDOWS\system32\mspatcha.dll - OK
C:\WINDOWS\system32\mspbde40.dll - OK
C:\WINDOWS\system32\mspmsnsv.dll - OK
C:\WINDOWS\system32\mspmsp.dll packed by PESTUB
>C:\WINDOWS\system32\mspmsp.dll - OK
C:\WINDOWS\system32\msports.dll - OK
C:\WINDOWS\system32\msprivs.dll - OK
C:\WINDOWS\system32\msr2c.dll - OK
C:\WINDOWS\system32\msr2cenu.dll - OK
C:\WINDOWS\system32\msratelc.dll - OK
C:\WINDOWS\system32\msrating.dll - OK
C:\WINDOWS\system32\msrating.dll.mui - OK
C:\WINDOWS\system32\msrclr40.dll - OK
C:\WINDOWS\system32\msrd2x40.dll - OK
C:\WINDOWS\system32\msrd3x40.dll - OK
C:\WINDOWS\system32\MSRDO20.DLL - OK
C:\WINDOWS\system32\msrecr40.dll - OK
C:\WINDOWS\system32\msrepl40.dll - OK
C:\WINDOWS\system32\msrle32.dll - OK
C:\WINDOWS\system32\MSRTEDIT.DLL - OK
C:\WINDOWS\system32\mssap.dll - OK
C:\WINDOWS\system32\msscds32.ax - OK
C:\WINDOWS\system32\msscp.dll - OK
C:\WINDOWS\system32\msscript.ocx - OK
C:\WINDOWS\system32\mssha.dll - OK
C:\WINDOWS\system32\msshavmsg.dll - OK
C:\WINDOWS\system32\mssign32.dll - OK
C:\WINDOWS\system32\mssip32.dll - OK
C:\WINDOWS\system32\MSSTDFMT.DLL - OK
C:\WINDOWS\system32\MSSTKPRP.DLL - OK
C:\WINDOWS\system32\msswch.dll - OK
C:\WINDOWS\system32\msswchx.exe - OK
C:\WINDOWS\system32\mstask.dll - OK
C:\WINDOWS\system32\mstext40.dll - OK
C:\WINDOWS\system32\mstime.dll - OK
C:\WINDOWS\system32\mstinit.exe - OK
C:\WINDOWS\system32\mstlsapi.dll - OK
C:\WINDOWS\system32\mstsc.exe - OK
C:\WINDOWS\system32\mstscax.dll - OK
C:\WINDOWS\system32\msutb.dll - OK
C:\WINDOWS\system32\msv1_0.dll - OK
C:\WINDOWS\system32\msvbvm50.dll - OK
C:\WINDOWS\system32\msvbvm60.dll - OK
C:\WINDOWS\system32\msvcirt.dll - OK
C:\WINDOWS\system32\msvcp50.dll - OK
C:\WINDOWS\system32\msvcp60.dll - OK
C:\WINDOWS\system32\msvcp70.dll - OK
C:\WINDOWS\system32\msvcp71.dll - OK
C:\WINDOWS\system32\msvcr70.dll - OK
C:\WINDOWS\system32\msvcr71.dll - OK
C:\WINDOWS\system32\msvcrt.dll - OK
C:\WINDOWS\system32\msvcrt20.dll - OK
C:\WINDOWS\system32\msvcrt40.dll - OK
C:\WINDOWS\system32\msvfw32.dll - OK
C:\WINDOWS\system32\msvidc32.dll - OK
C:\WINDOWS\system32\msvidctl.dll - OK
C:\WINDOWS\system32\msvideo.dll - OK
C:\WINDOWS\system32\msw3prt.dll - OK
C:\WINDOWS\system32\mswdat10.dll - OK
C:\WINDOWS\system32\mswebdvd.dll - OK
C:\WINDOWS\system32\mswmdm.dll - OK
C:\WINDOWS\system32\mswsock.dll - OK
C:\WINDOWS\system32\mswstr10.dll - OK
C:\WINDOWS\system32\msxbde40.dll - OK
C:\WINDOWS\system32\msxml.dll - archive BINARYRES
>C:\WINDOWS\system32\msxml.dll/data001 - archive HTML
>>C:\WINDOWS\system32\msxml.dll/data001/Script.0 - OK
>C:\WINDOWS\system32\msxml.dll/data001 - OK
>C:\WINDOWS\system32\msxml.dll/data002 - archive HTML
>>C:\WINDOWS\system32\msxml.dll/data002/Script.0 - OK
>C:\WINDOWS\system32\msxml.dll/data002 - OK
>C:\WINDOWS\system32\msxml.dll/data003 - archive HTML
>>C:\WINDOWS\system32\msxml.dll/data003/Script.0 - OK
>C:\WINDOWS\system32\msxml.dll/data003 - OK
C:\WINDOWS\system32\msxml.dll - OK
C:\WINDOWS\system32\msxml2.dll - archive BINARYRES
>C:\WINDOWS\system32\msxml2.dll/data001 - archive HTML
>>C:\WINDOWS\system32\msxml2.dll/data001/Script.0 - OK
>C:\WINDOWS\system32\msxml2.dll/data001 - OK
>C:\WINDOWS\system32\msxml2.dll/data002 - archive HTML
>>C:\WINDOWS\system32\msxml2.dll/data002/Script.0 - OK
>C:\WINDOWS\system32\msxml2.dll/data002 - OK
>C:\WINDOWS\system32\msxml2.dll/data003 - archive HTML
>>C:\WINDOWS\system32\msxml2.dll/data003/Script.0 - OK
>C:\WINDOWS\system32\msxml2.dll/data003 - OK
C:\WINDOWS\system32\msxml2.dll - OK
C:\WINDOWS\system32\msxml2r.dll - OK
C:\WINDOWS\system32\msxml3.dll - OK
C:\WINDOWS\system32\msxml3a.dll - OK
C:\WINDOWS\system32\msxml3r.dll - OK
C:\WINDOWS\system32\msxml4.dll - OK
C:\WINDOWS\system32\msxml4r.dll - OK
C:\WINDOWS\system32\msxml6.dll - OK
C:\WINDOWS\system32\msxml6r.dll - OK
C:\WINDOWS\system32\msxmlr.dll - OK
C:\WINDOWS\system32\msyuv.dll - OK
C:\WINDOWS\system32\mtxclu.dll - OK
C:\WINDOWS\system32\mtxdm.dll - OK
C:\WINDOWS\system32\mtxex.dll - OK
C:\WINDOWS\system32\mtxlegih.dll - OK
C:\WINDOWS\system32\mtxoci.dll - OK
C:\WINDOWS\system32\mtxparhd.dll - OK
C:\WINDOWS\system32\mucltui.dll - OK
C:\WINDOWS\system32\mucltui.dll.mui - OK
C:\WINDOWS\system32\muweb.dll - archive CAB
C:\WINDOWS\system32\mycomput.dll - OK
C:\WINDOWS\system32\mydocs.dll - OK
C:\WINDOWS\system32\napipsec.dll - OK
C:\WINDOWS\system32\napmontr.dll - OK
C:\WINDOWS\system32\napstat.exe - OK
C:\WINDOWS\system32\narrator.exe - OK
C:\WINDOWS\system32\narrhook.dll - OK
C:\WINDOWS\system32\nbtstat.exe - OK
C:\WINDOWS\system32\ncobjapi.dll - OK
C:\WINDOWS\system32\ncpa.cpl - OK
C:\WINDOWS\system32\ncpa.cpl.manifest - OK
C:\WINDOWS\system32\ncxpnt.dll - OK
C:\WINDOWS\system32\nddeapi.dll - OK
C:\WINDOWS\system32\nddeapir.exe - OK
C:\WINDOWS\system32\nddenb32.dll - OK
C:\WINDOWS\system32\ndptsp.tsp - OK
C:\WINDOWS\system32\net.exe - OK
C:\WINDOWS\system32\net.hlp - OK
C:\WINDOWS\system32\net1.exe - OK
C:\WINDOWS\system32\netapi.dll - OK
C:\WINDOWS\system32\netapi32.dll - OK
C:\WINDOWS\system32\netcfgx.dll - OK
C:\WINDOWS\system32\netdde.exe - OK
C:\WINDOWS\system32\netevent.dll - OK
C:\WINDOWS\system32\netfxperf.dll - OK
C:\WINDOWS\system32\neth.dll - OK
C:\WINDOWS\system32\netid.dll - OK
C:\WINDOWS\system32\netlogon.dll - OK
C:\WINDOWS\system32\netman.dll - OK
C:\WINDOWS\system32\netmsg.dll - OK
C:\WINDOWS\system32\netplwiz.dll - OK
C:\WINDOWS\system32\netrap.dll - OK
C:\WINDOWS\system32\netsetup.cpl - OK
C:\WINDOWS\system32\netsetup.exe - archive CAB
C:\WINDOWS\system32\netsh.exe - OK
C:\WINDOWS\system32\netshell.dll - OK
C:\WINDOWS\system32\netstat.exe - OK
C:\WINDOWS\system32\netui0.dll - OK
C:\WINDOWS\system32\netui1.dll - OK
C:\WINDOWS\system32\netui2.dll - OK
C:\WINDOWS\system32\netware.drv - OK
C:\WINDOWS\system32\newdev.dll - OK
C:\WINDOWS\system32\nlhtml.dll - OK
C:\WINDOWS\system32\nlsdl.dll - OK
C:\WINDOWS\system32\nlsfunc.exe packed by EXEPACK
>C:\WINDOWS\system32\nlsfunc.exe - OK
C:\WINDOWS\system32\nmevtmsg.dll - OK
C:\WINDOWS\system32\nmmkcert.dll - OK
C:\WINDOWS\system32\noise.chs - OK
C:\WINDOWS\system32\noise.cht - OK
C:\WINDOWS\system32\noise.dat - OK
C:\WINDOWS\system32\noise.deu - OK
C:\WINDOWS\system32\noise.eng - OK
C:\WINDOWS\system32\noise.enu - OK
C:\WINDOWS\system32\noise.esn - OK
C:\WINDOWS\system32\noise.fra - OK
C:\WINDOWS\system32\noise.ita - OK
C:\WINDOWS\system32\noise.nld - OK
C:\WINDOWS\system32\noise.sve - OK
C:\WINDOWS\system32\noise.tha - OK
C:\WINDOWS\system32\normaliz.dll - OK
C:\WINDOWS\system32\normidna.nls - OK
C:\WINDOWS\system32\normnfc.nls - OK
C:\WINDOWS\system32\normnfd.nls - OK
C:\WINDOWS\system32\normnfkc.nls - OK
C:\WINDOWS\system32\normnfkd.nls - OK
C:\WINDOWS\system32\notepad.exe - OK
C:\WINDOWS\system32\npptools.dll - OK
C:\WINDOWS\system32\nscompat.tlb - OK
C:\WINDOWS\system32\nslookup.exe - OK
C:\WINDOWS\system32\ntbackup.exe - OK
C:\WINDOWS\system32\ntdll.dll - OK
C:\WINDOWS\system32\ntdos.sys - OK
C:\WINDOWS\system32\ntdos404.sys - OK
C:\WINDOWS\system32\ntdos411.sys - OK
C:\WINDOWS\system32\ntdos412.sys - OK
C:\WINDOWS\system32\ntdos804.sys - OK
C:\WINDOWS\system32\ntdsapi.dll - OK
C:\WINDOWS\system32\ntdsbcli.dll - OK
C:\WINDOWS\system32\ntimage.gif - OK
C:\WINDOWS\system32\ntio.sys - OK
C:\WINDOWS\system32\ntio404.sys - OK
C:\WINDOWS\system32\ntio411.sys - OK
C:\WINDOWS\system32\ntio412.sys - OK
C:\WINDOWS\system32\ntio804.sys - OK
C:\WINDOWS\system32\ntkrnlpa.exe - OK
C:\WINDOWS\system32\ntlanman.dll - OK
C:\WINDOWS\system32\ntlanui.dll - OK
C:\WINDOWS\system32\ntlanui2.dll - OK
C:\WINDOWS\system32\ntlsapi.dll - OK
C:\WINDOWS\system32\ntmarta.dll - OK
C:\WINDOWS\system32\ntmsapi.dll - OK
C:\WINDOWS\system32\ntmsdba.dll - OK
C:\WINDOWS\system32\ntmsevt.dll - OK
C:\WINDOWS\system32\ntmsmgr.dll - OK
C:\WINDOWS\system32\ntmsmgr.msc - OK
C:\WINDOWS\system32\ntmsoprq.msc - OK
C:\WINDOWS\system32\ntmssvc.dll - OK
C:\WINDOWS\system32\ntoskrnl.exe - OK
C:\WINDOWS\system32\ntprint.dll - OK
C:\WINDOWS\system32\ntsd.exe - OK
C:\WINDOWS\system32\ntsdexts.dll - OK
C:\WINDOWS\system32\ntshrui.dll - OK
C:\WINDOWS\system32\ntvdm.exe - OK
C:\WINDOWS\system32\ntvdmd.dll - OK
C:\WINDOWS\system32\nusrmgr.cpl - archive BINARYRES
>C:\WINDOWS\system32\nusrmgr.cpl/data001 - archive HTML
>>C:\WINDOWS\system32\nusrmgr.cpl/data001/JavaScript.0 - OK
>>C:\WINDOWS\system32\nusrmgr.cpl/data001/JavaScript.1 - OK
>C:\WINDOWS\system32\nusrmgr.cpl/data001 - OK
>C:\WINDOWS\system32\nusrmgr.cpl/data002 - archive HTML
>>C:\WINDOWS\system32\nusrmgr.cpl/data002/JavaScript.0 - OK
>C:\WINDOWS\system32\nusrmgr.cpl/data002 - OK
>C:\WINDOWS\system32\nusrmgr.cpl/data003 - archive HTML
>>C:\WINDOWS\system32\nusrmgr.cpl/data003/JavaScript.0 - OK
>C:\WINDOWS\system32\nusrmgr.cpl/data003 - OK
>C:\WINDOWS\system32\nusrmgr.cpl/data004 - archive HTML
>>C:\WINDOWS\system32\nusrmgr.cpl/data004/JavaScript.0 - OK
>C:\WINDOWS\system32\nusrmgr.cpl/data004 - OK
>C:\WINDOWS\system32\nusrmgr.cpl/data005 - OK
>C:\WINDOWS\system32\nusrmgr.cpl/data006 - OK
>C:\WINDOWS\system32\nusrmgr.cpl/data007 - archive HTML
>>C:\WINDOWS\system32\nusrmgr.cpl/data007/JavaScript.0 - OK
>C:\WINDOWS\system32\nusrmgr.cpl/data007 - OK
>C:\WINDOWS\system32\nusrmgr.cpl/data008 - OK
>C:\WINDOWS\system32\nusrmgr.cpl/data009 - OK
>C:\WINDOWS\system32\nusrmgr.cpl/data010 - OK
>C:\WINDOWS\system32\nusrmgr.cpl/data011 - OK
>C:\WINDOWS\system32\nusrmgr.cpl/data012 - OK
>C:\WINDOWS\system32\nusrmgr.cpl/data013 - OK
>C:\WINDOWS\system32\nusrmgr.cpl/data014 - archive HTML
>>C:\WINDOWS\system32\nusrmgr.cpl/data014/JavaScript.0 - OK
>C:\WINDOWS\system32\nusrmgr.cpl/data014 - OK
>C:\WINDOWS\system32\nusrmgr.cpl/data015 - OK
>C:\WINDOWS\system32\nusrmgr.cpl/data016 - OK
>C:\WINDOWS\system32\nusrmgr.cpl/data017 - archive HTML
>>C:\WINDOWS\system32\nusrmgr.cpl/data017/JavaScript.0 - OK
>C:\WINDOWS\system32\nusrmgr.cpl/data017 - OK
>C:\WINDOWS\system32\nusrmgr.cpl/data018 - archive HTML
>>C:\WINDOWS\system32\nusrmgr.cpl/data018/JavaScript.0 - OK
>C:\WINDOWS\system32\nusrmgr.cpl/data018 - OK
>C:\WINDOWS\system32\nusrmgr.cpl/data019 - archive HTML
>>C:\WINDOWS\system32\nusrmgr.cpl/data019/JavaScript.0 - OK
>C:\WINDOWS\system32\nusrmgr.cpl/data019 - OK
>C:\WINDOWS\system32\nusrmgr.cpl/data020 - archive HTML
>>C:\WINDOWS\system32\nusrmgr.cpl/data020/JavaScript.0 - OK
>C:\WINDOWS\system32\nusrmgr.cpl/data020 - OK
>C:\WINDOWS\system32\nusrmgr.cpl/data021 - OK
>C:\WINDOWS\system32\nusrmgr.cpl/data022 - archive HTML
>>C:\WINDOWS\system32\nusrmgr.cpl/data022/JavaScript.0 - OK
>C:\WINDOWS\system32\nusrmgr.cpl/data022 - OK
>C:\WINDOWS\system32\nusrmgr.cpl/data023 - archive HTML
>>C:\WINDOWS\system32\nusrmgr.cpl/data023/JavaScript.0 - OK
>C:\WINDOWS\system32\nusrmgr.cpl/data023 - OK
C:\WINDOWS\system32\nusrmgr.cpl - OK
C:\WINDOWS\system32\nv4_disp.dll - OK
C:\WINDOWS\system32\nvapi.dll - OK
C:\WINDOWS\system32\nvappbar.exe - OK
C:\WINDOWS\system32\nvapps.xml - OK
C:\WINDOWS\system32\nvcod.dll - OK
C:\WINDOWS\system32\nvcodins.dll - OK
C:\WINDOWS\system32\nvcolor.exe - OK
C:\WINDOWS\system32\nvcpl.dll - OK
C:\WINDOWS\system32\nvdisp.nvu - OK
C:\WINDOWS\system32\nvdspsch.exe - OK
C:\WINDOWS\system32\nvhwvid.dll - OK
C:\WINDOWS\system32\nview.dll - OK
C:\WINDOWS\system32\nvmccs.dll packed by ZLIB
>C:\WINDOWS\system32\nvmccs.dll - archive BINARYRES
>>C:\WINDOWS\system32\nvmccs.dll/data001 - OK
>>C:\WINDOWS\system32\nvmccs.dll/data002 - OK
>>C:\WINDOWS\system32\nvmccs.dll/data003 - OK
>C:\WINDOWS\system32\nvmccs.dll - OK
C:\WINDOWS\system32\nvmccsrs.dll - OK
C:\WINDOWS\system32\nvmctray.dll - OK
C:\WINDOWS\system32\nvnt4cpl.dll - OK
C:\WINDOWS\system32\nvoglnt.dll - OK
C:\WINDOWS\system32\nvrsar.dll - OK
C:\WINDOWS\system32\nvrscs.dll - OK
C:\WINDOWS\system32\nvrsda.dll - OK
C:\WINDOWS\system32\nvrsde.dll - OK
C:\WINDOWS\system32\nvrsel.dll - OK
C:\WINDOWS\system32\nvrseng.dll - OK
C:\WINDOWS\system32\nvrses.dll - OK
C:\WINDOWS\system32\nvrsesm.dll - OK
C:\WINDOWS\system32\nvrsfi.dll - OK
C:\WINDOWS\system32\nvrsfr.dll - OK
C:\WINDOWS\system32\nvrshe.dll - OK
C:\WINDOWS\system32\nvrshu.dll - OK
C:\WINDOWS\system32\nvrsit.dll - OK
C:\WINDOWS\system32\nvrsja.dll - OK
C:\WINDOWS\system32\nvrsko.dll - OK
C:\WINDOWS\system32\nvrsnl.dll - OK
C:\WINDOWS\system32\nvrsno.dll - OK
C:\WINDOWS\system32\nvrspl.dll - OK
C:\WINDOWS\system32\nvrspt.dll - OK
C:\WINDOWS\system32\nvrsptb.dll - OK
C:\WINDOWS\system32\nvrsru.dll - OK
C:\WINDOWS\system32\nvrssk.dll - OK
C:\WINDOWS\system32\nvrssl.dll - OK
C:\WINDOWS\system32\nvrssv.dll - OK
C:\WINDOWS\system32\nvrstr.dll - OK
C:\WINDOWS\system32\nvrszhc.dll - OK
C:\WINDOWS\system32\nvrszht.dll - OK
C:\WINDOWS\system32\nvshell.dll - OK
C:\WINDOWS\system32\nvsvc32.exe - OK
C:\WINDOWS\system32\nvtuicpl.cpl - OK
C:\WINDOWS\system32\nvudisp.exe - OK
C:\WINDOWS\system32\NVUNINST.EXE - OK
C:\WINDOWS\system32\nvwddi.dll - OK
C:\WINDOWS\system32\nvwdmcpl.dll - OK
C:\WINDOWS\system32\nvwimg.dll - OK
C:\WINDOWS\system32\nvwrsar.dll - OK
C:\WINDOWS\system32\nvwrscs.dll - OK
C:\WINDOWS\system32\nvwrsda.dll - OK
C:\WINDOWS\system32\nvwrsde.dll - OK
C:\WINDOWS\system32\nvwrsel.dll - OK
C:\WINDOWS\system32\nvwrseng.dll - OK
C:\WINDOWS\system32\nvwrses.dll - OK
C:\WINDOWS\system32\nvwrsesm.dll - OK
C:\WINDOWS\system32\nvwrsfi.dll - OK
C:\WINDOWS\system32\nvwrsfr.dll - OK
C:\WINDOWS\system32\nvwrshe.dll - OK
C:\WINDOWS\system32\nvwrshu.dll - OK
C:\WINDOWS\system32\nvwrsit.dll - OK
C:\WINDOWS\system32\nvwrsja.dll - OK
C:\WINDOWS\system32\nvwrsko.dll - OK
C:\WINDOWS\system32\nvwrsnl.dll - OK
C:\WINDOWS\system32\nvwrsno.dll - OK
C:\WINDOWS\system32\nvwrspl.dll - OK
C:\WINDOWS\system32\nvwrspt.dll - OK
C:\WINDOWS\system32\nvwrsptb.dll - OK
C:\WINDOWS\system32\nvwrsru.dll - OK
C:\WINDOWS\system32\nvwrssk.dll - OK
C:\WINDOWS\system32\nvwrssl.dll - OK
C:\WINDOWS\system32\nvwrssv.dll - OK
C:\WINDOWS\system32\nvwrstr.dll - OK
C:\WINDOWS\system32\nvwrszhc.dll - OK
C:\WINDOWS\system32\nvwrszht.dll - OK
C:\WINDOWS\system32\nw16.exe - OK
C:\WINDOWS\system32\nwapi16.dll - OK
C:\WINDOWS\system32\nwapi32.dll - OK
C:\WINDOWS\system32\nwc.cpl - OK
C:\WINDOWS\system32\nwc.cpl.manifest - OK
C:\WINDOWS\system32\nwcfg.dll - OK
C:\WINDOWS\system32\nwevent.dll - OK
C:\WINDOWS\system32\nwiz.exe - OK
C:\WINDOWS\system32\nwprovau.dll - OK
C:\WINDOWS\system32\nwscript.exe - OK
C:\WINDOWS\system32\nwwks.dll - OK
C:\WINDOWS\system32\oakley.dll - OK
C:\WINDOWS\system32\objsel.dll - OK
C:\WINDOWS\system32\occache.dll - OK
C:\WINDOWS\system32\ocmanage.dll - OK
C:\WINDOWS\system32\odbc16gt.dll - OK
C:\WINDOWS\system32\odbc32.dll - OK
C:\WINDOWS\system32\odbc32gt.dll - OK
C:\WINDOWS\system32\odbcad32.exe - OK
C:\WINDOWS\system32\odbcbcp.dll - OK
C:\WINDOWS\system32\odbcconf.dll - OK
C:\WINDOWS\system32\odbcconf.exe - OK
C:\WINDOWS\system32\odbcconf.rsp - OK
C:\WINDOWS\system32\odbccp32.cpl - OK
C:\WINDOWS\system32\odbccp32.dll - OK
C:\WINDOWS\system32\odbccr32.dll - OK
C:\WINDOWS\system32\odbccu32.dll - OK
C:\WINDOWS\system32\odbcint.dll - OK
C:\WINDOWS\system32\odbcji32.dll - OK
C:\WINDOWS\system32\odbcjt32.dll - OK
C:\WINDOWS\system32\odbcp32r.dll - OK
C:\WINDOWS\system32\odbctrac.dll - OK
C:\WINDOWS\system32\oddbse32.dll - OK
C:\WINDOWS\system32\odexl32.dll - OK
C:\WINDOWS\system32\odfox32.dll - OK
C:\WINDOWS\system32\odpdx32.dll - OK
C:\WINDOWS\system32\odtext32.dll - OK
C:\WINDOWS\system32\oembios.bin - OK
C:\WINDOWS\system32\oembios.dat - OK
C:\WINDOWS\system32\oembios.sig - OK
C:\WINDOWS\system32\offfilt.dll - OK
C:\WINDOWS\system32\OGAAddin.dll - OK
C:\WINDOWS\system32\OGACheckControl.dll - OK
C:\WINDOWS\system32\OGAEXEC.exe - OK
C:\WINDOWS\system32\ole2.dll - OK
C:\WINDOWS\system32\ole2disp.dll - OK
C:\WINDOWS\system32\ole2nls.dll - OK
C:\WINDOWS\system32\ole32.dll - archive BINARYRES
>C:\WINDOWS\system32\ole32.dll/data001 - OK
C:\WINDOWS\system32\ole32.dll - OK
C:\WINDOWS\system32\oleacc.dll - OK
C:\WINDOWS\system32\oleaccrc.dll - OK
C:\WINDOWS\system32\oleaut32.dll - OK
C:\WINDOWS\system32\olecli.dll - OK
C:\WINDOWS\system32\olecli32.dll - OK
C:\WINDOWS\system32\olecnv32.dll - OK
C:\WINDOWS\system32\oledlg.dll - OK
C:\WINDOWS\system32\oleprn.dll - OK
C:\WINDOWS\system32\olepro32.dll - OK
C:\WINDOWS\system32\olesvr.dll - OK
C:\WINDOWS\system32\olesvr32.dll - OK
C:\WINDOWS\system32\olethk32.dll - OK
C:\WINDOWS\system32\onex.dll - OK
C:\WINDOWS\system32\openfiles.exe - OK
C:\WINDOWS\system32\opengl32.dll - OK
C:\WINDOWS\system32\osk.exe - OK
C:\WINDOWS\system32\osuninst.dll - OK
C:\WINDOWS\system32\osuninst.exe - OK
C:\WINDOWS\system32\OUTLWAB.DLL - OK
C:\WINDOWS\system32\p2p.dll - OK
C:\WINDOWS\system32\p2pgasvc.dll - OK
C:\WINDOWS\system32\p2pgraph.dll - OK
C:\WINDOWS\system32\p2pnetsh.dll - OK
C:\WINDOWS\system32\p2psvc.dll - OK
C:\WINDOWS\system32\packager.exe - OK
C:\WINDOWS\system32\pagefileconfig.vbs - OK
C:\WINDOWS\system32\panmap.dll - OK
C:\WINDOWS\system32\paqsp.dll - OK
C:\WINDOWS\system32\pathping.exe - OK
C:\WINDOWS\system32\pautoenr.dll - OK
C:\WINDOWS\system32\PCDLIB32.DLL - OK
C:\WINDOWS\system32\pcl.sep - OK
C:\WINDOWS\system32\pdh.dll - OK
C:\WINDOWS\system32\pentnt.exe - OK
C:\WINDOWS\system32\perfc009.dat - OK
C:\WINDOWS\system32\perfci.h - OK
C:\WINDOWS\system32\perfci.ini - OK
C:\WINDOWS\system32\perfctrs.dll - OK
C:\WINDOWS\system32\perfd009.dat - OK
C:\WINDOWS\system32\perfdisk.dll - OK
C:\WINDOWS\system32\perffilt.h - OK
C:\WINDOWS\system32\perffilt.ini - OK
C:\WINDOWS\system32\perfh009.dat - OK
C:\WINDOWS\system32\perfi009.dat - OK
C:\WINDOWS\system32\perfmon.exe - OK
C:\WINDOWS\system32\perfmon.msc - OK
C:\WINDOWS\system32\perfnet.dll - OK
C:\WINDOWS\system32\perfnw.dll - OK
C:\WINDOWS\system32\perfos.dll - OK
C:\WINDOWS\system32\perfproc.dll - OK
C:\WINDOWS\system32\PerfStringBackup.INI - OK
C:\WINDOWS\system32\perfts.dll - OK
C:\WINDOWS\system32\perfwci.h - OK
C:\WINDOWS\system32\perfwci.ini - OK
C:\WINDOWS\system32\photometadatahandler.dll - OK
C:\WINDOWS\system32\photowiz.dll - OK
C:\WINDOWS\system32\pid.dll - OK
C:\WINDOWS\system32\pid.inf - OK
C:\WINDOWS\system32\pidgen.dll - OK
C:\WINDOWS\system32\pifmgr.dll - OK
C:\WINDOWS\system32\ping.exe - OK
C:\WINDOWS\system32\ping6.exe - OK
C:\WINDOWS\system32\pjlmon.dll - OK
C:\WINDOWS\system32\plustab.dll - OK
C:\WINDOWS\system32\pmspl.dll - OK
C:\WINDOWS\system32\pncrt.dll - OK
C:\WINDOWS\system32\pndx5016.dll - OK
C:\WINDOWS\system32\pndx5032.dll - OK
C:\WINDOWS\system32\pngfilt.dll - OK
C:\WINDOWS\system32\pnrpnsp.dll - OK
C:\WINDOWS\system32\polstore.dll - OK
C:\WINDOWS\system32\PortableDeviceApi.dll - OK
C:\WINDOWS\system32\PortableDeviceClassExtension.dll - OK
C:\WINDOWS\system32\PortableDeviceTypes.dll - OK
C:\WINDOWS\system32\PortableDeviceWiaCompat.dll - OK
C:\WINDOWS\system32\PortableDeviceWMDRM.dll - OK
C:\WINDOWS\system32\powercfg.cpl - OK
C:\WINDOWS\system32\powercfg.exe - OK
C:\WINDOWS\system32\powrprof.dll - OK
C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll - OK
C:\WINDOWS\system32\PresentationHost.exe - OK
C:\WINDOWS\system32\PresentationHostProxy.dll - OK
C:\WINDOWS\system32\PresentationNative_v0300.dll - OK
C:\WINDOWS\system32\prflbmsg.dll - OK
C:\WINDOWS\system32\print.exe - OK
C:\WINDOWS\system32\printui.dll - OK
C:\WINDOWS\system32\prncnfg.vbs - OK
C:\WINDOWS\system32\prndrvr.vbs - OK
C:\WINDOWS\system32\prnjobs.vbs - OK
C:\WINDOWS\system32\prnmngr.vbs - OK
C:\WINDOWS\system32\prnport.vbs - OK
C:\WINDOWS\system32\prnqctl.vbs - OK
C:\WINDOWS\system32\prntvpt.dll - OK
C:\WINDOWS\system32\proctexe.ocx - OK
C:\WINDOWS\system32\prodspec.ini - OK
C:\WINDOWS\system32\profmap.dll - OK
C:\WINDOWS\system32\progman.exe - OK
C:\WINDOWS\system32\proquota.exe - OK
C:\WINDOWS\system32\proxycfg.exe - OK
C:\WINDOWS\system32\psapi.dll - OK
C:\WINDOWS\system32\psbase.dll - OK
C:\WINDOWS\system32\pschdcnt.h - OK
C:\WINDOWS\system32\pschdprf.dll - OK
C:\WINDOWS\system32\pschdprf.ini - OK
C:\WINDOWS\system32\pscript.sep - OK
C:\WINDOWS\system32\psnppagn.dll - OK
C:\WINDOWS\system32\pstorec.dll - OK
C:\WINDOWS\system32\pstorsvc.dll - OK
C:\WINDOWS\system32\pthreadGC2.dll - OK
C:\WINDOWS\system32\ptpusb.dll - OK
C:\WINDOWS\system32\ptpusd.dll - OK
C:\WINDOWS\system32\PUB3BRSH.ANI - OK
C:\WINDOWS\system32\PUBDLG.DLL - OK
C:\WINDOWS\system32\pubprn.vbs - OK
C:\WINDOWS\system32\px.dll - OK
C:\WINDOWS\system32\pxafs.dll - OK
C:\WINDOWS\system32\pxcpya64.exe - OK
C:\WINDOWS\system32\pxcpyi64.exe - OK
C:\WINDOWS\system32\pxdrv.dll - OK
C:\WINDOWS\system32\pxhpinst.exe - OK
C:\WINDOWS\system32\pxinsa64.exe - OK
C:\WINDOWS\system32\pxinsi64.exe - OK
C:\WINDOWS\system32\pxmas.dll - OK
C:\WINDOWS\system32\pxsfs.dll - OK
C:\WINDOWS\system32\pxwave.dll - OK
C:\WINDOWS\system32\qagent.dll - OK
C:\WINDOWS\system32\qagentrt.dll - OK
C:\WINDOWS\system32\qappsrv.exe - OK
C:\WINDOWS\system32\qasf.dll packed by PESTUB
>C:\WINDOWS\system32\qasf.dll - OK
C:\WINDOWS\system32\qcap.dll - OK
C:\WINDOWS\system32\qcliprov.dll - OK
C:\WINDOWS\system32\qdv.dll - OK
C:\WINDOWS\system32\qdvd.dll - OK
C:\WINDOWS\system32\qedit.dll - OK
C:\WINDOWS\system32\qedwipes.dll - OK
C:\WINDOWS\system32\qmgr.dll - OK
C:\WINDOWS\system32\qmgrprxy.dll - OK
C:\WINDOWS\system32\qosname.dll - OK
C:\WINDOWS\system32\qprocess.exe - OK
C:\WINDOWS\system32\quartz.dll - OK
C:\WINDOWS\system32\query.dll - OK
C:\WINDOWS\system32\QuickTime.qts - OK
C:\WINDOWS\system32\QuickTimeVR.qtx - OK
C:\WINDOWS\system32\qutil.dll - OK
C:\WINDOWS\system32\qwinsta.exe - OK
C:\WINDOWS\system32\racpldlg.dll - OK
C:\WINDOWS\system32\rasadhlp.dll - OK
C:\WINDOWS\system32\rasapi32.dll - OK
C:\WINDOWS\system32\rasauto.dll - OK
C:\WINDOWS\system32\rasautou.exe - OK
C:\WINDOWS\system32\raschap.dll - OK
C:\WINDOWS\system32\rasctrnm.h - OK
C:\WINDOWS\system32\rasctrs.dll - OK
C:\WINDOWS\system32\rasctrs.ini - OK
C:\WINDOWS\system32\rasdial.exe - OK
C:\WINDOWS\system32\rasdlg.dll - OK
C:\WINDOWS\system32\rasman.dll - OK
C:\WINDOWS\system32\rasmans.dll - OK
C:\WINDOWS\system32\rasmontr.dll - OK
C:\WINDOWS\system32\rasmxs.dll - OK
C:\WINDOWS\system32\rasphone.exe - OK
C:\WINDOWS\system32\rasppp.dll - OK
C:\WINDOWS\system32\rasqec.dll - OK
C:\WINDOWS\system32\rasrad.dll - OK
C:\WINDOWS\system32\rassapi.dll - OK
C:\WINDOWS\system32\rasser.dll - OK
C:\WINDOWS\system32\rastapi.dll - OK
C:\WINDOWS\system32\rastls.dll - OK
C:\WINDOWS\system32\rcbdyctl.dll - OK
C:\WINDOWS\system32\rcimlby.exe - OK
C:\WINDOWS\system32\rcp.exe - OK
C:\WINDOWS\system32\rdchost.dll - OK
C:\WINDOWS\system32\RDOCURS.DLL - OK
C:\WINDOWS\system32\rdpcfgex.dll - OK
C:\WINDOWS\system32\rdpclip.exe - OK
C:\WINDOWS\system32\rdpdd.dll - OK
C:\WINDOWS\system32\rdpsnd.dll - OK
C:\WINDOWS\system32\rdpwsx.dll - OK
C:\WINDOWS\system32\rdsaddin.exe - OK
C:\WINDOWS\system32\rdshost.exe - OK
C:\WINDOWS\system32\recover.exe - OK
C:\WINDOWS\system32\redir.exe - OK
C:\WINDOWS\system32\reg.exe - OK
C:\WINDOWS\system32\regapi.dll - OK
C:\WINDOWS\system32\regedt32.exe - OK
C:\WINDOWS\system32\regini.exe - OK
C:\WINDOWS\system32\REGOBJ.DLL - OK
C:\WINDOWS\system32\regsvc.dll - OK
C:\WINDOWS\system32\regsvr32.exe - OK
C:\WINDOWS\system32\regwiz.exe - OK
C:\WINDOWS\system32\regwizc.dll - OK
C:\WINDOWS\system32\relog.exe - OK
C:\WINDOWS\system32\remotepg.dll - OK
C:\WINDOWS\system32\remotesp.tsp - OK
C:\WINDOWS\system32\rend.dll - OK
C:\WINDOWS\system32\replace.exe - OK
C:\WINDOWS\system32\reset.exe - OK
C:\WINDOWS\system32\resutils.dll - OK
C:\WINDOWS\system32\rexec.exe - OK
C:\WINDOWS\system32\rgb9rast_2.dll - OK
C:\WINDOWS\system32\rhttpaa.dll - OK
C:\WINDOWS\system32\riched20.dll - OK
C:\WINDOWS\system32\riched32.dll - OK
C:\WINDOWS\system32\rmoc3260.dll - OK
C:\WINDOWS\system32\rnr20.dll - OK
C:\WINDOWS\system32\route.exe - OK
C:\WINDOWS\system32\routemon.exe - OK
C:\WINDOWS\system32\routetab.dll - OK
C:\WINDOWS\system32\ROXECDC6Inst.log - OK
C:\WINDOWS\system32\rpcns4.dll - OK
C:\WINDOWS\system32\rpcrt4.dll - OK
C:\WINDOWS\system32\rpcss.dll - OK
C:\WINDOWS\system32\rsaci.rat - OK
C:\WINDOWS\system32\rsaenh.dll - OK
C:\WINDOWS\system32\rsfsaps.dll - OK
C:\WINDOWS\system32\rsh.exe - OK
C:\WINDOWS\system32\rshx32.dll - OK
C:\WINDOWS\system32\rsm.exe - OK
C:\WINDOWS\system32\rsmps.dll - OK
C:\WINDOWS\system32\rsmsink.exe - OK
C:\WINDOWS\system32\rsmui.exe - OK
C:\WINDOWS\system32\rsnotify.exe - OK
C:\WINDOWS\system32\rsop.msc - OK
C:\WINDOWS\system32\rsopprov.exe - OK
C:\WINDOWS\system32\rsvp.exe - OK
C:\WINDOWS\system32\rsvp.ini - OK
C:\WINDOWS\system32\rsvpcnts.h - OK
C:\WINDOWS\system32\rsvpmsg.dll - OK
C:\WINDOWS\system32\rsvpperf.dll - OK
C:\WINDOWS\system32\rsvpsp.dll - OK
C:\WINDOWS\system32\rtcshare.exe - OK
C:\WINDOWS\system32\rtipxmib.dll - OK
C:\WINDOWS\system32\rtm.dll - OK
C:\WINDOWS\system32\rtutils.dll - OK
C:\WINDOWS\system32\runas.exe - OK
C:\WINDOWS\system32\rundll32.exe - OK
C:\WINDOWS\system32\runonce.exe - OK
C:\WINDOWS\system32\rwinsta.exe - OK
C:\WINDOWS\system32\rwnh.dll - OK
C:\WINDOWS\system32\s3gnb.dll - OK
C:\WINDOWS\system32\safrcdlg.dll - OK
C:\WINDOWS\system32\safrdm.dll - OK
C:\WINDOWS\system32\safrslv.dll - OK
C:\WINDOWS\system32\samlib.dll - OK
C:\WINDOWS\system32\samsrv.dll - OK
C:\WINDOWS\system32\sapi.cpl.manifest - OK
C:\WINDOWS\system32\savedump.exe - OK
C:\WINDOWS\system32\sbe.dll - OK
C:\WINDOWS\system32\sbeio.dll - OK
C:\WINDOWS\system32\SBFM40.XLA - OK
C:\WINDOWS\system32\sc.exe - OK
C:\WINDOWS\system32\scarddlg.dll - OK
C:\WINDOWS\system32\scardssp.dll - OK
C:\WINDOWS\system32\scardsvr.exe - OK
C:\WINDOWS\system32\sccbase.dll - OK
C:\WINDOWS\system32\sccsccp.dll - OK
C:\WINDOWS\system32\scecli.dll - OK
C:\WINDOWS\system32\scesrv.dll - OK
C:\WINDOWS\system32\schannel.dll - OK
C:\WINDOWS\system32\schedsvc.dll - OK
C:\WINDOWS\system32\schtasks.exe - OK
C:\WINDOWS\system32\sclgntfy.dll - OK
C:\WINDOWS\system32\SCP32.DLL packed by FLY-CODE
>C:\WINDOWS\system32\SCP32.DLL - OK
C:\WINDOWS\system32\scredir.dll - OK
C:\WINDOWS\system32\scriptpw.dll - OK
C:\WINDOWS\system32\scrnsave.scr - OK
C:\WINDOWS\system32\scrobj.dll - OK
C:\WINDOWS\system32\scrrun.dll - OK
C:\WINDOWS\system32\sdbinst.exe - OK
C:\WINDOWS\system32\sdhcinst.dll - OK
C:\WINDOWS\system32\sdpblb.dll - OK
C:\WINDOWS\system32\secedit.exe - OK
C:\WINDOWS\system32\seclogon.dll - OK
C:\WINDOWS\system32\secpol.msc - OK
C:\WINDOWS\system32\secupd.dat - OK
C:\WINDOWS\system32\secupd.sig - OK
C:\WINDOWS\system32\secur32.dll - OK
C:\WINDOWS\system32\security.dll - OK
C:\WINDOWS\system32\sendcmsg.dll - OK
C:\WINDOWS\system32\sendmail.dll - OK
C:\WINDOWS\system32\sens.dll - OK
C:\WINDOWS\system32\sensapi.dll - OK
C:\WINDOWS\system32\senscfg.dll - OK
C:\WINDOWS\system32\serialui.dll - OK
C:\WINDOWS\system32\servdeps.dll - OK
C:\WINDOWS\system32\services.exe - OK
C:\WINDOWS\system32\services.msc - OK
C:\WINDOWS\system32\serwvdrv.dll - OK
C:\WINDOWS\system32\sessmgr.exe - OK
C:\WINDOWS\system32\sethc.exe - OK
C:\WINDOWS\system32\setup.bmp - OK
C:\WINDOWS\system32\setup.exe - OK
C:\WINDOWS\system32\setupapi.dll packed by BINARYRES
>C:\WINDOWS\system32\setupapi.dll packed by MS COMPRESS
>>C:\WINDOWS\system32\setupapi.dll - OK
C:\WINDOWS\system32\setupdll.dll - OK
C:\WINDOWS\system32\setupn.exe - OK
C:\WINDOWS\system32\setver.exe - OK
C:\WINDOWS\system32\sfc.dll - OK
C:\WINDOWS\system32\sfc.exe - OK
C:\WINDOWS\system32\sfcfiles.dll - OK
C:\WINDOWS\system32\sfc_os.dll - OK
C:\WINDOWS\system32\sfmapi.dll - OK
C:\WINDOWS\system32\shadow.exe - OK
C:\WINDOWS\system32\share.exe packed by EXEPACK
>C:\WINDOWS\system32\share.exe packed by COM2EXE
>>C:\WINDOWS\system32\share.exe - OK
C:\WINDOWS\system32\shdoclc.dll - archive BINARYRES
>C:\WINDOWS\system32\shdoclc.dll/data001 - archive HTML
>>C:\WINDOWS\system32\shdoclc.dll/data001/Script.0 - OK
>>C:\WINDOWS\system32\shdoclc.dll/data001/Script.1 - OK
>C:\WINDOWS\system32\shdoclc.dll/data001 - OK
>C:\WINDOWS\system32\shdoclc.dll/data002 - archive HTML
>>C:\WINDOWS\system32\shdoclc.dll/data002/JavaScript.0 - OK
>C:\WINDOWS\system32\shdoclc.dll/data002 - OK
>C:\WINDOWS\system32\shdoclc.dll/data003 - archive HTML
>>C:\WINDOWS\system32\shdoclc.dll/data003/JavaScript.0 - OK
>C:\WINDOWS\system32\shdoclc.dll/data003 - OK
>C:\WINDOWS\system32\shdoclc.dll/data004 - archive HTML
>>C:\WINDOWS\system32\shdoclc.dll/data004/Script.0 - OK
>>C:\WINDOWS\system32\shdoclc.dll/data004/vbscript.1 - OK
>C:\WINDOWS\system32\shdoclc.dll/data004 - OK
>C:\WINDOWS\system32\shdoclc.dll/data005 - archive HTML
>>C:\WINDOWS\system32\shdoclc.dll/data005/JavaScript.0 - OK
>C:\WINDOWS\system32\shdoclc.dll/data005 - OK
>C:\WINDOWS\system32\shdoclc.dll/data006 - archive HTML
>>C:\WINDOWS\system32\shdoclc.dll/data006/JavaScript.0 - OK
>C:\WINDOWS\system32\shdoclc.dll/data006 - OK
C:\WINDOWS\system32\shdoclc.dll - OK
C:\WINDOWS\system32\shdocvw.dll - OK
C:\WINDOWS\system32\shell.dll - OK
C:\WINDOWS\system32\shell32.dll - archive BINARYRES
>C:\WINDOWS\system32\shell32.dll/data001 - archive HTML
>>C:\WINDOWS\system32\shell32.dll/data001/JavaScript.0 - OK
>C:\WINDOWS\system32\shell32.dll/data001 - OK
C:\WINDOWS\system32\shell32.dll - OK
C:\WINDOWS\system32\shellstyle.dll - OK
C:\WINDOWS\system32\shfolder.dll - OK
C:\WINDOWS\system32\shgina.dll - OK
C:\WINDOWS\system32\shiftjis.uce - OK
C:\WINDOWS\system32\shimeng.dll - OK
C:\WINDOWS\system32\shimgvw.dll - archive BINARYRES
>C:\WINDOWS\system32\shimgvw.dll/data001 - archive HTML
>>C:\WINDOWS\system32\shimgvw.dll/data001/Script.0 - OK
>C:\WINDOWS\system32\shimgvw.dll/data001 - OK
>C:\WINDOWS\system32\shimgvw.dll/data002 - archive HTML
>>C:\WINDOWS\system32\shimgvw.dll/data002/Script.0 - OK
>C:\WINDOWS\system32\shimgvw.dll/data002 - OK
C:\WINDOWS\system32\shimgvw.dll - OK
C:\WINDOWS\system32\shlwapi.dll - OK
C:\WINDOWS\system32\shmedia.dll - OK
C:\WINDOWS\system32\shmgrate.exe - OK
C:\WINDOWS\system32\shrpubw.exe - OK
C:\WINDOWS\system32\shscrap.dll - OK
C:\WINDOWS\system32\shsvcs.dll - OK
C:\WINDOWS\system32\shutdown.exe - OK
C:\WINDOWS\system32\sigtab.dll - OK
C:\WINDOWS\system32\sigverif.exe - OK
C:\WINDOWS\system32\simpdata.tlb - OK
C:\WINDOWS\system32\sisbkup.dll - OK
C:\WINDOWS\system32\skdll.dll - OK
C:\WINDOWS\system32\skeys.exe - OK
C:\WINDOWS\system32\slayerxp.dll - OK
C:\WINDOWS\system32\slbcsp.dll - OK
C:\WINDOWS\system32\slbiop.dll - OK
C:\WINDOWS\system32\slbrccsp.dll - OK
C:\WINDOWS\system32\slcoinst.dll - OK
C:\WINDOWS\system32\slextspk.dll - OK
C:\WINDOWS\system32\slgen.dll - OK
C:\WINDOWS\system32\slrundll.exe - OK
C:\WINDOWS\system32\slserv.exe - OK
C:\WINDOWS\system32\sl_anet.acm - OK
C:\WINDOWS\system32\smbinst.exe - OK
C:\WINDOWS\system32\smlogcfg.dll - OK
C:\WINDOWS\system32\smlogsvc.exe - OK
C:\WINDOWS\system32\smss.exe - OK
C:\WINDOWS\system32\smtpapi.dll - OK
C:\WINDOWS\system32\sndrec32.exe - OK
C:\WINDOWS\system32\sndvol32.exe - OK
C:\WINDOWS\system32\snmpapi.dll - OK
C:\WINDOWS\system32\snmpsnap.dll - OK
C:\WINDOWS\system32\softpub.dll - OK
C:\WINDOWS\system32\sol.exe - OK
C:\WINDOWS\system32\sort.exe - OK
C:\WINDOWS\system32\sortkey.nls - OK
C:\WINDOWS\system32\sorttbls.nls - OK
C:\WINDOWS\system32\sound.drv - OK
C:\WINDOWS\system32\spdwnwxp.exe - OK
C:\WINDOWS\system32\spider.exe - OK
C:\WINDOWS\system32\spiisupd.exe - OK
C:\WINDOWS\system32\spmsg.dll - OK
C:\WINDOWS\system32\spmsgXP_2k3.dll - OK
C:\WINDOWS\system32\spnike.dll - OK
C:\WINDOWS\system32\spnpinst.exe - OK
C:\WINDOWS\system32\spoolss.dll - OK
C:\WINDOWS\system32\spoolsv.exe - OK
C:\WINDOWS\system32\sprestrt.exe - OK
C:\WINDOWS\system32\sprio600.dll - OK
C:\WINDOWS\system32\sprio800.dll - OK
C:\WINDOWS\system32\spupdsvc.exe - OK
C:\WINDOWS\system32\spupdwxp.exe - OK
C:\WINDOWS\system32\spupdwxp.log - OK
C:\WINDOWS\system32\spxcoins.dll - OK
C:\WINDOWS\system32\sqlsodbc.chm - archive CHM
>C:\WINDOWS\system32\sqlsodbc.chm/#IDXHDR - OK
>C:\WINDOWS\system32\sqlsodbc.chm/#ITBITS - OK
>C:\WINDOWS\system32\sqlsodbc.chm/#IVB - OK
>C:\WINDOWS\system32\sqlsodbc.chm/#STRINGS - OK
>C:\WINDOWS\system32\sqlsodbc.chm/#SYSTEM - OK
>C:\WINDOWS\system32\sqlsodbc.chm/#TOCIDX - OK
>C:\WINDOWS\system32\sqlsodbc.chm/#TOPICS - OK
>C:\WINDOWS\system32\sqlsodbc.chm/#URLSTR - OK
>C:\WINDOWS\system32\sqlsodbc.chm/#URLTBL - OK
>C:\WINDOWS\system32\sqlsodbc.chm/#WINDOWS - OK
>C:\WINDOWS\system32\sqlsodbc.chm/$FIftiMain - OK
>C:\WINDOWS\system32\sqlsodbc.chm/$OBJINST - OK
>C:\WINDOWS\system32\sqlsodbc.chm/$WWAssociativeLinks/Property - OK
>C:\WINDOWS\system32\sqlsodbc.chm/$WWKeywordLinks/Property - OK
>C:\WINDOWS\system32\sqlsodbc.chm/_data_source_wizard_screen_1.htm - OK
>C:\WINDOWS\system32\sqlsodbc.chm/_data_source_wizard_screen_2.htm - OK
>C:\WINDOWS\system32\sqlsodbc.chm/_data_source_wizard_screen_3.htm - OK
>C:\WINDOWS\system32\sqlsodbc.chm/_data_source_wizard_screen_4.htm - OK
>C:\WINDOWS\system32\sqlsodbc.chm/_sql_server_2000_copyright_and_disclaimer.htm - OK
>C:\WINDOWS\system32\sqlsodbc.chm/_sql_server_login_dialog_box.htm - OK
>C:\WINDOWS\system32\sqlsodbc.chm/Basics/caution.gif - OK
>C:\WINDOWS\system32\sqlsodbc.chm/Basics/coC.gif - OK
>C:\WINDOWS\system32\sqlsodbc.chm/Basics/coCb.gif - OK
>C:\WINDOWS\system32\sqlsodbc.chm/Basics/coE.gif - OK
>C:\WINDOWS\system32\sqlsodbc.chm/Basics/coEb.gif - OK
>C:\WINDOWS\system32\sqlsodbc.chm/Basics/coUA.css - OK
>C:\WINDOWS\system32\sqlsodbc.chm/Basics/coUA_Ex.css - OK
>C:\WINDOWS\system32\sqlsodbc.chm/Basics/coUA_Print.css - OK
>C:\WINDOWS\system32\sqlsodbc.chm/Basics/elle.gif - OK
>C:\WINDOWS\system32\sqlsodbc.chm/Basics/important.gif - OK
>C:\WINDOWS\system32\sqlsodbc.chm/Basics/keybrd.gif - OK
>C:\WINDOWS\system32\sqlsodbc.chm/Basics/keybrd_.gif - OK
>C:\WINDOWS\system32\sqlsodbc.chm/Basics/keybrd_c.gif - OK
>C:\WINDOWS\system32\sqlsodbc.chm/Basics/mailto.css - OK
>C:\WINDOWS\system32\sqlsodbc.chm/Basics/mailto.gif - OK
>C:\WINDOWS\system32\sqlsodbc.chm/Basics/mailto.js - OK
>C:\WINDOWS\system32\sqlsodbc.chm/Basics/mailto_.gif - OK
>C:\WINDOWS\system32\sqlsodbc.chm/Basics/mailto_c.gif - OK
>C:\WINDOWS\system32\sqlsodbc.chm/Basics/note.gif - OK
>C:\WINDOWS\system32\sqlsodbc.chm/Basics/relglyph.gif - OK
>C:\WINDOWS\system32\sqlsodbc.chm/Basics/relglyph_.gif - OK
>C:\WINDOWS\system32\sqlsodbc.chm/Basics/relglyph_c.gif - OK
>C:\WINDOWS\system32\sqlsodbc.chm/Basics/shared.js - OK
>C:\WINDOWS\system32\sqlsodbc.chm/Basics/spacer.gif - OK
>C:\WINDOWS\system32\sqlsodbc.chm/Basics/tip.gif - OK
>C:\WINDOWS\system32\sqlsodbc.chm/Basics/warning.gif - OK
>C:\WINDOWS\system32\sqlsodbc.chm/sqlsodbc.hhc - OK
C:\WINDOWS\system32\sqlsodbc.chm - OK
C:\WINDOWS\system32\sqlsrv32.dll - OK
C:\WINDOWS\system32\sqlsrv32.rll - OK
C:\WINDOWS\system32\sqlunirl.dll - OK
C:\WINDOWS\system32\sqlwid.dll - OK
C:\WINDOWS\system32\sqlwoa.dll - OK
C:\WINDOWS\system32\srclient.dll - OK
C:\WINDOWS\system32\srrstr.dll - OK
C:\WINDOWS\system32\srsvc.dll - OK
C:\WINDOWS\system32\srvsvc.dll - OK
C:\WINDOWS\system32\ss3dfo.scr packed by ZLIB
>C:\WINDOWS\system32\ss3dfo.scr - archive BINARYRES
>>C:\WINDOWS\system32\ss3dfo.scr/data001 - OK
>C:\WINDOWS\system32\ss3dfo.scr - OK
C:\WINDOWS\system32\ssbezier.scr - OK
C:\WINDOWS\system32\ssdpapi.dll - OK
C:\WINDOWS\system32\ssdpsrv.dll - OK
C:\WINDOWS\system32\ssflwbox.scr - OK
C:\WINDOWS\system32\ssmarque.scr - OK
C:\WINDOWS\system32\ssmypics.scr - OK
C:\WINDOWS\system32\ssmyst.scr - OK
C:\WINDOWS\system32\sspipes.scr - OK
C:\WINDOWS\system32\ssstars.scr - OK
C:\WINDOWS\system32\sstext3d.scr - OK
C:\WINDOWS\system32\stacapi.dll - OK
C:\WINDOWS\system32\staco.dll - OK
C:\WINDOWS\system32\stacsv.exe - OK
C:\WINDOWS\system32\stclient.dll - OK
C:\WINDOWS\system32\stdole2.tlb - OK
C:\WINDOWS\system32\stdole32.tlb - OK
C:\WINDOWS\system32\sti.dll - OK
C:\WINDOWS\system32\stimon.exe - OK
C:\WINDOWS\system32\sti_ci.dll - OK
C:\WINDOWS\system32\stlang.dll - OK
C:\WINDOWS\system32\stobject.dll - OK
C:\WINDOWS\system32\storage.dll - OK
C:\WINDOWS\system32\storprop.dll - OK
C:\WINDOWS\system32\streamci.dll - OK
C:\WINDOWS\system32\strmdll.dll - OK
C:\WINDOWS\system32\strmfilt.dll - OK
C:\WINDOWS\system32\subrange.uce - OK
C:\WINDOWS\system32\subst.exe - OK
C:\WINDOWS\system32\svchost.exe - OK
C:\WINDOWS\system32\svcpack.dll - OK
C:\WINDOWS\system32\swprv.dll - OK
C:\WINDOWS\system32\sxs.dll - OK
C:\WINDOWS\system32\syncapp.exe - OK
C:\WINDOWS\system32\synceng.dll - OK
C:\WINDOWS\system32\syncui.dll - OK
C:\WINDOWS\system32\sysdm.cpl - OK
C:\WINDOWS\system32\sysedit.exe - OK
C:\WINDOWS\system32\sysinv.dll - OK
C:\WINDOWS\system32\syskey.exe - OK
C:\WINDOWS\system32\sysmon.ocx - OK
C:\WINDOWS\system32\sysocmgr.exe - OK
C:\WINDOWS\system32\sysprint.sep - OK
C:\WINDOWS\system32\sysprtj.sep - OK
C:\WINDOWS\system32\syssetup.dll - OK
C:\WINDOWS\system32\system.drv - OK
C:\WINDOWS\system32\systeminfo.exe - OK
C:\WINDOWS\system32\systray.exe - OK
C:\WINDOWS\system32\t2embed.dll - OK
C:\WINDOWS\system32\TABCTL32.OCX - OK
C:\WINDOWS\system32\tapi.dll - OK
C:\WINDOWS\system32\tapi3.dll - OK
C:\WINDOWS\system32\tapi32.dll - OK
C:\WINDOWS\system32\tapiperf.dll - OK
C:\WINDOWS\system32\tapisrv.dll - OK
C:\WINDOWS\system32\tapiui.dll - OK
C:\WINDOWS\system32\taskkill.exe - OK
C:\WINDOWS\system32\tasklist.exe - OK
C:\WINDOWS\system32\taskman.exe - OK
C:\WINDOWS\system32\taskmgr.exe - OK
C:\WINDOWS\system32\tcmsetup.exe - OK
C:\WINDOWS\system32\tcpmib.dll - OK
C:\WINDOWS\system32\tcpmon.dll - OK
C:\WINDOWS\system32\tcpmon.ini - OK
C:\WINDOWS\system32\tcpmonui.dll - OK
C:\WINDOWS\system32\tcpsvcs.exe - OK
C:\WINDOWS\system32\tdc.ocx - OK
C:\WINDOWS\system32\telephon.cpl - OK
C:\WINDOWS\system32\telnet.exe - OK
C:\WINDOWS\system32\termcap - OK
C:\WINDOWS\system32\termmgr.dll - OK
C:\WINDOWS\system32\termsrv.dll - OK
C:\WINDOWS\system32\tftp.exe - OK
C:\WINDOWS\system32\themeui.dll - OK
C:\WINDOWS\system32\ticrf.rat - OK
C:\WINDOWS\system32\timedate.cpl - OK
C:\WINDOWS\system32\timer.drv - OK
C:\WINDOWS\system32\tlntadmn.exe - OK
C:\WINDOWS\system32\tlntsess.exe - OK
C:\WINDOWS\system32\tlntsvr.exe - OK
C:\WINDOWS\system32\tlntsvrp.dll - OK
C:\WINDOWS\system32\toolhelp.dll - OK
C:\WINDOWS\system32\tourstart.exe - OK
C:\WINDOWS\system32\tracerpt.exe - OK
C:\WINDOWS\system32\tracert.exe - OK
C:\WINDOWS\system32\tracert6.exe - OK
C:\WINDOWS\system32\traffic.dll - OK
C:\WINDOWS\system32\tree.com - OK
  • 0

#8
Essexboy
Posted 02 May 2011 - 10:31 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK in normal mode if possible

Download RogueKiller to your desktop

  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 2 and validate
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.
  • 0

#9
TFriend
Posted 02 May 2011 - 10:46 AM

TFriend

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
RogueKiller V5.1.0 [05/02/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Administrator [Admin rights]
Mode: Remove -- Date : 05/02/2011 12:46:55

Bad processes: 2
[APPDT/TMP/DESKTOP] CrossLoopService.exe -- c:\documents and settings\administrator\local settings\application data\crossloop\crossloopservice.exe -> KILLED
[APPDT/TMP/DESKTOP] defender.exe -- c:\documents and settings\all users\application data\defender.exe -> KILLED

Registry Entries: 2
[APPDT/TMP/DESKTOP] HKCU\[...]\Run : CrossLoop ("C:\Documents and Settings\Administrator\Local Settings\Application Data\CrossLoop\CrossLoopConnect.exe" -ap=crossloop -port=5910 -udp=www.CrossLoop.com -webserver=server.crossloop.com -webservice=www.crossloop.com -startup=server -nosac -noprompts -minimiĨ×ELs) -> DELETED
[APPDT/TMP/DESKTOP] HKCU\[...]\Run : Malware Protection (C:\Documents and Settings\All Users\Application Data\defender.exe) -> DELETED

HOSTS File:
ÿ₫1

Finished : << RKreport[1].txt >>
RKreport[1].txt
  • 0

#10
Essexboy
Posted 02 May 2011 - 10:53 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK now we need to remove AVG

Download a fresh copy to your desktop http://free.avg.com/us-en/download
Download the AVG removal tool to your desktop http://www.avg.com/u.../download-tools
Download Combofix to your desktop
Link 1
Link 2

Uninstall AVG and then run the removal tool
Once done


[*]Double click on ComboFix.exe & follow the prompts.


[*]As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.


[*]Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.[/list]
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

Advertisements

#11
TFriend
Posted 02 May 2011 - 11:12 AM

TFriend

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
While removing AVG I get this error (tried it twice and got it both times)

Severity: Error
Error Code: OxC0070643
Error Message: General Internal Error
Additional Message: (0xC007051A)
Context: MSI action failed
  • 0

#12
Essexboy
Posted 02 May 2011 - 11:28 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Was that when you ran the removal tool ?

If not could you run the removal tool and then combofix
  • 0

#13
TFriend
Posted 02 May 2011 - 11:46 AM

TFriend

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
ComboFix 11-05-02.02 - Administrator 05/02/2011 13:40:10.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.639 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\98AE.tmp
c:\documents and settings\All Users\Application Data\defender.exe
c:\documents and settings\All Users\Application Data\Toolbar4
c:\documents and settings\All Users\Application Data\Toolbar4\{0C8413C1-FAD1-446C-8584-BE50576F863E}\basis.xml
c:\documents and settings\All Users\Application Data\Toolbar4\{0C8413C1-FAD1-446C-8584-BE50576F863E}\bg.bmp
c:\documents and settings\All Users\Application Data\Toolbar4\{0C8413C1-FAD1-446C-8584-BE50576F863E}\bing_logo.png
c:\documents and settings\All Users\Application Data\Toolbar4\{0C8413C1-FAD1-446C-8584-BE50576F863E}\celebrity.png
c:\documents and settings\All Users\Application Data\Toolbar4\{0C8413C1-FAD1-446C-8584-BE50576F863E}\drop_images.png
c:\documents and settings\All Users\Application Data\Toolbar4\{0C8413C1-FAD1-446C-8584-BE50576F863E}\drop_maps.png
c:\documents and settings\All Users\Application Data\Toolbar4\{0C8413C1-FAD1-446C-8584-BE50576F863E}\drop_news.png
c:\documents and settings\All Users\Application Data\Toolbar4\{0C8413C1-FAD1-446C-8584-BE50576F863E}\drop_videos.png
c:\documents and settings\All Users\Application Data\Toolbar4\{0C8413C1-FAD1-446C-8584-BE50576F863E}\drop_web.png
c:\documents and settings\All Users\Application Data\Toolbar4\{0C8413C1-FAD1-446C-8584-BE50576F863E}\facebook.png
c:\documents and settings\All Users\Application Data\Toolbar4\{0C8413C1-FAD1-446C-8584-BE50576F863E}\favicon.png
c:\documents and settings\All Users\Application Data\Toolbar4\{0C8413C1-FAD1-446C-8584-BE50576F863E}\games.png
c:\documents and settings\All Users\Application Data\Toolbar4\{0C8413C1-FAD1-446C-8584-BE50576F863E}\hotmail.png
c:\documents and settings\All Users\Application Data\Toolbar4\{0C8413C1-FAD1-446C-8584-BE50576F863E}\icon.ico
c:\documents and settings\All Users\Application Data\Toolbar4\{0C8413C1-FAD1-446C-8584-BE50576F863E}\images.png
c:\documents and settings\All Users\Application Data\Toolbar4\{0C8413C1-FAD1-446C-8584-BE50576F863E}\include.xml
c:\documents and settings\All Users\Application Data\Toolbar4\{0C8413C1-FAD1-446C-8584-BE50576F863E}\info.txt
c:\documents and settings\All Users\Application Data\Toolbar4\{0C8413C1-FAD1-446C-8584-BE50576F863E}\lifestyle.png
c:\documents and settings\All Users\Application Data\Toolbar4\{0C8413C1-FAD1-446C-8584-BE50576F863E}\maps.png
c:\documents and settings\All Users\Application Data\Toolbar4\{0C8413C1-FAD1-446C-8584-BE50576F863E}\messenger.png
c:\documents and settings\All Users\Application Data\Toolbar4\{0C8413C1-FAD1-446C-8584-BE50576F863E}\msn.png
c:\documents and settings\All Users\Application Data\Toolbar4\{0C8413C1-FAD1-446C-8584-BE50576F863E}\news.png
c:\documents and settings\All Users\Application Data\Toolbar4\{0C8413C1-FAD1-446C-8584-BE50576F863E}\SearchToolbarUninstall.exe
c:\documents and settings\All Users\Application Data\Toolbar4\{0C8413C1-FAD1-446C-8584-BE50576F863E}\twitter.png
c:\documents and settings\All Users\Application Data\Toolbar4\{0C8413C1-FAD1-446C-8584-BE50576F863E}\uninstall.exe
c:\documents and settings\All Users\Application Data\Toolbar4\{0C8413C1-FAD1-446C-8584-BE50576F863E}\update.exe
c:\documents and settings\All Users\Application Data\Toolbar4\{0C8413C1-FAD1-446C-8584-BE50576F863E}\version.txt
c:\documents and settings\All Users\Application Data\Toolbar4\{0C8413C1-FAD1-446C-8584-BE50576F863E}\video.png
c:\documents and settings\All Users\Application Data\Toolbar4\{0C8413C1-FAD1-446C-8584-BE50576F863E}\videos.png
c:\documents and settings\All Users\Application Data\Toolbar4\{0C8413C1-FAD1-446C-8584-BE50576F863E}\weather.png
c:\documents and settings\All Users\Application Data\Toolbar4\{0C8413C1-FAD1-446C-8584-BE50576F863E}\web.png
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\regobj.dll
D:\AUTORUN.INF
.
Infected copy of c:\windows\system32\drivers\volsnap.sys was found and disinfected
Restored copy from - Kitty had a snack :)
.
((((((((((((((((((((((((( Files Created from 2011-04-02 to 2011-05-02 )))))))))))))))))))))))))))))))
.
.
2011-05-02 17:08 . 2011-05-02 17:31 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2011-05-02 15:16 . 2011-05-02 15:49 -------- dc----w- c:\documents and settings\Administrator\DoctorWeb
2011-05-02 12:18 . 2011-05-02 12:18 -------- dc----w- C:\_OTM
2011-05-02 12:14 . 2011-05-02 12:14 -------- d-----w- c:\program files\ERUNT
2011-04-30 12:49 . 2011-04-30 14:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-04-30 12:49 . 2011-04-30 12:52 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-04-30 12:21 . 2011-04-30 12:21 -------- dc----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2011-04-30 12:21 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-26 00:59 . 2011-04-26 00:59 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Deployment
2011-04-22 13:19 . 2011-04-22 13:19 -------- d-----w- c:\windows\system32\wbem\Repository
2011-04-20 20:09 . 2011-04-20 20:09 -------- dc----w- C:\crystalreportviewers12
2011-04-20 20:07 . 2011-04-20 20:09 -------- d-----w- c:\program files\Business Objects
2011-04-20 20:04 . 2011-04-20 20:04 -------- d-----w- c:\program files\Sage Software
2011-04-20 18:36 . 2011-04-20 18:36 -------- d-----w- c:\windows\Profiles
2011-04-16 19:33 . 2011-04-22 12:58 -------- dc----w- C:\32788R22FWJFW(2)
2011-04-15 02:31 . 2011-04-15 02:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-04-15 02:31 . 2011-04-30 12:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-07 05:33 . 2010-03-03 08:12 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2006-02-28 12:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2006-02-28 12:00 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06 . 2006-02-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2006-02-28 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 13:18 . 2006-02-28 12:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2006-02-28 12:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2010-03-02 20:37 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2006-02-28 12:00 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53 . 2006-02-28 12:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2006-02-28 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33 . 2006-02-28 12:00 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2006-02-28 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-02 07:58 . 2010-03-03 08:11 2067456 ----a-w- c:\windows\system32\mstscax.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-23 7630848]
"nwiz"="nwiz.exe" [2006-08-23 1617920]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-23 86016]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-27 282624]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-09-29 202256]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2010-11-19 193880]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-18 421160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\CrossLoop\\vncviewer.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\LeapFrog\\LeapFrog Connect\\LeapFrogConnect.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5910:TCP"= 5910:TCP:vnc5910
.
S0 DwProt;DrWeb Protection;c:\windows\system32\drivers\dwprot.sys --> c:\windows\system32\drivers\dwprot.sys [?]
S0 yefyezac;yefyezac; [x]
S2 CrossLoopService;CrossLoop Service;c:\documents and settings\Administrator\Local Settings\Application Data\CrossLoop\CrossLoopService.exe [7/30/2010 10:50 PM 560848]
S3 uvnc_service;uvnc_service;c:\documents and settings\Administrator\Local Settings\Application Data\CrossLoop\winvnc.exe [7/30/2010 10:50 PM 1587352]
S4 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys --> c:\windows\system32\DRIVERS\AVGIDSShim.Sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
2011-02-26 c:\windows\Tasks\doxillionShakeIcon.job
- c:\program files\NCH Software\Doxillion\doxillion.exe [2011-02-07 23:22]
.
2010-12-13 c:\windows\Tasks\expressShakeIcon.job
- c:\program files\NCH Swift Sound\Express\express.exe [2010-11-29 23:40]
.
2011-05-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-1715567821-725345543-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-26 00:59]
.
2011-05-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-1715567821-725345543-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-26 00:59]
.
2011-05-02 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1659004503-1715567821-725345543-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 07:02]
.
2011-05-02 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1659004503-1715567821-725345543-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 07:02]
.
2010-12-06 c:\windows\Tasks\scribeShakeIcon.job
- c:\program files\NCH Swift Sound\Scribe\scribe.exe [2010-11-29 23:39]
.
2011-02-16 c:\windows\Tasks\switchShakeIcon.job
- c:\program files\NCH Swift Sound\Switch\switch.exe [2010-11-30 00:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = hxxp://support.dell.com/support/downloads/driverslist.aspx?c=us&cs=19&l=en&s=dhs&ServiceTag=CDWNXC1&SystemID=DIM_P4_E521&os=WW1&osl=en&catid=&impid=
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{ce18769b-c7fa-42d2-860d-17c4662c70ad} - c:\program files\Babylon-English\tbBaby.dll
BHO-{ce18769b-c7fa-42d2-860d-17c4662c70ad} - c:\program files\Babylon-English\tbBaby.dll
Toolbar-{0C8413C1-FAD1-446C-8584-BE50576F863E} - c:\program files\Search Toolbar\tbcore3.dll
Toolbar-{ce18769b-c7fa-42d2-860d-17c4662c70ad} - c:\program files\Babylon-English\tbBaby.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
WebBrowser-{0C8413C1-FAD1-446C-8584-BE50576F863E} - c:\program files\Search Toolbar\tbcore3.dll
WebBrowser-{CE18769B-C7FA-42D2-860D-17C4662C70AD} - c:\program files\Babylon-English\tbBaby.dll
HKCU-Run-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
HKCU-Run-doubleTwist - c:\program files\doubleTwist 2.0\DoubleTwist.DeviceHelper.exe
AddRemove-Mozilla Firefox (3.6.13) - g:\firefox\uninstall\helper.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-02 13:44
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1659004503-1715567821-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c4,15,e8,53,aa,40,e2,42,91,1e,99,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,89,a0,f8,72,cf,6b,4c,40,ab,a6,9e,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,44,8f,34,dc,72,b0,3c,4e,bf,5f,9d,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Swearware\backup\winsock2\Parameters]
@DACL=(02 0000)
@SACL=
"WinSock_Registry_Version"="2.0"
"Current_NameSpace_Catalog"="NameSpace_Catalog5"
"Current_Protocol_Catalog"="Protocol_Catalog9"
.
Completion time: 2011-05-02 13:45:46
ComboFix-quarantined-files.txt 2011-05-02 17:45
.
Pre-Run: 133,038,989,312 bytes free
Post-Run: 133,335,674,880 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(3)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(3)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 09B523F1EBA45390530FD5FB93D3D152
  • 0

#14
Essexboy
Posted 02 May 2011 - 11:52 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Infected copy of c:\windows\system32\drivers\volsnap.sys was found and disinfected
Restored copy from - Kitty had a snack

That was the one I was after :)

After this run completes you can re-install AVG and let me know what problems remain

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Driver::
yefyezac


3. Then in the text file go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES

4. Save the above as CFScript.txt

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new OTListit log.

  • 0

#15
TFriend
Posted 02 May 2011 - 12:18 PM

TFriend

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
ComboFix 11-05-02.02 - Administrator 05/02/2011 14:03:42.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.534 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFscript.txt
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_yefyezac
.
.
((((((((((((((((((((((((( Files Created from 2011-04-02 to 2011-05-02 )))))))))))))))))))))))))))))))
.
.
2011-05-02 17:08 . 2011-05-02 17:31 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2011-05-02 15:16 . 2011-05-02 15:49 -------- dc----w- c:\documents and settings\Administrator\DoctorWeb
2011-05-02 12:18 . 2011-05-02 12:18 -------- dc----w- C:\_OTM
2011-05-02 12:14 . 2011-05-02 12:14 -------- d-----w- c:\program files\ERUNT
2011-04-30 12:49 . 2011-04-30 14:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-04-30 12:49 . 2011-04-30 12:52 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-04-30 12:21 . 2011-04-30 12:21 -------- dc----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2011-04-30 12:21 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-26 00:59 . 2011-04-26 00:59 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Deployment
2011-04-22 13:19 . 2011-04-22 13:19 -------- d-----w- c:\windows\system32\wbem\Repository
2011-04-20 20:09 . 2011-04-20 20:09 -------- dc----w- C:\crystalreportviewers12
2011-04-20 20:07 . 2011-04-20 20:09 -------- d-----w- c:\program files\Business Objects
2011-04-20 20:04 . 2011-04-20 20:04 -------- d-----w- c:\program files\Sage Software
2011-04-20 18:36 . 2011-04-20 18:36 -------- d-----w- c:\windows\Profiles
2011-04-16 19:33 . 2011-04-22 12:58 -------- dc----w- C:\32788R22FWJFW(2)
2011-04-15 02:31 . 2011-04-15 02:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-04-15 02:31 . 2011-04-30 12:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-07 05:33 . 2010-03-03 08:12 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2006-02-28 12:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2006-02-28 12:00 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06 . 2006-02-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2006-02-28 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 13:18 . 2006-02-28 12:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2006-02-28 12:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2010-03-02 20:37 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2006-02-28 12:00 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53 . 2006-02-28 12:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2006-02-28 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33 . 2006-02-28 12:00 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2006-02-28 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-02 07:58 . 2010-03-03 08:11 2067456 ----a-w- c:\windows\system32\mstscax.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-05-02_17.44.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-05-02 18:09 . 2011-05-02 18:09 16384 c:\windows\Temp\Perflib_Perfdata_f0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-23 7630848]
"nwiz"="nwiz.exe" [2006-08-23 1617920]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-23 86016]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-27 282624]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-09-29 202256]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2010-11-19 193880]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-18 421160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\CrossLoop\\vncviewer.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\LeapFrog\\LeapFrog Connect\\LeapFrogConnect.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5910:TCP"= 5910:TCP:vnc5910
.
R2 CrossLoopService;CrossLoop Service;c:\documents and settings\Administrator\Local Settings\Application Data\CrossLoop\CrossLoopService.exe [7/30/2010 10:50 PM 560848]
S0 DwProt;DrWeb Protection;c:\windows\system32\drivers\dwprot.sys --> c:\windows\system32\drivers\dwprot.sys [?]
S3 uvnc_service;uvnc_service;c:\documents and settings\Administrator\Local Settings\Application Data\CrossLoop\winvnc.exe [7/30/2010 10:50 PM 1587352]
S4 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys --> c:\windows\system32\DRIVERS\AVGIDSShim.Sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
2011-02-26 c:\windows\Tasks\doxillionShakeIcon.job
- c:\program files\NCH Software\Doxillion\doxillion.exe [2011-02-07 23:22]
.
2010-12-13 c:\windows\Tasks\expressShakeIcon.job
- c:\program files\NCH Swift Sound\Express\express.exe [2010-11-29 23:40]
.
2011-05-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-1715567821-725345543-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-26 00:59]
.
2011-05-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-1715567821-725345543-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-26 00:59]
.
2011-05-02 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1659004503-1715567821-725345543-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 07:02]
.
2011-05-02 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1659004503-1715567821-725345543-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 07:02]
.
2010-12-06 c:\windows\Tasks\scribeShakeIcon.job
- c:\program files\NCH Swift Sound\Scribe\scribe.exe [2010-11-29 23:39]
.
2011-02-16 c:\windows\Tasks\switchShakeIcon.job
- c:\program files\NCH Swift Sound\Switch\switch.exe [2010-11-30 00:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = hxxp://support.dell.com/support/downloads/driverslist.aspx?c=us&cs=19&l=en&s=dhs&ServiceTag=CDWNXC1&SystemID=DIM_P4_E521&os=WW1&osl=en&catid=&impid=
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-02 14:09
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1659004503-1715567821-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c4,15,e8,53,aa,40,e2,42,91,1e,99,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,89,a0,f8,72,cf,6b,4c,40,ab,a6,9e,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,44,8f,34,dc,72,b0,3c,4e,bf,5f,9d,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Swearware\backup\winsock2\Parameters]
@DACL=(02 0000)
@SACL=
"WinSock_Registry_Version"="2.0"
"Current_NameSpace_Catalog"="NameSpace_Catalog5"
"Current_Protocol_Catalog"="Protocol_Catalog9"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1864)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\stsystra.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-05-02 14:11:59 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-02 18:11
ComboFix2.txt 2011-05-02 17:45
.
Pre-Run: 133,315,297,280 bytes free
Post-Run: 133,256,073,216 bytes free
.
- - End Of File - - 6D6FE6C48B5A227FF3FBA27043A66EFA

OTL logfile created on: 5/2/2011 2:17:04 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Administrator\Desktop\fixes
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.00 Mb Total Physical Memory | 544.00 Mb Available Physical Memory | 57.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 124.11 Gb Free Space | 55.71% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.96 Gb Free Space | 59.62% Space Free | Partition Type: NTFS
Drive E: | 3.83 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MIKEF-052DB53A0 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/02 10:10:04 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\fixes\OTL (1).exe
PRC - [2010/11/19 14:38:08 | 000,193,880 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2010/11/19 14:29:00 | 004,916,568 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2010/09/28 20:55:46 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/09/01 02:39:18 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/07/13 13:11:20 | 000,560,848 | ---- | M] (CrossLoop Inc) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\CrossLoop\CrossLoopService.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/07/27 15:19:00 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe


========== Modules (SafeList) ==========

MOD - [2011/05/02 10:10:04 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\fixes\OTL (1).exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (stllssvr)
SRV - [2010/11/19 14:29:00 | 004,916,568 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2010/07/13 13:11:20 | 000,560,848 | ---- | M] (CrossLoop Inc) [Auto | Running] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\CrossLoop\CrossLoopService.exe -- (CrossLoopService)
SRV - [2010/03/22 14:37:56 | 001,587,352 | ---- | M] (UltraVNC) [On_Demand | Stopped] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\CrossLoop\winvnc.exe -- (uvnc_service)
SRV - [2004/10/22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2008/04/14 00:11:00 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\changer.sys -- (Changer)
DRV - [2008/04/14 00:10:28 | 000,034,688 | ---- | M] (Toshiba Corp.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\lbrtfdc.sys -- (lbrtfdc)
DRV - [2006/11/21 05:25:44 | 000,045,568 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/07/27 15:24:28 | 001,171,464 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/04/21 03:10:30 | 000,013,335 | R--- | M] (Microsystems Corp) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbcm.sys -- (usbcm)
DRV - [2003/11/17 16:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 16:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 16:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaulturl: "http://search.babylo...earch&AF=14542"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.63.20091024
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209
FF - prefs.js..keyword.URL: "http://bing.zugotool...s&site=Bing&q="

FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/09/28 20:56:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/04/22 13:22:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/29 16:32:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/22 09:18:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: G:\FireFox\components
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: G:\FireFox\plugins
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2010/03/17 23:31:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/03/17 23:31:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\[email protected]
[2011/04/22 09:00:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rga5jn12.default\extensions
[2010/06/29 10:49:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rga5jn12.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/23 00:35:48 | 000,000,000 | ---D | M] (StOgame) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rga5jn12.default\extensions\{4217f6d7-406e-4b66-856d-d1a373e4f41a}
[2010/12/23 00:34:55 | 000,000,000 | ---D | M] (Galaxytoolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rga5jn12.default\extensions\{71bfcce7-421d-4042-95d4-a585a821cbca}
[2010/07/12 13:18:35 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rga5jn12.default\extensions\{896642E4-C556-4ED3-85D1-9AC431603E7D}
[2010/03/02 18:14:11 | 000,000,000 | ---D | M] (Coral IE Tab) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rga5jn12.default\extensions\[email protected]
[2010/12/23 00:17:35 | 000,002,427 | -H-- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rga5jn12.default\searchplugins\askcom.xml
[2010/09/26 12:37:36 | 000,002,267 | -H-- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rga5jn12.default\searchplugins\bing-zugo.xml
[2011/04/22 09:17:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/28 20:56:31 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2010/03/17 23:29:42 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

O1 HOSTS File: ([2011/05/02 14:09:05 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (TBSB05974 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - File not found
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1267607659062 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/...aploader_v6.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.68.166 68.87.74.166 0.0.0.0
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/03/03 04:14:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/02 13:50:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\fixes
[2011/05/02 13:36:50 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/05/02 13:36:50 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/05/02 13:36:50 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/05/02 13:36:50 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/05/02 13:34:12 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/02 13:08:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011/05/02 12:46:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\RK_Quarantine
[2011/05/02 11:16:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\DoctorWeb
[2011/05/02 08:18:20 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/05/02 08:14:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/05/02 08:14:17 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/05/02 08:14:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/04/30 08:49:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/04/30 08:49:22 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/04/30 08:49:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/04/30 08:21:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2011/04/30 08:21:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/30 08:21:00 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/30 07:41:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Misc Pics
[2011/04/25 21:00:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Google Chrome
[2011/04/25 20:59:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Deployment
[2011/04/22 09:17:15 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2011/04/22 08:41:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/04/20 17:45:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\T
[2011/04/20 16:09:00 | 000,000,000 | ---D | C] -- C:\crystalreportviewers12
[2011/04/20 16:07:52 | 000,000,000 | ---D | C] -- C:\Program Files\Business Objects
[2011/04/20 16:04:41 | 000,000,000 | ---D | C] -- C:\Program Files\Sage Software
[2011/04/20 14:36:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\Profiles
[2011/04/16 15:33:38 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW(2)
[2011/04/16 14:46:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/04/15 16:00:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes(2)
[2011/04/14 23:45:36 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/04/14 22:31:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/04/14 22:31:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/13 15:14:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Jen and Jesse
[2011/04/09 20:53:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\FrostWire(2)
[2011/04/09 20:48:40 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\My Documents\My Received Files
[2010/09/12 18:54:58 | 000,850,200 | ---- | C] (DivX, Inc. ) -- C:\Documents and Settings\Administrator\Application Data\DivXInstaller.exe

========== Files - Modified Within 30 Days ==========

[2011/05/02 14:09:17 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/02 14:09:10 | 000,081,191 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/05/02 14:09:05 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/05/02 14:09:01 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1659004503-1715567821-725345543-500.job
[2011/05/02 14:08:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/02 13:58:57 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1659004503-1715567821-725345543-500.job
[2011/05/02 13:36:05 | 004,335,405 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2011/05/02 13:04:10 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-1715567821-725345543-500UA.job
[2011/05/02 10:09:32 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
[2011/05/01 21:52:45 | 000,000,791 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malware Protection.lnk
[2011/05/01 21:04:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-1715567821-725345543-500Core.job
[2011/04/30 21:05:08 | 000,002,344 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
[2011/04/30 21:05:08 | 000,002,322 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/04/30 08:49:31 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/04/27 13:50:06 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/04/23 14:54:03 | 000,279,744 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/23 14:43:02 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/23 14:41:28 | 000,463,676 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/23 14:41:28 | 000,080,166 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/22 08:47:52 | 000,013,364 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\y47t1n5644x5845h1ovg73v
[2011/04/22 08:47:52 | 000,013,364 | -HS- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\y47t1n5644x5845h1ovg73v
[2011/04/20 17:36:15 | 000,040,890 | ---- | M] () -- C:\WINDOWS\PeachWLog.XML
[2011/04/20 11:52:30 | 000,062,410 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\phone return.pdf
[2011/04/14 23:06:20 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~18472756
[2011/04/14 23:06:19 | 000,000,152 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~18472756r
[2011/04/14 22:21:18 | 000,000,392 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\18472756
[2011/04/08 21:34:53 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_smhwadb_01005.Wdf

========== Files Created - No Company Name ==========

[2011/05/02 13:36:50 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/02 13:36:50 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/05/02 13:36:50 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/05/02 13:36:50 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/05/02 13:36:50 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/05/02 13:01:45 | 004,335,405 | R--- | C] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2011/05/02 10:09:32 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
[2011/05/01 21:52:44 | 000,000,791 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malware Protection.lnk
[2011/04/30 08:49:31 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/04/25 21:00:59 | 000,002,322 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/04/25 21:00:58 | 000,002,344 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
[2011/04/25 20:59:48 | 000,001,010 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-1715567821-725345543-500UA.job
[2011/04/25 20:59:47 | 000,000,958 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-1715567821-725345543-500Core.job
[2011/04/23 14:38:08 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/04/21 19:39:39 | 000,013,364 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\y47t1n5644x5845h1ovg73v
[2011/04/21 19:39:39 | 000,013,364 | -HS- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\y47t1n5644x5845h1ovg73v
[2011/04/20 16:01:52 | 000,040,890 | ---- | C] () -- C:\WINDOWS\PeachWLog.XML
[2011/04/20 11:52:30 | 000,062,410 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\phone return.pdf
[2011/04/14 23:06:19 | 000,000,152 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~18472756r
[2011/04/14 23:06:18 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~18472756
[2011/04/14 22:09:22 | 000,000,392 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\18472756
[2011/04/08 21:34:53 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_smhwadb_01005.Wdf
[2011/01/22 12:51:46 | 000,163,568 | -H-- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/12/27 13:52:13 | 000,058,236 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/08/28 09:08:31 | 000,000,024 | -H-- | C] () -- C:\Documents and Settings\NetworkService\Application Data\hngmfc.dat
[2010/08/21 21:57:01 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll
[2010/08/16 20:30:26 | 000,000,127 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2010/08/16 20:27:50 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/07/27 13:34:31 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/06/25 23:37:17 | 000,002,528 | -H-- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc
[2010/06/09 21:27:42 | 000,000,216 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/06/06 22:52:09 | 000,054,272 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/06 23:09:11 | 000,002,528 | -H-- | C] () -- C:\Documents and Settings\Administrator\Application Data\$_hpcst$.hpc
[2010/03/03 04:16:18 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/03/03 04:11:58 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/03/02 23:05:12 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/03/02 23:04:22 | 000,279,744 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/03/02 18:12:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/03/02 15:41:24 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2010/03/02 15:41:24 | 001,617,920 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2010/03/02 15:41:24 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2010/03/02 15:41:23 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2010/03/02 15:41:23 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2010/03/02 15:41:23 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2010/03/02 15:41:23 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2010/03/02 15:41:23 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2010/03/02 15:41:22 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2010/03/02 15:41:22 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2010/03/02 15:41:22 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2006/02/28 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/28 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 08:00:00 | 000,463,676 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/28 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 08:00:00 | 000,080,166 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/28 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 08:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/28 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/28 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[1999/01/22 14:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

< End of report >
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP