Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Win32/Rootkit.Agent.ODG Trojan Help please


  • Please log in to reply

#1
ctarshis

ctarshis

    New Member

  • Member
  • Pip
  • 1 posts
Hey guys,

I'm hoping someone can help me get rid of this virus. I've read some logs about it and it seems kind of complicated. I tried to install Malwarebytes and I also tried to run ComboFix but neither of them will work.

I did manage to run an OTS and ran a scan; I'm attaching the result.

Can someone please help me?

Thanks!

OTS logfile created on: 5/27/2009 9:09:54 PM - Run 1
OTS by OldTimer - Version 3.0.2.5	 Folder = C:\Users\Caleb\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale:  | Country:  | Language:  | Date Format: 
 
1013.27 Mb Total Physical Memory | 188.61 Mb Available Physical Memory | 18.61% Memory free
2.24 Gb Paging File | 1.28 Gb Available in Paging File | 57.09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 92.18 Gb Total Space | 23.42 Gb Free Space | 25.41% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 49.39 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: CALEB-PC
Current User Name: Caleb
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days
 
[Processes - Safe List]
agrsmsvc.exe -> C:\Windows\System32\agrsmsvc.exe -> [2006/10/05 19:10:12 | 00,009,216 | ---- | M] (Agere Systems)
apmsgfwd.exe -> C:\Program Files\Apoint2K\ApMsgFwd.exe -> [2006/09/07 23:54:30 | 00,042,544 | ---- | M] (Alps Electric Co., Ltd.)
apntex.exe -> C:\Program Files\Apoint2K\Apntex.exe -> [2006/09/08 00:06:08 | 00,040,960 | ---- | M] (Alps Electric Co., Ltd.)
apoint.exe -> C:\Program Files\Apoint2K\Apoint.exe -> [2006/09/25 22:49:12 | 00,151,552 | ---- | M] (Alps Electric Co., Ltd.)
applemobiledeviceservice.exe -> C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2009/03/06 00:04:30 | 00,132,424 | ---- | M] (Apple Inc.)
btnhnd.exe -> C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe -> [2006/11/12 16:13:58 | 00,068,400 | ---- | M] (FUJITSU LIMITED)
egui.exe -> C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe -> [2009/04/09 15:17:56 | 02,029,640 | ---- | M] (ESET)
ekrn.exe -> C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -> [2009/04/09 15:19:08 | 00,731,840 | ---- | M] (ESET)
explorer.exe -> C:\Windows\Explorer.EXE -> [2009/03/29 17:31:40 | 02,927,104 | ---- | M] (Microsoft Corporation)
firefox.exe -> C:\Program Files\Mozilla Firefox\firefox.exe -> [2009/04/27 22:54:42 | 00,307,704 | ---- | M] (Mozilla Corporation)
fuj02e3.exe -> C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe -> [2006/11/17 15:38:40 | 00,080,688 | ---- | M] (FUJITSU LIMITED)
hidfind.exe -> C:\Program Files\Apoint2K\HidFind.exe -> [2006/09/08 00:10:22 | 00,040,960 | ---- | M] (Alps Electric Co., Ltd.)
mdnsresponder.exe -> C:\Program Files\Bonjour\mDNSResponder.exe -> [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.)
msnmsgr.exe -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> [2009/02/06 18:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation)
ots.exe -> C:\Users\Caleb\Downloads\OTS.exe -> [2009/05/27 21:07:50 | 00,503,808 | ---- | M] (OldTimer Tools)
pdagent.exe -> C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe -> [2009/02/23 15:58:52 | 00,922,888 | ---- | M] (Raxco Software, Inc.)
pdagents1.exe -> C:\Program Files\Raxco\PerfectDisk10\PDAgentS1.exe -> [2009/02/23 15:58:52 | 00,066,824 | ---- | M] (Raxco Software, Inc.)
quicktouch.exe -> C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe -> [2006/11/25 17:09:32 | 00,260,912 | ---- | M] (FUJITSU LIMITED)
starwindserviceae.exe -> C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -> [2007/05/28 12:57:54 | 00,275,968 | ---- | M] (Rocket Division Software)
winvnc.exe -> C:\Program Files\UltraVNC\WinVNC.exe -> [2009/05/13 01:29:01 | 01,683,456 | ---- | M] (UltraVNC)
winvnc.exe -> C:\Program Files\UltraVNC\WinVNC.exe -> [2009/05/13 01:29:01 | 01,683,456 | ---- | M] (UltraVNC)
wlcomm.exe -> C:\Program Files\Windows Live\Contacts\wlcomm.exe -> [2009/02/06 17:07:48 | 00,027,512 | ---- | M] (Microsoft Corporation)
wmpnetwk.exe -> C:\Program Files\Windows Media Player\wmpnetwk.exe -> [2008/01/19 03:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation)
wudfhost.exe -> C:\Windows\System32\WUDFHost.exe -> [2008/01/19 03:33:40 | 00,142,336 | ---- | M] (Microsoft Corporation)
 
[Win32 Services - Safe List]
(AgereModemAudio) Agere Modem Call Progress Audio [Win32_Own | Auto | Running] -> C:\Windows\System32\agrsmsvc.exe -> [2006/10/05 19:10:12 | 00,009,216 | ---- | M] (Agere Systems)
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2009/03/06 00:04:30 | 00,132,424 | ---- | M] (Apple Inc.)
(Bonjour Service) Bonjour Service [Win32_Own | Auto | Running] -> C:\Program Files\Bonjour\mDNSResponder.exe -> [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.)
(clr_optimization_v2.0.50727_32) Microsoft .NET Framework NGEN v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2009/03/29 16:15:26 | 00,069,632 | ---- | M] (Microsoft Corporation)
(ehRecvr) Windows Media Center Receiver Service [Win32_Own | On_Demand | Stopped] -> C:\Windows\ehome\ehRecvr.exe -> [2008/01/19 03:33:09 | 00,292,352 | ---- | M] (Microsoft Corporation)
(ehSched) Windows Media Center Scheduler Service [Win32_Own | On_Demand | Stopped] -> C:\Windows\ehome\ehsched.exe -> [2006/11/02 08:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation)
(ehstart) Windows Media Center Service Launcher [Win32_Shared | Auto | Stopped] -> C:\Windows\ehome\ehstart.dll -> [2006/11/02 08:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation)
(EhttpSrv) ESET HTTP Server [Win32_Own | On_Demand | Stopped] -> C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -> [2009/04/09 15:29:20 | 00,020,680 | ---- | M] (ESET)
(ekrn) ESET Service [Win32_Own | Auto | Running] -> C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -> [2009/04/09 15:19:08 | 00,731,840 | ---- | M] (ESET)
(Eventlog) Windows Event Log [Win32_Shared | Auto | Running] -> C:\Windows\System32\wevtsvc.dll -> [2008/01/19 03:36:53 | 01,013,760 | ---- | M] (Microsoft Corporation)
(FontCache3.0.0.0) Windows Presentation Foundation Font Cache 3.0.0.0 [Win32_Own | On_Demand | Stopped] -> C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -> [2009/03/29 19:57:11 | 00,046,104 | ---- | M] (Microsoft Corporation)
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -> [2009/03/29 19:57:22 | 00,881,664 | ---- | M] (Microsoft Corporation)
(iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\iPod\bin\iPodService.exe -> [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.)
(NetTcpPortSharing) Net.Tcp Port Sharing Service [Win32_Shared | Disabled | Stopped] -> C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -> [2009/03/29 19:57:29 | 00,132,096 | ---- | M] (Microsoft Corporation)
(ose) Office Source Engine [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -> [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation)
(PDAgent) PDAgent [Win32_Own | Auto | Running] -> C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe -> [2009/02/23 15:58:52 | 00,922,888 | ---- | M] (Raxco Software, Inc.)
(PDEngine) PDEngine [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe -> [2009/02/23 15:58:54 | 01,025,288 | ---- | M] (Raxco Software, Inc.)
(StarWindServiceAE) StarWind AE Service [Win32_Own | Auto | Running] -> C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -> [2007/05/28 12:57:54 | 00,275,968 | ---- | M] (Rocket Division Software)
(uvnc_service) uvnc_service [Win32_Own | Auto | Running] -> C:\Program Files\UltraVNC\WinVNC.exe -> [2009/05/13 01:29:01 | 01,683,456 | ---- | M] (UltraVNC)
(WinDefend) Windows Defender [Win32_Shared | Auto | Running] -> C:\Program Files\Windows Defender\mpsvc.dll -> [2008/01/19 03:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation)
(WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | Auto | Running] -> C:\Program Files\Windows Media Player\wmpnetwk.exe -> [2008/01/19 03:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation)
 
[Driver Services - Safe List]
(adp94xx) adp94xx [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adp94xx.sys -> [2006/11/02 05:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.)
(adpahci) adpahci [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adpahci.sys -> [2006/11/02 05:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.)
(adpu160m) adpu160m [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adpu160m.sys -> [2006/11/02 05:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.)
(adpu320) adpu320 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adpu320.sys -> [2006/11/02 05:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.)
(AgereSoftModem) Agere Systems Soft Modem [Kernel | On_Demand | Running] -> C:\Windows\System32\DRIVERS\AGRSM.sys -> [2006/10/05 17:39:40 | 01,161,152 | ---- | M] (Agere Systems)
(aic78xx) aic78xx [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\djsvs.sys -> [2006/11/02 05:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.)
(aliide) aliide [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\aliide.sys -> [2006/11/02 05:49:20 | 00,014,952 | ---- | M] (Acer Laboratories Inc.)
(ApfiltrService) Alps Pointing-device Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\DRIVERS\Apfiltr.sys -> [2006/08/29 18:35:58 | 00,140,800 | ---- | M] (Alps Electric Co., Ltd.)
(arc) arc [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\arc.sys -> [2006/11/02 05:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.)
(arcsas) arcsas [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\arcsas.sys -> [2006/11/02 05:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.)
(bcm4sbxp) Broadcom 440x 10/100 Integrated Controller XP Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\DRIVERS\bcm4sbxp.sys -> [2006/11/02 03:30:53 | 00,045,056 | ---- | M] (Broadcom Corporation)
(BrFiltLo) Brother USB Mass-Storage Lower Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\brfiltlo.sys -> [2006/11/02 04:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.)
(BrFiltUp) Brother USB Mass-Storage Upper Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\brfiltup.sys -> [2006/11/02 04:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.)
(Brserid) Brother MFC Serial Port Interface Driver (WDM) [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\brserid.sys -> [2006/11/02 04:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.)
(BrSerWdm) Brother WDM Serial driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\brserwdm.sys -> [2006/11/02 04:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.)
(BrUsbMdm) Brother MFC USB Fax Only Modem [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\brusbmdm.sys -> [2006/11/02 04:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.)
(BrUsbSer) Brother MFC USB Serial WDM Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\brusbser.sys -> [2006/11/02 04:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.)
(cmdide) cmdide [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\cmdide.sys -> [2006/11/02 05:49:28 | 00,016,488 | ---- | M] (CMD Technology, Inc.)
(DefragFS) DefragFS [File_System | Auto | Running] -> C:\Windows\System32\drivers\DefragFs.sys -> [2009/01/09 10:49:06 | 00,071,184 | ---- | M] (Raxco Software, Inc.)
(E1G60) Intel(R) PRO/1000 NDIS 6 Adapter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\DRIVERS\E1G60I32.sys -> [2006/11/02 03:30:54 | 00,117,760 | ---- | M] (Intel Corporation)
(eamon) eamon [File_System | Auto | Running] -> C:\Windows\System32\DRIVERS\eamon.sys -> [2009/04/09 15:10:30 | 00,113,960 | ---- | M] (ESET)
(ehdrv) ehdrv [Kernel | System | Running] -> C:\Windows\System32\DRIVERS\ehdrv.sys -> [2009/04/09 15:18:02 | 00,107,256 | ---- | M] (ESET)
(elxstor) elxstor [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\elxstor.sys -> [2006/11/02 05:51:34 | 00,316,520 | ---- | M] (Emulex)
(epfwwfpr) epfwwfpr [Kernel | Auto | Running] -> C:\Windows\System32\DRIVERS\epfwwfpr.sys -> [2009/04/09 15:21:16 | 00,093,312 | ---- | M] (ESET)
(FJVBCtrl) FJVBCtrl [Kernel | Auto | Running] -> C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\FJVBCtrl.sys -> [2007/02/16 15:59:26 | 00,012,848 | ---- | M] (FUJITSU LIMITED)
(FUJ02E3) Fujitsu FUJ02E3 Device Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\DRIVERS\FUJ02E3.sys -> [2006/11/01 21:59:24 | 00,005,632 | ---- | M] (FUJITSU LIMITED)
(GEARAspiWDM) GEAR ASPI Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\DRIVERS\GEARAspiWDM.sys -> [2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.)
(HpCISSs) HpCISSs [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\hpcisss.sys -> [2006/11/02 05:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company)
(ialm) ialm [Kernel | On_Demand | Stopped] -> C:\Windows\System32\DRIVERS\igdkmd32.sys -> [2008/03/25 09:44:24 | 02,307,072 | ---- | M] (Intel Corporation)
(iaStorV) Intel RAID Controller Vista [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iastorv.sys -> [2006/11/02 05:51:25 | 00,232,040 | ---- | M] (Intel Corporation)
(igfx) igfx [Kernel | On_Demand | Running] -> C:\Windows\System32\DRIVERS\igdkmd32.sys -> [2008/03/25 09:44:24 | 02,307,072 | ---- | M] (Intel Corporation)
(iirsp) iirsp [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iirsp.sys -> [2006/11/02 05:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH)
(IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\RTKVHDA.sys -> [2006/11/22 23:15:00 | 01,652,968 | ---- | M] (Realtek Semiconductor Corp.)
(iteatapi) ITEATAPI_Service_Install [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iteatapi.sys -> [2006/11/02 05:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.)
(iteraid) ITERAID_Service_Install [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iteraid.sys -> [2006/11/02 05:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.)
(LSI_FC) LSI_FC [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\lsi_fc.sys -> [2006/11/02 05:50:04 | 00,065,640 | ---- | M] (LSI Logic)
(LSI_SAS) LSI_SAS [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\lsi_sas.sys -> [2006/11/02 05:50:05 | 00,065,640 | ---- | M] (LSI Logic)
(LSI_SCSI) LSI_SCSI [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\lsi_scsi.sys -> [2006/11/02 05:50:10 | 00,065,640 | ---- | M] (LSI Logic)
(LVRS) Logitech RightSound Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\DRIVERS\lvrs.sys -> [2008/07/26 15:25:48 | 00,627,864 | ---- | M] (Logitech Inc.)
(LVUSBSta) Logitech USB Monitor Filter [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\LVUSBSta.sys -> [2008/07/26 15:26:22 | 00,041,752 | ---- | M] (Logitech Inc.)
(megasas) megasas [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\megasas.sys -> [2006/11/02 05:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation)
(Mraid35x) Mraid35x [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\mraid35x.sys -> [2006/11/02 05:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation)
(NETw3v32) Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit [Kernel | On_Demand | Stopped] -> C:\Windows\System32\DRIVERS\NETw3v32.sys -> [2006/11/02 03:30:54 | 01,781,760 | ---- | M] (Intel® Corporation)
(NETw4v32) Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit [Kernel | On_Demand | Running] -> C:\Windows\System32\DRIVERS\NETw4v32.sys -> [2007/08/08 08:26:06 | 02,226,688 | ---- | M] (Intel Corporation)
(nfrd960) nfrd960 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\nfrd960.sys -> [2006/11/02 05:50:19 | 00,045,160 | ---- | M] (IBM Corporation)
(ntrigdigi) N-trig HID Tablet Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ntrigdigi.sys -> [2006/11/02 03:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies)
(nvraid) nvraid [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\nvraid.sys -> [2006/11/02 05:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation)
(nvstor) nvstor [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\nvstor.sys -> [2006/11/02 05:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation)
(pepifilter) Volume Adapter [Kernel | On_Demand | Stopped] -> C:\Windows\System32\DRIVERS\lv302af.sys -> [2008/07/26 15:22:22 | 00,013,848 | ---- | M] (Logitech Inc.)
(PID_PEPI) Logitech QuickCam IM(PID_PEPI) [Kernel | On_Demand | Stopped] -> C:\Windows\System32\DRIVERS\LV302V32.SYS -> [2008/07/26 15:22:34 | 02,570,520 | ---- | M] (Logitech Inc.)
(pnetmdm) PdaNet Modem [Kernel | On_Demand | Stopped] -> C:\Windows\System32\DRIVERS\pnetmdm.sys -> [2006/09/28 14:32:14 | 00,009,472 | ---- | M] (June Fabrics Technology)
(ql2300) QLogic Fibre Channel Miniport Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ql2300.sys -> [2006/11/02 05:51:45 | 00,900,712 | ---- | M] (QLogic Corporation)
(ql40xx) QLogic iSCSI Miniport Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ql40xx.sys -> [2006/11/02 05:50:35 | 00,106,088 | ---- | M] (QLogic Corporation)
(rimsptsk) rimsptsk [Kernel | On_Demand | Running] -> C:\Windows\System32\DRIVERS\rimsptsk.sys -> [2005/12/22 17:02:22 | 00,051,840 | ---- | M] (REDC)
(rismxdp) Ricoh xD-Picture Card Driver [Kernel | Auto | Running] -> C:\Windows\System32\DRIVERS\rixdptsk.sys -> [2006/11/14 17:35:20 | 00,037,376 | ---- | M] (REDC)
(ROOTMODEM) Microsoft Legacy Modem Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\Drivers\RootMdm.sys -> [2008/01/19 01:57:15 | 00,008,192 | ---- | M] (Microsoft Corporation)
(secdrv) Security Driver [Kernel | Auto | Running] -> C:\Windows\System32\drivers\secdrv.sys -> [2006/11/02 02:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(SiSRaid2) SiSRaid2 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sisraid2.sys -> [2006/11/02 05:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.)
(SiSRaid4) SiSRaid4 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sisraid4.sys -> [2006/11/02 05:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems)
(sptd) sptd [Kernel | Boot | Running] -> C:\Windows\System32\Drivers\sptd.sys -> [2009/05/27 00:13:12 | 00,721,904 | ---- | M] ()
(Symc8xx) Symc8xx [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\symc8xx.sys -> [2006/11/02 05:50:05 | 00,035,944 | ---- | M] (LSI Logic)
(Sym_hi) Sym_hi [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sym_hi.sys -> [2006/11/02 05:49:56 | 00,031,848 | ---- | M] (LSI Logic)
(Sym_u3) Sym_u3 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sym_u3.sys -> [2006/11/02 05:50:03 | 00,034,920 | ---- | M] (LSI Logic)
(uliahci) uliahci [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\uliahci.sys -> [2006/11/02 05:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.)
(UlSata) UlSata [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ulsata.sys -> [2006/11/02 05:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.)
(ulsata2) ulsata2 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ulsata2.sys -> [2006/11/02 05:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.)
(UMPass) Microsoft UMPass Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\DRIVERS\umpass.sys -> [2008/01/19 01:53:39 | 00,007,680 | ---- | M] (Microsoft Corporation)
(USBAAPL) Apple Mobile USB Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\Drivers\usbaapl.sys -> [2009/03/05 23:59:00 | 00,036,864 | ---- | M] (Apple, Inc.)
(usbaudio) USB Audio Driver (WDM) [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\usbaudio.sys -> [2008/01/19 01:53:23 | 00,073,088 | ---- | M] (Microsoft Corporation)
(viaide) viaide [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\viaide.sys -> [2006/11/02 05:49:30 | 00,017,512 | ---- | M] (VIA Technologies, Inc.)
(vsmraid) vsmraid [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\vsmraid.sys -> [2006/11/02 05:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd)
 
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" ->  [binary data] -> 
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons -> 
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: URLSearchHooks\\"{ecdee021-0d17-467f-a1ff-c7a115230949}" [HKLM] -> C:\Program Files\free-downloads.net\tbfree.dll [free-downloads.net Toolbar] -> [2009/03/10 11:47:48 | 02,079,256 | ---- | M] (Conduit Ltd.)
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.google.com/ -> 
HKEY_CURRENT_USER\: Main\\"StartPageCache" -> 1 -> 
HKEY_CURRENT_USER\: URLSearchHooks\\"{ecdee021-0d17-467f-a1ff-c7a115230949}" [HKLM] -> C:\Program Files\free-downloads.net\tbfree.dll [free-downloads.net Toolbar] -> [2009/03/10 11:47:48 | 02,079,256 | ---- | M] (Conduit Ltd.)
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> 
HKEY_CURRENT_USER\: "ProxyOverride" -> *.local -> 
< FireFox Settings [Prefs.js] > -> C:\Users\Caleb\AppData\Roaming\Mozilla\FireFox\Profiles\0nld2a3a.default\prefs.js -> 
browser.startup.homepage -> "http://www.google.ca/" ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13 ->
extensions.enabledItems -> {20a82645-c095-46ed-80e3-08825760534b}:1.0 ->
extensions.enabledItems -> {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102 ->
extensions.enabledItems -> {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10 ->
< FireFox Settings [User.js] > -> C:\Users\Caleb\AppData\Roaming\Mozilla\FireFox\Profiles\0nld2a3a.default\user.js -> 
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions ->  -> 
HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b} -> C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\] -> [2009/03/29 19:59:52 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions ->  -> 
HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components -> C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2009/05/03 23:42:08 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins -> C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2009/04/27 22:54:45 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Thunderbird\Extensions ->  -> 
HKLM\software\mozilla\Thunderbird\Extensions\\[email protected] -> C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD -> 
< FireFox Extensions [User Folders] > -> 
 -> C:\Users\Caleb\AppData\Roaming\mozilla\Extensions -> [2009/03/29 14:09:21 | 00,000,000 | ---D | M]
 -> C:\Users\Caleb\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} -> [2009/03/29 14:09:21 | 00,000,000 | ---D | M]
 -> C:\Users\Caleb\AppData\Roaming\mozilla\Firefox\Profiles\0nld2a3a.default\extensions -> [2009/04/27 22:55:17 | 00,097,121 | ---- | M] ()
< FireFox Extensions [Program Folders] > -> 
 -> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions -> [2009/04/27 22:54:45 | 09,756,664 | ---- | M] (Mozilla Foundation)
 -> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} -> [2009/04/27 22:54:45 | 09,756,664 | ---- | M] (Mozilla Foundation)
 -> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions\{B13721C7-F507-4982-B2E5-502A71474FED} -> [2009/04/27 22:54:45 | 09,756,664 | ---- | M] (Mozilla Foundation)
 -> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} -> [2009/04/27 22:54:45 | 09,756,664 | ---- | M] (Mozilla Foundation)
< FireFox Components [Program Folders] > -> 
C:\PROGRAM FILES\MOZILLA FIREFOX\components\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\components -> [2009/05/03 23:42:08 | 00,000,000 | ---D | M]
browserdirprovider.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\components\browserdirprovider.dll -> [2009/04/27 22:54:41 | 00,023,032 | ---- | M] (Mozilla Foundation)
brwsrcmp.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\components\brwsrcmp.dll -> [2009/04/27 22:54:41 | 00,134,648 | ---- | M] (Mozilla Foundation)
< FireFox Plugins [Program Folders] > -> 
C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins -> [2009/04/27 22:54:45 | 00,000,000 | ---D | M]
npdeploytk.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npdeploytk.dll -> [2009/04/18 17:50:42 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.)
npnul32.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npnul32.dll -> [2009/04/27 22:54:42 | 00,065,528 | ---- | M] (mozilla.org)
NPOFFICE.DLL -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\NPOFFICE.DLL -> [2007/03/22 19:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation)
npqtplugin.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin.dll -> [2009/03/29 16:48:22 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin2.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin2.dll -> [2009/03/29 16:48:22 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin3.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin3.dll -> [2009/03/29 16:48:22 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin4.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin4.dll -> [2009/03/29 16:48:22 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin5.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin5.dll -> [2009/03/29 16:48:22 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin6.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin6.dll -> [2009/03/29 16:48:22 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin7.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin7.dll -> [2009/03/29 16:48:23 | 00,143,360 | ---- | M] (Apple Inc.)
QuickTimePlugin.class -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\QuickTimePlugin.cla -> [2009/03/29 16:48:22 | 00,004,208 | ---- | M] ()
< FireFox SearchPlugins [Program Folders] > -> 
C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins -> [2009/03/29 14:09:07 | 00,000,000 | ---D | M]
amazondotcom.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\amazondotcom.xml -> [2009/03/26 14:56:22 | 00,001,394 | ---- | M] ()
answers.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\answers.xml -> [2009/03/26 14:56:22 | 00,002,193 | ---- | M] ()
creativecommons.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\creativecommons.xml -> [2009/03/26 14:56:22 | 00,001,534 | ---- | M] ()
eBay.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\eBay.xml -> [2009/03/26 14:56:22 | 00,002,343 | ---- | M] ()
google.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\google.xml -> [2009/03/26 14:56:22 | 00,001,706 | ---- | M] ()
wikipedia.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\wikipedia.xml -> [2009/03/26 14:56:22 | 00,001,178 | ---- | M] ()
yahoo.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\yahoo.xml -> [2009/03/26 14:56:22 | 00,000,792 | ---- | M] ()
< HOSTS File > (761 bytes and 20 lines) -> C:\Windows\System32\drivers\etc\Hosts -> 
Reset Hosts
127.0.0.1	   localhost
::1			 localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe PDF Link Helper] -> [2009/02/27 12:07:26 | 00,075,128 | ---- | M] (Adobe Systems Incorporated)
{5C255C8A-E604-49b4-9D64-90988571CECB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{9030D464-4C02-4ABF-8ECC-5164760863C6} [HKLM] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Windows Live Sign-in Helper] -> [2009/01/22 15:41:30 | 00,408,448 | ---- | M] (Microsoft Corporation)
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2009/04/18 17:50:40 | 00,035,840 | ---- | M] (Sun Microsystems, Inc.)
{ecdee021-0d17-467f-a1ff-c7a115230949} [HKLM] -> C:\Program Files\free-downloads.net\tbfree.dll [free-downloads.net Toolbar] -> [2009/03/10 11:47:48 | 02,079,256 | ---- | M] (Conduit Ltd.)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{ecdee021-0d17-467f-a1ff-c7a115230949}" [HKLM] -> C:\Program Files\free-downloads.net\tbfree.dll [free-downloads.net Toolbar] -> [2009/03/10 11:47:48 | 02,079,256 | ---- | M] (Conduit Ltd.)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Apoint" -> C:\Program Files\Apoint2K\Apoint.exe [C:\Program Files\Apoint2K\Apoint.exe] -> [2006/09/25 22:49:12 | 00,151,552 | ---- | M] (Alps Electric Co., Ltd.)
"egui" -> C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe ["C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice] -> [2009/04/09 15:17:56 | 02,029,640 | ---- | M] (ESET)
"LoadBtnHnd" -> C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe [C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe] -> [2006/11/12 16:13:58 | 00,068,400 | ---- | M] (FUJITSU LIMITED)
"LoadFUJ02E3" -> C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe [C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe] -> [2006/11/17 15:38:40 | 00,080,688 | ---- | M] (FUJITSU LIMITED)
"LoadFujitsuQuickTouch" -> C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe [C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe] -> [2006/11/25 17:09:32 | 00,260,912 | ---- | M] (FUJITSU LIMITED)
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"AlcoholAutomount" -> C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe ["C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount] -> [2009/04/23 23:16:34 | 00,203,928 | ---- | M] (Alcohol Soft Development Team)
"msnmsgr" -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe ["C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background] -> [2009/02/06 18:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation)
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"ConsentPromptBehaviorAdmin" ->  [2] -> File not found
\\"ConsentPromptBehaviorUser" ->  [1] -> File not found
\\"EnableInstallerDetection" ->  [1] -> File not found
\\"EnableLUA" ->  [0] -> File not found
\\"EnableSecureUIAPaths" ->  [1] -> File not found
\\"EnableVirtualization" ->  [1] -> File not found
\\"PromptOnSecureDesktop" ->  [1] -> File not found
\\"ValidateAdminCodeSignatures" ->  [0] -> File not found
\\"dontdisplaylastusername" ->  [0] -> File not found
\\"legalnoticecaption" ->  [] -> File not found
\\"legalnoticetext" ->  [] -> File not found
\\"scforceoption" ->  [0] -> File not found
\\"shutdownwithoutlogon" ->  [1] -> File not found
\\"undockwithoutlogon" ->  [1] -> File not found
\\"FilterAdministratorToken" ->  [0] -> File not found
\\"EnableUIADesktopToggle" ->  [0] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
\UIPI\Clipboard\ExceptionFormats\\"CF_TEXT" ->  [1] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_BITMAP" ->  [2] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_OEMTEXT" ->  [7] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_DIB" ->  [8] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_PALETTE" ->  [9] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_UNICODETEXT" ->  [13] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_DIBV5" ->  [17] -> File not found
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
E&xport to Microsoft Excel -> C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000] -> [2009/03/02 15:09:56 | 10,351,440 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL [Button: Research] -> [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab [Java Plug-in 1.6.0_13] -> 
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab [Java Plug-in 1.6.0_13] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab [Java Plug-in 1.6.0_13] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab [Shockwave Flash Object] -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
NameServer -> 85.255.112.187,85.255.112.208 -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{9131E790-E8AC-4C76-994B-65723B6BB020} -> 85.255.112.187,85.255.112.208   (Intel(R) PRO/Wireless 3945ABG Network Connection) -> 
{C169E835-68AC-40B7-91AF-FF944EF0ABD3} -> 85.255.112.187,85.255.112.208   (Broadcom 440x 10/100 Integrated Controller) -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
explorer.exe -> C:\Windows\explorer.exe -> [2009/03/29 17:31:40 | 02,927,104 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
igfxcui -> C:\Windows\System32\igfxdev.dll -> [2008/03/25 09:24:54 | 00,204,800 | ---- | M] (Intel Corporation)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
"AlternateShell" -> cmd.exe -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" ->  [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > ->  -> 
C:\autoexec.bat [REM Dummy file for NTVDM | ] -> C:\autoexec.bat [ NTFS ] -> [2006/09/18 17:43:36 | 00,000,024 | ---- | M] ()
C:\autorun.inf [[autorun] |;nvvzfkgmcdtbbfghhmvrnkcvfpiioezclmsfadeptujpcijngcjtqgzkienfqfhqtqc | shellexecute="RECYCLER\S-7-1-27-100024559-100028674-100014138-5884.com c:\" |;qtydqavjoduferpbklpvvoyzdzsuizk | shell\Open\command="RECYCLER\S-7-1-27-100024559-100028674-100014138-5884.com c:\" |;uvycxrtubinpgcfxhxmx | shell=Open | ] -> C:\autorun.inf [ NTFS ] -> [2009/05/23 20:39:51 | 00,000,310 | RHS- | M] ()
E:\AUTORUN.INF [[AutoRun] | ShellExecute=INDEX.html | icon=avira.ico | ] -> E:\AUTORUN.INF [ CDFS ] -> [2008/12/08 14:00:02 | 00,000,052 | R--- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
\{b33831f4-1c5f-11de-92cb-806e6f6e6963}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b33831f4-1c5f-11de-92cb-806e6f6e6963}\shell
\{b33831f4-1c5f-11de-92cb-806e6f6e6963}\shell\\"" ->  [AutoRun] -> File not found
 
 
[Files/Folders - Created Within 30 Days]
Conduit -> C:\Program Files\Conduit -> [2009/05/27 00:19:10 | 00,000,000 | ---D | C]
free-downloads.net -> C:\Program Files\free-downloads.net -> [2009/05/27 00:19:08 | 00,000,000 | ---D | C]
Alcohol 120%.lnk -> C:\Users\Public\Desktop\Alcohol 120%.lnk -> [2009/05/27 00:19:06 | 00,000,973 | ---- | C] ()
Alcohol Soft -> C:\Program Files\Alcohol Soft -> [2009/05/27 00:18:57 | 00,000,000 | ---D | C]
IconCache.db -> C:\Users\Caleb\AppData\Local\IconCache.db -> [2009/05/27 00:13:28 | 02,223,266 | -H-- | C] ()
sptd.sys -> C:\Windows\System32\drivers\sptd.sys -> [2009/05/27 00:13:12 | 00,721,904 | ---- | C] ()
UltraISO -> C:\Program Files\UltraISO -> [2009/05/27 00:05:05 | 00,000,000 | ---D | C]
My ISO Files -> C:\Users\Caleb\Documents\My ISO Files -> [2009/05/27 00:05:05 | 00,000,000 | ---D | C]
EZB Systems -> C:\Program Files\Common Files\EZB Systems -> [2009/05/27 00:05:05 | 00,000,000 | ---D | C]
rescue.iso -> C:\Users\Caleb\Documents\rescue.iso -> [2009/05/27 00:01:32 | 51,787,776 | ---- | C] ()
hiberfil.sys -> C:\hiberfil.sys -> [2009/05/26 23:48:27 | 10,611,67104 | -HS- | C] ()
Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2009/05/26 23:33:54 | 00,000,818 | ---- | C] ()
mbamswissarmy.sys -> C:\Windows\System32\drivers\mbamswissarmy.sys -> [2009/05/26 23:33:52 | 00,040,160 | ---- | C] (Malwarebytes Corporation)
mbam.sys -> C:\Windows\System32\drivers\mbam.sys -> [2009/05/26 23:33:50 | 00,019,096 | ---- | C] (Malwarebytes Corporation)
Malwarebytes' Anti-Malware -> C:\Program Files\Malwarebytes' Anti-Malware -> [2009/05/26 23:33:50 | 00,000,000 | ---D | C]
Malwarebytes -> C:\ProgramData\Malwarebytes -> [2009/05/26 23:33:50 | 00,000,000 | ---D | C]
Avenger -> C:\Avenger -> [2009/05/26 23:21:00 | 00,000,000 | ---D | C]
fixwareout -> C:\fixwareout -> [2009/05/25 01:19:13 | 00,000,000 | ---D | C]
0523_1212.EXX -> C:\Users\Caleb\Desktop\0523_1212.EXX -> [2009/05/24 19:08:45 | 00,262,144 | ---- | C] ()
TEMP -> C:\ProgramData\TEMP -> [2009/05/24 12:40:48 | 00,000,000 | ---D | C]
ComboFix.exe -> C:\Users\Caleb\Desktop\ComboFix.exe -> [2009/05/24 12:28:32 | 02,979,632 | ---- | C] ()
Minidump -> C:\Windows\Minidump -> [2009/05/24 12:13:11 | 00,000,000 | ---D | C]
MEMORY.DMP -> C:\Windows\MEMORY.DMP -> [2009/05/24 12:12:58 | 11,697,1910 | ---- | C] ()
0fe33BC.mht -> C:\Windows\System32\0fe33BC.mht -> [2009/05/23 21:19:38 | 02,335,270 | ---- | C] ()
f68D2E8.mht -> C:\Windows\System32\f68D2E8.mht -> [2009/05/23 21:19:13 | 02,335,270 | ---- | C] ()
Pavark -> C:\Users\Caleb\Pavark -> [2009/05/23 21:17:56 | 00,000,000 | ---D | C]
d3d9caps.dat -> C:\Users\Caleb\AppData\Local\d3d9caps.dat -> [2009/05/23 20:55:48 | 00,000,680 | ---- | C] ()
{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job -> C:\Windows\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job -> [2009/05/23 15:12:49 | 00,000,258 | -H-- | C] ()
autorun.inf -> C:\autorun.inf -> [2009/05/23 15:12:41 | 00,000,310 | RHS- | C] ()
RECYCLER -> C:\RECYCLER -> [2009/05/23 15:12:41 | 00,000,000 | ---D | C]
FreeHDplay -> C:\Program Files\FreeHDplay -> [2009/05/23 15:12:18 | 00,000,000 | ---D | C]
Jugaari -> C:\Program Files\Jugaari -> [2009/05/13 01:32:33 | 00,000,000 | ---D | C]
UltraVNC -> C:\Program Files\UltraVNC -> [2009/05/13 01:26:34 | 00,000,000 | ---D | C]
ESET -> C:\Users\Caleb\AppData\Local\ESET -> [2009/05/11 23:24:56 | 00,000,000 | ---D | C]
MobileInstallation.bak -> C:\Users\Caleb\Documents\MobileInstallation.bak -> [2009/05/09 18:11:06 | 00,572,640 | ---- | C] ()
winscp.rnd -> C:\Users\Caleb\AppData\Roaming\winscp.rnd -> [2009/05/09 17:21:13 | 00,000,600 | ---- | C] ()
WinSCP.lnk -> C:\Users\Caleb\Desktop\WinSCP.lnk -> [2009/05/09 17:21:11 | 00,000,728 | ---- | C] ()
WinSCP -> C:\Program Files\WinSCP -> [2009/05/09 17:21:09 | 00,000,000 | ---D | C]
PUTTY.RND -> C:\Users\Caleb\PUTTY.RND -> [2009/05/09 16:57:23 | 00,000,600 | ---- | C] ()
SSHTunnelClient.lnk -> C:\Users\Caleb\Desktop\SSHTunnelClient.lnk -> [2009/05/09 16:48:03 | 00,001,966 | ---- | C] ()
delight software gmbh -> C:\Program Files\delight software gmbh -> [2009/05/09 16:47:48 | 00,000,000 | ---D | C]
pnetmdm.sys -> C:\Windows\System32\drivers\pnetmdm.sys -> [2009/05/09 16:39:50 | 00,009,472 | ---- | C] (June Fabrics Technology)
Temp -> C:\Temp -> [2009/05/09 15:48:42 | 00,000,000 | ---D | C]
PDBootState -> C:\Windows\System32\PDBootState -> [2009/05/09 12:30:06 | 00,000,280 | ---- | C] ()
WORDPAD.INI -> C:\Windows\WORDPAD.INI -> [2009/05/08 01:00:57 | 00,000,510 | ---- | C] ()
Downloads - Shortcut.lnk -> C:\Users\Caleb\Downloads - Shortcut.lnk -> [2009/05/08 00:57:49 | 00,000,393 | ---- | C] ()
ESET -> C:\ProgramData\ESET -> [2009/05/08 00:48:27 | 00,000,000 | ---D | C]
ESET -> C:\Program Files\ESET -> [2009/05/08 00:48:27 | 00,000,000 | ---D | C]
PerfectDisk 10.lnk -> C:\Users\Public\Desktop\PerfectDisk 10.lnk -> [2009/05/08 00:41:36 | 00,002,018 | ---- | C] ()
Raxco -> C:\ProgramData\Raxco -> [2009/05/08 00:41:26 | 00,000,000 | ---D | C]
Raxco -> C:\Program Files\Raxco -> [2009/05/08 00:39:54 | 00,000,000 | ---D | C]
RegCure Program Check.job -> C:\Windows\tasks\RegCure Program Check.job -> [2009/05/06 21:00:45 | 00,000,438 | ---- | C] ()
RegCure.job -> C:\Windows\tasks\RegCure.job -> [2009/05/06 21:00:44 | 00,000,372 | ---- | C] ()
RegCure.lnk -> C:\Users\Public\Desktop\RegCure.lnk -> [2009/05/06 21:00:07 | 00,000,523 | ---- | C] ()
RegCure -> C:\Program Files\RegCure -> [2009/05/06 21:00:07 | 00,000,000 | ---D | C]
QuickPwn-225-2.zip -> C:\Users\Caleb\Desktop\QuickPwn-225-2.zip -> [2009/05/02 19:18:25 | 15,666,711 | R--- | C] ()
unrar.dll -> C:\Windows\System32\unrar.dll -> [2009/03/31 00:48:19 | 00,168,448 | ---- | C] ()
ODBC.INI -> C:\Windows\ODBC.INI -> [2009/03/29 16:02:27 | 00,000,376 | ---- | C] ()
igfxCoIn_v1461.dll -> C:\Windows\System32\igfxCoIn_v1461.dll -> [2009/03/29 14:50:46 | 00,147,456 | ---- | C] ()
lvcoinst.ini -> C:\Windows\System32\lvcoinst.ini -> [2008/07/26 14:42:52 | 00,066,482 | ---- | C] ()
sysprepMCE.dll -> C:\Windows\System32\sysprepMCE.dll -> [2006/11/02 08:35:32 | 00,005,632 | ---- | C] ()
win.ini -> C:\Windows\win.ini -> [2006/11/02 06:23:31 | 00,000,240 | ---- | C] ()
system.ini -> C:\Windows\system.ini -> [2006/11/02 06:23:31 | 00,000,219 | ---- | C] ()
pacerprf.ini -> C:\Windows\System32\pacerprf.ini -> [2006/11/02 03:40:29 | 00,013,750 | ---- | C] ()
rixdicon.dll -> C:\Windows\System32\rixdicon.dll -> [2005/05/06 19:06:00 | 00,016,480 | ---- | C] ()
OUTLPERF.INI -> C:\Windows\System32\OUTLPERF.INI -> [2003/01/07 15:05:08 | 00,002,695 | ---- | C] ()
 
[Files/Folders - Modified Within 30 Days]
179 C:\Users\Caleb\AppData\Local\Temp\*.tmp files -> C:\Users\Caleb\AppData\Local\Temp\*.tmp -> 
NTUSER.DAT -> C:\Users\Caleb\NTUSER.DAT -> [2009/05/27 21:11:22 | 02,359,296 | -HS- | M] ()
7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> [2009/05/27 21:00:42 | 00,003,664 | -H-- | M] ()
7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> [2009/05/27 21:00:42 | 00,003,664 | -H-- | M] ()
{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job -> C:\Windows\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job -> [2009/05/27 21:00:02 | 00,000,258 | -H-- | M] ()
qmgr1.dat -> C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat -> [2009/05/27 17:19:54 | 04,194,304 | ---- | M] ()
qmgr0.dat -> C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat -> [2009/05/27 17:19:54 | 04,194,304 | ---- | M] ()
RegCure Program Check.job -> C:\Windows\tasks\RegCure Program Check.job -> [2009/05/27 17:00:54 | 00,000,438 | ---- | M] ()
SA.DAT -> C:\Windows\tasks\SA.DAT -> [2009/05/27 17:00:42 | 00,000,006 | -H-- | M] ()
bootstat.dat -> C:\Windows\bootstat.dat -> [2009/05/27 17:00:31 | 00,067,584 | --S- | M] ()
hiberfil.sys -> C:\hiberfil.sys -> [2009/05/27 17:00:28 | 10,611,67104 | -HS- | M] ()
NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Caleb\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms -> [2009/05/27 00:31:48 | 00,524,288 | -HS- | M] ()
NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf -> C:\Users\Caleb\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf -> [2009/05/27 00:31:48 | 00,065,536 | -HS- | M] ()
a.dat -> C:\Users\Caleb\AppData\Local\Temp\a.dat -> [2009/05/27 00:31:37 | 00,057,972 | ---- | M] ()
IconCache.db -> C:\Users\Caleb\AppData\Local\IconCache.db -> [2009/05/27 00:31:10 | 02,223,266 | -H-- | M] ()
Alcohol 120%.lnk -> C:\Users\Public\Desktop\Alcohol 120%.lnk -> [2009/05/27 00:19:06 | 00,000,973 | ---- | M] ()
sptd.sys -> C:\Windows\System32\drivers\sptd.sys -> [2009/05/27 00:13:12 | 00,721,904 | ---- | M] ()
PublishedRacMonSWITable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonSWITable.DAT -> [2009/05/27 00:03:45 | 00,096,276 | ---- | M] ()
PublishedRacMonAFLTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonAFLTable.DAT -> [2009/05/27 00:03:45 | 00,009,660 | ---- | M] ()
PublishedRacMonIndex.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonIndex.DAT -> [2009/05/27 00:03:45 | 00,001,416 | ---- | M] ()
PublishedRacMonOSFTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonOSFTable.DAT -> [2009/05/27 00:03:45 | 00,000,552 | ---- | M] ()
PublishedRacMonHFLTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonHFLTable.DAT -> [2009/05/27 00:03:45 | 00,000,000 | ---- | M] ()
PublishedRacMonCLKTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonCLKTable.DAT -> [2009/05/27 00:03:45 | 00,000,000 | ---- | M] ()
rescue.iso -> C:\Users\Caleb\Documents\rescue.iso -> [2009/05/27 00:01:44 | 51,787,776 | ---- | M] ()
Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2009/05/26 23:33:54 | 00,000,818 | ---- | M] ()
mbamswissarmy.sys -> C:\Windows\System32\drivers\mbamswissarmy.sys -> [2009/05/26 13:20:08 | 00,040,160 | ---- | M] (Malwarebytes Corporation)
mbam.sys -> C:\Windows\System32\drivers\mbam.sys -> [2009/05/26 13:19:56 | 00,019,096 | ---- | M] (Malwarebytes Corporation)
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Users\Caleb\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2009/05/24 23:29:42 | 00,022,528 | ---- | M] ()
PerfStringBackup.INI -> C:\Windows\System32\PerfStringBackup.INI -> [2009/05/24 19:12:09 | 00,694,964 | ---- | M] ()
perfh009.dat -> C:\Windows\System32\perfh009.dat -> [2009/05/24 19:12:09 | 00,598,588 | ---- | M] ()
perfc009.dat -> C:\Windows\System32\perfc009.dat -> [2009/05/24 19:12:09 | 00,102,194 | ---- | M] ()
iTunes.lnk -> C:\Users\Public\Desktop\iTunes.lnk -> [2009/05/24 19:09:39 | 00,002,231 | ---- | M] ()
ComboFix.exe -> C:\Users\Caleb\Desktop\ComboFix.exe -> [2009/05/24 12:28:55 | 02,979,632 | ---- | M] ()
MEMORY.DMP -> C:\Windows\MEMORY.DMP -> [2009/05/24 12:13:11 | 11,697,1910 | ---- | M] ()
0523_1212.EXX -> C:\Users\Caleb\Desktop\0523_1212.EXX -> [2009/05/23 22:30:14 | 00,262,144 | ---- | M] ()
0fe33BC.mht -> C:\Windows\System32\0fe33BC.mht -> [2009/05/23 21:19:38 | 02,335,270 | ---- | M] ()
f68D2E8.mht -> C:\Windows\System32\f68D2E8.mht -> [2009/05/23 21:19:14 | 02,335,270 | ---- | M] ()
d3d9caps.dat -> C:\Users\Caleb\AppData\Local\d3d9caps.dat -> [2009/05/23 20:55:48 | 00,000,680 | ---- | M] ()
autorun.inf -> C:\autorun.inf -> [2009/05/23 20:39:51 | 00,000,310 | RHS- | M] ()
Skype.lnk -> C:\Users\Public\Desktop\Skype.lnk -> [2009/05/23 14:30:19 | 00,002,377 | ---- | M] ()
PDBootState -> C:\Windows\System32\PDBootState -> [2009/05/23 12:45:56 | 00,000,280 | ---- | M] ()
RegCure.job -> C:\Windows\tasks\RegCure.job -> [2009/05/17 03:38:28 | 00,000,372 | ---- | M] ()
winscp.rnd -> C:\Users\Caleb\AppData\Roaming\winscp.rnd -> [2009/05/09 18:24:56 | 00,000,600 | ---- | M] ()
PUTTY.RND -> C:\Users\Caleb\PUTTY.RND -> [2009/05/09 17:50:26 | 00,000,600 | ---- | M] ()
WinSCP.lnk -> C:\Users\Caleb\Desktop\WinSCP.lnk -> [2009/05/09 17:21:11 | 00,000,728 | ---- | M] ()
SSHTunnelClient.lnk -> C:\Users\Caleb\Desktop\SSHTunnelClient.lnk -> [2009/05/09 16:48:03 | 00,001,966 | ---- | M] ()
WORDPAD.INI -> C:\Windows\WORDPAD.INI -> [2009/05/08 01:00:57 | 00,000,510 | ---- | M] ()
Downloads - Shortcut.lnk -> C:\Users\Caleb\Downloads - Shortcut.lnk -> [2009/05/08 00:57:49 | 00,000,393 | ---- | M] ()
PerfectDisk 10.lnk -> C:\Users\Public\Desktop\PerfectDisk 10.lnk -> [2009/05/08 00:41:36 | 00,002,018 | ---- | M] ()
mrt.exe -> C:\Windows\System32\mrt.exe -> [2009/05/07 03:16:29 | 24,699,336 | ---- | M] (Microsoft Corporation)
RegCure.lnk -> C:\Users\Public\Desktop\RegCure.lnk -> [2009/05/06 21:00:07 | 00,000,523 | ---- | M] ()
QuickPwn-225-2.zip -> C:\Users\Caleb\Desktop\QuickPwn-225-2.zip -> [2009/05/02 19:18:25 | 15,666,711 | R--- | M] ()
Mcx1.dat -> C:\ProgramData\Microsoft\User Account Pictures\Mcx1.dat -> [2009/04/02 19:20:07 | 00,000,000 | ---- | M] ()
QuickPwn.exe -> C:\Users\Caleb\AppData\Local\Temp\Temp1_QuickPWN-30-beta2.zip\QuickPwn.exe -> [2009/04/01 23:39:30 | 03,442,609 | ---- | M] ()
opa11.dat -> C:\ProgramData\Microsoft\OFFICE\DATA\opa11.dat -> [2009/03/29 16:45:20 | 00,011,102 | ---- | M] ()
qc_a402013b_7656_4f6f_b57f_5a8ef69f5fc4_32.exe -> C:\Users\Caleb\AppData\Local\Temp\qc_a402013b_7656_4f6f_b57f_5a8ef69f5fc4_32.exe -> [2009/03/29 15:58:42 | 24,563,456 | ---- | M] (Logitech, Inc.)
ISSetup.dll -> C:\Users\Caleb\AppData\Local\Temp\{E9B520C3-F1A1-4FBD-9D81-D84018BD5C78}\ISSetup.dll -> [2009/03/29 14:51:06 | 01,834,168 | ---- | M] (Macrovision Corporation)
Caleb.dat -> C:\ProgramData\Microsoft\User Account Pictures\Caleb.dat -> [2009/03/29 14:24:16 | 00,000,000 | ---- | M] ()
ytb.exe -> C:\Users\Caleb\AppData\Local\Temp\ytb.exe -> [2009/03/09 06:26:40 | 00,329,479 | ---- | M] (Yahoo! Inc.)
OCSetupHlp.dll -> C:\Users\Caleb\AppData\Local\Temp\OpenCandy\OCSetupHlp.dll -> [2009/02/03 10:53:14 | 00,344,064 | ---- | M] (OpenCandy, Inc.)
gtapi.dll -> C:\Users\Caleb\AppData\Local\Temp\is-HNKEV.tmp\gtapi.dll -> [2008/10/31 10:41:48 | 00,075,384 | ---- | M] ()
gtapi.dll -> C:\Users\Caleb\AppData\Local\Temp\is-6TORT.tmp\gtapi.dll -> [2008/10/31 10:41:48 | 00,075,384 | ---- | M] ()
videoc.dll -> C:\Users\Caleb\AppData\Local\Temp\QuickCam_11.80.1065\Setup\videoc.dll -> [2008/08/14 20:16:42 | 01,414,416 | ---- | M] ()
Setup.exe -> C:\Users\Caleb\AppData\Local\Temp\QuickCam_11.80.1065\Elevated\Setup.exe -> [2008/08/14 20:16:20 | 00,333,072 | ---- | M] (Logitech Inc.)
Setup.exe -> C:\Users\Caleb\AppData\Local\Temp\QuickCam_11.80.1065\Setup\Setup.exe -> [2008/08/14 20:15:56 | 00,578,832 | ---- | M] ()
UnstLgcy.exe -> C:\Users\Caleb\AppData\Local\Temp\QuickCam_11.80.1065\UnstLgcy.exe -> [2008/08/14 20:14:36 | 00,062,736 | ---- | M] ()
Setup.exe -> C:\Users\Caleb\AppData\Local\Temp\QuickCam_11.80.1065\Setup.exe -> [2008/08/14 20:14:14 | 00,333,072 | ---- | M] (Logitech Inc.)
ProdEnum.exe -> C:\Users\Caleb\AppData\Local\Temp\QuickCam_11.80.1065\Redist\MSI31\ProdEnum.exe -> [2007/02/03 03:53:20 | 00,069,632 | ---- | M] ()
ProdEnum.dat -> C:\Users\Caleb\AppData\Local\Temp\QuickCam_11.80.1065\Redist\MSI31\ProdEnum.dat -> [2007/02/02 20:03:04 | 00,000,746 | ---- | M] ()
WindowsXP-KB916089-v5-x86-ENU.exe -> C:\Users\Caleb\AppData\Local\Temp\QuickCam_11.80.1065\Redist\MSI31\WindowsXP-KB916089-v5-x86-ENU.exe -> [2007/02/01 09:37:46 | 01,241,912 | ---- | M] (Microsoft Corporation)
WindowsInstaller-KB893803-x86.exe -> C:\Users\Caleb\AppData\Local\Temp\QuickCam_11.80.1065\Redist\MSI31\WindowsInstaller-KB893803-x86.exe -> [2006/01/16 17:29:06 | 02,584,848 | ---- | M] (Microsoft Corporation)
msvcr80.dll -> C:\Users\Caleb\AppData\Local\Temp\QuickCam_11.80.1065\Redist\MSI31\msvcr80.dll -> [2005/09/23 03:05:58 | 00,626,688 | ---- | M] (Microsoft Corporation)
DSETUP.dll -> C:\Users\Caleb\AppData\Local\Temp\QuickCam_11.80.1065\Elevated\DSETUP.dll -> [2004/07/09 06:03:10 | 00,062,976 | ---- | M] (Microsoft Corporation)
DSETUP.dll -> C:\Users\Caleb\AppData\Local\Temp\QuickCam_11.80.1065\DSETUP.dll -> [2004/07/09 06:03:10 | 00,062,976 | ---- | M] (Microsoft Corporation)
Msvcrt10.dll -> C:\Users\Caleb\AppData\Local\Temp\_ISTMP2.DIR\_ISTMP0.DIR\FileGrp\Msvcrt10.dll -> [2002/07/17 02:18:42 | 00,210,944 | ---- | M] ()
MSVCP60.DLL -> C:\Users\Caleb\AppData\Local\Temp\_ISTMP2.DIR\_ISTMP0.DIR\FileGrp\MSVCP60.DLL -> [2002/07/17 02:18:40 | 00,401,462 | ---- | M] (Microsoft Corporation)
Famgr.dll -> C:\Users\Caleb\AppData\Local\Temp\_ISTMP2.DIR\_ISTMP0.DIR\Famgr.dll -> [2002/07/17 02:11:46 | 00,217,088 | ---- | M] (Adobe Systems, Inc)
IccTest.dll -> C:\Users\Caleb\AppData\Local\Temp\_ISTMP2.DIR\_ISTMP0.DIR\IccTest.dll -> [2002/07/17 02:11:46 | 00,126,976 | ---- | M] (Adobe Systems, Inc.)
CMapFileInfo.dll -> C:\Users\Caleb\AppData\Local\Temp\_ISTMP2.DIR\_ISTMP0.DIR\CMapFileInfo.dll -> [2002/07/17 02:11:46 | 00,069,632 | ---- | M] (Adobe Systems)
IEVR.DLL -> C:\Users\Caleb\AppData\Local\Temp\_ISTMP2.DIR\_ISTMP0.DIR\IEVR.DLL -> [2002/07/17 02:11:46 | 00,049,152 | ---- | M] ()
Adobeisf.dll -> C:\Users\Caleb\AppData\Local\Temp\_ISTMP2.DIR\_ISTMP0.DIR\Adobeisf.dll -> [2002/07/17 02:11:46 | 00,045,056 | ---- | M] (Adobe Systems, Inc.)
FAMgrRes.dll -> C:\Users\Caleb\AppData\Local\Temp\_ISTMP2.DIR\_ISTMP0.DIR\FAMgrRes.dll -> [2002/07/17 02:11:20 | 00,045,056 | ---- | M] (Adobe Systems)
e9156.DLL -> C:\Users\Caleb\AppData\Local\Temp\_ISTMP2.DIR\_ISTMP0.DIR\e9156.DLL -> [2002/07/17 02:11:20 | 00,040,960 | ---- | M] (Adobe Systems, Inc.)
Asn.er.dll -> C:\Users\Caleb\AppData\Local\Temp\_ISTMP2.DIR\_ISTMP0.DIR\Asn.er.dll -> [2002/07/17 02:05:32 | 00,237,568 | ---- | M] ()
BrwsrPI.dll -> C:\Users\Caleb\AppData\Local\Temp\_ISTMP1.DIR\_ISTMP0.DIR\BrwsrPI.dll -> [2001/08/08 21:22:42 | 00,053,248 | ---- | M] (Adobe Systems, Inc.)
IccTest.dll -> C:\Users\Caleb\AppData\Local\Temp\_ISTMP1.DIR\_ISTMP0.DIR\IccTest.dll -> [2001/08/07 16:48:00 | 00,126,976 | ---- | M] (Adobe Systems, Inc.)
ShFolder.Exe -> C:\Users\Caleb\AppData\Local\Temp\_ISTMP1.DIR\_ISTMP0.DIR\ShFolder.Exe -> [2001/04/16 16:39:02 | 00,117,288 | ---- | M] (Microsoft Corporation)
Permission.dll -> C:\Users\Caleb\AppData\Local\Temp\_ISTMP1.DIR\_ISTMP0.DIR\Permission.dll -> [2001/04/16 16:39:02 | 00,098,304 | ---- | M] ()
IsUninst.Exe -> C:\Users\Caleb\AppData\Local\Temp\_ISTMP2.DIR\_ISTMP0.DIR\IsUninst.Exe -> [1998/10/29 16:45:06 | 00,306,688 | ---- | M] (InstallShield Software Corporation)
e9146.DLL -> C:\Users\Caleb\AppData\Local\Temp\_ISTMP2.DIR\_ISTMP0.DIR\e9146.DLL -> [1998/09/22 19:05:48 | 00,129,536 | ---- | M] (InstallShield Software Corporation)
Ctl3d32.dll -> C:\Users\Caleb\AppData\Local\Temp\_ISTMP2.DIR\_ISTMP0.DIR\Ctl3d32.dll -> [1995/07/13 18:46:26 | 00,027,136 | ---- | M] (Microsoft Corporation)
 
[Alternate Data Streams]
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >

  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP