Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Need Help Removing Win32/Alureon.G [Solved]

Started by K1500 , Mar 31 2010 10:49 AM

  • This topic is locked This topic is locked

#46
K1500
Posted 10 April 2010 - 05:44 PM

K1500

    Member

  • Topic Starter
  • Member
  • PipPip
  • 68 posts
All processes killed
========== OTL ==========
C:\WINDOWS\system32\drivers\vde0odcx.sys moved successfully.
C:\WINDOWS\system32\BOJTEMHCUXKGRSJ moved successfully.
C:\WINDOWS\system32\sysmwwod.dll moved successfully.
C:\WINDOWS\system32\C0EC55B373.sys moved successfully.
C:\WINDOWS\msdfmap32.ini moved successfully.
C:\WINDOWS\system32\aclui32.dll moved successfully.
C:\WINDOWS\system32\ngjcpb9f.dll moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Graham
->Temp folder emptied: 121382446 bytes
->Temporary Internet Files folder emptied: 4867774 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 38328342 bytes
->Flash cache emptied: 1191 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 87026 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: XPS400

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2504910 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 160.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Graham
->Flash cache emptied: 0 bytes

User: Guest
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: XPS400

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.1.37.3 log created on 04102010_181826

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...





SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

Process:
Name: [System Idle Process]
PID: 0
Hidden: No
Window Visible: No

Name: System
PID: 4
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\smss.exe
PID: 912
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\csrss.exe
PID: 968
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\winlogon.exe
PID: 1292
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 1336
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\lsass.exe
PID: 1348
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1540
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1588
Hidden: No
Window Visible: No

Name: C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PID: 1632
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1684
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1776
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\spoolsv.exe
PID: 528
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 628
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PID: 668
Hidden: No
Window Visible: No

Name: C:\Program Files\Bonjour\mDNSResponder.exe
PID: 684
Hidden: No
Window Visible: No

Name: C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PID: 736
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\inetsrv\inetinfo.exe
PID: 752
Hidden: No
Window Visible: No

Name: C:\Program Files\Java\jre6\bin\jqs.exe
PID: 800
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
PID: 872
Hidden: No
Window Visible: No

Name: C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
PID: 940
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\tcpsvcs.exe
PID: 1824
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\snmp.exe
PID: 1876
Hidden: No
Window Visible: No

Name: C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PID: 1912
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\MsPMSPSv.exe
PID: 636
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\searchindexer.exe
PID: 844
Hidden: No
Window Visible: No

Name: C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
PID: 2496
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\alg.exe
PID: 2756
Hidden: No
Window Visible: No

Name: C:\WINDOWS\explorer.exe
PID: 3796
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\ctfmon.exe
PID: 3812
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 2224
Hidden: No
Window Visible: No

Name: C:\WINDOWS\ehome\ehtray.exe
PID: 3084
Hidden: No
Window Visible: No

Name: C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
PID: 3088
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\rundll32.exe
PID: 3204
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PID: 3192
Hidden: No
Window Visible: No

Name: C:\Program Files\Microsoft IntelliPoint\ipoint.exe
PID: 3320
Hidden: No
Window Visible: No

Name: C:\WINDOWS\ehome\ehmsas.exe
PID: 3328
Hidden: No
Window Visible: No

Name: C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
PID: 492
Hidden: No
Window Visible: No

Name: C:\Program Files\Microsoft Security Essentials\msseces.exe
PID: 3348
Hidden: No
Window Visible: No

Name: C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
PID: 3368
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 3184
Hidden: No
Window Visible: No

Name: C:\Program Files\iTunes\iTunesHelper.exe
PID: 3496
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Java\Java Update\jusched.exe
PID: 1396
Hidden: No
Window Visible: No

Name: C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PID: 3548
Hidden: No
Window Visible: No

Name: C:\WINDOWS\ehome\ehSched.exe
PID: 3632
Hidden: No
Window Visible: No

Name: C:\Program Files\PeerBlock\peerblock.exe
PID: 3692
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 3884
Hidden: No
Window Visible: No

Name: C:\Program Files\Digital Line Detect\DLG.exe
PID: 3852
Hidden: No
Window Visible: No

Name: C:\Program Files\Windows Desktop Search\WindowsSearch.exe
PID: 3612
Hidden: No
Window Visible: No

Name: C:\Program Files\iPod\bin\iPodService.exe
PID: 3152
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\dllhost.exe
PID: 2996
Hidden: No
Window Visible: No

Name: C:\Program Files\Mozilla Firefox\firefox.exe
PID: 444
Hidden: No
Window Visible: No

Name: C:\Documents and Settings\Graham\Desktop\Alureon.G\SysProt\SysProt.exe
PID: 1668
Hidden: No
Window Visible: Yes

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \??\C:\Documents and Settings\Graham\Desktop\Alureon.G\SysProt\SysProtDrv.sys
Service Name: SysProtDrv.sys
Module Base: A1B10000
Module End: A1B1B000
Hidden: No

Module Name: \WINDOWS\system32\ntkrnlpa.exe
Service Name: ---
Module Base: 804D7000
Module End: 806E4000
Hidden: No

Module Name: \WINDOWS\system32\hal.dll
Service Name: ---
Module Base: 806E4000
Module End: 80704D00
Hidden: No

Module Name: \WINDOWS\system32\KDCOM.DLL
Service Name: ---
Module Base: BA5A8000
Module End: BA5AA000
Hidden: No

Module Name: \WINDOWS\system32\BOOTVID.dll
Service Name: ---
Module Base: BA4B8000
Module End: BA4BB000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sptd.sys
Service Name: sptd
Module Base: B9EBF000
Module End: B9FA7000
Hidden: No

Module Name: \WINDOWS\System32\Drivers\WMILIB.SYS
Service Name: ---
Module Base: BA5AA000
Module End: BA5AC000
Hidden: No

Module Name: \WINDOWS\System32\Drivers\SCSIPORT.SYS
Service Name: ScsiPort
Module Base: B9EA7000
Module End: B9EBF000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ACPI.sys
Service Name: ACPI
Module Base: B9E79000
Module End: B9EA7000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\pci.sys
Service Name: PCI
Module Base: B9E68000
Module End: B9E79000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\isapnp.sys
Service Name: isapnp
Module Base: BA0A8000
Module End: BA0B2000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\pciide.sys
Service Name: PCIIde
Module Base: BA670000
Module End: BA671000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Service Name: ---
Module Base: BA328000
Module End: BA32F000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\MountMgr.sys
Service Name: MountMgr
Module Base: BA0B8000
Module End: BA0C3000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ftdisk.sys
Service Name: Disk
Module Base: B9E49000
Module End: B9E68000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\dmload.sys
Service Name: dmload
Module Base: BA5AC000
Module End: BA5AE000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\dmio.sys
Service Name: dmio
Module Base: B9E23000
Module End: B9E49000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\PartMgr.sys
Service Name: PartMgr
Module Base: BA330000
Module End: BA335000
Hidden: No





OTL logfile created on: 4/10/2010 6:38:23 PM - Run 5
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Graham\Desktop\Alureon.G
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 79.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.37 Gb Total Space | 12.80 Gb Free Space | 18.44% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 465.76 Gb Total Space | 435.24 Gb Free Space | 93.45% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: XPS400
Current User Name: Graham
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Graham\Desktop\Alureon.G\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe (Raxco Software, Inc.)
PRC - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe (Raxco Software, Inc.)
PRC - C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\snmp.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
PRC - C:\WINDOWS\system32\tcpsvcs.exe (Microsoft Corporation)
PRC - C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
PRC - C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Graham\Desktop\Alureon.G\OTL.exe (OldTimer Tools)


========== Win32 Services (SafeList) ==========

SRV - (WUSB54GCSVC) -- File not found
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (PDAgent) -- C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe (Raxco Software, Inc.)
SRV - (PDEngine) -- C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe (Raxco Software, Inc.)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (SQLWriter) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (SNMP) -- C:\WINDOWS\system32\snmp.exe (Microsoft Corporation)
SRV - (W3SVC) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (SMTPSVC) Simple Mail Transfer Protocol (SMTP) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (MSFtpsvc) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (IISADMIN) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (p2pgasvc) -- C:\WINDOWS\system32\p2pgasvc.dll (Microsoft Corporation)
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (Roxio UPnP Renderer 9) -- C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe (Sonic Solutions)
SRV - (Roxio Upnp Server 9) -- C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe (Sonic Solutions)
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (AOL LLC)
SRV - (IAANTMon) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (SimpTcp) -- C:\WINDOWS\system32\tcpsvcs.exe (Microsoft Corporation)
SRV - (LPDSVC) -- C:\WINDOWS\system32\tcpsvcs.exe (Microsoft Corporation)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\hpzipm12.exe (HP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 64.34.161.90:80

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.startup.homepage: "chrome://speeddial/content/speeddial.xul"
FF - prefs.js..extensions.enabledItems: {DCBD1271-D228-4082-9FBC-36D9B7660B03}:1.1.9.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.6
FF - prefs.js..extensions.enabledItems: [email protected]:0.6.0.26
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.47.4
FF - prefs.js..extensions.enabledItems: bug489729@alice0775:1.3
FF - prefs.js..extensions.enabledItems: {1fe12979-ef26-4a7a-911a-ba0f596362bd}:1.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.83.20100316
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.2
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.9
FF - prefs.js..extensions.enabledItems: [email protected]:2.23b1
FF - prefs.js..extensions.enabledItems: {DB2EA31C-58F5-48b7-8D60-CB0739257904}:0.19
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2c}:0.6.4
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:0.7.1
FF - prefs.js..extensions.enabledItems: TFToolbarX@torrent-finder:1.2.5
FF - prefs.js..extensions.enabledItems: {469CEB59-8266-438b-91D9-82F56D595E15}:1.19
FF - prefs.js..extensions.enabledItems: {29c4afe1-db19-4298-8785-fcc94d1d6c1d}:0.6.2009110501
FF - prefs.js..extensions.enabledItems: {2e6959d0-3be5-11df-9879-0800200c9a66}:1.2.0
FF - prefs.js..extensions.enabledItems: {de5809e0-2b07-11dd-bd0b-0800200c9a66}:1.2.0
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.gopher: ""
FF - prefs.js..network.proxy.backup.gopher_port: 0
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.ftp: "64.90.179.108"
FF - prefs.js..network.proxy.gopher: "64.90.179.108"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "64.90.179.108"
FF - prefs.js..network.proxy.ssl: "64.90.179.108"
FF - prefs.js..network.proxy.type: 4
FF - prefs.js..splitbrowser.search.loadResultsIn: 2


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/02 00:29:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/02 00:29:00 | 000,000,000 | ---D | M]

[2009/03/07 01:04:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Mozilla\Extensions
[2009/03/07 01:04:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Mozilla\Extensions\[email protected]
[2010/04/10 09:17:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions
[2010/01/26 21:35:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{1fe12979-ef26-4a7a-911a-ba0f596362bd}
[2010/03/30 22:43:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d}
[2010/04/07 17:15:25 | 000,000,000 | ---D | M] (Gradient iCool) -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{2e6959d0-3be5-11df-9879-0800200c9a66}
[2010/03/28 20:35:37 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/12/23 00:49:43 | 000,000,000 | ---D | M] (Organize Status Bar) -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2c}
[2009/10/15 07:00:24 | 000,000,000 | ---D | M] (PDF Download) -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2010/01/21 00:34:40 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2010/03/27 12:53:39 | 000,000,000 | ---D | M] (FoxyTunes Skin - OnyxOrbs) -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{469CEB59-8266-438b-91D9-82F56D595E15}
[2010/03/20 10:40:20 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/01/07 04:08:16 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/04/08 18:43:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2009/10/14 04:09:51 | 000,000,000 | ---D | M] (ImageTweak) -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{DB2EA31C-58F5-48b7-8D60-CB0739257904}
[2010/01/27 19:23:36 | 000,000,000 | ---D | M] () -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{DCBD1271-D228-4082-9FBC-36D9B7660B03}
[2010/03/26 16:53:19 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/04/07 17:15:25 | 000,000,000 | ---D | M] (Gradient iCool) -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{de5809e0-2b07-11dd-bd0b-0800200c9a66}
[2010/04/05 22:45:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\[email protected]
[2009/09/13 22:27:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\bug489729@alice0775
[2009/07/01 20:09:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\[email protected]
[2009/07/26 10:21:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\[email protected]
[2008/06/18 12:15:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\[email protected]
[2010/03/23 20:23:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\[email protected]
[2009/12/29 21:20:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\[email protected]
[2008/07/12 12:15:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\[email protected]
[2009/10/28 05:20:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\TFToolbarX@torrent-finder
[2009/11/11 14:06:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\[email protected]
[2009/01/06 00:33:16 | 000,001,447 | ---- | M] () -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\searchplugins\userlogos.xml
[2010/04/10 09:17:53 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/01/01 21:55:03 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2006/10/22 03:01:25 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2008/02/04 18:49:18 | 000,663,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll

O1 HOSTS File: ([2010/04/02 06:27:42 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\DLASHX_W.DLL (Sonic Solutions)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\P17.dll ()
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKCU..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Auto Detect.lnk = C:\Program Files\iConcepts Music Express\MEAutoDetect.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Save with Download Manager... - C:\Program Files\J River\Media Jukebox\DMDownload.htm ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplane...DC_2.1.1.74.cab (Reg Error: Key error.)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} http://aolcc.aol.com...kup/qdiagcc.cab (Reg Error: Key error.)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.updat...b?1187479030750 (MUCatalogWebControl Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} https://scan.safety....lscbase2213.cab (CwlscInstall Object)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1130464946046 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1131080027541 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} http://69.213.66.54/TSWEB/msrdp.cab (Microsoft RDP Client Control (redist))
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} http://www.systemreq...m/sysreqlab.cab (System Requirements Lab Class)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Graham\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Graham\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/19 16:07:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (PDBoot.exe) - C:\WINDOWS\System32\PDBoot.exe (Raxco Software, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 14 Days ==========

[2010/04/06 16:00:09 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/06 16:00:04 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/06 16:00:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/02 07:14:17 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/04/02 06:25:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/04/02 00:12:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2010/04/01 16:44:49 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/04/01 16:43:31 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/04/01 16:43:31 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/04/01 16:43:31 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/04/01 16:43:30 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/04/01 16:43:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/04/01 16:37:31 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/04/01 16:25:40 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/03/31 16:31:06 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Graham\Recent
[2010/03/31 16:15:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Graham\Desktop\Alureon.G
[2010/03/30 22:00:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/03/30 17:36:41 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/03/30 17:36:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/03/30 17:29:07 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/03/28 20:33:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/03/28 20:09:07 | 000,000,000 | ---D | C] -- C:\Program Files\PeerBlock
[2010/01/06 16:51:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\AOL
[2010/01/06 06:52:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2009/10/23 15:11:15 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/10/12 01:05:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2009/10/08 17:17:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\AOL
[2009/07/31 17:01:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/07/07 01:06:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2007/11/25 15:56:10 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[2007/07/13 20:49:33 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2006/12/07 08:00:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AOL

========== Files - Modified Within 14 Days ==========

[2010/04/10 18:21:33 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/10 18:20:45 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/10 18:20:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/10 18:20:38 | 3756,167,168 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/10 18:18:47 | 016,252,928 | -H-- | M] () -- C:\Documents and Settings\Graham\NTUSER.DAT
[2010/04/10 18:18:47 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Graham\ntuser.ini
[2010/04/10 18:03:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/10 17:30:00 | 000,000,392 | -H-- | M] () -- C:\WINDOWS\tasks\{5A946781-7F50-46F7-B9B9-3B43599481E3}_XPS400_Graham.job
[2010/04/09 18:53:21 | 000,001,608 | ---- | M] () -- C:\Documents and Settings\Graham\Desktop\PeerBlock.lnk
[2010/04/06 23:54:04 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/04/06 17:16:04 | 000,108,512 | ---- | M] () -- C:\VETlog.dmp
[2010/04/06 17:15:08 | 000,000,966 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/06 16:00:13 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/03 12:18:08 | 000,037,198 | ---- | M] () -- C:\Documents and Settings\Graham\Application Data\wklnhst.dat
[2010/04/03 12:00:00 | 000,011,128 | ---- | M] () -- F:\My Documents\Relay For Life Addresses.docx
[2010/04/02 09:01:10 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/02 06:28:00 | 000,000,292 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/02 06:27:42 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/04/01 16:45:00 | 000,000,279 | RHS- | M] () -- C:\boot.ini
[2010/04/01 15:11:30 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Graham\peerblock.dmp
[2010/03/31 00:13:35 | 000,335,856 | ---- | M] () -- C:\Documents and Settings\Graham\Desktop\R158601.EXE
[2010/03/30 23:38:19 | 000,050,176 | ---- | M] () -- C:\Documents and Settings\Graham\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/30 18:30:06 | 000,011,024 | ---- | M] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp DSP Effects.dat
[2010/03/30 18:30:01 | 003,494,576 | ---- | M] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2010/03/30 18:30:01 | 000,033,846 | ---- | M] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp DSP Effects.bmp
[2010/03/30 18:29:59 | 000,015,607 | ---- | M] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.dat
[2010/03/30 18:29:26 | 000,033,846 | ---- | M] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.bmp
[2010/03/30 17:33:31 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/03/30 02:28:19 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\Graham\Desktop\CCleaner.lnk
[2010/03/29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/29 15:24:46 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/28 23:10:12 | 000,716,992 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/28 23:10:12 | 000,580,318 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/28 23:10:12 | 000,122,036 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/28 22:54:14 | 000,000,000 | ---- | M] () -- C:\FileOut.Cns
[2010/03/28 22:54:14 | 000,000,000 | ---- | M] () -- C:\FileIn.Cns
[2010/03/28 20:25:02 | 000,000,692 | ---- | M] () -- C:\Documents and Settings\Graham\Desktop\WinRAR.lnk

========== Files Created - No Company Name ==========

[2010/04/09 18:53:21 | 000,001,608 | ---- | C] () -- C:\Documents and Settings\Graham\Desktop\PeerBlock.lnk
[2010/04/06 16:00:13 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/06 16:00:11 | 000,011,128 | ---- | C] () -- F:\My Documents\Relay For Life Addresses.docx
[2010/04/06 06:55:14 | 3756,167,168 | -HS- | C] () -- C:\hiberfil.sys
[2010/04/01 16:45:00 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2010/04/01 16:44:55 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/04/01 16:43:32 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/04/01 16:43:31 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/04/01 16:43:31 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/04/01 16:43:31 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/04/01 15:11:29 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Graham\peerblock.dmp
[2010/03/31 00:13:15 | 000,335,856 | ---- | C] () -- C:\Documents and Settings\Graham\Desktop\R158601.EXE
[2010/03/30 18:30:06 | 000,033,846 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp DSP Effects.bmp
[2010/03/30 18:30:06 | 000,011,024 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp DSP Effects.dat
[2010/03/30 18:29:59 | 000,033,846 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.bmp
[2010/03/30 18:29:59 | 000,015,607 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.dat
[2010/03/30 17:37:56 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/03/30 17:33:31 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/02/06 06:09:29 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/02/06 06:09:29 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/12/23 02:39:50 | 000,000,262 | ---- | C] () -- C:\WINDOWS\w32dasm8.ini
[2009/12/23 00:15:27 | 000,000,576 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\afl.log
[2009/02/15 23:04:48 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Drums
[2009/02/15 23:04:48 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Graham\Application Data\Distortion
[2009/02/15 23:04:48 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLck.DAT
[2009/02/15 23:04:48 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\MIDI Patch Names
[2009/02/15 23:04:33 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\laserjet
[2009/02/15 23:04:33 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Distortion
[2009/02/15 23:04:16 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Dynamic Library
[2009/02/15 23:04:16 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Graham\Application Data\Documentation
[2009/02/15 23:04:16 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Mail
[2009/02/15 22:52:16 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLbx.DAT
[2008/09/19 16:57:34 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/09/19 16:55:10 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/05/31 21:36:50 | 000,001,361 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2007/11/25 15:56:10 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2007/10/01 23:35:57 | 000,000,010 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/08/02 16:55:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\frontpg.ini
[2007/08/02 16:49:52 | 000,007,909 | ---- | C] () -- C:\WINDOWS\System32\ftpctrs.ini
[2007/08/02 16:42:47 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2007/08/02 16:42:46 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2007/08/02 16:41:30 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2007/08/02 16:41:29 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2007/08/02 16:41:27 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2007/05/31 14:43:03 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\Graham\Local Settings\Application Data\.mpid
[2007/05/21 20:45:59 | 000,682,232 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2007/04/24 19:38:05 | 000,000,141 | ---- | C] () -- C:\WINDOWS\mp3wavcon.ini
[2007/04/24 19:37:37 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2007/03/24 04:25:50 | 001,385,984 | ---- | C] () -- C:\WINDOWS\System32\telintf.DLL
[2007/03/05 13:34:28 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2006/12/27 14:19:22 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2006/12/22 21:17:04 | 000,000,045 | ---- | C] () -- C:\WINDOWS\HOTWHEEL.INI
[2006/12/21 15:42:23 | 000,000,058 | ---- | C] () -- C:\WINDOWS\nfsc_patch.ini
[2006/10/19 00:32:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ATIMMC.INI
[2006/09/02 23:26:21 | 000,016,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\P2k.sys
[2006/08/01 11:02:09 | 000,000,067 | ---- | C] () -- C:\WINDOWS\101_ASB.INI
[2006/07/24 12:53:53 | 000,000,344 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2006/07/23 19:18:42 | 000,000,057 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI
[2006/07/23 14:38:02 | 000,000,921 | ---- | C] () -- C:\WINDOWS\disney.ini
[2006/07/07 17:57:06 | 000,073,814 | ---- | C] () -- C:\WINDOWS\System32\cw.dll
[2006/06/11 01:46:03 | 000,000,158 | ---- | C] () -- C:\WINDOWS\TSDataEx.ini
[2006/03/06 22:52:49 | 000,000,639 | ---- | C] () -- C:\WINDOWS\M3JPEG.INI
[2006/01/27 17:09:57 | 000,000,196 | ---- | C] () -- C:\Documents and Settings\Graham\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
[2005/12/30 20:33:51 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2005/12/25 15:49:00 | 000,000,029 | ---- | C] () -- C:\WINDOWS\dmi.ini
[2005/12/03 21:42:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2005/11/27 01:14:31 | 000,000,008 | ---- | C] () -- C:\WINDOWS\sdcomchk.ini
[2005/11/26 18:45:24 | 000,000,090 | ---- | C] () -- C:\WINDOWS\fdmc.ini
[2005/11/13 20:17:52 | 000,000,074 | ---- | C] () -- C:\Documents and Settings\Graham\Local Settings\Application Data\FASTWiz.log
[2005/11/04 19:40:39 | 000,050,176 | ---- | C] () -- C:\Documents and Settings\Graham\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/11/02 22:12:10 | 000,000,088 | ---- | C] () -- C:\WINDOWS\copmn.ini
[2005/11/01 18:22:58 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2005/10/31 22:26:13 | 000,037,198 | ---- | C] () -- C:\Documents and Settings\Graham\Application Data\wklnhst.dat
[2005/10/31 16:51:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2005/10/29 20:44:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2005/10/28 15:38:29 | 000,005,663 | ---- | C] () -- C:\WINDOWS\System32\LudaP17.ini
[2005/10/28 15:35:30 | 000,000,075 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2005/10/27 23:27:28 | 000,003,558 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2005/10/27 23:27:28 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\73B355ECC0.sys
[2005/10/27 21:40:14 | 000,000,101 | ---- | C] () -- C:\WINDOWS\upst.ini
[2005/10/27 21:40:14 | 000,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2005/10/27 20:43:12 | 000,004,304 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/10/27 20:16:09 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Graham\Local Settings\Application Data\fusioncache.dat
[2005/10/26 14:18:26 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/10/26 14:07:11 | 000,003,091 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/10/26 14:04:03 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/10/26 14:01:28 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2005/10/26 14:01:11 | 000,000,072 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2005/10/26 13:36:14 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[2005/10/26 13:35:30 | 000,000,387 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/08/05 15:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/05/04 20:59:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/12/19 08:29:40 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004/12/19 08:17:10 | 000,614,400 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2004/11/30 04:10:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\besched.dll
[2004/08/19 16:20:39 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/10/02 01:00:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2003/10/02 01:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
[2002/10/06 13:42:56 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002/10/04 18:04:24 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2002/10/04 18:04:24 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002/10/04 18:04:16 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2002/05/15 18:38:40 | 000,091,136 | ---- | C] () -- C:\WINDOWS\System32\mp4fil32.dll
[2002/04/19 09:23:26 | 000,106,137 | ---- | C] () -- C:\WINDOWS\System32\libpostproc.dll
[1996/04/03 14:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2009/10/25 02:14:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2006/06/30 23:12:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avanquest Software
[2006/06/30 23:27:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2009/02/15 23:04:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2009/09/03 00:36:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2009/10/08 17:15:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/03/12 16:45:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/03/30 17:37:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/10 00:27:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/06 16:15:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2006/11/14 00:32:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Aim
[2005/12/03 00:35:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Allume Systems
[2007/11/13 03:54:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Amazon
[2010/03/30 18:32:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\BitTorrent
[2005/12/20 18:45:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Common Files
[2009/02/01 04:26:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\DNA
[2007/11/14 20:15:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Earthsim
[2010/02/06 06:09:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\GetRightToGo
[2010/02/06 03:18:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\HandBrake
[2009/11/18 19:08:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\iTSfv
[2009/04/01 17:55:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Kontiki
[2005/10/27 23:25:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Leadertech
[2010/01/17 04:49:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\LEGO Company
[2009/02/16 22:20:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\MCMPEGEnc
[2009/02/16 05:59:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\MPEG Streamclip
[2006/05/01 22:51:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\NetMedia Providers
[2009/02/15 23:06:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Nikon
[2009/04/01 17:37:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\OfficeUpdate12
[2005/12/10 01:04:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Opera
[2006/05/01 22:51:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Publish Providers
[2006/08/08 17:44:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Sereniti
[2007/11/19 19:25:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Subversion
[2009/10/15 17:22:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\SystemRequirementsLab
[2009/04/07 18:18:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Viewpoint
[2009/10/23 14:56:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Windows Desktop Search
[2009/10/25 03:37:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Windows Search
[2010/04/10 17:30:00 | 000,000,392 | -H-- | M] () -- C:\WINDOWS\Tasks\{5A946781-7F50-46F7-B9B9-3B43599481E3}_XPS400_Graham.job

========== Purity Check ==========


< End of report >

Module Name: C:\WINDOWS\system32\drivers\sfsync02.sys
Service Name: sfsync02
Module Base: BA0C8000
Module End: BA0D1000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sfsync03.sys
Service Name: sfsync03
Module Base: BA0D8000
Module End: BA0E6000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\VolSnap.sys
Service Name: VolSnap
Module Base: BA0E8000
Module End: BA0F5000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\atapi.sys
Service Name: atapi
Module Base: B9E0B000
Module End: B9E23000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\iastor.sys
Service Name: iastor
Module Base: B9D36000
Module End: B9E0B000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\disk.sys
Service Name: ---
Module Base: BA0F8000
Module End: BA101000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Service Name: ---
Module Base: BA108000
Module End: BA115000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\fltmgr.sys
Service Name: FltMgr
Module Base: B9D16000
Module End: B9D36000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sr.sys
Service Name: sr
Module Base: B9D04000
Module End: B9D16000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\DRVMCDB.SYS
Service Name: drvmcdb
Module Base: B9CEE000
Module End: B9D04000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\PxHelp20.sys
Service Name: PxHelp20
Module Base: BA118000
Module End: BA122000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\KSecDD.sys
Service Name: KSecDD
Module Base: B9CD7000
Module End: B9CEE000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\Ntfs.sys
Service Name: Ntfs
Module Base: B9C4A000
Module End: B9CD7000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\NDIS.sys
Service Name: NDIS
Module Base: B9C1D000
Module End: B9C4A000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\timntr.sys
Service Name: timounter
Module Base: B9BB2000
Module End: B9C1D000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\tdrpman.sys
Service Name: tdrpman
Module Base: B9B59000
Module End: B9BB2000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\snapman.sys
Service Name: snapman
Module Base: B9B3A000
Module End: B9B59000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sfvfs02.sys
Service Name: sfvfs02
Module Base: B9B26000
Module End: B9B3A000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sfhlp02.sys
Service Name: sfhlp02
Module Base: BA338000
Module End: BA340000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sfdrv01.sys
Service Name: sfdrv01
Module Base: B9B14000
Module End: B9B26000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\Mup.sys
Service Name: Mup
Module Base: B9AFA000
Module End: B9B14000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\tunmp.sys
Service Name: tunmp
Module Base: B9A09000
Module End: B9A0C000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\intelppm.sys
Service Name: intelppm
Module Base: BA1B8000
Module End: BA1C1000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
Service Name: ati2mtag
Module Base: B8086000
Module End: B833F000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Service Name: ---
Module Base: B8072000
Module End: B8086000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\e1e5132.sys
Service Name: e1express
Module Base: B8045000
Module End: B8072000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Service Name: usbuhci
Module Base: BA388000
Module End: BA38E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Service Name: ---
Module Base: B8021000
Module End: B8045000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Service Name: usbehci
Module Base: BA390000
Module End: BA398000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\P17.sys
Service Name: P17
Module Base: B7ECA000
Module End: B8021000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\portcls.sys
Service Name: ---
Module Base: B7EA6000
Module End: B7ECA000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\drmk.sys
Service Name: ---
Module Base: BA1C8000
Module End: BA1D7000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ks.sys
Service Name: ---
Module Base: B7E83000
Module End: B7EA6000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
Service Name: ossrv
Module Base: B7E53000
Module End: B7E83000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
Service Name: ctsfm2k
Module Base: B7E2D000
Module End: B7E53000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
Service Name: HSFHWBS2
Module Base: B7DF9000
Module End: B7E2D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
Service Name: HSF_DP
Module Base: B7CFA000
Module End: B7DF9000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
Service Name: winachsf
Module Base: B7C53000
Module End: B7CFA000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Modem.SYS
Service Name: Modem
Module Base: BA398000
Module End: BA3A0000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\AFS2K.SYS
Service Name: AFS2K
Module Base: B8704000
Module End: B870D000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\DLACDBHM.SYS
Service Name: DLACDBHM
Module Base: BA60E000
Module End: BA610000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Service Name: Cdrom
Module Base: B86F4000
Module End: B8704000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\redbook.sys
Service Name: redbook
Module Base: B86E4000
Module End: B86F3000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys
Service Name: GEARAspiWDM
Module Base: BA3A8000
Module End: BA3AE000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\imapi.sys
Service Name: Imapi
Module Base: B86D4000
Module End: B86DF000
Hidden: No

Module Name: \SystemRoot\System32\Drivers\aa7u5z3r.SYS
Service Name: ---
Module Base: B7BED000
Module End: B7C53000
Hidden: Yes

Module Name: C:\WINDOWS\system32\DRIVERS\audstub.sys
Service Name: audstub
Module Base: BA7D4000
Module End: BA7D5000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Service Name: Rasl2tp
Module Base: B86C4000
Module End: B86D1000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Service Name: NdisTapi
Module Base: B99C9000
Module End: B99CC000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Service Name: NdisWan
Module Base: B7BD6000
Module End: B7BED000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Service Name: RasPppoe
Module Base: B86B4000
Module End: B86BF000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Service Name: PptpMiniport
Module Base: B86A4000
Module End: B86B0000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Service Name: ---
Module Base: BA408000
Module End: BA40D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\psched.sys
Service Name: PSched
Module Base: B7BC5000
Module End: B7BD6000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Service Name: Gpc
Module Base: B8694000
Module End: B869D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Service Name: Ptilink
Module Base: BA410000
Module End: BA415000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspti.sys
Service Name: Raspti
Module Base: BA418000
Module End: BA41D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\wanatw4.sys
Service Name: wanatw
Module Base: BA420000
Module End: BA426000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rdpdr.sys
Service Name: rdpdr
Module Base: B7B95000
Module End: B7BC5000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\termdd.sys
Service Name: TermDD
Module Base: B8684000
Module End: B868E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Service Name: Kbdclass
Module Base: BA428000
Module End: BA42E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Service Name: Mouclass
Module Base: BA430000
Module End: BA436000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\swenum.sys
Service Name: swenum
Module Base: BA614000
Module End: BA616000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\update.sys
Service Name: Update
Module Base: B7B37000
Module End: B7B95000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Service Name: mssmbios
Module Base: B99B1000
Module End: B99B5000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Service Name: NDProxy
Module Base: B8674000
Module End: B867E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Service Name: usbhub
Module Base: B839F000
Module End: B83AE000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Service Name: ---
Module Base: BA616000
Module End: BA618000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\MODEMCSA.sys
Service Name: MODEMCSA
Module Base: B8E6A000
Module End: B8E6E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\flpydisk.sys
Service Name: Flpydisk
Module Base: ACC14000
Module End: ACC19000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\i2omgmt.SYS
Service Name: i2omgmt
Module Base: B7B13000
Module End: B7B16000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\MpFilter.sys
Service Name: MpFilter
Module Base: AB6A9000
Module End: AB6CC000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\hidusb.sys
Service Name: HidUsb
Module Base: AEE45000
Module End: AEE48000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
Service Name: ---
Module Base: AC911000
Module End: AC91A000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Service Name: ---
Module Base: ACC0C000
Module End: ACC13000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Service Name: Fs_Rec
Module Base: BA608000
Module End: BA60A000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Null.SYS
Service Name: Null
Module Base: BA7AE000
Module End: BA7AF000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Beep.SYS
Service Name: Beep
Module Base: BA610000
Module End: BA612000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\DLARTL_N.SYS
Service Name: DLARTL_N
Module Base: ACBFC000
Module End: ACC02000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbccgp.sys
Service Name: usbccgp
Module Base: AC861000
Module End: AC869000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\vga.sys
Service Name: VgaSave
Module Base: AC859000
Module End: AC85F000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Service Name: mnmdd
Module Base: BA612000
Module End: BA614000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Service Name: RDPCDD
Module Base: BA618000
Module End: BA61A000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Msfs.SYS
Service Name: Msfs
Module Base: AC851000
Module End: AC856000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Npfs.SYS
Service Name: Npfs
Module Base: AC849000
Module End: AC851000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Service Name: RasAcd
Module Base: AEE39000
Module End: AEE3C000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Service Name: IPSec
Module Base: AB676000
Module End: AB689000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Service Name: Tcpip
Module Base: AB61D000
Module End: AB676000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\netbt.sys
Service Name: NetBT
Module Base: AB5F5000
Module End: AB61D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Service Name: IpNat
Module Base: AB5CF000
Module End: AB5F5000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\tcpip6.sys
Service Name: Tcpip6
Module Base: AB597000
Module End: AB5CF000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\afd.sys
Service Name: AFD
Module Base: AB575000
Module End: AB597000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\netbios.sys
Service Name: NetBIOS
Module Base: AC8F1000
Module End: AC8FA000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Service Name: Rdbss
Module Base: AB54A000
Module End: AB575000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Service Name: MRxSmb
Module Base: AB4DA000
Module End: AB54A000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fips.SYS
Service Name: Fips
Module Base: AC8D1000
Module End: AC8DC000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ip6fw.sys
Service Name: Ip6Fw
Module Base: AC8C1000
Module End: AC8CA000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Service Name: Wanarp
Module Base: AC8B1000
Module End: AC8BA000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\xusb21.sys
Service Name: xusb21
Module Base: A7F61000
Module End: A7F6F000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS
Service Name: ---
Module Base: A771A000
Module End: A7727000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
Service Name: Wdf01000
Module Base: A5B62000
Module End: A5BDE000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\Dxapi.sys
Service Name: ---
Module Base: A6CEC000
Module End: A6CEF000
Hidden: No

Module Name: C:\WINDOWS\System32\watchdog.sys
Service Name: ---
Module Base: A5BFE000
Module End: A5C03000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\dxgthk.sys
Service Name: ---
Module Base: ABC8F000
Module End: ABC90000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rt73.sys
Service Name: RT73
Module Base: A547B000
Module End: A54B7000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\usbaapl.sys
Service Name: USBAAPL
Module Base: AC8A1000
Module End: AC8AF000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mouhid.sys
Service Name: mouhid
Module Base: A6CD0000
Module End: A6CD3000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\point32.sys
Service Name: Point32
Module Base: AC4FF000
Module End: AC505000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\kbdhid.sys
Service Name: kbdhid
Module Base: AC58D000
Module End: AC591000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\DRVNDDM.SYS
Service Name: drvnddm
Module Base: B834F000
Module End: B8359000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
Service Name: tifsfilter
Module Base: B833F000
Module End: B8349000
Hidden: No

Module Name: C:\WINDOWS\System32\DLA\DLADResN.SYS
Service Name: DLADResN
Module Base: BA685000
Module End: BA686000
Hidden: No

Module Name: C:\WINDOWS\System32\DLA\DLAIFS_M.SYS
Service Name: DLAIFS_M
Module Base: A3265000
Module End: A327B000
Hidden: No

Module Name: C:\WINDOWS\System32\DLA\DLAOPIOM.SYS
Service Name: DLAOPIOM
Module Base: A9DB4000
Module End: A9DB8000
Hidden: No

Module Name: C:\WINDOWS\System32\DLA\DLAPoolM.SYS
Service Name: DLAPoolM
Module Base: BA604000
Module End: BA606000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\DefragFS.SYS
Service Name: DefragFS
Module Base: A3240000
Module End: A3265000
Hidden: No

Module Name: C:\WINDOWS\System32\DLA\DLABOIOM.SYS
Service Name: DLABOIOM
Module Base: BA4B0000
Module End: BA4B7000
Hidden: No

Module Name: C:\WINDOWS\System32\DLA\DLAUDFAM.SYS
Service Name: DLAUDFAM
Module Base: A3228000
Module End: A3240000
Hidden: No

Module Name: C:\WINDOWS\System32\DLA\DLAUDF_M.SYS
Service Name: DLAUDF_M
Module Base: A3212000
Module End: A3228000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\AegisP.sys
Service Name: AegisP
Module Base: A7A38000
Module End: A7A3D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Service Name: Ndisuio
Module Base: A8BBA000
Module End: A8BBE000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Service Name: MRxDAV
Module Base: A3195000
Module End: A31C2000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\adfs.SYS
Service Name: adfs
Module Base: A315C000
Module End: A316D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
Service Name: dsunidrv
Module Base: BA624000
Module End: BA626000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
Service Name: mdmxsdk
Module Base: A3150000
Module End: A3153000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Service Name: Cdfs
Module Base: A9154000
Module End: A9164000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\srv.sys
Service Name: Srv
Module Base: A3065000
Module End: A30BC000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\secdrv.sys
Service Name: Secdrv
Module Base: AD118000
Module End: AD122000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fastfat.SYS
Service Name: Fastfat
Module Base: A2EB1000
Module End: A2ED5000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\TDTCP.SYS
Service Name: TDTCP
Module Base: A5C06000
Module End: A5C0C000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\RDPWD.SYS
Service Name: RDPWD
Module Base: A2D26000
Module End: A2D49000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\wdmaud.sys
Service Name: wdmaud
Module Base: A2B97000
Module End: A2BAC000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sysaudio.sys
Service Name: sysaudio
Module Base: A2BAC000
Module End: A2BBB000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\HTTP.sys
Service Name: HTTP
Module Base: A28A8000
Module End: A28E9000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
Service Name: IpFilterDriver
Module Base: A2708000
Module End: A2711000
Hidden: No

Module Name: \??\C:\Program Files\PeerBlock\pbfilter.sys
Service Name: pbfilter
Module Base: BA458000
Module End: BA45F000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\kmixer.sys
Service Name: kmixer
Module Base: A19FD000
Module End: A1A28000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\fdc.sys
Service Name: Fdc
Module Base: BA3A0000
Module End: BA3A7000
Hidden: No

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwCreateKey
Address: B9EC00D0
Driver Base: B9EBF000
Driver End: B9FA7000
Driver Name: sptd.sys

Function Name: ZwEnumerateKey
Address: B9EC5E2C
Driver Base: B9EBF000
Driver End: B9FA7000
Driver Name: sptd.sys

Function Name: ZwEnumerateValueKey
Address: B9EC61BA
Driver Base: B9EBF000
Driver End: B9FA7000
Driver Name: sptd.sys

Function Name: ZwOpenKey
Address: B9EC00B0
Driver Base: B9EBF000
Driver End: B9FA7000
Driver Name: sptd.sys

Function Name: ZwQueryKey
Address: B9EC6292
Driver Base: B9EBF000
Driver End: B9FA7000
Driver Name: sptd.sys

Function Name: ZwQueryValueKey
Address: B9EC6112
Driver Base: B9EBF000
Driver End: B9FA7000
Driver Name: sptd.sys

Function Name: ZwSetValueKey
Address: B9EC6324
Driver Base: B9EBF000
Driver End: B9FA7000
Driver Name: sptd.sys

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
IRP Hooks:
Hooked Module: \SystemRoot\System32\Drivers\aa7u5z3r.SYS
Hooked IRP: IRP_MJ_CREATE
Jump To: 8AE567A0
Hooking Module: _unknown_

Hooked Module: \SystemRoot\System32\Drivers\aa7u5z3r.SYS
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8AE567A0
Hooking Module: _unknown_

Hooked Module: \SystemRoot\System32\Drivers\aa7u5z3r.SYS
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8AE567A0
Hooking Module: _unknown_

Hooked Module: \SystemRoot\System32\Drivers\aa7u5z3r.SYS
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8AE567A0
Hooking Module: _unknown_

Hooked Module: \SystemRoot\System32\Drivers\aa7u5z3r.SYS
Hooked IRP: IRP_MJ_POWER
Jump To: 8AE567A0
Hooking Module: _unknown_

Hooked Module: \SystemRoot\System32\Drivers\aa7u5z3r.SYS
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8AE567A0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\atapi.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: BA0D995C
Hooking Module: C:\WINDOWS\system32\drivers\sfsync03.sys

Hooked Module: C:\WINDOWS\system32\drivers\dmio.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8B90B1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\dmio.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8B90B1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\dmio.sys
Hooked IRP: IRP_MJ_READ
Jump To: 8B90B1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\dmio.sys
Hooked IRP: IRP_MJ_WRITE
Jump To: 8B90B1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\dmio.sys
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: 8B90B1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\dmio.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8B90B1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\dmio.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8B90B1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\dmio.sys
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: 8B90B1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\dmio.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8B90B1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\dmio.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8B90B1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8AEC17A0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8AEC17A0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8AEC17A0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8AEC17A0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8AEC17A0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8AEC17A0
Hooking Module: _unknown_

Hooked Module: \Driver\PCI_NTPNP0476
Hooked IRP: IRP_MJ_CREATE
Jump To: B9EF5AD2
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP0476
Hooked IRP: IRP_MJ_CREATE_NAMED_PIPE
Jump To: B9EF5AD2
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP0476
Hooked IRP: IRP_MJ_CLOSE
Jump To: B9EF5AD2
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP0476
Hooked IRP: IRP_MJ_READ
Jump To: B9EF5AD2
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP0476
Hooked IRP: IRP_MJ_WRITE
Jump To: B9EF5AD2
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP0476
Hooked IRP: IRP_MJ_QUERY_INFORMATION
Jump To: B9EF5AD2
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP0476
Hooked IRP: IRP_MJ_SET_INFORMATION
Jump To: B9EF5AD2
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP0476
Hooked IRP: IRP_MJ_QUERY_EA
Jump To: B9EF5AD2
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP0476
Hooked IRP: IRP_MJ_SET_EA
Jump To: B9EF5AD2
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP0476
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: B9EF5AD2
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP0476
Hooked IRP: IRP_MJ_QUERY_VOLUME_INFORMATION
Jump To: B9EF5AD2
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP0476
Hooked IRP: IRP_MJ_SET_VOLUME_INFORMATION
Jump To: B9EF5AD2
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP0476
Hooked IRP: IRP_MJ_DIRECTORY_CONTROL
Jump To: B9EF5AD2
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP0476
Hooked IRP: IRP_MJ_FILE_SYSTEM_CONTROL
Jump To: B9EF5AD2
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP0476
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: B9EF5AD2
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP0476
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: B9EF5AD2
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP0476
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: B9EF5AD2
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP0476
Hooked IRP: IRP_MJ_LOCK_CONTROL
Jump To: B9EF5AD2
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP0476
Hooked IRP: IRP_MJ_CLEANUP
Jump To: B9EF5AD2
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP0476
Hooked IRP: IRP_MJ_CREATE_MAILSLOT
Jump To: B9EF5AD2
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP0476
Hooked IRP: IRP_MJ_QUERY_SECURITY
Jump To: B9EF5AD2
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP0476
Hooked IRP: IRP_MJ_SET_SECURITY
Jump To: B9EF5AD2
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP0476
Hooked IRP: IRP_MJ_POWER
Jump To: B9ECF712
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP0476
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: B9EF22C8
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP0476
Hooked IRP: IRP_MJ_DEVICE_CHANGE
Jump To: B9EF5AD2
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP0476
Hooked IRP: IRP_MJ_QUERY_QUOTA
Jump To: B9EF5AD2
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP0476
Hooked IRP: IRP_MJ_SET_QUOTA
Jump To: B9EF5AD2
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: C:\WINDOWS\system32\drivers\iastor.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8B90A1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\iastor.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8B90A1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\iastor.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8B90A1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\iastor.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: BA0D995C
Hooking Module: C:\WINDOWS\system32\drivers\sfsync03.sys

Hooked Module: C:\WINDOWS\system32\drivers\iastor.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8B90A1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\iastor.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8B90A1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8B97E1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_READ
Jump To: 8B97E1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_WRITE
Jump To: 8B97E1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: 8B97E1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8B97E1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8B97E1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: 8B97E1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_CLEANUP
Jump To: 8B97E1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8B97E1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8B97E1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8A3E1278
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8A3E1278
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8A3E1278
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8A3E1278
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_CLEANUP
Jump To: 8A3E1278
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8AE4A7A0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8AE4A7A0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_READ
Jump To: 8AE4A7A0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_WRITE
Jump To: 8AE4A7A0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: 8AE4A7A0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8AE4A7A0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8AE4A7A0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: 8AE4A7A0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8AE4A7A0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8AE4A7A0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8AE667A0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8AE667A0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8AE667A0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8AE667A0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8AE667A0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8AE667A0
Hooking Module: _unknown_

******************************************************************************************
******************************************************************************************
Ports:
Local Address: XPS400:57014
Remote Address: 192.168.1.1:2869
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: CLOSING

Local Address: XPS400:2869
Remote Address: 192.168.1.1:2732
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: CLOSE_WAIT

Local Address: XPS400:1186
Remote Address: TRANSLATOR.LIVE.COM:HTTP
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: XPS400:1185
Remote Address: GEEK15.GEEKSTOGO.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: XPS400:1184
Remote Address: GEEK15.GEEKSTOGO.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: XPS400:1183
Remote Address: GEEK15.GEEKSTOGO.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: XPS400:1179
Remote Address: GEEK15.GEEKSTOGO.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: XPS400:1178
Remote Address: GEEK15.GEEKSTOGO.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: XPS400:1177
Remote Address: GEEK15.GEEKSTOGO.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: XPS400:1175
Remote Address: GEEK15.GEEKSTOGO.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: XPS400:1171
Remote Address: GEEK15.GEEKSTOGO.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: XPS400:1170
Remote Address: GEEK15.GEEKSTOGO.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: XPS400:1169
Remote Address: GEEK15.GEEKSTOGO.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: XPS400:1168
Remote Address: GEEK15.GEEKSTOGO.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: XPS400:1167
Remote Address: GEEK15.GEEKSTOGO.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: XPS400:1163
Remote Address: 8.12.43.252:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: XPS400:1162
Remote Address: A96-6-123-72.DEPLOY.AKAMAITECHNOLOGIES.COM:HTTP
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: XPS400:1158
Remote Address: A72-246-30-88.DEPLOY.AKAMAITECHNOLOGIES.COM:HTTP
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: XPS400:1157
Remote Address: GX-IN-F102.1E100.NET:HTTP
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: XPS400:1156
Remote Address: GEEK15.GEEKSTOGO.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: XPS400:1155
Remote Address: GEEK15.GEEKSTOGO.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: XPS400:1154
Remote Address: GEEK15.GEEKSTOGO.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: XPS400:1153
Remote Address: GEEK15.GEEKSTOGO.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: XPS400:1152
Remote Address: GEEK15.GEEKSTOGO.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: XPS400:1151
Remote Address: XML.WEATHER.COM:HTTP
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: XPS400:1150
Remote Address: GX-IN-F101.1E100.NET:HTTP
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: XPS400:1149
Remote Address: GEEK15.GEEKSTOGO.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: XPS400:1148
Remote Address: GW-IN-F99.1E100.NET:HTTP
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: XPS400:1147
Remote Address: X.IMWX.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: XPS400:1146
Remote Address: XML.WEATHER.COM:HTTP
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: XPS400:1144
Remote Address: GEEK15.GEEKSTOGO.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: XPS400:1143
Remote Address: GEEK15.GEEKSTOGO.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: XPS400:1128
Remote Address: R0.ORTHO.TILES.VIRTUALEARTH.NET:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: XPS400:1127
Remote Address: R2.ORTHO.TILES.VIRTUALEARTH.NET:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: XPS400:1126
Remote Address: R2.ORTHO.TILES.VIRTUALEARTH.NET:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: XPS400:1125
Remote Address: T1.TILES.VIRTUALEARTH.NET:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: XPS400:1124
Remote Address: T1.TILES.VIRTUALEARTH.NET:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: XPS400:1123
Remote Address: T3.TILES.VIRTUALEARTH.NET:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: XPS400:1122
Remote Address: T3.TILES.VIRTUALEARTH.NET:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: XPS400:1121
Remote Address: T3.TILES.VIRTUALEARTH.NET:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: XPS400:1120
Remote Address: T3.TILES.VIRTUALEARTH.NET:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: XPS400:1081
Remote Address: XML.WEATHER.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: XPS400:1077
Remote Address: GW-IN-F99.1E100.NET:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: XPS400:1075
Remote Address: XML.WEATHER.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: XPS400:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: XPS400:27015
Remote Address: LOCALHOST:1063
Type: TCP
Process: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
State: ESTABLISHED

Local Address: XPS400:27015
Remote Address: LOCALHOST:1061
Type: TCP
Process: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
State: ESTABLISHED

Local Address: XPS400:27015
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
State: LISTENING

Local Address: XPS400:5354
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: LISTENING

Local Address: XPS400:5152
Remote Address: LOCALHOST:1140
Type: TCP
Process: C:\Program Files\Java\jre6\bin\jqs.exe
State: CLOSE_WAIT

Local Address: XPS400:5152
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Java\jre6\bin\jqs.exe
State: LISTENING

Local Address: XPS400:1142
Remote Address: LOCALHOST:1141
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: XPS400:1141
Remote Address: LOCALHOST:1142
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: XPS400:1140
Remote Address: LOCALHOST:5152
Type: TCP
Process: 1624 (PID)
State: FIN_WAIT2

Local Address: XPS400:1139
Remote Address: LOCALHOST:1138
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: XPS400:1138
Remote Address: LOCALHOST:1139
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: XPS400:1067
Remote Address: LOCALHOST:5152
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: XPS400:1063
Remote Address: LOCALHOST:27015
Type: TCP
Process: C:\Program Files\iTunes\iTunesHelper.exe
State: ESTABLISHED

Local Address: XPS400:1061
Remote Address: LOCALHOST:27015
Type: TCP
Process: C:\Program Files\iTunes\iTunesHelper.exe
State: ESTABLISHED

Local Address: XPS400:1028
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\alg.exe
State: LISTENING

Local Address: XPS400:3389
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: LISTENING

Local Address: XPS400:2869
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: LISTENING

Local Address: XPS400:1026
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\inetsrv\inetinfo.exe
State: LISTENING

Local Address: XPS400:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: XPS400:HTTPS
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\inetsrv\inetinfo.exe
State: LISTENING

Local Address: XPS400:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: LISTENING

Local Address: XPS400:HTTP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\inetsrv\inetinfo.exe
State: LISTENING

Local Address: XPS400:SMTP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\inetsrv\inetinfo.exe
State: LISTENING

Local Address: XPS400:FTP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\inetsrv\inetinfo.exe
State: LISTENING

Local Address: XPS400:CHARGEN
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\tcpsvcs.exe
State: LISTENING

Local Address: XPS400:QOTD
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\tcpsvcs.exe
State: LISTENING

Local Address: XPS400:DAYTIME
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\tcpsvcs.exe
State: LISTENING

Local Address: XPS400:DISCARD
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\tcpsvcs.exe
State: LISTENING

Local Address: XPS400:ECHO
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\tcpsvcs.exe
State: LISTENING

Local Address: XPS400:26130
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: XPS400:5353
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: XPS400:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: XPS400:1029
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: XPS400:138
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: XPS400:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: XPS400:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: XPS400:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: XPS400:1058
Remote Address: NA
Type: UDP
Process: C:\Program Files\DivX\DivX Update\DivXUpdate.exe
State: NA

Local Address: XPS400:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: XPS400:4500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA

Local Address: XPS400:3544
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: XPS400:3456
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\inetsrv\inetinfo.exe
State: NA

Local Address: XPS400:1030
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: XPS400:1025
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: XPS400:500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA

Local Address: XPS400:MICROSOFT-DS
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: XPS400:161
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\snmp.exe
State: NA

Local Address: XPS400:CHARGEN
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\tcpsvcs.exe
State: NA

Local Address: XPS400:QOTD
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\tcpsvcs.exe
State: NA

Local Address: XPS400:DAYTIME
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\tcpsvcs.exe
State: NA

Local Address: XPS400:DISCARD
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\tcpsvcs.exe
State: NA

Local Address: XPS400:ECHO
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\tcpsvcs.exe
State: NA

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: F:\System Volume Information\MountPointManagerRemoteDatabase
Status: Access denied

Object: F:\System Volume Information\tracking.log
Status: Access denied

Object: F:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}
Status: Access denied

Object: C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\AP21F974FA.exe
Status: Access denied

Object: C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\AP3965CAF3.exe
Status: Access denied

Object: C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\AP46951BC6.dll
Status: Access denied

Object: C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\AP5B7D7B31.dll
Status: Access denied

Object: C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\AP64FF6323.dll
Status: Access denied

Object: C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\AP80C3B217.dll
Status: Access denied

Object: C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APAD39A243.dll
Status: Access denied

Object: C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APB4D04087.dll
Status: Access denied

Object: C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APC8DFB6F1.dll
Status: Access denied
  • 0

Advertisements

#47
hammerman
Posted 10 April 2010 - 10:30 PM

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hi,

Log's are looking clean.

Can you try uninstalling then reinstalling Malwarebytes again.
  • 0

#48
K1500
Posted 10 April 2010 - 11:17 PM

K1500

    Member

  • Topic Starter
  • Member
  • PipPip
  • 68 posts
Alright, I'll give it another go. It's not a big deal, but it's an oddball nuisance that I wouldn't mind getting rid of.
  • 0

#49
K1500
Posted 11 April 2010 - 01:25 AM

K1500

    Member

  • Topic Starter
  • Member
  • PipPip
  • 68 posts
No good, I still get the 0x000000F4 error. :) If you can't find a problem, then I can just deal with it as I have been.
  • 0

#50
hammerman
Posted 11 April 2010 - 02:19 PM

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hi,

I think you should head over to the XP forum here and post a new topic. Let them know I've been helping you and add a link to this topic in the post.

Otherwise, your computer appears clean :)

Let's remove the tools we've been using.

Please follow these steps.

-- Step 1 --

Follow these steps to uninstall Combofix and tools used in the removal of malware
  • Click START then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    Posted Image
-- Step 2 --
  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

Here are some measures you can take to ensure that your computer remains clean.

1. Updates

Windows Updates

It is essential that you regularly check and install the latest Windows Updates. Vulnerabilities within Windows can leave your computer open to infection. Regular updates are released to fix these security vulnerabilities. It is recommended that you set Windows to check, download and install your updates automatically.

  • Click Start
  • Select Control Panel
  • Click on Automatic (recommended)
  • Set the day and time for the update check. Set this to a time when your computer will normally be on and connected to the internet.
  • Click Apply then OK.
Java Updates

As with Windows, Java also needs to be regularly updated to fix security vulnerabilites. You can download the latest version of the Java Runtime Environment (JRE) from here. Download, install and reboot your computer. You also need to uininstall older versions of Java.

  • Click Start
  • Select Control Panel
  • Select Add or Remove Programs
  • Remove all Java updates except the latest one you have just installed.
Adobe Updates

You should ensure you use the latest Adobe Acrobat Reader and install any security updates that are released. You can download the latest reader and updates from here.

Other Updates

Regularly check for updates for all your security programs including firewall, antivirus, antispyware etc

2. Security Programs

Here is a list of security programs that I would recommend.

Firewall

A firewall is essential to stop hackers infiltrating your computer. The following firewalls are free for personal use. Do not install more than one firewall.

Zone Alarm is an excellent free basic firewall which is very easy to use.
Online-Armor Free is a more advanced firewall which includes a Host Intrusion Protection System (HIPS). This ensures that unrecognised programs will not run unless you give permission.

Antivirus

An antivirus program is essential. The following antivirus programs are free for personal use. Do not use more than one antivirus and always update virus definitions regularly.

AVG
Avira Free
Avast

Anti-Malware

Malwarebytes Anti-Malware MBAM is an excellent anti-malware tool that should be updated and a Quick Scan performed regularly. A Full Scan does not have to be carried out on such a regular basis as the developers aim to detect the vast majority of malware with the Quick Scan. The scanner is free for on-demand scans only.

Ad-Aware, Spybot, SuperAntispyware and A-Squared Free are also very good anti-malware programs that are free for on-demand scans. Spybot has a real-time protection feature called TeaTimer.

Prevention

SpywareBlaster is an excellent free tool for preventing the installation of spyware.
SpywareGuard offers real-time protection so that spyware is detected and blocked before it can do any harm.

Cleaner

ATF Cleaner removes temporary Internet Explorer, Firefox and Windows files.

Browser

Firefox is an alternative browser to Internet Explorer and is more secure.
NoScript is an add-on for Firefox and prevents execution of malicious scripts.
MVPS is a HOSTS file to replace your existing file. This prevents you connecting to a list of well-known ad sites.
  • 0

#51
K1500
Posted 11 April 2010 - 07:56 PM

K1500

    Member

  • Topic Starter
  • Member
  • PipPip
  • 68 posts
Alright, I'll run the uninstall and check out some of those programs, as well as head over to the XP forum for further help with the MBAM error. Thank you SO MUCH for removing the Alureon.G trojan for me! :) I'm so used to being able to remove the occasional virus with MBAM or MSE, but I realize I need to be more cautious after getting a tough one like this!
  • 0

#52
hammerman
Posted 16 April 2010 - 12:25 PM

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

#53
hammerman
Posted 24 April 2010 - 12:01 PM

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Topic reopened.
  • 0

#54
K1500
Posted 24 April 2010 - 04:48 PM

K1500

    Member

  • Topic Starter
  • Member
  • PipPip
  • 68 posts
Happyrock told me to head back over to this thread so you could check for a rootkit, so let me know what I should do. Thanks!
  • 0

#55
hammerman
Posted 24 April 2010 - 06:49 PM

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Welcome back,

Let's get some fresh logs. Please follow these steps.

-- Step 1 --

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Custom Scan box paste this in

    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
    CREATERESTOREPOINT

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
-- Step 2 --

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
  • Double click GMER.exe.
    Posted Image
  • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
      Posted Image
      Click the image to enlarge it
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
  • Save the log where you can easily find it, such as your desktop.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Please copy and paste the report into your Post.Hello and welcome to GeeksToGo :)
  • 0

Advertisements

#56
K1500
Posted 25 April 2010 - 08:13 PM

K1500

    Member

  • Topic Starter
  • Member
  • PipPip
  • 68 posts
Here is the log from OTL, there was no Extras.txt created :):

OTL logfile created on: 4/24/2010 10:48:43 PM - Run 7
OTL by OldTimer - Version 3.2.2.0 Folder = C:\Documents and Settings\Graham\Desktop\Alureon.G
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 75.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.37 Gb Total Space | 11.22 Gb Free Space | 16.17% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 465.76 Gb Total Space | 423.76 Gb Free Space | 90.98% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: XPS400
Current User Name: Graham
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Graham\Desktop\Alureon.G\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe (Raxco Software, Inc.)
PRC - C:\Program Files\Raxco\PerfectDisk10\PDAgentS1.exe (Raxco Software, Inc.)
PRC - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe (Raxco Software, Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\snmp.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
PRC - C:\WINDOWS\system32\tcpsvcs.exe (Microsoft Corporation)
PRC - C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
PRC - C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Graham\Desktop\Alureon.G\OTL.exe (OldTimer Tools)


========== Win32 Services (SafeList) ==========

SRV - (WUSB54GCSVC) -- File not found
SRV - (PDAgent) -- C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe (Raxco Software, Inc.)
SRV - (PDEngine) -- C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe (Raxco Software, Inc.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (SQLWriter) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (SNMP) -- C:\WINDOWS\system32\snmp.exe (Microsoft Corporation)
SRV - (W3SVC) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (SMTPSVC) Simple Mail Transfer Protocol (SMTP) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (MSFtpsvc) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (IISADMIN) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (p2pgasvc) -- C:\WINDOWS\system32\p2pgasvc.dll (Microsoft Corporation)
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (Roxio UPnP Renderer 9) -- C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe (Sonic Solutions)
SRV - (Roxio Upnp Server 9) -- C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe (Sonic Solutions)
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (AOL LLC)
SRV - (IAANTMon) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (SimpTcp) -- C:\WINDOWS\system32\tcpsvcs.exe (Microsoft Corporation)
SRV - (LPDSVC) -- C:\WINDOWS\system32\tcpsvcs.exe (Microsoft Corporation)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\hpzipm12.exe (HP)


========== Driver Services (SafeList) ==========

DRV - (SysProtDrv.sys) -- C:\Documents and Settings\Graham\Desktop\Alureon.G\SysProt\SysProtDrv.sys ()
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (pbfilter) -- C:\Program Files\PeerBlock\pbfilter.sys ()
DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (DefragFS) -- C:\WINDOWS\system32\drivers\DefragFs.sys (Raxco Software, Inc.)
DRV - (cpudrv) -- C:\Program Files\SystemRequirementsLab\cpudrv.sys ()
DRV - (MpFilter) -- C:\WINDOWS\system32\drivers\MpFilter.sys (Microsoft Corporation)
DRV - (timounter) -- C:\WINDOWS\system32\DRIVERS\timntr.sys (Acronis)
DRV - (tifsfilter) -- C:\WINDOWS\system32\drivers\tifsfilt.sys (Acronis)
DRV - (snapman) -- C:\WINDOWS\system32\DRIVERS\snapman.sys (Acronis)
DRV - (tdrpman) -- C:\WINDOWS\system32\DRIVERS\tdrpman.sys (Acronis)
DRV - (adfs) -- C:\WINDOWS\system32\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (xusb21) -- C:\WINDOWS\system32\drivers\xusb21.sys (Microsoft Corporation)
DRV - (USB_RNDIS) -- C:\WINDOWS\system32\drivers\usb8023.sys (Microsoft Corporation)
DRV - (GcKernel) -- C:\WINDOWS\system32\drivers\gckernel.sys (Microsoft Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (motmodem) -- C:\WINDOWS\system32\drivers\motmodem.sys (Motorola)
DRV - (P17) -- C:\WINDOWS\system32\drivers\P17.sys (Creative Technology Ltd.)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (dsunidrv) -- C:\WINDOWS\system32\drivers\dsunidrv.sys (Gteko Ltd.)
DRV - (hamachi_oem) -- C:\WINDOWS\system32\drivers\gan_adapter.sys (Applied Networking Inc.)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\dla\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\dla\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\dla\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\dla\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\dla\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\dla\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\dla\DLADResN.SYS (Sonic Solutions)
DRV - (drvmcdb) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (drvnddm) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Sonic Solutions)
DRV - (sfsync03) StarForce Protection Synchronization Driver (version 3.x) -- C:\WINDOWS\System32\drivers\sfsync03.sys (Protection Technology)
DRV - (RT73) -- C:\WINDOWS\system32\drivers\rt73.sys (Ralink Technology, Corp.)
DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfvfs02.sys (Protection Technology)
DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfsync02.sys (Protection Technology)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology)
DRV - (iastor) -- C:\WINDOWS\system32\drivers\iastor.sys (Intel Corporation)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology)
DRV - (e1express) Intel® -- C:\WINDOWS\system32\drivers\e1e5132.sys (Intel Corporation)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (P2k) -- C:\WINDOWS\system32\drivers\P2k.sys ()
DRV - (AFS2K) -- C:\WINDOWS\system32\drivers\AFS2K.SYS (Oak Technology Inc.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (ndiscm) -- C:\WINDOWS\system32\drivers\NetMotCM.sys (Motorola Inc.)
DRV - (TIEHDUSB) -- C:\WINDOWS\system32\drivers\tiehdusb.sys (Texas Instruments Incorporated)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (GTNDIS5) -- C:\WINDOWS\system32\GTNDIS5.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)
DRV - (HIDSwvd) -- C:\WINDOWS\system32\drivers\hidswvd.sys (Microsoft Corporation)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 64.34.161.90:80

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.startup.homepage: "chrome://speeddial/content/speeddial.xul"
FF - prefs.js..extensions.enabledItems: {DCBD1271-D228-4082-9FBC-36D9B7660B03}:1.1.9.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.6
FF - prefs.js..extensions.enabledItems: [email protected]:0.6.0.26
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.47.4
FF - prefs.js..extensions.enabledItems: bug489729@alice0775:1.3
FF - prefs.js..extensions.enabledItems: {1fe12979-ef26-4a7a-911a-ba0f596362bd}:1.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.85.20100407
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.9
FF - prefs.js..extensions.enabledItems: [email protected]:2.23b1
FF - prefs.js..extensions.enabledItems: {DB2EA31C-58F5-48b7-8D60-CB0739257904}:0.19
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2c}:0.6.4
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:0.7.1
FF - prefs.js..extensions.enabledItems: TFToolbarX@torrent-finder:1.2.5
FF - prefs.js..extensions.enabledItems: {469CEB59-8266-438b-91D9-82F56D595E15}:1.19
FF - prefs.js..extensions.enabledItems: {29c4afe1-db19-4298-8785-fcc94d1d6c1d}:0.6.2009110501
FF - prefs.js..extensions.enabledItems: {2e6959d0-3be5-11df-9879-0800200c9a66}:1.2.0
FF - prefs.js..extensions.enabledItems: {de5809e0-2b07-11dd-bd0b-0800200c9a66}:1.2.0
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.gopher: ""
FF - prefs.js..network.proxy.backup.gopher_port: 0
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.ftp: "64.90.179.108"
FF - prefs.js..network.proxy.gopher: "64.90.179.108"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "64.90.179.108"
FF - prefs.js..network.proxy.ssl: "64.90.179.108"
FF - prefs.js..network.proxy.type: 4
FF - prefs.js..splitbrowser.search.loadResultsIn: 2


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/02 00:29:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/15 20:50:27 | 000,000,000 | ---D | M]

[2009/03/07 01:04:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Mozilla\Extensions
[2009/03/07 01:04:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Mozilla\Extensions\[email protected]
[2010/04/24 16:05:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions
[2010/04/24 00:02:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{1fe12979-ef26-4a7a-911a-ba0f596362bd}
[2010/03/30 22:43:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d}
[2010/04/07 17:15:25 | 000,000,000 | ---D | M] (Gradient iCool) -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{2e6959d0-3be5-11df-9879-0800200c9a66}
[2010/03/28 20:35:37 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/12/23 00:49:43 | 000,000,000 | ---D | M] (Organize Status Bar) -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2c}
[2009/10/15 07:00:24 | 000,000,000 | ---D | M] (PDF Download) -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2010/01/21 00:34:40 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2010/03/27 12:53:39 | 000,000,000 | ---D | M] (FoxyTunes Skin - OnyxOrbs) -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{469CEB59-8266-438b-91D9-82F56D595E15}
[2010/04/15 06:54:59 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/01/07 04:08:16 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/04/08 18:43:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2009/10/14 04:09:51 | 000,000,000 | ---D | M] (ImageTweak) -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{DB2EA31C-58F5-48b7-8D60-CB0739257904}
[2010/01/27 19:23:36 | 000,000,000 | ---D | M] () -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{DCBD1271-D228-4082-9FBC-36D9B7660B03}
[2010/03/26 16:53:19 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/04/07 17:15:25 | 000,000,000 | ---D | M] (Gradient iCool) -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{de5809e0-2b07-11dd-bd0b-0800200c9a66}
[2010/04/05 22:45:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\[email protected]
[2009/09/13 22:27:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\bug489729@alice0775
[2009/07/01 20:09:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\[email protected]
[2009/07/26 10:21:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\[email protected]
[2008/06/18 12:15:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\[email protected]
[2010/04/13 15:44:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\[email protected]
[2009/12/29 21:20:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\[email protected]
[2008/07/12 12:15:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\[email protected]
[2009/10/28 05:20:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\TFToolbarX@torrent-finder
[2009/11/11 14:06:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\[email protected]
[2009/01/06 00:33:16 | 000,001,447 | ---- | M] () -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\searchplugins\userlogos.xml
[2010/04/24 16:05:33 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/01/01 21:55:03 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2006/10/22 03:01:25 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2008/02/04 18:49:18 | 000,663,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll

O1 HOSTS File: ([2010/04/15 20:50:39 | 000,000,063 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\DLASHX_W.DLL (Sonic Solutions)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ISUSPM Startup] c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\P17.dll ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKCU..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Auto Detect.lnk = C:\Program Files\iConcepts Music Express\MEAutoDetect.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Save with Download Manager... - C:\Program Files\J River\Media Jukebox\DMDownload.htm ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplane...DC_2.1.1.74.cab (Reg Error: Key error.)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} http://aolcc.aol.com...kup/qdiagcc.cab (Reg Error: Key error.)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.updat...b?1187479030750 (MUCatalogWebControl Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} https://scan.safety....lscbase2213.cab (CwlscInstall Object)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1130464946046 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1131080027541 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} http://69.213.66.54/TSWEB/msrdp.cab (Microsoft RDP Client Control (redist))
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} http://www.systemreq...m/sysreqlab.cab (System Requirements Lab Class)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Graham\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Graham\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/19 16:07:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (PDBoot.exe) - C:\WINDOWS\System32\PDBoot.exe (Raxco Software, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/08/19 15:52:10 | 000,000,000 | ---D | M]
NetSvcs: Iprip - C:\WINDOWS\system32\iprip.dll (Microsoft Corporation)
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - Services: "AOL ACS"
MsConfig - Services: "AcrSch2Svc"
MsConfig - Services: "idsvc"
MsConfig - Services: "gusvc"
MsConfig - Services: "DSBrokerService"
MsConfig - Services: "ATI Smart"
MsConfig - Services: "Ati HotKey Poller"
MsConfig - Services: "wlidsvc"
MsConfig - Services: "usnjsvc"
MsConfig - Services: "Roxio Upnp Server 9"
MsConfig - Services: "Roxio UPnP Renderer 9"
MsConfig - Services: "BcmSqlStartupSvc"
MsConfig - Services: "Creative Service for CDROM Access"
MsConfig - StartUpReg: Acronis Scheduler2 Service - hkey= - key= - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
MsConfig - StartUpReg: AcronisTimounterMonitor - hkey= - key= - C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
MsConfig - StartUpReg: AOLDialer - hkey= - key= - C:\Program Files\Common Files\AOL\acs\AOLDial.exe (AOL LLC)
MsConfig - StartUpReg: ATIPTA - hkey= - key= - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
MsConfig - StartUpReg: DMXLauncher - hkey= - key= - C:\Program Files\Sonic\Product\Media Experience\DMXLauncher.exe ()
MsConfig - StartUpReg: HostManager - hkey= - key= - C:\Program Files\Common Files\AOL\1130467576\EE\aolsoftware.exe (AOL LLC)
MsConfig - StartUpReg: IAAnotif - hkey= - key= - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: StartCCC - hkey= - key= - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
MsConfig - StartUpReg: TrueImageMonitor.exe - hkey= - key= - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 2
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: MsMpSvc - C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: MsMpSvc - C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {1BC46932-21B2-4130-86E0-B4EB4F7A7A7B} - Microsoft .NET Framework 1.0 Hotfix (KB887998)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0
ActiveX: {25DEEA52-F564-10E6-2426-5D36EF9FCB69} - Microsoft .NET Framework 1.0 Hotfix (KB887998)
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {48893406-C68E-3EEC-13C7-0C4C0D9F92DE} - DirectX
ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.UnInstall.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - rundll32.exe C:\WINDOWS\system32\Setup\FxsOcm.dll,XP_UninstallProvider
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {BDE0FA43-6952-4BA8-8C58-09AF690F88E1} - Microsoft .NET Framework 1.0 Hotfix (KB930494)
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295)
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3
ActiveX: {ECD292A0-0347-4244-8C24-5DBCE990FB40} - Hotfix for Microsoft .NET Framework 3.0 (KB932471)
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: KB910393 - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.DRAW - DVIDEO.DLL File not found
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
Drivers32: VIDC.MP42 - C:\WINDOWS\System32\MPG4C32.DLL (Microsoft Corporation)
Drivers32: VIDC.MPG4 - C:\WINDOWS\System32\MPG4C32.DLL (Microsoft Corporation)
Drivers32: VIDC.VCR1 - ATIVCR1.DLL File not found
Drivers32: VIDC.VCR2 - ATIVCR2.DLL File not found
Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yvu9 - IYVU9_32.DLL File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2010/04/24 22:48:21 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Graham\Recent
[2010/04/24 02:40:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ATI
[2010/04/21 22:58:59 | 000,000,000 | ---D | C] -- F:\My Documents\Armageddon's Children
[2010/04/20 18:40:20 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Installer Clean Up
[2010/04/18 12:54:00 | 000,000,000 | ---D | C] -- C:\totalcmd
[2010/04/18 12:54:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Graham\Application Data\GHISLER
[2010/04/18 12:46:49 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_6.dll
[2010/04/18 12:46:49 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_4.dll
[2010/04/18 12:46:48 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_6.dll
[2010/04/18 12:46:48 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_7.dll
[2010/04/15 20:07:44 | 000,000,000 | ---D | C] -- F:\My Documents\FFOTWServlet_files
[2010/04/15 20:02:21 | 000,000,000 | ---D | C] -- C:\Program Files\NirSoft
[2010/04/13 17:52:36 | 000,000,000 | ---D | C] -- C:\Python31
[2010/04/13 17:49:14 | 000,000,000 | ---D | C] -- C:\Python27
[2010/04/12 15:33:43 | 000,000,000 | ---D | C] -- C:\Program Files\WhoCrashed
[2010/04/12 13:26:02 | 000,237,320 | ---- | C] (Raxco Software, Inc.) -- C:\WINDOWS\System32\PDBoot.exe
[2010/04/12 00:13:56 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/12 00:13:53 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/11 02:11:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/10 22:44:10 | 002,291,200 | ---- | C] (Python Software Foundation) -- C:\WINDOWS\System32\python27.dll
[2010/04/02 07:14:17 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/04/02 06:25:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/04/02 00:12:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2010/04/01 16:44:49 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/04/01 16:43:31 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/04/01 16:43:31 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/04/01 16:43:31 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/04/01 16:43:30 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/04/01 16:43:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/04/01 16:37:31 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/04/01 16:25:40 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/03/31 16:15:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Graham\Desktop\Alureon.G
[2010/03/30 22:00:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/03/30 22:00:09 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/03/30 22:00:09 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/03/30 22:00:09 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/03/30 22:00:09 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/03/30 17:36:41 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/03/30 17:36:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/03/28 20:33:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/03/28 20:09:07 | 000,000,000 | ---D | C] -- C:\Program Files\PeerBlock
[2007/11/25 15:56:10 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll

========== Files - Modified Within 30 Days ==========

[2010/04/24 22:47:34 | 015,728,640 | -H-- | M] () -- C:\Documents and Settings\Graham\NTUSER.DAT
[2010/04/24 18:03:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/24 17:30:00 | 000,000,392 | -H-- | M] () -- C:\WINDOWS\tasks\{5A946781-7F50-46F7-B9B9-3B43599481E3}_XPS400_Graham.job
[2010/04/24 13:22:12 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/24 03:00:50 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/24 03:00:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/24 03:00:41 | 3756,167,168 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/22 18:40:00 | 000,066,048 | ---- | M] () -- C:\Documents and Settings\Graham\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/22 07:31:41 | 000,037,202 | ---- | M] () -- C:\Documents and Settings\Graham\Application Data\wklnhst.dat
[2010/04/21 18:00:20 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/04/21 05:35:55 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Graham\ntuser.ini
[2010/04/18 12:54:01 | 000,000,548 | ---- | M] () -- C:\Documents and Settings\Graham\Desktop\Total Commander.lnk
[2010/04/17 18:13:27 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/15 20:50:39 | 000,000,063 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/04/15 20:50:27 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/04/15 20:07:44 | 000,026,115 | ---- | M] () -- F:\My Documents\FFOTWServlet.htm
[2010/04/14 20:52:21 | 003,733,090 | -H-- | M] () -- C:\Documents and Settings\Graham\Local Settings\Application Data\IconCache.db
[2010/04/14 04:28:10 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PerfectDisk 11.lnk
[2010/04/12 16:18:00 | 000,114,214 | ---- | M] () -- C:\Documents and Settings\Graham\peerblock.dmp
[2010/04/12 13:26:02 | 000,237,320 | ---- | M] (Raxco Software, Inc.) -- C:\WINDOWS\System32\PDBoot.exe
[2010/04/12 00:13:59 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/10 22:44:10 | 002,291,200 | ---- | M] (Python Software Foundation) -- C:\WINDOWS\System32\python27.dll
[2010/04/09 18:53:21 | 000,001,608 | ---- | M] () -- C:\Documents and Settings\Graham\Desktop\PeerBlock.lnk
[2010/04/06 17:16:04 | 000,108,512 | ---- | M] () -- C:\VETlog.dmp
[2010/04/06 17:15:08 | 000,000,966 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/03 12:00:00 | 000,011,128 | ---- | M] () -- F:\My Documents\Relay For Life Addresses.docx
[2010/04/02 06:28:00 | 000,000,292 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/01 16:45:00 | 000,000,279 | RHS- | M] () -- C:\boot.ini
[2010/03/30 21:59:50 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2010/03/30 21:59:50 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/03/30 21:59:50 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/03/30 21:59:50 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/03/30 21:59:50 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/03/30 18:30:06 | 000,011,024 | ---- | M] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp DSP Effects.dat
[2010/03/30 18:30:01 | 003,494,576 | ---- | M] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2010/03/30 18:30:01 | 000,033,846 | ---- | M] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp DSP Effects.bmp
[2010/03/30 18:29:59 | 000,015,607 | ---- | M] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.dat
[2010/03/30 18:29:26 | 000,033,846 | ---- | M] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.bmp
[2010/03/30 17:33:31 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/03/30 02:28:19 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\Graham\Desktop\CCleaner.lnk
[2010/03/29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/29 15:24:46 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/28 23:10:12 | 000,716,992 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/28 23:10:12 | 000,580,318 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/28 23:10:12 | 000,122,036 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/28 22:54:14 | 000,000,000 | ---- | M] () -- C:\FileOut.Cns
[2010/03/28 22:54:14 | 000,000,000 | ---- | M] () -- C:\FileIn.Cns
[2010/03/28 20:25:02 | 000,000,692 | ---- | M] () -- C:\Documents and Settings\Graham\Desktop\WinRAR.lnk

========== Files Created - No Company Name ==========

[2010/04/18 12:54:01 | 000,000,548 | ---- | C] () -- C:\Documents and Settings\Graham\Desktop\Total Commander.lnk
[2010/04/18 12:54:00 | 000,000,545 | ---- | C] () -- C:\WINDOWS\UC.PIF
[2010/04/18 12:54:00 | 000,000,545 | ---- | C] () -- C:\WINDOWS\RAR.PIF
[2010/04/18 12:54:00 | 000,000,545 | ---- | C] () -- C:\WINDOWS\PKZIP.PIF
[2010/04/18 12:54:00 | 000,000,545 | ---- | C] () -- C:\WINDOWS\PKUNZIP.PIF
[2010/04/18 12:54:00 | 000,000,545 | ---- | C] () -- C:\WINDOWS\NOCLOSE.PIF
[2010/04/18 12:54:00 | 000,000,545 | ---- | C] () -- C:\WINDOWS\LHA.PIF
[2010/04/18 12:54:00 | 000,000,545 | ---- | C] () -- C:\WINDOWS\ARJ.PIF
[2010/04/15 20:07:44 | 000,026,115 | ---- | C] () -- F:\My Documents\FFOTWServlet.htm
[2010/04/12 00:13:59 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/09 18:53:21 | 000,001,608 | ---- | C] () -- C:\Documents and Settings\Graham\Desktop\PeerBlock.lnk
[2010/04/06 16:00:11 | 000,011,128 | ---- | C] () -- F:\My Documents\Relay For Life Addresses.docx
[2010/04/06 06:55:14 | 3756,167,168 | -HS- | C] () -- C:\hiberfil.sys
[2010/04/01 16:45:00 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2010/04/01 16:44:55 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/04/01 16:43:32 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/04/01 16:43:31 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/04/01 16:43:31 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/04/01 16:43:31 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/04/01 15:11:29 | 000,114,214 | ---- | C] () -- C:\Documents and Settings\Graham\peerblock.dmp
[2010/03/30 18:30:06 | 000,033,846 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp DSP Effects.bmp
[2010/03/30 18:30:06 | 000,011,024 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp DSP Effects.dat
[2010/03/30 18:29:59 | 000,033,846 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.bmp
[2010/03/30 18:29:59 | 000,015,607 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.dat
[2010/03/30 17:37:56 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/03/30 17:33:31 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/02/06 06:09:29 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/02/06 06:09:29 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/12/23 02:39:50 | 000,000,262 | ---- | C] () -- C:\WINDOWS\w32dasm8.ini
[2008/09/19 16:57:34 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/09/19 16:55:10 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/05/31 21:36:50 | 000,001,361 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2007/11/25 15:56:10 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2007/10/01 23:35:57 | 000,000,010 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/08/02 16:55:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\frontpg.ini
[2007/08/02 16:49:52 | 000,007,909 | ---- | C] () -- C:\WINDOWS\System32\ftpctrs.ini
[2007/08/02 16:42:47 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2007/08/02 16:42:46 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2007/08/02 16:41:30 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2007/08/02 16:41:29 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2007/08/02 16:41:27 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2007/05/21 20:45:59 | 000,682,232 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2007/04/24 19:38:05 | 000,000,141 | ---- | C] () -- C:\WINDOWS\mp3wavcon.ini
[2007/04/24 19:37:37 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2007/03/24 04:25:50 | 001,385,984 | ---- | C] () -- C:\WINDOWS\System32\telintf.DLL
[2007/03/05 13:34:28 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2006/12/27 14:19:22 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2006/12/22 21:17:04 | 000,000,045 | ---- | C] () -- C:\WINDOWS\HOTWHEEL.INI
[2006/12/21 15:42:23 | 000,000,058 | ---- | C] () -- C:\WINDOWS\nfsc_patch.ini
[2006/10/19 00:32:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ATIMMC.INI
[2006/09/02 23:26:21 | 000,016,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\P2k.sys
[2006/08/01 11:02:09 | 000,000,067 | ---- | C] () -- C:\WINDOWS\101_ASB.INI
[2006/07/24 12:53:53 | 000,000,344 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2006/07/23 19:18:42 | 000,000,057 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI
[2006/07/23 14:38:02 | 000,000,921 | ---- | C] () -- C:\WINDOWS\disney.ini
[2006/07/07 17:57:06 | 000,073,814 | ---- | C] () -- C:\WINDOWS\System32\cw.dll
[2006/06/11 01:46:03 | 000,000,158 | ---- | C] () -- C:\WINDOWS\TSDataEx.ini
[2006/03/06 22:52:49 | 000,000,639 | ---- | C] () -- C:\WINDOWS\M3JPEG.INI
[2005/12/30 20:33:51 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2005/12/25 15:49:00 | 000,000,029 | ---- | C] () -- C:\WINDOWS\dmi.ini
[2005/12/03 21:42:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2005/11/27 01:14:31 | 000,000,008 | ---- | C] () -- C:\WINDOWS\sdcomchk.ini
[2005/11/26 18:45:24 | 000,000,090 | ---- | C] () -- C:\WINDOWS\fdmc.ini
[2005/11/02 22:12:10 | 000,000,088 | ---- | C] () -- C:\WINDOWS\copmn.ini
[2005/11/01 18:22:58 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2005/10/31 16:51:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2005/10/29 20:44:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2005/10/28 15:38:29 | 000,005,663 | ---- | C] () -- C:\WINDOWS\System32\LudaP17.ini
[2005/10/28 15:35:30 | 000,000,075 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2005/10/27 23:27:28 | 000,003,558 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2005/10/27 23:27:28 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\73B355ECC0.sys
[2005/10/27 21:40:14 | 000,000,101 | ---- | C] () -- C:\WINDOWS\upst.ini
[2005/10/27 21:40:14 | 000,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2005/10/26 14:18:26 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/10/26 14:07:11 | 000,003,091 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/10/26 14:04:03 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/10/26 14:01:28 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2005/10/26 14:01:11 | 000,000,072 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2005/10/26 13:36:14 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[2005/10/26 13:35:30 | 000,000,387 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/08/05 15:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/05/04 20:59:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/12/19 08:29:40 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004/12/19 08:17:10 | 000,614,400 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2004/11/30 04:10:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\besched.dll
[2004/08/19 16:20:39 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/10/02 01:00:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2003/10/02 01:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
[2002/10/06 13:42:56 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002/10/04 18:04:24 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2002/10/04 18:04:24 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002/10/04 18:04:16 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2002/05/15 18:38:40 | 000,091,136 | ---- | C] () -- C:\WINDOWS\System32\mp4fil32.dll
[2002/04/19 09:23:26 | 000,106,137 | ---- | C] () -- C:\WINDOWS\System32\libpostproc.dll
[1996/04/03 14:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== Custom Scans ==========


< %ALLUSERSPROFILE%\Application Data\*. >
[2009/10/25 02:14:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2010/01/17 01:36:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2005/12/10 00:00:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe Systems
[2009/12/26 06:17:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL
[2009/12/26 05:55:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL Downloads
[2009/03/31 20:57:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL OCP
[2009/06/01 18:11:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2009/03/04 21:17:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010/04/24 02:40:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ATI
[2006/06/30 23:12:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avanquest Software
[2006/06/30 23:27:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2008/03/27 19:46:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell
[2010/04/02 00:18:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DivX
[2009/02/15 23:04:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2007/06/22 05:26:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2006/12/10 03:55:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2010/01/30 12:11:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\GTek
[2005/10/26 14:07:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2005/10/26 14:06:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intuit
[2007/10/01 23:00:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Macromedia
[2009/01/20 00:44:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/11/11 17:28:09 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2008/09/29 18:39:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
[2010/04/13 15:53:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2007/03/12 01:58:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2010/03/09 19:27:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Raxco
[2007/08/16 17:56:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sonic
[2010/01/26 21:33:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun
[2009/03/31 21:03:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2009/09/03 00:36:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2009/10/08 17:15:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2005/10/27 23:21:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/03/12 16:45:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/03/30 17:37:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/10 00:27:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/06 16:15:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2009/02/04 13:56:14 | 000,075,112 | ---- | M] (GEAR Software, Inc.) -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86\DifXInstall32.exe
[2006/09/26 13:19:52 | 000,874,808 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\AIMSUD338\AIMinst.exe
[2006/09/26 13:19:38 | 000,430,168 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\AIMSUD338\AIMLang.exe
[2006/09/26 13:19:52 | 000,081,176 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\AIMSUD338\alsetup.exe
[2006/09/26 13:19:52 | 000,601,176 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\AIMSUD338\ampx.exe
[2006/09/26 13:19:54 | 000,104,528 | ---- | M] (Gteko Ltd.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\AIMSUD338\aod.exe
[2006/09/26 13:19:54 | 000,160,336 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\AIMSUD338\inst.exe
[2006/09/26 13:19:54 | 000,044,448 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\AIMSUD338\instopts.exe
[2006/09/26 13:19:54 | 000,163,888 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\AIMSUD338\iphinst.exe
[2006/09/26 13:19:54 | 000,555,736 | ---- | M] (America Online) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\AIMSUD338\muinst.exe
[2006/09/26 13:19:54 | 005,269,312 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\AIMSUD338\ocpinst.exe
[2006/09/26 13:19:58 | 000,034,896 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\AIMSUD338\postproc.exe
[2006/09/26 13:19:58 | 000,312,912 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\AIMSUD338\setup.exe
[2006/09/26 13:20:02 | 000,357,768 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\AIMSUD338\tbsetup.exe
[2006/09/26 13:20:04 | 001,144,760 | ---- | M] (America Online) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\AIMSUD338\toolbar.exe
[2006/09/26 13:20:06 | 000,409,640 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\AIMSUD338\vwpt.exe
[2006/10/09 17:30:50 | 000,792,664 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\aolcom_setupSTUS\setup90.exe
[2006/10/09 17:33:43 | 003,183,256 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\aolcom_setupSTUS\comps\acs\acssetup.exe
[2006/10/09 17:33:50 | 000,553,984 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\aolcom_setupSTUS\comps\flash\flashax.exe
[2006/10/09 17:33:05 | 002,242,759 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\aolcom_setupSTUS\comps\fw\nisale.exe
[2006/10/09 17:34:52 | 000,748,608 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\aolcom_setupSTUS\comps\ocp\ocpinst.exe
[2006/10/09 17:32:52 | 005,111,296 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\aolcom_setupSTUS\comps\rp\realpl8.exe
[2006/10/09 17:32:33 | 004,378,673 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\aolcom_setupSTUS\comps\rp\real_upd.exe
[2006/10/09 17:32:54 | 000,360,448 | ---- | M] ( ) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\aolcom_setupSTUS\comps\rp\rp9codec.exe
[2006/10/09 17:32:56 | 000,474,200 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\aolcom_setupSTUS\comps\sysinfo\sinfinst.exe
[2006/10/09 17:32:16 | 000,590,688 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\aolcom_setupSTUS\comps\tpspd\tssetup.exe
[2006/10/09 17:32:10 | 000,061,440 | ---- | M] (Viewpoint Corporation) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\aolcom_setupSTUS\comps\vwpt\vpprepop.exe
[2006/10/09 17:32:09 | 003,858,056 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\aolcom_setupSTUS\comps\vwpt\vwpt.exe
[2007/05/05 12:58:16 | 001,104,960 | ---- | M] (AOL) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\aoltoolbar\setuptoolbar.exe
[2006/07/13 14:22:12 | 000,299,840 | ---- | M] (America Online) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\CCU_SUITE_1.1.10.4\afixinst.exe
[2006/07/13 14:22:03 | 000,076,736 | ---- | M] (America Online) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\CCU_SUITE_1.1.10.4\afixlang.exe
[2006/07/13 14:22:02 | 000,126,312 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\CCU_SUITE_1.1.10.4\alsetup.exe
[2006/07/13 14:22:54 | 000,256,144 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\CCU_SUITE_1.1.10.4\CCUInst.exe
[2006/07/13 14:22:00 | 000,225,080 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\CCU_SUITE_1.1.10.4\cculang.exe
[2006/07/13 14:22:09 | 000,163,976 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\CCU_SUITE_1.1.10.4\iphinst.exe
[2006/07/13 14:22:07 | 000,552,224 | ---- | M] (America Online) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\CCU_SUITE_1.1.10.4\muinst.exe
[2006/07/13 14:22:52 | 003,083,408 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\CCU_SUITE_1.1.10.4\ocpinst.exe
[2006/07/13 14:22:16 | 000,033,872 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\CCU_SUITE_1.1.10.4\postproc.exe
[2006/07/13 14:22:31 | 000,159,312 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\CCU_SUITE_1.1.10.4\setup.exe
[2006/07/13 14:22:24 | 000,099,096 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\CCU_SUITE_1.1.10.4\sminstlp.exe
[2006/07/13 14:22:29 | 000,174,584 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\CCU_SUITE_1.1.10.4\stmninst.exe
[2006/07/13 14:22:56 | 000,339,616 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\CCU_SUITE_1.1.10.4\tbsetup.exe
[2006/07/13 14:22:26 | 000,215,840 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\CCU_SUITE_1.1.10.4\wsfinst.exe
[2006/11/11 16:19:49 | 000,299,648 | ---- | M] (America Online) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\CCU_SUITE_1.2.17.2\afixinst.exe
[2006/11/11 16:19:42 | 000,076,712 | ---- | M] (America Online) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\CCU_SUITE_1.2.17.2\afixlang.exe
[2006/11/11 16:19:47 | 000,126,336 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\CCU_SUITE_1.2.17.2\alsetup.exe
[2006/11/11 16:20:02 | 000,284,696 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\CCU_SUITE_1.2.17.2\CCUInst.exe
[2006/11/11 16:19:46 | 000,205,080 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\CCU_SUITE_1.2.17.2\cculang.exe
[2006/11/11 16:19:41 | 000,164,824 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\CCU_SUITE_1.2.17.2\iphinst.exe
[2006/11/11 16:19:44 | 000,555,704 | ---- | M] (America Online) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\CCU_SUITE_1.2.17.2\muinst.exe
[2006/11/11 16:20:01 | 003,238,592 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\CCU_SUITE_1.2.17.2\ocpinst.exe
[2006/11/11 16:19:50 | 000,033,840 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\CCU_SUITE_1.2.17.2\postproc.exe
[2006/11/11 16:19:50 | 000,159,280 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\CCU_SUITE_1.2.17.2\setup.exe
[2006/11/11 16:19:41 | 000,099,128 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\CCU_SUITE_1.2.17.2\sminstlp.exe
[2006/11/11 16:19:49 | 000,174,848 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\CCU_SUITE_1.2.17.2\stmninst.exe
[2006/11/11 16:19:45 | 000,215,864 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\CCU_SUITE_1.2.17.2\wsfinst.exe
[2005/12/07 23:01:19 | 000,422,386 | ---- | M] (America Online) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\IETOOLBAR_3.0.44.1\muinst.exe
[2005/12/07 23:01:13 | 000,155,240 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\IETOOLBAR_3.0.44.1\setup.exe
[2005/12/07 23:01:24 | 001,073,120 | ---- | M] (America Online) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\IETOOLBAR_3.0.44.1\toolbar.exe
[2005/10/27 21:45:20 | 022,040,920 | ---- | M] (Apple Computer, Inc. ) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\itunes_setupSTUS\itunessetup.exe
[2005/10/27 21:41:29 | 000,792,664 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\itunes_setupSTUS\setup90.exe
[2005/10/27 21:43:22 | 003,183,256 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\itunes_setupSTUS\comps\acs\acssetup.exe
[2005/10/27 21:42:47 | 007,083,361 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\itunes_setupSTUS\comps\asp\aspsetup.exe
[2005/10/27 21:42:58 | 000,615,424 | ---- | M] (Gtek) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\itunes_setupSTUS\comps\coach\aolcinst.exe
[2005/10/27 21:43:24 | 000,550,512 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\itunes_setupSTUS\comps\deskbar\deskbr.exe
[2005/10/27 21:43:26 | 000,553,984 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\itunes_setupSTUS\comps\flash\flashax.exe
[2005/10/27 21:43:11 | 002,242,759 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\itunes_setupSTUS\comps\fw\nisale.exe
[2005/10/27 21:44:13 | 000,748,608 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\itunes_setupSTUS\comps\ocp\ocpinst.exe
[2005/10/27 21:43:03 | 001,104,004 | ---- | M] (Pure Networks, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\itunes_setupSTUS\comps\port\pmsetup.exe
[2005/10/27 21:42:50 | 000,474,200 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\itunes_setupSTUS\comps\sysinfo\sinfinst.exe
[2005/10/27 21:42:53 | 000,516,032 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\itunes_setupSTUS\comps\tb\tbsetup.exe
[2005/10/27 21:43:29 | 000,620,120 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\itunes_setupSTUS\comps\toolbar\toolbr.exe
[2005/10/27 21:42:27 | 000,590,688 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\itunes_setupSTUS\comps\tpspd\tssetup.exe
[2006/11/07 10:44:22 | 001,177,864 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4023\AIMinst.exe
[2006/11/07 10:44:14 | 000,554,128 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4023\AIMLang.exe
[2006/11/07 10:44:22 | 000,141,944 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4023\alsetup.exe
[2006/11/07 10:44:22 | 000,631,624 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4023\ampx.exe
[2006/11/07 10:44:22 | 000,164,912 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4023\inst.exe
[2006/11/07 10:44:22 | 000,055,200 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4023\instopts.exe
[2006/11/07 10:44:24 | 000,228,912 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4023\migrator.exe
[2006/11/07 10:44:24 | 000,579,248 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4023\muinst.exe
[2006/11/07 10:44:24 | 005,357,264 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4023\ocpinst.exe
[2006/11/07 10:44:28 | 000,035,888 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4023\postproc.exe
[2006/11/07 10:44:28 | 000,312,880 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4023\setup.exe
[2006/11/07 10:44:28 | 000,357,776 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4023\tbsetup.exe
[2006/11/07 10:44:28 | 001,063,368 | ---- | M] (AOL) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4023\toolbar.exe
[2006/11/07 10:44:28 | 000,409,640 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4023\vwpt.exe
[2006/12/01 17:38:46 | 001,178,096 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4024\AIMinst.exe
[2006/12/01 17:38:46 | 000,560,784 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4024\AIMLang.exe
[2006/12/01 17:38:58 | 000,141,944 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4024\alsetup.exe
[2006/12/01 17:38:52 | 000,631,624 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4024\ampx.exe
[2006/12/01 17:38:42 | 000,164,912 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4024\inst.exe
[2006/12/01 17:39:00 | 000,055,200 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4024\instopts.exe
[2006/12/01 17:38:50 | 000,228,912 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4024\migrator.exe
[2006/12/01 17:38:52 | 000,579,248 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4024\muinst.exe
[2006/12/01 17:38:52 | 005,358,864 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4024\ocpinst.exe
[2006/12/01 17:38:42 | 000,035,888 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4024\postproc.exe
[2006/12/01 17:38:56 | 000,312,880 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4024\setup.exe
[2006/12/01 17:38:54 | 000,357,776 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4024\tbsetup.exe
[2006/12/01 17:38:56 | 001,082,064 | ---- | M] (AOL) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4024\toolbar.exe
[2006/12/01 17:38:58 | 000,409,640 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4024\vwpt.exe
[2007/02/27 17:12:40 | 000,299,648 | ---- | M] (America Online) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4059\afixinst.exe
[2007/02/27 17:12:40 | 000,076,712 | ---- | M] (America Online) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4059\afixlang.exe
[2007/02/27 17:12:40 | 000,126,336 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4059\alsetup.exe
[2007/02/27 17:12:28 | 000,284,992 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4059\CCUInst.exe
[2007/02/27 17:12:40 | 000,205,128 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4059\cculang.exe
[2007/02/27 17:12:42 | 000,164,824 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4059\iphinst.exe
[2007/02/27 17:12:42 | 000,555,704 | ---- | M] (America Online) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4059\muinst.exe
[2007/02/27 17:12:42 | 003,238,592 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4059\ocpinst.exe
[2007/02/27 17:12:46 | 000,033,840 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4059\postproc.exe
[2007/02/27 17:12:46 | 000,159,280 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4059\setup.exe
[2007/02/27 17:12:46 | 000,099,128 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4059\sminstlp.exe
[2007/02/27 17:12:46 | 000,174,848 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4059\stmninst.exe
[2007/02/27 17:12:46 | 000,339,640 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4059\tbsetup.exe
[2007/02/27 17:12:46 | 000,215,864 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4059\wsfinst.exe
[2007/08/06 17:12:40 | 000,355,592 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4172\afixinst.exe
[2007/08/06 17:12:42 | 000,127,224 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4172\afixlang.exe
[2007/08/06 17:12:48 | 000,142,040 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4172\alsetup.exe
[2007/08/06 17:12:48 | 000,370,496 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4172\CCUInst.exe
[2007/08/06 17:12:48 | 000,282,056 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4172\cculang.exe
[2007/08/06 17:12:48 | 000,260,040 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4172\ecuinst.exe
[2007/08/06 17:12:50 | 000,580,136 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4172\muinst.exe
[2007/08/06 17:12:50 | 002,439,824 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4172\ocpinsti.exe
[2007/08/06 17:12:50 | 003,147,256 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4172\ocpinsts.exe
[2007/08/06 17:12:52 | 000,036,912 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4172\postproc.exe
[2007/08/06 17:12:52 | 000,170,544 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4172\setup.exe
[2007/08/06 17:12:52 | 000,098,992 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4172\sminstlp.exe
[2007/08/06 17:12:52 | 000,174,752 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4172\stmninst.exe
[2007/08/06 17:12:52 | 000,359,184 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4172\tbsetup.exe
[2007/08/06 17:12:52 | 000,223,152 | ---- | M] (AOL, LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4172\wsfinst.exe
[2007/10/27 13:33:22 | 001,892,192 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4227\waol-0.4334.34.1.exe
[2007/10/27 13:33:28 | 008,139,800 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4227\comps\acs\acssetup.exe
[2007/10/27 13:33:28 | 000,260,040 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4227\comps\acs\ecuinst.exe
[2007/10/27 13:33:28 | 000,355,592 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4227\comps\afix\afixinst.exe
[2007/10/27 13:33:28 | 000,127,224 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4227\comps\afix\afixlang.exe
[2007/10/27 13:33:28 | 000,390,704 | ---- | M] (AOL, LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4227\comps\afix\WinsockFix.exe
[2007/10/27 13:33:28 | 000,223,152 | ---- | M] (AOL, LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4227\comps\afix\wsfinst.exe
[2007/10/27 13:33:32 | 000,142,040 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4227\comps\aolload\alsetup.exe
[2007/10/27 13:33:28 | 002,439,824 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4227\comps\ccu\ocpinsti.exe
[2007/10/27 13:33:32 | 001,134,216 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4227\comps\flash\flash9ex.exe
[2007/10/27 13:33:28 | 000,586,815 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4227\comps\muinst\muinst.exe
[2007/10/27 13:33:28 | 000,062,816 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4227\comps\ocp\ocpgc.exe
[2007/10/27 13:33:28 | 001,475,416 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4227\comps\ocp\ocpinst.exe
[2007/10/27 13:33:30 | 000,054,832 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4227\comps\parcon\AOLParconLink.exe
[2007/10/27 13:33:32 | 000,099,256 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4227\comps\sm\sminstlp.exe
[2007/10/27 13:33:30 | 000,175,280 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4227\comps\sm\stmninst.exe
[2007/10/27 13:33:28 | 000,711,392 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4227\comps\sysinfo\SinfInst.exe
[2007/10/27 13:33:28 | 000,359,184 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4227\comps\tb\tbsetup.exe
[2007/10/27 13:33:28 | 001,104,960 | ---- | M] (AOL) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4227\comps\toolbar\toolbar.exe
[2007/10/27 13:33:28 | 000,607,392 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4227\comps\tpspd\wbsetup.exe
[2007/10/27 13:33:28 | 000,601,728 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4227\comps\unagi\ampx.english.exe
[2007/10/27 13:33:28 | 000,061,440 | ---- | M] (Viewpoint Corporation) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4227\comps\vwpt\VPPrePop.exe
[2007/10/27 13:33:28 | 003,858,056 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4227\comps\vwpt\Vwpt.exe
[2009/12/17 12:45:44 | 001,031,504 | ---- | M] (AOL Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4490\waol-0.4337.174.1.exe
[2009/12/17 12:40:08 | 000,260,040 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4490\comps\acs\ecuinst.exe
[2009/12/17 12:40:10 | 000,035,664 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4490\comps\acs\postproc.exe
[2009/12/17 12:40:10 | 000,168,752 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4490\comps\acs\setup.exe
[2009/12/17 12:39:34 | 001,477,192 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4490\comps\acs\comps\acscore.exe
[2009/12/17 12:39:40 | 000,969,256 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4490\comps\acs\comps\acslaeu.exe
[2009/12/17 12:39:44 | 001,595,720 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4490\comps\acs\comps\acslang.exe
[2009/12/17 12:39:50 | 000,148,264 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4490\comps\acs\comps\acsrollb.exe
[2009/12/17 12:39:52 | 000,021,296 | ---- | M] (AOL Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4490\comps\acs\comps\acsshutd.exe
[2009/12/17 12:39:52 | 000,062,248 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4490\comps\acs\comps\ocpgc.exe
[2009/12/17 12:39:52 | 003,826,712 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4490\comps\acs\comps\ocpinst.exe
[2009/12/17 12:40:12 | 000,355,592 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4490\comps\afix\afixinst.exe
[2009/12/17 12:40:12 | 000,127,224 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4490\comps\afix\afixlang.exe
[2009/12/17 12:40:12 | 000,390,704 | ---- | M] (AOL, LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4490\comps\afix\WinsockFix.exe
[2009/12/17 12:40:14 | 000,223,152 | ---- | M] (AOL, LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4490\comps\afix\wsfinst.exe
[2009/12/17 12:40:14 | 002,439,824 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4490\comps\ccu\ocpinsti.exe
[2009/12/17 12:40:24 | 000,339,808 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4490\comps\desk\dskcore.exe
[2009/12/17 12:40:26 | 002,396,152 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4490\comps\desk\dskcorlp.exe
[2009/12/17 12:40:36 | 000,188,248 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4490\comps\desk\dtblpins.exe
[2009/12/17 12:40:36 | 000,472,296 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4490\comps\desk\dtbsetup.exe
[2009/12/17 12:40:38 | 001,962,544 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4490\comps\flash\flashax.exe
[2009/12/17 12:40:46 | 000,289,960 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4490\comps\gadget\aolDailyScoop.exe
[2009/12/17 12:40:48 | 000,109,552 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4490\comps\gadget\aolSearch.exe
[2009/12/17 12:40:48 | 001,362,936 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4490\comps\msvcr9\msvc9rt.exe
[2009/12/17 12:40:54 | 000,845,814 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4490\comps\muinst\muinst.exe
[2009/12/17 12:40:58 | 000,054,832 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4490\comps\parcon\AOLParconLink.exe
[2009/12/17 12:40:58 | 000,711,104 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4490\comps\sysinfo\SinfInst.exe
[2009/12/17 12:41:02 | 000,416,456 | ---- | M] (AOL Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4490\comps\tb\tbsetup.exe
[2009/12/17 12:41:04 | 001,878,296 | ---- | M] (AOL L.L.C.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4490\comps\toolbar\aol_toolbar.exe
[2009/12/17 12:41:12 | 000,607,392 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4490\comps\tpspd\wbsetup.exe
[2009/12/17 12:41:14 | 000,061,440 | ---- | M] (Viewpoint Corporation) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4490\comps\vwpt\VPPrePop.exe
[2009/12/17 12:41:14 | 003,858,056 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4490\comps\vwpt\Vwpt.exe
[2007/05/05 12:54:05 | 001,272,304 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.41.2\AIMinst.exe
[2007/05/05 12:54:28 | 000,481,432 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.41.2\AIMLang.exe
[2007/05/05 12:54:10 | 000,141,944 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.41.2\alsetup.exe
[2007/05/05 12:54:12 | 000,228,912 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.41.2\migrator.exe
[2007/05/05 12:54:22 | 005,312,840 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.41.2\ocpinst.exe
[2007/05/05 12:54:08 | 000,035,888 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.41.2\postproc.exe
[2007/05/05 12:54:09 | 000,169,520 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.41.2\setup.exe
[2007/05/05 12:54:25 | 000,357,776 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.41.2\tbsetup.exe
[2007/05/05 12:54:27 | 000,376,568 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.41.2\unagi3.exe
[2007/05/05 12:54:38 | 003,858,056 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.41.2\Vwpt.exe
[2006/01/22 18:57:05 | 000,805,064 | ---- | M] (America Online Inc) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.2.2\AIMinst.exe
[2006/01/22 18:57:03 | 000,456,296 | ---- | M] (America Online Inc) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.2.2\AIMLang.exe
[2006/01/22 18:57:01 | 000,081,200 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.2.2\alsetup.exe
[2006/01/22 18:57:03 | 000,601,176 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.2.2\ampx.exe
[2006/01/22 18:57:01 | 000,100,456 | ---- | M] (Gteko Ltd.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.2.2\aod.exe
[2006/01/22 18:57:04 | 000,044,448 | ---- | M] (America Online) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.2.2\instopts.exe
[2006/01/22 18:57:06 | 000,163,136 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.2.2\iphinst.exe
[2006/01/22 18:57:01 | 000,651,952 | ---- | M] (America Online) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.2.2\muinst.exe
[2006/01/22 18:57:09 | 004,982,584 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.2.2\ocpinst.exe
[2006/01/22 18:57:07 | 002,929,248 | ---- | M] (Plaxo, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.2.2\plxoinst.exe
[2006/01/22 18:57:05 | 000,033,896 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.2.2\postproc.exe
[2006/01/22 18:57:02 | 000,308,840 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.2.2\prodpckr.exe
[2006/01/22 18:57:01 | 000,010,344 | ---- | M] (America Online Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.2.2\rmb1.exe
[2006/01/22 18:57:03 | 000,187,496 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.2.2\setup.exe
[2006/01/22 18:57:06 | 000,568,304 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.2.2\SLinst.exe
[2006/01/22 18:57:04 | 000,185,960 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.2.2\SLinstLP.exe
[2006/01/22 18:57:10 | 000,310,288 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.2.2\tbsetup.exe
[2006/01/22 18:57:02 | 000,410,056 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.2.2\vwpt.exe
[2006/04/23 23:26:38 | 000,806,912 | ---- | M] (America Online Inc) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.7.1\AIMinst.exe
[2006/04/23 23:26:04 | 000,456,240 | ---- | M] (America Online Inc) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.7.1\AIMLang.exe
[2006/04/23 23:25:23 | 000,081,200 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.7.1\alsetup.exe
[2006/04/23 23:26:09 | 000,601,176 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.7.1\ampx.exe
[2006/04/23 23:25:47 | 000,100,456 | ---- | M] (Gteko Ltd.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.7.1\aod.exe
[2006/04/23 23:26:20 | 000,044,448 | ---- | M] (America Online) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.7.1\instopts.exe
[2006/04/23 23:25:04 | 000,163,136 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.7.1\iphinst.exe
[2006/04/23 23:25:31 | 000,651,952 | ---- | M] (America Online) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.7.1\muinst.exe
[2006/04/23 23:27:41 | 004,982,584 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.7.1\ocpinst.exe
[2006/04/23 23:27:06 | 002,929,248 | ---- | M] (Plaxo, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.7.1\plxoinst.exe
[2006/04/23 23:26:29 | 000,033,896 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.7.1\postproc.exe
[2006/04/23 23:25:39 | 000,308,840 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.7.1\prodpckr.exe
[2006/04/23 23:25:17 | 000,010,344 | ---- | M] (America Online Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.7.1\rmb1.exe
[2006/04/23 23:26:24 | 000,187,496 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.7.1\setup.exe
[2006/04/23 23:25:53 | 000,568,304 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.7.1\SLinst.exe
[2006/04/23 23:26:17 | 000,185,960 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.7.1\SLinstLP.exe
[2006/04/23 23:25:45 | 000,410,056 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.7.1\vwpt.exe
[2006/06/28 02:32:35 | 000,851,328 | ---- | M] (America Online Inc) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.2.71.1\AIMinst.exe
[2006/06/28 02:33:16 | 000,500,776 | ---- | M] (America Online Inc) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.2.71.1\AIMLang.exe
[2006/06/28 02:32:45 | 000,081,176 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.2.71.1\alsetup.exe
[2006/06/28 02:33:12 | 000,601,152 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.2.71.1\ampx.exe
[2006/06/28 02:33:17 | 000,104,528 | ---- | M] (Gteko Ltd.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.2.71.1\aod.exe
[2006/06/28 02:32:31 | 000,160,336 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.2.71.1\inst.exe
[2006/06/28 02:33:04 | 000,044,448 | ---- | M] (America Online) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.2.71.1\instopts.exe
[2006/06/28 02:32:39 | 000,163,864 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.2.71.1\iphinst.exe
[2006/06/28 02:32:48 | 000,552,392 | ---- | M] (America Online) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.2.71.1\muinst.exe
[2006/06/28 02:33:52 | 005,781,112 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.2.71.1\ocpinst.exe
[2006/06/28 02:33:35 | 002,941,832 | ---- | M] (Plaxo, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.2.71.1\plxoinst.exe
[2006/06/28 02:33:05 | 000,034,896 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.2.71.1\postproc.exe
[2006/06/28 02:33:08 | 000,312,912 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.2.71.1\setup.exe
[2006/06/28 02:32:57 | 000,594,240 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.2.71.1\SLinst.exe
[2006/06/28 02:32:59 | 000,352,112 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.2.71.1\SLinstLP.exe
[2006/06/28 02:33:53 | 000,306,168 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.2.71.1\tbsetup.exe
[2006/06/28 02:33:27 | 001,144,736 | ---- | M] (America Online) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.2.71.1\toolbar.exe
[2006/06/28 02:32:53 | 000,410,032 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.2.71.1\vwpt.exe
[2006/06/28 02:32:50 | 000,138,296 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.2.71.1\WDInst.exe
[2006/11/13 22:44:30 | 001,179,856 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.23.1\AIMinst.exe
[2006/11/13 22:44:00 | 000,554,704 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.23.1\AIMLang.exe
[2006/11/13 22:45:00 | 000,141,944 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.23.1\alsetup.exe
[2006/11/13 22:44:52 | 000,631,624 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.23.1\ampx.exe
[2006/11/13 22:43:51 | 000,164,912 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.23.1\inst.exe
[2006/11/13 22:44:14 | 000,055,200 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.23.1\instopts.exe
[2006/11/13 22:44:44 | 000,228,912 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.23.1\migrator.exe
[2006/11/13 22:44:05 | 000,579,272 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.23.1\muinst.exe
[2006/11/13 22:45:27 | 005,355,656 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.23.1\ocpinst.exe
[2006/11/13 22:44:18 | 000,035,888 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.23.1\postproc.exe
[2006/11/13 22:44:20 | 000,312,880 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.23.1\setup.exe
[2006/11/13 22:45:29 | 000,357,776 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.23.1\tbsetup.exe
[2006/11/13 22:44:48 | 001,063,368 | ---- | M] (AOL) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.23.1\toolbar.exe
[2006/11/13 22:44:16 | 000,409,640 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.23.1\vwpt.exe
[2007/10/01 21:43:58 | 000,854,576 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4327.165.1\waol-0.4327.165.1.exe
[2007/10/01 21:42:14 | 014,972,808 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4327.165.1\comps\acs\acssetup.exe
[2007/10/01 21:40:07 | 000,343,392 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4327.165.1\comps\afix\afixinst.exe
[2007/10/01 21:44:01 | 000,120,112 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4327.165.1\comps\afix\afixlang.exe
[2007/10/01 21:38:48 | 000,390,704 | ---- | M] (AOL, LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4327.165.1\comps\afix\WinsockFix.exe
[2007/10/01 21:39:55 | 000,223,152 | ---- | M] (AOL, LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4327.165.1\comps\afix\wsfinst.exe
[2007/10/01 21:47:32 | 000,142,608 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4327.165.1\comps\aolload\alsetup.exe
[2007/10/01 21:44:11 | 001,134,216 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4327.165.1\comps\flash\flash9ex.exe
[2007/10/01 21:43:50 | 000,573,690 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4327.165.1\comps\muinst\muinst.exe
[2007/10/01 21:39:53 | 000,054,832 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4327.165.1\comps\ocp\ocpgc.exe
[2007/10/01 21:39:08 | 001,387,568 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4327.165.1\comps\ocp\ocpinst.exe
[2007/10/01 21:40:02 | 000,054,832 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4327.165.1\comps\parcon\AOLParconLink.exe
[2007/10/01 21:38:44 | 000,099,464 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4327.165.1\comps\sm\sminstlp.exe
[2007/10/01 21:44:16 | 000,175,488 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4327.165.1\comps\sm\stmninst.exe
[2007/10/01 21:47:45 | 000,686,928 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4327.165.1\comps\sysinfo\SinfInst.exe
[2007/10/01 21:39:59 | 000,357,768 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4327.165.1\comps\tb\tbsetup.exe
[2007/10/01 21:38:38 | 001,104,960 | ---- | M] (AOL) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4327.165.1\comps\toolbar\toolbar.exe
[2007/10/01 21:47:39 | 000,607,392 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4327.165.1\comps\tpspd\wbsetup.exe
[2007/10/01 21:38:39 | 000,061,440 | ---- | M] (Viewpoint Corporation) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4327.165.1\comps\vwpt\VPPrePop.exe
[2007/10/01 21:44:49 | 003,858,056 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4327.165.1\comps\vwpt\Vwpt.exe
[2009/10/08 17:06:08 | 024,910,864 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4337.142.1\noneCodesignFilesBundle.exe
[2009/10/08 17:04:19 | 000,899,944 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4337.142.1\waol-0.4337.142.1.exe
[2009/10/08 17:04:58 | 000,260,040 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4337.142.1\comps\acs\ecuinst.exe
[2009/10/08 17:03:51 | 000,035,688 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4337.142.1\comps\acs\postproc.exe
[2009/10/08 17:04:22 | 000,168,752 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4337.142.1\comps\acs\setup.exe
[2009/10/08 17:04:00 | 001,480,888 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4337.142.1\comps\acs\comps\acscore.exe
[2009/10/08 17:04:40 | 000,964,440 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4337.142.1\comps\acs\comps\acslaeu.exe
[2009/10/08 17:04:13 | 001,613,832 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4337.142.1\comps\acs\comps\acslang.exe
[2009/10/08 17:04:23 | 000,148,232 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4337.142.1\comps\acs\comps\acsrollb.exe
[2009/10/08 17:03:44 | 000,021,296 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4337.142.1\comps\acs\comps\acsshutd.exe
[2009/10/08 17:04:22 | 000,062,248 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4337.142.1\comps\acs\comps\ocpgc.exe
[2009/10/08 17:04:55 | 003,346,736 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4337.142.1\comps\acs\comps\ocpinst.exe
[2009/10/08 17:04:16 | 000,355,592 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4337.142.1\comps\afix\afixinst.exe
[2009/10/08 17:04:21 | 000,127,224 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4337.142.1\comps\afix\afixlang.exe
[2009/10/08 17:04:42 | 000,390,704 | ---- | M] (AOL, LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4337.142.1\comps\afix\WinsockFix.exe
[2009/10/08 17:05:00 | 000,223,152 | ---- | M] (AOL, LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4337.142.1\comps\afix\wsfinst.exe
[2009/10/08 17:04:07 | 002,439,824 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4337.142.1\comps\ccu\ocpinsti.exe
[2009/10/08 17:04:17 | 000,339,632 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4337.142.1\comps\desk\dskcore.exe
[2009/10/08 17:06:30 | 002,396,160 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4337.142.1\comps\desk\dskcorlp.exe
[2009/10/08 17:04:34 | 000,188,176 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4337.142.1\comps\desk\dtblpins.exe
[2009/10/08 17:04:15 | 000,470,232 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4337.142.1\comps\desk\dtbsetup.exe
[2009/09/25 14:33:02 | 001,962,544 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4337.142.1\comps\flash\flashax.exe
[2009/10/08 17:04:09 | 000,289,960 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4337.142.1\comps\gadget\aolDailyScoop.exe
[2009/10/08 17:04:40 | 000,109,552 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4337.142.1\comps\gadget\aolSearch.exe
[2009/10/08 17:04:46 | 001,362,936 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4337.142.1\comps\msvcr9\msvc9rt.exe
[2009/09/25 14:32:54 | 000,845,814 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4337.142.1\comps\muinst\muinst.exe
[2009/10/08 17:03:50 | 000,054,832 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4337.142.1\comps\parcon\AOLParconLink.exe
[2009/10/08 17:04:32 | 000,711,104 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4337.142.1\comps\sysinfo\SinfInst.exe
[2009/10/08 17:06:15 | 000,404,568 | ---- | M] (AOL LLC) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4337.142.1\comps\tb\tbsetup.exe
[2009/10/08 17:04:29 | 001,878,296 | ---- | M] (AOL L.L.C.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4337.142.1\comps\toolbar\aol_toolbar.exe
[2009/10/08 17:04:36 | 000,607,392 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4337.142.1\comps\tpspd\wbsetup.exe
[2009/09/25 14:32:46 | 000,061,440 | ---- | M] (Viewpoint Corporation) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4337.142.1\comps\vwpt\VPPrePop.exe
[2009/09/25 14:32:46 | 003,858,056 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4337.142.1\comps\vwpt\Vwpt.exe
[2009/03/31 21:01:09 | 057,261,736 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4337.29.1\setup.exe
[2008/07/08 02:12:18 | 000,505,245 | ---- | M] (Computer Associates Int'l ) -- C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\PPClean.exe
[87 C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\*.tmp files -> C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\*.tmp -> ]
[2006/05/22 20:08:16 | 000,075,462 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\ASP63C.tmp\aspapp\alsetup.exe
[2006/05/22 20:08:18 | 000,405,070 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\ASP63C.tmp\aspapp\aspinst.exe
[2006/05/22 20:08:24 | 000,422,386 | ---- | M] (America Online) -- C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\ASP63C.tmp\aspapp\muninst.exe
[2006/05/22 20:08:26 | 007,402,510 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\ASP63C.tmp\aspapp\ocpinst.exe
[2006/05/22 20:08:27 | 000,029,184 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\ASP63C.tmp\aspapp\postproc.exe
[2006/05/22 20:08:29 | 000,160,848 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\ASP63C.tmp\aspapp\setup.exe
[2006/05/22 20:08:31 | 000,222,000 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\ASP63C.tmp\aspapp\tbsetup.exe
[2006/05/21 20:01:18 | 000,075,462 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\ASP645.tmp\aspapp\alsetup.exe
[2006/05/21 20:02:24 | 000,405,070 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\ASP645.tmp\aspapp\aspinst.exe
[2006/05/21 20:02:35 | 000,422,386 | ---- | M] (America Online) -- C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\ASP645.tmp\aspapp\muninst.exe
[2006/05/21 20:03:19 | 007,402,510 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\ASP645.tmp\aspapp\ocpinst.exe
[2006/05/21 20:03:20 | 000,029,184 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\ASP645.tmp\aspapp\postproc.exe
[2006/05/21 20:03:22 | 000,160,848 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\ASP645.tmp\aspapp\setup.exe
[2006/05/21 20:03:25 | 000,222,000 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\ASP645.tmp\aspapp\tbsetup.exe
[2006/05/16 17:06:36 | 000,075,462 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\ASP662.tmp\aspapp\alsetup.exe
[2006/05/16 17:06:38 | 000,405,070 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\ASP662.tmp\aspapp\aspinst.exe
[2006/05/16 17:06:44 | 000,422,386 | ---- | M] (America Online) -- C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\ASP662.tmp\aspapp\muninst.exe
[2006/05/16 17:07:13 | 007,389,283 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\ASP662.tmp\aspapp\ocpinst.exe
[2006/05/16 17:07:14 | 000,029,184 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\ASP662.tmp\aspapp\postproc.exe
[2006/05/16 17:07:16 | 000,160,848 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\ASP662.tmp\aspapp\setup.exe
[2006/05/16 17:07:17 | 000,222,000 | ---- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\ASP662.tmp\aspapp\tbsetup.exe
[2007/02/05 13:38:28 | 000,245,760 | ---- | M] (CA) -- C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\ppclean\pcodelauncher.exe
[2007/03/16 07:05:13 | 002,304,136 | ---- | M] (AOL, LLC) -- C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\updates\asprtpup.exe
[2007/09/23 20:01:51 | 000,053,248 | ---- | M] (AOL, Inc.) -- C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\updates\aspapp\sunsetAsp2.exe
[2010/03/30 17:25:00 | 000,073,000 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
[2007/11/13 16:46:00 | 000,135,168 | ---- | M] ( ) -- C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
[2010/04/02 00:15:15 | 000,056,969 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
[2010/04/02 00:16:59 | 000,057,409 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
[2010/04/02 00:17:14 | 000,054,128 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
[2010/04/02 00:17:16 | 000,054,153 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
[2009/09/01 06:37:11 | 000,529,200 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\DivX7\DivX Converter\DivXConverterUninstall.exe
[2009/09/01 06:38:45 | 000,529,200 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\DivX7\DivX Plus DirectShow Filters\DivXDSFiltersUninstall.exe
[2010/04/02 00:17:20 | 000,056,458 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
[2010/04/02 00:18:37 | 000,056,766 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
[2010/04/02 00:17:19 | 000,054,174 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe
[2010/04/02 00:17:23 | 000,057,532 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
[2010/04/02 00:17:25 | 000,054,166 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
[2010/04/02 00:17:27 | 000,057,054 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
[2010/04/02 00:17:01 | 000,054,101 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
[2010/04/02 00:16:56 | 000,052,963 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
[2010/04/02 00:18:17 | 000,057,677 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\Player\Uninstaller.exe
[2010/04/02 00:15:26 | 000,054,073 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
[2010/04/02 00:11:06 | 000,986,904 | ---- | M] (DivX, Inc. ) -- C:\Documents and Settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
[2010/04/02 00:17:12 | 000,054,629 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
[2010/04/02 00:17:36 | 000,084,035 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
[2010/04/02 00:18:20 | 000,053,600 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\Update\Uninstaller.exe
[2010/04/02 00:18:30 | 000,056,978 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe

< %APPDATA%\*. >
[2007/11/08 21:30:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\AccurateRip
[2010/03/28 20:29:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Adobe
[2007/02/01 22:40:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\AdobeUM
[2006/11/14 00:32:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Aim
[2005/12/03 00:35:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Allume Systems
[2007/11/13 03:54:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Amazon
[2009/12/26 06:17:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\AOL
[2009/09/10 00:35:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Apple Computer
[2007/05/23 10:49:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\ATI
[2009/02/17 21:38:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\atitray
[2010/04/23 21:47:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\BitTorrent
[2005/12/20 18:45:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Common Files
[2005/10/27 23:29:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Corel Photo Album
[2005/10/27 21:04:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Creative
[2006/02/05 19:00:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\CyberLink
[2010/04/20 21:07:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\DivX
[2009/02/01 04:26:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\DNA
[2009/10/08 18:50:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Download Manager
[2007/11/14 20:15:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Earthsim
[2010/02/06 06:09:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\GetRightToGo
[2010/04/18 12:54:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\GHISLER
[2006/10/08 15:47:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Google
[2010/01/30 12:11:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Graham\Application Data\GTek
[2010/02/06 03:18:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\HandBrake
[2005/10/28 21:38:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Help
[2005/12/20 18:45:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\HP
[2004/08/19 16:14:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Identities
[2008/02/08 22:26:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\InstallShield
[2009/11/18 19:08:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\iTSfv
[2009/04/01 17:55:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Kontiki
[2005/10/27 23:25:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Leadertech
[2010/01/17 04:49:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\LEGO Company
[2006/02/26 00:17:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Macromedia
[2009/01/20 00:45:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Malwarebytes
[2009/02/16 22:20:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\MCMPEGEnc
[2009/02/16 06:15:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Media Player Classic
[2010/04/20 18:33:47 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Graham\Application Data\Microsoft
[2007/01/06 21:01:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Microsoft Games
[2009/07/01 03:08:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Mozilla
[2009/02/16 05:59:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\MPEG Streamclip
[2006/05/01 22:51:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\NetMedia Providers
[2009/02/15 23:06:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Nikon
[2009/04/01 17:37:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\OfficeUpdate12
[2005/12/10 01:04:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Opera
[2006/05/01 22:51:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Publish Providers
[2009/02/03 17:45:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Real
[2006/08/08 17:44:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Sereniti
[2005/10/27 23:27:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Sonic
[2006/05/01 22:51:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Sonic Foundry
[2007/11/19 19:25:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Subversion
[2005/10/26 13:55:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Sun
[2010/04/19 16:24:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\SystemRequirementsLab
[2006/09/07 18:54:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Talkback
[2006/12/05 22:22:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Tor
[2010/02/21 22:07:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\U3
[2006/10/02 22:57:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Vidalia
[2009/04/07 18:18:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Viewpoint
[2009/10/23 14:56:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Windows Desktop Search
[2009/10/25 03:37:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Windows Search
[2010/03/28 20:24:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\WinRAR
[2005/10/27 21:47:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\You've Got Pictures Screensaver

< %APPDATA%\*.exe /s >
[2007/02/01 22:39:45 | 021,277,080 | ---- | M] ( ) -- C:\Documents and Settings\Graham\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdr709_en_US.exe
[2010/04/20 18:40:22 | 000,003,584 | R--- | M] () -- C:\Documents and Settings\Graham\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
[2009/10/05 15:46:49 | 000,057,344 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\Graham\Application Data\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
[2006/10/17 01:03:49 | 000,009,158 | R--- | M] () -- C:\Documents and Settings\Graham\Application Data\Microsoft\Installer\{9A2AF890-B0CD-43DC-85F6-AA0B51024DFF}\ARPPRODUCTICON.exe
[2006/10/17 01:01:10 | 000,009,158 | R--- | M] () -- C:\Documents and Settings\Graham\Application Data\Microsoft\Installer\{C941F1F1-25B3-4DF5-83E6-888C51A1AAB6}\ARPPRODUCTICON.exe
[2009/10/05 15:48:41 | 000,049,152 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\Graham\Application Data\Microsoft\Installer\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\ARPPRODUCTICON.exe
[2006/12/07 10:45:12 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\Graham\Application Data\U3\temp\cleanup.exe
[2006/12/07 10:45:12 | 003,096,576 | -H-- | M] (SanDisk Corporation) -- C:\Documents and Settings\Graham\Application Data\U3\temp\Launchpad Removal.exe

< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/10 05:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2004/08/10 05:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/06/03 06:01:21 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/06/03 06:01:21 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/10 05:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/10 05:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/06/03 06:01:21 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/06/03 06:01:21 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/10 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\i386\eventlog.dll
[2004/08/10 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2007/03/21 12:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\dell\Drivers\R158601\iastor.sys
[2005/06/17 12:33:40 | 000,872,064 | ---- | M] (Intel Corporation) MD5=9A65E42664D1534B68512CAAD0EFE963 -- C:\drivers\storage\sata\onboard\iastor.sys
[2005/06/17 12:33:40 | 000,872,064 | ---- | M] (Intel Corporation) MD5=9A65E42664D1534B68512CAAD0EFE963 -- C:\i386\iaStor.sys
[2005/06/17 12:33:40 | 000,872,064 | ---- | M] (Intel Corporation) MD5=9A65E42664D1534B68512CAAD0EFE963 -- C:\WINDOWS\system32\drivers\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/10 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll
[2004/08/10 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/10 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\i386\scecli.dll
[2004/08/10 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2010/02/10 23:46:14 | 000,442,368 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\WINDOWS\system32\ATIDEMGX.dll
[2008/04/13 19:11:51 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2007/05/21 20:46:00 | 000,682,232 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys

< %systemroot%\System32\config\*.sav >
[2004/08/19 15:56:28 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/19 15:56:28 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/19 15:56:28 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/02/11 02:38:10 | 003,565,056 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys
[2010/03/29 15:24:46 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/03/29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2010/02/24 08:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2010/02/11 07:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys
< End of report >



And the log from GMER:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-25 20:52:46
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Graham\LOCALS~1\Temp\fxtdipod.sys


---- System - GMER 1.0.15 ----

SSDT sptd.sys ZwCreateKey [0xB9EC00D0]
SSDT sptd.sys ZwEnumerateKey [0xB9EC5E2C]
SSDT sptd.sys ZwEnumerateValueKey [0xB9EC61BA]
SSDT sptd.sys ZwOpenKey [0xB9EC00B0]
SSDT sptd.sys ZwQueryKey [0xB9EC6292]
SSDT sptd.sys ZwQueryValueKey [0xB9EC6112]
SSDT sptd.sys ZwSetValueKey [0xB9EC6324]

---- Kernel code sections - GMER 1.0.15 ----

? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
.sfrelocÿÿÿÿsfsync03unknown last section [0xBA0E5000, 0xA20, 0x40000040] C:\WINDOWS\system32\drivers\sfsync03.sys unknown last section [0xBA0E5000, 0xA20, 0x40000040]
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB8A99000, 0x1C5D38, 0xE8000020]
.text USBPORT.SYS!DllUnload B8A4B8AC 5 Bytes JMP 8AE6B1C8
? System32\Drivers\a6gvwgjl.SYS The system cannot find the path specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\SearchIndexer.exe[2132] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2852] USER32.dll!GetWindowLongW 7E4188A6 5 Bytes JMP 6301DF36 C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2852] USER32.dll!GetWindowLongA 7E41945D 5 Bytes JMP 6301DEB2 C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2852] USER32.dll!SetWindowPlacement 7E41DE46 5 Bytes JMP 6301DFBA C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2852] USER32.dll!DefWindowProcW 7E428D20 5 Bytes JMP 6305D107 C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2852] USER32.dll!GetWindowRect 7E4290B4 5 Bytes JMP 6301E794 C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2852] USER32.dll!SetWindowPos 7E4299F3 5 Bytes JMP 6301E57F C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2852] USER32.dll!MoveWindow 7E42B29E 1 Byte [E9]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2852] USER32.dll!MoveWindow 7E42B29E 5 Bytes JMP 6301E374 C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2852] USER32.dll!DefWindowProcA 7E42C17E 5 Bytes JMP 6305D08D C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2852] USER32.dll!SetWindowLongA 7E42C29D 5 Bytes JMP 6301DDD6 C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2852] USER32.dll!SetWindowLongW 7E42C2BB 5 Bytes JMP 6301DE44 C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2852] USER32.dll!GetWindowPlacement 7E4303C7 5 Bytes JMP 6301E161 C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation)
.text C:\Program Files\PeerBlock\peerblock.exe[3552] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 004510E0 C:\Program Files\PeerBlock\peerblock.exe (PeerBlock/PeerBlock, LLC)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8B9091E8
Device \FileSystem\Fastfat \FatCdrom 8A8591E8
Device \Driver\usbuhci \Device\USBPDO-0 8AE597A0
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8B90B1E8
Device \Driver\dmio \Device\DmControl\DmConfig 8B90B1E8
Device \Driver\dmio \Device\DmControl\DmPnP 8B90B1E8
Device \Driver\dmio \Device\DmControl\DmInfo 8B90B1E8
Device \Driver\usbuhci \Device\USBPDO-1 8AE597A0
Device \Driver\usbuhci \Device\USBPDO-2 8AE597A0
Device \Driver\usbuhci \Device\USBPDO-3 8AE597A0
Device \Driver\usbehci \Device\USBPDO-4 8AE4E7A0
Device \Driver\Ftdisk \Device\HarddiskVolume1 8B97E1E8

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)

Device \Driver\Ftdisk \Device\HarddiskVolume2 8B97E1E8

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)

Device \Driver\Cdrom \Device\CdRom0 8AE1D7A0
Device \Driver\Cdrom \Device\CdRom1 8AE1D7A0
Device \Driver\iastor \Device\Ide\iaStor0 8B90A1E8
Device \Driver\iastor \Device\Ide\iaStor0 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort0 [B9E14B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [B9E14B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [B9E14B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\iastor \Device\Ide\IAAStorageDevice-0 8B90A1E8
Device \Driver\iastor \Device\Ide\IAAStorageDevice-0 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\iastor \Device\Ide\IAAStorageDevice-1 8B90A1E8
Device \Driver\iastor \Device\Ide\IAAStorageDevice-1 sfsync03.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\Ftdisk \Device\HarddiskVolume3 8B97E1E8

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)

Device \Driver\Ftdisk \Device\HarddiskVolume4 8B97E1E8

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)

Device \Driver\NetBT \Device\NetBt_Wins_Export 8A85F7A0
Device \Driver\NetBT \Device\NetBT_Tcpip_{2F69DF63-90DE-4818-A569-A6BCFA5464FD} 8A85F7A0
Device \Driver\NetBT \Device\NetbiosSmb 8A85F7A0
Device \Driver\PCI_NTPNP5948 \Device\0000005b sptd.sys
Device \Driver\usbuhci \Device\USBFDO-0 8AE597A0
Device \Driver\usbuhci \Device\USBFDO-1 8AE597A0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A8687A0
Device \Driver\usbuhci \Device\USBFDO-2 8AE597A0
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A8687A0
Device \Driver\usbuhci \Device\USBFDO-3 8AE597A0
Device \Driver\usbehci \Device\USBFDO-4 8AE4E7A0
Device \Driver\Ftdisk \Device\FtControl 8B97E1E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{B4601DA1-8477-4AC8-8770-34FF6E6A5F00} 8A85F7A0
Device \Driver\a6gvwgjl \Device\Scsi\a6gvwgjl1 8AEB47A0
Device \FileSystem\Fastfat \Fat 8A8591E8

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs 8A8551E8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x90 0x63 0x93 0xD0 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x08 0xDD 0xAB 0x65 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x38 0x7A 0x98 0xB6 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x90 0x63 0x93 0xD0 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x08 0xDD 0xAB 0x65 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x38 0x7A 0x98 0xB6 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x90 0x63 0x93 0xD0 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x08 0xDD 0xAB 0x65 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x38 0x7A 0x98 0xB6 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x90 0x63 0x93 0xD0 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x08 0xDD 0xAB 0x65 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x38 0x7A 0x98 0xB6 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x90 0x63 0x93 0xD0 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x08 0xDD 0xAB 0x65 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x38 0x7A 0x98 0xB6 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x90 0x63 0x93 0xD0 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x08 0xDD 0xAB 0x65 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x38 0x7A 0x98 0xB6 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x90 0x63 0x93 0xD0 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x08 0xDD 0xAB 0x65 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x38 0x7A 0x98 0xB6 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x90 0x63 0x93 0xD0 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x08 0xDD 0xAB 0x65 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x38 0x7A 0x98 0xB6 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x90 0x63 0x93 0xD0 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x08 0xDD 0xAB 0x65 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x38 0x7A 0x98 0xB6 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x90 0x63 0x93 0xD0 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x08 0xDD 0xAB 0x65 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x38 0x7A 0x98 0xB6 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x90 0x63 0x93 0xD0 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x08 0xDD 0xAB 0x65 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x38 0x7A 0x98 0xB6 ...
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x90 0x63 0x93 0xD0 ...
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x08 0xDD 0xAB 0x65 ...
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x38 0x7A 0x98 0xB6 ...

---- EOF - GMER 1.0.15 ----

Edited by K1500, 25 April 2010 - 08:14 PM.

  • 0

#57
hammerman
Posted 26 April 2010 - 04:33 PM

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hi,

Let's try a Clean Boot.

Step 1: Start the System Configuration Utility
1. Click Start, click Run, type msconfig, and then click OK.
2. The System Configuration Utility dialog box is displayed.

Step 2: Configure selective startup options
1. In the System Configuration Utility dialog box, click the General tab, and then click Selective Startup.
2. Click to clear the Process SYSTEM.INI File check box.
3. Click to clear the Process WIN.INI File check box.
4. Click to clear the Load Startup Items check box. Verify that Load System Services and Use Original BOOT.INI are checked.
5. Click the Services tab.
6. Click to select the Hide All Microsoft Services check box.
7. Click Disable All, and then click OK.
When you are prompted, click Restart to restart the computer.

Step 3: Log on to Windows
If you are prompted, log on to Windows.
When you receive the following message, click to select the Don't show this message or launch the System Configuration Utility when Windows start check box, and then click OK.

You have used the System Configuration Utility to make changes to the way Windows starts.
The System Configuration Utility is currently in Diagnostic or Selective Startup mode, causing this message to be displayed and the utility to run every time Windows starts.


Now run a Malwarebytes scan and let me know if you get a BSOD.
  • 0

#58
K1500
Posted 27 April 2010 - 12:19 AM

K1500

    Member

  • Topic Starter
  • Member
  • PipPip
  • 68 posts
Still no good; it crashed almost immediately. Here's a picture of the blue screen just in case any of the error codes changed:

Posted Image
  • 0

#59
hammerman
Posted 28 April 2010 - 03:43 PM

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hi,

Please run msconfig again and select Normal Startup in the General tab.

Are you able to run an MBAM scan in Safe mode still?


From the Start menu, select Run...
In the Open field, type sfc /scannow (Note: There is a space between sfc and /scannow)
Select the OK button.
Follow the prompts throughout the System File Checker process.
Reboot the computer when System File Checker completes.

Note: You may be prompted to insert your original Windows CD, so please have this at hand.
  • 0

#60
K1500
Posted 28 April 2010 - 03:57 PM

K1500

    Member

  • Topic Starter
  • Member
  • PipPip
  • 68 posts
I'm not sure, I think it's safe to assume MBAM still works fine in safe mode, but I'll run it and let you know.

I don't have a Windows CD as I didn't get one with my computer. :)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP