Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan Horse SHeur3.CDGB and svchost.exe using up 100% CPU


  • This topic is locked This topic is locked

#16
Piros

Piros

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Something more serious.

I turned my anti-virus back on after running combo-fix this morning. At 6pm, my daily scan ran and these were the results. Apparently they were serious enough to require a reboot.

My main thing is I don't know if any of this stuff is stuff that you had OTL, or ComboFix do on purpose.

6/19/2011 6:04:03 PM:718
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - ACOOKIE statse.webtrendslive.com
6/19/2011 6:04:04 PM:343
Infection was detected on this computer
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - s_vi_pogkrp 2o7.net
6/19/2011 6:04:04 PM:625
Infection was detected on this computer
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - mc quantserve.com
6/19/2011 6:04:31 PM:109
Infection was detected on this computer
Threat Name - Trojan-Downloader.Murlo
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME, NextInstance
6/19/2011 6:04:31 PM:109
Infection was detected on this computer
Threat Name - Trojan-Downloader.Murlo
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000, Service
6/19/2011 6:04:31 PM:109
Infection was detected on this computer
Threat Name - Trojan-Downloader.Murlo
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000, Legacy
6/19/2011 6:04:31 PM:109
Infection was detected on this computer
Threat Name - Trojan-Downloader.Murlo
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000, ConfigFlags
6/19/2011 6:04:31 PM:125
Infection was detected on this computer
Threat Name - Trojan-Downloader.Murlo
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000, Class
6/19/2011 6:04:31 PM:125
Infection was detected on this computer
Threat Name - Trojan-Downloader.Murlo
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000, ClassGUID
6/19/2011 6:04:31 PM:125
Infection was detected on this computer
Threat Name - Trojan-Downloader.Murlo
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000, DeviceDesc
6/19/2011 6:04:31 PM:125
Infection was detected on this computer
Threat Name - Trojan-Downloader.Murlo
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000, Capabilities
6/19/2011 6:04:31 PM:125
Infection was detected on this computer
Threat Name - Trojan-Downloader.Murlo
Type - Registry Key
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000\LogConf
6/19/2011 6:04:31 PM:140
Infection was detected on this computer
Threat Name - Trojan-Downloader.Murlo
Type - Registry Key
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000\Control
6/19/2011 6:04:31 PM:140
Infection was detected on this computer
Threat Name - Trojan-Downloader.Murlo
Type - Registry Key
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000
6/19/2011 6:04:31 PM:140
Infection was detected on this computer
Threat Name - Trojan-Downloader.Murlo
Type - Registry Key
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME
6/19/2011 6:04:31 PM:203
Infection was detected on this computer
Threat Name - Trojan-Downloader.Murlo
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme, Type
6/19/2011 6:04:31 PM:203
Infection was detected on this computer
Threat Name - Trojan-Downloader.Murlo
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme, ErrorControl
6/19/2011 6:04:31 PM:203
Infection was detected on this computer
Threat Name - Trojan-Downloader.Murlo
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme, Start
6/19/2011 6:04:31 PM:203
Infection was detected on this computer
Threat Name - Trojan-Downloader.Murlo
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme, ImagePath
6/19/2011 6:04:31 PM:203
Infection was detected on this computer
Threat Name - Trojan-Downloader.Murlo
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme, Group
6/19/2011 6:04:31 PM:203
Infection was detected on this computer
Threat Name - Trojan-Downloader.Murlo
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme\Enum, 0
6/19/2011 6:04:31 PM:203
Infection was detected on this computer
Threat Name - Trojan-Downloader.Murlo
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme\Enum, Count
6/19/2011 6:04:31 PM:203
Infection was detected on this computer
Threat Name - Trojan-Downloader.Murlo
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme\Enum, NextInstance
6/19/2011 6:04:31 PM:203
Infection was detected on this computer
Threat Name - Trojan-Downloader.Murlo
Type - Registry Key
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme\Enum
6/19/2011 6:04:31 PM:203
Infection was detected on this computer
Threat Name - Trojan-Downloader.Murlo
Type - Registry Key
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme
6/19/2011 6:04:35 PM:718
Infection was detected on this computer
Threat Name - Trojan.Generic
Type - Registry Key
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-21-1659004503-413027322-725345543-1003\Software\Wget
6/19/2011 6:06:31 PM:734
Infection was detected on this computer
Threat Name - Trojan.Generic
Type - Modified Registry Value
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2, 1406
6/19/2011 6:06:31 PM:734
Infection was detected on this computer
Threat Name - Trojan.Generic
Type - Modified Registry Value
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2, 1406
6/19/2011 6:06:31 PM:734
Infection was detected on this computer
Threat Name - Trojan.Generic
Type - Modified Registry Value
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-21-1659004503-413027322-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2, 1406
6/19/2011 6:06:31 PM:750
Infection was detected on this computer
Threat Name - Trojan.Generic
Type - Modified Registry Value
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2, 1406
6/19/2011 6:06:31 PM:750
Infection was detected on this computer
Threat Name - Trojan.Generic
Type - Modified Registry Value
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0, 1406
6/19/2011 6:06:31 PM:750
Infection was detected on this computer
Threat Name - Trojan.Generic
Type - Modified Registry Value
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0, 1406
6/19/2011 6:06:31 PM:750
Infection was detected on this computer
Threat Name - Trojan.Generic
Type - Modified Registry Value
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-21-1659004503-413027322-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0, 1406
6/19/2011 6:06:31 PM:750
Infection was detected on this computer
Threat Name - Trojan.Generic
Type - Modified Registry Value
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0, 1406
6/19/2011 6:06:31 PM:750
Infection was detected on this computer
Threat Name - Trojan.Generic
Type - Modified Registry Value
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2, 1406
6/19/2011 6:06:31 PM:750
Infection was detected on this computer
Threat Name - Trojan.Generic
Type - Modified Registry Value
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2, 1406
6/19/2011 6:06:31 PM:765
Infection was detected on this computer
Threat Name - Trojan.Generic
Type - Modified Registry Value
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2, 1406
6/19/2011 6:06:31 PM:765
Infection was detected on this computer
Threat Name - Trojan.Generic
Type - Modified Registry Value
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3, 1406
6/19/2011 6:06:31 PM:765
Infection was detected on this computer
Threat Name - Trojan.Generic
Type - Modified Registry Value
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3, 1609
6/19/2011 6:06:31 PM:765
Infection was detected on this computer
Threat Name - Trojan.Generic
Type - Modified Registry Value
Risk Level - Medium
Infection - HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2, 1406
6/19/2011 6:06:31 PM:781
Infection was detected on this computer
Threat Name - Trojan.Generic
Type - Modified Registry Value
Risk Level - Medium
Infection - HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0, 1406
6/19/2011 6:06:31 PM:781
Infection was detected on this computer
Threat Name - Trojan.Generic
Type - Modified Registry Value
Risk Level - Medium
Infection - HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2, 1406
6/19/2011 6:06:31 PM:781
Infection was detected on this computer
Threat Name - Trojan.Generic
Type - Modified Registry Value
Risk Level - Medium
Infection - HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3, 1406
6/19/2011 6:06:31 PM:781
Infection was detected on this computer
Threat Name - Trojan.Generic
Type - Modified Registry Value
Risk Level - Medium
Infection - HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3, 1609
6/19/2011 6:06:31 PM:781
Infection was detected on this computer
Threat Name - Trojan.Generic
Type - Modified Registry Value
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-21-1659004503-413027322-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings, WarnOnPostRedirect
6/19/2011 6:06:31 PM:781
Infection was detected on this computer
Threat Name - Trojan.Generic
Type - Modified Registry Value
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings, WarnOnPostRedirect
6/19/2011 6:06:31 PM:859
Infection was detected on this computer
Threat Name - Trojan.Generic
Type - Modified Registry Value
Risk Level - Medium
Infection - HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings, WarnOnPostRedirect
6/19/2011 6:06:31 PM:875
Infection was detected on this computer
Threat Name - Trojan.Generic
Type - Registry Value
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-21-1659004503-413027322-725345543-1003\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total, (Default)
6/19/2011 6:06:31 PM:875
Infection was detected on this computer
Threat Name - Trojan.Generic
Type - Registry Key
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-21-1659004503-413027322-725345543-1003\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total
6/19/2011 6:06:31 PM:875
Infection was detected on this computer
Threat Name - Trojan.Generic
Type - Registry Key
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-21-1659004503-413027322-725345543-1003\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage
6/19/2011 6:06:31 PM:875
Infection was detected on this computer
Threat Name - Trojan.Generic
Type - Registry Value
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-21-1659004503-413027322-725345543-1003\Software\Microsoft\Internet Explorer\LowRegistry\Extensions\CmdMapping, {e2e2dd38-d088-4134-82b7-f2ba38496583}
6/19/2011 6:06:31 PM:890
Infection was detected on this computer
Threat Name - Trojan.Generic
Type - Registry Value
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-21-1659004503-413027322-725345543-1003\Software\Microsoft\Internet Explorer\LowRegistry\Extensions\CmdMapping, NextId
6/19/2011 6:06:31 PM:890
Infection was detected on this computer
Threat Name - Trojan.Generic
Type - Registry Key
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-21-1659004503-413027322-725345543-1003\Software\Microsoft\Internet Explorer\LowRegistry\Extensions\CmdMapping
6/19/2011 6:06:31 PM:890
Infection was detected on this computer
Threat Name - Trojan.Generic
Type - Registry Key
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-21-1659004503-413027322-725345543-1003\Software\Microsoft\Internet Explorer\LowRegistry\Extensions
6/19/2011 6:06:31 PM:890
Infection was detected on this computer
Threat Name - Trojan.Generic
Type - Registry Key
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-21-1659004503-413027322-725345543-1003\Software\Microsoft\Internet Explorer\LowRegistry
6/19/2011 6:06:31 PM:906
Infection was detected on this computer
Threat Name - Trojan.Generic
Type - Registry Value
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\LowRegistry\Extensions\CmdMapping, {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
6/19/2011 6:06:31 PM:906
Infection was detected on this computer
Threat Name - Trojan.Generic
Type - Registry Value
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\LowRegistry\Extensions\CmdMapping, NextId
6/19/2011 6:06:31 PM:906
Infection was detected on this computer
Threat Name - Trojan.Generic
Type - Registry Value
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\LowRegistry\Extensions\CmdMapping, {e2e2dd38-d088-4134-82b7-f2ba38496583}
6/19/2011 6:06:31 PM:906
Infection was detected on this computer
Threat Name - Trojan.Generic
Type - Registry Value
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\LowRegistry\Extensions\CmdMapping, {FB5F1910-F110-11d2-BB9E-00C04F795683}
6/19/2011 6:06:31 PM:906
Infection was detected on this computer
Threat Name - Trojan.Generic
Type - Registry Key
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\LowRegistry\Extensions\CmdMapping
6/19/2011 6:06:31 PM:906
Infection was detected on this computer
Threat Name - Trojan.Generic
Type - Registry Key
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\LowRegistry\Extensions
6/19/2011 6:06:31 PM:921
Infection was detected on this computer
Threat Name - Trojan.Generic
Type - Registry Key
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\LowRegistry
6/19/2011 6:06:31 PM:968
Scan Finished
Scan Type - Intelli-Scan
Items Processed - 396315
Threats Detected - 4
Infections Detected - 62
6/19/2011 6:06:36 PM:46
Infection quarantined
Threat Name - Trojan-Downloader.Murlo
Type - Registry Key
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme
6/19/2011 6:06:36 PM:46
Infection quarantined
Threat Name - Trojan-Downloader.Murlo
Type - Registry Key
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme\Enum
6/19/2011 6:06:36 PM:46
Infection quarantined
Threat Name - Trojan-Downloader.Murlo
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme\Enum, NextInstance
6/19/2011 6:06:36 PM:46
Infection quarantined
Threat Name - Trojan-Downloader.Murlo
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme\Enum, Count
6/19/2011 6:06:36 PM:62
Infection quarantined
Threat Name - Trojan-Downloader.Murlo
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme\Enum, 0
6/19/2011 6:06:36 PM:62
Infection quarantined
Threat Name - Trojan-Downloader.Murlo
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme, Group
6/19/2011 6:06:36 PM:62
Infection quarantined
Threat Name - Trojan-Downloader.Murlo
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme, ImagePath
6/19/2011 6:06:36 PM:62
Infection quarantined
Threat Name - Trojan-Downloader.Murlo
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme, Start
6/19/2011 6:06:36 PM:62
Infection quarantined
Threat Name - Trojan-Downloader.Murlo
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme, ErrorControl
6/19/2011 6:06:36 PM:78
Infection quarantined
Threat Name - Trojan-Downloader.Murlo
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme, Type
6/19/2011 6:06:36 PM:78
Infection quarantined
Threat Name - Trojan-Downloader.Murlo
Type - Registry Key
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME
6/19/2011 6:06:36 PM:78
Infection quarantined
Threat Name - Trojan-Downloader.Murlo
Type - Registry Key
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000
6/19/2011 6:06:36 PM:93
Infection quarantined
Threat Name - Trojan-Downloader.Murlo
Type - Registry Key
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000\Control
6/19/2011 6:06:36 PM:93
Infection quarantined
Threat Name - Trojan-Downloader.Murlo
Type - Registry Key
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000\LogConf
6/19/2011 6:06:36 PM:93
Infection quarantined
Threat Name - Trojan-Downloader.Murlo
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000, Capabilities
6/19/2011 6:06:36 PM:93
Infection quarantined
Threat Name - Trojan-Downloader.Murlo
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000, DeviceDesc
6/19/2011 6:06:36 PM:93
Infection quarantined
Threat Name - Trojan-Downloader.Murlo
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000, ClassGUID
6/19/2011 6:06:36 PM:109
Infection quarantined
Threat Name - Trojan-Downloader.Murlo
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000, Class
6/19/2011 6:06:36 PM:109
Infection quarantined
Threat Name - Trojan-Downloader.Murlo
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000, ConfigFlags
6/19/2011 6:06:36 PM:109
Infection quarantined
Threat Name - Trojan-Downloader.Murlo
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000, Legacy
6/19/2011 6:06:36 PM:109
Infection quarantined
Threat Name - Trojan-Downloader.Murlo
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000, Service
6/19/2011 6:06:36 PM:125
Infection quarantined
Threat Name - Trojan-Downloader.Murlo
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME, NextInstance
6/19/2011 6:06:36 PM:140
Infection cleaned
Threat Name - Trojan-Downloader.Murlo
Type - Registry Key
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme
6/19/2011 6:06:36 PM:140
Infection cleaned
Threat Name - Trojan-Downloader.Murlo
Type - Registry Key
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme\Enum
6/19/2011 6:06:36 PM:140
Infection cleaned
Threat Name - Trojan-Downloader.Murlo
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme\Enum, NextInstance
6/19/2011 6:06:36 PM:140
Infection cleaned
Threat Name - Trojan-Downloader.Murlo
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme\Enum, Count
6/19/2011 6:06:36 PM:156
Infection cleaned
Threat Name - Trojan-Downloader.Murlo
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme\Enum, 0
6/19/2011 6:06:36 PM:156
Infection cleaned
Threat Name - Trojan-Downloader.Murlo
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme, Group
6/19/2011 6:06:36 PM:156
Infection cleaned
Threat Name - Trojan-Downloader.Murlo
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme, ImagePath
6/19/2011 6:06:36 PM:156
Infection cleaned
Threat Name - Trojan-Downloader.Murlo
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme, Start
6/19/2011 6:06:36 PM:156
Infection cleaned
Threat Name - Trojan-Downloader.Murlo
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme, ErrorControl
6/19/2011 6:06:36 PM:156
Infection cleaned
Threat Name - Trojan-Downloader.Murlo
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme, Type
6/19/2011 6:06:36 PM:156
Infection cleaned
Threat Name - Trojan-Downloader.Murlo
Type - Registry Key
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME
6/19/2011 6:06:36 PM:171
Infection cleaned
Threat Name - Trojan-Downloader.Murlo
Type - Registry Key
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000
6/19/2011 6:06:36 PM:171
Infection cleaned
Threat Name - Trojan-Downloader.Murlo
Type - Registry Key
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000\Control
6/19/2011 6:06:36 PM:171
Infection cleaned
Threat Name - Trojan-Downloader.Murlo
Type - Registry Key
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000\LogConf
6/19/2011 6:06:36 PM:171
Infection cleaned
Threat Name - Trojan-Downloader.Murlo
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000, Capabilities
6/19/2011 6:06:36 PM:171
Infection cleaned
Threat Name - Trojan-Downloader.Murlo
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000, DeviceDesc
6/19/2011 6:06:36 PM:171
Infection cleaned
Threat Name - Trojan-Downloader.Murlo
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000, ClassGUID
6/19/2011 6:06:36 PM:171
Infection cleaned
Threat Name - Trojan-Downloader.Murlo
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000, Class
6/19/2011 6:06:36 PM:171
Infection cleaned
Threat Name - Trojan-Downloader.Murlo
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000, ConfigFlags
6/19/2011 6:06:36 PM:171
Infection cleaned
Threat Name - Trojan-Downloader.Murlo
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000, Legacy
6/19/2011 6:06:36 PM:171
Infection cleaned
Threat Name - Trojan-Downloader.Murlo
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000, Service
6/19/2011 6:06:36 PM:171
Infection cleaned
Threat Name - Trojan-Downloader.Murlo
Type - Registry Value
Risk Level - High
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME, NextInstance
6/19/2011 6:06:36 PM:234
Infection cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - ACOOKIE statse.webtrendslive.com
6/19/2011 6:06:36 PM:265
Infection cleaned
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - mc quantserve.com
6/19/2011 6:06:36 PM:265
Infection cleaned
Threat Name - Trackware.Tracking Cookies!rem
Type - Cookie
Risk Level - Medium
Infection - s_vi_pogkrp 2o7.net
6/19/2011 6:06:36 PM:312
Infection quarantined
Threat Name - Trojan.Generic
Type - Registry Key
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\LowRegistry
6/19/2011 6:06:36 PM:328
Infection quarantined
Threat Name - Trojan.Generic
Type - Registry Key
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\LowRegistry\Extensions
6/19/2011 6:06:36 PM:328
Infection quarantined
Threat Name - Trojan.Generic
Type - Registry Key
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\LowRegistry\Extensions\CmdMapping
6/19/2011 6:06:36 PM:328
Infection quarantined
Threat Name - Trojan.Generic
Type - Registry Value
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\LowRegistry\Extensions\CmdMapping, {FB5F1910-F110-11d2-BB9E-00C04F795683}
6/19/2011 6:06:36 PM:328
Infection quarantined
Threat Name - Trojan.Generic
Type - Registry Value
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\LowRegistry\Extensions\CmdMapping, {e2e2dd38-d088-4134-82b7-f2ba38496583}
6/19/2011 6:06:36 PM:343
Infection quarantined
Threat Name - Trojan.Generic
Type - Registry Value
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\LowRegistry\Extensions\CmdMapping, NextId
6/19/2011 6:06:36 PM:343
Infection quarantined
Threat Name - Trojan.Generic
Type - Registry Value
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\LowRegistry\Extensions\CmdMapping, {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
6/19/2011 6:06:36 PM:437
Infection quarantined
Threat Name - Trojan.Generic
Type - Registry Key
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-21-1659004503-413027322-725345543-1003\Software\Microsoft\Internet Explorer\LowRegistry
6/19/2011 6:06:36 PM:453
Infection quarantined
Threat Name - Trojan.Generic
Type - Registry Key
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-21-1659004503-413027322-725345543-1003\Software\Microsoft\Internet Explorer\LowRegistry\Extensions
6/19/2011 6:06:36 PM:453
Infection quarantined
Threat Name - Trojan.Generic
Type - Registry Key
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-21-1659004503-413027322-725345543-1003\Software\Microsoft\Internet Explorer\LowRegistry\Extensions\CmdMapping
6/19/2011 6:06:36 PM:453
Infection quarantined
Threat Name - Trojan.Generic
Type - Registry Value
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-21-1659004503-413027322-725345543-1003\Software\Microsoft\Internet Explorer\LowRegistry\Extensions\CmdMapping, NextId
6/19/2011 6:06:36 PM:453
Infection quarantined
Threat Name - Trojan.Generic
Type - Registry Value
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-21-1659004503-413027322-725345543-1003\Software\Microsoft\Internet Explorer\LowRegistry\Extensions\CmdMapping, {e2e2dd38-d088-4134-82b7-f2ba38496583}
6/19/2011 6:06:36 PM:468
Infection quarantined
Threat Name - Trojan.Generic
Type - Registry Key
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-21-1659004503-413027322-725345543-1003\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage
6/19/2011 6:06:36 PM:468
Infection quarantined
Threat Name - Trojan.Generic
Type - Registry Key
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-21-1659004503-413027322-725345543-1003\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total
6/19/2011 6:06:36 PM:468
Infection quarantined
Threat Name - Trojan.Generic
Type - Registry Value
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-21-1659004503-413027322-725345543-1003\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total, (Default)
6/19/2011 6:06:36 PM:468
Infection quarantined
Threat Name - Trojan.Generic
Type - Modified Registry Value
Risk Level - Medium
Infection - HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings, WarnOnPostRedirect
6/19/2011 6:06:36 PM:484
Infection quarantined
Threat Name - Trojan.Generic
Type - Modified Registry Value
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings, WarnOnPostRedirect
6/19/2011 6:06:36 PM:484
Infection quarantined
Threat Name - Trojan.Generic
Type - Modified Registry Value
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-21-1659004503-413027322-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings, WarnOnPostRedirect
6/19/2011 6:06:36 PM:484
Infection quarantined
Threat Name - Trojan.Generic
Type - Modified Registry Value
Risk Level - Medium
Infection - HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3, 1609
6/19/2011 6:06:36 PM:484
Infection quarantined
Threat Name - Trojan.Generic
Type - Modified Registry Value
Risk Level - Medium
Infection - HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3, 1406
6/19/2011 6:06:36 PM:484
Infection quarantined
Threat Name - Trojan.Generic
Type - Modified Registry Value
Risk Level - Medium
Infection - HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2, 1406
6/19/2011 6:06:36 PM:500
Infection quarantined
Threat Name - Trojan.Generic
Type - Modified Registry Value
Risk Level - Medium
Infection - HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0, 1406
6/19/2011 6:06:36 PM:500
Infection quarantined
Threat Name - Trojan.Generic
Type - Modified Registry Value
Risk Level - Medium
Infection - HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2, 1406
6/19/2011 6:06:36 PM:500
Infection quarantined
Threat Name - Trojan.Generic
Type - Modified Registry Value
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3, 1609
6/19/2011 6:06:36 PM:500
Infection quarantined
Threat Name - Trojan.Generic
Type - Modified Registry Value
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3, 1406
6/19/2011 6:06:36 PM:515
Infection quarantined
Threat Name - Trojan.Generic
Type - Modified Registry Value
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2, 1406
6/19/2011 6:06:36 PM:515
Infection quarantined
Threat Name - Trojan.Generic
Type - Modified Registry Value
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2, 1406
6/19/2011 6:06:36 PM:515
Infection quarantined
Threat Name - Trojan.Generic
Type - Modified Registry Value
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2, 1406
6/19/2011 6:06:36 PM:562
Infection quarantined
Threat Name - Trojan.Generic
Type - Modified Registry Value
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0, 1406
6/19/2011 6:06:36 PM:562
Infection quarantined
Threat Name - Trojan.Generic
Type - Modified Registry Value
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-21-1659004503-413027322-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0, 1406
6/19/2011 6:06:36 PM:562
Infection quarantined
Threat Name - Trojan.Generic
Type - Modified Registry Value
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0, 1406
6/19/2011 6:06:36 PM:578
Infection quarantined
Threat Name - Trojan.Generic
Type - Modified Registry Value
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0, 1406
6/19/2011 6:06:36 PM:578
Infection quarantined
Threat Name - Trojan.Generic
Type - Modified Registry Value
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2, 1406
6/19/2011 6:06:36 PM:578
Infection quarantined
Threat Name - Trojan.Generic
Type - Modified Registry Value
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-21-1659004503-413027322-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2, 1406
6/19/2011 6:06:36 PM:578
Infection quarantined
Threat Name - Trojan.Generic
Type - Modified Registry Value
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2, 1406
6/19/2011 6:06:36 PM:593
Infection quarantined
Threat Name - Trojan.Generic
Type - Modified Registry Value
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2, 1406
6/19/2011 6:06:36 PM:625
Infection quarantined
Threat Name - Trojan.Generic
Type - Registry Key
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-21-1659004503-413027322-725345543-1003\Software\Wget
6/19/2011 6:06:36 PM:750
Infection cleaned
Threat Name - Trojan.Generic
Type - Registry Key
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\LowRegistry
6/19/2011 6:06:36 PM:750
Infection cleaned
Threat Name - Trojan.Generic
Type - Registry Key
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\LowRegistry\Extensions
6/19/2011 6:06:36 PM:750
Infection cleaned
Threat Name - Trojan.Generic
Type - Registry Key
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\LowRegistry\Extensions\CmdMapping
6/19/2011 6:06:36 PM:750
Infection cleaned
Threat Name - Trojan.Generic
Type - Registry Value
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\LowRegistry\Extensions\CmdMapping, {FB5F1910-F110-11d2-BB9E-00C04F795683}
6/19/2011 6:06:36 PM:750
Infection cleaned
Threat Name - Trojan.Generic
Type - Registry Value
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\LowRegistry\Extensions\CmdMapping, {e2e2dd38-d088-4134-82b7-f2ba38496583}
6/19/2011 6:06:36 PM:750
Infection cleaned
Threat Name - Trojan.Generic
Type - Registry Value
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\LowRegistry\Extensions\CmdMapping, NextId
6/19/2011 6:06:36 PM:750
Infection cleaned
Threat Name - Trojan.Generic
Type - Registry Value
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\LowRegistry\Extensions\CmdMapping, {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
6/19/2011 6:06:36 PM:796
Infection cleaned
Threat Name - Trojan.Generic
Type - Registry Key
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-21-1659004503-413027322-725345543-1003\Software\Microsoft\Internet Explorer\LowRegistry
6/19/2011 6:06:36 PM:796
Infection cleaned
Threat Name - Trojan.Generic
Type - Registry Key
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-21-1659004503-413027322-725345543-1003\Software\Microsoft\Internet Explorer\LowRegistry\Extensions
6/19/2011 6:06:36 PM:796
Infection cleaned
Threat Name - Trojan.Generic
Type - Registry Key
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-21-1659004503-413027322-725345543-1003\Software\Microsoft\Internet Explorer\LowRegistry\Extensions\CmdMapping
6/19/2011 6:06:36 PM:796
Infection cleaned
Threat Name - Trojan.Generic
Type - Registry Value
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-21-1659004503-413027322-725345543-1003\Software\Microsoft\Internet Explorer\LowRegistry\Extensions\CmdMapping, NextId
6/19/2011 6:06:36 PM:796
Infection cleaned
Threat Name - Trojan.Generic
Type - Registry Value
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-21-1659004503-413027322-725345543-1003\Software\Microsoft\Internet Explorer\LowRegistry\Extensions\CmdMapping, {e2e2dd38-d088-4134-82b7-f2ba38496583}
6/19/2011 6:06:36 PM:796
Infection cleaned
Threat Name - Trojan.Generic
Type - Registry Key
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-21-1659004503-413027322-725345543-1003\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage
6/19/2011 6:06:36 PM:796
Infection cleaned
Threat Name - Trojan.Generic
Type - Registry Key
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-21-1659004503-413027322-725345543-1003\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total
6/19/2011 6:06:36 PM:796
Infection cleaned
Threat Name - Trojan.Generic
Type - Registry Value
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-21-1659004503-413027322-725345543-1003\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total, (Default)
6/19/2011 6:06:36 PM:796
Infection cleaned
Threat Name - Trojan.Generic
Type - Modified Registry Value
Risk Level - Medium
Infection - HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings, WarnOnPostRedirect
6/19/2011 6:06:36 PM:796
Infection cleaned
Threat Name - Trojan.Generic
Type - Modified Registry Value
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings, WarnOnPostRedirect
6/19/2011 6:06:36 PM:796
Infection cleaned
Threat Name - Trojan.Generic
Type - Modified Registry Value
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-21-1659004503-413027322-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings, WarnOnPostRedirect
6/19/2011 6:06:36 PM:796
Infection cleaned
Threat Name - Trojan.Generic
Type - Modified Registry Value
Risk Level - Medium
Infection - HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3, 1609
6/19/2011 6:06:36 PM:796
Infection cleaned
Threat Name - Trojan.Generic
Type - Modified Registry Value
Risk Level - Medium
Infection - HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3, 1406
6/19/2011 6:06:36 PM:796
Infection cleaned
Threat Name - Trojan.Generic
Type - Modified Registry Value
Risk Level - Medium
Infection - HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2, 1406
6/19/2011 6:06:36 PM:796
Infection cleaned
Threat Name - Trojan.Generic
Type - Modified Registry Value
Risk Level - Medium
Infection - HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0, 1406
6/19/2011 6:06:36 PM:796
Infection cleaned
Threat Name - Trojan.Generic
Type - Modified Registry Value
Risk Level - Medium
Infection - HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2, 1406
6/19/2011 6:06:36 PM:796
Infection cleaned
Threat Name - Trojan.Generic
Type - Modified Registry Value
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3, 1609
6/19/2011 6:06:36 PM:796
Infection cleaned
Threat Name - Trojan.Generic
Type - Modified Registry Value
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3, 1406
6/19/2011 6:06:36 PM:796
Infection cleaned
Threat Name - Trojan.Generic
Type - Modified Registry Value
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2, 1406
6/19/2011 6:06:36 PM:796
Infection cleaned
Threat Name - Trojan.Generic
Type - Modified Registry Value
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2, 1406
6/19/2011 6:06:36 PM:796
Infection cleaned
Threat Name - Trojan.Generic
Type - Modified Registry Value
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2, 1406
6/19/2011 6:06:36 PM:812
Infection cleaned
Threat Name - Trojan.Generic
Type - Modified Registry Value
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0, 1406
6/19/2011 6:06:36 PM:812
Infection cleaned
Threat Name - Trojan.Generic
Type - Modified Registry Value
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-21-1659004503-413027322-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0, 1406
6/19/2011 6:06:36 PM:812
Infection cleaned
Threat Name - Trojan.Generic
Type - Modified Registry Value
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0, 1406
6/19/2011 6:06:36 PM:812
Infection cleaned
Threat Name - Trojan.Generic
Type - Modified Registry Value
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0, 1406
6/19/2011 6:06:36 PM:812
Infection cleaned
Threat Name - Trojan.Generic
Type - Modified Registry Value
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2, 1406
6/19/2011 6:06:36 PM:812
Infection cleaned
Threat Name - Trojan.Generic
Type - Modified Registry Value
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-21-1659004503-413027322-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2, 1406
6/19/2011 6:06:36 PM:812
Infection cleaned
Threat Name - Trojan.Generic
Type - Modified Registry Value
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2, 1406
6/19/2011 6:06:36 PM:812
Infection cleaned
Threat Name - Trojan.Generic
Type - Modified Registry Value
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2, 1406
6/19/2011 6:06:36 PM:812
Infection cleaned
Threat Name - Trojan.Generic
Type - Registry Key
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-21-1659004503-413027322-725345543-1003\Software\Wget
6/19/2011 6:06:36 PM:968
Infections Quarantined/Removed Summary
Quarantined - 59
Quarantine Failed - 0
Removed - 62
Remove Failed - 0
  • 0

Advertisements


#17
sempai

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Hi,

Those are infections and nothing to do with the tools, your AV is working and that's a good sign.


We need to execute a ComboFix script.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy-paste the text in the code box below into it:

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=-
"FirewallOverride"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"=-

RegLock::
[HKEY_USERS\S-1-5-21-1659004503-413027322-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]

Driver::
wgjfegoq

DirLook::
c:\program files\awesome
C:\Documents and Settings\Mr Smith\Application Data\cYo
C:\Documents and Settings\Mr Smith\Local Settings\Application Data\cYo

4. Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

5. Refering to the picture above, drag CFScript into ComboFix.exe

6. When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


  • 0

#18
Piros

Piros

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
First off, I did what you said, but I'm not sure I did what you wanted. I tossed the script into combofix and the first thing combofix wanted to do was install a newer version. SO I did that and combofix restarted, so I think it might of just run a regular old scan. I'd have stopped combofix and redid the script, but its kinda hard to stop combofix, there aren't many buttons to press and I didn't want to mess anything up.

Also, for some reason ComboFix had to reinstall the Windows Recovery Console... I thought that was there from the first time.

Anyway, here's the log. Tell me if I need to repeat this step to do it right.

ComboFix 11-06-19.0r1 - Mr Smith 06/20/2011 8:06.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1469 [GMT -5:00]
Running from: c:\documents and settings\Mr Smith\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Mr Smith\Desktop\CFScript.txt
AV: Internet Security Anti-Virus *Enabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
FW: Internet Security Firewall *Enabled* {2BF21FEC-A5BE-424D-BDD7-3229CC84ED22}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_wgjfegoq
.
.
((((((((((((((((((((((((( Files Created from 2011-05-20 to 2011-06-20 )))))))))))))))))))))))))))))))
.
.
2011-06-19 13:20 . 2011-06-19 13:20 -------- d-----w- C:\_OTL
2011-06-15 05:17 . 2011-06-15 05:17 -------- d-----w- c:\program files\awesome
2011-06-13 05:23 . 2011-06-13 05:23 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2011-06-11 05:20 . 2011-06-18 17:32 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2011-06-11 05:20 . 2011-06-11 05:20 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer
2011-06-11 05:20 . 2011-06-11 05:20 -------- d-----w- c:\documents and settings\Default User\Application Data\Apple Computer
2011-06-11 05:18 . 2011-06-11 05:20 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Apple Computer
2011-05-26 10:39 . 2011-05-26 10:39 -------- d-----w- c:\program files\Comical
2011-05-25 11:36 . 2011-05-25 11:36 -------- d-----w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo
2011-05-25 11:36 . 2011-05-25 11:36 -------- d-----w- c:\documents and settings\Mr Smith\Application Data\cYo
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-29 14:11 . 2011-03-18 07:49 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 14:11 . 2011-03-18 07:49 22712 -c--a-w- c:\windows\system32\drivers\mbam.sys
2011-05-02 15:31 . 2007-04-23 21:49 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 16:19 . 2004-08-04 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2004-08-04 12:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\Mr Smith\Application Data\cYo ----
.
2011-05-25 17:42 . 2011-05-25 17:42 11238 ----a-w- c:\documents and settings\Mr Smith\Application Data\cYo\ComicRack\Config.xml
2011-05-25 17:42 . 2011-05-25 17:42 19316 ----a-w- c:\documents and settings\Mr Smith\Application Data\cYo\ComicRack\NewsFeeds.xml
2011-05-25 11:47 . 2011-05-25 17:42 102389 ----a-w- c:\documents and settings\Mr Smith\Application Data\cYo\ComicRack\ComicDb.xml
2011-05-25 11:47 . 2011-05-25 17:42 102389 ----a-w- c:\documents and settings\Mr Smith\Application Data\cYo\ComicRack\ComicDb.xml.bak
2011-05-25 11:40 . 2011-05-25 11:40 2151 ----a-w- c:\documents and settings\Mr Smith\Application Data\cYo\ComicRack\DonateImage
.
---- Directory of c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo ----
.
2011-05-25 17:42 . 2011-05-25 17:42 742 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Files\cache.idx
2011-05-25 17:42 . 2011-05-25 17:42 44592 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\cache.idx
2011-05-25 17:42 . 2011-05-25 17:42 7921 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Thumbnails\cache.idx
2011-05-25 17:42 . 2011-05-25 17:42 212484 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\179\WOAXJYWYU7XUTJMYZLQCK4AHEM.cache
2011-05-25 17:42 . 2011-05-25 17:42 247556 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\139\ROHYFVMARPUUVMB2T5DYGQIY6Q.cache
2011-05-25 17:42 . 2011-05-25 17:42 171207 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\248\7CAWBEBM3ZTUHLITX6PR2QMXNU.cache
2011-05-25 17:42 . 2011-05-25 17:42 204365 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\29\DUOQSJII62XEJCFV6SOD3F5VZY.cache
2011-05-25 17:42 . 2011-05-25 17:42 208706 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\48\GBEBILJ2T46ULHVRBOY4S5PVV4.cache
2011-05-25 17:42 . 2011-05-25 17:42 234368 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\102\M3LPLH7WSSEU7PYDOQUVOVD2AI.cache
2011-05-25 17:42 . 2011-05-25 17:42 302011 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\70\I3RSAEZVIRKUFBD4SGVBA3PJ4I.cache
2011-05-25 17:41 . 2011-05-25 17:41 207375 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\65\IE3N4TYDX7PUNNHVDXQNGZC7WI.cache
2011-05-25 17:41 . 2011-05-25 17:41 136754 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\195\YM2AQJLVBE6ENM7B5IWBGYYEBI.cache
2011-05-25 17:41 . 2011-05-25 17:41 136829 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\70\IZFV5CVTWHTU7KR6OSECAU7KFE.cache
2011-05-25 17:41 . 2011-05-25 17:41 140166 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\71\I6A6RZMTVGZUNEOL3VW5OBNTYA.cache
2011-05-25 17:41 . 2011-05-25 17:41 158922 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\29\DUESPGN5IXJERP5I4HAYFRZDEU.cache
2011-05-25 17:41 . 2011-05-25 17:41 163087 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\127\P5E5LDSPGKOUTMV5OCXOLOW46Q.cache
2011-05-25 17:41 . 2011-05-25 17:41 146577 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\103\M56ZAOCVJRUEDIEF3XKRNGWHYA.cache
2011-05-25 17:41 . 2011-05-25 17:41 123480 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\13\BU7NUSE25FMEJLWMZR45FHFKQY.cache
2011-05-25 17:41 . 2011-05-25 17:41 129950 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\82\KKAXTKZRCEQEJLTRKGKUCNBKVA.cache
2011-05-25 17:41 . 2011-05-25 17:41 122561 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\106\NLHIPE3MJU4URGLQPK6JNX7QDU.cache
2011-05-25 17:41 . 2011-05-25 17:41 181592 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\118\O2PUGY7YDKYU3PABVQHAZ6SBWM.cache
2011-05-25 17:41 . 2011-05-25 17:41 194993 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\191\X4IH5NSWUTKUDL6OEO6X5RSJ3U.cache
2011-05-25 17:40 . 2011-05-25 17:40 204900 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\188\XR5YR77PYAFUHE4TE3PUJWPGBE.cache
2011-05-25 17:40 . 2011-05-25 17:40 193547 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\47\F6GWYOE43Z5UJB5W6ZJID3JVXU.cache
2011-05-25 17:40 . 2011-05-25 17:40 186079 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\92\LR35Q4RPKQLUFKODUHHDILRHYE.cache
2011-05-25 17:40 . 2011-05-25 17:40 135381 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\131\QPIJI3GD3Y2UXH2GQKY6DJ4JVI.cache
2011-05-25 17:40 . 2011-05-25 17:40 122714 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\30\D2V6IZUTGEWUFLEYUJ7NPRZSVI.cache
2011-05-25 17:40 . 2011-05-25 17:40 133406 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\64\IBQWOP2RQVIEVJKXWCGIOEVUEU.cache
2011-05-25 17:40 . 2011-05-25 17:40 143180 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\243\6N6MHX7UDMPELGSIL6JUC5LT64.cache
2011-05-25 17:39 . 2011-05-25 17:39 146927 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\158\TYAT5FB6IONERJ7E6ZAD55UA3U.cache
2011-05-25 17:39 . 2011-05-25 17:39 149134 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\190\X2K7BPECGSFEXOJ5BMAKVMT6YQ.cache
2011-05-25 17:39 . 2011-05-25 17:39 138458 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\194\YJBEVK3DPNCUREFTA765DWSFRA.cache
2011-05-25 17:39 . 2011-05-25 17:39 112208 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\56\HBSAE3C6AKNERIZ2VM2NMCTLXU.cache
2011-05-25 17:39 . 2011-05-25 17:39 141326 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\159\T62FTI5VFW3U7AFWQRMYYRLGHI.cache
2011-05-25 17:39 . 2011-05-25 17:39 131756 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\226\4IWJO5JP3CZE7OOZVVK22ULQPM.cache
2011-05-25 17:39 . 2011-05-25 17:39 137340 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\162\ULHLNK5432KE7JUM765EJW3ON4.cache
2011-05-25 17:39 . 2011-05-25 17:39 132922 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\218\3LJYAB5KIO7E5JGVNYOBCLQ44Y.cache
2011-05-25 17:39 . 2011-05-25 17:39 143493 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\179\WOI27PIOAZWELO3S2ZNZODJT3Q.cache
2011-05-25 17:39 . 2011-05-25 17:39 105125 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\48\GD4MLDGHGDFEZI7365UZO463SM.cache
2011-05-25 17:39 . 2011-05-25 17:39 121852 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\132\QSEAFTOQHJZU7PUX57K2TR6BCY.cache
2011-05-25 17:39 . 2011-05-25 17:39 141046 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\231\47V3BAQNU6TEPMUMTTCZND2QDU.cache
2011-05-25 17:39 . 2011-05-25 17:39 193237 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\32\EDXXS73SFJLUJI5QNYOWHVIAEM.cache
2011-05-25 17:39 . 2011-05-25 17:39 193691 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\231\46ONGKL7HOJEPNYXXSSK2UA73M.cache
2011-05-25 17:39 . 2011-05-25 17:39 153229 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\8\BAAC7ZZR4OPEZGKSO2WR5HPPVI.cache
2011-05-25 17:39 . 2011-05-25 17:39 142051 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\191\X7SIPIUR6NVELE7T7PYGQORFFQ.cache
2011-05-25 17:39 . 2011-05-25 17:39 176806 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\212\2T4AHP7WLTUEZJHUMBZHCLHOSM.cache
2011-05-25 17:39 . 2011-05-25 17:39 204081 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\41\FE6VLYR3ROKEPFPP7ASGWCC3IE.cache
2011-05-25 17:39 . 2011-05-25 17:39 194252 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\81\KHHJ4DSHYWTUFMLGOTYNGCPDII.cache
2011-05-25 17:39 . 2011-05-25 17:39 151887 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\166\U2JZLIV5WS2UXOQ3AVMU3FYPNY.cache
2011-05-25 17:39 . 2011-05-25 17:39 194521 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\156\TQSILX2QOMAE3EHJXJS5XOCIZA.cache
2011-05-25 17:39 . 2011-05-25 17:39 181553 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\206\Z3TLOA3DWGPU7OUFUPOESO6ADM.cache
2011-05-25 17:39 . 2011-05-25 17:39 185661 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\9\BFW2T5NBIKEUHGIGFL4HEFPDFU.cache
2011-05-25 17:39 . 2011-05-25 17:39 147494 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\88\LA3LADB5WR5U7E6PJJS7RSOZO4.cache
2011-05-25 17:39 . 2011-05-25 17:39 148083 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\48\GB5RGSJVAQRE3LMMIX4ZONDZJU.cache
2011-05-25 17:39 . 2011-05-25 17:39 151421 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\73\JGHTZ7EZDRPUFAWTJTLPSGJX3Q.cache
2011-05-25 17:38 . 2011-05-25 17:38 122996 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\43\FORPADU4BW4ENB4NTFQMEVPD3U.cache
2011-05-25 17:38 . 2011-05-25 17:38 170091 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\10\BL6KE2AJRELUTC2QQGFC23LTBQ.cache
2011-05-25 17:38 . 2011-05-25 17:38 124777 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\121\PHMMVQP45CPUFIHG4BXABVG5PM.cache
2011-05-25 17:38 . 2011-05-25 17:38 114832 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\125\PVUYEYUHCJKU3K4UAFLVX5RTIQ.cache
2011-05-25 17:37 . 2011-05-25 17:37 119588 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\56\HCVNYO4GSVIEBO76HLMQCU2QSA.cache
2011-05-25 17:37 . 2011-05-25 17:37 146524 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\196\YQZBFADNCHCEHAUXEZG7X2YIXE.cache
2011-05-25 17:37 . 2011-05-25 17:37 140432 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\169\VFB67JZHMSRUPAKEOUUVU6OHUA.cache
2011-05-25 17:37 . 2011-05-25 17:37 122725 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\16\CAGDCCX45SWULHMKDFYE5IA6CU.cache
2011-05-25 17:37 . 2011-05-25 17:37 130586 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\253\7VFBIS2LWTLUTG66ZDSPKMLGPI.cache
2011-05-25 17:37 . 2011-05-25 17:37 130671 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\143\R6ZEKUP5WGTUPJKYBQNLW4PCOE.cache
2011-05-25 17:36 . 2011-05-25 17:36 116681 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\225\4GNB3O7ACLKUFPMQLZCS2VRPHQ.cache
2011-05-25 17:35 . 2011-05-25 17:35 116572 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\155\TNAREMZ2HFZEJBUTTJWWC2VWOA.cache
2011-05-25 17:35 . 2011-05-25 17:35 125758 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\70\I3634CD6CGIEBJIA7IBDGHKSPA.cache
2011-05-25 17:35 . 2011-05-25 17:35 147544 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\222\33S4EN4X5GOEBAIWTPPFWW2V2M.cache
2011-05-25 17:35 . 2011-05-25 17:35 119088 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\82\KILGJLJYQQYUPLEUAXWTBUKNQQ.cache
2011-05-25 17:34 . 2011-05-25 17:34 169047 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\20\CQH4WRXQOJSEXH63AHT4572DZI.cache
2011-05-25 17:34 . 2011-05-25 17:34 117009 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\84\KQQ4QLX5HDKULDQLCKDZA7LSOM.cache
2011-05-25 17:34 . 2011-05-25 17:34 162580 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\206\Z33OPGR5B3GUVKMPZRDVFFNNN4.cache
2011-05-25 17:34 . 2011-05-25 17:34 144566 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\242\6JYGNXVYGITUNCVMPDSGMCBVRU.cache
2011-05-25 17:34 . 2011-05-25 17:34 156469 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\101\MU5KZHJWQWGUXL3TALG4YVGJMQ.cache
2011-05-25 17:34 . 2011-05-25 17:34 143763 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\144\SBDJSSEQWKOUTBRCSRQ7K2CDDM.cache
2011-05-25 17:34 . 2011-05-25 17:34 107661 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\111\N4VKG437NBOU3EUFLHBVHUW4QE.cache
2011-05-25 17:34 . 2011-05-25 17:34 116434 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\117\OW3TK4CQMNSUPDLF6MBEZBWV5E.cache
2011-05-25 17:34 . 2011-05-25 17:34 136507 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\44\FTGWAEVNJL6UXD6HLEF76WTZJ4.cache
2011-05-25 17:34 . 2011-05-25 17:34 130824 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\163\UOOPDAK3ZXJETPQI7HGBL6OV4U.cache
2011-05-25 17:34 . 2011-05-25 17:34 137851 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\50\GJGBQNCESICUJKNJHHMQTOTDWA.cache
2011-05-25 17:34 . 2011-05-25 17:34 140689 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\221\3VXVCLB2BMVUVJWUBQIJLPJI4M.cache
2011-05-25 17:34 . 2011-05-25 17:34 131269 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\94\LZSMK5RIFEEE5IW7NOOQSYPXBA.cache
2011-05-25 17:34 . 2011-05-25 17:34 117361 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\0\ACJUUUBSJOGUTCQ37ISS7OFKWE.cache
2011-05-25 17:34 . 2011-05-25 17:34 143514 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\67\INTMWUXEOQKUBGVGTDGWA46M2I.cache
2011-05-25 17:34 . 2011-05-25 17:34 129555 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\130\QKQOBBJMLP7UVGTN5N75RQRQ6M.cache
2011-05-25 17:34 . 2011-05-25 17:34 139928 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\143\R7LQI6JOTO5U5JWA32BDX7OLTI.cache
2011-05-25 17:34 . 2011-05-25 17:34 155150 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\11\BPKFQXESHKMU5PXN3NG6N4B2RA.cache
2011-05-25 17:34 . 2011-05-25 17:34 166258 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\187\XM4ITUWE5ZMEDPMTISYN6I7ZUU.cache
2011-05-25 17:34 . 2011-05-25 17:34 142440 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\166\U37XUB7RH2XURJU2CHBJ3SFQHU.cache
2011-05-25 17:34 . 2011-05-25 17:34 167841 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\128\QBNFD7G3734ELPIX7DUGHKE3WE.cache
2011-05-25 17:33 . 2011-05-25 17:33 149537 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\34\EK2EKNQXE5NEHPAK54QPNPPO7I.cache
2011-05-25 17:33 . 2011-05-25 17:33 154777 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\44\FQOWQ5UKDPIEDAHS7LUU7KODFM.cache
2011-05-25 17:33 . 2011-05-25 17:33 140273 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\189\XWN2YBC67V3ULN3WY4B2FJKPQ4.cache
2011-05-25 17:33 . 2011-05-25 17:33 157975 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\120\PCYS76TKWI3EHCRIXMXLQPN6SY.cache
2011-05-25 17:33 . 2011-05-25 17:33 352644 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\40\FCTNKERXKNAELEKBHCJT33FFXA.cache
2011-05-25 17:33 . 2011-05-25 17:33 128805 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\137\RHSC46IAWHNUFFRLKJXJL6YFJE.cache
2011-05-25 17:33 . 2011-05-25 17:33 143437 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\253\7X4UYAK5OVVE5JH3SUOS74P2OI.cache
2011-05-25 17:33 . 2011-05-25 17:33 190102 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\15\B63RKX5W6U7U5CI5BYNYI5CD3Q.cache
2011-05-25 17:33 . 2011-05-25 17:33 170277 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\199\Y74HQJILEBQUVNJHNAUMS5RQKA.cache
2011-05-25 17:31 . 2011-05-25 17:31 159956 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\158\TZJI2T3S3SXENL2YELVOV73HQQ.cache
2011-05-25 17:31 . 2011-05-25 17:31 162702 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\192\YC6SMOMVXBPUBJWCUBIS4DNV44.cache
2011-05-25 17:31 . 2011-05-25 17:31 132839 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\167\U72W6XQTE7EUZL272FOMZXMJNI.cache
2011-05-25 17:30 . 2011-05-25 17:30 152146 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\103\M4EFKRJAU7WUVO5UWJIYMUAURA.cache
2011-05-25 17:30 . 2011-05-25 17:30 124628 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\236\5SWN6ZWFDUZEJECM3PEHATY6JQ.cache
2011-05-25 17:30 . 2011-05-25 17:30 133595 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\11\BOCNI45VKROEDF7HN4B56JWWFY.cache
2011-05-25 17:30 . 2011-05-25 17:30 145115 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\85\KUFVPSVIZKUUDO67JZUUZ76VEI.cache
2011-05-25 17:30 . 2011-05-25 17:30 146554 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\95\L62LLYJDFGKUBIZUYPH5STT7XY.cache
2011-05-25 17:29 . 2011-05-25 17:29 155270 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\196\YS4F4X2R7MQEPPTJHS2Q4QK77E.cache
2011-05-25 17:29 . 2011-05-25 17:29 148509 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\249\7GZ5BJ3IP4NEZATRYRDHZSBA4E.cache
2011-05-25 17:28 . 2011-05-25 17:28 152440 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\66\ILTAUG664VGU5GF4HQOVJHEDJ4.cache
2011-05-25 17:27 . 2011-05-25 17:27 138828 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\52\GQUWMV4WJ7NU3FUQ2HQO3XFANI.cache
2011-05-25 17:27 . 2011-05-25 17:27 139822 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\243\6NY2GIWFDDVUTLWQVNBIFLIUKQ.cache
2011-05-25 17:27 . 2011-05-25 17:27 138149 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\160\UAZKPYDJBGOEZPAPQDKBLP75V4.cache
2011-05-25 17:27 . 2011-05-25 17:27 117065 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\160\UDJ75WHCGWRE7LQUSIBJJT7GEU.cache
2011-05-25 17:26 . 2011-05-25 17:26 147210 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\101\MUWMDVJPQQ6ENHHO7ESB22535Y.cache
2011-05-25 17:26 . 2011-05-25 17:26 155384 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\191\X6MIQUFR3I5EJMXWLCV2H3ZIIA.cache
2011-05-25 17:26 . 2011-05-25 17:26 111779 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\38\E3W7ZLKRQM5EVJMZ5JBLUTIX2Y.cache
2011-05-25 17:25 . 2011-05-25 17:25 132030 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\102\M3HZE72J5L5UJCVILZ5X3V55RQ.cache
2011-05-25 17:25 . 2011-05-25 17:25 91172 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\144\SDIWWLFEOPHU5FYSLNBZSXQBQU.cache
2011-05-25 17:25 . 2011-05-25 17:25 123549 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\115\OODIA3UYBXCUJNTQ6HKEIJHBBY.cache
2011-05-25 17:25 . 2011-05-25 17:25 157631 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\151\S6TUUDBLPLHUFMGT4DAIGIJHNU.cache
2011-05-25 17:24 . 2011-05-25 17:24 130646 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\253\7WWUZSUOUCUE3LXF5ARPNR3QKY.cache
2011-05-25 17:24 . 2011-05-25 17:24 146704 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\48\GA5ZPVCALAJEJKVW2OPEZFGD2E.cache
2011-05-25 17:24 . 2011-05-25 17:24 148260 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\120\PC2KEZHX43CUHN36BHZ6DCWKLA.cache
2011-05-25 17:24 . 2011-05-25 17:24 164221 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\67\IPWH2SYNGYREBJCVEO3HOLIRCQ.cache
2011-05-25 17:24 . 2011-05-25 17:24 167412 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\192\YC6SLLJI5GBEJHG4KBIDIPIBZQ.cache
2011-05-25 17:24 . 2011-05-25 17:24 146907 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\11\BMAPK4GBR5LERFNMIJPBD6YMVE.cache
2011-05-25 17:24 . 2011-05-25 17:24 164132 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\217\3GZMDY2I6N4ETAPLXYLOVWX5YU.cache
2011-05-25 17:24 . 2011-05-25 17:24 160809 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\84\KQNKACIFY6QEPFTZNOBQQVUFIM.cache
2011-05-25 17:24 . 2011-05-25 17:24 141982 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\50\GICN423N2M4UDNW7W2P4PPLQ4Y.cache
2011-05-25 17:24 . 2011-05-25 17:24 143917 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\0\AASCYMAXMBYUHNWFJG3X536XFA.cache
2011-05-25 17:24 . 2011-05-25 17:24 165004 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\86\K3EDSEAEHWZEHHB6GNIKYFIVMU.cache
2011-05-25 17:24 . 2011-05-25 17:24 163014 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\99\MMXB7W47AEGEDOX6MDIC4W2FDE.cache
2011-05-25 17:24 . 2011-05-25 17:24 177994 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\253\7X6FVKXX2DMUZFUKTF65BRJTBY.cache
2011-05-25 17:24 . 2011-05-25 17:24 141108 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\149\SWLQ52J2WGGURO5WL2BIMH5PII.cache
2011-05-25 17:24 . 2011-05-25 17:24 164552 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\200\ZDRF6WTFNYTE5I3ZLUJMSXFD4M.cache
2011-05-25 17:24 . 2011-05-25 17:24 113382 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\164\URDX56UGMNFUTF6QWBWBXDA4XM.cache
2011-05-25 17:24 . 2011-05-25 17:24 160031 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\227\4OCMJCDQ7ONE7OQRZJPNCOECOQ.cache
2011-05-25 17:24 . 2011-05-25 17:24 133396 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\218\3KPRJ7WTFSWURMUZ3Y3TYAAP4U.cache
2011-05-25 17:24 . 2011-05-25 17:24 193078 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\21\CX3ECY23FZYEXHDA5ACCLZWPNI.cache
2011-05-25 17:24 . 2011-05-25 17:24 194241 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\119\O6FJRYNKGBEETIKOR2UB7EZJOY.cache
2011-05-25 17:24 . 2011-05-25 17:24 162171 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\155\TNY7MB2ZA7EUBHXEAREUAKIUE4.cache
2011-05-25 17:24 . 2011-05-25 17:24 158727 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\149\SVU2HHNKNENUBLHB2VDGPQCLPU.cache
2011-05-25 17:24 . 2011-05-25 17:24 180417 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\168\VCYKXDKTKCQUVB62L5UTZ5I2GU.cache
2011-05-25 17:24 . 2011-05-25 17:24 187781 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\95\L5G5VE23XVNUJCNKVVYBANJBLM.cache
2011-05-25 17:24 . 2011-05-25 17:24 168463 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\194\YI5YLLXKCT3U5G45P6JFFQ3VFA.cache
2011-05-25 17:24 . 2011-05-25 17:24 185653 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\15\B4VBT33BWBSE7OIHC24X3PXNGE.cache
2011-05-25 17:24 . 2011-05-25 17:24 192427 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\253\7WFDVBZPMAIEFF4PTSQQ3N5NP4.cache
2011-05-25 17:24 . 2011-05-25 17:24 163198 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\3\AOV6A47OFYOUZMWSRBZOGLTL6Y.cache
2011-05-25 17:24 . 2011-05-25 17:24 143081 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\115\ONNGGFWYIFSU3O7G7G7S7Q47WI.cache
2011-05-25 17:24 . 2011-05-25 17:24 157812 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\179\WNLXG4RRZMJULLT4XXJ6MNOTAY.cache
2011-05-25 17:24 . 2011-05-25 17:24 171457 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\231\45P5OW3ACGXUBMD5SQK6NXXBWQ.cache
2011-05-25 17:24 . 2011-05-25 17:24 153584 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\68\IRSDLTRO4XPE3CPLR7ODBXWZKM.cache
2011-05-25 17:24 . 2011-05-25 17:24 172068 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\134\QYBHVDPAAJMU7MOAY4PVLWWXPY.cache
2011-05-25 17:24 . 2011-05-25 17:24 165536 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\130\QLTMMWOJIPUURNSGPNGFMDCCBA.cache
2011-05-25 17:24 . 2011-05-25 17:24 172240 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\224\4CFIU4BTDNYUHOWST53UHTJ2B4.cache
2011-05-25 17:24 . 2011-05-25 17:24 167367 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\165\UUBD24EIVFQU7CGMVISIQDI7ME.cache
2011-05-25 17:23 . 2011-05-25 17:23 164154 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\212\2Q22BU4RA6PUBDGCZUM2VONLIM.cache
2011-05-25 17:23 . 2011-05-25 17:23 126359 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\96\MDEEDK74G7CELIU3I3TVUJMNB4.cache
2011-05-25 17:23 . 2011-05-25 17:23 158427 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\100\MQTFEYFONBYE5GV5WU4IFLCALU.cache
2011-05-25 17:23 . 2011-05-25 17:23 133329 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\3\AMDLS36VDEYU5B7A3WU4I2WWAM.cache
2011-05-25 17:22 . 2011-05-25 17:22 169606 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\156\TQPSF4FY4VUU5HIIJUTEJEO46I.cache
2011-05-25 17:21 . 2011-05-25 17:21 196405 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\201\ZGF3JXFDKSYEBLFZJVHWAF2S4I.cache
2011-05-25 17:21 . 2011-05-25 17:21 193168 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\66\ILYU4NTKF73E7AXTK2JAVDCE5I.cache
2011-05-25 17:21 . 2011-05-25 17:21 160581 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\207\Z6DBBCLT4EFU3N37G5SNTFQHTQ.cache
2011-05-25 17:21 . 2011-05-25 17:21 161159 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\68\IQH6WMQLASRETKFSWO3CWKFBM4.cache
2011-05-25 17:21 . 2011-05-25 17:21 166581 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\218\3KFTA7NX6UJEJBSS75YOLBQ6ZQ.cache
2011-05-25 17:21 . 2011-05-25 17:21 173648 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\213\2W6Q742A764UTF77F7BN32QLPY.cache
2011-05-25 17:21 . 2011-05-25 17:21 137075 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\140\RRF5IBVX4Q5UVPJHK7E2XQ23XM.cache
2011-05-25 17:20 . 2011-05-25 17:20 123694 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\81\KFKBADSYNPFUJAGXDYLXPX3LGU.cache
2011-05-25 17:20 . 2011-05-25 17:20 140628 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\104\NABKL7HZ2OKUPJDTPTCITFSBZA.cache
2011-05-25 17:20 . 2011-05-25 17:20 134157 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\12\BSBMYZFJLSZUFPC2HO7PK2Z7AE.cache
2011-05-25 17:19 . 2011-05-25 17:19 134410 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\11\BNUECRMUXAVENEMRN2XND5RROE.cache
2011-05-25 17:19 . 2011-05-25 17:19 124698 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\75\JOLAIFKE7BYE5FNVG5R2UFBOLY.cache
2011-05-25 17:19 . 2011-05-25 17:19 128406 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\75\JMKBWTTQ7OOE7ANDX46MC6UZAA.cache
2011-05-25 17:19 . 2011-05-25 17:19 141759 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\243\6MOORMCKNO5UVISTZNXKGUT4AU.cache
2011-05-25 17:18 . 2011-05-25 17:18 135185 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\212\2RNOV7UI3UXEBGLRQMMXY45GXE.cache
2011-05-25 17:18 . 2011-05-25 17:18 117602 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\162\ULGOVNVNXRDULH7W4TU5ZV3SIA.cache
2011-05-25 17:18 . 2011-05-25 17:18 115832 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\184\XA2NSSNAECYEFF2NCXSQKWFGCQ.cache
2011-05-25 17:18 . 2011-05-25 17:18 117015 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\105\NGSCMAUVVVIEBHM6BL4VRDVQAU.cache
2011-05-25 17:18 . 2011-05-25 17:18 163185 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\71\I6IAXF4ZHTPUPPHHTQY3VOOBXI.cache
2011-05-25 17:18 . 2011-05-25 17:18 130407 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\26\DIUZ33D6OQWEZIQ7IONXIKETCQ.cache
2011-05-25 17:18 . 2011-05-25 17:18 137326 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\184\XD5EAMAF5Z6UHOSUPDLP2BI4XU.cache
2011-05-25 17:17 . 2011-05-25 17:17 139181 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\34\EKZWBJAWHOPUXPW7AFGSKNMK54.cache
2011-05-25 17:17 . 2011-05-25 17:17 115939 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\79\J6MXB3TLRVSEBGTBG7ILFAFESE.cache
2011-05-25 17:17 . 2011-05-25 17:17 125955 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\97\MFS5MRLRGKWELDEA6NU3YIJZAA.cache
2011-05-25 17:16 . 2011-05-25 17:16 134403 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\13\BUUCXID5ALWU7NCPZURD74RN7U.cache
2011-05-25 17:16 . 2011-05-25 17:16 137192 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\218\3IZZJ2F5FJ2ERC3G3PG4XCEHPA.cache
2011-05-25 17:16 . 2011-05-25 17:16 150326 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\60\HREOOZQ5HPMEBHRQIAOCA3K2QI.cache
2011-05-25 17:16 . 2011-05-25 17:16 136022 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\135\Q7FOAKRWT4PE3NI44NYJRBNLPE.cache
2011-05-25 17:16 . 2011-05-25 17:16 126663 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\75\JPLMGYPAOV2EXKASIYQNMAVZIM.cache
2011-05-25 17:16 . 2011-05-25 17:16 128350 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\219\3OJJNV3J2I4EBDQGDNZS3DSYO4.cache
2011-05-25 17:16 . 2011-05-25 17:16 125183 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\39\E7WTXPBDCNHUFCOUMY6PXAJY6Q.cache
2011-05-25 17:16 . 2011-05-25 17:16 146783 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\163\UMA3AUW4GIPUTI2EMIILMQEHKU.cache
2011-05-25 17:16 . 2011-05-25 17:16 160590 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\70\I2IT3VEUP4PURJN3XVGFFN6RTM.cache
2011-05-25 17:16 . 2011-05-25 17:16 143489 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\205\ZVIYGLFVGISUBJTJFDV3PE7FZM.cache
2011-05-25 17:16 . 2011-05-25 17:16 149362 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\180\WSJDZLKCLXSURCTCI52FZXKQP4.cache
2011-05-25 17:16 . 2011-05-25 17:16 143662 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\121\PEHELSPLWXGUPC2KT5LZLBMVNY.cache
2011-05-25 17:16 . 2011-05-25 17:16 142071 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\105\NHVT6HPF2YYEZH5CVRWVPE5Z4A.cache
2011-05-25 17:16 . 2011-05-25 17:16 193571 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\28\DSWXQON2PWQU3GFZVQP5YCH2QI.cache
2011-05-25 17:16 . 2011-05-25 17:16 161981 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\227\4PQOHRILRVCURF6KJZJ66RUOXU.cache
2011-05-25 17:16 . 2011-05-25 17:16 176732 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\6\A2XWKQIYBRMEJAU42BCZ5EINLY.cache
2011-05-25 17:16 . 2011-05-25 17:16 187063 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\77\JXOV6EUHDCUETPUB26WIARGVUE.cache
2011-05-25 17:16 . 2011-05-25 17:16 165677 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\29\DV4AKQJBIE7EJEQ2FUFVVMPQZQ.cache
2011-05-25 17:16 . 2011-05-25 17:16 206023 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\98\MILYTMAVWJ6E3LN5E4K6CTXHKM.cache
2011-05-25 17:16 . 2011-05-25 17:16 178229 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\201\ZHJYH2I3VVJUTLF35RSWYOOVCM.cache
2011-05-25 17:16 . 2011-05-25 17:16 199072 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\145\SFXUF7MIGAUU5FW6D7UYW2KSLI.cache
2011-05-25 17:16 . 2011-05-25 17:16 183389 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\226\4KP7AKSZPROEJMWTSP64JSEYKQ.cache
2011-05-25 17:16 . 2011-05-25 17:16 168107 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\168\VAPPUHLXJTJEPGOSX53R3GAPHI.cache
2011-05-25 17:16 . 2011-05-25 17:16 181478 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\116\OSNCPQHBD35EHA4CQ5JRU5TBPY.cache
2011-05-25 17:16 . 2011-05-25 17:16 166057 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\78\JZ2OF2CGQ42UDLKUN35D7CZUHA.cache
2011-05-25 17:16 . 2011-05-25 17:16 179213 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\151\S4WQEHF5GOMU3DGAXPOMWVDNSU.cache
2011-05-25 17:16 . 2011-05-25 17:16 199788 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\134\QYWVJQ7GY4CUBAOYOXX5STQUGM.cache
2011-05-25 17:16 . 2011-05-25 17:16 210378 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\105\NGAH2UTSNYFUXLDKEEBBBIKWV4.cache
2011-05-25 17:16 . 2011-05-25 17:16 162922 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\248\7AEZY3YHN7PULJ2UW6U5HFBDFI.cache
2011-05-25 17:16 . 2011-05-25 17:16 162531 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\104\NABI2JVZ62MELK2XMBUEBQ42RA.cache
2011-05-25 17:15 . 2011-05-25 17:15 34631 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Thumbnails\96\MABFWBHCBCTUHMHOE47NNB6LU4.cache
2011-05-25 17:15 . 2011-05-25 17:15 52627 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Thumbnails\175\V6HUU5ARYHCUROLKQ5AX2UE62Y.cache
2011-05-25 17:15 . 2011-05-25 17:15 221032 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\157\TXLHANYG5T2ENEKY5M7OFCXSFI.cache
2011-05-25 17:15 . 2011-05-25 17:15 123831 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\227\4N7XQI3UPY2ULBMN2WQ363XPTU.cache
2011-05-25 17:15 . 2011-05-25 17:15 127867 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\101\MW4PZSBMMG6ELOI3ZQNEMFCSPA.cache
2011-05-25 17:15 . 2011-05-25 17:15 172366 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\117\OUEJGRTDQPTURGVH2NWHL6PT5Q.cache
2011-05-25 17:15 . 2011-05-25 17:15 134931 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\84\KRJXQMN67IWU5NK6EHCHBX3HL4.cache
2011-05-25 17:15 . 2011-05-25 17:15 132436 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\53\GW5U2TOH3P7EXJN2YLDJYH3UOU.cache
2011-05-25 17:15 . 2011-05-25 17:15 179506 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\222\33E365P777PE7H5BYN53BZZZIA.cache
2011-05-25 17:15 . 2011-05-25 17:15 51327 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Thumbnails\137\RGQGDBLBGAREJNXZ6IQQSAFJHY.cache
2011-05-25 17:15 . 2011-05-25 17:15 173292 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\240\6ABCV5PYUDYUFKJFCWFLGNH7BU.cache
2011-05-25 17:15 . 2011-05-25 17:15 131944 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\145\SFZPXKHLDUQU5KTB6NVGXMQJL4.cache
2011-05-25 17:15 . 2011-05-25 17:15 45295 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Thumbnails\87\K5WWMZMWVZDETGU67T57KCFPLQ.cache
2011-05-25 17:15 . 2011-05-25 17:15 113306 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\133\QWDSJZKREQHE7A7M3ZU3S7PR6Y.cache
2011-05-25 17:15 . 2011-05-25 17:15 140636 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\137\RGNEDPK4R3QEND5LF4562EZBFA.cache
2011-05-25 17:15 . 2011-05-25 17:15 145940 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\174\VZS5JZ2AZTZEHAZV4Q5BVIFJYQ.cache
2011-05-25 17:15 . 2011-05-25 17:15 165851 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\155\TPEO24HTQTUUNF2WRHYD5YHA6Q.cache
2011-05-25 17:15 . 2011-05-25 17:15 131631 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\201\ZF7SVY6ZEAAEHLO5SKAYCXEFPA.cache
2011-05-25 17:15 . 2011-05-25 17:15 159645 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\188\XSELPTND3NSUJORA4KQ76Y6JA4.cache
2011-05-25 17:15 . 2011-05-25 17:15 189954 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\245\6XTAW4CHGZAE7NQ3LTZGYX6OLQ.cache
2011-05-25 17:15 . 2011-05-25 17:15 150131 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\105\NEZTBAFDY43EPBICBP3HTGKGUQ.cache
2011-05-25 17:15 . 2011-05-25 17:15 178634 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\163\UOVRYVKLRQXU7DX5RMKWHPFGYQ.cache
2011-05-25 17:15 . 2011-05-25 17:15 174488 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Images\136\RA45UCAIAV7EFANNK3JALTTHDU.cache
2011-05-25 17:15 . 2011-05-25 17:15 49630 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Thumbnails\163\UNATROAEGYMUDGJ4BFAU6LF5NI.cache
2011-05-25 17:15 . 2011-05-25 17:15 46809 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Thumbnails\14\BY5UFAWSWSVUFL4TA23QXBYULI.cache
2011-05-25 17:15 . 2011-05-25 17:15 48142 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Thumbnails\255\75TCPL5V6P2UFIFWAIXED7YL5M.cache
2011-05-25 17:15 . 2011-05-25 17:15 34161 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Thumbnails\240\6AL7LEMS2E6UXCHJCZJPLUASKE.cache
2011-05-25 17:15 . 2011-05-25 17:15 48579 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Thumbnails\32\EBORN7BWIDUURGGCBAYRDWSAXI.cache
2011-05-25 17:15 . 2011-05-25 17:15 45720 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Thumbnails\130\QKCNHKXTQODU5E3O772OH7CMAI.cache
2011-05-25 17:15 . 2011-05-25 17:15 50692 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Thumbnails\234\5JIQW665W4QERIDELRIVYIAGKU.cache
2011-05-25 17:15 . 2011-05-25 17:15 31931 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Thumbnails\132\QROF7JQGQRUEJCTXDTGPGQB3BI.cache
2011-05-25 17:15 . 2011-05-25 17:15 50358 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Thumbnails\153\TFFILEKZRPRU7ELO2QCQ6ZKQTU.cache
2011-05-25 17:15 . 2011-05-25 17:15 46025 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Thumbnails\137\RE4QCGJL4ZZEZNADJVI2O2TD3A.cache
2011-05-25 17:15 . 2011-05-25 17:15 64597 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Thumbnails\129\QHJTZX3PU77EXOQ2RM5FV3PGRQ.cache
2011-05-25 17:15 . 2011-05-25 17:15 48311 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Thumbnails\214\2ZVAH3AQIZ2ENKK5A7JJYDTXDM.cache
2011-05-25 17:15 . 2011-05-25 17:15 46358 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Thumbnails\211\2PO4NO56GO6UZF4GXKKENQWRGI.cache
2011-05-25 17:15 . 2011-05-25 17:15 46600 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Thumbnails\166\UY2655OVYQGEZFYDFBD6V6WVVE.cache
2011-05-25 17:15 . 2011-05-25 17:15 58861 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Thumbnails\85\KV3FMUCGZ2CELK42TB52S3U7FQ.cache
2011-05-25 17:15 . 2011-05-25 17:15 49458 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Thumbnails\102\MZJXOGIGNLMUZAPWFOSC54AGRY.cache
2011-05-25 17:15 . 2011-05-25 17:15 50185 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Thumbnails\94\LYJ2RWVC3WVE5H5CZB2ZN64HCQ.cache
2011-05-25 17:15 . 2011-05-25 17:15 56724 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Thumbnails\126\PYCNZBNUO5RUDD3FINRX43NCPA.cache
2011-05-25 17:15 . 2011-05-25 17:15 51845 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Thumbnails\187\XNRAIUV7BJ6E5KUX3LAV2BJLDI.cache
2011-05-25 17:14 . 2011-05-25 17:14 51438 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Thumbnails\170\VLKV2EIYF4VENGHYNUFIJUIWSM.cache
2011-05-25 17:14 . 2011-05-25 17:14 37228 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Thumbnails\171\VOTPLGHRGGTURB56MG2T424W5E.cache
2011-05-25 17:13 . 2011-05-25 17:13 45468 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Thumbnails\148\SR63USZUMSKULDPNDGP6EWD7TU.cache
2011-05-25 17:13 . 2011-05-25 17:13 49875 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Thumbnails\60\HSED32LJZBVU7IN4RAAXUOZMYQ.cache
2011-05-25 17:13 . 2011-05-25 17:13 51965 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Thumbnails\119\O4MDCRDKIXDUJFU6UIQ3UXMXXY.cache
2011-05-25 17:13 . 2011-05-25 17:13 44130 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Thumbnails\42\FID2TDRUZFNERKANMOY3FPMWIE.cache
2011-05-25 17:13 . 2011-05-25 17:13 44985 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Thumbnails\240\6CEMGEEJVT2UXJIWHD7ARJ4VFU.cache
2011-05-25 17:13 . 2011-05-25 17:13 36154 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Thumbnails\216\3CPWJ7LASJWETKMFIW77QDB5H4.cache
2011-05-25 17:13 . 2011-05-25 17:13 48618 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Thumbnails\241\6ELY2MQIIKPUDLK3IPHCFJBQEM.cache
2011-05-25 17:13 . 2011-05-25 17:13 50433 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Thumbnails\54\G22QWCZ4YLFUPPIFF6PKNZCQEY.cache
2011-05-25 17:13 . 2011-05-25 17:13 40130 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Thumbnails\195\YO7YOLF6A7YUFHFJF2X5IGUQHM.cache
2011-05-25 17:13 . 2011-05-25 17:13 59603 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Thumbnails\225\4EBCNZHARMJEVDJQ3JQZ3HWAEQ.cache
2011-05-25 17:12 . 2011-05-25 17:12 52822 ----a-w- c:\documents and settings\Mr Smith\Local Settings\Application Data\cYo\ComicRack\Cache\Thumbnails\135\Q45UIP57I3OUPJPJPV3PWIBRTY.cache
.
---- Directory of c:\program files\awesome ----
.
2011-06-15 05:17 . 2011-06-15 05:17 10498 ----a-w- c:\program files\awesome\unins000.msg
2011-06-15 05:17 . 2011-05-29 14:11 366640 ----a-w- c:\program files\awesome\mbamservice.exe
2011-06-15 05:17 . 2011-05-29 14:11 48176 ----a-w- c:\program files\awesome\ssubtmr6.dll
2011-06-15 05:17 . 2011-05-29 14:11 498736 ----a-w- c:\program files\awesome\vbalsgrid6.ocx
2011-06-15 05:17 . 2011-05-29 14:11 2830896 ----a-w- c:\program files\awesome\mbamnet.dll
2011-06-15 05:17 . 2011-05-29 14:11 521264 ----a-w- c:\program files\awesome\mbamcore.dll
2011-06-15 05:17 . 2011-05-29 14:11 174128 ----a-w- c:\program files\awesome\mbam.dll
2011-06-15 05:17 . 2011-05-18 17:26 10878 ----a-w- c:\program files\awesome\Languages\turkish.lng
2011-06-15 05:17 . 2011-05-23 23:59 12511 ----a-w- c:\program files\awesome\Languages\vietnamese.lng
2011-06-15 05:17 . 2011-05-20 06:48 10338 ----a-w- c:\program files\awesome\Languages\slovenian.lng
2011-06-15 05:17 . 2011-05-23 23:48 12521 ----a-w- c:\program files\awesome\Languages\spanish.lng
2011-06-15 05:17 . 2011-05-21 07:07 10839 ----a-w- c:\program files\awesome\Languages\swedish.lng
2011-06-15 05:17 . 2011-05-23 23:49 10669 ----a-w- c:\program files\awesome\Languages\slovak.lng
2011-06-15 05:17 . 2011-05-18 19:23 11830 ----a-w- c:\program files\awesome\Languages\romanian.lng
2011-06-15 05:17 . 2011-05-28 15:15 11202 ----a-w- c:\program files\awesome\Languages\russian.lng
2011-06-15 05:17 . 2011-05-19 22:42 11152 ----a-w- c:\program files\awesome\Languages\serbian.lng
2011-06-15 05:17 . 2011-05-23 23:54 11962 ----a-w- c:\program files\awesome\Languages\portugueseBR.lng
2011-06-15 05:17 . 2011-05-26 06:33 12032 ----a-w- c:\program files\awesome\Languages\portuguesePT.lng
2011-06-15 05:17 . 2011-06-02 13:28 12137 ----a-w- c:\program files\awesome\Languages\macedonian.lng
2011-06-15 05:17 . 2011-05-22 07:52 10407 ----a-w- c:\program files\awesome\Languages\norwegian.lng
2011-06-15 05:17 . 2011-05-28 06:23 11090 ----a-w- c:\program files\awesome\Languages\polish.lng
2011-06-15 05:17 . 2011-05-22 05:08 11691 ----a-w- c:\program files\awesome\Languages\lithuanian.lng
2011-06-15 05:17 . 2011-05-29 16:02 9216 ----a-w- c:\program files\awesome\Languages\korean.lng
2011-06-15 05:17 . 2011-05-20 23:16 11367 ----a-w- c:\program files\awesome\Languages\latvian.lng
2011-06-15 05:17 . 2011-05-18 13:38 11854 ----a-w- c:\program files\awesome\Languages\hungarian.lng
2011-06-15 05:17 . 2011-05-19 14:41 11811 ----a-w- c:\program files\awesome\Languages\italian.lng
2011-06-15 05:17 . 2011-05-23 23:51 7978 ----a-w- c:\program files\awesome\Languages\hebrew.lng
2011-06-15 05:17 . 2011-05-22 17:46 12460 ----a-w- c:\program files\awesome\Languages\german.lng
2011-06-15 05:17 . 2011-05-19 08:38 12170 ----a-w- c:\program files\awesome\Languages\greek.lng
2011-06-15 05:17 . 2011-05-23 23:48 12444 ----a-w- c:\program files\awesome\Languages\french.lng
2011-06-15 05:17 . 2011-05-19 23:03 10656 ----a-w- c:\program files\awesome\Languages\estonian.lng
2011-06-15 05:17 . 2011-05-23 23:52 10524 ----a-w- c:\program files\awesome\Languages\finnish.lng
2011-06-15 05:17 . 2011-05-23 20:07 10275 ----a-w- c:\program files\awesome\Languages\english.lng
2011-06-15 05:17 . 2011-05-22 22:17 11776 ----a-w- c:\program files\awesome\Languages\dutch.lng
2011-06-15 05:17 . 2011-05-18 16:56 10408 ----a-w- c:\program files\awesome\Languages\czech.lng
2011-06-15 05:17 . 2011-05-25 20:54 11195 ----a-w- c:\program files\awesome\Languages\danish.lng
2011-06-15 05:17 . 2011-05-23 23:55 11169 ----a-w- c:\program files\awesome\Languages\croatian.lng
2011-06-15 05:17 . 2011-05-25 21:04 11849 ----a-w- c:\program files\awesome\Languages\catalan.lng
2011-06-15 05:17 . 2011-05-25 17:43 6875 ----a-w- c:\program files\awesome\Languages\chineseSI.lng
2011-06-15 05:17 . 2011-05-21 20:12 7675 ----a-w- c:\program files\awesome\Languages\chineseTR.lng
2011-06-15 05:17 . 2011-05-18 14:55 11436 ----a-w- c:\program files\awesome\Languages\bulgarian.lng
2011-06-15 05:17 . 2011-05-19 03:28 11206 ----a-w- c:\program files\awesome\Languages\bosnian.lng
2011-06-15 05:17 . 2011-05-23 23:56 11325 ----a-w- c:\program files\awesome\Languages\belarusian.lng
2011-06-15 05:17 . 2011-05-20 21:14 9095 ----a-w- c:\program files\awesome\Languages\arabic.lng
2011-06-15 05:17 . 2011-05-29 14:09 1496 ----a-w- c:\program files\awesome\changes.rtf
2011-06-15 05:17 . 2011-03-21 22:19 11141 ----a-w- c:\program files\awesome\license.txt
2011-06-15 05:17 . 2010-12-21 00:06 394695 ----a-w- c:\program files\awesome\mbam.chm
2011-06-15 05:17 . 2011-05-29 14:11 449584 ----a-w- c:\program files\awesome\mbamgui.exe
2011-06-15 05:17 . 2011-05-29 14:11 1047656 ----a-w- c:\program files\awesome\mbam.exe
2011-06-15 05:17 . 2011-05-29 14:11 79408 ----a-w- c:\program files\awesome\mbamext.dll
2011-06-15 05:17 . 2011-06-15 05:16 711728 ----a-w- c:\program files\awesome\unins000.exe
2011-06-15 05:17 . 2011-06-15 05:17 9392 ----a-w- c:\program files\awesome\unins000.dat
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-05 81920]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C-Media Mixer"="Mixer.exe" [2002-10-15 1818624]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"ATT-SST_McciTrayApp"="c:\program files\ATT-SST\McciTrayApp.exe" [2009-10-22 1577984]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2010-04-23 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-04 13670504]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-04 110696]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
"PCTools FGuard"="c:\program files\PC Tools Security\BDT\FGuard.exe" [2011-01-07 108496]
"Nektra OEAPI"="c:\program files\Common Files\PC Tools\Outlook Express API\Launcher.exe" [2008-07-21 86016]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
.
c:\documents and settings\Mr Smith\Start Menu\Programs\Startup\
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-7-26 805392]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\AT&T
AT&T Self Support Tool.lnk - c:\program files\ATT-SST\McciBrowser.exe [2009-12-8 1048576]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\AT&T\AT&T Internet Security Wizard
Preferences.lnk - c:\program files\AT&T\Internet Security Wizard\ISW.exe [N/A]
Start AT&T Internet Security Wizard.lnk - c:\program files\AT&T\Internet Security Wizard\ISW.exe [N/A]
Stop AT&T Internet Security Wizard.lnk - c:\program files\AT&T\Internet Security Wizard\ISW.exe [N/A]
Uninstall.lnk - c:\program files\AT&T\Internet Security Wizard\unins000.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 07:42 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Loadout Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Loadout Manager.lnk
backup=c:\windows\pss\Loadout Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Mr Smith^Start Menu^Programs^Startup^Xfire.lnk]
path=c:\documents and settings\Mr Smith\Start Menu\Programs\Startup\Xfire.lnk
backup=c:\windows\pss\Xfire.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 04:07 932288 -c--a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44 35760 -c--a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bing Bar]
2010-03-24 21:26 243544 ----a-w- c:\program files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivX Download Manager]
2010-12-08 21:15 63360 ----a-w- c:\program files\DivX\DivX Plus Web Player\DDMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-12-09 19:28 1226608 -c--a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jomantha]
2008-06-13 17:19 159744 ----a-w- c:\program files\n52te\n52teHid.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]
2008-03-14 10:00 136512 ----a-w- c:\program files\McAfee\Common Framework\UdaterUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 -c--a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-12-24 14:06 1242448 ----a-w- h:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2008-04-01 18:49 36352 -c--a-w- c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"HssTrayService"=3 (0x3)
"HssSrv"=2 (0x2)
"HotspotShieldService"=2 (0x2)
"Diskeeper"=2 (0x2)
"DAUpdaterSvc"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"=
"c:\\Program Files\\IceChat7\\IceChat7.exe"=
"c:\\Riot Games\\League of Legends\\air\\LolClient.exe"=
"c:\\Riot Games\\League of Legends\\game\\League of Legends.exe"=
"h:\\Program Files\\Steam\\Steam.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\ATT-HSI\\McciBrowser.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\World of Warcraft\\Blizzard Downloader.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"6112:TCP"= 6112:TCP:Blizzard Downloader
"6881:TCP"= 6881:TCP:Blizzard Downloader
"6882:TCP"= 6882:TCP:Blizzard Downloader
"6883:TCP"= 6883:TCP:Blizzard Downloader
"8086:TCP"= 8086:TCP:WoW
"8087:TCP"= 8087:TCP:WoW
"9081:TCP"= 9081:TCP:WoW
"9090:TCP"= 9090:TCP:WoW
"9097:TCP"= 9097:TCP:WoW
"9100:TCP"= 9100:TCP:WoW
"6885:TCP"= 6885:TCP:Blizzard Downloader
"6886:TCP"= 6886:TCP:Blizzard Downloader
"6887:TCP"= 6887:TCP:Blizzard Downloader
"6889:TCP"= 6889:TCP:Blizzard Downloader
"6890:TCP"= 6890:TCP:Blizzard Downloader
"6891:TCP"= 6891:TCP:Blizzard Downloader
"6892:TCP"= 6892:TCP:Blizzard Downloader
"6893:TCP"= 6893:TCP:Blizzard Downloader
"6895:TCP"= 6895:TCP:Blizzard Downloader
"6896:TCP"= 6896:TCP:Blizzard Downloader
"6897:TCP"= 6897:TCP:Blizzard Downloader
"6899:TCP"= 6899:TCP:Blizzard Downloader
"35608:TCP"= 35608:TCP:Limewire
"18230:UDP"= 18230:UDP:uTorrent
"5000:TCP"= 5000:TCP:Vent
"5000:UDP"= 5000:UDP:Vent
"6100:TCP"= 6100:TCP:Vent
"6100:UDP"= 6100:UDP:Vent
"1380:TCP"= 1380:TCP:WAR
"10622:TCP"= 10622:TCP:WAR
"57574:TCP"= 57574:TCP:Pando Media Booster
"57574:UDP"= 57574:UDP:Pando Media Booster
"34983:TCP"= 34983:TCP:uTorrentPortTCP
"34983:UDP"= 34983:UDP:uTorrentPortUDP
"6667:UDP"= 6667:UDP:IceChat
"56459:TCP"= 56459:TCP:Pando Media Booster
"56459:UDP"= 56459:UDP:Pando Media Booster
"8376:TCP"= 8376:TCP:League of Legends Launcher
"8376:UDP"= 8376:UDP:League of Legends Launcher
"6967:TCP"= 6967:TCP:League of Legends Launcher
"6967:UDP"= 6967:UDP:League of Legends Launcher
"8377:TCP"= 8377:TCP:League of Legends Launcher
"8377:UDP"= 8377:UDP:League of Legends Launcher
"6958:TCP"= 6958:TCP:League of Legends Launcher
"6958:UDP"= 6958:UDP:League of Legends Launcher
"4000:TCP"= 4000:TCP:Diablo 2
"15397:TCP"= 15397:TCP:spport
"14022:TCP"= 14022:TCP:spport
"29848:TCP"= 29848:TCP:spport
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [3/21/2011 4:43 AM 239168]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [3/21/2011 4:43 AM 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [3/21/2011 4:43 AM 656320]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6/1/2008 1:11 PM 717296]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [3/21/2011 4:43 AM 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [3/21/2011 4:43 AM 69392]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [3/21/2011 4:43 AM 251560]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools Security\BDT\BDTUpdateService.exe [3/21/2011 4:47 AM 247760]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [3/21/2011 4:43 AM 160448]
R3 pctNdisMP;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [3/21/2011 4:43 AM 56536]
S3 bcgame;Nostromo HID Device Minidriver;c:\windows\system32\drivers\bcgame.sys [7/23/2003 2:16 PM 22821]
S3 JmtFltr;n52te;c:\windows\system32\drivers\JmtFltr.sys [2/15/2009 3:10 PM 48896]
S3 LiveTurbineMessageService;Turbine Message Service - Live;"h:\program files\Turbine\Turbine Download Manager\TurbineMessageService.exe" --> h:\program files\Turbine\Turbine Download Manager\TurbineMessageService.exe [?]
S3 LiveTurbineNetworkService;Turbine Network Service - Live;"h:\program files\Turbine\Turbine Download Manager\TurbineNetworkService.exe" --> h:\program files\Turbine\Turbine Download Manager\TurbineNetworkService.exe [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [3/18/2011 2:49 AM 39984]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [3/21/2011 4:43 AM 89472]
S3 pctNdis;PC Tools Firewall Intermediate Filter Service;c:\windows\system32\drivers\pctNdis.sys [3/21/2011 4:43 AM 56536]
S3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [3/21/2011 4:43 AM 125248]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [3/21/2011 4:43 AM 70536]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys --> c:\windows\system32\drivers\ScreamingBAudio.sys [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [3/21/2011 4:42 AM 366840]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [3/21/2011 4:43 AM 33552]
S3 ThreatFire;ThreatFire;c:\program files\PC Tools Security\TFEngine\TFService.exe service --> c:\program files\PC Tools Security\TFEngine\TFService.exe service [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe --> c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [?]
S3 XDva349;XDva349;\??\c:\windows\system32\XDva349.sys --> c:\windows\system32\XDva349.sys [?]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [12/2/2006 6:17 AM 2805000]
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-28 c:\windows\Tasks\doxillionShakeIcon.job
- c:\program files\NCH Software\Doxillion\doxillion.exe [2011-03-15 05:18]
.
2011-03-12 c:\windows\Tasks\switchShakeIcon.job
- c:\program files\NCH Swift Sound\Switch\switch.exe [2011-03-09 12:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.att.net
uInternet Connection Wizard,ShellNext = hxxp://www.onlineregister.com/viewsonic
uInternet Settings,ProxyOverride = *.local
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
Trusted Zone: aol.com\music
Trusted Zone: shoutcast.com
Trusted Zone: winamp.com
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\Mr Smith\Application Data\Mozilla\Firefox\Profiles\5lg58vfa.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.wowhead.com/
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - Ext: Move Media Player: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: oldbar: {46868735-c3fa-47ce-8ce7-cce51a66aceb} - %profile%\extensions\{46868735-c3fa-47ce-8ce7-cce51a66aceb}
FF - Ext: Extended Statusbar: {daf44bf7-a45e-4450-979c-91cf07434c3d} - %profile%\extensions\{daf44bf7-a45e-4450-979c-91cf07434c3d}
FF - Ext: Tiny Menu: {d33c2f7c-b1e6-4d46-ab0e-be1f6d05c904} - %profile%\extensions\{d33c2f7c-b1e6-4d46-ab0e-be1f6d05c904}
FF - Ext: zblack: {50931610-3d8e-11dd-ae16-0800200c9a66} - %profile%\extensions\{50931610-3d8e-11dd-ae16-0800200c9a66}
FF - Ext: YoYo Games InstantPlay: [email protected] - %profile%\extensions\[email protected]
FF - Ext: FoxyTunes: {463F6CA5-EE3C-4be1-B7E6-7FEE11953374} - %profile%\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
FF - Ext: FoxyTunes Skin - OnyxOrbs: {469CEB59-8266-438b-91D9-82F56D595E15} - %profile%\extensions\{469CEB59-8266-438b-91D9-82F56D595E15}
FF - Ext: Solid State ION: [email protected] - %profile%\extensions\[email protected]
FF - Ext: EPUBReader: {5384767E-00D9-40E9-B72F-9CC39D655D6F} - %profile%\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
FF - Ext: Browser Defender Toolbar: {cb84136f-9c44-433a-9048-c5cd9df1dc16} - c:\program files\PC Tools Security\BDT\Firefox
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-20 08:21
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\e2d79ca0]
"imagepath"="\??\c:\windows\TEMP\199.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1659004503-413027322-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:09,09,22,15,86,8b,fb,81,4f,2d,57,a1,7f,6f,17,59,7f,ff,43,89,27,
6b,49,e1,e7,fd,68,50,57,34,c2,59,ad,82,c4,63,cd,5d,95,a3,10,90,bd,22,e4,b7,\
"rkeysecu"=hex:29,52,7b,02,92,e8,87,b3,48,af,b8,d4,08,42,c7,8b
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1352)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
- - - - - - - > 'lsass.exe'(1408)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
- - - - - - - > 'explorer.exe'(3252)
c:\windows\system32\WININET.dll
c:\program files\RocketDock\RocketDock.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\windows\Mixer.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\program files\SpywareGuard\sgbhp.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-06-20 08:25:38 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-20 13:25
ComboFix2.txt 2011-06-19 15:26
.
Pre-Run: 11,476,791,296 bytes free
Post-Run: 11,795,546,112 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /usepmtimer /NoExecute=OptIn
.
- - End Of File - - 3E16A5E8E81D86F67A53061B3D0381A4
  • 0

#19
Piros

Piros

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
EDIT: Double post.

Anyway, upon looking at that log a bit it seems it worked. cYo looks like a removable directory to me. ComicRack is a comic book viewing program I downloaded a month or so ago and subsequently removed because it required .NET framework 4 which I had trouble installing and then had to uninstall the parts that were installed because they were lagging my computer. As might have been evident in previous scans, I switched to Comical, an alternative that was easier to install and use. Anyway, I uninstalled ComicRack a few weeks ago, and the cYo directories seem to be leftovers that weren't deleted. awesome should probably be removed as well, as its a duplicate copy of MBAM I installed while viruses were blocking the copy with the right name.

Edited by Piros, 20 June 2011 - 07:41 AM.

  • 0

#20
Piros

Piros

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Another note: I ran a PC Tools scan the minute I turned it back on today, after what happened yesterday, and it seems more Trojan-downloaders and Trojan.generics turn up on my computer the minute I turn off PC Tools, because it found like 30.
  • 0

#21
sempai

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Please uninstall all your P2P programs then run the scan below.


Save these instructions so you can have access to them while in Safe Mode.

Please click here to download Kaspersky Virus Removal Tool.
  • Save it to your desktop.  
  • Reboot your computer into SafeMode.

    You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
    Use your up arrow key to highlight SafeMode then hit enter
    .

  • Double click the setup file to run it.
  • Click Next to continue.
  • Accept the Licence agreement and click on next
  • It will by default install it to your desktop folder.Click Next.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.

  • Hidden Startup Objects
  • System Memory
  • Disk Boot Sectors.
  • My Computer.
  • Also any other drives (Removable that you may have)


Leave the rest of the settings as they appear as default.

  • Then click on Scan at the to right hand Corner.
  • It will automatically Neutralize any objects found.
  • If some objects are left un-neutralized then click the button that says Neutralize all
  • If it says it cannot be Neutralized then chooose The delete option when prompted.
  • After that is done click on the reports button at the bottom and save it to file name it Kas.
  • Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

    Note: This tool will self uninstall when you close it so please save the log before closing it.


  • 0

#22
Piros

Piros

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
The report didn't exactly look like you described it. I hope this is what you want, and I think it is, because this is the whole report.

There were some options to change what was shown in the report window, but they mainly seemed to be between showing these 6 items and all 1.2 million clean ones as well. There were at least a dozen objects with the word data in them that were apparently password protected as well, and it said they werent checked. I dunno what password its talking about tho.

Anyway, here's the log.

Autoscan: completed 6 minutes ago (events: 6, objects: 1202931, time: 01:15:03)
6/21/2011 6:08:01 AM Task started
6/21/2011 6:45:16 AM Detected: Trojan.Win32.Monder.drjy C:\_OTL\MovedFiles\06192011_082011\C_WINDOWS\system32\ntmsoprq6.dll
6/21/2011 6:46:48 AM Deleted: Trojan.Win32.Monder.drjy C:\_OTL\MovedFiles\06192011_082011\C_WINDOWS\system32\ntmsoprq6.dll
6/21/2011 7:09:17 AM Detected: Trojan.Win32.Monder.drjy C:\System Volume Information\_restore{C1C19FDC-314C-4E2E-949A-FD68406D5696}\RP4\A0001392.dll
6/21/2011 7:09:43 AM Deleted: Trojan.Win32.Monder.drjy C:\System Volume Information\_restore{C1C19FDC-314C-4E2E-949A-FD68406D5696}\RP4\A0001392.dll
6/21/2011 7:23:04 AM Task completed
  • 0

#23
sempai

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Hi,

The scan reported a couple of OTL quarantine files and a couple of system restore entries, how's the computer running?

Please run the scans below to make sure that we didn't miss any remnant.

1. Please run Malwarebytes Anti-Malware. Go to update tab and download all updates and then perform a full scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



2. Please use Internet Explorer to perform a BitDefender Quickscan
  • Click on START SCANNER.
  • Click on FREE SCAN NOW. Please wait as it might take some time to load.
  • It will then ask you to install the add-on "qsax.cab" (Just above the page under the Internet Explorer toolbar). Please allow it to be installed.
  • Click the FREE SCAN NOW button once again to start the add-on installation.
  • Click "Install" and accept the "End User Software License Agreement" when prompted and then click OK.
  • it will now begin scanning, please let it run uninterrupted.
  • Click on View report once completed.
  • A notepad will pop-up containing the report.
  • Please post the entire contents of that report when you reply.
Note: For Windows Vista/7 users, you will need to to right-click on Internet Explorer icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
  • 0

#24
Piros

Piros

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
In regards, to the first question, I think the computer is running alot better.

I haven't noticed issues with the computer running super slow in several days. I think all the browsers I use load faster, altho the only 1 I'm sure about is Maxthon... the others take a bit of time... Maxthon at least loads a blank screen immediately and then loads the homepage eventually.

Also, I haven't seen anything about SETUP trying to copy itself anymore, and Google links aren't being redirected anymore, or at least havent so far. I really haven't been using my computer too much.

My main real complaint left that I haven't been able to figure out is why C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AT&T open in Windows Explorer on startup. All thats in there is the folder for Internet Security Wizard, which has been uninstalled, and the AT&T Self Support Tool, which I think is a tool for if I have internet issues since AT&T is my ISP.

Anyway, here's the MBAM log... I'm not really surprised it came back clean tho, since I ran MBAM before creating this thread.

Here's today's MBAM log:

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6910

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/21/2011 11:05:03 AM
mbam-log-2011-06-21 (11-05-03).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|H:\|)
Objects scanned: 274507
Time elapsed: 41 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#25
Piros

Piros

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
And here's the Quick Scan log. I dunno why it says the scan failed... it looked like it ran to me.


QuickScan Beta 32-bit v0.9.9.96
-------------------------------
Scan date: Tue Jun 21 11:21:57 2011
Machine ID: 8D77758



Scan failed! Couldn't access QuickScan server.
----------------------------------------------
couldn't connect to host



Processes
---------
Bing Bar 3064 C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe
Bonjour 1948 C:\Program Files\Bonjour\mDNSResponder.exe
iTunes 1036 C:\Program Files\iPod\bin\iPodService.exe
iTunes 1228 C:\Program Files\iTunes\iTunesHelper.exe
Logitech SetPoint 3500 C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
Logitech SetPoint 3388 C:\Program Files\Logitech\SetPoint\SetPoint.exe
Maxthon3 5040 C:\Program Files\Maxthon3\Bin\Maxthon.exe
Maxthon3 5072 C:\Program Files\Maxthon3\Bin\Maxthon.exe
Maxthon3 5548 C:\Program Files\Maxthon3\Bin\Maxthon.exe
McAfee Agent 1840 C:\Program Files\McAfee\Common Framework\FrameworkService.exe
McAfee Agent 684 C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
mcci+McciCMService 1264 C:\Program Files\Common Files\Motive\McciCMService.exe
mcci+McciTrayApp 1064 C:\Program Files\ATT-SST\McciTrayApp.exe
Microsoft Search Client Server 4396 C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
Microsoft Search Enhancement Pack 3664 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
Microsoft SQL Server 3736 C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
Microsoft SQL Server 3780 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
Microsoft SQL Server 1996 C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
Microsoft® Windows Live ID 3852 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
Microsoft® Windows Live ID 3280 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
Microsoft® Windows® Operating System 596 C:\WINDOWS\system32\spoolsv.exe
Mixer 1000 C:\WINDOWS\mixer.exe
MobileDeviceService 1752 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
NVIDIA Driver Helper Service, Version 1 1584 C:\WINDOWS\system32\nvsvc32.exe
NVIDIA nTune 2344 C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
OEAPI 1212 C:\Program Files\Common Files\PC Tools\Outlook Express API\launcher.exe
PC Tools Auxiliary Service 2588 C:\Program Files\PC Tools Security\pctsAuxs.exe
PC Tools GUI Application 1256 C:\Program Files\PC Tools Security\pctsGui.exe
PC Tools Security Service 2820 C:\Program Files\PC Tools Security\pctsSvc.exe
RocketDock.exe 1268 C:\Program Files\RocketDock\RocketDock.exe
SG Browser Hijacking Protection 3508 C:\Program Files\SpywareGuard\sgbhp.exe
SpywareGuard 3400 C:\Program Files\SpywareGuard\sgmain.exe
Threat Expert Ltd. Browser Defender 260 C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
Threat Expert Ltd. Browser Defender 1204 C:\Program Files\PC Tools Security\BDT\FGuard.exe
ThreatFire 4268 C:\Program Files\PC Tools Security\TFEngine\TFService.exe
Windows Live Communications Platform 5724 C:\Program Files\Windows Live\Contacts\wlcomm.exe
Windows Live Messenger 1276 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
(verified) Java™ Platform SE 6 U20 1916 C:\Program Files\Java\jre6\bin\jqs.exe
(verified) Microsoft® Windows® Operating System 864 C:\WINDOWS\explorer.exe
(verified) Microsoft® Windows® Operating System 4484 C:\WINDOWS\system32\alg.exe
(verified) Microsoft® Windows® Operating System 1336 C:\WINDOWS\system32\csrss.exe
(verified) Microsoft® Windows® Operating System 1316 C:\WINDOWS\system32\ctfmon.exe
(verified) Microsoft® Windows® Operating System 1416 C:\WINDOWS\system32\lsass.exe
(verified) Microsoft® Windows® Operating System 1184 C:\WINDOWS\system32\rundll32.exe
(verified) Microsoft® Windows® Operating System 1404 C:\WINDOWS\system32\services.exe
(verified) Microsoft® Windows® Operating System 1280 C:\WINDOWS\system32\smss.exe
(verified) Microsoft® Windows® Operating System 316 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1680 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1860 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1900 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1632 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1360 C:\WINDOWS\system32\winlogon.exe
(verified) Microsoft® Windows® Operating System 732 C:\WINDOWS\system32\wuauclt.exe
(verified) Windows® Internet Explorer 3656 C:\Program Files\Internet Explorer\iexplore.exe
(verified) Windows® Internet Explorer 540 C:\Program Files\Internet Explorer\iexplore.exe


Network activity
----------------
Process msnmsgr.exe (1276) connected on port 1863 (MSN) --> 207.46.125.81
Process msnmsgr.exe (1276) connected on port 63589 --> 99.97.57.186
Process iexplore.exe (3656) connected on port 80 (HTTP) --> 69.171.224.14
Process iexplore.exe (3656) connected on port 80 (HTTP) --> 74.125.225.5
Process iexplore.exe (3656) connected on port 80 (HTTP) --> 198.173.20.122
Process iexplore.exe (3656) connected on port 80 (HTTP) --> 204.119.131.97
Process Maxthon.exe (5548) connected on port 80 (HTTP) --> 74.125.225.5
Process Maxthon.exe (5548) connected on port 443 (HTTP over SSL) --> 209.85.225.95
Process Maxthon.exe (5548) connected on port 80 (HTTP) --> 207.152.124.48
Process Maxthon.exe (5548) connected on port 80 (HTTP) --> 69.171.224.40
Process Maxthon.exe (5548) connected on port 80 (HTTP) --> 69.31.97.65
Process Maxthon.exe (5548) connected on port 80 (HTTP) --> 198.173.20.122
Process Maxthon.exe (5548) connected on port 80 (HTTP) --> 198.173.20.122
Process Maxthon.exe (5548) connected on port 80 (HTTP) --> 69.171.224.40
Process Maxthon.exe (5548) connected on port 80 (HTTP) --> 207.152.124.67
Process Maxthon.exe (5548) connected on port 80 (HTTP) --> 198.173.20.122
Process Maxthon.exe (5548) connected on port 80 (HTTP) --> 74.125.225.90
Process Maxthon.exe (5548) connected on port 443 (HTTP over SSL) --> 209.85.225.96
Process Maxthon.exe (5548) connected on port 80 (HTTP) --> 198.173.20.122
Process Maxthon.exe (5548) connected on port 80 (HTTP) --> 198.173.20.112
Process Maxthon.exe (5548) connected on port 80 (HTTP) --> 198.173.20.122
Process Maxthon.exe (5548) connected on port 80 (HTTP) --> 198.173.20.122
Process Maxthon.exe (5548) connected on port 80 (HTTP) --> 198.173.20.112

Process svchost.exe (1680) listens on ports: 135 (RPC)


Autoruns and critical files
---------------------------
Default Manager C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
Doxillion Document Converter C:\Program Files\NCH Software\Doxillion\doxillion.exe
ImScInst.exe C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe
iTunes C:\Program Files\iTunes\iTunesHelper.exe
Logitech SetPoint c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
Logitech SetPoint C:\Program Files\Logitech\SetPoint\SetPoint.exe
Logitech SetPoint C:\WINDOWS\KHALMNPR.EXE
mcci+McciTrayApp C:\Program Files\ATT-SST\McciTrayApp.exe
Microsoft Korean IME 2002 C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
Microsoft® Windows® Operating System C:\WINDOWS\system32\CRYPT32.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\CRYPTNET.dll
Microsoft® Windows® Operating System C:\WINDOWS\System32\CSCDLL.dll
Microsoft® Windows® Operating System C:\WINDOWS\System32\dimsntfy.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\SHELL32.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\sstext3d.scr
Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\WlNotify.dll
Mixer C:\WINDOWS\mixer.exe
NVIDIA Compatible Windows 2000 Display C:\WINDOWS\system32\nvcpl.dll
NVIDIA Media Center Library C:\WINDOWS\system32\NvMcTray.dll
NVIDIA nTune C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe
OEAPI C:\Program Files\Common Files\PC Tools\Outlook Express API\launcher.exe
PC Tools GUI Application C:\Program Files\PC Tools Security\pctsGui.exe
QuickTime C:\Program Files\QuickTime\qttask.exe
RocketDock.exe C:\Program Files\RocketDock\RocketDock.exe
SpywareGuard C:\Program Files\SpywareGuard\sgmain.exe
SpywareGuard Protection C:\Program Files\SpywareGuard\spywareguard.dll
Switch Sound File Converter C:\Program Files\NCH Swift Sound\Switch\switch.exe
Threat Expert Ltd. Browser Defender C:\Program Files\PC Tools Security\BDT\FGuard.exe
Windows Live Messenger C:\Program Files\Windows Live\Messenger\msnmsgr.exe
新注音 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
(verified) Microsoft Genuine Advantage C:\WINDOWS\system32\WgaLogon.dll
(verified) Microsoft IME 2002 C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\BROWSEUI.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\LogonUI.EXE
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\WPDShServiceObj.dll
(verified) Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll


Browser plugins
---------------
AcroIEHelperShim Library c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll
Adobe Acrobat C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
AT&T Toolbar c:\program files\atttoolbar\atttoolbar.dll
Bing Bar C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll
BitDefender QuickScan C:\WINDOWS\Downloaded Program Files\qsax.dll
Bonjour C:\Program Files\Bonjour\mdnsNSP.dll
DivX OVS Helper Plug-in C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
DivX Player Netscape Plugin C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
DivX® Content Upload Plugin C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
InstantPlay for Firefox C:\Documents and Settings\Mr Smith\Application Data\Mozilla\Firefox\Profiles\5lg58vfa.default\extensions\[email protected]\plugins\NPYYGInstantPlay.dll
Logitech Device Detection C:\Documents and Settings\Mr Smith\Application Data\Mozilla\Firefox\Profiles\5lg58vfa.default\extensions\[email protected]\plugins\npLogitechDeviceDetection.dll
Messenger C:\Program Files\Messenger\msmsgs.exe
Microsoft Search Enhancement Pack C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
Microsoft® Windows Live ID c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\mswsock.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll
Microsoft® Windows® Operating System C:\WINDOWS\System32\winrnr.dll
Motive Plugin C:\Program Files\Common Files\Motive\npMotive.dll
Mozilla Default Plug-in C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
Nexon Game Controller C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
npitunes.dll C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
NPSWF32.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
PC Tools Content Filter C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
Shockwave for Director C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
Silverlight Plug-In C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
Solid Network Manager C:\Documents and Settings\Mr Smith\Application Data\Mozilla\Firefox\Profiles\5lg58vfa.default\extensions\[email protected]\plugins\solidnm.exe
Solid State ION Mozilla Plugin C:\Documents and Settings\Mr Smith\Application Data\Mozilla\Firefox\Profiles\5lg58vfa.default\extensions\[email protected]\plugins\npssn.dll
SpywareGuard Download Protection c:\program files\spywareguard\dlprotect.dll
Threat Expert Ltd. Browser Defender C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll
Turner Media Plugin 1.0.0.10 C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll
Windows Genuine Advantage C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
Windows Presentation Foundation C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
Windows® Internet Explorer C:\WINDOWS\system32\IEFRAME.dll
(verified) Java Deployment Toolkit 6.0.200.2 C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
(verified) Java™ Platform SE 6 U20 c:\program files\java\jre6\bin\jp2ssv.dll
(verified) Java™ Platform SE 6 U20 c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe


Scan
----
MD5: 6d657abadf217dbb17cf0a0af44a7e29 C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
MD5: 7ec1b4f1632bc2202819c9d102776870 C:\Documents and Settings\Mr Smith\Application Data\Mozilla\Firefox\Profiles\5lg58vfa.default\extensions\[email protected]\plugins\npLogitechDeviceDetection.dll
MD5: 2a2328559031591d18b7adadbc9db3e0 C:\Documents and Settings\Mr Smith\Application Data\Mozilla\Firefox\Profiles\5lg58vfa.default\extensions\[email protected]\plugins\npssn.dll
MD5: 78edb305b8bc3912ec4659ede9cf3fd0 C:\Documents and Settings\Mr Smith\Application Data\Mozilla\Firefox\Profiles\5lg58vfa.default\extensions\[email protected]\plugins\solidnm.exe
MD5: 8c0f55671c8329efd39a778ce5648523 C:\Documents and Settings\Mr Smith\Application Data\Mozilla\Firefox\Profiles\5lg58vfa.default\extensions\[email protected]\plugins\NPYYGInstantPlay.dll
MD5: 2e11372a64ba17bf5e1a7a9b5939182f C:\Documents and Settings\Mr Smith\Local Settings\Application Data\Microsoft\Toolbar\Applications\AppMgr.dll
MD5: 5a5085aa903b033ed5467bd185a0d3f2 C:\Documents and Settings\Mr Smith\Local Settings\Application Data\Microsoft\Toolbar\Applications\SCExtension.dll
MD5: 2c3bc3cb4f775f868c020ea7185065fe C:\Documents and Settings\Mr Smith\Local Settings\Application Data\Microsoft\Toolbar\Applications\WLExtension.dll
MD5: 96d236ebb8d5dc31cb5b04d3cd940a10 C:\Program Files\ATT-SST\McciTrayApp.exe
MD5: 9f7c6aadf6b57946d4c37c9c910ec3f4 c:\program files\atttoolbar\atttoolbar.dll
MD5: 545f106781b7ab23651e77c8e5e104c9 C:\Program Files\awesome\mbamext.dll
MD5: c69dbfa61fe3dea653a9b83c3a2b052b C:\Program Files\Bonjour\mdnsNSP.dll
MD5: f832f1505ad8b83474bd9a5b1b985e01 C:\Program Files\Bonjour\mDNSResponder.exe
MD5: 203a74767eb81f96a5166b1933db46d0 c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
MD5: ff575e76da89a3cede920bb71ee2f3c7 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
MD5: dddd1d04d5f4360371bc99c7c476f70d C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll
MD5: d855b0e63ecafe9ebd086af6691e0016 C:\Program Files\Common Files\Apple\Apple Application Support\CFNetwork.DLL
MD5: 749cf03badc40453f61fd7025e2ba2f5 C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll
MD5: 90e11d62f692f5a0b7dfc548f776baaf C:\Program Files\Common Files\Apple\Apple Application Support\icudt40.dll
MD5: c7b2c357f485a3046da50da779068648 C:\Program Files\Common Files\Apple\Apple Application Support\icuin40.dll
MD5: 0ef9d6c6c04cab0b87c57330910d20a6 C:\Program Files\Common Files\Apple\Apple Application Support\icuuc40.dll
MD5: 7ef0c8a9a1a57756f4868e3693173c08 C:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll
MD5: 258d35f5f5f5f3f6045488ecdc14faab C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll
MD5: 20f6f19fe9e753f2780dc2fa083ad597 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
MD5: dc70310b3d079d667b67f0c7067209f3 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll
MD5: e6748a0adc22f0595e31448cac746d3f C:\Program Files\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll
MD5: cf480a158502332be8afa589963bb0e1 c:\program files\common files\logishrd\bluetooth\LBTServ.dll
MD5: a0f7dc0080e4f97dc97de08b699e231b C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
MD5: 2acbfef9984f0fe9849da857206ccecc c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
MD5: 8a244848ba55750733fec7c2fcf39abd C:\Program Files\Common Files\Logishrd\KHAL2\KhalApi.dll
MD5: 2027fe3aeab821a35df6a6394e7bc07b C:\Program Files\Common Files\Logishrd\KHAL2\KHALHID.DLL
MD5: e80bd1af0ec504090654b747059a42e5 C:\Program Files\Common Files\Logishrd\KHAL2\KHALHPP.DLL
MD5: 148a9f671cf5f55a4089af2cea74df79 C:\Program Files\Common Files\Logishrd\KHAL2\KHALITCH.DLL
MD5: 19e0d28fe38f55ca4c63f77d3657959a C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
MD5: 29d15e2a9c8d8d72c1689b12599c8f63 C:\Program Files\Common Files\Logishrd\KHAL2\KHALMOU.DLL
MD5: c47f66c47a1d2f5f6cc95184cf0375be C:\Program Files\Common Files\Logishrd\KHAL2\KHALMW.DLL
MD5: 97cf0bc350d365d9c098f86d712bd297 C:\Program Files\Common Files\Logishrd\KHAL2\KHALUSB.DLL
MD5: 5eb87ba0b93ca7e894fc8002e3ce4c2a C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
MD5: f8b823414a22dbf3bec10dcaa5f93cd8 C:\Program Files\Common Files\Motive\McciCMService.exe
MD5: c2b860e2b0a33e94f96b862ad97f01a1 C:\Program Files\Common Files\Motive\McciContextX.dll
MD5: eb260e1beb8f174d8bb77436bae53bde C:\Program Files\Common Files\Motive\npMotive.dll
MD5: 1f162220007b96458ab431812cff2cd6 C:\Program Files\Common Files\PC Tools\Comms\Comms.dll
MD5: 6813e297c930de79ce6386ed69a3a824 C:\Program Files\Common Files\PC Tools\GenTDI\GenericTdiDll.dll
MD5: 20dcb0694d2c34e03a47c53b92684478 C:\Program Files\Common Files\PC Tools\KDS\KDSAppEvent.dll
MD5: e0fc2249a37aace45c50304bc50443d6 C:\Program Files\Common Files\PC Tools\KDS\KDSInterface.dll
MD5: 65a5525149c3a7be7a25347df54193e0 C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll
MD5: d39ef2ebb9cbf81e214edaf14d4792c4 C:\Program Files\Common Files\PC Tools\Outlook Express API\launcher.exe
MD5: 3155f52d09aa76b64dcb4e533b8c7534 C:\Program Files\Common Files\PC Tools\Outlook Express API\oecom.dll
MD5: a6a2f510c624b03b8fff884d221009ca C:\Program Files\Common Files\PC Tools\Outlook Express API\oehook.dll
MD5: 162b589666ef13a5666ad3e1187896ae C:\Program Files\Common Files\PC Tools\pctEFA\pctEFACli.dll
MD5: e14f0925b4ece11ff0c1d53b155266c4 C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
MD5: f4d62a129aaee4a619fce0c03b15e94c C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
MD5: a9d7153b413dd0a43aac72190473eeaf C:\Program Files\Internet Explorer\ieproxy.dll
MD5: 90a5192af9069ee7f8705e12601ae542 C:\Program Files\Internet Explorer\plugins\nppdf32.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
MD5: 5dd552e15419354fcd8ee92ae2660814 C:\Program Files\Internet Explorer\xpshims.dll
MD5: 9033d67b7112d23eded6789bacded128 C:\Program Files\iPod\bin\iPodService.exe
MD5: 8a902eae00a28c96c375dd4e7b38a6f5 C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.DLL
MD5: 3ccc253c106ca03eb9b1842c682a2a0d C:\Program Files\iPod\bin\iPodService.Resources\iPodService.DLL
MD5: 55520af0f65d5bd7a337dcedde886125 C:\Program Files\iTunes\iTunesHelper.dll
MD5: 0cfbe2d135a73ca98381fc8cc8bc5a03 C:\Program Files\iTunes\iTunesHelper.exe
MD5: 4f99047d255b77fda6e51ea97721e3d8 C:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.DLL
MD5: 795aea2511a1c5082fa690d6bd8d202e C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.DLL
MD5: 15a40ada2cfcc400348e37a40237337e C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
MD5: 01e9b4de8290767bd05f1eff4eeca521 C:\Program Files\Logitech\SetPoint\GameHook.dll
MD5: b1efb8afe95483b29c96cf85e81e0a36 C:\Program Files\Logitech\SetPoint\IMHook.dll
MD5: 8eb7717bac088a69646f1d5474e8b50e C:\Program Files\Logitech\SetPoint\kgame.dll
MD5: 1318c19ccc2e74f55137268c41ccf86f C:\Program Files\Logitech\SetPoint\lgscroll.dll
MD5: 0c56004a95702b35e99bafe09f92ae87 C:\Program Files\Logitech\SetPoint\Macros\MacroCore.dll
MD5: d0948be9b3547b9669195d7f84fc09f7 C:\Program Files\Logitech\SetPoint\SetPoint.exe
MD5: 9261ce6e86e7caf12be049055be7b8fc C:\Program Files\Logitech\SetPoint\SetPointCOM.dll
MD5: 38f2c84db3b6f94d12336df0a03c1595 C:\Program Files\Logitech\SetPoint\WebBrowserSupport.dll
MD5: d39c7137f965c1450a27e4325054fffa C:\Program Files\Maxthon3\Bin\Maxthon.exe
MD5: f900beaa1b80b28793af3c12e363bc88 C:\Program Files\Maxthon3\Bin\maxzlib.dll
MD5: 410c111f85a83d385a8c873023382cfe C:\Program Files\Maxthon3\Bin\MxAccount3.dll
MD5: db399819c945f7b0229dc27af5fc2b50 C:\Program Files\Maxthon3\Bin\MxCore.dll
MD5: 41b4046cbe7761e76ccab0752351db32 C:\Program Files\Maxthon3\Bin\MxCoreMan.DLL
MD5: 759fe2bdab2b0e8b53f6674cfb510282 C:\Program Files\Maxthon3\Bin\MxCrashCatch.dll
MD5: c12203407075a82a93b90e58cd0bfc97 C:\Program Files\Maxthon3\Bin\mxdb.dll
MD5: d095658b231b9cd4f846016bd615ee24 C:\Program Files\Maxthon3\Bin\MxFilePackage.dll
MD5: de657c5fa2069b373d530f1f3ba967cb C:\Program Files\Maxthon3\Bin\MxHttpRq.dll
MD5: e8949e61f40ba90d0d7efc7ad136038d C:\Program Files\Maxthon3\Bin\MxIPC.dll
MD5: 8b2477e5bc8af7158f63506bf6c99c0a C:\Program Files\Maxthon3\Bin\MxMsg.dll
MD5: 65c07aa224309af58a234366b1c2a97a C:\Program Files\Maxthon3\Bin\MxResMgr.dll
MD5: d23f4cb663411c86440f10ebbddda118 C:\Program Files\Maxthon3\Bin\MxTool.dll
MD5: b6cfbf6038f9b891793fc8f87e0d7010 C:\Program Files\Maxthon3\Bin\MxUI.dll
MD5: 5a93df7890ba22186bd43c706f8b44a1 C:\Program Files\Maxthon3\Bin\MxXDR.dll
MD5: c1355331e88d3d3f3cb921d4dbc36af3 C:\Program Files\Maxthon3\Core\Webkit\avcodec-52.dll
MD5: 890e2d350cad5c426e99b7d33a586cdd C:\Program Files\Maxthon3\Core\Webkit\avformat-52.dll
MD5: d2947e95025d92f0cb897fe8d8e96763 C:\Program Files\Maxthon3\Core\Webkit\avutil-50.dll
MD5: 0c5bd1f7a69a176d6029a8c598a13261 C:\Program Files\Maxthon3\Core\Webkit\icudt42.dll
MD5: f93341b4a69d5155a48dcd6afbb3dc42 C:\Program Files\Maxthon3\Core\Webkit\MxWebkit.dll
MD5: c502d708d342a058774fea55e4ce83c7 C:\Program Files\Maxthon3\Modules\MxCmpUrl\MxCmpUrl.dll
MD5: 25bd19efe5f48bdc4baf0f2cfbd0d4bd C:\Program Files\Maxthon3\Modules\MxFavDb\MxFavDb.dll
MD5: 642dbb763bf7529364caa0e9859fa846 C:\Program Files\Maxthon3\Modules\MxHistory\MxHistory.dll
MD5: b31e4a90e4e44b2601d7346e5dd129bd C:\Program Files\Maxthon3\Modules\MxMute\MxMute.dll
MD5: 5f3138a6cdad0f256a9a0c113342c8d7 C:\Program Files\Maxthon3\Modules\MxPicLib\MxPicLib.dll
MD5: 8d880f1c8adfc5acbfd8981b29dc8093 C:\Program Files\Maxthon3\Modules\MxSiteIcon\MxSiteIcon.dll
MD5: 2c8c37b7048daa9dbc653c55b94473c3 C:\Program Files\Maxthon3\Modules\MxSmartUrl\MxSmartUrl.dll
MD5: 4200f72c2ec161b8e369c54f739a273a C:\Program Files\Maxthon3\Modules\MxStorage\MxStorage.dll
MD5: c70fd24ea3edcefff107882163919530 C:\Program Files\Maxthon3\Modules\MxSvInfo\MxSvInfo.dll
MD5: 370fbcec70c3eac194b66decfbaa1ea1 C:\Program Files\Maxthon3\Modules\MxUeip\Mxueip.dll
MD5: 4eac8dd46bb0adf441f7fcdf6fa694d1 C:\Program Files\Maxthon3\Modules\MxUrlSec\MxUrlSec.dll
MD5: 603bf4259e51fc8b8f3684602ddb8c33 C:\Program Files\McAfee\Common Framework\0409\AgentRes.dll
MD5: 13e79167fa47f1d9ed41066cb05533e6 C:\Program Files\McAfee\Common Framework\applib.dll
MD5: e851bf9ec4d1f3949389e41a44684f68 C:\Program Files\McAfee\Common Framework\boost_thread-vc71-mt-1_32.dll
MD5: c861150c6ba5930c1eb6f277f3e5de4d C:\Program Files\McAfee\Common Framework\cmalib.dll
MD5: 9d7ef8e7dd3ba8a73ca25e4658ae84b9 C:\Program Files\McAfee\Common Framework\cryptocme2.dll
MD5: 4cd3ee64736b4d156dac5c1d6eb60c24 C:\Program Files\McAfee\Common Framework\FrameworkService.exe
MD5: 7fdfd5c4b7c157a9c6d3ff1a5c13f9d7 C:\Program Files\McAfee\Common Framework\ipcchannel.dll
MD5: 37ed728f9e751672baaeb236adf61b56 C:\Program Files\McAfee\Common Framework\Logging.dll
MD5: 0e077fc44bbd3aa315140c8161984d5c C:\Program Files\McAfee\Common Framework\Management.dll
MD5: 2f3e052d9660e0dc09254315eba3bd8b C:\Program Files\McAfee\Common Framework\mfeCmnLib71.dll
MD5: c0c10104e915cf6ef02d16d016dfc878 C:\Program Files\McAfee\Common Framework\naCmnLib3_71.dll
MD5: 7f44d37ede4b746e7212c9787af16a3f C:\Program Files\McAfee\Common Framework\nailog3.dll
MD5: 90ee52096d23a89bec489a3028a0eae6 C:\Program Files\McAfee\Common Framework\naPolicyManager.dll
MD5: 9916f961341557b3ed2d39ca3c5c8c09 C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
MD5: 006fe11e74645abf16320a2d8f444efd C:\Program Files\McAfee\Common Framework\naxml3_71.dll
MD5: 025fae02ef0b04686e99813a40bb1b06 C:\Program Files\McAfee\Common Framework\Scheduler.dll
MD5: 0472ffd671052ecfb0fbe5891de321dc C:\Program Files\McAfee\Common Framework\SecureFrameworkFactory3.dll
MD5: 4845f4eabece905d1cdf501ebf8e0161 C:\Program Files\McAfee\Common Framework\TCSubSys.dll
MD5: a63ba6f20b51bd2bad6cbcab245fca00 C:\Program Files\McAfee\Common Framework\updater.dll
MD5: 5824fa8d9c15dba1ab7cc41d978575ca C:\Program Files\McAfee\Common Framework\UpdateSubSys.Dll
MD5: dc6da0ed39a0b77aeb7abf3f482e9155 C:\Program Files\McAfee\Common Framework\UserSpace.Dll
MD5: 3e930c641079443d4de036167a69caa2 C:\Program Files\Messenger\msmsgs.exe
MD5: 74ca33b3daac6c4f1de9df67ff61b9ec C:\Program Files\Microsoft Silverlight\4.0.60531.0\agcore.dll
MD5: 386fd3bef4f055da601d41fb796789b1 C:\Program Files\Microsoft Silverlight\4.0.60531.0\coreclr.dll
MD5: 443fe90ebaf037d830991621d893e760 C:\Program Files\Microsoft Silverlight\4.0.60531.0\mscorrc.dll
MD5: c3e42cbf8215171a524d123a54ae3233 C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
MD5: 1d89eb4e2a99cabd4e81225f4f4c4b25 c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
MD5: 86ebd8b1f23e743aad21f4d5b4d40985 C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
MD5: d89083c4eb02daca8f944b0e05e57f9d C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
MD5: d1e2786d29a34009a54868b6b0449296 c:\Program Files\Microsoft SQL Server\90\Shared\sqlwvss_xp.dll
MD5: e111ced19d6a9ff9bba5c219d0c5a3ce c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\opends60.dll
MD5: 247fe8defbb95a4319c7b4b215f92891 c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\Resources\1033\sqlevn70.RLL
MD5: d6d4130c0bbc0d18c2da703cc38260a9 c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlos.dll
MD5: 837608240884733792ddae81e50b802a C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
MD5: 9ed4f1d990a3d16112155ea2d50e7975 C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
MD5: 0deea33c7df8de7802c37651013e5830 C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
MD5: 4933e09ff7d394a366a81728e0e7f7c9 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll
MD5: 696507a45cdad3a659ad7eda85038389 C:\Program Files\Microsoft\Search Enhancement Pack\Search Box Extension\srchbxex.dll
MD5: 5ab2ac3a28554ba636fb174e632b2d20 C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
MD5: b9cb851b2e39b4336822ac879fde218b C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
MD5: a4437f59964fbfad2d4a903c13f5cefc C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
MD5: 90a5192af9069ee7f8705e12601ae542 C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
MD5: 0633acdf6934b7e44e65acbd795b6c6f C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll
MD5: 8ce40f2502848ac95354a46107b792a2 C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe
MD5: bbc210f8ef8d62edf2fa86fcdaaa3820 C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll
MD5: 6cf7d6119fc02fcc558866d1d5ccc182 C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\XmlLite.dll
MD5: 76bfe987b8d6c53da66231e233859e80 C:\Program Files\NCH Software\Doxillion\doxillion.exe
MD5: a75ad717b95dd7a827a1ba6c11156950 C:\Program Files\NCH Swift Sound\Switch\switch.exe
MD5: da32f8864eff0b437a7f4bd75fa9a7ba C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe
MD5: c4305f070481199d102f20dac23e554b C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
MD5: eb0e5b828bd668e6e3cc2e7a47ef0deb C:\Program Files\NVIDIA Corporation\nTune\nTuneServiceENU.dll
MD5: 1a1386928f80878414fce4a55ae08af3 C:\Program Files\NVIDIA Corporation\nTune\nvsulib.dll
MD5: bafbd93d2c8b20cf1992d2fe4c60f442 C:\Program Files\PC Tools Security\AntiSpamGUI.ISPlugin.dll
MD5: 3fd430cf31f7fc9c8653ec1cad5365a9 C:\Program Files\PC Tools Security\avdb\201106210750\ecmldr32.DLL
MD5: e95ad4126a436214575ff75dd581f5c2 C:\Program Files\PC Tools Security\avdb\201106210750\ecmsvr32.dll
MD5: 33eec582065ac6e01fb5402e0bedb787 C:\Program Files\PC Tools Security\avdb\201106210750\NAVENG32.DLL
MD5: 87cc738c2b4dd902f572c16c4939b522 C:\Program Files\PC Tools Security\avdb\201106210750\NAVEX32a.DLL
MD5: bedc61c5b7bfb74b0a1ea7d545be211f C:\Program Files\PC Tools Security\avengine\dec_abi.dll
MD5: 3fc2d4622bea894f3e35ea228e4b27e3 C:\Program Files\PC Tools Security\avengine\PCTAVEng.dll
MD5: bab41d3ecba77b51bdbffdaeb0acd2ac C:\Program Files\PC Tools Security\avengine\pctdefdb.dll
MD5: 066c89b6dc01c20c684415a616da9175 C:\Program Files\PC Tools Security\avengine\SDAVgate.dll
MD5: 9addeffb0ad41e829d9dab8004fb9546 C:\Program Files\PC Tools Security\avengine\sdkBSCtrl.dll
MD5: 1c16f4a517bbdecc0649625d34ca5324 C:\Program Files\PC Tools Security\avengine\SEPS.dll
MD5: f2dddf1e0c0c9c1122e45d1993cf92c9 C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
MD5: 0f18cbb98cd4721ccdb51a3a9ed71ff3 C:\Program Files\PC Tools Security\BDT\FGuard.exe
MD5: 25089a4b174a06a2972e7b613a930507 C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll
MD5: daaacc787ac1696cd2aac3a4c1d146f4 C:\Program Files\PC Tools Security\BDT\utility.dll
MD5: 8f300995783b9e9b47e71a85b66dd432 C:\Program Files\PC Tools Security\BH.dll
MD5: f8ed348ddfb7a5dd02e18240e5ecdcc9 C:\Program Files\PC Tools Security\cdialogs.dll
MD5: e44db48dcb85fb47916c940bfaba8e02 C:\Program Files\PC Tools Security\commhlpr.dll
MD5: 8e77bf06fbe91c854ffbf02f1aacab1f C:\Program Files\PC Tools Security\CommLib.dll
MD5: df930c8658e41329d673c02d7c20cdbf C:\Program Files\PC Tools Security\CommOM.dll
MD5: 89218e31fd4183bfa0765248a8d9719c C:\Program Files\PC Tools Security\filehlpr.dll
MD5: 6e147197e59d0a4a4d5a9239128b98d8 C:\Program Files\PC Tools Security\FileStorage.sdp
MD5: 51985b430473989cdef2180b311fdcdb C:\Program Files\PC Tools Security\FirewallGUI.ISPlugin.dll
MD5: 67869050e276fbd40f3253df8669c97c C:\Program Files\PC Tools Security\icudt42.dll
MD5: 2335eb797166b50e1edf86f5cf28a8da C:\Program Files\PC Tools Security\icuuc42.dll
MD5: 04aae55fe8483b8b48c06e08294afa7c C:\Program Files\PC Tools Security\IDBLib.sdp
MD5: 02ec161d73c4665101ffcd1bfd1bd628 C:\Program Files\PC Tools Security\Immunizer.sdp
MD5: beb3cdcc3e9b38260729bba4fe66af44 C:\Program Files\PC Tools Security\inethlpr.dll
MD5: 5f891a0093376fa1d2a5997f614b9121 C:\Program Files\PC Tools Security\libkumo.dll
MD5: 66fbf65e208d5de1726c73587f2c445d C:\Program Files\PC Tools Security\Localizer.sdp
MD5: e0489bed562b09f48ceecf729bd7c0b1 C:\Program Files\PC Tools Security\NetworkLayer\FirewallPlugin.dll
MD5: 532a888da203c080ae04e05372241a74 C:\Program Files\PC Tools Security\NetworkLayer\FirewallSDK.dll
MD5: a1293050f88ea883e8a41ba3885f2dda C:\Program Files\PC Tools Security\NetworkLayer\FirewallWrapper.dll
MD5: d169dd8802c42de541d2b7fd6edaea14 C:\Program Files\PC Tools Security\NetworkLayer\PCTCFHook.dll
MD5: 943308d6547b858ae3abdb4ee498d658 C:\Program Files\PC Tools Security\NetworkLayer\PCTWSC.dll
MD5: bc42b2c6d7f166040f29f5cb04f91853 C:\Program Files\PC Tools Security\NetworkLayer\PluginDllFW.dll
MD5: 1046f170023880ff834d9c896b536071 C:\Program Files\PC Tools Security\NetworkLayer\PluginDllSG.dll
MD5: 6dc2c871ddda9f2ec68143c50ea38c46 C:\Program Files\PC Tools Security\NfyMan.sdp
MD5: f826a9e374ab2ee758f1025fdf72f136 C:\Program Files\PC Tools Security\pctgmhk.dll
MD5: 2a1cf150820a784116ad5bdbca0bf444 C:\Program Files\PC Tools Security\PCTMime.dll
MD5: d1b36842266bf5464a36ee141cbfdb75 C:\Program Files\PC Tools Security\PCToolsComponents.bpl
MD5: 79f731182bb91e6bee76803bf968c4aa C:\Program Files\PC Tools Security\pctsGui.exe
MD5: 037f0635ed8a0d0511ad12ad0af2f484 C:\Program Files\PC Tools Security\pctsGuiCore.dll
MD5: ed6c2efeb47524bff4d5e5109fb1a2bb C:\Program Files\PC Tools Security\pctsSvc.exe
MD5: 4f780251cc72bf2515f278a8fff83476 C:\Program Files\PC Tools Security\PCTWSC.dll
MD5: d6485ea1ae4717b34c55b0c1b5512f50 C:\Program Files\PC Tools Security\plugins\Behavior.sdp
MD5: 11f95bbe3a6fbfb93e899aeff67f694c C:\Program Files\PC Tools Security\plugins\Browsers.SDP
MD5: b659ddacb27e97830a654196ab368a9b C:\Program Files\PC Tools Security\plugins\cookie.sdp
MD5: 9a811f90a44b075a6860fdf83e21e7e0 C:\Program Files\PC Tools Security\plugins\DLGuard.sdp
MD5: e3945c447e59fcb428cbaddc430fa3a7 C:\Program Files\PC Tools Security\plugins\email.sdp
MD5: 49a819150ee0271a3e9b09a8c64abd00 C:\Program Files\PC Tools Security\plugins\Firewall.SDP
MD5: a67607a8ab3d4d1a55fc5276ec75e640 C:\Program Files\PC Tools Security\plugins\grAV.sdp
MD5: 8cf0af923cc0cb4f51cddb7fcd15e402 C:\Program Files\PC Tools Security\plugins\grfiles.SDP
MD5: 7448b882a1d261cf840e9459e2571628 C:\Program Files\PC Tools Security\plugins\grImmunizer.SDP
MD5: b40456d81440ba989b563f126cb817d1 C:\Program Files\PC Tools Security\plugins\grregistry.SDP
MD5: 836fc6f5cd95f61549c476cdd04b01bd C:\Program Files\PC Tools Security\plugins\Network.SDP
MD5: 081c9aeee9f64c156c79395117235ec8 C:\Program Files\PC Tools Security\plugins\Process.SDP
MD5: 15a560868299b4597a4cbab2f0f68e47 C:\Program Files\PC Tools Security\plugins\ScriptEngine.SDP
MD5: d63adf4658e791144c7aabd40d366607 C:\Program Files\PC Tools Security\plugins\SDNET.SDP
MD5: b58b4f61db46a9fc7aa6eca74b2461b3 C:\Program Files\PC Tools Security\plugins\Site.sdp
MD5: 7bb932d03fd96745c45c0ae7be29d489 C:\Program Files\PC Tools Security\plugins\SpamMonitor.SDP
MD5: 0cc7d2d874b3eb3c3959127c901d0306 C:\Program Files\PC Tools Security\plugins\StartUp.SDP
MD5: 2785678544dc731fbfdffe3dba127026 C:\Program Files\PC Tools Security\pwindow.dll
MD5: c6d1b993a688527e019139749ff5ff57 C:\Program Files\PC Tools Security\quarantine.sdp
MD5: 003637b3cecc81c2ec3b5aba602e47e1 C:\Program Files\PC Tools Security\RebootManager.sdp
MD5: 91a932378e29e9419adb3b5c5c1c8a05 C:\Program Files\PC Tools Security\RegHelper.dll
MD5: ee4751299febfab77e689c60721ef218 C:\Program Files\PC Tools Security\rtl100.bpl
MD5: 4a8623b86caf020d4171ff1c102e9788 C:\Program Files\PC Tools Security\scaneng.sdp
MD5: f552252170dc83d40c327183d8bc6637 C:\Program Files\PC Tools Security\SDContextExt32.dll
MD5: a3066a9df761b26366150449feebe5f1 C:\Program Files\PC Tools Security\sdcore.dll
MD5: 13b2f239b24002ae0625555585ad2f02 C:\Program Files\PC Tools Security\SDExtra.sdp
MD5: 414b2f69b5042bf0d053705091ef8dce C:\Program Files\PC Tools Security\sdinfo.sdp
MD5: d817f5d172325802791f41f4a9d0e17c C:\Program Files\PC Tools Security\SDNetPlugin.dll
MD5: 2d997fe6520d9471ae3c6945334ff64c C:\Program Files\PC Tools Security\Settings.sdp
MD5: 57246501fc07c2d7c2b7c1168738c9af C:\Program Files\PC Tools Security\SH.dll
MD5: 26c7d1a5015346f2de431de80b0857e5 C:\Program Files\PC Tools Security\smum32.dll
MD5: 80a6b70d11710938ff9c41cd659d7a84 C:\Program Files\PC Tools Security\SOFactory.sdp
MD5: 3d304db9a91cd9c88455f6194e15cb24 C:\Program Files\PC Tools Security\SpamMonitor\Comms.dll
MD5: 07e3ac42072c494d4810e3522ea64459 C:\Program Files\PC Tools Security\SpamMonitor\MailClientLib.dll
MD5: 38b0961127b468c83ec48e7977bb302a C:\Program Files\PC Tools Security\SpamMonitor\SMEngine.dll
MD5: 67697c8b4b4b4fd2a5e4f978b5ddda0b C:\Program Files\PC Tools Security\SpamMonitor\SMPlugin.dll
MD5: 6840fa33bc7bd65f47e51a77cb311d6c C:\Program Files\PC Tools Security\Sqlite3DB.dll
MD5: fe74a60e5aa4b0e4b2babec5d073a001 C:\Program Files\PC Tools Security\stasks.sdp
MD5: 2f97e66a32d679743678fcd9dce0cc37 C:\Program Files\PC Tools Security\SysAccess.dll
MD5: d09a83741e3b68610e691657cb7c8cd6 C:\Program Files\PC Tools Security\SystemMonitor.sdp
MD5: 10ed6ac64c6f70a5e49b679db83be927 C:\Program Files\PC Tools Security\TFEngine\TFAPI.dll
MD5: 6aefef62de1ff48d5ef769a2cc2e9d56 C:\Program Files\PC Tools Security\TFEngine\TFDBM.dll
MD5: a524e5c25dffc8bb9db0746e631ed20f C:\Program Files\PC Tools Security\TFEngine\TFE.dll
MD5: d5de4fb172a0e2f42e0dd128f31c692f C:\Program Files\PC Tools Security\TFEngine\TFExt.dll
MD5: e11b0421b59270042ce0ba3edaefc638 C:\Program Files\PC Tools Security\TFEngine\TFExtCli.dll
MD5: 89a75f6a1fe12815b5ea5dbd334dc8fc C:\Program Files\PC Tools Security\TFEngine\TFLog.dll
MD5: 6a2aeda2cd5fab8d56fc2466f763abb2 C:\Program Files\PC Tools Security\TFEngine\TFMisc.dll
MD5: 2c50df27677b0d4fe940ccdc2b6ca1dc C:\Program Files\PC Tools Security\TFEngine\TFMon.dll
MD5: 2e33e08fca218426e66da004ea74a425 C:\Program Files\PC Tools Security\TFEngine\TFNI.dll
MD5: a13c2ea88df6321edc7646d8d6314abc C:\Program Files\PC Tools Security\TFEngine\TFO.dll
MD5: a08be0b25a53ad3fb722e638826cbbdc C:\Program Files\PC Tools Security\TFEngine\TFPA.dll
MD5: 0d6a18ab05400bd21be38d7e18c95d05 C:\Program Files\PC Tools Security\TFEngine\TFQT.dll
MD5: 45f7c465fe710f677f861ba2a6a4d2f2 C:\Program Files\PC Tools Security\TFEngine\TFRK.dll
MD5: c5462e4d100220d6f03af941448190d0 C:\Program Files\PC Tools Security\TFEngine\TFScan.dll
MD5: 5a8f95122110e22a1861ef4c65c6d7f9 C:\Program Files\PC Tools Security\TFEngine\TFServer.dll
MD5: f3a9ab45dc2e95cd886e4b02140c1a51 C:\Program Files\PC Tools Security\TFEngine\TFService.exe
MD5: 801c763509e47fd242f5d6df6f1ee4d3 C:\Program Files\PC Tools Security\TFEngine\TFSF.dll
MD5: 6b97c38e1cb1f3858b36df22a147717b C:\Program Files\PC Tools Security\TFEngine\TFTM.dll
MD5: 59c0a69f89c294ca8f7babc5e4f27df0 C:\Program Files\PC Tools Security\TFEngine\TFUndo.dll
MD5: 11a05b1cf6bd70e4760b4688fec1b5ab C:\Program Files\PC Tools Security\TFEngine\TFWAH.dll
MD5: 2b182e9f92eecef97bfe0eb5a6a929e0 C:\Program Files\PC Tools Security\TFEngine\TFWS.dll
MD5: e3040babdf5889f66add950bb57cb8e0 C:\Program Files\PC Tools Security\UserModeFileCache.dll
MD5: aa2baee9c50ab6fed72de7c8867dff49 C:\Program Files\PC Tools Security\vcl100.bpl
MD5: 8779bcc5abe7f923d6a71c178ce0480b C:\Program Files\PC Tools Security\whitelist.sdp
MD5: afdae59fe562a7cdb44f9d4abedac316 C:\Program Files\QuickTime\QTSystem\QTCF.dll
MD5: 1d856e6e7490447fcfaa46e09a2bf9c9 C:\Program Files\QuickTime\QTSystem\QuickTime.qts
MD5: 0aee5668eb59912f32ff245bfa72465f C:\Program Files\QuickTime\qttask.exe
MD5: 4a2a05b25df4385f5aec6f07b1c1e93d C:\Program Files\RocketDock\RocketDock.dll
MD5: 7dfccc67990b6de7f30f553a4e4612a4 C:\Program Files\RocketDock\RocketDock.exe
MD5: 964621e8b2415feaa99026ed4f29d198 c:\program files\spywareguard\dlprotect.dll
MD5: a80d0704537c0ef97db2bef24b99af1a C:\Program Files\SpywareGuard\sgbhp.exe
MD5: 61c028aba5e49573a6332f4a7c744e87 C:\Program Files\SpywareGuard\sgmain.exe
MD5: cde968df7ea866320efb8762b50e0ad7 C:\Program Files\SpywareGuard\spywareguard.dll
MD5: da66ceaf1def4da337f1542e0308483d C:\Program Files\Unlocker\UnlockerCOM.dll
MD5: 8a22f6b4976053924fe93dea8218d68a C:\Program Files\WinRAR\rarext.dll
MD5: 9f34f134e39b54189ed6fac354386f04 C:\Program Files\WinSCP\DragExt.dll
MD5: 9bd4dcb5412921864a7aacdedfbd1923 C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
MD5: 07c02c892e8e1a72d6bf35004f0e9c5e C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
MD5: 310c15fd8358b2c4cd7a5b98a112883f C:\WINDOWS\AppPatch\AcGenral.DLL
MD5: 23dc75d158d484177ffe99e23264f89f C:\WINDOWS\Downloaded Program Files\qsax.dll
MD5: e6bb63bbe1bed01769ca87f4dac286c8 C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
MD5: e6a9f68d26a094fb78b98180a40a29fc C:\WINDOWS\KHALMNPR.EXE
MD5: ab87eeffd18f2baafc274e7075ea6c67 C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
MD5: f83709d0bacba84d297183825f089d98 C:\WINDOWS\mixer.exe
MD5: 61d6b1c71ad94f8485e966bebc36d092 C:\WINDOWS\nvoclock.sys
MD5: 5e5c35becd66e684c2237b0524176014 C:\WINDOWS\PCTBDCore.dll
MD5: f7e675ebde6da3a1665f2dcfa683322f C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
MD5: 112c08b937e12779b08d3ea57074a6b1 C:\WINDOWS\system32\CmdLineExt.dll
MD5: 4ceda87bd146e666bb8c7ddf2d715a41 C:\WINDOWS\System32\cmnprop.dll
MD5: 93afb83fbc1f9443cac722fca63d73bf C:\WINDOWS\system32\comctl32.dll
MD5: ed0c0df222209e43ad9afbf3fe87dde0 C:\WINDOWS\system32\comsvcs.dll
MD5: 8fcf03e4d7be9b5587ccf11719959006 C:\WINDOWS\system32\corpol.dll
MD5: bdaaf79dd63f194434d31a74b9bb8b77 C:\WINDOWS\system32\CRYPT32.dll
MD5: c14350fc0d47d806699c4f907fc6785b C:\WINDOWS\system32\CRYPTNET.dll
MD5: 515a7fae2070c2b0242b2353443e2f11 C:\WINDOWS\System32\CSCDLL.dll
MD5: 6100d350770a5595fbf4c96f3510badc C:\WINDOWS\system32\CSRSRV.dll
MD5: 56adb11f7d4d0816c0be1e701c1b5e52 C:\WINDOWS\system32\D3DIM700.DLL
MD5: e2092f0a1d7abc243f9c2362483d150d C:\WINDOWS\System32\dimsntfy.dll
MD5: 389496118b3b03c2328024af320132ac c:\windows\system32\DNSAPI.dll
MD5: 5f7e24fa9eab896051ffb87f840730d2 c:\windows\system32\dnsrslvr.dll
MD5: eea92d2e914195ecb612b78570234372 C:\WINDOWS\system32\dopdfmn6.dll
MD5: d651151c706b961cf375ffd33545daf9 C:\WINDOWS\system32\dpnhupnp.dll
MD5: 355556d9e580915118cd7ef736653a89 C:\WINDOWS\System32\drivers\afd.sys
MD5: 59301936898ae62245a6f09c0aba9475 C:\WINDOWS\system32\DRIVERS\AmdK8.sys
MD5: 694a022f3ca43ba0a75ab85a7223cf6c C:\WINDOWS\system32\drivers\bcgame.sys
MD5: e5842ccf0953d3d46d5e26427b67e901 C:\WINDOWS\system32\drivers\cmaudio.sys
MD5: 78cc22326e584d2c02e1ab8b38dbb00f C:\WINDOWS\System32\Drivers\JmtFltr.sys
MD5: d1968dea7baff4a917858c384339cec8 C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
MD5: d6fc755ff505d99e6cc73e83492310df C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
MD5: 24e0ddb99aeccf86bb37702611761459 C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
MD5: d58b330d318361a66a9fe60d7c9b4951 C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
MD5: c149bdad13194df16ea33f9f601ed7bf C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
MD5: 144011d14bd35f4e36136ae057b1aadd C:\WINDOWS\System32\Drivers\LUsbFilt.Sys
MD5: 0dc719e9b15e902346e87e9dcd5751fa C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
MD5: 0344aa9113dc16eec379f4652020849d C:\WINDOWS\system32\DRIVERS\nvata.sys
MD5: a545df28f75bcb109a3aadbb07552b12 C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
MD5: ea41f641420f3d8271804d287c1ef461 C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
MD5: 238d3211ecf5ec32a2d78dbada197dfe C:\WINDOWS\system32\drivers\PCTAppEvent.sys
MD5: 995e6bc3bb92bb4a9eb49a663c43b6cb C:\WINDOWS\system32\drivers\PCTCore.sys
MD5: f820b4c61d1e591325b679d479d4eea4 C:\WINDOWS\system32\drivers\pctDS.sys
MD5: acc8c15f3d59f17c5d903ff1de3b43d3 C:\WINDOWS\system32\drivers\pctEFA.sys
MD5: 5be722c8c9bba995693c8cd524d83b27 C:\WINDOWS\system32\drivers\pctgntdi.sys
MD5: 60af5fa418efe284fb81dbbf5a0391fb C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys
MD5: 32d0dcb9bc33d5c0b29243e3d783b9e6 C:\WINDOWS\system32\DRIVERS\pctNdis.sys
MD5: fe6803af91ddb32ff8edf5d6c0d370af C:\WINDOWS\system32\drivers\pctplfw.sys
MD5: 1ea4b41d30f28ff5e186a49b4a1d36d9 C:\WINDOWS\system32\drivers\pctplsg.sys
MD5: 71e276f6d189413266ea22171806597b C:\WINDOWS\System32\Drivers\sptd.sys
MD5: 47ddfc2f003f7f9f0592c6874962a2e7 C:\WINDOWS\system32\DRIVERS\srv.sys
MD5: 27a2c318cd28cfb3eb2200fd96af1e58 C:\WINDOWS\system32\DRIVERS\tapvpn.sys
MD5: 1c7be4e77d42a93e6cd82ef742a50524 C:\WINDOWS\system32\drivers\TfFsMon.sys
MD5: 40d1ad5741204ea83661e1b4d3d0d0c5 C:\WINDOWS\system32\drivers\TfNetMon.sys
MD5: 5d30e224ac2183357cb478b5cb73bd31 C:\WINDOWS\system32\drivers\TfSysMon.sys
MD5: d4fb6ecc60a428564ba8768b0e23c0fc C:\WINDOWS\System32\Drivers\usbaapl.sys
MD5: dffab3374f554977c4bb1b575a7b6502 C:\WINDOWS\system32\DRIVERS\vhidmini.sys
MD5: 09e5340bd9b2cb730bf4dc6be7721291 C:\WINDOWS\system32\DRIVERS\xusb21.sys
MD5: f5b754cdea20bbb3a31e16a776ede6d6 C:\WINDOWS\system32\ESENT.dll
MD5: 77ebf3e9386daa51551af429052d88d0 C:\WINDOWS\system32\giveio.sys
MD5: a78516d04dd71a18fdfdf820a6413634 C:\WINDOWS\system32\GLU32.dll
MD5: af61826b82de7b95d5db8ee075a172d2 C:\WINDOWS\system32\IEFRAME.dll
MD5: c0b6195f1afda4a3061915501eb75d4a C:\WINDOWS\system32\iepeers.dll
MD5: ba356bd33397936d2e292cb00f80c164 C:\WINDOWS\system32\iertutil.dll
MD5: 1b17e09c1223f6d17336d2dd7a1af4f4 C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe
MD5: 024dc0f68df5fd6ae9dd82dfbaf479d6 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
MD5: 73c37297c84dc0500aeef8ec130afd60 C:\WINDOWS\system32\inetcomm.dll
MD5: 63e8d944afbeebb243f25c4ed07e74c5 C:\WINDOWS\system32\inetmib1.dll
MD5: 0689622e6484934eb6e5f4d3a96311f9 C:\WINDOWS\system32\jscript.dll
MD5: ea2ec63fc221cd02e47a6e4f1efac2f1 C:\WINDOWS\system32\jsproxy.dll
MD5: a7db3812b8b4a2990120f59365f697d3 C:\WINDOWS\system32\kemutb.dll
MD5: a8cc23eec3eeade85b9cbe11ce7e7036 C:\WINDOWS\system32\KemUtil.dll
MD5: 9c6030f6a16cb0b834695aa9d767f8f7 C:\WINDOWS\system32\KemWnd.dll
MD5: 2607f1d062fcc0d474993b6e2fe9a4cf C:\WINDOWS\system32\KemXML.dll
MD5: a525c96c51d55111fdf3bea9ffffc7ae C:\WINDOWS\system32\kerberos.dll
MD5: 20fa028cb6506591a99c51432a3c0174 C:\WINDOWS\system32\LangWrbk.dll
MD5: bd31dc6dbe9333c4fbd4bdf0899f2160 C:\WINDOWS\system32\LSASRV.dll
MD5: 91fb9cfb43c46b685f6cbc4ea9559cb0 C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MD5: f35a584e947a5b401feb0fe01db4a0d7 C:\WINDOWS\system32\MFC71.DLL
MD5: 714cf24fc19a20ae0dc701b48ded2cf6 C:\WINDOWS\system32\mscomctl.ocx
MD5: 3f790874a85819e94574f3e7af9c5806 C:\WINDOWS\system32\msctfime.ime
MD5: 14da23d2b9310c694aba9dcae14dc059 C:\WINDOWS\system32\msfeeds.dll
MD5: 22ba5235ea846eda87f68a1dcc2bfcf9 C:\WINDOWS\system32\mshtml.dll
MD5: d3f72d50de53f9f1f55240115af4d42e C:\WINDOWS\system32\msi.dll
MD5: f28eb5cbc3ca6d8c787f09f047d1f9c8 C:\WINDOWS\system32\MSVBVM60.DLL
MD5: 943337d786a56729263071623bbb9de5 C:\WINDOWS\system32\mswsock.dll
MD5: 062f837c1fbdb6a0a75f82efc2ee8e74 C:\WINDOWS\system32\NETSHELL.dll
MD5: f8f0d25ca553e39dde485d8fc7fcce89 C:\WINDOWS\system32\ntdll.dll
MD5: 40b0f98bad16ad5def894e88c3ef8014 C:\WINDOWS\system32\ODBC32.dll
MD5: 7a6a7900b5e322763430ba6fd9a31224 C:\WINDOWS\system32\ole32.dll
MD5: 1b2be5777f69a71778f52ffee1c798d6 C:\WINDOWS\system32\OLEAUT32.dll
MD5: f5df4c09808dbd4d84a3871a5a3db91b C:\WINDOWS\system32\OPENGL32.dll
MD5: eb4a8f35a70a887fe32f43a3aa7d4e9a C:\WINDOWS\system32\RICHTX32.OCX
MD5: d17453539d0bfd2df8539e8b0d393684 C:\WINDOWS\system32\RPCNS4.dll
MD5: d4502f124289a31976130cccb014c9aa C:\WINDOWS\system32\RPCRT4.dll
MD5: 72451fd61ddbb0a1fb071b7c3cde5594 C:\WINDOWS\system32\rsvpsp.dll
MD5: f0a0ebf086597e645bc14b0d98f8ba58 C:\WINDOWS\system32\scrrun.dll
MD5: 8bcd11d38fce43a519246a91cc40de6a C:\WINDOWS\system32\security.dll
MD5: 26cb10fa893f940ab09713ff46dcdade C:\WINDOWS\system32\SHDOCVW.dll
MD5: e86423aa9aa8c382af02b94a058dc2aa C:\WINDOWS\system32\SHELL32.dll
MD5: 99bc0b50f511924348be19c7c7313bbf C:\WINDOWS\system32\SHSVCS.dll
MD5: 60784f891563fb1b767f70117fc2428f C:\WINDOWS\system32\spoolsv.exe
MD5: 77a54bdfbad4604e6131ae68e3cf76d6 C:\WINDOWS\system32\SrClient.dll
MD5: 3a7c3cbe5d96b8ae96ce81f0b22fb527 c:\windows\system32\srvsvc.dll
MD5: d66709f79d595dd378c995c3347349c1 C:\WINDOWS\system32\sstext3d.scr
MD5: 78bb1e601edab917094b0260a5a57c85 C:\WINDOWS\system32\urlmon.dll
MD5: a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\system32\userinit.exe
MD5: 9e03dc5ab51cfd0190541ce2038d819d C:\WINDOWS\system32\USP10.dll
MD5: 4306fa2f1099d7c606139255fdb62b19 C:\WINDOWS\system32\wbem\framedyn.dll
MD5: cc951c2212a200475a587a440e0aa804 C:\WINDOWS\system32\WININET.dll
MD5: d72b9ec3337b247a666f098f3d6b43de C:\WINDOWS\System32\winrnr.dll
MD5: 42b5427fac23bf6f1f31e466b7feb084 C:\WINDOWS\system32\winsrv.dll
MD5: 2cc34e8bb667eef78899546e12649196 C:\WINDOWS\system32\WlNotify.dll
MD5: 77b4be0c9aa0ac78884d8e7cfb315463 C:\WINDOWS\system32\wmp.dll
MD5: e8885a533a3d46209851433e3b9b3bc4 C:\WINDOWS\system32\wmploc.dll
MD5: 60b8c0db5a8e4d7b4712df66d6ff2788 C:\WINDOWS\system32\Wship6.dll
MD5: 16403217ab6fc5c30c14c6b12098ad4b C:\WINDOWS\system32\xpsp2res.dll
MD5: d5e459bed3db9cf7fc6cc1455f177d2d C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_a4c618fa\ATL80.DLL
MD5: 0b3595a4ff0b36d68e5fc67fd7d70fdc C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCP80.dll
MD5: c9564cf4976e7e96b4052737aa2492b4 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
MD5: e2c48cd0132d4d1dc7d0df9a6bef686a C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\MFC80U.DLL
MD5: 28a09777d2d952122567a8a82f1a2c7b C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\MFC80ENU.DLL
MD5: 4c39358ebdd2ffcd9132a30e1ec31e16 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\MSVCP90.dll
MD5: cdbe9690cf2b8409facad94fac9479c9 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\MSVCR90.dll
MD5: 736b12b725aeb2b07f0241a9f680cb10 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MD5: 33d9b7bb7ba323bafe489df033dac824 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_x-ww_c7dad023\gdiplus.dll


Scan finished - communication took 20 sec
Total traffic - 0.00 MB sent, 0.00 KB recvd
Scanned 877 files and modules - 31 seconds

==============================================================================
  • 0

Advertisements


#26
sempai

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
I think there are still registry remnants of AT&T internet security, we will figure this out.


1. Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
  • Download the latest version of Java Runtime Environment (JRE) Version 6.
  • Look for "JDK 6 Update 26 (JDK or JRE).
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".

    • Select "Windows x86 Offline" and click on jre-6u26-windows-i586.exe
  • Save it to your desktop
  • Close any programs you may have running - especially your web browser.
  • Uninstall all older versions of Java (any item with Java Runtime Environment, JRE or J2SE in the name).
  • Reboot your computer once all Java components are removed.
  • Install the newest version by double clicking (run as Administrator for Windows Vista/Seven) the downloaded file.


2. Update Adobe Reader so you will not become vulnerable for infections.
  • Uninstall your old version of Adobe Reader.
  • Download the latest version of Adobe Reader. --> HERE
  • Click download to download the file and install it by following the prompts.


3. Please run OTL and click the "Quick Scan" button, post the new report for my review.
  • 0

#27
Piros

Piros

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
I installed the updates you wanted. I think Adobe Flash Player is old, too. I used to keep it updated with its automatic update reminders, but a while back it stopped working correctly. It got to the point I would install an update, and then the next time I restarted my computer it would want me to install the update again. I started just ignoring them.

Anyway, here's the OTL log.

OTL logfile created on: 6/22/2011 4:55:19 AM - Run 4
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Documents and Settings\Mr Smith\Desktop\PC Cleaning Tools
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.95 Gb Available Physical Memory | 47.33% Memory free
6.35 Gb Paging File | 5.26 Gb Available in Paging File | 82.81% Paging File free
Paging file location(s): C:\pagefile.sys 4608 4608 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 83.24 Gb Total Space | 10.18 Gb Free Space | 12.24% Space Free | Partition Type: NTFS
Drive H: | 87.89 Gb Total Space | 81.32 Gb Free Space | 92.52% Space Free | Partition Type: NTFS

Computer Name: IAINPC | User Name: Mr Smith | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/12 07:27:19 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mr Smith\Desktop\PC Cleaning Tools\OTL.exe
PRC - [2011/05/30 03:06:58 | 003,462,464 | ---- | M] (Maxthon International ltd.) -- C:\Program Files\Maxthon3\Bin\Maxthon.exe
PRC - [2011/01/13 15:17:26 | 001,589,208 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsGui.exe
PRC - [2011/01/07 14:54:12 | 000,108,496 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\PC Tools Security\BDT\FGuard.exe
PRC - [2011/01/07 14:54:08 | 000,247,760 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
PRC - [2010/12/31 09:36:22 | 000,070,928 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\TFEngine\TFService.exe
PRC - [2010/11/19 06:57:14 | 001,150,936 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsSvc.exe
PRC - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsAuxs.exe
PRC - [2009/10/22 01:23:14 | 001,577,984 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\ATT-SST\McciTrayApp.exe
PRC - [2008/07/21 12:37:06 | 000,086,016 | ---- | M] (Nektra S.A.) -- C:\Program Files\Common Files\PC Tools\Outlook Express API\launcher.exe
PRC - [2008/05/02 02:44:08 | 000,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008/05/02 02:40:56 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/14 05:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2008/03/14 05:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2007/09/04 19:25:44 | 000,131,072 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
PRC - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
PRC - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files\SpywareGuard\sgmain.exe
PRC - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files\SpywareGuard\sgbhp.exe
PRC - [2002/10/15 18:00:20 | 001,818,624 | ---- | M] (C-Media Electronic Inc. (www.cmedia.com.tw)) -- C:\WINDOWS\mixer.exe


========== Modules (SafeList) ==========

MOD - [2011/06/12 07:27:19 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mr Smith\Desktop\PC Cleaning Tools\OTL.exe
MOD - [2011/05/14 01:17:40 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll
MOD - [2010/12/31 09:36:32 | 000,406,800 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\TFEngine\TFWAH.dll
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/08/04 13:19:26 | 000,157,768 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\smum32.dll
MOD - [2010/08/04 13:19:26 | 000,150,576 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\PCTGMhk.dll
MOD - [2008/05/02 02:42:50 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
MOD - [2007/09/02 13:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (WPFFontCache_v0400)
SRV - File not found [Disabled | Stopped] -- -- (NetTcpPortSharing)
SRV - File not found [On_Demand | Stopped] -- -- (LiveTurbineNetworkService)
SRV - File not found [On_Demand | Stopped] -- -- (LiveTurbineMessageService)
SRV - File not found [On_Demand | Stopped] -- -- (aspnet_state)
SRV - [2011/01/07 14:54:08 | 000,247,760 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2010/12/31 09:36:22 | 000,070,928 | ---- | M] (PC Tools) [On_Demand | Running] -- C:\Program Files\PC Tools Security\TFEngine\TFService.exe -- (ThreatFire)
SRV - [2010/11/19 06:57:14 | 001,150,936 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/06/03 12:39:00 | 003,116,380 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2008/05/02 02:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/03/14 05:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2007/09/04 19:25:44 | 000,131,072 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2006/12/02 06:17:54 | 002,805,000 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)


========== Driver Services (SafeList) ==========

DRV - [2011/01/17 09:11:12 | 000,125,248 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctplfw.sys -- (pctplfw)
DRV - [2011/01/17 09:10:26 | 000,251,560 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2011/01/12 11:36:22 | 000,089,472 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys -- (PCTFW-PacketFilter)
DRV - [2010/12/31 09:36:40 | 000,069,392 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - [2010/12/31 09:36:38 | 000,033,552 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2010/12/31 09:36:36 | 000,051,984 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2010/12/16 08:46:04 | 000,070,536 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctplsg.sys -- (pctplsg)
DRV - [2010/12/10 16:57:26 | 000,160,448 | ---- | M] (PC Tools) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PCTAppEvent.sys -- (PCTAppEvent)
DRV - [2010/12/10 13:24:12 | 000,239,168 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/08/10 17:58:50 | 000,056,536 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctNdis.sys -- (pctNdisMP)
DRV - [2010/08/10 17:58:50 | 000,056,536 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pctNdis.sys -- (pctNdis)
DRV - [2010/07/16 14:59:54 | 000,656,320 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pctEFA.sys -- (pctEFA)
DRV - [2010/07/16 14:59:54 | 000,338,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pctDS.sys -- (pctDS)
DRV - [2009/10/01 18:41:44 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2009/09/04 12:46:04 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/09/04 12:46:04 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/06/01 13:11:13 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/04/13 13:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/02/29 03:13:46 | 000,028,944 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2008/02/29 03:13:36 | 000,079,120 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2008/02/29 03:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/02/29 03:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008/02/29 03:12:56 | 000,063,120 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2008/02/29 03:12:48 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2008/01/23 16:25:32 | 000,027,136 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tapvpn.sys -- (tapvpn)
DRV - [2007/09/27 15:46:12 | 000,048,896 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\JmtFltr.sys -- (JmtFltr)
DRV - [2007/09/19 18:01:06 | 000,012,672 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vhidmini.sys -- (vhidmini)
DRV - [2007/09/04 19:26:32 | 000,029,696 | ---- | M] (NVidia Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\nvoclock.sys -- (NVR0Dev)
DRV - [2005/09/29 23:52:22 | 000,013,056 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005/09/29 23:52:20 | 000,034,048 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/08/18 16:52:06 | 000,093,568 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2005/03/09 15:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2003/07/23 14:16:48 | 000,022,821 | ---- | M] (Belkin Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcgame.sys -- (bcgame)
DRV - [2002/11/18 15:51:40 | 000,377,358 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmaudio.sys -- (cmpci) C-Media PCI Audio Driver (WDM)
DRV - [1996/04/03 14:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E6 1B F2 E6 9C A7 CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.wowhead.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.8
FF - prefs.js..extensions.enabledItems: {daf44bf7-a45e-4450-979c-91cf07434c3d}:1.5.8
FF - prefs.js..extensions.enabledItems: {469CEB59-8266-438b-91D9-82F56D595E15}:1.19
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.21.0.11
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071101000055
FF - prefs.js..extensions.enabledItems: {d33c2f7c-b1e6-4d46-ab0e-be1f6d05c904}:2.0.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.0.20
FF - prefs.js..extensions.enabledItems: {46868735-c3fa-47ce-8ce7-cce51a66aceb}:1.2
FF - prefs.js..extensions.enabledItems: [email protected]:0.8.9.8
FF - prefs.js..extensions.enabledItems: {5384767E-00D9-40E9-B72F-9CC39D655D6F}:1.4.1.0
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {cb84136f-9c44-433a-9048-c5cd9df1dc16}:3.0.0.300
FF - prefs.js..extensions.enabledItems: {50931610-3d8e-11dd-ae16-0800200c9a66}:1.0
FF - prefs.js..keyword.URL: "http://us.yhs.search...2-tb-web_us&p="

FF - HKLM\software\mozilla\Firefox\extensions\\{F9EFC5C2-7787-49CE-A0D4-7C9280995F0A}: C:\Documents and Settings\Mr Smith\Local Settings\Application Data\{F9EFC5C2-7787-49CE-A0D4-7C9280995F0A}
FF - HKLM\software\mozilla\Firefox\extensions\\{D34AFABD-3FBC-4747-A8F9-85F14B97AF96}: C:\Documents and Settings\other\Local Settings\Application Data\{D34AFABD-3FBC-4747-A8F9-85F14B97AF96}\
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\Firefox [2010/06/29 20:32:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/06/30 03:01:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/01/01 11:10:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/01/01 11:10:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\PC Tools Security\BDT\Firefox\ [2011/03/21 04:47:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/22 01:42:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/22 04:53:46 | 000,000,000 | ---D | M]

[2010/02/05 01:51:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mr Smith\Application Data\Mozilla\Extensions
[2010/02/05 01:51:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mr Smith\Application Data\Mozilla\Extensions\[email protected]
[2011/06/21 09:11:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mr Smith\Application Data\Mozilla\Firefox\Profiles\5lg58vfa.default\extensions
[2010/10/15 06:15:42 | 000,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\Mr Smith\Application Data\Mozilla\Firefox\Profiles\5lg58vfa.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2011/04/14 06:33:50 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Documents and Settings\Mr Smith\Application Data\Mozilla\Firefox\Profiles\5lg58vfa.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2008/06/18 19:08:24 | 000,000,000 | ---D | M] (oldbar) -- C:\Documents and Settings\Mr Smith\Application Data\Mozilla\Firefox\Profiles\5lg58vfa.default\extensions\{46868735-c3fa-47ce-8ce7-cce51a66aceb}
[2010/03/17 13:01:41 | 000,000,000 | ---D | M] (FoxyTunes Skin - OnyxOrbs) -- C:\Documents and Settings\Mr Smith\Application Data\Mozilla\Firefox\Profiles\5lg58vfa.default\extensions\{469CEB59-8266-438b-91D9-82F56D595E15}
[2009/07/07 22:28:40 | 000,000,000 | ---D | M] (zblack) -- C:\Documents and Settings\Mr Smith\Application Data\Mozilla\Firefox\Profiles\5lg58vfa.default\extensions\{50931610-3d8e-11dd-ae16-0800200c9a66}
[2011/02/18 13:23:57 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Documents and Settings\Mr Smith\Application Data\Mozilla\Firefox\Profiles\5lg58vfa.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2009/11/30 20:34:19 | 000,000,000 | ---D | M] ("Profile Manager and Synchronizer") -- C:\Documents and Settings\Mr Smith\Application Data\Mozilla\Firefox\Profiles\5lg58vfa.default\extensions\{69f6e5ea-e975-4d70-a983-1e5c094ded79}
[2011/05/25 06:49:02 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Mr Smith\Application Data\Mozilla\Firefox\Profiles\5lg58vfa.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/11/22 21:11:05 | 000,000,000 | ---D | M] (Tiny Menu) -- C:\Documents and Settings\Mr Smith\Application Data\Mozilla\Firefox\Profiles\5lg58vfa.default\extensions\{d33c2f7c-b1e6-4d46-ab0e-be1f6d05c904}
[2011/06/11 09:53:10 | 000,000,000 | ---D | M] (Extended Statusbar) -- C:\Documents and Settings\Mr Smith\Application Data\Mozilla\Firefox\Profiles\5lg58vfa.default\extensions\{daf44bf7-a45e-4450-979c-91cf07434c3d}
[2010/04/20 01:55:30 | 000,000,000 | ---D | M] (Torbutton) -- C:\Documents and Settings\Mr Smith\Application Data\Mozilla\Firefox\Profiles\5lg58vfa.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2011/04/14 06:51:44 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Documents and Settings\Mr Smith\Application Data\Mozilla\Firefox\Profiles\5lg58vfa.default\extensions\[email protected]
[2008/11/23 23:32:04 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\Mr Smith\Application Data\Mozilla\Firefox\Profiles\5lg58vfa.default\extensions\[email protected]
[2010/06/08 17:46:24 | 000,000,000 | ---D | M] (Solid State ION) -- C:\Documents and Settings\Mr Smith\Application Data\Mozilla\Firefox\Profiles\5lg58vfa.default\extensions\[email protected]
[2009/08/05 17:21:13 | 000,000,000 | ---D | M] ("YoYo Games InstantPlay") -- C:\Documents and Settings\Mr Smith\Application Data\Mozilla\Firefox\Profiles\5lg58vfa.default\extensions\[email protected]
[2009/11/30 20:37:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mr Smith\Application Data\Mozilla\Firefox\Profiles\qhd75kbb.Iain\extensions
[2009/11/30 20:37:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Mr Smith\Application Data\Mozilla\Firefox\Profiles\qhd75kbb.Iain\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/11/14 01:28:57 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\Mr Smith\Application Data\Mozilla\Firefox\Profiles\qhd75kbb.Iain\extensions\[email protected]
[2007/12/27 15:11:00 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\Mr Smith\Application Data\Mozilla\Firefox\Profiles\5lg58vfa.default\searchplugins\aolsearch.xml
[2008/06/21 15:52:34 | 000,001,196 | ---- | M] () -- C:\Documents and Settings\Mr Smith\Application Data\Mozilla\Firefox\Profiles\5lg58vfa.default\searchplugins\winamp-search.xml
[2011/06/22 04:45:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/22 04:45:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/01/01 11:10:38 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2011/01/01 11:10:39 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2011/06/22 04:44:51 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/03/21 04:47:26 | 000,000,000 | ---D | M] (Browser Defender Toolbar) -- C:\PROGRAM FILES\PC TOOLS SECURITY\BDT\FIREFOX
[2009/09/01 23:28:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/06/22 04:44:50 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/02/19 16:59:07 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll

O1 HOSTS File: ([2011/06/20 08:20:40 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (AT&&T Toolbar) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\Program Files\ATTToolbar\ATTToolbar.dll (AT&T)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (AT&&T Toolbar) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\Program Files\ATTToolbar\ATTToolbar.dll (AT&T)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (AT&&T Toolbar) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\Program Files\ATTToolbar\ATTToolbar.dll (AT&T)
O4 - HKLM..\Run: [ATT-SST_McciTrayApp] C:\Program Files\ATT-SST\McciTrayApp.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [C-Media Mixer] C:\WINDOWS\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw))
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [ISTray] C:\Program Files\PC Tools Security\pctsGui.exe (PC Tools)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [Nektra OEAPI] C:\Program Files\Common Files\PC Tools\Outlook Express API\launcher.exe (Nektra S.A.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PCTools FGuard] C:\Program Files\PC Tools Security\BDT\FGuard.exe (Threat Expert Ltd.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKCU..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)
O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AT&T [2010/06/16 16:58:19 | 000,000,000 | ---D | M]
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\Mr Smith\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O15 - HKCU\..Trusted Domains: aol.com ([music] https in Trusted sites)
O15 - HKCU\..Trusted Domains: shoutcast.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: winamp.com ([]https in Trusted sites)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bit...m/qsax/qsax.cab (BitDefender QuickScan Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Mr Smith\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mr Smith\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/04/23 16:51:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/22 04:50:56 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/06/22 04:45:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/06/21 11:21:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mr Smith\Application Data\QuickScan
[2011/06/21 08:10:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mr Smith\Desktop\Roguelikes
[2011/06/20 08:20:52 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/06/20 08:03:23 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/06/19 10:56:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mr Smith\Desktop\PC Cleaning Tools
[2011/06/19 10:33:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2011/06/19 09:54:55 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/06/19 09:54:55 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/06/19 09:54:55 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/06/19 09:54:55 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/06/19 09:54:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/06/19 08:55:08 | 004,131,325 | R--- | C] (Swearware) -- C:\Documents and Settings\Mr Smith\Desktop\ComboFix.exe
[2011/06/19 08:20:11 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/15 00:17:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\awesome
[2011/06/15 00:17:36 | 000,000,000 | ---D | C] -- C:\Program Files\awesome
[2011/06/13 00:23:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2011/06/12 20:58:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/06/12 11:17:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/06/12 11:17:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/06/11 06:35:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/11 03:57:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mr Smith\Start Menu\Programs\Internet
[2011/06/11 03:57:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Internet
[2011/06/11 00:20:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2011/06/11 00:20:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
[2011/06/10 21:07:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2011/06/10 06:54:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Identities
[2011/06/10 06:48:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/06/10 06:48:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/05/26 05:39:39 | 000,000,000 | ---D | C] -- C:\Program Files\Comical
[2011/05/25 06:36:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mr Smith\Local Settings\Application Data\cYo
[2011/05/25 06:36:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mr Smith\Application Data\cYo
[12 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/22 04:43:58 | 000,013,736 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/22 04:39:12 | 000,272,073 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2011/06/22 04:39:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/22 04:39:02 | 2147,012,608 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/20 08:20:40 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/06/20 08:03:30 | 000,000,339 | RHS- | M] () -- C:\boot.ini
[2011/06/20 08:01:21 | 004,131,325 | R--- | M] (Swearware) -- C:\Documents and Settings\Mr Smith\Desktop\ComboFix.exe
[2011/06/19 10:32:58 | 000,740,434 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/06/19 10:32:50 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/19 09:59:09 | 000,000,339 | ---- | M] () -- C:\Boot.bak
[2011/06/18 12:41:41 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/11 05:07:50 | 000,481,752 | ---- | M] () -- C:\Documents and Settings\Mr Smith\My Documents\The Poet.epub
[2011/06/11 03:36:43 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\Mr Smith\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/10 06:01:06 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\Mr Smith\Application Data\Microsoft\Internet Explorer\Quick Launch\Safari.lnk
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/26 07:49:16 | 000,510,800 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/26 07:49:16 | 000,098,712 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[12 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/21 07:31:21 | 2147,012,608 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/19 09:59:09 | 000,000,339 | ---- | C] () -- C:\Boot.bak
[2011/06/19 09:59:06 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/06/19 09:54:55 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/06/19 09:54:55 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/06/19 09:54:55 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/06/19 09:54:55 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/06/19 09:54:55 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/06/11 05:08:40 | 000,481,752 | ---- | C] () -- C:\Documents and Settings\Mr Smith\My Documents\The Poet.epub
[2011/03/21 04:47:25 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010/06/29 23:26:16 | 000,705,096 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/05/31 19:32:41 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\Mr Smith\Application Data\vqdlkr.dat
[2010/05/10 00:09:09 | 002,183,470 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/04/30 20:52:46 | 000,024,256 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/04/22 18:51:19 | 000,000,041 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2010/04/01 05:47:17 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\SI.bin
[2010/03/31 16:24:21 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/03/28 16:29:03 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\mk4vc60.dll
[2010/03/23 13:33:27 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009/10/24 19:40:05 | 000,000,020 | ---- | C] () -- C:\WINDOWS\prefs_zb.dll
[2009/10/13 11:56:52 | 000,087,040 | ---- | C] () -- C:\WINDOWS\UnGins.exe
[2009/10/02 13:06:33 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\Mr Smith\Local Settings\Application Data\fusioncache.dat
[2009/08/09 19:21:32 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2009/07/26 21:42:33 | 000,066,936 | -HS- | C] () -- C:\WINDOWS\slinfo_0.drv
[2009/07/26 21:41:14 | 000,086,528 | ---- | C] () -- C:\WINDOWS\bnetunin.exe
[2009/07/26 21:41:14 | 000,061,440 | ---- | C] () -- C:\WINDOWS\diabswun.exe
[2009/05/26 19:18:59 | 000,000,025 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2009/02/15 15:10:57 | 000,048,896 | ---- | C] () -- C:\WINDOWS\System32\drivers\JmtFltr.sys
[2008/12/25 09:49:56 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Mr Smith\Application Data\PnkBstrK.sys
[2008/12/14 10:00:38 | 000,000,044 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\{3D55D1F4-1059-11DC-B281-197056D89593}
[2008/12/13 14:50:03 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008/12/05 00:46:04 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2008/12/04 19:26:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2008/09/09 16:41:55 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2008/08/31 13:53:19 | 000,000,172 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/07/14 03:57:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WB.ini
[2008/06/13 20:15:16 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2008/06/09 18:14:43 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2008/06/05 08:58:26 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/06/01 13:49:52 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2008/06/01 13:49:52 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2008/06/01 13:49:52 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2007/12/08 16:44:05 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007/11/29 19:55:54 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/09/06 00:14:31 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Mr Smith\Local Settings\Application Data\PUTTY.RND
[2007/06/28 23:43:00 | 001,018,772 | ---- | C] () -- C:\WINDOWS\System32\nvucode.bin
[2007/06/14 02:40:27 | 000,000,101 | ---- | C] () -- C:\WINDOWS\CMMIXER.INI
[2007/06/09 15:59:22 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2007/06/04 02:20:33 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\Mr Smith\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/05/16 14:24:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/05/16 14:21:55 | 000,107,134 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2007/05/16 14:21:40 | 000,003,073 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/05/16 14:06:31 | 000,000,025 | ---- | C] () -- C:\WINDOWS\mixerdef.ini
[2007/05/16 13:27:20 | 000,000,102 | ---- | C] () -- C:\WINDOWS\VSWizard.ini
[2007/04/23 16:52:55 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/04/23 16:48:44 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/04/23 09:36:21 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/04/23 09:35:24 | 000,112,584 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/03/12 12:01:30 | 000,217,088 | ---- | C] () -- C:\WINDOWS\NVGfxOgl.dll
[2006/08/11 23:45:20 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/08/11 23:43:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2004/08/04 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 07:00:00 | 000,510,800 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 07:00:00 | 000,098,712 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/11/19 15:46:20 | 000,039,104 | ---- | C] () -- C:\WINDOWS\cmijack.dat
[2002/11/19 15:43:38 | 000,022,178 | ---- | C] () -- C:\WINDOWS\cmaudio.dat
[2002/09/18 00:45:00 | 000,119,808 | ---- | C] () -- C:\WINDOWS\lsb_un20.exe
[2001/11/08 02:27:00 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\glut32.dll
[1996/04/03 14:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2011/06/11 01:05:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2DBoy
[2009/12/08 13:55:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AT&T
[2009/12/08 15:26:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ATTToolbar
[2011/06/18 11:45:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/09/30 09:27:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/10/22 20:00:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Awem
[2007/06/23 16:58:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2011/06/11 02:30:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BioWare
[2010/09/30 10:31:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/06/01 17:03:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DinsCurse
[2009/05/26 19:50:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Enkord
[2010/05/13 21:54:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gamerizon
[2010/09/30 09:21:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/03/09 07:25:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010/06/08 22:52:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2009/05/26 18:22:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2008/08/31 13:44:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions
[2011/06/22 04:55:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/10/02 12:49:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Turbine
[2007/10/29 01:22:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/08/05 17:24:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YoYoGames
[2010/04/30 20:25:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/20 11:02:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2008/07/14 03:50:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{8227D5D4-E2F9-4B81-98FA-54E4E78F5238}
[2009/04/28 22:42:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2007/11/09 02:47:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\.BitZip
[2010/08/13 07:16:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\.minecraft
[2009/06/21 19:13:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\Amazon
[2009/12/08 13:55:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\AT&T
[2009/12/08 13:55:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\ATTToolbar
[2010/09/30 10:32:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\AVG10
[2010/03/29 01:59:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\Azgard
[2011/05/25 08:12:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\Azureus
[2007/05/18 13:36:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\BitTorrent
[2010/03/23 13:59:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\Braid
[2011/03/15 01:41:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\calibre
[2007/08/18 18:05:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\CiscoCAA
[2011/01/17 02:16:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\com.pandora.desktop.FB9956FD96E03239939108614098AD95535EE674.1
[2010/08/26 10:26:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\crawl
[2011/05/25 06:36:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\cYo
[2008/06/01 13:11:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\DAEMON Tools
[2009/05/19 14:29:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\dota-allstars.71E01812711E1682B196CE418CDA466F24682743.1
[2009/05/19 14:30:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\dota_allstars
[2008/12/13 14:57:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\FileZilla
[2009/05/21 17:10:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\FOG Downloader
[2008/11/15 14:58:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\Galcon
[2011/03/18 01:19:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\GetRightToGo
[2009/04/06 19:57:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\gtk-2.0
[2010/12/11 11:05:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\IceChat
[2009/04/01 15:22:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\Inkscape
[2007/05/16 13:32:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\Leadertech
[2010/04/24 22:04:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2011/03/06 07:04:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\Maxthon3
[2010/03/21 00:55:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\Mind Control Software
[2011/02/02 12:48:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\n52te
[2011/03/09 07:25:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\NCH Swift Sound
[2011/06/11 03:16:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\Notepad++
[2011/03/21 04:48:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\PCToolsFirewallPlus
[2008/11/27 01:10:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\Pi Eye Games
[2010/03/21 00:55:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\PlayFirst
[2011/06/21 11:21:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\QuickScan
[2010/05/13 22:10:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\runic games
[2007/11/01 20:06:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\Screaming Bee
[2008/12/08 06:01:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\SmartDraw
[2008/12/14 07:57:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\smc
[2011/03/18 01:38:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\Spam Monitor
[2008/08/07 00:36:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\SystemRequirementsLab
[2008/12/14 10:24:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\Tandem Games
[2007/11/04 14:51:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\Uniblue
[2011/06/21 05:51:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\uTorrent
[2009/07/18 18:53:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\Wizards of the Coast
[2007/08/10 11:44:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr Smith\Application Data\WowAceUpdater
[2011/03/28 00:34:03 | 000,000,290 | ---- | M] () -- C:\WINDOWS\Tasks\doxillionShakeIcon.job
[2011/03/12 07:34:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\switchShakeIcon.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 517 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 183 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EEE39B00
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5160F090

< End of report >
  • 0

#28
sempai

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Hi,

Click Start > Run > type msconfig > press Enter. Go to "Startup" tab and unchecked "C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AT&T". Restart the computer and tell me how it went.
  • 0

#29
Piros

Piros

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
I can't find "C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AT&T".

Only thing I found in there at all connected to AT&T was "C:\Program Files\ATT-SST\McciTrayApp.exe"

I think ATT-SST stands for AT&T Self Support Tool, which is in the folder "C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AT&T" that opens. I guess I'll try it.

EDIT: Turning off the McciTrayApp made no noticable change. Startup still opened, I that tray app has either been not working or hiding itself for a while now anyway.

Edited by Piros, 22 June 2011 - 07:26 AM.

  • 0

#30
sempai

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Nope that's a different thing, run the script below please.

Please reopen OTL on your desktop.
  • Copy and Paste the following code into the Custom Scan/Fixes text box.

    :OTL
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AT&T [2010/06/16 16:58:19 | 000,000,000 | ---D | M]
    
    :Commands
    [REBOOT] 
    
  • Push the Run Fix button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • A massage box "Fix complete! Click OK to open the fix log." will pop-up.
  • Click the OK button and a report will open.
  • Copy and Paste that report in your next reply.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP