Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

vbalsgrid6.ocx Trojan?

Started by The_Rookie , Jun 16 2011 08:36 AM

This topic is locked

#1
The_Rookie

Posted 16 June 2011 - 08:36 AM

Member

Member
20 posts

Hello,

For a few days now, I have been having the EXACT same problems as another member by the name of MellowFellow:

When I tried to run Malwarebytes I get a "Run-time error '372'" and a notice that there's a failure to "load control vbalGrid from vbalsgrid6.ocx" and the my version of "vbalsgrid6.ocx" may be outdated.

The copy/cut/paste functions have been disabled in most programs, but luckily not in "Notepad."

I cannot drag and drop files. Nor can I copy or paste them from drive to drive. That's not a real problem, yet; I would, however, really like to back up my files if I have to wipe my system.

The Taskbar and Start button are also missing (For all other users besides myself, strangely, meaning I can still access the Run command easily).

It should be noted that I am currently typing this post from my laptop, as my Desktop has been rendered practically useless by these problems.

I was able to find the thread where his problem was fixed, the FIRST place I've seen this problem fixed after days of searching the web. Normally, I would follow the advice given to MellowFellow, but after reading the thread and seeing rather invasive methods used (ComboFix), I was unsure as to whether or not the methods would work on my computer at all, and even though I'm not completely useless on a computer, I'm no expert either and I'd rather not mess things up further.

My OS is XP SP3. I use McAfee Security Center (Paid) and Malwarebytes' Anti-Malware (Free Version) (Neither of which are running)

Here's what I got from OTL:

OTL logfile created on: 6/16/2011 11:07:12 AM - Run 1
OTL by OldTimer - Version 3.2.24.0 Folder = F:\
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.07 Mb Total Physical Memory | 689.57 Mb Available Physical Memory | 67.47% Memory free
2.41 Gb Paging File | 2.01 Gb Available in Paging File | 83.75% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.79 Gb Total Space | 10.52 Gb Free Space | 15.07% Space Free | Partition Type: NTFS
Drive D: | 2.67 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 1.86 Gb Total Space | 0.87 Gb Free Space | 46.80% Space Free | Partition Type: FAT

Computer Name: DD65HM71 | User Name: Patrick | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/16 11:03:42 | 000,580,608 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
PRC - [2011/04/14 14:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2011/04/14 14:01:38 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2011/04/14 14:01:38 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
PRC - [2011/04/05 11:50:44 | 001,195,408 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/05/21 10:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/05/16 07:11:44 | 000,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/15 11:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2006/09/14 08:56:06 | 000,102,400 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
PRC - [2005/06/02 11:15:03 | 000,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe
PRC - [2004/08/31 09:34:08 | 000,102,400 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 942\dlbubmon.exe
PRC - [2004/08/31 09:18:44 | 000,294,912 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe
PRC - [2004/03/11 15:50:52 | 000,028,672 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTHELPER.EXE
PRC - [2003/09/17 10:43:36 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
PRC - [2003/06/18 01:00:00 | 000,045,056 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe

========== Modules (SafeList) ==========

MOD - [2011/06/16 11:03:42 | 000,580,608 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2003/11/14 00:19:06 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTAGENT.DLL

========== Win32 Services (SafeList) ==========

SRV - [2011/04/14 14:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2011/04/14 14:01:38 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/04/14 14:01:38 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2011/02/16 15:49:08 | 000,088,176 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/10/07 21:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2008/09/01 15:36:36 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/05/16 07:11:44 | 000,648,504 | ---- | M] (Pure Networks, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/09/14 08:56:06 | 000,102,400 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0)
SRV - [2004/07/01 15:45:46 | 000,421,888 | ---- | M] (Dell) [On_Demand | Stopped] -- C:\WINDOWS\System32\dlbucoms.exe -- (dlbu_device)

========== Driver Services (SafeList) ==========

DRV - [2011/04/14 14:01:38 | 000,387,480 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011/04/14 14:01:38 | 000,314,088 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011/04/14 14:01:38 | 000,153,280 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011/04/14 14:01:38 | 000,095,824 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011/04/14 14:01:38 | 000,088,736 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2011/04/14 14:01:38 | 000,088,736 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2011/04/14 14:01:38 | 000,084,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011/04/14 14:01:38 | 000,084,200 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2011/04/14 14:01:38 | 000,056,064 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2011/04/14 14:01:38 | 000,052,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2008/05/16 07:10:32 | 000,023,992 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/05/16 07:10:30 | 000,025,272 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2008/04/13 13:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/01/28 15:56:47 | 000,018,304 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/01/28 15:56:38 | 000,019,712 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/06/02 11:15:05 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2004/08/25 18:28:46 | 000,787,456 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/08/12 20:40:50 | 000,904,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2004/08/06 22:29:14 | 000,006,656 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pfmodnt.sys -- (PfModNT)
DRV - [2004/08/06 15:43:26 | 000,366,384 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2004/07/13 15:15:48 | 000,148,432 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2004/07/13 15:13:14 | 000,145,488 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2004/07/13 15:12:36 | 000,130,288 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2004/07/13 15:11:58 | 000,006,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2004/07/13 15:11:28 | 000,178,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2004/07/13 15:09:32 | 000,645,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2004/02/04 10:27:56 | 000,049,536 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tiehdusb.sys -- (TIEHDUSB)
DRV - [2003/11/17 21:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 21:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 21:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/11/13 02:11:54 | 000,333,600 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2002/11/08 19:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2002/03/19 10:29:16 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Pclepci.sys -- (PCLEPCI)
DRV - [2001/12/03 12:55:14 | 000,155,264 | ---- | M] (Zoran Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nuvvid2.sys -- (NUVision)
DRV - [2001/12/03 12:55:12 | 000,026,560 | ---- | M] (Zoran Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nuvaud2.sys -- (nuvaud2)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/05/25 14:00:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{F53E9F2D-D2E6-468A-9DFF-69F1099AA696}: C:\Documents and Settings\Patrick Railey\Local Settings\Application Data\{F53E9F2D-D2E6-468A-9DFF-69F1099AA696} [2011/05/12 18:50:03 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{9EBEFFAA-7E6F-4A7D-B3F6-27A10A8F519B}: C:\Documents and Settings\David Railey\Local Settings\Application Data\{9EBEFFAA-7E6F-4A7D-B3F6-27A10A8F519B} [2011/05/12 19:36:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{F55E5DF5-508F-424E-8F72-535A1220BE0E}: C:\Documents and Settings\Debbie Railey\Local Settings\Application Data\{F55E5DF5-508F-424E-8F72-535A1220BE0E} [2011/05/13 22:31:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{70905B25-9BB3-475D-9C16-E1DF8A4BFD11}: C:\Documents and Settings\Patrick\Local Settings\Application Data\{70905B25-9BB3-475D-9C16-E1DF8A4BFD11} [2011/05/14 12:07:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/10 10:37:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/09 13:56:27 | 000,000,000 | ---D | M]

[2011/06/15 14:21:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2010/06/16 08:36:30 | 000,002,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2004/08/10 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110510103747.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - File not found
O4 - HKLM..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Dell Photo AIO Printer 942] C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe ()
O4 - HKLM..\Run: [DellMCM] C:\Program Files\Dell Photo AIO Printer 942\memcard.exe ()
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ISUSPM Startup] File not found
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Microsoft Works Update Detection] File not found
O4 - HKLM..\Run: [Motive SmartBridge] C:\Program Files\SBC Self Support Tool\SmartBridge\MotiveSB.exe (Motive, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplane...DC_2.1.2.76.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O16 - DPF: RaptisoftGameLoader http://www.miniclip....tgameloader.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Pure Networks, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Value error. File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Patrick\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Patrick\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/19 16:07:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/02/23 14:39:12 | 000,000,398 | ---- | M] () - C:\AUTOEXEC.UP -- [ NTFS ]
O32 - AutoRun File - [2004/08/10 06:00:00 | 000,000,110 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{c33a503c-1d08-11e0-91d1-0013203f0e67}\Shell - "" = AutoRun
O33 - MountPoints2\{c33a503c-1d08-11e0-91d1-0013203f0e67}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c33a503c-1d08-11e0-91d1-0013203f0e67}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\SETUP.EXE -- [2004/08/10 06:00:00 | 001,314,816 | R--- | M] (Microsoft Corporation)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\WINDOWS\pwmspi.dll
[2011/06/15 15:12:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patrick\My Documents\Visual Basic 6.0
[2011/06/12 10:57:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2011/04/06 19:15:48 | 000,548,864 | ---- | C] (GPA) -- C:\Documents and Settings\All Users\Application Data\rjuLpKAlCJjkc.exe
[2005/06/02 11:08:48 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2005/06/02 11:08:48 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\KILLAPPS.EXE
[2005/06/02 10:48:12 | 000,151,552 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

File not found -- C:\Documents and Settings\All Users\Application Data\rjuLpKAlCJjkc.exe
[2011/06/16 09:48:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/16 09:47:56 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000003-00000000-00000000-00001102-00000004-20061102}.rfx
[2011/06/16 09:47:56 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000003-00000000-00000000-00001102-00000004-20061102}.rfx
[2011/06/16 09:47:56 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000003-00000000-00000000-00001102-00000004-20061102}.rfx
[2011/06/16 09:47:56 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000003-00000000-00000000-00001102-00000004-20061102}.rfx
[2011/06/16 09:47:56 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011/06/16 09:47:56 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2011/06/16 09:47:56 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000003-00000000-00000000-00001102-00000004-20061102}.dat
[2011/06/16 09:47:56 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000000-00001102-00000004-20061102}.dat
[2011/06/16 09:47:29 | 004,933,091 | ---- | M] () -- C:\WINDOWS\{00000003-00000000-00000000-00001102-00000004-20061102}.CDF
[2011/06/15 14:34:19 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/15 11:50:07 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/12 10:58:13 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/11 23:45:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/11 21:47:33 | 015,384,576 | -H-- | M] () -- C:\ffastun0.ffx
[2011/06/11 21:47:33 | 002,383,872 | -H-- | M] () -- C:\ffastun.ffl
[2011/06/11 21:47:33 | 000,356,352 | -H-- | M] () -- C:\ffastun.ffo
[2011/06/11 21:47:33 | 000,005,061 | -H-- | M] () -- C:\ffastun.ffa
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/23 17:59:34 | 000,015,584 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1ys1qyp6280rnyh3uxe5e68iglsh1urjj74h0pr3t
[2011/05/23 17:59:33 | 000,015,584 | -HS- | M] () -- C:\Documents and Settings\Patrick\Local Settings\Application Data\1ys1qyp6280rnyh3uxe5e68iglsh1urjj74h0pr3t
[2011/05/23 11:15:15 | 000,001,012 | ---- | M] () -- C:\WINDOWS\dellstat.ini
[2011/05/19 14:59:52 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Isozokel.dat
[2011/05/19 12:33:09 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Ohabohew.bin
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/15 14:34:19 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/20 18:10:29 | 000,015,584 | -HS- | C] () -- C:\Documents and Settings\Patrick\Local Settings\Application Data\1ys1qyp6280rnyh3uxe5e68iglsh1urjj74h0pr3t
[2011/05/20 18:10:29 | 000,015,584 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1ys1qyp6280rnyh3uxe5e68iglsh1urjj74h0pr3t
[2011/05/14 12:05:31 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Patrick\Local Settings\Application Data\fusioncache.dat
[2011/05/12 23:24:54 | 000,000,478 | ---- | C] () -- C:\Program Files\Shortcut to Microsoft.lnk
[2011/05/12 23:24:54 | 000,000,478 | ---- | C] () -- C:\Program Files\Shortcut to MFInstall.lnk
[2011/05/12 23:24:53 | 000,000,478 | ---- | C] () -- C:\Program Files\Shortcut to Messenger.lnk
[2011/05/12 23:24:52 | 000,000,563 | ---- | C] () -- C:\Program Files\Shortcut to Malwarebytes' Anti-Malware.lnk
[2011/05/12 23:24:52 | 000,000,485 | ---- | C] () -- C:\Program Files\Shortcut to McAfee.com.lnk
[2011/05/12 23:24:52 | 000,000,461 | ---- | C] () -- C:\Program Files\Shortcut to McAfee.lnk
[2011/05/12 23:24:51 | 000,000,485 | ---- | C] () -- C:\Program Files\Shortcut to Learn2.com.lnk
[2011/05/12 23:24:49 | 000,000,449 | ---- | C] () -- C:\Program Files\Shortcut to Java.lnk
[2011/05/12 23:24:47 | 000,000,518 | ---- | C] () -- C:\Program Files\Shortcut to Jasc Software Inc.lnk
[2011/05/12 23:24:47 | 000,000,461 | ---- | C] () -- C:\Program Files\Shortcut to iTunes.lnk
[2011/05/12 23:24:47 | 000,000,449 | ---- | C] () -- C:\Program Files\Shortcut to iPod.lnk
[2011/05/12 23:24:45 | 000,000,461 | ---- | C] () -- C:\Program Files\Shortcut to Intuit.lnk
[2011/05/12 23:24:44 | 000,000,518 | ---- | C] () -- C:\Program Files\Shortcut to Internet Explorer.lnk
[2011/05/12 23:24:44 | 000,000,488 | ---- | C] () -- C:\Program Files\Shortcut to InterActual.lnk
[2011/05/12 23:24:44 | 000,000,461 | ---- | C] () -- C:\Program Files\Shortcut to Google.lnk
[2011/05/12 23:24:44 | 000,000,454 | ---- | C] () -- C:\Program Files\Shortcut to Intel.lnk
[2011/05/12 23:24:42 | 000,000,538 | ---- | C] () -- C:\Program Files\Shortcut to Free RAR Extract Frog.lnk
[2011/05/12 23:24:42 | 000,000,503 | ---- | C] () -- C:\Program Files\Shortcut to GameSpy Arcade.lnk
[2011/05/12 23:24:42 | 000,000,473 | ---- | C] () -- C:\Program Files\Shortcut to GIMP-2.0.lnk
[2011/05/12 23:24:41 | 000,000,543 | ---- | C] () -- C:\Program Files\Shortcut to Family Tree Maker 2005.lnk
[2011/05/12 23:24:41 | 000,000,483 | ---- | C] () -- C:\Program Files\Shortcut to ESPNMotion.lnk
[2011/05/12 23:24:40 | 000,000,493 | ---- | C] () -- C:\Program Files\Shortcut to DS9TheFallen.lnk
[2011/05/12 23:24:40 | 000,000,488 | ---- | C] () -- C:\Program Files\Shortcut to EnglishOtto.lnk
[2011/05/12 23:24:39 | 000,000,498 | ---- | C] () -- C:\Program Files\Shortcut to Dominion Wars.lnk
[2011/05/12 23:24:39 | 000,000,478 | ---- | C] () -- C:\Program Files\Shortcut to DIGStream.lnk
[2011/05/12 23:24:39 | 000,000,466 | ---- | C] () -- C:\Program Files\Shortcut to directx.lnk
[2011/05/12 23:24:38 | 000,000,528 | ---- | C] () -- C:\Program Files\Shortcut to Digital Line Detect.lnk
[2011/05/12 23:24:37 | 000,000,528 | ---- | C] () -- C:\Program Files\Shortcut to Dell Support Center.lnk
[2011/05/12 23:24:37 | 000,000,503 | ---- | C] () -- C:\Program Files\Shortcut to Design Science.lnk
[2011/05/12 23:24:37 | 000,000,488 | ---- | C] () -- C:\Program Files\Shortcut to DellSupport.lnk
[2011/05/12 23:24:36 | 000,000,563 | ---- | C] () -- C:\Program Files\Shortcut to Dell Photo AIO Printer 942.lnk
[2011/05/12 23:24:36 | 000,000,498 | ---- | C] () -- C:\Program Files\Shortcut to Dell Computer.lnk
[2011/05/12 23:24:36 | 000,000,473 | ---- | C] () -- C:\Program Files\Shortcut to Dell Inc.lnk
[2011/05/12 23:24:36 | 000,000,449 | ---- | C] () -- C:\Program Files\Shortcut to Dell.lnk
[2011/05/12 23:24:35 | 000,000,488 | ---- | C] () -- C:\Program Files\Shortcut to DC Series 1.lnk
[2011/05/12 23:24:35 | 000,000,478 | ---- | C] () -- C:\Program Files\Shortcut to CyberLink.lnk
[2011/05/12 23:24:34 | 000,000,473 | ---- | C] () -- C:\Program Files\Shortcut to Creative.lnk
[2011/05/12 23:24:34 | 000,000,473 | ---- | C] () -- C:\Program Files\Shortcut to CONEXANT.lnk
[2011/05/12 23:24:33 | 000,000,533 | ---- | C] () -- C:\Program Files\Shortcut to ComPlus Applications.lnk
[2011/05/12 23:24:33 | 000,000,493 | ---- | C] () -- C:\Program Files\Shortcut to Common Files.lnk
[2011/05/12 23:24:33 | 000,000,461 | ---- | C] () -- C:\Program Files\Shortcut to Citrix.lnk
[2011/05/12 23:24:32 | 000,000,563 | ---- | C] () -- C:\Program Files\Shortcut to Charting Companion for FTM.lnk
[2011/05/12 23:24:31 | 000,000,523 | ---- | C] () -- C:\Program Files\Shortcut to Bethesda Softworks.lnk
[2011/05/12 23:24:31 | 000,000,473 | ---- | C] () -- C:\Program Files\Shortcut to Autodesk.lnk
[2011/05/12 23:24:31 | 000,000,454 | ---- | C] () -- C:\Program Files\Shortcut to Canon.lnk
[2011/05/12 23:24:30 | 000,000,513 | ---- | C] () -- C:\Program Files\Shortcut to ATI Technologies.lnk
[2011/05/12 23:24:30 | 000,000,466 | ---- | C] () -- C:\Program Files\Shortcut to att-nap.lnk
[2011/05/12 23:24:29 | 000,000,538 | ---- | C] () -- C:\Program Files\Shortcut to Apple Software Update.lnk
[2011/05/12 23:24:29 | 000,000,466 | ---- | C] () -- C:\Program Files\Shortcut to ArcSoft.lnk
[2011/05/12 23:24:29 | 000,000,442 | ---- | C] () -- C:\Program Files\Shortcut to AOD.lnk
[2011/05/12 23:24:28 | 000,000,578 | ---- | C] () -- C:\Program Files\Shortcut to America's Army Server Manager.lnk
[2011/05/12 23:24:27 | 000,000,503 | ---- | C] () -- C:\Program Files\Shortcut to America's Army.lnk
[2011/05/12 23:24:27 | 000,000,493 | ---- | C] () -- C:\Program Files\Shortcut to AdorageI-SAL.lnk
[2011/05/12 23:24:27 | 000,000,461 | ---- | C] () -- C:\Program Files\Shortcut to Amazon.lnk
[2011/05/12 23:24:27 | 000,000,454 | ---- | C] () -- C:\Program Files\Shortcut to Adobe.lnk
[2011/05/12 23:24:26 | 000,000,523 | ---- | C] () -- C:\Program Files\Shortcut to YouTube Downloader.lnk
[2011/05/12 23:24:26 | 000,000,488 | ---- | C] () -- C:\Program Files\Shortcut to Actsplosive.lnk
[2011/05/12 23:24:26 | 000,000,454 | ---- | C] () -- C:\Program Files\Shortcut to xerox.lnk
[2011/05/12 23:24:25 | 000,000,538 | ---- | C] () -- C:\Program Files\Shortcut to WordPerfect Office 12.lnk
[2011/05/12 23:24:25 | 000,000,493 | ---- | C] () -- C:\Program Files\Shortcut to Windows Plus.lnk
[2011/05/12 23:24:25 | 000,000,483 | ---- | C] () -- C:\Program Files\Shortcut to Windows NT.lnk
[2011/05/12 23:24:22 | 000,000,518 | ---- | C] () -- C:\Program Files\Shortcut to Windows Messaging.lnk
[2011/05/12 18:50:06 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Isozokel.dat
[2011/05/12 18:50:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Ohabohew.bin
[2010/11/29 16:22:31 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/08/09 22:37:08 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2010/02/10 23:35:10 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2010/02/10 23:33:56 | 000,389,120 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[2010/02/10 23:12:00 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/02/10 23:12:00 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2009/06/07 15:05:24 | 000,000,454 | ---- | C] () -- C:\Program Files\Shortcut to Steam.lnk
[2009/04/23 17:29:16 | 000,189,051 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2008/10/27 19:40:47 | 000,001,356 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2008/03/12 20:14:40 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2007/09/30 12:13:27 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2007/09/30 12:13:27 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2007/09/30 12:13:27 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2007/03/13 16:07:42 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007/03/12 16:10:21 | 000,107,832 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2007/03/12 16:09:48 | 000,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2007/01/10 22:56:04 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2006/08/26 10:28:01 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/08/19 21:34:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcf.INI
[2006/08/19 21:19:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PCFriend.INI
[2006/08/02 18:12:35 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2006/06/01 21:41:00 | 000,000,039 | ---- | C] () -- C:\WINDOWS\3D Text Factory.INI
[2006/05/05 21:54:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2006/04/07 20:08:16 | 000,000,022 | ---- | C] () -- C:\WINDOWS\exchng.ini
[2005/11/29 19:58:29 | 000,000,440 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2005/11/29 17:49:59 | 000,000,078 | ---- | C] () -- C:\WINDOWS\KA.INI
[2005/09/09 21:19:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2005/07/30 22:53:16 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\instlsp.exe
[2005/07/09 17:46:32 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2005/07/09 17:32:21 | 000,000,737 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/06/16 14:31:06 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2005/06/12 14:40:03 | 000,000,750 | ---- | C] () -- C:\WINDOWS\Ulead32.ini
[2005/06/12 14:38:11 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\MKSetting.exe
[2005/06/12 14:32:50 | 000,000,082 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2005/06/11 14:21:13 | 000,000,017 | ---- | C] () -- C:\WINDOWS\MovingPicture.ini
[2005/06/07 22:33:04 | 000,001,012 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2005/06/07 22:32:43 | 000,143,360 | R--- | C] () -- C:\WINDOWS\System32\dlbucoin.dll
[2005/06/07 22:32:43 | 000,131,072 | R--- | C] () -- C:\WINDOWS\System32\dlbusnls.dll
[2005/06/07 22:29:35 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\dlbuih.exe
[2005/06/07 22:29:35 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbuvs.dll
[2005/06/07 22:29:34 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlbucur.dll
[2005/06/07 22:29:34 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlbucu.dll
[2005/06/07 22:29:31 | 000,557,056 | ---- | C] () -- C:\WINDOWS\System32\dlbujswr.dll
[2005/06/07 22:29:27 | 000,401,408 | ---- | C] () -- C:\WINDOWS\System32\dlbuutil.dll
[2005/06/07 21:29:14 | 000,018,432 | ---- | C] () -- C:\WINDOWS\ss3unstl.exe
[2005/06/07 10:36:46 | 000,000,251 | ---- | C] () -- C:\Program Files\wt3d.ini
[2005/06/02 11:21:30 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/06/02 11:16:51 | 000,000,202 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/06/02 11:14:05 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/06/02 11:09:16 | 001,247,400 | ---- | C] () -- C:\WINDOWS\System32\CTAA1.DAT
[2005/06/02 11:09:14 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT
[2005/06/02 11:09:14 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2005/06/02 11:09:00 | 000,000,384 | ---- | C] () -- C:\WINDOWS\System32\DVCStateBkp-{00000003-00000000-00000000-00001102-00000004-20061102}.dat
[2005/06/02 11:09:00 | 000,000,384 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000000-00001102-00000004-20061102}.dat
[2005/06/02 11:08:52 | 000,014,424 | ---- | C] () -- C:\WINDOWS\System32\Aud2_Del.ini
[2005/06/02 11:08:52 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2005/06/02 11:08:51 | 000,127,226 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2005/06/02 11:08:51 | 000,053,932 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2005/06/02 11:08:48 | 000,184,320 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2005/06/02 11:08:48 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\REGPLIB.EXE
[2005/06/02 11:08:48 | 000,000,194 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2005/06/02 11:08:23 | 000,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2005/06/02 10:48:32 | 000,264,466 | ---- | C] () -- C:\WINDOWS\System32\ctsbas2w.dat
[2005/06/02 10:48:32 | 000,140,643 | ---- | C] () -- C:\WINDOWS\System32\ctbas2w.dat
[2005/06/02 10:48:18 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2005/06/02 10:48:04 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2005/06/02 10:47:44 | 000,000,375 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/08/19 16:20:39 | 000,000,888 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/19 16:12:27 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/19 16:03:04 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/19 16:01:43 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/19 15:57:50 | 000,004,346 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/19 15:57:07 | 000,402,328 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/19 15:49:51 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/19 15:49:47 | 000,503,164 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/19 15:49:47 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/19 15:49:47 | 000,088,018 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/19 15:49:47 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/19 15:49:47 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/19 15:49:44 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/19 15:49:43 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/19 15:49:38 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/19 15:49:38 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/19 15:49:30 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/19 15:49:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/03/18 08:44:29 | 001,663,068 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
[1999/01/22 13:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/10/11 01:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll
[1998/01/12 03:00:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL
[1996/11/17 00:00:00 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\WRKGADM.EXE
[1996/11/17 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1996/11/17 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1996/11/17 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== LOP Check ==========

[2008/09/01 15:37:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2004/08/19 16:16:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2007/01/12 20:38:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2011/01/16 21:07:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\hJkLi08200
[2005/06/07 10:33:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Otto
[2005/06/11 14:21:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2005/07/09 17:37:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
[2005/06/11 23:53:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2007/12/30 23:41:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2005/06/02 11:15:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/05/15 22:03:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrick\Application Data\Amazon

========== Purity Check ==========

< End of report >

Edited by The_Rookie, 16 June 2011 - 10:17 AM.

#2
mitch8

Posted 19 June 2011 - 02:55 PM

Trusted Helper

Malware Removal
1,356 posts

Hello The_Rookie, and welcome to GeeksToGo! My name is Mitch8 and I will be helping you with your problem. Here are a few things I would like to point out:

Please post your logs, don't attach them unless stated.
Please read my posts carefully and if you have any questions ask.
Stay with this topic until I tell you that your system is clean. Malware can still be on your system even if you don't notice it.

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
FF - HKLM\software\mozilla\Firefox\Extensions\\{F53E9F2D-D2E6-468A-9DFF-69F1099AA696}: C:\Documents and Settings\Patrick Railey\Local Settings\Application Data\{F53E9F2D-D2E6-468A-9DFF-69F1099AA696} [2011/05/12 18:50:03 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{9EBEFFAA-7E6F-4A7D-B3F6-27A10A8F519B}: C:\Documents and Settings\David Railey\Local Settings\Application Data\{9EBEFFAA-7E6F-4A7D-B3F6-27A10A8F519B} [2011/05/12 19:36:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{F55E5DF5-508F-424E-8F72-535A1220BE0E}: C:\Documents and Settings\Debbie Railey\Local Settings\Application Data\{F55E5DF5-508F-424E-8F72-535A1220BE0E} [2011/05/13 22:31:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{70905B25-9BB3-475D-9C16-E1DF8A4BFD11}: C:\Documents and Settings\Patrick\Local Settings\Application Data\{70905B25-9BB3-475D-9C16-E1DF8A4BFD11} [2011/05/14 12:07:05 | 000,000,000 | ---D | M]
IE - HKCU\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - Reg Error: Key error. File not found
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - File not found
[2011/04/06 19:15:48 | 000,548,864 | ---- | C] (GPA) -- C:\Documents and Settings\All Users\Application Data\rjuLpKAlCJjkc.exe
[2011/05/23 17:59:34 | 000,015,584 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1ys1qyp6280rnyh3uxe5e68iglsh1urjj74h0pr3t
[2011/05/23 17:59:33 | 000,015,584 | -HS- | M] () -- C:\Documents and Settings\Patrick\Local Settings\Application Data\1ys1qyp6280rnyh3uxe5e68iglsh1urjj74h0pr3t
[2011/05/20 18:10:29 | 000,015,584 | -HS- | C] () -- C:\Documents and Settings\Patrick\Local Settings\Application Data\1ys1qyp6280rnyh3uxe5e68iglsh1urjj74h0pr3t
[2011/05/20 18:10:29 | 000,015,584 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1ys1qyp6280rnyh3uxe5e68iglsh1urjj74h0pr3t
[2011/05/12 23:24:54 | 000,000,478 | ---- | C] () -- C:\Program Files\Shortcut to Microsoft.lnk
[2011/05/12 23:24:54 | 000,000,478 | ---- | C] () -- C:\Program Files\Shortcut to MFInstall.lnk
[2011/05/12 23:24:53 | 000,000,478 | ---- | C] () -- C:\Program Files\Shortcut to Messenger.lnk
[2011/05/12 23:24:52 | 000,000,563 | ---- | C] () -- C:\Program Files\Shortcut to Malwarebytes' Anti-Malware.lnk
[2011/05/12 23:24:52 | 000,000,485 | ---- | C] () -- C:\Program Files\Shortcut to McAfee.com.lnk
[2011/05/12 23:24:52 | 000,000,461 | ---- | C] () -- C:\Program Files\Shortcut to McAfee.lnk
[2011/05/12 23:24:51 | 000,000,485 | ---- | C] () -- C:\Program Files\Shortcut to Learn2.com.lnk
[2011/05/12 23:24:49 | 000,000,449 | ---- | C] () -- C:\Program Files\Shortcut to Java.lnk
[2011/05/12 23:24:47 | 000,000,518 | ---- | C] () -- C:\Program Files\Shortcut to Jasc Software Inc.lnk
[2011/05/12 23:24:47 | 000,000,461 | ---- | C] () -- C:\Program Files\Shortcut to iTunes.lnk
[2011/05/12 23:24:47 | 000,000,449 | ---- | C] () -- C:\Program Files\Shortcut to iPod.lnk
[2011/05/12 23:24:45 | 000,000,461 | ---- | C] () -- C:\Program Files\Shortcut to Intuit.lnk
[2011/05/12 23:24:44 | 000,000,518 | ---- | C] () -- C:\Program Files\Shortcut to Internet Explorer.lnk
[2011/05/12 23:24:44 | 000,000,488 | ---- | C] () -- C:\Program Files\Shortcut to InterActual.lnk
[2011/05/12 23:24:44 | 000,000,461 | ---- | C] () -- C:\Program Files\Shortcut to Google.lnk
[2011/05/12 23:24:44 | 000,000,454 | ---- | C] () -- C:\Program Files\Shortcut to Intel.lnk
[2011/05/12 23:24:42 | 000,000,538 | ---- | C] () -- C:\Program Files\Shortcut to Free RAR Extract Frog.lnk
[2011/05/12 23:24:42 | 000,000,503 | ---- | C] () -- C:\Program Files\Shortcut to GameSpy Arcade.lnk
[2011/05/12 23:24:42 | 000,000,473 | ---- | C] () -- C:\Program Files\Shortcut to GIMP-2.0.lnk
[2011/05/12 23:24:41 | 000,000,543 | ---- | C] () -- C:\Program Files\Shortcut to Family Tree Maker 2005.lnk
[2011/05/12 23:24:41 | 000,000,483 | ---- | C] () -- C:\Program Files\Shortcut to ESPNMotion.lnk
[2011/05/12 23:24:40 | 000,000,493 | ---- | C] () -- C:\Program Files\Shortcut to DS9TheFallen.lnk
[2011/05/12 23:24:40 | 000,000,488 | ---- | C] () -- C:\Program Files\Shortcut to EnglishOtto.lnk
[2011/05/12 23:24:39 | 000,000,498 | ---- | C] () -- C:\Program Files\Shortcut to Dominion Wars.lnk
[2011/05/12 23:24:39 | 000,000,478 | ---- | C] () -- C:\Program Files\Shortcut to DIGStream.lnk
[2011/05/12 23:24:39 | 000,000,466 | ---- | C] () -- C:\Program Files\Shortcut to directx.lnk
[2011/05/12 23:24:38 | 000,000,528 | ---- | C] () -- C:\Program Files\Shortcut to Digital Line Detect.lnk
[2011/05/12 23:24:37 | 000,000,528 | ---- | C] () -- C:\Program Files\Shortcut to Dell Support Center.lnk
[2011/05/12 23:24:37 | 000,000,503 | ---- | C] () -- C:\Program Files\Shortcut to Design Science.lnk
[2011/05/12 23:24:37 | 000,000,488 | ---- | C] () -- C:\Program Files\Shortcut to DellSupport.lnk
[2011/05/12 23:24:36 | 000,000,563 | ---- | C] () -- C:\Program Files\Shortcut to Dell Photo AIO Printer 942.lnk
[2011/05/12 23:24:36 | 000,000,498 | ---- | C] () -- C:\Program Files\Shortcut to Dell Computer.lnk
[2011/05/12 23:24:36 | 000,000,473 | ---- | C] () -- C:\Program Files\Shortcut to Dell Inc.lnk
[2011/05/12 23:24:36 | 000,000,449 | ---- | C] () -- C:\Program Files\Shortcut to Dell.lnk
[2011/05/12 23:24:35 | 000,000,488 | ---- | C] () -- C:\Program Files\Shortcut to DC Series 1.lnk
[2011/05/12 23:24:35 | 000,000,478 | ---- | C] () -- C:\Program Files\Shortcut to CyberLink.lnk
[2011/05/12 23:24:34 | 000,000,473 | ---- | C] () -- C:\Program Files\Shortcut to Creative.lnk
[2011/05/12 23:24:34 | 000,000,473 | ---- | C] () -- C:\Program Files\Shortcut to CONEXANT.lnk
[2011/05/12 23:24:33 | 000,000,533 | ---- | C] () -- C:\Program Files\Shortcut to ComPlus Applications.lnk
[2011/05/12 23:24:33 | 000,000,493 | ---- | C] () -- C:\Program Files\Shortcut to Common Files.lnk
[2011/05/12 23:24:33 | 000,000,461 | ---- | C] () -- C:\Program Files\Shortcut to Citrix.lnk
[2011/05/12 23:24:32 | 000,000,563 | ---- | C] () -- C:\Program Files\Shortcut to Charting Companion for FTM.lnk
[2011/05/12 23:24:31 | 000,000,523 | ---- | C] () -- C:\Program Files\Shortcut to Bethesda Softworks.lnk
[2011/05/12 23:24:31 | 000,000,473 | ---- | C] () -- C:\Program Files\Shortcut to Autodesk.lnk
[2011/05/12 23:24:31 | 000,000,454 | ---- | C] () -- C:\Program Files\Shortcut to Canon.lnk
[2011/05/12 23:24:30 | 000,000,513 | ---- | C] () -- C:\Program Files\Shortcut to ATI Technologies.lnk
[2011/05/12 23:24:30 | 000,000,466 | ---- | C] () -- C:\Program Files\Shortcut to att-nap.lnk
[2011/05/12 23:24:29 | 000,000,538 | ---- | C] () -- C:\Program Files\Shortcut to Apple Software Update.lnk
[2011/05/12 23:24:29 | 000,000,466 | ---- | C] () -- C:\Program Files\Shortcut to ArcSoft.lnk
[2011/05/12 23:24:29 | 000,000,442 | ---- | C] () -- C:\Program Files\Shortcut to AOD.lnk
[2011/05/12 23:24:28 | 000,000,578 | ---- | C] () -- C:\Program Files\Shortcut to America's Army Server Manager.lnk
[2011/05/12 23:24:27 | 000,000,503 | ---- | C] () -- C:\Program Files\Shortcut to America's Army.lnk
[2011/05/12 23:24:27 | 000,000,493 | ---- | C] () -- C:\Program Files\Shortcut to AdorageI-SAL.lnk
[2011/05/12 23:24:27 | 000,000,461 | ---- | C] () -- C:\Program Files\Shortcut to Amazon.lnk
[2011/05/12 23:24:27 | 000,000,454 | ---- | C] () -- C:\Program Files\Shortcut to Adobe.lnk
[2011/05/12 23:24:26 | 000,000,523 | ---- | C] () -- C:\Program Files\Shortcut to YouTube Downloader.lnk
[2011/05/12 23:24:26 | 000,000,488 | ---- | C] () -- C:\Program Files\Shortcut to Actsplosive.lnk
[2011/05/12 23:24:26 | 000,000,454 | ---- | C] () -- C:\Program Files\Shortcut to xerox.lnk
[2011/05/12 23:24:25 | 000,000,538 | ---- | C] () -- C:\Program Files\Shortcut to WordPerfect Office 12.lnk
[2011/05/12 23:24:25 | 000,000,493 | ---- | C] () -- C:\Program Files\Shortcut to Windows Plus.lnk
[2011/05/12 23:24:25 | 000,000,483 | ---- | C] () -- C:\Program Files\Shortcut to Windows NT.lnk
[2011/05/12 23:24:22 | 000,000,518 | ---- | C] () -- C:\Program Files\Shortcut to Windows Messaging.lnk
[2011/05/12 18:50:06 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Isozokel.dat
[2011/05/12 18:50:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Ohabohew.bin

:Services

:Reg

:Files

:Commands
[EMPTYFLASH]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, it will reboot the PC when it is done

Next,

Run OTL
Click the None button at the top.
Under the Custom Scan box paste this in:

%SYSTEMDRIVE%\*.*
C:\Documents and Settings\All Users\Application Data\hJkLi08200\*.*
%temp%\smtmp\*.*
C:\Documents and Settings\Patrick Railey\Local Settings\Application Data\{F53E9F2D-D2E6-468A-9DFF-69F1099AA696}\*.*
C:\Documents and Settings\Patrick Railey\Local Settings\Application Data\{9EBEFFAA-7E6F-4A7D-B3F6-27A10A8F519B}\*.*
C:\Documents and Settings\Patrick Railey\Local Settings\Application Data\{F55E5DF5-508F-424E-8F72-535A1220BE0E}\*.*
C:\Documents and Settings\Patrick Railey\Local Settings\Application Data\{70905B25-9BB3-475D-9C16-E1DF8A4BFD11}\*.*
sfc /scannow /c
Click the Run Scan button.
When the scan completes, it will open a notepad window. Post OTL.Txt here.

This scan will start the system file checker to scan for missing files. Please wait for it to run.

Next,

Download GMER from Here. Note the file's name and save it to your root folder, such as C:\.

Disconnect from the Internet and close all running programs.
Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
Click on this link to see a list of programs that should be disabled.
Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
Allow the driver to load if asked.
You may be prompted to scan immediately if it detects rootkit activity.
If you are prompted to scan your system click "No", save the log and post back the results.
If not prompted, click the "Rootkit/Malware" tab.
On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
Select all drives that are connected to your system to be scanned.
Click the Scan button to begin. (Please be patient as it can take some time to complete)
When the scan is finished, click Save to save the scan results to your Desktop.
Save the file as Results.log and copy/paste the contents in your next reply.
Exit the program and re-enable all active protection when done.

#3
The_Rookie

Posted 21 June 2011 - 07:43 PM

Member

Topic Starter
Member
20 posts

OTL logfile created on: 6/21/2011 12:31:22 PM - Run 2
OTL by OldTimer - Version 3.2.24.0 Folder = F:\
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.07 Mb Total Physical Memory | 482.31 Mb Available Physical Memory | 47.19% Memory free
2.41 Gb Paging File | 1.88 Gb Available in Paging File | 78.23% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.79 Gb Total Space | 10.47 Gb Free Space | 15.00% Space Free | Partition Type: NTFS
Drive D: | 2.67 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 1.86 Gb Total Space | 0.86 Gb Free Space | 46.29% Space Free | Partition Type: FAT

Computer Name: DD65HM71 | User Name: David Railey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2007/01/12 20:38:12 | 000,000,000 | ---- | M] () -- C:\AdobeDebug.txt
[2003/03/18 20:05:50 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\atl71.dll
[2004/08/19 16:07:14 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2005/02/23 14:39:12 | 000,000,398 | ---- | M] () -- C:\AUTOEXEC.UP
[2005/06/06 20:11:12 | 000,000,209 | RHS- | M] () -- C:\boot.ini
[2008/03/02 21:30:19 | 000,001,024 | ---- | M] () -- C:\callerid.fic
[2004/08/19 16:07:14 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2005/02/23 14:39:20 | 000,000,077 | ---- | M] () -- C:\CONFIG.UP
[2005/02/23 14:39:20 | 000,000,085 | ---- | M] () -- C:\COPYUP.BAT
[2005/06/02 10:52:20 | 000,005,835 | RH-- | M] () -- C:\dell.sdr
[2005/02/23 14:39:36 | 000,002,613 | ---- | M] () -- C:\Dellboot.exe
[2005/06/07 22:30:32 | 000,000,200 | ---- | M] () -- C:\dlbu.log
[2011/06/11 21:47:33 | 000,005,061 | -H-- | M] () -- C:\ffastun.ffa
[2011/06/11 21:47:33 | 002,383,872 | -H-- | M] () -- C:\ffastun.ffl
[2011/06/11 21:47:33 | 000,356,352 | -H-- | M] () -- C:\ffastun.ffo
[2011/06/11 21:47:33 | 015,384,576 | -H-- | M] () -- C:\ffastun0.ffx
[2005/06/07 22:32:25 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2004/08/19 16:07:14 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2005/06/02 11:15:21 | 000,000,826 | -H-- | M] () -- C:\IPH.PH
[2008/09/01 12:09:51 | 000,000,127 | ---- | M] () -- C:\jetscan.log
[2003/03/18 22:20:00 | 001,060,864 | ---- | M] (Microsoft Corporation) -- C:\mfc71.dll
[2003/03/18 22:12:12 | 001,047,552 | ---- | M] (Microsoft Corporation) -- C:\mfc71u.dll
[2004/08/19 16:07:14 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2003/03/18 21:14:52 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\msvcp71.dll
[2003/02/21 05:42:22 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\msvcr71.dll
[2004/08/10 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/01 16:40:57 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/06/21 12:25:16 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
[2005/06/02 11:15:28 | 000,000,087 | ---- | M] () -- C:\SystemInfo.ini
[2005/08/25 19:10:52 | 010,755,329 | ---- | M] () -- C:\YF

< C:\Documents and Settings\All Users\Application Data\hJkLi08200\*.* >
[2011/01/10 17:28:23 | 000,000,094 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\hJkLi08200\hJkLi08200

< %temp%\smtmp\*.* >

< C:\Documents and Settings\Patrick Railey\Local Settings\Application Data\{F53E9F2D-D2E6-468A-9DFF-69F1099AA696}\*.* >

< C:\Documents and Settings\Patrick Railey\Local Settings\Application Data\{9EBEFFAA-7E6F-4A7D-B3F6-27A10A8F519B}\*.* >

< C:\Documents and Settings\Patrick Railey\Local Settings\Application Data\{F55E5DF5-508F-424E-8F72-535A1220BE0E}\*.* >

< C:\Documents and Settings\Patrick Railey\Local Settings\Application Data\{70905B25-9BB3-475D-9C16-E1DF8A4BFD11}\*.* >

< sfc /scannow /c >

< End of report >

GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-06-21 20:41:04
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17 WDC_WD800JD-75JNC0 rev.06.01C06
Running: erpet6hb.exe; Driver: C:\DOCUME~1\DAVIDR~1\LOCALS~1\Temp\fgryapog.sys

---- System - GMER 1.0.15 ----

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xF73CC210]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xF73CC224]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF73CC250]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF73CC2A6]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xF73CC1FC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF73CC1D4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF73CC1E8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xF73CC23A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xF73CC27C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xF73CC266]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF73CC2D0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF73CC2BC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xF73CC290]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\services.exe[1108] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00050FEF
.text C:\WINDOWS\system32\services.exe[1108] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00050FC3
.text C:\WINDOWS\system32\services.exe[1108] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00050FD4
.text C:\WINDOWS\system32\services.exe[1108] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0004000A
.text C:\WINDOWS\system32\services.exe[1108] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00040082
.text C:\WINDOWS\system32\services.exe[1108] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00040F8D
.text C:\WINDOWS\system32\services.exe[1108] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00040FA8
.text C:\WINDOWS\system32\services.exe[1108] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00040FB9
.text C:\WINDOWS\system32\services.exe[1108] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00040047
.text C:\WINDOWS\system32\services.exe[1108] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00040F72
.text C:\WINDOWS\system32\services.exe[1108] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 000400BA
.text C:\WINDOWS\system32\services.exe[1108] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00040F2B
.text C:\WINDOWS\system32\services.exe[1108] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00040F46
.text C:\WINDOWS\system32\services.exe[1108] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00040F1A
.text C:\WINDOWS\system32\services.exe[1108] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00040FCA
.text C:\WINDOWS\system32\services.exe[1108] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0004001B
.text C:\WINDOWS\system32\services.exe[1108] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0004009D
.text C:\WINDOWS\system32\services.exe[1108] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00040FE5
.text C:\WINDOWS\system32\services.exe[1108] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0004002C
.text C:\WINDOWS\system32\services.exe[1108] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00040F61
.text C:\WINDOWS\system32\services.exe[1108] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 006F0051
.text C:\WINDOWS\system32\services.exe[1108] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 006F00AC
.text C:\WINDOWS\system32\services.exe[1108] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 006F0036
.text C:\WINDOWS\system32\services.exe[1108] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 006F0025
.text C:\WINDOWS\system32\services.exe[1108] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 006F0091
.text C:\WINDOWS\system32\services.exe[1108] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 006F0000
.text C:\WINDOWS\system32\services.exe[1108] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 006F0FE5
.text C:\WINDOWS\system32\services.exe[1108] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [8F, 88]
.text C:\WINDOWS\system32\services.exe[1108] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 006F006C
.text C:\WINDOWS\system32\services.exe[1108] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00070036
.text C:\WINDOWS\system32\services.exe[1108] msvcrt.dll!system 77C293C7 5 Bytes JMP 00070FA1
.text C:\WINDOWS\system32\services.exe[1108] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00070000
.text C:\WINDOWS\system32\services.exe[1108] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00070FEF
.text C:\WINDOWS\system32\services.exe[1108] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00070011
.text C:\WINDOWS\system32\services.exe[1108] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00070FD2
.text C:\WINDOWS\system32\services.exe[1108] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00060000
.text C:\WINDOWS\system32\lsass.exe[1120] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00BB0000
.text C:\WINDOWS\system32\lsass.exe[1120] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00BB0FE5
.text C:\WINDOWS\system32\lsass.exe[1120] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00BB001B
.text C:\WINDOWS\system32\lsass.exe[1120] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BA0000
.text C:\WINDOWS\system32\lsass.exe[1120] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BA0082
.text C:\WINDOWS\system32\lsass.exe[1120] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BA0F83
.text C:\WINDOWS\system32\lsass.exe[1120] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BA0051
.text C:\WINDOWS\system32\lsass.exe[1120] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BA0F94
.text C:\WINDOWS\system32\lsass.exe[1120] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BA0FCA
.text C:\WINDOWS\system32\lsass.exe[1120] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BA00BA
.text C:\WINDOWS\system32\lsass.exe[1120] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BA0F72
.text C:\WINDOWS\system32\lsass.exe[1120] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BA0F3C
.text C:\WINDOWS\system32\lsass.exe[1120] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BA00D5
.text C:\WINDOWS\system32\lsass.exe[1120] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BA00F0
.text C:\WINDOWS\system32\lsass.exe[1120] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BA0FB9
.text C:\WINDOWS\system32\lsass.exe[1120] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BA0025
.text C:\WINDOWS\system32\lsass.exe[1120] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BA009D
.text C:\WINDOWS\system32\lsass.exe[1120] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BA0036
.text C:\WINDOWS\system32\lsass.exe[1120] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BA0FEF
.text C:\WINDOWS\system32\lsass.exe[1120] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BA0F57
.text C:\WINDOWS\system32\lsass.exe[1120] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00CF0FB9
.text C:\WINDOWS\system32\lsass.exe[1120] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00CF0047
.text C:\WINDOWS\system32\lsass.exe[1120] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00CF0FCA
.text C:\WINDOWS\system32\lsass.exe[1120] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00CF0FE5
.text C:\WINDOWS\system32\lsass.exe[1120] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00CF0F94
.text C:\WINDOWS\system32\lsass.exe[1120] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00CF0000
.text C:\WINDOWS\system32\lsass.exe[1120] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00CF0036
.text C:\WINDOWS\system32\lsass.exe[1120] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00CF0025
.text C:\WINDOWS\system32\lsass.exe[1120] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BD0025
.text C:\WINDOWS\system32\lsass.exe[1120] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BD0F9A
.text C:\WINDOWS\system32\lsass.exe[1120] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BD0FC6
.text C:\WINDOWS\system32\lsass.exe[1120] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BD0FE3
.text C:\WINDOWS\system32\lsass.exe[1120] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BD0FAB
.text C:\WINDOWS\system32\lsass.exe[1120] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BD0000
.text C:\WINDOWS\system32\lsass.exe[1120] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BC000A
.text C:\WINDOWS\system32\svchost.exe[1312] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00640FEF
.text C:\WINDOWS\system32\svchost.exe[1312] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00640FC3
.text C:\WINDOWS\system32\svchost.exe[1312] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00640FD4
.text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00630FEF
.text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00630F88
.text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00630FA3
.text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0063007D
.text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0063006C
.text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00630FCA
.text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00630F3F
.text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00630F5C
.text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 006300A2
.text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00630F09
.text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 006300BD
.text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00630051
.text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0063000A
.text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00630F6D
.text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0063002C
.text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0063001B
.text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00630F24
.text C:\WINDOWS\system32\svchost.exe[1312] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00A80011
.text C:\WINDOWS\system32\svchost.exe[1312] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00A8005F
.text C:\WINDOWS\system32\svchost.exe[1312] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00A80FC0
.text C:\WINDOWS\system32\svchost.exe[1312] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00A80FE5
.text C:\WINDOWS\system32\svchost.exe[1312] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00A8004E
.text C:\WINDOWS\system32\svchost.exe[1312] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00A80000
.text C:\WINDOWS\system32\svchost.exe[1312] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00A8003D
.text C:\WINDOWS\system32\svchost.exe[1312] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00A8002C
.text C:\WINDOWS\system32\svchost.exe[1312] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00660F94
.text C:\WINDOWS\system32\svchost.exe[1312] msvcrt.dll!system 77C293C7 5 Bytes JMP 00660029
.text C:\WINDOWS\system32\svchost.exe[1312] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00660018
.text C:\WINDOWS\system32\svchost.exe[1312] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00660FEF
.text C:\WINDOWS\system32\svchost.exe[1312] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00660FB9
.text C:\WINDOWS\system32\svchost.exe[1312] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00660FDE
.text C:\WINDOWS\system32\svchost.exe[1312] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00650FEF
.text C:\WINDOWS\System32\svchost.exe[1384] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00FE0FEF
.text C:\WINDOWS\System32\svchost.exe[1384] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00FE0FC3
.text C:\WINDOWS\System32\svchost.exe[1384] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00FE0FDE
.text C:\WINDOWS\System32\svchost.exe[1384] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F40FEF
.text C:\WINDOWS\System32\svchost.exe[1384] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F40F72
.text C:\WINDOWS\System32\svchost.exe[1384] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F40067
.text C:\WINDOWS\System32\svchost.exe[1384] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F40056
.text C:\WINDOWS\System32\svchost.exe[1384] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F40F97
.text C:\WINDOWS\System32\svchost.exe[1384] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F4002F
.text C:\WINDOWS\System32\svchost.exe[1384] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F40F30
.text C:\WINDOWS\System32\svchost.exe[1384] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F40F41
.text C:\WINDOWS\System32\svchost.exe[1384] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F40EF3
.text C:\WINDOWS\System32\svchost.exe[1384] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F40F04
.text C:\WINDOWS\System32\svchost.exe[1384] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F400A7
.text C:\WINDOWS\System32\svchost.exe[1384] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F40FA8
.text C:\WINDOWS\System32\svchost.exe[1384] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F40FDE
.text C:\WINDOWS\System32\svchost.exe[1384] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F40078
.text C:\WINDOWS\System32\svchost.exe[1384] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F4001E
.text C:\WINDOWS\System32\svchost.exe[1384] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F40FCD
.text C:\WINDOWS\System32\svchost.exe[1384] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F40F15
.text C:\WINDOWS\System32\svchost.exe[1384] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01020036
.text C:\WINDOWS\System32\svchost.exe[1384] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01020062
.text C:\WINDOWS\System32\svchost.exe[1384] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01020025
.text C:\WINDOWS\System32\svchost.exe[1384] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01020FEF
.text C:\WINDOWS\System32\svchost.exe[1384] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01020051
.text C:\WINDOWS\System32\svchost.exe[1384] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01020000
.text C:\WINDOWS\System32\svchost.exe[1384] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 01020FAF
.text C:\WINDOWS\System32\svchost.exe[1384] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [22, 89]
.text C:\WINDOWS\System32\svchost.exe[1384] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01020FCA
.text C:\WINDOWS\System32\svchost.exe[1384] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01010FBE
.text C:\WINDOWS\System32\svchost.exe[1384] msvcrt.dll!system 77C293C7 5 Bytes JMP 01010049
.text C:\WINDOWS\System32\svchost.exe[1384] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01010FE3
.text C:\WINDOWS\System32\svchost.exe[1384] msvcrt.dll!_open 77C2F566 5 Bytes JMP 0101000C
.text C:\WINDOWS\System32\svchost.exe[1384] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01010038
.text C:\WINDOWS\System32\svchost.exe[1384] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0101001D
.text C:\WINDOWS\System32\svchost.exe[1384] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FF0000
.text C:\WINDOWS\Explorer.EXE[1912] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00E6000A
.text C:\WINDOWS\Explorer.EXE[1912] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00E60FE5
.text C:\WINDOWS\Explorer.EXE[1912] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00E6001B
.text C:\WINDOWS\Explorer.EXE[1912] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E50000
.text C:\WINDOWS\Explorer.EXE[1912] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E50F8A
.text C:\WINDOWS\Explorer.EXE[1912] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E50F9B
.text C:\WINDOWS\Explorer.EXE[1912] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E50075
.text C:\WINDOWS\Explorer.EXE[1912] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E50FAC
.text C:\WINDOWS\Explorer.EXE[1912] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E50FC7
.text C:\WINDOWS\Explorer.EXE[1912] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E500D2
.text C:\WINDOWS\Explorer.EXE[1912] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E500B5
.text C:\WINDOWS\Explorer.EXE[1912] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E50108
.text C:\WINDOWS\Explorer.EXE[1912] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E500E3
.text C:\WINDOWS\Explorer.EXE[1912] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00E50F4A
.text C:\WINDOWS\Explorer.EXE[1912] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00E5004E
.text C:\WINDOWS\Explorer.EXE[1912] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00E50011
.text C:\WINDOWS\Explorer.EXE[1912] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00E500A4
.text C:\WINDOWS\Explorer.EXE[1912] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00E50033
.text C:\WINDOWS\Explorer.EXE[1912] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00E50022
.text C:\WINDOWS\Explorer.EXE[1912] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00E50F65
.text C:\WINDOWS\Explorer.EXE[1912] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 014A0FCA
.text C:\WINDOWS\Explorer.EXE[1912] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 014A0062
.text C:\WINDOWS\Explorer.EXE[1912] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 014A001B
.text C:\WINDOWS\Explorer.EXE[1912] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 014A0000
.text C:\WINDOWS\Explorer.EXE[1912] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 014A0051
.text C:\WINDOWS\Explorer.EXE[1912] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 014A0FEF
.text C:\WINDOWS\Explorer.EXE[1912] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 014A0FAF
.text C:\WINDOWS\Explorer.EXE[1912] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [6A, 89] {PUSH -0x77}
.text C:\WINDOWS\Explorer.EXE[1912] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 014A0036
.text C:\WINDOWS\Explorer.EXE[1912] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0149004E
.text C:\WINDOWS\Explorer.EXE[1912] msvcrt.dll!system 77C293C7 5 Bytes JMP 01490FB9
.text C:\WINDOWS\Explorer.EXE[1912] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01490FDE
.text C:\WINDOWS\Explorer.EXE[1912] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01490000
.text C:\WINDOWS\Explorer.EXE[1912] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01490033
.text C:\WINDOWS\Explorer.EXE[1912] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01490FEF
.text C:\WINDOWS\Explorer.EXE[1912] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00E70000
.text C:\WINDOWS\Explorer.EXE[1912] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00E70011
.text C:\WINDOWS\Explorer.EXE[1912] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00E70022
.text C:\WINDOWS\Explorer.EXE[1912] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 00E70FD1
.text C:\WINDOWS\Explorer.EXE[1912] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00E80FEF

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe[380] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW] [00407740] C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
IAT C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe[380] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [004077A0] C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\InProcServer32@ %SystemRoot%\system32\SHELL32.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\InProcServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0x2E 0xE8 0xE1 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x25 0xDA 0xEC 0x7E ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{77F8D6E9-F0A7-8D50-B905-CAC75B2E221B}\InprocServer32@ C:\WINDOWS\system32\cmprops.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{77F8D6E9-F0A7-8D50-B905-CAC75B2E221B}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{77F8D6E9-F0A7-8D50-B905-CAC75B2E221B}\ProgID@ CMSnapin.CMSnapin.1
Reg HKLM\SOFTWARE\Classes\CLSID\{77F8D6E9-F0A7-8D50-B905-CAC75B2E221B}\TypeLib@ {A1B9E012-3226-11D2-883E-00104B2AFB46}
Reg HKLM\SOFTWARE\Classes\CLSID\{77F8D6E9-F0A7-8D50-B905-CAC75B2E221B}\VersionIndependentProgID@ CMSnapin.CMSnapin
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x37 0xA4 0xAA 0xC3 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ...

---- Files - GMER 1.0.15 ----

File C:\Program Files\Steam\SteamApps\doctor_who_10\sourcesdk_content\tf\mapsrc 0 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\sourcesdk_content\tf\mapsrc\cp_game_entities.vmf 124376 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\synergy\bin 0 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\synergy\bin\friendsui.dll 770048 bytes executable
File C:\Program Files\Steam\SteamApps\doctor_who_10\synergy\bin\binkw32.dll 167936 bytes executable
File C:\Program Files\Steam\SteamApps\doctor_who_10\synergy\bin\bugreporter.dll 124152 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\synergy\bin\bugreporter_public.dll 111864 bytes executable
File C:\Program Files\Steam\SteamApps\doctor_who_10\synergy\bin\datamodel.dll 1040384 bytes executable
File C:\Program Files\Steam\SteamApps\doctor_who_10\synergy\bin\dmserializers.dll 712704 bytes executable
File C:\Program Files\Steam\SteamApps\doctor_who_10\synergy\bin\FileSystemOpenDialog.dll 427256 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\synergy\bin\soundsystem.dll 169208 bytes executable
File C:\Program Files\Steam\SteamApps\doctor_who_10\synergy\bin\texturecompile_dll.dll 304376 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\synergy\bin\unicode.dll 83192 bytes executable
File C:\Program Files\Steam\SteamApps\doctor_who_10\synergy\bin\unicows.dll 245408 bytes executable
File C:\Program Files\Steam\SteamApps\doctor_who_10\synergy\bin\unitlib.dll 62712 bytes executable
File C:\Program Files\Steam\SteamApps\doctor_who_10\synergy\bin\valve_avi.dll 120056 bytes executable
File C:\Program Files\Steam\SteamApps\doctor_who_10\synergy\bin\vaudio_speex.dll 155648 bytes executable
File C:\Program Files\Steam\SteamApps\doctor_who_10\synergy\bin\vtex_dll.dll 705784 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\synergy\bin\xinput1_3.dll 68888 bytes executable
File C:\Program Files\Steam\SteamApps\doctor_who_10\synergy\bin\mdllib.dll 111864 bytes executable
File C:\Program Files\Steam\SteamApps\doctor_who_10\synergy\bin\Mss32.dll 372736 bytes executable
File C:\Program Files\Steam\SteamApps\doctor_who_10\synergy\bin\mssmp3.asi 149504 bytes executable
File C:\Program Files\Steam\SteamApps\doctor_who_10\synergy\bin\mssvoice.asi 214528 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\synergy\bin\msvcr71.dll 348160 bytes executable
File C:\Program Files\Steam\SteamApps\doctor_who_10\synergy\bin\parsifal.dll 111864 bytes executable
File C:\Program Files\Steam\SteamApps\doctor_who_10\synergy\bin\rdmwin32.dll 207872 bytes executable
File C:\Program Files\Steam\SteamApps\doctor_who_10\synergy\bin\sdkenginetools.txt 110 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\synergy\ep2 0 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\synergy\ep2\resource 0 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\synergy\ep2\resource\hl2ep2.ttf 5228 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\synergy\hl2 0 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\synergy\hl2\media 0 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\synergy\hl2\media\StartupVids.txt 17 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\synergy\hl2\media\valve.bik 7569420 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\synergy\hl2\resource 0 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\synergy\hl2\resource\halflife2.ttf 57972 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\synergy\hl2\resource\hl2crosshairs.ttf 4000 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\synergy\hl2\resource\hl2ep2.ttf 5032 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\synergy\hl2.exe 98304 bytes executable
File C:\Program Files\Steam\SteamApps\doctor_who_10\synergy\patches 0 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\synergy\patches\Windows6.0-KB940105-x86.msu 458887 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\synergy\platform 0 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\synergy\platform\config 0 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\synergy\platform\config\ingamedialogconfig.vdf 3162 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\synergy\platform\config\serverbrowser.vdf 1086 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\synergy\Steam__3575__2008_10_19T20_57_27C57468.mdmp 93321 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\synergy\Steam__3575__2008_10_19T20_57_36C6125.mdmp 95305 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\synergy\Steam__3575__2008_10_3T22_44_26C124250.mdmp 71797 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\synergy\Steam__3575__2008_10_3T22_55_50C661406.mdmp 75728 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\synergy\synergy 0 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\synergy\synergy\bin 0 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\synergy\synergy\bin\client.dll 4621312 bytes executable
File C:\Program Files\Steam\SteamApps\doctor_who_10\synergy\synergy\bin\server.dll 7420416 bytes executable
File C:\Program Files\Steam\SteamApps\doctor_who_10\synergy\synergy\cache 0 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\synergy\synergy\cache\downloadcache.db 20 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\synergy\synergy\cfg 0 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\synergy\synergy\cfg\config.cfg 5993 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\synergy\synergy\demoheader.tmp 145058 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\synergy\synergy\downloads 0 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\synergy\synergy\downloads\2a11ac6d.dat 87616 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\synergy\synergy\downloads\2c85cffa.dat 43936 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\synergy\synergy\downloads\36816eed.dat 11168 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\synergy\synergy\downloads\c1a43d9f.dat 43936 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\synergy\synergy\gameinfo.txt 422 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\synergy\synergy\maps 0 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\synergy\synergy\maps\graphs 0 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\synergy\synergy\maps\graphs\syn_canal_escape_part1.ain 174421 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\synergy\synergy\maps\graphs\syn_canal_escape_part2.ain 122119 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\synergy\synergy\maps\soundcache 0 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\synergy\synergy\maps\soundcache\d3_citadel_02.cache 16 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\synergy\synergy\maps\soundcache\ep2_outland_01.cache 16 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\synergy\synergy\maps\soundcache\ep2_outland_06.cache 44419 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\synergy\synergy\maps\soundcache\syn_apprehension.cache 16 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\synergy\synergy\maps\soundcache\syn_canal_escape_part1.cache 16 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\synergy\synergy\maps\soundcache\syn_canal_escape_part2.cache 16 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\synergy\synergy\maps\soundcache\_other.cache 533563 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\synergy\synergy\maps\soundcache\_other_rebuild.cache 16 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\synergy\synergy\maps\soundcache\_sharedprecache.cache 16 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\synergy\synergy\maps\syn_apprehension.bsp 18713116 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\synergy\synergy\materials 0 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\synergy\synergy\materials\VGUI 0 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\synergy\synergy\materials\VGUI\logos 0 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\synergy\synergy\materials\VGUI\logos\The TARDIS (Steam Spray).vmt 141 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\synergy\synergy\materials\VGUI\logos\The TARDIS (Steam Spray).vtf 43936 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\synergy\synergy\materials\VGUI\logos\UI 0 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\synergy\synergy\materials\VGUI\logos\UI\the tardis (steam spray).vmt 225 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\synergy\synergy\modelsounds.cache 16 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\synergy\synergy\mount.cache 16 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\synergy\synergy\resource 0 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\synergy\synergy\resource\game.ico 22382 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\synergy\synergy\resource\hl2mp.ttf 16148 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\synergy\synergy\resource\synfont.ttf 14976 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\synergy\synergy\scripts 0 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\synergy\synergy\scripts\game_sounds_manifest.txt 3339 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\synergy\synergy\SDK 0 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\synergy\synergy\SDK\chkedt.bat 519 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\synergy\synergy\SDK\chkedt.exe 57856 bytes executable
File C:\Program Files\Steam\SteamApps\doctor_who_10\synergy\synergy\SDK\synergy.fgd 215598 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\synergy\synergy\SDK\synergy_base.fgd 333866 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\synergy\synergy\version.cache 8 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\synergy\synergy\voice_ban.dt 4 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\team fortress 2\tf\bin 0 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\team fortress 2\tf\cache 0 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\team fortress 2\tf\cache\2fortsniper_tf2.bsp0000 3416064 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\team fortress 2\tf\cache\cp_canyon.bsp.bz20000 710656 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\team fortress 2\tf\cache\cp_jump_b4.bsp.bz20000 391168 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\team fortress 2\tf\cache\cp_rats_alpha2.bsp.bz20000 1992704 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\team fortress 2\tf\cache\ctf_convoy.bsp0000 1001472 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\team fortress 2\tf\cache\ctf_mach2.bsp0000 512000 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\team fortress 2\tf\cache\ctf_mine4.bsp.bz20000 188416 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\team fortress 2\tf\cache\downloadcache.db 1552 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\team fortress 2\tf\cache\mario_kart.bsp.bz20000 6561792 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\team fortress 2\tf\cache\no_becon.mp3.bz20000 53248 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\team fortress 2\tf\cache\thatsmell.wav0000 2971648 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\team fortress 2\tf\cache\thisissparta.wav0000 512000 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\team fortress 2\tf\cfg 0 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\team fortress 2\tf\cfg\config.cfg 7500 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\team fortress 2\tf\cfg\config_arena.cfg 264 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\team fortress 2\tf\cfg\demoman.cfg 8 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\team fortress 2\tf\cfg\engineer.cfg 8 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\team fortress 2\tf\cfg\heavyweapons.cfg 8 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\team fortress 2\tf\cfg\medic.cfg 8 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\team fortress 2\tf\cfg\pyro.cfg 8 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\team fortress 2\tf\cfg\scout.cfg 8 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\team fortress 2\tf\cfg\server_blacklist.txt 22 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\team fortress 2\tf\cfg\settings.scr 1468 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\team fortress 2\tf\cfg\sniper.cfg 8 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\team fortress 2\tf\cfg\soldier.cfg 8 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\team fortress 2\tf\cfg\spy.cfg 8 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\team fortress 2\tf\demoheader.tmp 163124 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\team fortress 2\tf\DownloadLists 0 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\team fortress 2\tf\DownloadLists\ctf_2fort.lst 22 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\team fortress 2\tf\downloads 0 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\team fortress 2\tf\downloads\0001c55c.dat 87616 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\team fortress 2\tf\downloads\006abe04.dat 65744 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\team fortress 2\tf\downloads\00ec02a4.dat 87640 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\team fortress 2\tf\downloads\0101bdf9.dat 43936 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\team fortress 2\tf\downloads\01bd3a7d.dat 22008 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\team fortress 2\tf\downloads\02340883.dat 43936 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\team fortress 2\tf\downloads\0260036b.dat 87616 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\team fortress 2\tf\downloads\0321e1e7.dat 87640 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\team fortress 2\tf\downloads\03e64956.dat 65744 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\team fortress 2\tf\downloads\045c5dd2.dat 43936 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\team fortress 2\tf\downloads\04d4f8f7.dat 43936 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\team fortress 2\tf\downloads\04e18701.dat 87616 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\team fortress 2\tf\downloads\04ea950b.dat 43936 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\team fortress 2\tf\downloads\04f1c079.dat 43936 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\team fortress 2\tf\downloads\04fc588b.dat 87616 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\team fortress 2\tf\downloads\05a456da.dat 43936 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\team fortress 2\tf\downloads\060dee86.dat 65744 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\team fortress 2\tf\downloads\061aed9f.dat 87600 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\team fortress 2\tf\downloads\0661fa1b.dat 43936 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\team fortress 2\tf\downloads\06b9eecc.dat 43936 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\team fortress 2\tf\downloads\06db7b37.dat 87640 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\team fortress 2\tf\downloads\07270de9.dat 65744 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\team fortress 2\tf\downloads\7ae117b8.dat 43856 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\team fortress 2\tf\downloads\7bebf1df.dat 43936 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\team fortress 2\tf\downloads\7c013553.dat 87640 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\team fortress 2\tf\downloads\7cbfa857.dat 87616 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\team fortress 2\tf\downloads\7cc5b385.dat 11168 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\team fortress 2\tf\downloads\7d175bc5.dat 87640 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\team fortress 2\tf\downloads\7d400b11.dat 54912 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\team fortress 2\tf\downloads\7d479d6f.dat 65728 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\team fortress 2\tf\downloads\7e19865b.dat 87616 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\team fortress 2\tf\downloads\7e8b13f6.dat 87616 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\team fortress 2\tf\downloads\7eb60ecc.dat 87616 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\team fortress 2\tf\downloads\7f3be04f.dat 87640 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\team fortress 2\tf\downloads\7f40d227.dat 43936 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\team fortress 2\tf\downloads\7f845ad0.dat 87616 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\team fortress 2\tf\downloads\7f9df0b2.dat 87616 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\team fortress 2\tf\downloads\8012070c.dat 22080 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\team fortress 2\tf\downloads\8046b6fd.dat 928 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\team fortress 2\tf\downloads\c4eb53c7.dat 43856 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\team fortress 2\tf\downloads\c616246d.dat 87616 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\team fortress 2\tf\downloads\c928588b.dat 43936 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\team fortress 2\tf\downloads\c9ad666b.dat 87640 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\team fortress 2\tf\downloads\c9df7bfa.dat 98512 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\team fortress 2\tf\downloads\ca22742b.dat 87640 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\team fortress 2\tf\downloads\ca94c553.dat 43912 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\team fortress 2\tf\downloads\cb1334dc.dat 87616 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\team fortress 2\tf\downloads\cb7cd01d.dat 87640 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\team fortress 2\tf\downloads\cd13a9ad.dat 43912 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\team fortress 2\tf\downloads\cdd518b5.dat 43936 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\team fortress 2\tf\downloads\cdde0986.dat 87640 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\team fortress 2\tf\downloads\ce4e3f96.dat 0 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\team fortress 2\tf\downloads\d08b81b8.dat 87616 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\team fortress 2\tf\downloads\d180a23c.dat 87640 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\team fortress 2\tf\downloads\d1b3a792.dat 87616 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\team fortress 2\tf\downloads\d20484ab.dat 43912 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\team fortress 2\tf\downloads\d2048d89.dat 120528 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\team fortress 2\tf\downloads\d2467f12.dat 43936 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\team fortress 2\tf\downloads\d276681d.dat 43936 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\team fortress 2\tf\downloads\d38334ee.dat 0 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\team fortress 2\tf\downloads\d3d66259.dat 0 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\team fortress 2\tf\downloads\d403c021.dat 0 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\team fortress 2\tf\downloads\d4aa2509.dat 0 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\team fortress 2\tf\downloads\d59c695c.dat 0 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\team fortress 2\tf\downloads\d65a59c2.dat 0 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\team fortress 2\tf\downloads\d6943fa6.dat 0 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\team fortress 2\tf\downloads\d71f15f6.dat 0 bytes
File C:\Program Files\Steam\SteamApps\doctor_who_10\team fortress 2\tf\downloads\d847d9c7.dat 0 bytes

---- EOF - GMER 1.0.15 ----

#4
mitch8

Posted 21 June 2011 - 09:12 PM

Trusted Helper

Malware Removal
1,356 posts

Hi,

Download TFC to your desktop

Open the file and close any other windows.
It will close all programs itself when run, make sure to let it run uninterrupted.
Click the Start button to begin the process. The program should not take long to finish its job
Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

Next,

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

Double-click SystemLook.exe to run it.

Copy the content of the following codebox into the main textfield:

:dir
C:\Documents and Settings\All Users\Application Data\hJkLi08200\hJkLi08200

Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Next,

Can you uninstall malware bytes and try to install it again?

#5
The_Rookie

Posted 23 June 2011 - 09:59 AM

Member

Topic Starter
Member
20 posts

Ran TFC without a problem, rebooted. I then ran SystemLook using the code you gave me and it said that the directory didn't exist, so I did a little searching. The code you gave me led to a file with the same name as the hidden folder it was in, not a new directory, so I got rid of the redundant "hJkLi08200" and rescanned using SystemLook:

SystemLook 04.09.10 by jpshortstuff
Log created at 23:18 on 22/06/2011 by David Railey
Administrator - Elevation successful

========== dir ==========

C:\Documents and Settings\All Users\Application Data\hJkLi08200 - Parameters: "(none)"

---Files---
hJkLi08200	------- 94 bytes	[23:04 09/01/2011]	[22:28 10/01/2011]

---Folders---
None found.

-= EOF =-

Afterwards, I uninstalled MBAM and tried to reinstall it. No dice, it still came up with the same error from the first post.

#6
mitch8

Posted 24 June 2011 - 12:19 PM

Trusted Helper

Malware Removal
1,356 posts

Hi,

Download ComboFix here :

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you don't know how to disable them then just continue on.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

#7
The_Rookie

Posted 27 June 2011 - 10:51 AM

Member

Topic Starter
Member
20 posts

Saved it to my desktop, let it run. A dialog box with a progress bar showed the processes it was going through (Windows Recovery installation never popped up, so I'm assuming I have it). When it was done, there was NO log that showed up on the screen or anywhere, and the .exe file itself disappeared, so I'm at a loss.

#8
mitch8

Posted 27 June 2011 - 11:24 AM

Trusted Helper

Malware Removal
1,356 posts

Is there a log at C:\ComboFix.txt? If not can you download ComboFix and try it again?

#9
The_Rookie

Posted 27 June 2011 - 11:40 AM

Member

Topic Starter
Member
20 posts

Nope, no log anywhere that I can see. Also, due to the effects of whatever this is, I can't do a search of the C: drive for anything containing "ComboFix" in the name. Already tried to re-download and re-initialize, and I still got the same results as before: Looks like it's working, looks like it's done, then no log and the .exe disappears.

#10
mitch8

Posted 27 June 2011 - 11:47 AM

Trusted Helper

Malware Removal
1,356 posts

Run OTL
Select the None button
Under the Custom Scan box paste this in:

/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
explorer.exe
svchost.exe
userinit.exe
qmgr.dll
ws2_32.dll
proquota.exe
imm32.dll
kernel32.dll
ndis.sys
autochk.exe
spoolsv.exe
xmlprov.dll
ntmssvc.dll
mswsock.dll
/md5stop
%systemroot%\*.*
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
When the scan completes, it will open a notepad window. Post OTL.Txt here.

#11
The_Rookie

Posted 27 June 2011 - 01:02 PM

Member

Topic Starter
Member
20 posts

OTL logfile created on: 6/27/2011 1:25:52 PM - Run 3
OTL by OldTimer - Version 3.2.24.0 Folder = F:\
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.07 Mb Total Physical Memory | 622.32 Mb Available Physical Memory | 60.89% Memory free
2.41 Gb Paging File | 2.04 Gb Available in Paging File | 84.96% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.79 Gb Total Space | 12.87 Gb Free Space | 18.43% Space Free | Partition Type: NTFS
Drive D: | 2.67 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 1.86 Gb Total Space | 0.86 Gb Free Space | 46.03% Space Free | Partition Type: FAT

Computer Name: DD65HM71 | User Name: Debbie Railey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========

< MD5 for: AGP440.SYS >
[2004/08/10 05:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2004/08/10 05:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/09/01 16:32:57 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/09/01 16:32:57 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/10 05:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/10 05:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/09/01 16:32:57 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/09/01 16:32:57 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\i386\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2008/04/13 19:12:12 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\ServicePackFiles\i386\autochk.exe
[2008/04/13 19:12:12 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\system32\autochk.exe
[2004/08/10 05:00:00 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=B3415B9D6026F65E43089ABED096C38C -- C:\i386\autochk.exe
[2004/08/10 05:00:00 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=B3415B9D6026F65E43089ABED096C38C -- C:\WINDOWS\$NtServicePackUninstall$\autochk.exe

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/10 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\i386\eventlog.dll
[2004/08/10 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 06:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/10 05:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: IMM32.DLL >
[2008/04/13 19:11:54 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6A8BF8F -- C:\WINDOWS\ServicePackFiles\i386\imm32.dll
[2008/04/13 19:11:54 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6A8BF8F -- C:\WINDOWS\system32\imm32.dll
[2004/08/10 05:00:00 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=87CA7CE6469577F059297B9D6556D66D -- C:\i386\imm32.dll
[2004/08/10 05:00:00 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=87CA7CE6469577F059297B9D6556D66D -- C:\WINDOWS\$NtServicePackUninstall$\imm32.dll

< MD5 for: KERNEL32.DLL >
[2007/04/16 11:07:27 | 000,986,112 | ---- | M] (Microsoft Corporation) MD5=09F7CB3687F86EDAA4CA081F7AB66C03 -- C:\WINDOWS\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[2006/07/05 05:57:10 | 000,985,088 | ---- | M] (Microsoft Corporation) MD5=0FDD84928A5DDE2510761B7EC76CCEC9 -- C:\WINDOWS\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[2004/08/10 05:00:00 | 000,983,552 | ---- | M] (Microsoft Corporation) MD5=888190E31455FAD793312F8D087146EB -- C:\i386\kernel32.dll
[2004/08/10 05:00:00 | 000,983,552 | ---- | M] (Microsoft Corporation) MD5=888190E31455FAD793312F8D087146EB -- C:\WINDOWS\$NtUninstallKB917422$\kernel32.dll
[2007/04/16 10:52:53 | 000,984,576 | ---- | M] (Microsoft Corporation) MD5=A01F9CA902A88F7CED06884174D6419D -- C:\WINDOWS\$NtServicePackUninstall$\kernel32.dll
[2009/03/21 09:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\system32\kernel32.dll
[2008/04/13 19:11:56 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=C24B983D211C34DA8FCC1AC38477971D -- C:\WINDOWS\$NtUninstallKB959426$\kernel32.dll
[2008/04/13 19:11:56 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=C24B983D211C34DA8FCC1AC38477971D -- C:\WINDOWS\ServicePackFiles\i386\kernel32.dll
[2006/07/05 05:55:01 | 000,984,064 | ---- | M] (Microsoft Corporation) MD5=D8DB5397DE07577C1CB50BA6D23B3AD4 -- C:\WINDOWS\$NtUninstallKB935839$\kernel32.dll
[2009/03/21 08:59:23 | 000,991,744 | ---- | M] (Microsoft Corporation) MD5=DA11D9D6ECBDF0F93436A4B7C13F7BEC -- C:\WINDOWS\$hf_mig$\KB959426\SP3QFE\kernel32.dll

< MD5 for: MSWSOCK.DLL >
[2008/06/20 12:41:10 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=097722F235A1FB698BF9234E01B52637 -- C:\WINDOWS\$NtServicePackUninstall$\mswsock.dll
[2008/06/20 12:36:11 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=1DFCA7713EA5A70D5D93B436AEA0317A -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[2004/08/10 05:00:00 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=4E74AF063C3271FBEA20DD940CFD1184 -- C:\i386\mswsock.dll
[2004/08/10 05:00:00 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=4E74AF063C3271FBEA20DD940CFD1184 -- C:\WINDOWS\$NtUninstallKB951748_0$\mswsock.dll
[2008/06/20 12:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[2008/06/20 12:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\$NtUninstallKB2509553$\mswsock.dll
[2008/06/20 11:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=943337D786A56729263071623BBB9DE5 -- C:\WINDOWS\system32\mswsock.dll
[2008/04/13 19:12:01 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\$NtUninstallKB951748$\mswsock.dll
[2008/04/13 19:12:01 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\ServicePackFiles\i386\mswsock.dll
[2008/06/20 12:43:05 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\mswsock.dll
[2008/06/20 12:43:05 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll

< MD5 for: NDIS.SYS >
[2008/04/13 14:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008/04/13 14:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2004/08/10 05:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\i386\ndis.sys
[2004/08/10 05:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/10 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll
[2004/08/10 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NTMSSVC.DLL >
[2008/04/13 19:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\ServicePackFiles\i386\ntmssvc.dll
[2008/04/13 19:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\system32\ntmssvc.dll
[2004/08/10 05:00:00 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=B62F29C00AC55A761B2E45877D85EA0F -- C:\i386\ntmssvc.dll
[2004/08/10 05:00:00 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=B62F29C00AC55A761B2E45877D85EA0F -- C:\WINDOWS\$NtServicePackUninstall$\ntmssvc.dll

< MD5 for: PROQUOTA.EXE >
[2004/08/10 05:00:00 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=4D9D45A4370E0C2AD00C362B7118E2A4 -- C:\i386\proquota.exe
[2004/08/10 05:00:00 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=4D9D45A4370E0C2AD00C362B7118E2A4 -- C:\WINDOWS\$NtServicePackUninstall$\proquota.exe
[2008/04/13 19:12:32 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\ServicePackFiles\i386\proquota.exe
[2008/04/13 19:12:32 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\system32\proquota.exe

< MD5 for: QMGR.DLL >
[2004/08/10 05:00:00 | 000,382,464 | ---- | M] (Microsoft Corporation) MD5=2C69EC7E5A311334D10DD95F338FCCEA -- C:\i386\qmgr.dll
[2004/08/10 05:00:00 | 000,382,464 | ---- | M] (Microsoft Corporation) MD5=2C69EC7E5A311334D10DD95F338FCCEA -- C:\WINDOWS\$NtServicePackUninstall$\qmgr.dll
[2008/04/13 19:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\ServicePackFiles\i386\qmgr.dll
[2008/04/13 19:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\bits\qmgr.dll
[2008/04/13 19:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\qmgr.dll

< MD5 for: SCECLI.DLL >
[2004/08/10 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\i386\scecli.dll
[2004/08/10 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SPOOLSV.EXE >
[2010/08/17 08:19:36 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=258DD5D4283FD9F9A7166BE9AE45CE73 -- C:\WINDOWS\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[2010/08/17 08:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\system32\spoolsv.exe
[2004/08/10 05:00:00 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=7435B108B935E42EA92CA94F59C8E717 -- C:\i386\spoolsv.exe
[2004/08/10 05:00:00 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=7435B108B935E42EA92CA94F59C8E717 -- C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
[2005/06/10 19:17:13 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=AD3D9D191AEA7B5445FE1D82FFBB4788 -- C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[2008/04/13 19:12:36 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\$NtUninstallKB2347290$\spoolsv.exe
[2008/04/13 19:12:36 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
[2005/06/10 18:53:32 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=DA81EC57ACD4CDC3D4C51CF3D409AF9F -- C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/10 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\i386\svchost.exe
[2004/08/10 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/10 05:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\i386\userinit.exe
[2004/08/10 05:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WS2_32.DLL >
[2008/04/13 19:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008/04/13 19:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
[2004/08/10 05:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\i386\ws2_32.dll
[2004/08/10 05:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll

< MD5 for: XMLPROV.DLL >
[2008/04/13 19:12:11 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\ServicePackFiles\i386\xmlprov.dll
[2008/04/13 19:12:11 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\system32\xmlprov.dll
[2004/08/10 05:00:00 | 000,129,536 | ---- | M] (Microsoft Corporation) MD5=EEF46DAB68229A14DA3D8E73C99E2959 -- C:\i386\xmlprov.dll
[2004/08/10 05:00:00 | 000,129,536 | ---- | M] (Microsoft Corporation) MD5=EEF46DAB68229A14DA3D8E73C99E2959 -- C:\WINDOWS\$NtServicePackUninstall$\xmlprov.dll

< %systemroot%\*.* >
[2011/06/12 10:59:37 | 000,000,000 | ---- | M] () -- C:\WINDOWS\0.log
[2008/06/21 22:42:03 | 000,000,039 | ---- | M] () -- C:\WINDOWS\3D Text Factory.INI
[2006/05/09 20:01:07 | 000,000,010 | R--- | M] () -- C:\WINDOWS\ABC3D.SN
[1999/01/14 20:04:06 | 000,000,231 | ---- | M] () -- C:\WINDOWS\AC3API.INI
[1996/11/17 00:00:00 | 000,000,002 | ---- | M] () -- C:\WINDOWS\ARTGALRY.CAG
[2009/04/16 11:19:48 | 000,015,577 | ---- | M] () -- C:\WINDOWS\atiogl.xml
[2005/07/11 20:06:56 | 000,001,071 | ---- | M] () -- C:\WINDOWS\AWMODEM.INF
[2007/11/18 18:40:29 | 000,000,023 | ---- | M] () -- C:\WINDOWS\BlendSettings.ini
[2004/08/10 05:00:00 | 000,001,272 | ---- | M] () -- C:\WINDOWS\Blue Lace 16.bmp
[2011/06/27 10:31:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 05:00:00 | 000,082,944 | ---- | M] () -- C:\WINDOWS\clock.avi
[2008/09/01 16:52:14 | 000,000,373 | ---- | M] () -- C:\WINDOWS\cmsetacl.log
[2004/08/10 05:00:00 | 000,017,062 | ---- | M] () -- C:\WINDOWS\Coffee Bean.bmp
[2010/10/08 17:48:38 | 000,020,738 | ---- | M] () -- C:\WINDOWS\COM+.log
[2011/05/15 22:19:56 | 000,731,036 | ---- | M] () -- C:\WINDOWS\comsetup.log
[2004/08/19 16:07:14 | 000,000,000 | ---- | M] () -- C:\WINDOWS\control.ini
[1994/12/05 17:11:00 | 000,053,552 | ---- | M] (Creative® Technology Ltd.) -- C:\WINDOWS\CTCCW.DLL
[2003/11/14 00:21:34 | 000,049,152 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\CTDCRES.DLL
[2004/07/26 17:12:54 | 004,932,463 | ---- | M] () -- C:\WINDOWS\CTDVAUDY.CDF
[1996/05/23 15:24:00 | 000,024,976 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\CTRES.DLL
[2006/04/13 20:20:00 | 000,035,262 | ---- | M] () -- C:\WINDOWS\David Railey.acl
[2007/02/21 22:33:19 | 000,008,192 | ---- | M] () -- C:\WINDOWS\David Railey.pcb
[2007/05/01 16:22:02 | 000,007,168 | ---- | M] () -- C:\WINDOWS\Debbie Railey.pcb
[2002/06/10 15:26:32 | 000,787,512 | ---- | M] () -- C:\WINDOWS\Dell.bmp
[2011/05/23 11:15:15 | 000,001,012 | ---- | M] () -- C:\WINDOWS\dellstat.ini
[2004/08/10 05:00:00 | 000,000,002 | ---- | M] () -- C:\WINDOWS\desktop.ini
[2003/11/14 00:21:22 | 000,094,208 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\DEVREG.DLL
[2008/03/15 09:25:36 | 000,044,571 | ---- | M] () -- C:\WINDOWS\Directx.log
[2005/07/09 17:46:40 | 000,003,325 | ---- | M] () -- C:\WINDOWS\DJBDRV.LOG
[2008/09/05 18:47:39 | 000,025,594 | ---- | M] () -- C:\WINDOWS\DPINST.LOG
[2008/09/02 21:27:05 | 000,000,867 | ---- | M] () -- C:\WINDOWS\DtcInstall.log
[2011/05/15 22:19:56 | 000,126,415 | ---- | M] () -- C:\WINDOWS\ehOCGen.log
[2006/04/07 20:08:16 | 000,000,022 | ---- | M] () -- C:\WINDOWS\exchng.ini
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
[2004/08/10 05:00:00 | 000,000,080 | ---- | M] () -- C:\WINDOWS\explorer.scf
[2011/05/15 22:19:56 | 002,261,823 | ---- | M] () -- C:\WINDOWS\FaxSetup.log
[2004/08/10 05:00:00 | 000,016,730 | ---- | M] () -- C:\WINDOWS\FeatherTexture.bmp
[2006/08/02 18:12:35 | 000,606,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\flashax.exe
[2007/02/02 23:31:41 | 000,000,121 | ---- | M] () -- C:\WINDOWS\GEARInstall.log
[2004/08/10 05:00:00 | 000,017,336 | ---- | M] () -- C:\WINDOWS\Gone Fishing.bmp
[2004/08/10 05:00:00 | 000,026,582 | ---- | M] () -- C:\WINDOWS\Greenstone.bmp
[2008/04/13 19:12:21 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\hh.exe
[2006/08/02 18:12:41 | 000,503,808 | ---- | M] (ScreenTime Media) -- C:\WINDOWS\hitchhikers.scr
[2007/01/20 22:40:46 | 000,001,189 | ---- | M] () -- C:\WINDOWS\ie7_main.log
[2009/07/03 12:04:11 | 000,044,183 | ---- | M] () -- C:\WINDOWS\ie8.log
[2009/07/03 12:08:50 | 000,162,904 | ---- | M] () -- C:\WINDOWS\ie8_main.log
[2010/04/14 18:02:52 | 002,004,360 | ---- | M] () -- C:\WINDOWS\iis6.BAK
[2011/05/15 22:19:56 | 000,516,723 | ---- | M] () -- C:\WINDOWS\iis6.log
[2006/08/02 18:12:35 | 000,012,288 | ---- | M] () -- C:\WINDOWS\impborl.dll
[2011/05/15 22:11:53 | 000,001,917 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/05/15 22:19:56 | 000,001,917 | ---- | M] () -- C:\WINDOWS\imsins.log
[2003/08/25 14:05:06 | 000,020,480 | ---- | M] (Creative Technology Limited) -- C:\WINDOWS\INRES.DLL
[2010/05/09 18:52:16 | 000,000,019 | ---- | M] () -- C:\WINDOWS\install.log
[2005/09/09 21:19:56 | 000,000,000 | ---- | M] () -- C:\WINDOWS\iPlayer.INI
[1998/10/29 16:45:06 | 000,306,688 | ---- | M] (InstallShield Software Corporation) -- C:\WINDOWS\IsUninst.exe
[2003/02/28 16:35:26 | 000,006,550 | ---- | M] () -- C:\WINDOWS\jautoexp.dat
[2008/04/09 16:25:25 | 000,000,078 | ---- | M] () -- C:\WINDOWS\KA.INI
[2010/08/11 17:44:31 | 000,019,191 | ---- | M] () -- C:\WINDOWS\KB2079403.log
[2010/08/11 17:44:56 | 000,018,810 | ---- | M] () -- C:\WINDOWS\KB2115168.log
[2010/09/15 16:52:33 | 000,036,968 | ---- | M] () -- C:\WINDOWS\KB2121546.log
[2010/09/15 16:49:13 | 000,035,183 | ---- | M] () -- C:\WINDOWS\KB2141007.log
[2010/09/29 08:17:34 | 000,003,724 | ---- | M] () -- C:\WINDOWS\KB2158563.log
[2010/08/11 17:43:46 | 000,015,591 | ---- | M] () -- C:\WINDOWS\KB2160329.log
[2010/08/11 17:44:21 | 000,016,207 | ---- | M] () -- C:\WINDOWS\KB2183461-IE8.log
[2010/07/13 22:10:08 | 000,008,489 | ---- | M] () -- C:\WINDOWS\KB2229593.log
[2010/09/15 16:53:07 | 000,020,490 | ---- | M] () -- C:\WINDOWS\KB2259922.log
[2010/10/14 18:32:50 | 000,024,870 | ---- | M] () -- C:\WINDOWS\KB2279986.log
[2010/08/07 07:03:11 | 000,015,460 | ---- | M] () -- C:\WINDOWS\KB2286198.log
[2010/10/14 18:32:28 | 000,014,638 | ---- | M] () -- C:\WINDOWS\KB2296011.log
[2010/12/15 00:25:42 | 000,019,360 | ---- | M] () -- C:\WINDOWS\KB2296199.log
[2010/10/14 18:32:41 | 000,025,347 | ---- | M] () -- C:\WINDOWS\KB2345886.log
[2010/09/15 16:52:47 | 000,037,496 | ---- | M] () -- C:\WINDOWS\KB2347290.log
[2010/10/14 18:31:47 | 000,019,390 | ---- | M] () -- C:\WINDOWS\KB2360131-IE8.log
[2010/10/14 18:28:03 | 000,011,999 | ---- | M] () -- C:\WINDOWS\KB2360937.log
[2010/10/14 18:32:18 | 000,014,262 | ---- | M] () -- C:\WINDOWS\KB2378111.log
[2010/10/14 18:33:06 | 000,018,116 | ---- | M] () -- C:\WINDOWS\KB2387149.log
[2011/02/08 20:18:07 | 000,011,255 | ---- | M] () -- C:\WINDOWS\KB2393802.log
[2011/04/13 19:32:04 | 000,010,749 | ---- | M] () -- C:\WINDOWS\KB2412687.log
[2010/12/15 00:25:23 | 000,015,911 | ---- | M] () -- C:\WINDOWS\KB2416400-IE8.log
[2011/01/12 12:05:28 | 000,021,638 | ---- | M] () -- C:\WINDOWS\KB2419632.log
[2010/12/15 00:21:09 | 000,007,962 | ---- | M] () -- C:\WINDOWS\KB2423089.log
[2010/12/15 00:24:23 | 000,016,169 | ---- | M] () -- C:\WINDOWS\KB2436673.log
[2010/12/15 00:24:41 | 000,008,467 | ---- | M] () -- C:\WINDOWS\KB2440591.log
[2010/12/15 00:25:33 | 000,018,559 | ---- | M] () -- C:\WINDOWS\KB2443105.log
[2010/12/15 00:24:31 | 000,004,080 | ---- | M] () -- C:\WINDOWS\KB2443685.log
[2010/12/15 00:24:13 | 000,007,669 | ---- | M] () -- C:\WINDOWS\KB2467659.log
[2011/02/08 20:18:26 | 000,015,637 | ---- | M] () -- C:\WINDOWS\KB2476687.log
[2011/02/08 20:18:17 | 000,015,354 | ---- | M] () -- C:\WINDOWS\KB2478960.log
[2011/02/08 20:23:19 | 000,018,043 | ---- | M] () -- C:\WINDOWS\KB2478971.log
[2011/02/08 20:22:58 | 000,017,650 | ---- | M] () -- C:\WINDOWS\KB2479628.log
[2011/03/10 00:37:14 | 000,015,522 | ---- | M] () -- C:\WINDOWS\KB2481109.log
[2011/02/11 12:19:34 | 000,015,836 | ---- | M] () -- C:\WINDOWS\KB2482017-IE8.log
[2011/02/08 20:22:47 | 000,016,970 | ---- | M] () -- C:\WINDOWS\KB2483185.log
[2011/02/08 20:23:09 | 000,017,535 | ---- | M] () -- C:\WINDOWS\KB2485376.log
[2011/04/13 19:33:31 | 000,018,753 | ---- | M] () -- C:\WINDOWS\KB2485663.log
[2011/04/13 19:33:44 | 000,024,870 | ---- | M] () -- C:\WINDOWS\KB2491683.log
[2011/04/13 19:33:00 | 000,022,226 | ---- | M] () -- C:\WINDOWS\KB2497640-IE8.log
[2011/04/13 19:25:55 | 000,018,338 | ---- | M] () -- C:\WINDOWS\KB2503658.log
[2011/04/13 19:15:56 | 000,017,666 | ---- | M] () -- C:\WINDOWS\KB2506212.log
[2011/04/13 19:33:15 | 000,025,772 | ---- | M] () -- C:\WINDOWS\KB2506223.log
[2011/04/13 19:16:29 | 000,018,473 | ---- | M] () -- C:\WINDOWS\KB2507618.log
[2011/04/13 19:26:04 | 000,012,049 | ---- | M] () -- C:\WINDOWS\KB2508272.log
[2011/04/13 19:16:19 | 000,018,226 | ---- | M] () -- C:\WINDOWS\KB2508429.log
[2011/04/13 19:12:26 | 000,017,829 | ---- | M] () -- C:\WINDOWS\KB2509553.log
[2011/04/13 19:12:12 | 000,010,313 | ---- | M] () -- C:\WINDOWS\KB2510531-IE8.log
[2011/04/13 19:16:09 | 000,011,920 | ---- | M] () -- C:\WINDOWS\KB2511455.log
[2011/03/23 16:21:21 | 000,007,514 | ---- | M] () -- C:\WINDOWS\KB2524375.log
[2005/06/02 11:06:33 | 000,010,955 | ---- | M] () -- C:\WINDOWS\KB867282.log
[2005/06/07 08:46:03 | 000,024,513 | ---- | M] () -- C:\WINDOWS\KB873333.log
[2005/06/02 11:06:05 | 000,006,843 | ---- | M] () -- C:\WINDOWS\KB873339.log
[2005/06/16 11:54:42 | 000,014,766 | ---- | M] () -- C:\WINDOWS\KB883939.log
[2005/06/02 11:04:10 | 000,004,557 | ---- | M] () -- C:\WINDOWS\KB885250.log
[2005/06/02 11:05:53 | 000,004,747 | ---- | M] () -- C:\WINDOWS\KB885354.log
[2005/06/02 11:06:02 | 000,007,189 | ---- | M] () -- C:\WINDOWS\KB885835.log
[2005/06/07 03:00:59 | 000,043,769 | ---- | M] () -- C:\WINDOWS\KB885836.log
[2005/06/07 03:00:28 | 000,023,661 | ---- | M] () -- C:\WINDOWS\KB886185.log
[2005/06/02 11:06:39 | 000,010,858 | ---- | M] () -- C:\WINDOWS\KB887472.log
[2005/06/07 03:00:40 | 000,044,419 | ---- | M] () -- C:\WINDOWS\KB887742.log
[2005/06/10 23:30:11 | 000,013,557 | ---- | M] () -- C:\WINDOWS\KB887998.log
[2005/06/02 11:06:43 | 000,010,841 | ---- | M] () -- C:\WINDOWS\KB888113.log
[2005/06/07 08:45:53 | 000,022,319 | ---- | M] () -- C:\WINDOWS\KB888302.log
[2005/06/02 11:04:14 | 000,003,688 | ---- | M] () -- C:\WINDOWS\KB888310.log
[2005/06/16 11:53:54 | 000,010,926 | ---- | M] () -- C:\WINDOWS\KB890046.log
[2005/06/02 11:05:57 | 000,006,409 | ---- | M] () -- C:\WINDOWS\KB890175.log
[2005/06/07 08:45:20 | 000,021,884 | ---- | M] () -- C:\WINDOWS\KB890859.log
[2005/06/07 08:45:44 | 000,023,600 | ---- | M] () -- C:\WINDOWS\KB890923.log
[2005/06/02 11:06:10 | 000,006,832 | ---- | M] () -- C:\WINDOWS\KB891781.log
[2008/08/11 21:20:34 | 000,011,711 | ---- | M] () -- C:\WINDOWS\KB892130.log
[2005/06/16 11:53:45 | 000,055,181 | ---- | M] () -- C:\WINDOWS\KB893066.log
[2005/06/07 08:45:31 | 000,020,840 | ---- | M] () -- C:\WINDOWS\KB893086.log
[2005/08/14 06:35:49 | 000,016,913 | ---- | M] () -- C:\WINDOWS\KB893756.log
[2005/06/07 08:46:29 | 000,015,037 | ---- | M] () -- C:\WINDOWS\KB893803v2.log
[2005/06/26 00:57:44 | 000,007,869 | ---- | M] () -- C:\WINDOWS\KB894391.log
[2005/06/16 11:54:28 | 000,011,022 | ---- | M] () -- C:\WINDOWS\KB896358.log
[2005/06/16 11:54:52 | 000,013,440 | ---- | M] () -- C:\WINDOWS\KB896422.log
[2005/08/14 06:35:37 | 000,016,266 | ---- | M] () -- C:\WINDOWS\KB896423.log
[2005/11/10 18:49:25 | 000,012,044 | ---- | M] () -- C:\WINDOWS\KB896424.log
[2005/06/16 11:53:40 | 000,010,472 | ---- | M] () -- C:\WINDOWS\KB896428.log
[2005/10/18 22:17:44 | 000,014,223 | ---- | M] () -- C:\WINDOWS\KB896688.log
[2005/08/14 06:35:25 | 000,017,438 | ---- | M] () -- C:\WINDOWS\KB896727.log
[2005/06/16 11:54:03 | 000,004,562 | ---- | M] () -- C:\WINDOWS\KB898458.log
[2005/06/28 17:09:44 | 000,006,812 | ---- | M] () -- C:\WINDOWS\KB898461.log
[2005/08/14 06:36:19 | 000,017,306 | ---- | M] () -- C:\WINDOWS\KB899587.log
[2005/08/14 06:34:08 | 000,012,511 | ---- | M] () -- C:\WINDOWS\KB899588.log
[2005/10/18 22:17:26 | 000,013,268 | ---- | M] () -- C:\WINDOWS\KB899589.log
[2005/08/14 06:36:03 | 000,016,808 | ---- | M] () -- C:\WINDOWS\KB899591.log
[2006/04/25 21:26:55 | 000,011,845 | ---- | M] () -- C:\WINDOWS\KB900485.log
[2005/10/18 22:17:16 | 000,013,897 | ---- | M] () -- C:\WINDOWS\KB900725.log
[2005/10/18 22:18:12 | 000,021,583 | ---- | M] () -- C:\WINDOWS\KB901017.log
[2005/07/13 13:41:58 | 000,011,024 | ---- | M] () -- C:\WINDOWS\KB901214.log
[2005/10/18 22:18:02 | 000,023,716 | ---- | M] () -- C:\WINDOWS\KB902400.log
[2005/07/13 13:41:45 | 000,003,787 | ---- | M] () -- C:\WINDOWS\KB903235.log
[2005/10/18 15:11:17 | 000,012,833 | ---- | M] () -- C:\WINDOWS\KB904706.log
[2005/10/16 19:45:08 | 000,011,478 | ---- | M] () -- C:\WINDOWS\KB905414.log
[2005/10/18 22:17:02 | 000,012,077 | ---- | M] () -- C:\WINDOWS\KB905749.log
[2005/12/13 20:10:23 | 000,016,450 | ---- | M] () -- C:\WINDOWS\KB905915.log
[2006/06/23 19:55:56 | 000,004,276 | ---- | M] () -- C:\WINDOWS\KB906569.log
[2006/01/10 22:58:52 | 000,010,562 | ---- | M] () -- C:\WINDOWS\KB908519.log
[2006/04/11 20:51:55 | 000,020,186 | ---- | M] () -- C:\WINDOWS\KB908531.log
[2005/12/13 20:10:33 | 000,009,731 | ---- | M] () -- C:\WINDOWS\KB910437.log
[2006/06/14 17:31:54 | 000,011,212 | ---- | M] () -- C:\WINDOWS\KB911280.log
[2006/04/11 20:51:38 | 000,019,372 | ---- | M] () -- C:\WINDOWS\KB911562.log
[2006/04/11 20:50:49 | 000,018,657 | ---- | M] () -- C:\WINDOWS\KB911565.log
[2006/04/11 20:50:13 | 000,015,902 | ---- | M] () -- C:\WINDOWS\KB911567.log
[2006/02/14 21:41:30 | 000,011,952 | ---- | M] () -- C:\WINDOWS\KB911927.log
[2006/04/11 20:51:10 | 000,021,535 | ---- | M] () -- C:\WINDOWS\KB912812.log
[2006/01/05 22:34:15 | 000,011,539 | ---- | M] () -- C:\WINDOWS\KB912919.log
[2006/02/15 22:48:04 | 000,012,547 | ---- | M] () -- C:\WINDOWS\KB913446.log
[2006/05/11 17:30:13 | 000,011,771 | ---- | M] () -- C:\WINDOWS\KB913580.log
[2006/07/11 22:39:33 | 000,012,335 | ---- | M] () -- C:\WINDOWS\KB914388.log
[2006/06/14 17:31:49 | 000,012,000 | ---- | M] () -- C:\WINDOWS\KB914389.log
[2006/06/23 19:52:07 | 000,033,694 | ---- | M] () -- C:\WINDOWS\KB916281.log
[2006/07/11 22:39:17 | 000,010,706 | ---- | M] () -- C:\WINDOWS\KB916595.log
[2006/07/11 22:39:49 | 000,011,841 | ---- | M] () -- C:\WINDOWS\KB917159.log
[2006/06/14 17:32:04 | 000,011,448 | ---- | M] () -- C:\WINDOWS\KB917344.log
[2006/08/16 20:56:40 | 000,012,086 | ---- | M] () -- C:\WINDOWS\KB917422.log
[2006/06/14 17:32:48 | 000,008,037 | ---- | M] () -- C:\WINDOWS\KB917734.log
[2006/06/14 17:31:59 | 000,011,541 | ---- | M] () -- C:\WINDOWS\KB917953.log
[2007/02/19 09:40:50 | 000,012,914 | ---- | M] () -- C:\WINDOWS\KB918118.log
[2006/06/14 17:32:09 | 000,011,072 | ---- | M] () -- C:\WINDOWS\KB918439.log
[2006/08/16 20:57:36 | 000,032,577 | ---- | M] () -- C:\WINDOWS\KB918899.log
[2006/09/12 17:23:08 | 000,011,749 | ---- | M] () -- C:\WINDOWS\KB919007.log
[2006/11/17 22:17:12 | 000,014,296 | ---- | M] () -- C:\WINDOWS\KB920213.log
[2006/08/16 20:58:48 | 000,015,654 | ---- | M] () -- C:\WINDOWS\KB920214.log
[2006/08/16 20:56:58 | 000,011,924 | ---- | M] () -- C:\WINDOWS\KB920670.log
[2006/08/16 20:56:22 | 000,017,609 | ---- | M] () -- C:\WINDOWS\KB920683.log
[2006/09/12 17:23:31 | 000,012,312 | ---- | M] () -- C:\WINDOWS\KB920685.log
[2006/09/12 17:23:21 | 000,013,815 | ---- | M] () -- C:\WINDOWS\KB920872.log
[2006/08/16 20:58:17 | 000,016,086 | ---- | M] () -- C:\WINDOWS\KB921398.log
[2007/08/15 08:08:03 | 000,012,893 | ---- | M] () -- C:\WINDOWS\KB921503.log
[2006/08/08 13:58:40 | 000,011,213 | ---- | M] () -- C:\WINDOWS\KB921883.log
[2006/09/12 17:22:59 | 000,007,782 | ---- | M] () -- C:\WINDOWS\KB922582.log
[2006/08/16 20:58:33 | 000,015,648 | ---- | M] () -- C:\WINDOWS\KB922616.log
[2006/11/20 17:53:20 | 000,030,169 | ---- | M] () -- C:\WINDOWS\KB922760.log
[2006/10/14 14:35:55 | 000,012,491 | ---- | M] () -- C:\WINDOWS\KB922819.log
[2006/10/14 14:35:05 | 000,009,240 | ---- | M] () -- C:\WINDOWS\KB923191.log
[2006/10/14 14:35:39 | 000,011,692 | ---- | M] () -- C:\WINDOWS\KB923414.log
[2009/04/14 22:20:59 | 000,010,387 | ---- | M] () -- C:\WINDOWS\KB923561.log
[2007/01/12 23:22:56 | 000,028,349 | ---- | M] () -- C:\WINDOWS\KB923689.log
[2006/12/14 19:35:22 | 000,013,452 | ---- | M] () -- C:\WINDOWS\KB923694.log
[2007/02/19 09:41:31 | 000,005,093 | ---- | M] () -- C:\WINDOWS\KB923723.log
[2006/11/18 19:40:20 | 000,012,915 | ---- | M] () -- C:\WINDOWS\KB923980.log
[2006/10/14 14:36:10 | 000,012,695 | ---- | M] () -- C:\WINDOWS\KB924191.log
[2006/11/18 19:40:12 | 000,012,913 | ---- | M] () -- C:\WINDOWS\KB924270.log
[2006/10/14 14:35:23 | 000,014,014 | ---- | M] () -- C:\WINDOWS\KB924496.log
[2007/02/19 09:41:21 | 000,010,814 | ---- | M] () -- C:\WINDOWS\KB924667.log
[2006/12/14 19:36:53 | 000,013,748 | ---- | M] () -- C:\WINDOWS\KB925398.log
[2006/12/14 19:37:15 | 000,036,143 | ---- | M] () -- C:\WINDOWS\KB925454.log
[2006/09/26 21:26:54 | 000,011,720 | ---- | M] () -- C:\WINDOWS\KB925486.log
[2007/04/04 11:58:30 | 000,013,417 | ---- | M] () -- C:\WINDOWS\KB925902.log
[2006/12/14 19:35:32 | 000,012,836 | ---- | M] () -- C:\WINDOWS\KB926255.log
[2007/02/19 09:40:58 | 000,012,853 | ---- | M] () -- C:\WINDOWS\KB926436.log
[2007/02/19 09:42:22 | 000,017,222 | ---- | M] () -- C:\WINDOWS\KB927779.log
[2007/02/19 09:42:05 | 000,014,358 | ---- | M] () -- C:\WINDOWS\KB927802.log
[2007/05/22 13:18:12 | 000,009,104 | ---- | M] () -- C:\WINDOWS\KB927891.log
[2007/02/19 00:42:33 | 000,035,532 | ---- | M] () -- C:\WINDOWS\KB928090.log
[2007/02/19 09:41:49 | 000,014,008 | ---- | M] () -- C:\WINDOWS\KB928255.log
[2007/02/17 23:31:26 | 000,011,257 | ---- | M] () -- C:\WINDOWS\KB928843.log
[2007/06/12 20:28:30 | 000,013,389 | ---- | M] () -- C:\WINDOWS\KB929123.log
[2007/03/16 22:10:57 | 000,013,647 | ---- | M] () -- C:\WINDOWS\KB929338.log
[2007/01/12 23:23:40 | 000,012,025 | ---- | M] () -- C:\WINDOWS\KB929969.log
[2007/04/10 18:20:01 | 000,013,790 | ---- | M] () -- C:\WINDOWS\KB930178.log
[2007/07/12 16:23:23 | 000,011,951 | ---- | M] () -- C:\WINDOWS\KB930494.log
[2007/05/09 21:03:06 | 000,012,680 | ---- | M] () -- C:\WINDOWS\KB930916.log
[2007/04/10 18:20:13 | 000,013,391 | ---- | M] () -- C:\WINDOWS\KB931261.log
[2007/05/09 21:03:23 | 000,017,469 | ---- | M] () -- C:\WINDOWS\KB931768.log
[2007/04/10 18:20:41 | 000,015,415 | ---- | M] () -- C:\WINDOWS\KB931784.log
[2007/02/19 09:41:08 | 000,023,070 | ---- | M] () -- C:\WINDOWS\KB931836.log
[2007/04/10 18:19:52 | 000,016,380 | ---- | M] () -- C:\WINDOWS\KB932168.log
[2007/08/28 18:57:32 | 000,024,136 | ---- | M] () -- C:\WINDOWS\KB933360.log
[2007/06/12 20:28:45 | 000,034,089 | ---- | M] () -- C:\WINDOWS\KB933566.log
[2007/10/12 18:39:32 | 000,011,587 | ---- | M] () -- C:\WINDOWS\KB933729.log
[2007/06/12 20:27:02 | 000,013,145 | ---- | M] () -- C:\WINDOWS\KB935839.log
[2007/06/12 20:28:22 | 000,012,947 | ---- | M] () -- C:\WINDOWS\KB935840.log
[2007/08/15 08:08:15 | 000,013,557 | ---- | M] () -- C:\WINDOWS\KB936021.log
[2007/07/11 21:32:51 | 000,013,083 | ---- | M] () -- C:\WINDOWS\KB936357.log
[2007/08/15 21:43:02 | 000,011,339 | ---- | M] () -- C:\WINDOWS\KB936782.log
[2007/08/15 21:43:56 | 000,034,667 | ---- | M] () -- C:\WINDOWS\KB937143.log
[2007/12/13 21:01:59 | 000,019,543 | ---- | M] () -- C:\WINDOWS\KB937894.log
[2007/08/15 08:07:52 | 000,012,925 | ---- | M] () -- C:\WINDOWS\KB938127.log
[2008/09/09 21:47:53 | 000,005,564 | ---- | M] () -- C:\WINDOWS\KB938464.log
[2007/08/15 08:08:09 | 000,012,746 | ---- | M] () -- C:\WINDOWS\KB938828.log
[2007/08/15 08:07:58 | 000,012,969 | ---- | M] () -- C:\WINDOWS\KB938829.log
[2007/10/12 18:39:25 | 000,034,154 | ---- | M] () -- C:\WINDOWS\KB939653.log
[2007/10/11 18:47:57 | 000,013,048 | ---- | M] () -- C:\WINDOWS\KB941202.log
[2007/12/13 20:59:43 | 000,028,646 | ---- | M] () -- C:\WINDOWS\KB941568.log
[2007/12/13 21:00:20 | 000,018,058 | ---- | M] () -- C:\WINDOWS\KB941569.log
[2008/01/09 19:51:24 | 000,013,496 | ---- | M] () -- C:\WINDOWS\KB941644.log
[2008/04/09 12:19:32 | 000,016,839 | ---- | M] () -- C:\WINDOWS\KB941693.log
[2007/12/13 20:59:37 | 000,036,022 | ---- | M] () -- C:\WINDOWS\KB942615.log
[2007/12/13 21:00:29 | 000,030,253 | ---- | M] () -- C:\WINDOWS\KB942763.log
[2007/12/13 21:01:51 | 000,019,536 | ---- | M] () -- C:\WINDOWS\KB942840.log
[2008/02/14 21:15:49 | 000,014,164 | ---- | M] () -- C:\WINDOWS\KB943055.log
[2007/11/13 21:04:42 | 000,008,989 | ---- | M] () -- C:\WINDOWS\KB943460.log
[2008/01/09 19:51:08 | 000,013,736 | ---- | M] () -- C:\WINDOWS\KB943485.log
[2008/04/09 12:17:36 | 000,017,568 | ---- | M] () -- C:\WINDOWS\KB944338.log
[2008/02/14 21:16:06 | 000,035,893 | ---- | M] () -- C:\WINDOWS\KB944533.log
[2007/12/13 20:59:20 | 000,014,590 | ---- | M] () -- C:\WINDOWS\KB944653.log
[2008/04/09 12:17:28 | 000,015,671 | ---- | M] () -- C:\WINDOWS\KB945553.log
[2008/02/14 17:53:38 | 000,014,498 | ---- | M] () -- C:\WINDOWS\KB946026.log
[2007/12/21 21:23:49 | 000,007,619 | ---- | M] () -- C:\WINDOWS\KB946627.log
[2008/09/01 16:58:28 | 000,225,833 | ---- | M] () -- C:\WINDOWS\KB946648.log
[2008/04/09 12:19:51 | 000,039,299 | ---- | M] () -- C:\WINDOWS\KB947864.log
[2008/04/09 12:19:25 | 000,016,638 | ---- | M] () -- C:\WINDOWS\KB948590.log
[2008/04/09 12:19:57 | 000,013,635 | ---- | M] () -- C:\WINDOWS\KB948881.log
[2008/05/13 21:57:34 | 000,015,902 | ---- | M] () -- C:\WINDOWS\KB950749.log
[2008/09/01 16:58:42 | 000,290,163 | ---- | M] () -- C:\WINDOWS\KB950759.log
[2008/06/12 00:24:27 | 000,008,281 | ---- | M] () -- C:\WINDOWS\KB950760.log
[2008/09/01 16:58:53 | 000,226,553 | ---- | M] () -- C:\WINDOWS\KB950762.log
[2008/09/01 16:59:08 | 000,231,079 | ---- | M] () -- C:\WINDOWS\KB950974.log
[2008/09/01 16:59:21 | 000,225,681 | ---- | M] () -- C:\WINDOWS\KB951066.log
[2008/09/01 16:59:23 | 000,033,983 | ---- | M] () -- C:\WINDOWS\KB951072-v2.log
[2008/09/01 16:59:43 | 000,220,900 | ---- | M] () -- C:\WINDOWS\KB951376-v2.log
[2008/09/01 16:59:32 | 000,220,527 | ---- | M] () -- C:\WINDOWS\KB951376.log
[2008/09/01 16:59:52 | 000,239,281 | ---- | M] () -- C:\WINDOWS\KB951698.log
[2008/09/01 17:00:04 | 000,232,174 | ---- | M] () -- C:\WINDOWS\KB951748.log
[2008/09/02 21:46:33 | 000,016,951 | ---- | M] () -- C:\WINDOWS\KB951978.log
[2009/04/14 22:21:40 | 000,019,072 | ---- | M] () -- C:\WINDOWS\KB952004.log
[2008/12/14 16:38:34 | 000,009,599 | ---- | M] () -- C:\WINDOWS\KB952069.log
[2008/09/01 17:00:14 | 000,222,710 | ---- | M] () -- C:\WINDOWS\KB952287.log
[2008/09/01 17:00:24 | 000,231,342 | ---- | M] () -- C:\WINDOWS\KB952954.log
[2009/10/14 18:18:16 | 000,015,221 | ---- | M] () -- C:\WINDOWS\KB953295.log
[2008/09/01 17:00:46 | 000,256,194 | ---- | M] () -- C:\WINDOWS\KB953838.log
[2008/08/13 21:38:38 | 000,011,914 | ---- | M] () -- C:\WINDOWS\KB953839.log
[2009/10/14 18:21:12 | 000,008,967 | ---- | M] () -- C:\WINDOWS\KB954155.log
[2008/10/15 16:31:30 | 000,010,485 | ---- | M] () -- C:\WINDOWS\KB954211.log
[2008/11/13 12:40:50 | 000,015,290 | ---- | M] () -- C:\WINDOWS\KB954459.log
[2008/12/14 16:38:08 | 000,008,557 | ---- | M] () -- C:\WINDOWS\KB954600.log
[2008/11/13 12:40:40 | 000,009,698 | ---- | M] () -- C:\WINDOWS\KB955069.log
[2010/01/12 16:50:14 | 000,009,466 | ---- | M] () -- C:\WINDOWS\KB955759.log
[2008/12/14 16:44:11 | 000,030,908 | ---- | M] () -- C:\WINDOWS\KB955839.log
[2008/10/15 16:26:36 | 000,017,959 | ---- | M] () -- C:\WINDOWS\KB956390.log
[2008/10/15 16:31:51 | 000,010,155 | ---- | M] () -- C:\WINDOWS\KB956391.log
[2009/04/14 22:22:10 | 000,019,246 | ---- | M] () -- C:\WINDOWS\KB956572.log
[2009/08/11 20:04:48 | 000,008,733 | ---- | M] () -- C:\WINDOWS\KB956744.log
[2008/12/14 16:37:47 | 000,015,290 | ---- | M] () -- C:\WINDOWS\KB956802.log
[2008/10/15 16:32:10 | 000,010,726 | ---- | M] () -- C:\WINDOWS\KB956803.log
[2008/10/15 16:31:18 | 000,011,498 | ---- | M] () -- C:\WINDOWS\KB956841.log
[2009/09/09 20:49:08 | 000,008,129 | ---- | M] () -- C:\WINDOWS\KB956844.log
[2008/10/15 16:31:43 | 000,010,673 | ---- | M] () -- C:\WINDOWS\KB957095.log
[2008/11/13 12:40:58 | 000,009,774 | ---- | M] () -- C:\WINDOWS\KB957097.log
[2008/12/14 16:43:59 | 000,011,430 | ---- | M] () -- C:\WINDOWS\KB958215.log
[2008/10/23 20:12:31 | 000,009,708 | ---- | M] () -- C:\WINDOWS\KB958644.log
[2009/01/13 22:56:41 | 000,008,192 | ---- | M] () -- C:\WINDOWS\KB958687.log
[2009/03/12 21:06:26 | 000,014,277 | ---- | M] () -- C:\WINDOWS\KB958690.log
[2009/10/14 18:24:16 | 000,008,336 | ---- | M] () -- C:\WINDOWS\KB958869.log
[2009/04/14 22:24:48 | 000,023,762 | ---- | M] () -- C:\WINDOWS\KB959426.log
[2009/03/12 21:06:52 | 000,014,161 | ---- | M] () -- C:\WINDOWS\KB960225.log
[2008/12/18 13:44:24 | 000,009,065 | ---- | M] () -- C:\WINDOWS\KB960714.log
[2009/02/11 00:27:18 | 000,007,528 | ---- | M] () -- C:\WINDOWS\KB960715.log
[2009/04/14 22:21:26 | 000,017,538 | ---- | M] () -- C:\WINDOWS\KB960803.log
[2009/08/11 20:05:11 | 000,014,487 | ---- | M] () -- C:\WINDOWS\KB960859.log
[2010/08/17 12:25:05 | 000,006,625 | ---- | M] () -- C:\WINDOWS\KB961118.log
[2009/07/14 18:14:46 | 000,013,480 | ---- | M] () -- C:\WINDOWS\KB961371.log
[2009/04/14 22:24:39 | 000,022,752 | ---- | M] () -- C:\WINDOWS\KB961373.log
[2009/06/11 20:02:40 | 000,017,355 | ---- | M] () -- C:\WINDOWS\KB961501.log
[2009/05/17 23:12:18 | 000,013,289 | ---- | M] () -- C:\WINDOWS\KB961503.log
[2009/04/14 22:21:18 | 000,018,331 | ---- | M] () -- C:\WINDOWS\KB963027.log
[2009/02/24 22:20:00 | 000,014,419 | ---- | M] () -- C:\WINDOWS\KB967715.log
[2009/08/13 20:12:57 | 000,017,624 | ---- | M] () -- C:\WINDOWS\KB968389.log
[2009/06/11 19:59:27 | 000,014,941 | ---- | M] () -- C:\WINDOWS\KB968537.log
[2009/09/09 20:49:15 | 000,006,468 | ---- | M] () -- C:\WINDOWS\KB968816.log
[2009/10/14 18:21:21 | 000,016,579 | ---- | M] () -- C:\WINDOWS\KB969059.log
[2009/07/03 12:08:00 | 000,041,441 | ---- | M] () -- C:\WINDOWS\KB969897-IE8.log
[2009/06/11 20:02:32 | 000,018,405 | ---- | M] () -- C:\WINDOWS\KB969897.log
[2009/06/11 20:02:11 | 000,008,942 | ---- | M] () -- C:\WINDOWS\KB969898.log
[2009/11/11 15:05:34 | 000,014,097 | ---- | M] () -- C:\WINDOWS\KB969947.log
[2009/06/11 19:59:36 | 000,015,084 | ---- | M] () -- C:\WINDOWS\KB970238.log
[2009/12/10 15:14:54 | 000,022,945 | ---- | M] () -- C:\WINDOWS\KB970430.log
[2009/08/25 20:37:12 | 000,003,746 | ---- | M] () -- C:\WINDOWS\KB970653-v3.log
[2011/03/17 14:11:31 | 000,014,543 | ---- | M] () -- C:\WINDOWS\KB971029.log
[2010/02/12 00:24:08 | 000,009,637 | ---- | M] () -- C:\WINDOWS\KB971468.log
[2009/10/14 18:19:23 | 000,011,966 | ---- | M] () -- C:\WINDOWS\KB971486.log
[2009/08/11 20:04:55 | 000,013,943 | ---- | M] () -- C:\WINDOWS\KB971557.log
[2009/07/14 18:17:10 | 000,014,315 | ---- | M] () -- C:\WINDOWS\KB971633.log
[2009/08/11 20:05:03 | 000,014,436 | ---- | M] () -- C:\WINDOWS\KB971657.log
[2009/12/10 15:13:24 | 000,014,667 | ---- | M] () -- C:\WINDOWS\KB971737.log
[2009/07/03 12:08:34 | 000,032,728 | ---- | M] () -- C:\WINDOWS\KB971930-IE8.log
[2009/09/09 20:48:08 | 000,009,128 | ---- | M] () -- C:\WINDOWS\KB971961-IE8.log
[2009/07/28 23:25:35 | 000,014,914 | ---- | M] () -- C:\WINDOWS\KB972260-IE8.log
[2010/01/12 22:33:23 | 000,007,852 | ---- | M] () -- C:\WINDOWS\KB972270.log
[2009/07/14 18:17:17 | 000,007,892 | ---- | M] () -- C:\WINDOWS\KB973346.log
[2009/08/11 20:04:20 | 000,007,911 | ---- | M] () -- C:\WINDOWS\KB973354.log
[2009/08/11 20:04:28 | 000,014,524 | ---- | M] () -- C:\WINDOWS\KB973507.log
[2009/10/14 18:18:34 | 000,010,283 | ---- | M] () -- C:\WINDOWS\KB973525.log
[2009/08/11 20:04:12 | 000,006,741 | ---- | M] () -- C:\WINDOWS\KB973540.log
[2009/11/25 21:37:01 | 000,010,426 | ---- | M] () -- C:\WINDOWS\KB973687.log
[2009/09/09 20:49:00 | 000,012,031 | ---- | M] () -- C:\WINDOWS\KB973768.log
[2009/08/11 20:01:26 | 000,013,694 | ---- | M] () -- C:\WINDOWS\KB973815.log
[2009/08/11 20:04:36 | 000,008,330 | ---- | M] () -- C:\WINDOWS\KB973869.log
[2009/12/10 15:13:48 | 000,009,834 | ---- | M] () -- C:\WINDOWS\KB973904.log
[2009/10/14 18:21:04 | 000,016,577 | ---- | M] () -- C:\WINDOWS\KB974112.log
[2009/12/10 15:14:41 | 000,021,408 | ---- | M] () -- C:\WINDOWS\KB974318.log
[2009/12/10 15:13:34 | 000,014,710 | ---- | M] () -- C:\WINDOWS\KB974392.log
[2009/10/14 18:25:15 | 000,017,531 | ---- | M] () -- C:\WINDOWS\KB974455-IE8.log
[2009/10/14 18:20:32 | 000,016,899 | ---- | M] () -- C:\WINDOWS\KB974571.log
[2009/10/14 18:20:47 | 000,016,508 | ---- | M] () -- C:\WINDOWS\KB975025.log
[2009/10/14 18:17:21 | 000,016,821 | ---- | M] () -- C:\WINDOWS\KB975467.log
[2010/09/15 16:52:55 | 000,019,025 | ---- | M] () -- C:\WINDOWS\KB975558.log
[2010/02/12 00:20:05 | 000,016,030 | ---- | M] () -- C:\WINDOWS\KB975560.log
[2010/03/10 00:41:14 | 000,008,198 | ---- | M] () -- C:\WINDOWS\KB975561.log
[2010/06/12 19:25:44 | 000,016,379 | ---- | M] () -- C:\WINDOWS\KB975562.log
[2010/02/12 00:20:25 | 000,015,162 | ---- | M] () -- C:\WINDOWS\KB975713.log
[2009/11/25 21:37:08 | 000,005,712 | ---- | M] () -- C:\WINDOWS\KB976098-v2.log
[2009/12/10 15:14:28 | 000,017,104 | ---- | M] () -- C:\WINDOWS\KB976325-IE8.log
[2010/02/24 15:17:10 | 000,009,532 | ---- | M] () -- C:\WINDOWS\KB976662-IE8.log
[2009/11/03 19:56:13 | 000,009,557 | ---- | M] () -- C:\WINDOWS\KB976749-IE8.log
[2010/02/12 00:19:18 | 000,010,211 | ---- | M] () -- C:\WINDOWS\KB977165.log
[2010/04/14 17:59:40 | 000,013,359 | ---- | M] () -- C:\WINDOWS\KB977816.log
[2010/02/12 00:19:48 | 000,015,865 | ---- | M] () -- C:\WINDOWS\KB977914.log
[2010/02/12 00:20:34 | 000,015,347 | ---- | M] () -- C:\WINDOWS\KB978037.log
[2010/01/21 16:05:02 | 000,014,806 | ---- | M] () -- C:\WINDOWS\KB978207-IE8.log
[2010/02/12 00:20:15 | 000,009,066 | ---- | M] () -- C:\WINDOWS\KB978251.log
[2010/02/12 00:24:16 | 000,009,124 | ---- | M] () -- C:\WINDOWS\KB978262.log
[2010/04/14 17:59:49 | 000,013,915 | ---- | M] () -- C:\WINDOWS\KB978338.log
[2010/05/11 17:45:06 | 000,014,438 | ---- | M] () -- C:\WINDOWS\KB978542.log
[2010/04/14 06:53:39 | 000,014,723 | ---- | M] () -- C:\WINDOWS\KB978601.log
[2010/06/12 19:26:04 | 000,008,075 | ---- | M] () -- C:\WINDOWS\KB978695.log
[2010/02/12 00:19:27 | 000,013,924 | ---- | M] () -- C:\WINDOWS\KB978706.log
[2010/02/24 15:16:04 | 000,004,235 | ---- | M] () -- C:\WINDOWS\KB979306.log
[2010/04/14 06:53:31 | 000,013,925 | ---- | M] () -- C:\WINDOWS\KB979309.log
[2010/06/12 19:25:53 | 000,016,344 | ---- | M] () -- C:\WINDOWS\KB979482.log
[2010/06/12 19:31:55 | 000,022,961 | ---- | M] () -- C:\WINDOWS\KB979559.log
[2010/04/14 18:03:12 | 000,009,346 | ---- | M] () -- C:\WINDOWS\KB979683.log
[2010/10/14 18:31:57 | 000,023,864 | ---- | M] () -- C:\WINDOWS\KB979687.log
[2010/06/12 19:35:55 | 000,021,548 | ---- | M] () -- C:\WINDOWS\KB979904.log
[2010/03/30 22:03:26 | 000,015,820 | ---- | M] () -- C:\WINDOWS\KB980182-IE8.log
[2010/06/12 19:34:32 | 000,017,103 | ---- | M] () -- C:\WINDOWS\KB980195.log
[2010/06/12 19:36:14 | 000,024,397 | ---- | M] () -- C:\WINDOWS\KB980218.log
[2010/04/14 18:02:52 | 000,007,804 | ---- | M] () -- C:\WINDOWS\KB980232.log
[2010/08/11 17:43:37 | 000,015,009 | ---- | M] () -- C:\WINDOWS\KB980436.log
[2010/09/15 16:52:07 | 000,035,106 | ---- | M] () -- C:\WINDOWS\KB981322.log
[2010/04/14 17:59:31 | 000,008,210 | ---- | M] () -- C:\WINDOWS\KB981332-IE8.log
[2010/05/26 18:10:00 | 000,003,721 | ---- | M] () -- C:\WINDOWS\KB981793.log
[2010/08/11 17:44:49 | 000,014,911 | ---- | M] () -- C:\WINDOWS\KB981852.log
[2010/10/14 18:28:13 | 000,018,532 | ---- | M] () -- C:\WINDOWS\KB981957.log
[2010/08/11 17:40:37 | 000,007,920 | ---- | M] () -- C:\WINDOWS\KB981997.log
[2010/10/14 18:32:06 | 000,023,285 | ---- | M] () -- C:\WINDOWS\KB982132.log
[2010/08/11 17:45:05 | 000,013,246 | ---- | M] () -- C:\WINDOWS\KB982214.log
[2010/06/12 19:31:39 | 000,018,716 | ---- | M] () -- C:\WINDOWS\KB982381-IE8.log
[2010/08/11 17:40:28 | 000,013,506 | ---- | M] () -- C:\WINDOWS\KB982665.log
[2010/09/15 16:52:21 | 000,036,775 | ---- | M] () -- C:\WINDOWS\KB982802.log
[2006/01/25 17:36:16 | 000,040,960 | ---- | M] (MacSourcery) -- C:\WINDOWS\Kung Pow.dll
[2006/01/25 17:36:17 | 001,749,749 | ---- | M] (Macromedia, Inc.) -- C:\WINDOWS\Kung Pow.exe
[2006/01/25 17:36:17 | 000,405,912 | ---- | M] (MacSourcery) -- C:\WINDOWS\Kung Pow.scr
[2005/06/02 11:05:49 | 000,010,613 | ---- | M] () -- C:\WINDOWS\MC05Upd1.log
[2009/09/09 22:05:51 | 000,000,934 | ---- | M] () -- C:\WINDOWS\medblker.Log
[2011/05/15 22:19:56 | 000,208,483 | ---- | M] () -- C:\WINDOWS\MedCtrOC.log
[2003/06/20 23:13:46 | 000,049,152 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\MIDIDEF.EXE
[2011/06/12 10:58:03 | 000,003,880 | ---- | M] () -- C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt
[2005/07/23 22:59:52 | 000,004,464 | ---- | M] () -- C:\WINDOWS\ModemLog_Motorola iDEN USB Modem.txt
[2005/08/05 09:56:48 | 000,000,017 | ---- | M] () -- C:\WINDOWS\MovingPicture.ini
[2010/10/22 17:49:31 | 000,000,082 | ---- | M] () -- C:\WINDOWS\MPLAYER.INI
[2004/08/10 05:00:00 | 000,001,405 | ---- | M] () -- C:\WINDOWS\msdfmap.ini
[2011/05/15 22:19:56 | 000,113,491 | ---- | M] () -- C:\WINDOWS\msgsocm.log
[2011/05/15 22:19:41 | 000,710,366 | ---- | M] () -- C:\WINDOWS\msmqinst.log
[2005/06/07 00:52:44 | 000,004,796 | ---- | M] () -- C:\WINDOWS\msnavpklog.txt
[1996/11/17 00:00:00 | 000,035,262 | R--- | M] () -- C:\WINDOWS\MSO97.ACL
[2006/08/26 10:28:01 | 000,000,002 | ---- | M] () -- C:\WINDOWS\msoffice.ini
[2007/08/15 21:43:18 | 000,296,994 | ---- | M] () -- C:\WINDOWS\msxml4-KB936181-enu.LOG
[2008/11/13 12:39:47 | 000,318,928 | ---- | M] () -- C:\WINDOWS\msxml4-KB954430-enu.LOG
[2009/11/25 21:35:41 | 000,320,576 | ---- | M] () -- C:\WINDOWS\msxml4-KB973688-enu.LOG
[2006/08/19 21:26:09 | 002,857,475 | ---- | M] (Macromedia, Inc.) -- C:\WINDOWS\MUMMYSV2.exe
[2006/08/19 21:26:08 | 000,208,288 | ---- | M] () -- C:\WINDOWS\MUMMYSV2.scr
[2007/08/22 20:45:04 | 000,045,056 | ---- | M] (Northern Codeworks) -- C:\WINDOWS\NCUNINST.EXE
[2011/05/15 22:19:56 | 000,409,403 | ---- | M] () -- C:\WINDOWS\netfxocm.log
[2008/04/13 19:12:29 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\notepad.exe
[2005/06/02 11:14:05 | 000,000,335 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2011/06/15 13:57:19 | 000,240,798 | ---- | M] () -- C:\WINDOWS\ntbtlog.txt
[2011/05/15 22:19:56 | 000,445,608 | ---- | M] () -- C:\WINDOWS\ntdtcsetup.log
[2011/05/15 22:19:56 | 001,106,897 | ---- | M] () -- C:\WINDOWS\ocgen.log
[2011/05/15 22:19:56 | 000,120,415 | ---- | M] () -- C:\WINDOWS\ocmsn.log
[2006/04/07 20:08:15 | 000,000,737 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2007/01/12 20:09:09 | 000,004,346 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2011/05/14 12:06:08 | 000,003,938 | ---- | M] () -- C:\WINDOWS\OEWABLog.txt
[2008/03/25 08:21:17 | 000,011,776 | ---- | M] () -- C:\WINDOWS\offitems.log
[2006/05/05 21:54:10 | 000,000,000 | ---- | M] () -- C:\WINDOWS\OpPrintServer.INI
[2009/01/08 19:14:00 | 000,000,888 | ---- | M] () -- C:\WINDOWS\orun32.ini
[2004/08/19 16:22:58 | 000,218,245 | ---- | M] () -- C:\WINDOWS\orun32.isu
[1996/11/17 00:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\OUTLOOK.PRF
[1995/08/01 04:44:46 | 000,212,480 | ---- | M] (Eastman Kodak) -- C:\WINDOWS\PCDLIB32.DLL
[2006/08/19 21:34:22 | 000,000,000 | ---- | M] () -- C:\WINDOWS\pcf.INI
[2006/08/19 21:19:23 | 000,000,000 | ---- | M] () -- C:\WINDOWS\PCFriend.INI
[2011/05/15 22:19:56 | 000,262,669 | ---- | M] () -- C:\WINDOWS\plusoc.log
[1998/09/23 15:10:16 | 000,195,072 | ---- | M] (Pantone, Inc.) -- C:\WINDOWS\POCE98.DLL
[2004/08/10 05:00:00 | 000,065,954 | ---- | M] () -- C:\WINDOWS\Prairie Wind.bmp
[2003/11/14 00:21:04 | 000,184,320 | ---- | M] () -- C:\WINDOWS\PSCONV.EXE
[2003/11/14 00:20:40 | 000,180,224 | ---- | M] (Creative Technology Limited) -- C:\WINDOWS\READREG.EXE
[2008/04/13 19:12:32 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\regedit.exe
[2005/06/06 19:59:24 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2005/06/06 20:00:43 | 000,002,282 | ---- | M] () -- C:\WINDOWS\regopt.log
[2004/08/10 05:00:00 | 000,017,362 | ---- | M] () -- C:\WINDOWS\Rhododendron.bmp
[2006/04/23 13:59:07 | 000,035,262 | ---- | M] () -- C:\WINDOWS\Richard Railey.acl
[2007/04/27 00:13:36 | 000,007,680 | ---- | M] () -- C:\WINDOWS\Richard Railey.pcb
[2004/08/10 05:00:00 | 000,026,680 | ---- | M] () -- C:\WINDOWS\River Sumida.bmp
[2004/08/10 05:00:00 | 000,065,832 | ---- | M] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2005/06/02 11:09:16 | 000,000,136 | ---- | M] () -- C:\WINDOWS\SBWIN.INI
[2011/06/12 00:37:00 | 000,032,390 | ---- | M] () -- C:\WINDOWS\SchedLgU.Txt
[2008/09/01 16:51:54 | 000,002,998 | ---- | M] () -- C:\WINDOWS\sessmgr.setup.log
[2003/02/28 18:26:30 | 000,046,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\setdebug.exe
[2005/06/02 10:48:18 | 000,049,152 | ---- | M] () -- C:\WINDOWS\setpwrcg.exe
[2004/08/19 16:12:38 | 000,355,489 | ---- | M] () -- C:\WINDOWS\setupact.del
[2010/10/15 15:44:40 | 000,002,777 | ---- | M] () -- C:\WINDOWS\setupact.log
[2004/08/19 16:49:44 | 001,034,983 | ---- | M] () -- C:\WINDOWS\setupapi.del
[2011/06/21 12:46:56 | 001,581,395 | ---- | M] () -- C:\WINDOWS\setupapi.log
[2005/10/07 12:35:24 | 001,143,500 | ---- | M] () -- C:\WINDOWS\setupapi.log.0.old
[2007/08/27 18:28:00 | 001,091,147 | ---- | M] () -- C:\WINDOWS\setupapi.log.1.old
[2008/06/15 21:16:47 | 001,032,434 | ---- | M] () -- C:\WINDOWS\setupapi.log.2.old
[2009/03/25 19:55:59 | 001,208,452 | ---- | M] () -- C:\WINDOWS\setupapi.log.3.old
[2010/02/11 15:32:57 | 001,025,290 | ---- | M] () -- C:\WINDOWS\setupapi.log.4.old
[2004/08/19 15:57:14 | 000,000,000 | ---- | M] () -- C:\WINDOWS\setuperr.del
[2005/06/02 10:54:32 | 000,000,000 | ---- | M] () -- C:\WINDOWS\setuperr.log
[2004/08/19 16:12:40 | 000,964,557 | ---- | M] () -- C:\WINDOWS\setuplog.del
[2008/09/01 16:52:09 | 000,154,994 | ---- | M] () -- C:\WINDOWS\setuplog.txt
[2008/04/09 16:24:25 | 000,000,440 | ---- | M] () -- C:\WINDOWS\SIERRA.INI
[2008/04/13 19:12:35 | 000,032,866 | ---- | M] (Smart Link) -- C:\WINDOWS\slrundll.exe
[2005/06/02 11:21:30 | 000,000,061 | ---- | M] () -- C:\WINDOWS\smscfg.ini
[2004/08/10 05:00:00 | 000,065,978 | ---- | M] () -- C:\WINDOWS\Soap Bubbles.bmp
[2010/10/15 10:53:23 | 000,052,918 | ---- | M] () -- C:\WINDOWS\spupdsvc.log
[2008/09/02 21:26:40 | 000,000,187 | ---- | M] () -- C:\WINDOWS\spupdsvc.log.1.log
[2005/06/07 21:29:14 | 000,018,432 | ---- | M] () -- C:\WINDOWS\ss3unstl.exe
[2004/08/19 16:00:04 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Sti_Trace.log
[2008/09/01 17:00:48 | 000,613,465 | ---- | M] () -- C:\WINDOWS\svcpack.log
[2007/08/08 18:28:44 | 000,000,278 | ---- | M] () -- C:\WINDOWS\system.ini
[2004/08/19 16:02:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\T30DebugLogFile.txt
[2011/05/15 22:19:56 | 000,112,788 | ---- | M] () -- C:\WINDOWS\tabletoc.log
[2004/08/10 05:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\TASKMAN.EXE
[2011/05/15 22:19:56 | 001,042,111 | ---- | M] () -- C:\WINDOWS\tsoc.log
[2004/08/10 05:00:00 | 000,094,784 | ---- | M] (Twain Working Group) -- C:\WINDOWS\twain.dll
[2008/04/13 19:12:07 | 000,050,688 | ---- | M] (Twain Working Group) -- C:\WINDOWS\twain_32.dll
[2004/08/10 05:00:00 | 000,049,680 | ---- | M] (Twain Working Group) -- C:\WINDOWS\twunk_16.exe
[2004/08/10 05:00:00 | 000,025,600 | ---- | M] (Twain Working Group) -- C:\WINDOWS\twunk_32.exe
[2010/05/09 18:54:46 | 000,000,750 | ---- | M] () -- C:\WINDOWS\Ulead32.ini
[1996/10/15 18:01:00 | 000,298,496 | ---- | M] (InstallShield Corporation, Inc.) -- C:\WINDOWS\uninst.exe
[2003/03/15 23:15:04 | 000,090,112 | ---- | M] (MindVision Software) -- C:\WINDOWS\unvise32.exe
[1999/06/25 10:55:30 | 000,149,504 | ---- | M] () -- C:\WINDOWS\UNWISE.EXE
[2000/05/11 01:00:00 | 000,090,112 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\Updreg.EXE
[2011/04/13 19:32:46 | 000,284,665 | ---- | M] () -- C:\WINDOWS\updspapi.log
[2004/08/19 16:02:54 | 000,000,036 | ---- | M] () -- C:\WINDOWS\vb.ini
[2004/08/19 16:02:54 | 000,000,037 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2008/03/13 17:42:24 | 000,002,072 | ---- | M] () -- C:\WINDOWS\vminst.log
[2004/08/10 05:00:00 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\vmmreg32.dll
[2007/04/01 16:16:59 | 002,359,350 | ---- | M] () -- C:\WINDOWS\wallpaper.bmp
[2007/03/28 20:20:06 | 000,019,999 | ---- | M] () -- C:\WINDOWS\WgaNotify.log
[2011/06/12 10:57:57 | 000,000,157 | ---- | M] () -- C:\WINDOWS\wiadebug.log
[2011/06/12 10:57:55 | 000,000,049 | ---- | M] () -- C:\WINDOWS\wiaservc.log
[2010/11/01 12:34:17 | 000,001,226 | ---- | M] () -- C:\WINDOWS\win.ini
[2004/08/19 16:05:08 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2011/06/23 23:42:13 | 001,419,102 | ---- | M] () -- C:\WINDOWS\WindowsUpdate.log
[2004/08/10 05:00:00 | 000,256,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winhelp.exe
[2008/04/13 19:12:39 | 000,283,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winhlp32.exe
[2010/08/09 22:34:05 | 000,000,202 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2004/08/10 05:00:00 | 000,048,680 | -HS- | M] () -- C:\WINDOWS\winnt.bmp
[2004/08/10 05:00:00 | 000,048,680 | -HS- | M] () -- C:\WINDOWS\winnt256.bmp
[2011/05/14 12:06:07 | 000,288,956 | ---- | M] () -- C:\WINDOWS\wmsetup.log
[2005/11/14 19:28:31 | 000,000,238 | ---- | M] () -- C:\WINDOWS\wmsetup10.log
[2008/09/02 21:26:51 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2005/06/02 11:17:14 | 000,001,127 | ---- | M] () -- C:\WINDOWS\xpsp1hfm.log
[2004/08/10 05:00:00 | 000,009,522 | ---- | M] () -- C:\WINDOWS\Zapotec.bmp
[2004/08/10 05:00:00 | 000,000,707 | ---- | M] () -- C:\WINDOWS\_default.pif
[2005/06/02 11:14:30 | 004,933,091 | ---- | M] () -- C:\WINDOWS\{00000003-00000000-00000000-00001102-00000004-20061102}.BAK
[2011/06/27 12:09:09 | 004,933,091 | ---- | M] () -- C:\WINDOWS\{00000003-00000000-00000000-00001102-00000004-20061102}.CDF

< End of report >

#12
mitch8

Posted 27 June 2011 - 01:51 PM

Trusted Helper

Malware Removal
1,356 posts

Save these instructions so you can have access to them while in Safe Mode.

Please click here to download AVP Tool by Kaspersky.

Save it to your desktop.
Reboot your computer into SafeMode.

You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
Use your up arrow key to highlight SafeMode then hit enter.
Double click the setup file to run it.
Click Next to continue.
Accept the Licence agreement and click on next
It will by default install it to your desktop folder.Click Next.
It will then open a box There will be a tab that says Automatic scan.
Under Automatic scan make sure these are checked.

Hidden Startup Objects
System Memory
Disk Boot Sectors.
My Computer.
Also any other drives (Removable that you may have)

Leave the rest of the settings as they appear as default.

Then click on Scan at the to right hand Corner.
It will automatically Neutralize any objects found.
If some objects are left un-neutralized then click the button that says Neutralize all
If it says it cannot be Neutralized then choose The delete option when prompted.
After that is done click on the reports button at the bottom and save it to file name it Kas.
Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

Note: This tool will self uninstall when you close it so please save the log before closing it.

#13
The_Rookie

Posted 27 June 2011 - 11:12 PM

Member

Topic Starter
Member
20 posts

Autoscan: completed 1 minute ago (events: 16, objects: 686351, time: 07:45:00)
6/27/2011 4:24:02 PM Task started
6/27/2011 5:18:57 PM Detected: HEUR:Trojan.Win32.Generic C:\Documents and Settings\Patrick Railey\Application Data\dwm.exe
6/27/2011 5:19:05 PM Detected: Trojan.Win32.Menti.gmuw C:\Documents and Settings\Patrick Railey\Application Data\Microsoft\conhost.exe
6/27/2011 5:19:53 PM Deleted: Trojan.Win32.Menti.gmuw C:\Documents and Settings\Patrick Railey\Application Data\Microsoft\conhost.exe
6/27/2011 7:16:21 PM Detected: Hoax.Win32.FlashApp.aop C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1250\A0975670.exe
6/27/2011 7:16:22 PM Detected: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1250\A0975657.exe
6/27/2011 7:17:09 PM Detected: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1253\A0985950.exe
6/27/2011 7:38:08 PM Deleted: Hoax.Win32.FlashApp.aop C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1250\A0975670.exe
6/27/2011 7:39:06 PM Detected: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1253\A0986112.exe
6/27/2011 7:43:58 PM Detected: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1253\A0989710.dll
6/27/2011 7:43:59 PM Detected: Trojan.Win32.Pakes.oya C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1253\A0989711.exe
6/27/2011 8:02:03 PM Deleted: Trojan.Win32.Pakes.oya C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1253\A0989711.exe
6/27/2011 8:05:41 PM Detected: Trojan.Win32.Menti.gmuw C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1253\A0993367.exe
6/27/2011 8:05:41 PM Detected: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1253\A0993366.exe
6/27/2011 8:06:15 PM Deleted: Trojan.Win32.Menti.gmuw C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1253\A0993367.exe
6/28/2011 12:09:03 AM Task completed

#14
mitch8

Posted 28 June 2011 - 03:05 PM

Trusted Helper

Malware Removal
1,356 posts

Hi,

Are you still having the same problems?

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:Files
C:\Documents and Settings\Patrick Railey\Application Data\dwm.exe

Then click the Run Fix button at the top
When it is finished select "Scan All Users" and click on run scan.
Post that log here.

#15
The_Rookie

Posted 28 June 2011 - 03:47 PM

Member

Topic Starter
Member
20 posts

Yep, every single one, even some I didn't realize from before. I've barely used this computer in the past few years, so I hadn't even checked my own documents when I was asked to fix this thing, and it wasn't until just now that I saw that whatever this thing is, it made all my documents and folders "hidden" (Thankfully, I know how to enable the view of hidden files.)

Also, when I did the custom scan of the dwm.exe, it came up missing. I even when to the address for the file and found nothing. I think it's interesting, because as you and I both know the dwm.exe is the Desktop Windows Manager used in Vista, but this computer runs XP, so I know it's foreign.

OTL logfile created on: 6/28/2011 4:29:03 PM - Run 4
OTL by OldTimer - Version 3.2.24.0 Folder = F:\
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.07 Mb Total Physical Memory | 444.39 Mb Available Physical Memory | 43.48% Memory free
2.41 Gb Paging File | 1.91 Gb Available in Paging File | 79.29% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.79 Gb Total Space | 12.65 Gb Free Space | 18.12% Space Free | Partition Type: NTFS
Drive D: | 2.67 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 1.86 Gb Total Space | 0.76 Gb Free Space | 41.01% Space Free | Partition Type: FAT

Computer Name: DD65HM71 | User Name: David Railey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/16 11:03:42 | 000,580,608 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
PRC - [2011/04/14 14:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2011/04/14 14:01:38 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2011/04/14 14:01:38 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
PRC - [2011/04/05 11:50:44 | 001,195,408 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010/11/21 18:26:40 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\steam.exe
PRC - [2009/05/21 10:55:38 | 001,025,264 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\gs_agent\dsc.exe
PRC - [2009/05/21 10:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/05/16 07:11:44 | 000,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/15 11:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2006/09/14 08:56:06 | 000,102,400 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
PRC - [2005/06/02 11:15:03 | 000,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe
PRC - [2004/08/31 09:34:08 | 000,102,400 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 942\dlbubmon.exe
PRC - [2004/08/31 09:18:44 | 000,294,912 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe
PRC - [2004/03/11 15:50:52 | 000,028,672 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTHELPER.EXE
PRC - [2003/09/17 10:43:36 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
PRC - [2003/06/18 01:00:00 | 000,045,056 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe

========== Modules (SafeList) ==========

MOD - [2011/06/16 11:03:42 | 000,580,608 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2003/11/14 00:19:06 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTAGENT.DLL

========== Win32 Services (SafeList) ==========

SRV - [2011/04/14 14:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2011/04/14 14:01:38 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/04/14 14:01:38 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2011/02/16 15:49:08 | 000,088,176 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/10/07 21:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2008/09/01 15:36:36 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/05/16 07:11:44 | 000,648,504 | ---- | M] (Pure Networks, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/09/14 08:56:06 | 000,102,400 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0)
SRV - [2004/07/01 15:45:46 | 000,421,888 | ---- | M] (Dell) [On_Demand | Stopped] -- C:\WINDOWS\System32\dlbucoms.exe -- (dlbu_device)

========== Driver Services (SafeList) ==========

DRV - [2011/04/14 14:01:38 | 000,387,480 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011/04/14 14:01:38 | 000,314,088 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011/04/14 14:01:38 | 000,153,280 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011/04/14 14:01:38 | 000,095,824 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011/04/14 14:01:38 | 000,088,736 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2011/04/14 14:01:38 | 000,088,736 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2011/04/14 14:01:38 | 000,084,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011/04/14 14:01:38 | 000,084,200 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2011/04/14 14:01:38 | 000,056,064 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2011/04/14 14:01:38 | 000,052,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/10/22 13:54:18 | 000,037,392 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\94403032.sys -- (94403032)
DRV - [2009/10/09 23:31:10 | 000,315,408 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\system32\drivers\9440303.sys -- (setup_9.0.0.722_27.06.2011_23-05drv)
DRV - [2009/09/25 17:59:42 | 000,128,016 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\94403031.sys -- (94403031)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2008/05/16 07:10:32 | 000,023,992 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/05/16 07:10:30 | 000,025,272 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2008/04/13 13:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/01/28 15:56:47 | 000,018,304 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/01/28 15:56:38 | 000,019,712 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/06/02 11:15:05 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2004/08/25 18:28:46 | 000,787,456 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/08/12 20:40:50 | 000,904,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2004/08/06 22:29:14 | 000,006,656 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pfmodnt.sys -- (PfModNT)
DRV - [2004/08/06 15:43:26 | 000,366,384 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2004/07/13 15:15:48 | 000,148,432 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2004/07/13 15:13:14 | 000,145,488 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2004/07/13 15:12:36 | 000,130,288 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2004/07/13 15:11:58 | 000,006,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2004/07/13 15:11:28 | 000,178,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2004/07/13 15:09:32 | 000,645,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2004/02/04 10:27:56 | 000,049,536 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tiehdusb.sys -- (TIEHDUSB)
DRV - [2003/11/17 21:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 21:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 21:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/11/13 02:11:54 | 000,333,600 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2002/11/08 19:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2002/03/19 10:29:16 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Pclepci.sys -- (PCLEPCI)
DRV - [2001/12/03 12:55:14 | 000,155,264 | ---- | M] (Zoran Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nuvvid2.sys -- (NUVision)
DRV - [2001/12/03 12:55:12 | 000,026,560 | ---- | M] (Zoran Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nuvaud2.sys -- (nuvaud2)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=

IE - HKU\S-1-5-21-4024650724-3676728605-4199407228-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-21-4024650724-3676728605-4199407228-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-4024650724-3676728605-4199407228-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://the-11th-doctor.deviantart.com/
IE - HKU\S-1-5-21-4024650724-3676728605-4199407228-1008\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-4024650724-3676728605-4199407228-1008\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-4024650724-3676728605-4199407228-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-4024650724-3676728605-4199407228-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:64889

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://the-11th-doct...eviantart.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.2.1
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.03.01
FF - prefs.js..extensions.enabledItems: [email protected]:0.2.5.4
FF - prefs.js..extensions.enabledItems: {F53E9F2D-D2E6-468A-9DFF-69F1099AA696}:1.9.1
FF - prefs.js..extensions.enabledItems: {9EBEFFAA-7E6F-4A7D-B3F6-27A10A8F519B}:1.9.1
FF - prefs.js..extensions.enabledItems: {F55E5DF5-508F-424E-8F72-535A1220BE0E}:1.9.1
FF - prefs.js..extensions.enabledItems: {70905B25-9BB3-475D-9C16-E1DF8A4BFD11}:1.9.1

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/05/25 14:00:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/16 12:03:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/09 13:56:27 | 000,000,000 | ---D | M]

[2008/07/13 12:41:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David Railey\Application Data\Mozilla\Extensions
[2011/06/15 14:21:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David Railey\Application Data\Mozilla\Firefox\Profiles\hjnux7b7.default\extensions
[2010/09/20 21:58:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\David Railey\Application Data\Mozilla\Firefox\Profiles\hjnux7b7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/12/13 20:52:36 | 000,000,000 | ---D | M] (MushroomKingdom) -- C:\Documents and Settings\David Railey\Application Data\Mozilla\Firefox\Profiles\hjnux7b7.default\extensions\{BF32D2C8-9C75-404b-ACF4-880DB4679236}
[2010/04/18 12:53:02 | 000,000,000 | ---D | M] (FoxTab) -- C:\Documents and Settings\David Railey\Application Data\Mozilla\Firefox\Profiles\hjnux7b7.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2009/12/13 19:00:37 | 000,000,000 | ---D | M] (MoZelda) -- C:\Documents and Settings\David Railey\Application Data\Mozilla\Firefox\Profiles\hjnux7b7.default\extensions\{f7ec1807-0076-495a-949c-eaf4716fe412}
[2010/03/01 20:20:12 | 000,000,000 | ---D | M] (deviantAnywhere) -- C:\Documents and Settings\David Railey\Application Data\Mozilla\Firefox\Profiles\hjnux7b7.default\extensions\[email protected]
[2009/07/29 23:29:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David Railey\Application Data\Mozilla\Firefox\Profiles\hjnux7b7.default\extensions\[email protected]
[2010/08/30 22:24:49 | 000,000,000 | ---D | M] () -- C:\Documents and Settings\David Railey\Application Data\Mozilla\Firefox\Profiles\hjnux7b7.default\extensions\[email protected]
[2009/07/29 23:29:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David Railey\Application Data\Mozilla\Firefox\Profiles\hjnux7b7.default\extensions\[email protected]
[2010/09/20 21:58:19 | 000,000,000 | ---D | M] (Personas) -- C:\Documents and Settings\David Railey\Application Data\Mozilla\Firefox\Profiles\hjnux7b7.default\extensions\[email protected]
[2009/03/24 23:06:56 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Documents and Settings\David Railey\Application Data\Mozilla\Firefox\Profiles\hjnux7b7.default\extensions\[email protected]
[2011/06/15 14:21:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\DAVID RAILEY\LOCAL SETTINGS\APPLICATION DATA\{9EBEFFAA-7E6F-4A7D-B3F6-27A10A8F519B}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\DEBBIE RAILEY\LOCAL SETTINGS\APPLICATION DATA\{F55E5DF5-508F-424E-8F72-535A1220BE0E}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\PATRICK RAILEY\LOCAL SETTINGS\APPLICATION DATA\{F53E9F2D-D2E6-468A-9DFF-69F1099AA696}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\PATRICK\LOCAL SETTINGS\APPLICATION DATA\{70905B25-9BB3-475D-9C16-E1DF8A4BFD11}
[2008/11/28 13:39:17 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/05/25 14:00:55 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2010/06/16 08:36:30 | 000,002,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2004/08/10 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110510103747.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKU\S-1-5-21-4024650724-3676728605-4199407228-1008\..\Toolbar\WebBrowser: (no name) - {2D51D869-C36B-42BD-AE68-0A81BC771FA5} - No CLSID value found.
O3 - HKU\S-1-5-21-4024650724-3676728605-4199407228-1008\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Dell Photo AIO Printer 942] C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe ()
O4 - HKLM..\Run: [DellMCM] C:\Program Files\Dell Photo AIO Printer 942\memcard.exe ()
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ISUSPM Startup] File not found
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Microsoft Works Update Detection] File not found
O4 - HKLM..\Run: [Motive SmartBridge] C:\Program Files\SBC Self Support Tool\SmartBridge\MotiveSB.exe (Motive, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKU\S-1-5-21-4024650724-3676728605-4199407228-1008..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-4024650724-3676728605-4199407228-1008..\Run: [fkpqgsjc] File not found
O4 - HKU\S-1-5-21-4024650724-3676728605-4199407228-1008..\Run: [Steam] c:\program files\steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\setup_9.0.0.722_27.06.2011_23-05.lnk = File not found
O4 - Startup: C:\Documents and Settings\Richard Railey\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Richard Railey\Start Menu\Programs\Startup\Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE ()
O4 - Startup: C:\Documents and Settings\Richard Railey\Start Menu\Programs\Startup\Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-21-4024650724-3676728605-4199407228-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O15 - HKU\S-1-5-21-4024650724-3676728605-4199407228-1008\..Trusted Domains: //@mail.mar@ ([]msn in Local intranet)
O15 - HKU\S-1-5-21-4024650724-3676728605-4199407228-1008\..Trusted Domains: //@signup.mar@ ([]msn in My Computer)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplane...DC_2.1.2.76.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O16 - DPF: RaptisoftGameLoader http://www.miniclip....tgameloader.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Pure Networks, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Value error. File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 () - C:\Documents and Settings\David Railey\My Documents\My Pictures\GIFs\Bouncing Wiki logo.gif
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\David Railey\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\David Railey\Application Data\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/19 16:07:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/02/23 14:39:12 | 000,000,398 | ---- | M] () - C:\AUTOEXEC.UP -- [ NTFS ]
O32 - AutoRun File - [2004/08/10 06:00:00 | 000,000,110 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{a11c4a4d-e2c8-11de-8ebc-0013203f0e67}\Shell - "" = AutoRun
O33 - MountPoints2\{a11c4a4d-e2c8-11de-8ebc-0013203f0e67}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a11c4a4d-e2c8-11de-8ebc-0013203f0e67}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\SETUP.EXE -- [2004/08/10 06:00:00 | 001,314,816 | R--- | M] (Microsoft Corporation)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-4024650724-3676728605-4199407228-1008\...com [@ = comfile] -- Reg Error: Key error. File not found
O37 - HKU\S-1-5-21-4024650724-3676728605-4199407228-1008\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/06/27 10:44:20 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/27 10:44:18 | 000,000,000 | R--D | C] -- C:\Documents and Settings\David Railey\Start Menu\Programs\Administrative Tools
[2011/06/27 10:43:52 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2011/06/17 13:02:47 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Resource Kits
[2011/06/12 10:57:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2005/06/02 11:08:48 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2005/06/02 10:48:12 | 000,151,552 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll

========== Files - Modified Within 30 Days ==========

[2011/06/28 16:24:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/28 10:11:21 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000003-00000000-00000000-00001102-00000004-20061102}.rfx
[2011/06/28 10:11:21 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000003-00000000-00000000-00001102-00000004-20061102}.rfx
[2011/06/28 10:11:21 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000003-00000000-00000000-00001102-00000004-20061102}.rfx
[2011/06/28 10:11:21 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000003-00000000-00000000-00001102-00000004-20061102}.rfx
[2011/06/28 10:11:21 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011/06/28 10:11:21 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2011/06/28 10:11:21 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000003-00000000-00000000-00001102-00000004-20061102}.dat
[2011/06/28 10:11:21 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000000-00001102-00000004-20061102}.dat
[2011/06/28 10:10:46 | 004,933,091 | ---- | M] () -- C:\WINDOWS\{00000003-00000000-00000000-00001102-00000004-20061102}.CDF
[2011/06/27 10:31:21 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/15 15:29:53 | 000,008,240 | ---- | M] () -- C:\Documents and Settings\David Railey\Application Data\C4CA.64C
[2011/06/15 14:34:19 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\David Railey\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/06/13 23:29:04 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/06/12 10:58:13 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/11 23:45:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/11 21:47:33 | 015,384,576 | -H-- | M] () -- C:\ffastun0.ffx
[2011/06/11 21:47:33 | 002,383,872 | -H-- | M] () -- C:\ffastun.ffl
[2011/06/11 21:47:33 | 000,356,352 | -H-- | M] () -- C:\ffastun.ffo
[2011/06/11 21:47:33 | 000,005,061 | -H-- | M] () -- C:\ffastun.ffa

========== Files Created - No Company Name ==========

[2011/06/27 16:19:55 | 000,315,408 | ---- | C] () -- C:\WINDOWS\System32\drivers\9440303.sys
[2011/06/27 16:19:55 | 000,128,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\94403031.sys
[2011/06/27 16:19:55 | 000,037,392 | ---- | C] () -- C:\WINDOWS\System32\drivers\94403032.sys
[2011/05/12 19:36:27 | 000,008,240 | ---- | C] () -- C:\Documents and Settings\David Railey\Application Data\C4CA.64C
[2010/11/29 16:22:31 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/08/09 22:37:08 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2010/03/02 17:43:28 | 000,015,980 | ---- | C] () -- C:\Documents and Settings\David Railey\Local Settings\Application Data\CMa57a2rBB
[2010/02/10 23:35:10 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2010/02/10 23:33:56 | 000,389,120 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[2010/02/10 23:12:00 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/02/10 23:12:00 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2009/06/07 15:05:24 | 000,000,454 | ---- | C] () -- C:\Program Files\Shortcut to Steam.lnk
[2009/04/23 17:29:16 | 000,189,051 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2008/10/27 19:40:47 | 000,001,356 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2008/03/12 20:14:40 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2007/09/30 12:13:27 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2007/09/30 12:13:27 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2007/09/30 12:13:27 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2007/03/13 16:07:42 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007/03/12 16:10:21 | 000,107,832 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2007/03/12 16:09:48 | 000,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2007/01/10 22:56:04 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2006/08/26 10:28:01 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/08/19 21:34:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcf.INI
[2006/08/19 21:19:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PCFriend.INI
[2006/08/02 18:12:35 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2006/06/01 21:41:00 | 000,000,039 | ---- | C] () -- C:\WINDOWS\3D Text Factory.INI
[2006/05/05 21:54:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2006/04/07 20:08:16 | 000,000,022 | ---- | C] () -- C:\WINDOWS\exchng.ini
[2005/11/29 19:58:29 | 000,000,440 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2005/11/29 17:49:59 | 000,000,078 | ---- | C] () -- C:\WINDOWS\KA.INI
[2005/09/09 21:19:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2005/07/30 22:53:16 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\instlsp.exe
[2005/07/09 17:46:32 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2005/07/09 17:32:21 | 000,000,737 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/06/16 14:31:06 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2005/06/15 18:53:19 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\David Railey\Application Data\PFP120JPR.{PB
[2005/06/15 18:53:19 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\David Railey\Application Data\PFP120JCM.{PB
[2005/06/12 14:40:03 | 000,000,750 | ---- | C] () -- C:\WINDOWS\Ulead32.ini
[2005/06/12 14:38:11 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\MKSetting.exe
[2005/06/12 14:32:50 | 000,000,082 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2005/06/12 13:20:00 | 000,044,544 | ---- | C] () -- C:\Documents and Settings\David Railey\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/06/11 14:21:13 | 000,000,017 | ---- | C] () -- C:\WINDOWS\MovingPicture.ini
[2005/06/07 22:33:04 | 000,001,012 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2005/06/07 22:32:43 | 000,143,360 | R--- | C] () -- C:\WINDOWS\System32\dlbucoin.dll
[2005/06/07 22:32:43 | 000,131,072 | R--- | C] () -- C:\WINDOWS\System32\dlbusnls.dll
[2005/06/07 22:29:35 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\dlbuih.exe
[2005/06/07 22:29:35 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbuvs.dll
[2005/06/07 22:29:34 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlbucur.dll
[2005/06/07 22:29:34 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlbucu.dll
[2005/06/07 22:29:31 | 000,557,056 | ---- | C] () -- C:\WINDOWS\System32\dlbujswr.dll
[2005/06/07 22:29:27 | 000,401,408 | ---- | C] () -- C:\WINDOWS\System32\dlbuutil.dll
[2005/06/07 21:29:14 | 000,018,432 | ---- | C] () -- C:\WINDOWS\ss3unstl.exe
[2005/06/07 10:36:46 | 000,000,251 | ---- | C] () -- C:\Program Files\wt3d.ini
[2005/06/07 10:28:18 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\David Railey\Local Settings\Application Data\fusioncache.dat
[2005/06/02 11:21:30 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/06/02 11:16:51 | 000,000,202 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/06/02 11:14:05 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/06/02 11:09:16 | 001,247,400 | ---- | C] () -- C:\WINDOWS\System32\CTAA1.DAT
[2005/06/02 11:09:14 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT
[2005/06/02 11:09:14 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2005/06/02 11:09:00 | 000,000,384 | ---- | C] () -- C:\WINDOWS\System32\DVCStateBkp-{00000003-00000000-00000000-00001102-00000004-20061102}.dat
[2005/06/02 11:09:00 | 000,000,384 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000000-00001102-00000004-20061102}.dat
[2005/06/02 11:08:52 | 000,014,424 | ---- | C] () -- C:\WINDOWS\System32\Aud2_Del.ini
[2005/06/02 11:08:52 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2005/06/02 11:08:51 | 000,127,226 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2005/06/02 11:08:51 | 000,053,932 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2005/06/02 11:08:48 | 000,184,320 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2005/06/02 11:08:48 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\REGPLIB.EXE
[2005/06/02 11:08:48 | 000,000,194 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2005/06/02 11:08:23 | 000,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2005/06/02 10:48:32 | 000,264,466 | ---- | C] () -- C:\WINDOWS\System32\ctsbas2w.dat
[2005/06/02 10:48:32 | 000,140,643 | ---- | C] () -- C:\WINDOWS\System32\ctbas2w.dat
[2005/06/02 10:48:18 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2005/06/02 10:48:04 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2005/06/02 10:47:44 | 000,000,375 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/08/19 16:20:39 | 000,000,888 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/19 16:12:27 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/19 16:03:04 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/19 16:01:43 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/19 15:57:50 | 000,004,346 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/19 15:57:07 | 000,402,328 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/19 15:49:51 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/19 15:49:47 | 000,503,164 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/19 15:49:47 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/19 15:49:47 | 000,088,018 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/19 15:49:47 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/19 15:49:47 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/19 15:49:44 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/19 15:49:43 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/19 15:49:38 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/19 15:49:38 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/19 15:49:30 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/19 15:49:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/03/18 08:44:29 | 001,663,068 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
[1999/01/22 13:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/10/11 01:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll
[1998/01/12 03:00:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL
[1996/11/17 00:00:00 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\WRKGADM.EXE
[1996/11/17 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1996/11/17 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1996/11/17 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== Custom Scans ==========

< :Files >

< C:\Documents and Settings\Patrick Railey\Application Data\dwm.exe >

< End of report >