This has probably been dealt with hundreds of times but I'm not all that computer savvy and I don't want to stuff anything up. Anyway, something is sending out all these spam emails from my account. It also deleted every email I had from this year, and clears out the sent box. I did all the steps that is listed in the malware and spyware cleaning guide but it found nothing, so it couldnt be fixed?
Below is all those notepad files I'm supposed to post.
Thanks for any help!
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4111
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904
18/05/2010 11:33:56 PM
mbam-log-2010-05-18 (23-33-56).txt
Scan type: Quick scan
Objects scanned: 118810
Time elapsed: 8 minute(s), 51 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
OTL logfile created on: 19/05/2010 12:39:40 AM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Daniel\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 55.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.88 Gb Total Space | 160.33 Gb Free Space | 72.59% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: DANIEL-PC
Current User Name: Daniel
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/05/19 00:37:15 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel\Downloads\OTL.exe
PRC - [2010/05/18 23:19:12 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Daniel\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2010/05/07 06:59:42 | 002,815,192 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/05/07 06:59:38 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/03/31 18:13:42 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/12/20 00:49:40 | 000,030,192 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2009/09/04 16:40:49 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/05/16 15:39:46 | 000,707,104 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
PRC - [2009/05/16 15:39:46 | 000,703,008 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
PRC - [2009/05/16 15:39:44 | 000,453,152 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe
PRC - [2009/05/15 16:03:30 | 000,305,448 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe
PRC - [2009/05/15 16:03:18 | 000,345,384 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
PRC - [2009/05/14 12:39:42 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe
PRC - [2009/05/13 15:24:00 | 000,173,080 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxext.exe
PRC - [2009/04/11 16:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/10 20:11:20 | 000,117,256 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\dsiwmis.exe
PRC - [2009/04/08 21:28:22 | 001,067,528 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2009/04/02 14:06:08 | 000,249,600 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2009/04/02 14:06:02 | 000,054,528 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2009/03/26 12:18:38 | 000,791,840 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009/03/26 12:18:38 | 000,578,848 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009/03/10 18:48:30 | 006,957,600 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
PRC - [2009/02/12 10:38:40 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/02/12 10:38:38 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/02/12 08:46:28 | 000,565,248 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\AcerVCM.exe
PRC - [2009/02/06 01:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe
PRC - [2008/08/21 11:42:42 | 000,370,872 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2008/07/30 12:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2008/01/21 12:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
========== Modules (SafeList) ==========
MOD - [2010/05/19 00:37:15 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel\Downloads\OTL.exe
MOD - [2010/03/06 00:01:02 | 000,420,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
MOD - [2009/12/20 00:49:41 | 000,123,392 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll
MOD - [2009/05/16 15:40:08 | 000,215,584 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer PowerSmart Manager\SysHook.dll
MOD - [2009/04/11 16:28:25 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wmiutils.dll
MOD - [2009/04/11 16:28:25 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wbemsvc.dll
MOD - [2009/04/11 16:28:25 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wbemprox.dll
MOD - [2009/04/11 16:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\fastprox.dll
MOD - [2009/04/11 16:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll
MOD - [2009/04/11 16:21:38 | 001,748,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\GdiPlus.dll
MOD - [2009/04/11 16:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/21 12:24:58 | 000,188,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wbemdisp.dll
MOD - [2008/01/21 12:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2008/01/21 12:24:13 | 000,376,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sxs.dll
MOD - [2008/01/21 12:23:53 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbemcomn.dll
========== Win32 Services (SafeList) ==========
SRV - [2010/05/07 06:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/05/07 06:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/05/07 06:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/12/20 00:49:40 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829)
SRV - [2009/09/25 11:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/08/24 21:36:45 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2009/05/16 15:39:46 | 000,703,008 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc)
SRV - [2009/05/15 16:03:30 | 000,305,448 | ---- | M] () [Auto | Running] -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009/04/10 20:11:20 | 000,117,256 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2009/04/02 14:06:02 | 000,054,528 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/03/26 12:18:38 | 000,578,848 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/02/12 10:38:40 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2009/02/06 01:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2008/08/21 11:42:42 | 000,370,872 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2008/01/21 12:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
========== Driver Services (SafeList) ==========
DRV - [2010/05/07 06:39:23 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/05/07 06:39:00 | 000,164,048 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/05/07 06:34:27 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/05/07 06:34:10 | 000,051,792 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010/05/07 06:33:47 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/05/07 12:14:42 | 004,740,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2009/04/27 18:16:06 | 000,050,176 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C60x86.sys -- (L1C)
DRV - [2009/03/26 13:14:34 | 000,021,000 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DKbFltr.sys -- (DKbFltr)
DRV - [2009/03/25 17:48:32 | 000,015,360 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2009/03/24 20:14:40 | 000,084,256 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2009/03/24 20:14:38 | 000,106,784 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2009/03/24 20:14:34 | 000,017,056 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2009/03/10 18:21:12 | 002,338,720 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/03/06 18:58:44 | 000,208,304 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2009/02/12 10:11:50 | 000,329,752 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2008/12/22 18:05:10 | 000,029,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwl2cap.sys -- (btwl2cap)
DRV - [2008/12/05 11:34:34 | 000,059,952 | ---- | M] (Egis Incorporated.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV - [2008/12/05 11:34:34 | 000,019,504 | ---- | M] (Egis Incorporated.) [File_System | System | Running] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV - [2008/12/05 11:34:34 | 000,016,432 | ---- | M] (Egis Incorporated.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV - [2008/12/05 04:25:38 | 000,112,640 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2008/11/17 09:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2008/08/21 10:57:26 | 000,020,152 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva)
DRV - [2008/04/17 15:36:14 | 000,101,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/01/30 19:51:50 | 000,013,824 | ---- | M] (NewTech Infosystems Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\UBHelper.sys -- (UBHelper)
DRV - [2008/01/21 12:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/21 12:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/21 12:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/21 12:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/21 12:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/21 12:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/21 12:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/21 12:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/21 12:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/21 12:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/21 12:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/21 12:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/21 12:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/21 12:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/21 12:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/21 12:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/21 12:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/21 12:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/21 12:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/21 12:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/21 12:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/21 12:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/21 12:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/21 12:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/21 12:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 19:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 19:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 19:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 19:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 19:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 19:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 19:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 19:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 19:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 19:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 19:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 18:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 18:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 18:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 18:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 18:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 18:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 17:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...;m=aspire_3810t
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...;m=aspire_3810t
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...;m=aspire_3810t
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://www.uow.edu.au/autoproxy.pac
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com.au"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}:5.0.15
FF - prefs.js..extensions.enabledItems: {37fa1426-b82d-11db-8314-0800200c9a66}:2.4.1
FF - prefs.js..keyword.URL: "http://au.yhs.search...2-tb-web_au&p="
FF - prefs.js..network.proxy.autoconfig_url: "http://www.uow.edu.a.../autoproxy.pac"
FF - prefs.js..network.proxy.type: 2
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/31 18:13:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/31 18:13:44 | 000,000,000 | ---D | M]
[2010/02/23 17:45:49 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Mozilla\Extensions
[2010/02/23 17:45:49 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Mozilla\Extensions\[email protected]
[2010/05/18 22:26:04 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\f6gyjg0l.default\extensions
[2010/05/17 19:10:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\f6gyjg0l.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/17 19:10:40 | 000,000,000 | ---D | M] (WebMail Notifier) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\f6gyjg0l.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}
[2010/05/17 19:10:40 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\f6gyjg0l.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/05/16 01:56:49 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/16 01:56:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}
[2009/11/10 23:00:53 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2009/11/10 23:00:53 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2009/11/10 23:00:53 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2009/11/10 23:00:53 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml
O1 HOSTS File: ([2006/09/19 07:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [mwlDaemon] C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 07:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{38828e39-ccc1-11de-bb39-001e331d8a78}\Shell - "" = AutoRun
O33 - MountPoints2\{38828e39-ccc1-11de-bb39-001e331d8a78}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- File not found
O33 - MountPoints2\{7279162e-99c3-11de-9677-001e331d8a78}\Shell - "" = AutoRun
O33 - MountPoints2\{7279162e-99c3-11de-9677-001e331d8a78}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{72791630-99c3-11de-9677-001e331d8a78}\Shell - "" = AutoRun
O33 - MountPoints2\{72791630-99c3-11de-9677-001e331d8a78}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- File not found
O33 - MountPoints2\{b7ce0b35-991d-11de-8160-001e331d8a78}\Shell - "" = AutoRun
O33 - MountPoints2\{b7ce0b35-991d-11de-8160-001e331d8a78}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- File not found
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\AutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (aswBoot.exe /A:"*" /L:"1033" /heur:80 /pup /archives /IA:0 /KBD:2 /dir:"C:\Program Files\Alwil Software\Avast5") - C:\Windows\System32\aswBoot.exe (ALWIL Software)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 90 Days ==========
[2010/05/18 23:46:17 | 000,164,048 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/05/18 23:46:17 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/05/18 23:46:17 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/05/18 23:46:17 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/05/18 23:46:16 | 000,051,792 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/05/18 23:46:00 | 000,165,032 | ---- | C] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2010/05/18 23:46:00 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\System32\avastSS.scr
[2010/05/18 23:45:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/05/18 23:45:53 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/05/18 23:24:11 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Malwarebytes
[2010/05/18 23:24:03 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/05/18 23:24:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/05/18 23:24:01 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/05/18 23:24:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/18 23:22:24 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/05/18 23:21:42 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/05/16 01:57:29 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\JMP8 Data
[2010/05/16 01:55:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/05/16 01:55:41 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\Sun
[2010/05/16 01:55:01 | 000,000,000 | ---D | C] -- C:\Program Files\SAS
[2010/05/16 01:51:11 | 000,000,000 | ---D | C] -- C:\JMP8Trial_Install
[2010/05/13 23:26:48 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\PokerStars
[2010/05/13 23:26:34 | 000,000,000 | ---D | C] -- C:\Program Files\PokerStars
[2010/05/07 16:15:14 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Documents\High School
[2010/04/23 11:53:00 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Documents\Other
[2010/04/21 19:34:35 | 000,000,000 | ---D | C] -- C:\BioEdit
[2010/04/21 19:00:28 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\BioEdit
[2010/04/21 19:00:24 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\ChromasPro
[2010/04/12 21:55:38 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\ChromasPro
[2010/03/17 14:26:30 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\Kat
[2010/03/09 08:28:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Cisco
[2010/03/09 08:28:22 | 000,000,000 | ---D | C] -- C:\Program Files\Cisco
[2010/02/27 14:47:42 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Documents\CSIRO
[2010/02/26 11:01:20 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2010/02/23 18:55:00 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/02/23 17:45:27 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\LimeWire
[2010/02/23 17:43:54 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/02/23 17:42:49 | 000,000,000 | ---D | C] -- C:\Program Files\LimeWire
[2010/02/23 17:23:54 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2010/02/23 17:23:54 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2010/02/23 17:23:51 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2010/02/23 17:17:24 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/02/23 17:17:17 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/02/23 16:37:53 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2010/02/23 15:57:25 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/02/23 15:55:07 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\Broadcom
[2009/05/23 11:54:10 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
========== Files - Modified Within 90 Days ==========
[2010/05/19 00:42:51 | 002,359,296 | -HS- | M] () -- C:\Users\Daniel\NTUSER.DAT
[2010/05/18 23:47:05 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/05/18 23:47:05 | 000,600,378 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/05/18 23:47:05 | 000,105,852 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/05/18 23:46:18 | 000,001,844 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/05/18 23:46:16 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/05/18 23:41:09 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/18 23:41:03 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/18 23:40:40 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/18 23:40:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/18 23:40:32 | 3117,285,376 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/18 23:39:51 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/05/18 23:39:47 | 000,524,288 | -HS- | M] () -- C:\Users\Daniel\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/05/18 23:39:47 | 000,065,536 | -HS- | M] () -- C:\Users\Daniel\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/05/18 23:39:46 | 006,291,456 | -H-- | M] () -- C:\Users\Daniel\AppData\Local\IconCache.db
[2010/05/18 23:24:06 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/18 23:21:45 | 000,000,737 | ---- | M] () -- C:\Users\Daniel\Desktop\NTREGOPT.lnk
[2010/05/18 23:21:45 | 000,000,718 | ---- | M] () -- C:\Users\Daniel\Desktop\ERUNT.lnk
[2010/05/16 01:59:21 | 000,002,585 | ---- | M] () -- C:\Users\Daniel\Desktop\Microsoft Office Excel 2007.lnk
[2010/05/16 01:55:01 | 000,001,533 | ---- | M] () -- C:\Users\Public\Desktop\JMP 8.lnk
[2010/05/13 23:26:44 | 000,000,862 | ---- | M] () -- C:\Users\Public\Desktop\PokerStars.lnk
[2010/05/11 23:20:09 | 000,000,097 | ---- | M] () -- C:\Windows\GSAS.ini
[2010/05/07 06:59:57 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\Windows\System32\avastSS.scr
[2010/05/07 06:59:36 | 000,165,032 | ---- | M] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2010/05/07 06:39:23 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/05/07 06:39:00 | 000,164,048 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/05/07 06:34:27 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/05/07 06:34:10 | 000,051,792 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/05/07 06:33:47 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/04/30 17:32:01 | 000,295,896 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/21 19:43:19 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/04/21 19:43:19 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/04/21 19:33:03 | 000,000,846 | ---- | M] () -- C:\Users\Daniel\Desktop\BioEdit_704_053105.zip.lnk
[2010/04/11 12:41:58 | 000,002,627 | ---- | M] () -- C:\Users\Daniel\Desktop\Microsoft Office Word 2007.lnk
[2010/03/06 22:59:01 | 000,000,000 | ---- | M] () -- C:\Users\Daniel\AppData\Local\prvlcl.dat
[2010/02/26 11:04:57 | 000,070,744 | ---- | M] () -- C:\Users\Daniel\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/02/26 10:55:59 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2010/02/26 10:55:50 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010/02/23 19:11:04 | 000,021,504 | ---- | M] () -- C:\Users\Daniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/23 17:46:05 | 000,001,662 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
[2010/02/23 17:18:19 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/02/23 16:20:12 | 000,000,419 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2010/02/23 16:20:12 | 000,000,027 | ---- | M] () -- C:\Windows\BRPP2KA.INI
========== Files Created - No Company Name ==========
[2010/05/18 23:46:18 | 000,001,844 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/05/18 23:24:06 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/18 23:21:45 | 000,000,737 | ---- | C] () -- C:\Users\Daniel\Desktop\NTREGOPT.lnk
[2010/05/18 23:21:45 | 000,000,718 | ---- | C] () -- C:\Users\Daniel\Desktop\ERUNT.lnk
[2010/05/16 01:55:01 | 000,001,533 | ---- | C] () -- C:\Users\Public\Desktop\JMP 8.lnk
[2010/05/13 23:26:44 | 000,000,862 | ---- | C] () -- C:\Users\Public\Desktop\PokerStars.lnk
[2010/04/21 19:43:19 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010/04/21 19:43:19 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010/04/21 19:33:03 | 000,000,846 | ---- | C] () -- C:\Users\Daniel\Desktop\BioEdit_704_053105.zip.lnk
[2010/04/12 21:55:38 | 000,000,097 | ---- | C] () -- C:\Windows\GSAS.ini
[2010/02/27 00:10:49 | 000,000,000 | ---- | C] () -- C:\Users\Daniel\AppData\Local\prvlcl.dat
[2010/02/26 10:55:59 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2010/02/26 10:55:50 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010/02/23 18:20:12 | 000,021,504 | ---- | C] () -- C:\Users\Daniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/23 17:46:05 | 000,001,662 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
[2010/02/23 17:18:19 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/02/23 16:20:12 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010/02/23 16:20:12 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2010/02/23 15:54:01 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2010/01/19 17:20:33 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/01/19 17:20:33 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2009/09/11 21:52:13 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/06/11 06:20:22 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2009/06/11 06:20:22 | 000,000,323 | ---- | C] () -- C:\Windows\PidList.ini
[2009/06/11 06:16:57 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2009/05/23 11:51:10 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2006/11/02 22:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 17:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
========== LOP Check ==========
[2009/09/06 13:05:24 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Acer
[2009/05/23 13:37:39 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Acer GameZone Console
[2010/04/12 23:16:41 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\ChromasPro
[2009/09/04 18:16:19 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\GetRightToGo
[2010/01/19 17:45:13 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\iPodtoComputer
[2010/05/18 23:42:06 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\LimeWire
[2010/05/18 23:39:52 | 000,032,584 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2006/09/19 07:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 16:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2009/05/23 11:54:59 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/19 07:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/05/18 23:40:32 | 3117,285,376 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/21 19:43:19 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/04/21 19:43:19 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/05/18 23:40:30 | 3432,951,808 | -HS- | M] () -- C:\pagefile.sys
[2009/05/23 13:12:09 | 000,001,829 | ---- | M] () -- C:\RHDSetup.log
[2009/06/11 06:20:23 | 000,000,189 | ---- | M] () -- C:\Webcam.log
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2009/04/11 16:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 16:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2008/01/21 13:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/21 13:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/21 13:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 20:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 20:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
< %systemroot%\system32\drivers\*.sys /180 >
[2010/05/07 06:33:47 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/05/07 06:34:10 | 000,051,792 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/05/07 06:34:27 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/05/07 06:39:00 | 000,164,048 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/05/07 06:39:23 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/02/21 06:53:34 | 000,411,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\http.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/02/23 21:10:13 | 000,106,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb.sys
[2010/02/23 21:10:19 | 000,212,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys
[2010/02/23 21:10:13 | 000,079,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys
[2009/12/11 21:43:30 | 000,302,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv.sys
[2009/12/11 21:43:11 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys
[2010/02/19 00:07:16 | 000,904,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpip.sys
[2009/12/09 03:26:18 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpipreg.sys
[2010/02/18 21:28:13 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tunnel.sys
< End of report >
[2010/05/19 00:46:59 | 002,359,296 | -HS- | M] () -- C:\Users\Daniel\NTUSER.DAT
[2010/05/19 00:46:59 | 000,262,144 | -H-- | M] () -- C:\Users\Daniel\ntuser.dat.LOG1
[2010/05/19 00:46:13 | 000,000,000 | R--D | M] -- C:\Users\Daniel\Downloads
[2010/05/19 00:37:10 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Local\Temp
[2010/05/18 23:47:05 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/05/18 23:47:05 | 000,600,378 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/05/18 23:47:05 | 000,105,852 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/05/18 23:46:18 | 000,001,844 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/05/18 23:46:16 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/05/18 23:45:53 | 000,000,000 | ---D | M] -- C:\ProgramData\Alwil Software
[2010/05/18 23:45:53 | 000,000,000 | ---D | M] -- C:\Program Files\Alwil Software
[2010/05/18 23:42:06 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\LimeWire
[2010/05/18 23:41:55 | 000,000,000 | ---D | M] -- C:\Users\Daniel\Tracing
[2010/05/18 23:41:15 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2010/05/18 23:40:40 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/18 23:40:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/18 23:39:51 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/05/18 23:39:47 | 000,524,288 | -HS- | M] () -- C:\Users\Daniel\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/05/18 23:39:47 | 000,065,536 | -HS- | M] () -- C:\Users\Daniel\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/05/18 23:39:46 | 006,291,456 | -H-- | M] () -- C:\Users\Daniel\AppData\Local\IconCache.db
[2010/05/18 23:39:31 | 000,000,000 | --SD | M] -- C:\Users\Daniel\AppData\Roaming\Microsoft
[2010/05/18 23:39:31 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Local\Microsoft
[2010/05/18 23:35:27 | 000,000,000 | R--D | M] -- C:\Users\Daniel\Desktop
[2010/05/18 23:24:11 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Malwarebytes
[2010/05/18 23:24:07 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/18 23:24:06 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/18 23:24:02 | 000,000,000 | ---D | M] -- C:\ProgramData\Malwarebytes
[2010/05/18 23:22:04 | 000,000,000 | ---D | M] -- C:\Program Files\ERUNT
[2010/05/18 23:21:45 | 000,000,737 | ---- | M] () -- C:\Users\Daniel\Desktop\NTREGOPT.lnk
[2010/05/18 23:21:45 | 000,000,718 | ---- | M] () -- C:\Users\Daniel\Desktop\ERUNT.lnk
[2010/05/17 21:48:02 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Local\PokerStars
[2010/05/17 03:01:54 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Local\JMP8 Data
[2010/05/16 01:59:21 | 000,002,585 | ---- | M] () -- C:\Users\Daniel\Desktop\Microsoft Office Excel 2007.lnk
[2010/05/16 01:57:11 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2010/05/16 01:57:03 | 000,000,000 | ---D | M] -- C:\Program Files\SAS
[2010/05/16 01:56:48 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/05/16 01:55:49 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files\Java
[2010/05/16 01:55:49 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2010/05/16 01:55:41 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Local\Sun
[2010/05/16 01:55:01 | 000,001,533 | ---- | M] () -- C:\Users\Public\Desktop\JMP 8.lnk
[2010/05/13 23:27:00 | 000,000,000 | ---D | M] -- C:\Program Files\PokerStars
[2010/05/13 23:26:44 | 000,000,862 | ---- | M] () -- C:\Users\Public\Desktop\PokerStars.lnk
[2010/05/13 16:00:32 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2010/05/13 11:40:09 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft Help
[2010/05/11 23:20:09 | 000,000,097 | ---- | M] () -- C:\Windows\GSAS.ini
[2010/05/07 16:15:24 | 000,000,000 | R--D | M] -- C:\Users\Daniel\Documents
[2010/05/06 10:36:38 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/04/30 17:32:01 | 000,295,896 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/04/21 19:33:03 | 000,000,846 | ---- | M] () -- C:\Users\Daniel\Desktop\BioEdit_704_053105.zip.lnk
[2010/04/12 23:16:41 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\ChromasPro
[2010/04/12 23:13:57 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Local\VirtualStore
[2010/04/02 12:08:45 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/03/31 13:10:10 | 000,000,000 | R--D | M] -- C:\Users\Daniel\Pictures
[2010/03/14 16:42:09 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/03/09 08:52:08 | 000,000,000 | --SD | M] -- C:\ProgramData\Microsoft
[2010/03/09 08:28:23 | 000,000,000 | ---D | M] -- C:\ProgramData\Cisco
[2010/03/09 08:28:22 | 000,000,000 | ---D | M] -- C:\Program Files\Cisco
[2010/03/06 22:59:01 | 000,000,000 | ---- | M] () -- C:\Users\Daniel\AppData\Local\prvlcl.dat
[2010/02/28 14:40:58 | 000,000,000 | ---D | M] -- C:\ProgramData\Adobe
[2010/02/27 15:17:05 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files\Adobe
[2010/02/27 15:17:00 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2010/02/26 11:04:57 | 000,070,744 | ---- | M] () -- C:\Users\Daniel\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/02/26 11:01:20 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
[2010/02/25 23:44:33 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Local\Google
[2010/02/23 19:11:04 | 000,021,504 | ---- | M] () -- C:\Users\Daniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/23 17:44:37 | 000,000,000 | ---D | M] -- C:\Program Files\LimeWire
[2010/02/23 17:31:07 | 000,000,000 | ---D | M] -- C:\ProgramData\McAfee
[2010/02/23 17:26:25 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Calendar
[2010/02/23 17:26:22 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2010/02/23 17:26:22 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2010/02/23 17:26:21 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2010/02/23 17:26:21 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
[2010/02/23 17:26:19 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery
[2010/02/23 17:26:19 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files\System
[2010/02/23 17:26:14 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2010/02/23 17:18:18 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2010/02/23 17:17:24 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2010/02/23 17:17:20 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files\Apple
[2010/02/23 16:51:53 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
[2010/02/23 15:57:25 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2010/02/23 15:56:54 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files\microsoft shared
[2010/02/23 15:55:07 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Local\Broadcom
========== Files - Modified Within 90 Days ==========
[2010/05/19 00:47:55 | 002,359,296 | -HS- | M] () -- C:\Users\Daniel\NTUSER.DAT
[2010/05/18 23:47:05 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/05/18 23:47:05 | 000,600,378 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/05/18 23:47:05 | 000,105,852 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/05/18 23:46:18 | 000,001,844 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/05/18 23:46:16 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/05/18 23:41:09 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/18 23:41:03 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/18 23:40:40 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/18 23:40:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/18 23:40:32 | 3117,285,376 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/18 23:39:51 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/05/18 23:39:47 | 000,524,288 | -HS- | M] () -- C:\Users\Daniel\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/05/18 23:39:47 | 000,065,536 | -HS- | M] () -- C:\Users\Daniel\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/05/18 23:39:46 | 006,291,456 | -H-- | M] () -- C:\Users\Daniel\AppData\Local\IconCache.db
[2010/05/18 23:24:06 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/18 23:21:45 | 000,000,737 | ---- | M] () -- C:\Users\Daniel\Desktop\NTREGOPT.lnk
[2010/05/18 23:21:45 | 000,000,718 | ---- | M] () -- C:\Users\Daniel\Desktop\ERUNT.lnk
[2010/05/16 01:59:21 | 000,002,585 | ---- | M] () -- C:\Users\Daniel\Desktop\Microsoft Office Excel 2007.lnk
[2010/05/16 01:55:01 | 000,001,533 | ---- | M] () -- C:\Users\Public\Desktop\JMP 8.lnk
[2010/05/13 23:26:44 | 000,000,862 | ---- | M] () -- C:\Users\Public\Desktop\PokerStars.lnk
[2010/05/11 23:20:09 | 000,000,097 | ---- | M] () -- C:\Windows\GSAS.ini
[2010/05/07 06:59:57 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\Windows\System32\avastSS.scr
[2010/05/07 06:59:36 | 000,165,032 | ---- | M] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2010/05/07 06:39:23 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/05/07 06:39:00 | 000,164,048 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/05/07 06:34:27 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/05/07 06:34:10 | 000,051,792 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/05/07 06:33:47 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/05/06 10:36:38 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/04/30 17:32:01 | 000,295,896 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/21 19:43:19 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/04/21 19:43:19 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/04/21 19:33:03 | 000,000,846 | ---- | M] () -- C:\Users\Daniel\Desktop\BioEdit_704_053105.zip.lnk
========== LOP Check ==========
[2009/09/06 13:05:24 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Acer
[2009/05/23 13:37:39 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Acer GameZone Console
[2010/04/12 23:16:41 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\ChromasPro
[2009/09/04 18:16:19 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\GetRightToGo
[2010/01/19 17:45:13 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\iPodtoComputer
[2010/05/18 23:42:06 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\LimeWire
[2010/05/18 23:39:52 | 000,032,584 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2006/09/19 07:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 16:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2009/05/23 11:54:59 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/19 07:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/05/18 23:40:32 | 3117,285,376 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/21 19:43:19 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/04/21 19:43:19 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/05/18 23:40:30 | 3432,951,808 | -HS- | M] () -- C:\pagefile.sys
[2009/05/23 13:12:09 | 000,001,829 | ---- | M] () -- C:\RHDSetup.log
[2009/06/11 06:20:23 | 000,000,189 | ---- | M] () -- C:\Webcam.log
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2009/04/11 16:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 16:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2008/01/21 13:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/21 13:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/21 13:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 20:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 20:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
< %systemroot%\system32\drivers\*.sys /180 >
[2010/05/07 06:33:47 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/05/07 06:34:10 | 000,051,792 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/05/07 06:34:27 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/05/07 06:39:00 | 000,164,048 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/05/07 06:39:23 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/02/21 06:53:34 | 000,411,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\http.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/02/23 21:10:13 | 000,106,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb.sys
[2010/02/23 21:10:19 | 000,212,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys
[2010/02/23 21:10:13 | 000,079,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys
[2009/12/11 21:43:30 | 000,302,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv.sys
[2009/12/11 21:43:11 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys
[2010/02/19 00:07:16 | 000,904,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpip.sys
[2009/12/09 03:26:18 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpipreg.sys
[2010/02/18 21:28:13 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tunnel.sys
< End of report >
OTL Extras logfile created on: 19/05/2010 12:39:40 AM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Daniel\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 55.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.88 Gb Total Space | 160.33 Gb Free Space | 72.59% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: DANIEL-PC
Current User Name: Daniel
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A129494C-667F-42EF-A774-04E153353208}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{BDC03203-3BCE-4855-BFBB-EB98D1BFCEE8}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A134EB2-50B2-41CB-8927-24724C53C366}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe |
"{266901A5-F903-4F42-B264-4CF40F63B566}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{326F83DB-91EC-4ED8-B135-428ED9233479}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{7206D5E4-27B9-4B9C-9712-313995C0227C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{79145F08-ED9E-4EBC-B159-B6147CA4567F}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{A5EAE344-4AC7-4D77-B1BD-538F258899C1}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{B2B962C1-5E1F-4081-86FB-A2F7A7F160AC}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{C5A9A281-C4A2-42AC-900E-D4C1EDF189FD}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{C6F48675-80AC-432C-A925-175ADC0E11A7}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{D47CF945-A985-430C-9FC2-073CB79B2798}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |
"{D78A6D16-E921-4117-B63A-2F6E2E13FC8B}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{DBDDD774-A168-40D5-B918-BFC0ACEB7B18}" = dir=in | app=c:\program files\acer\acer vcm\rs_service.exe |
"{DC329D16-B2C1-4F82-8867-BDE48A366DE5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 19
"{3248F0A8-6813-11D6-A77B-00B0D0150150}" = J2SE Runtime Environment 5.0 Update 15
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{3EAAC5FD-E209-4856-8C49-D4EA40F85032}" = 3 Mobile Broadband
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{71C2828F-2678-4675-BDEC-895424861262}_is1" = C:\Program Files\Acer GameZone\GameConsole
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{8113B2B8-EC59-4BE8-963A-FBC5EC40B1CF}_is1" = Pod to PC version 3.213
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110184263}" = Puzzle Express
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11037623}" = Tradewinds 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111125700}" = Rainbow Web
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111205743}" = Tri-Peaks Solitaire To Go
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111232687}" = Ocean Express
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11170417}" = Luxor 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11219217}" = Cradle of Rome
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113056167}" = Dream Day Honeymoon
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113297350}" = Cake Mania 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113494430}" = Wedding Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}" = Airport Mania First Flight
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115443300}" = Cooking Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11551977}" = Parking Dash
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{875E52B3-8EA3-40C1-AC16-747100776774}" = JMP 8
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{AF6D9313-E338-48F0-9B0C-7DE20EDB99CF}" = BioEdit
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D9F50DFC-5894-460A-9B14-44889BF42DFB}" = Cisco AnyConnect VPN Client
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Acer Screensaver" = Acer ScreenSaver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast5" = avast! Free Antivirus
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Cucusoft iPhone/iTouch/iPod to Computer Transfer_is1" = iPhone/iTouch/iPod to Computer Transfer 5.10.0
"ERUNT_is1" = ERUNT 1.1j
"Google Desktop" = Google Desktop
"GridVista" = Acer GridVista
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"LimeWire" = LimeWire 5.4.8
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"PokerStars" = PokerStars
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TVWiz" = Intel® TV Wizard
"WinLiveSuite_Wave3" = Windows Live Essentials
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 21/04/2010 4:50:34 AM | Computer Name = Daniel-PC | Source = WinMgmt | ID = 10
Description =
Error - 22/04/2010 2:38:32 AM | Computer Name = Daniel-PC | Source = WinMgmt | ID = 10
Description =
Error - 22/04/2010 9:50:22 PM | Computer Name = Daniel-PC | Source = WinMgmt | ID = 10
Description =
Error - 23/04/2010 9:28:43 PM | Computer Name = Daniel-PC | Source = WinMgmt | ID = 10
Description =
Error - 24/04/2010 10:26:54 PM | Computer Name = Daniel-PC | Source = WinMgmt | ID = 10
Description =
Error - 25/04/2010 9:28:58 AM | Computer Name = Daniel-PC | Source = WinMgmt | ID = 10
Description =
Error - 25/04/2010 9:35:42 PM | Computer Name = Daniel-PC | Source = WinMgmt | ID = 10
Description =
Error - 26/04/2010 11:17:52 PM | Computer Name = Daniel-PC | Source = WinMgmt | ID = 10
Description =
Error - 27/04/2010 5:10:15 AM | Computer Name = Daniel-PC | Source = WinMgmt | ID = 10
Description =
Error - 27/04/2010 9:23:32 PM | Computer Name = Daniel-PC | Source = WinMgmt | ID = 10
Description =
[ Cisco AnyConnect VPN Client Events ]
Error - 8/03/2010 7:02:26 PM | Computer Name = Daniel-PC | Source = vpnagent | ID = 50331649
Description = Function: initiateTunnel Return code: 0xFE1F000F File: .\CstpProtocol.cpp
Line:
1134 Description: SOCKETTRANSPORT_ERROR_TRANSPORT_FAILURE
Error - 8/03/2010 7:02:26 PM | Computer Name = Daniel-PC | Source = vpnagent | ID = 50331649
Description = Function: ITunnelProtocol::initiateTunnel Return code: 0xFE1F000F File:
.\TunnelStateMgr.cpp Line: 953 Description: SOCKETTRANSPORT_ERROR_TRANSPORT_FAILURE
callback
Error - 8/03/2010 7:02:26 PM | Computer Name = Daniel-PC | Source = vpnagent | ID = 50331649
Description = Function: CTunnelStateMgr::initiateTunnel Return code: 0xFE1F000F File:
.\TunnelMgr.cpp Line: 610 Description: SOCKETTRANSPORT_ERROR_TRANSPORT_FAILURE callback
Error - 8/03/2010 7:02:26 PM | Computer Name = Daniel-PC | Source = vpnagent | ID = 50331649
Description = Function: CTlsTunnelMgr::initiateTunnel Return code: 0xFE1F000F File:
.\VpnMgr.cpp Line: 2572 Description: SOCKETTRANSPORT_ERROR_TRANSPORT_FAILURE
Error - 8/03/2010 7:02:26 PM | Computer Name = Daniel-PC | Source = vpnagent | ID = 50331649
Description = Function: CSslProtocol::writeTunnel Return code: 0xFE1C000B File: .\CstpProtocol.cpp
Line:
1696 Description: TLSPROTOCOL_ERROR_CONNECTION_PENDING
Error - 8/03/2010 7:02:26 PM | Computer Name = Daniel-PC | Source = vpnagent | ID = 50331649
Description = Function: CCstpProtocol::sendControlFrame Return code: 0xFE1C000B File:
.\CstpProtocol.cpp Line: 2614 Description: TLSPROTOCOL_ERROR_CONNECTION_PENDING
Error - 8/03/2010 7:02:26 PM | Computer Name = Daniel-PC | Source = vpnagent | ID = 50331649
Description = Function: CCstpProtocol::sendCloseMessage Return code: 0xFE1C000B File:
.\CstpProtocol.cpp Line: 672 Description: TLSPROTOCOL_ERROR_CONNECTION_PENDING
Error - 8/03/2010 7:02:26 PM | Computer Name = Daniel-PC | Source = vpnagent | ID = 50331649
Description = Function: ITunnelProtocol::terminateTunnel Return code: 0xFE1C000B File:
.\TunnelStateMgr.cpp Line: 282 Description: TLSPROTOCOL_ERROR_CONNECTION_PENDING
Error - 8/03/2010 7:02:26 PM | Computer Name = Daniel-PC | Source = vpnagent | ID = 50331649
Description = Function: CTunnelStateMgr::terminateTunnel Return code: 0xFE1C000B File:
.\TunnelMgr.cpp Line: 254 Description: TLSPROTOCOL_ERROR_CONNECTION_PENDING
Error - 8/03/2010 7:02:26 PM | Computer Name = Daniel-PC | Source = vpnagent | ID = 50331649
Description = Function: CTlsTunnelMgr::terminateTunnel Return code: 0xFE1C000B File:
.\VpnMgr.cpp Line: 1073 Description: TLSPROTOCOL_ERROR_CONNECTION_PENDING
[ System Events ]
Error - 4/12/2009 5:41:38 AM | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 4/12/2009 7:43:35 AM | Computer Name = Daniel-PC | Source = HTTP | ID = 15016
Description =
Error - 4/12/2009 10:35:35 AM | Computer Name = Daniel-PC | Source = HTTP | ID = 15016
Description =
Error - 5/12/2009 7:56:02 AM | Computer Name = Daniel-PC | Source = HTTP | ID = 15016
Description =
Error - 6/12/2009 3:33:28 AM | Computer Name = Daniel-PC | Source = HTTP | ID = 15016
Description =
Error - 6/12/2009 7:12:34 PM | Computer Name = Daniel-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 10:53:05 PM on 6/12/2009 was unexpected.
Error - 6/12/2009 7:12:37 PM | Computer Name = Daniel-PC | Source = HTTP | ID = 15016
Description =
Error - 6/12/2009 7:56:47 PM | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7043
Description =
Error - 7/12/2009 9:38:00 AM | Computer Name = Daniel-PC | Source = HTTP | ID = 15016
Description =
Error - 7/12/2009 8:14:06 PM | Computer Name = Daniel-PC | Source = HTTP | ID = 15016
Description =
< End of report >
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-19 01:24:31
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\Daniel\AppData\Local\Temp\kxlyrpod.sys
---- System - GMER 1.0.15 ----
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xC1A23AC6]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xC1A238EA]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xC1A23A24]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
PAGE ntkrnlpa.exe!ZwLoadDriver 81F86DF0 7 Bytes JMP C1A23A28 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 81FF228F 5 Bytes JMP C1A1F536 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObInsertObject 8204B038 5 Bytes JMP C1A20EC2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!NtCreateSection 8204C8C3 7 Bytes JMP C1A238EE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 820AC892 7 Bytes JMP C1A23ACA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
---- User code sections - GMER 1.0.15 ----
.text C:\Windows\Explorer.EXE[2312] SHELL32.dll!SHGetFolderPathAndSubDirW + 81C9 7668B364 4 Bytes [20, 28, 00, 10] {AND [EAX], CH; ADD [EAX], DL}
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp aswRdr.SYS (avast! TDI RDR Driver/ALWIL Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BthPort\Parameters\Keys\00242cd17f4a
Reg HKLM\SYSTEM\ControlSet002\Services\BthPort\Parameters\Keys\00242cd17f4a (not active ControlSet)
---- Files - GMER 1.0.15 ----
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010024.ci 4096 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010024.dir 4096 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010024.wid 65536 bytes
---- EOF - GMER 1.0.15 ----
Thanks again! I have no idea what any of this is...
Sign In
Create Account
