Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect Problem.


  • This topic is locked This topic is locked
75 replies to this topic

#1 CicconeUK

CicconeUK

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 09 February 2010 - 12:23 PM

Hi,
I had this problem a while ago and can't remember how I got rid of it...
Anyway, I use Google as my search engine and when I click on the search results it takes me to random pages including linking me to other search engines.
When I hit the back button to go back to the original Google search and click on the link again it works but this happens every time I try a search on Google.

I've tried a lot of things up to now and have just downloaded CombiFix.

This is the log.

ComboFix 10-02-08.09 - Mark 09/02/2010 11:07:04.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.930 [GMT 0:00]
Running from: c:\documents and settings\Mark\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\spool\prtprocs\w32x86\00005fa4.tmp

.
((((((((((((((((((((((((( Files Created from 2010-01-09 to 2010-02-09 )))))))))))))))))))))))))))))))
.

2010-02-09 09:05 . 2010-02-09 09:05 -------- d-----w- c:\program files\CCleaner
2010-01-16 10:20 . 2007-08-07 10:32 57344 ----a-w- c:\windows\system32\Wnaspint.dll
2010-01-16 10:19 . 2010-01-16 10:20 -------- d-----w- c:\program files\Acoustica Shared Effects
2010-01-16 10:19 . 2010-01-16 10:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Acoustica
2010-01-16 10:19 . 2010-01-16 10:20 -------- d-----w- c:\program files\Acoustica Mixcraft 4

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-09 11:15 . 2008-10-20 19:40 -------- d-----w- c:\documents and settings\Mark\Application Data\DNA
2010-02-09 09:25 . 2004-07-29 18:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-02-09 09:24 . 2005-12-15 17:22 -------- d-----w- c:\program files\GetRight
2010-02-09 08:55 . 2008-10-20 19:40 -------- d-----w- c:\program files\DNA
2010-02-05 23:41 . 2010-01-07 23:19 -------- d-----w- c:\program files\Acoustica CD Label Maker
2010-02-05 10:32 . 2006-06-26 12:51 -------- d-----w- c:\documents and settings\Mark\Application Data\BitTorrent
2010-02-05 09:54 . 2006-02-17 20:15 -------- d-----w- c:\program files\EPSON Print CD
2010-01-16 10:20 . 2010-01-07 23:19 -------- d-----w- c:\documents and settings\Mark\Application Data\Acoustica
2010-01-14 11:12 . 2009-10-23 06:52 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-05 10:00 . 2004-08-23 19:32 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 10:00 . 2004-08-04 07:56 78336 ------w- c:\windows\system32\ieencode.dll
2010-01-05 10:00 . 2003-08-02 10:46 17408 ------w- c:\windows\system32\corpol.dll
2009-12-18 06:27 . 2009-10-28 17:56 -------- d-----w- c:\program files\McAfee
2009-12-16 16:49 . 2007-07-13 10:28 -------- d-----w- c:\program files\Xvid
2009-12-16 07:42 . 2009-12-16 07:41 -------- d-----w- c:\program files\QuickTime
2009-12-16 07:38 . 2007-12-22 23:53 -------- d-----w- c:\program files\Common Files\Apple
2009-12-16 07:38 . 2009-12-16 07:38 -------- d-----w- c:\program files\Apple Software Update
2009-12-06 03:12 . 2009-12-06 03:12 5395904 ----a-w- c:\documents and settings\Mark\Application Data\Blitware\DriverRobot\updates\1.2.0.5\DriverRobot_Setup.exe
2009-11-21 15:51 . 2003-08-02 10:46 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2005-05-13 17:12 . 2005-05-13 17:12 217073 --sha-r- c:\windows\meta4.exe
2005-10-24 11:13 . 2005-10-24 11:13 66560 --sha-r- c:\windows\MOTA113.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus Photo R320 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9XE.EXE" [2004-12-16 98304]
"ATIModeChange"="c:\windows\system32\Ati2mdxx.exe" [2001-09-04 28672]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"McAfee Backup"="c:\program files\McAfee\MBK\McAfeeDataBackup.exe" [2009-07-08 5134864]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SRUUninstall"="c:\windows\System32\msiexec.exe" [2008-04-14 78848]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
WD Backup Monitor.lnk - c:\program files\My Book\WD Backup\uBBMonitor.exe [2006-6-11 98304]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideClock"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ 'autocheck autochk *'

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SnagIt 8.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SnagIt 8.lnk
backup=c:\windows\pss\SnagIt 8.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 01:04 39792 -c--a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2009-10-07 05:35 323392 ----a-w- c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 23:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2007-08-24 14:52 240112 ----a-w- c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealOne Player\\realplay.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R1 c2scsi;c2scsi;c:\windows\system32\drivers\c2scsi.sys [12/06/2006 13:42 241664]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 18:19 13592]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [28/10/2009 18:16 93320]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [24/08/2007 14:53 362992]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [24/08/2007 14:52 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [24/08/2007 14:52 166384]
S2 SessionLauncher;SessionLauncher; [x]
S3 BTPCCARD;Bluetooth BCSP Transport for Pc Card;c:\windows\system32\drivers\btpcbcsp.sys [08/09/2005 17:32 232508]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [02/08/2005 21:10 32512]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [24/08/2007 14:53 72176]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [24/08/2007 14:52 1083888]
S3 vgadrv;vgadrv;c:\windows\system32\drivers\vgadrv.sys [10/06/2006 09:41 8078]
.
Contents of the 'Scheduled Tasks' folder

2010-02-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2010-01-24 c:\windows\Tasks\Driver Robot.job
- c:\program files\Driver Robot\1.1.0.14\DriverRobot.exe [2009-10-26 17:51]

2009-10-28 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-28 12:22]

2010-02-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-28 12:22]

2010-02-09 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
IE: Download with GetRight - c:\program files\GetRight\GRdownload.htm
IE: Open with GetRight Browser - c:\program files\GetRight\GRbrowse.htm
IE: Send To &Bluetooth - c:\program files\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: facebook.com\www
Trusted Zone: free.fr\gpl.download
Trusted Zone: internet
Trusted Zone: madonnafanzine.com\www
Trusted Zone: madonnatribe.net\www
Trusted Zone: mcafee.com
Trusted Zone: megaupload.com\www
Trusted Zone: sony-europe.com
Trusted Zone: sonystyle-europe.com
Trusted Zone: vaio-link.com
TCP: {1670E068-EBAC-4CFD-B946-34DB5639D959} = 93.188.164.116,93.188.161.100
TCP: {D0FC1E5F-C97D-45A9-A506-E01358EADC78} = 93.188.164.116,93.188.161.100
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
.
------- File Associations -------
.
inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-09 11:18
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys >>UNKNOWN [0x8A5698C8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf765bf28
\Driver\ACPI -> ACPI.sys @ 0xf75aecb8
\Driver\atapi -> atapi.sys @ 0xf74abb3a
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805e668e
ParseProcedure -> ntoskrnl.exe @ 0x8057b6b1
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805e668e
ParseProcedure -> ntoskrnl.exe @ 0x8057b6b1
NDIS: Intel® PRO/100 VE Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xf7858bb0
PacketIndicateHandler -> NDIS.sys @ 0xf7865a21
SendHandler -> NDIS.sys @ 0xf784387b
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-647083260-3608435521-1528902028-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Completion time: 2010-02-09 11:24:03
ComboFix-quarantined-files.txt 2010-02-09 11:23
ComboFix2.txt 2009-07-20 13:39

Pre-Run: 12,556,955,648 bytes free
Post-Run: 12,552,323,072 bytes free

- - End Of File - - 37EA84B8451370FF7009EF3042FB2ABD

Edited by CicconeUK, 09 February 2010 - 03:31 PM.


BC AdBot (Login to Remove)

 


#2 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:13 AM

Posted 11 February 2010 - 10:58 AM

Hi and welcome to the HijackThis Logs and Virus/Trojan/Spyware/Malware Removal forum,

I am thcbytes and I am here to help you!

I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Please perform all steps in the order received and do not proceed if you need clarification.

Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems please stop and tell me about it. When your computer is clean I will alert you of such. I will also provide you with detailed suggestions for prevention.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if your topic is not replied I we assume it has been abandoned and I will close it.

I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!

Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes might delay my ability to help you.

==========

We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. Under "Extra Registry" please check "Use Safelist" and also check "LOP Check" and "Purity Check" as pictured.
  6. Copy and Paste the following code into the textbox. Do not include the word "Code"

    CODE
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    CREATERESTOREPOINT

  7. Push
  8. A report will open. Copy and Paste that report in your next reply.
  9. Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

==========

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

==========

Please download MBR.EXE by GMER. Save the file in your root directory. (C:\)
  • Open Notepad and copy and paste the text in the codebox below (excluding the word Code) into Notepad.
    CODE
    @echo off
    cd\
    mbr.exe -t
    start mbr.log
  • Next, select File --> Save As, change file type to All Files (*.*), and save it as fixme.bat in your c:\ folder.
  • Open your c:\folder right-click on fixme.bat and select Run as Administrator. A logfile will open (C:\mbr.log). Please paste the contents in your next reply.

==========

You have run Combofix unsupervised.....this is ill advised!!

excl.gif This is a complex and powerful tool that should not be used except under the supervision and direction of a malware expert. It can and will render your computer unbootable permanently!! Also realize that in most circumstances a single run of Combofix is ineffective. Specialized scripts will be written specifically directing this program to clean-up based on your logs!! excl.gif
  • Click on Start, then Run.
  • Copy and Paste the green bold text below in to the Run Box:

cmd /c dir /a /s C:\QooBox >log.txt&start log.txt

  • Then click on OK.
  • A Text File will open up, please Copy and Paste the contents in your next reply.

==========

With your next post please provide:

* OTL.txt
* Extra.txt
* Gmer log
* Mbr log
* Qoobox log

Kind regards,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#3 CicconeUK

CicconeUK
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 12 February 2010 - 01:09 PM

Hi thcbytes and thank you for helping me.

This is the first 2 logs, I'm having trouble with the GMER log. First time it stalled my pc and the second time nothing happened at all. I'll try it again and post what happens.

OTL logfile created on: 12/02/2010 06:35:22 - Run 2
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Mark\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 53.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.95 Gb Total Space | 11.81 Gb Free Space | 42.26% Space Free | Partition Type: NTFS
Drive D: | 83.84 Gb Total Space | 13.63 Gb Free Space | 16.25% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive O: | 232.83 Gb Total Space | 25.37 Gb Free Space | 10.90% Space Free | Partition Type: FAT32

Computer Name: YOUR-6R7DO13OX4
Current User Name: Mark
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/11 22:53:05 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mark\Desktop\OTL.exe
PRC - [2009/12/18 13:05:43 | 000,634,648 | -HS- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/12/08 14:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/10/29 06:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/10/02 13:02:56 | 000,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe
PRC - [2009/09/17 14:29:04 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/09/16 11:23:32 | 000,365,072 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe
PRC - [2009/09/16 11:23:32 | 000,262,160 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\VirusScan\mcvsshld.exe
PRC - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/07/08 20:22:24 | 005,134,864 | ---- | M] (McAfee) -- C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
PRC - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2008/05/26 22:19:14 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
PRC - [2008/04/14 00:12:41 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/31 14:09:16 | 000,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2007/08/24 14:52:46 | 000,166,384 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
PRC - [2007/03/06 09:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
PRC - [2006/11/03 18:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006/03/23 17:06:38 | 000,880,128 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe
PRC - [2006/01/22 17:30:16 | 000,098,304 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\My Book\WD Backup\uBBMonitor.exe
PRC - [2004/09/02 14:27:26 | 000,163,840 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Bluetooth Software\bin\btwdins.exe


========== Modules (SafeList) ==========

MOD - [2010/02/11 22:53:05 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mark\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (stllssvr)
SRV - File not found [Auto | Stopped] -- -- (SessionLauncher)
SRV - File not found [On_Demand | Stopped] -- -- (RoxWatch9)
SRV - File not found [On_Demand | Stopped] -- -- (RoxMediaDB9)
SRV - File not found [On_Demand | Stopped] -- -- (RoxLiveShare9)
SRV - File not found [On_Demand | Stopped] -- -- (Roxio Upnp Server 9)
SRV - File not found [On_Demand | Stopped] -- -- (Roxio UPnP Renderer 9)
SRV - [2009/12/08 14:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/10/02 13:02:56 | 000,026,640 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2009/09/17 14:29:04 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/09/16 11:23:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/07/08 20:22:22 | 000,068,112 | ---- | M] (McAfee) [On_Demand | Stopped] -- C:\Program Files\McAfee\MBK\MBackMonitor.exe -- (MBackMonitor)
SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2008/04/29 08:25:40 | 000,137,200 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2007/11/15 13:10:54 | 000,504,104 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2007/10/31 14:09:16 | 000,110,592 | ---- | M] (Apple, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2007/08/24 14:53:16 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10)
SRV - [2007/08/24 14:53:14 | 000,072,176 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10)
SRV - [2007/08/24 14:52:48 | 000,309,744 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -- (RoxLiveShare10)
SRV - [2007/08/24 14:52:46 | 000,166,384 | ---- | M] (Sonic Solutions) [Auto | Running] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe -- (RoxWatch10)
SRV - [2007/08/24 14:52:38 | 001,083,888 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2007/03/06 09:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service)
SRV - [2007/03/03 12:48:28 | 000,067,056 | ---- | M] (Ulead Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/05/03 11:57:00 | 000,520,192 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)
SRV - [2006/03/23 17:06:38 | 000,880,128 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrvR) InCD Helper (read only)
SRV - [2005/08/02 21:18:49 | 000,086,016 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2005/01/26 15:30:04 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2005/01/26 15:25:34 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2005/01/26 15:20:14 | 000,069,718 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2005/01/24 18:36:52 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2004/10/22 02:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/09/02 14:27:26 | 000,163,840 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2004/03/22 20:49:08 | 000,397,312 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2003/06/24 10:08:06 | 000,860,160 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\sony\photo server\appsrv\PhotoAppSrv.exe -- (VAIOMediaPlatform-PhotoServer-AppServer)
SRV - [2003/06/23 13:42:30 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\sony shared\vaio media platform\SV_Httpd.exe -- (VAIOMediaPlatform-PhotoServer-HTTP) VAIO Media Photo Server (HTTP)
SRV - [2003/06/23 13:42:30 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\vaio media platform\sv_httpd.exe -- (VAIOMediaPlatform-MusicServer-HTTP) VAIO Media Music Server (HTTP)
SRV - [2003/04/10 14:55:00 | 000,675,840 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\vaio media platform\UPnPFramework.exe -- (VAIOMediaPlatform-PhotoServer-UPnP) VAIO Media Photo Server (UPnP)
SRV - [2003/04/10 14:55:00 | 000,675,840 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\vaio media platform\UPnPFramework.exe -- (VAIOMediaPlatform-MusicServer-UPnP) VAIO Media Music Server (UPnP)
SRV - [2003/04/02 13:40:00 | 000,069,632 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2003/03/18 17:00:42 | 000,536,648 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\sony\vaio media music server\SSSvr.exe -- (VAIOMediaPlatform-MusicServer-AppServer)


========== Driver Services (SafeList) ==========

DRV - [2009/09/16 10:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 10:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/07/16 12:32:26 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2008/06/16 10:00:00 | 000,044,944 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys -- (PxHelp20)
DRV - [2008/04/13 18:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 18:46:20 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2008/04/13 18:46:20 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2008/04/13 18:46:09 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
DRV - [2008/04/13 18:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/02/16 15:33:13 | 000,005,248 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\giveio.sys -- (giveio)
DRV - [2007/11/13 10:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/08/18 02:09:04 | 000,057,328 | ---- | M] (Sonic Solutions) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RxFilter.sys -- (RxFilter)
DRV - [2007/08/10 06:12:12 | 000,200,704 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\udfreadr.sys -- (UDFReadr)
DRV - [2007/08/07 00:15:07 | 000,033,052 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2007/06/20 02:00:00 | 000,009,200 | ---- | M] (Sonic Solutions) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2007/06/20 02:00:00 | 000,009,072 | ---- | M] (Sonic Solutions) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2007/04/16 14:05:38 | 000,047,360 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pcouffin.sys -- (pcouffin)
DRV - [2006/12/28 20:55:37 | 000,241,664 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\c2scsi.sys -- (c2scsi)
DRV - [2006/09/19 12:44:04 | 000,015,664 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2006/06/10 09:41:22 | 000,008,078 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vgadrv.sys -- (vgadrv)
DRV - [2006/03/23 17:15:58 | 000,102,016 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2006/03/23 17:15:56 | 000,033,536 | ---- | M] (Nero AG) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\incdrm.sys -- (incdrm)
DRV - [2006/03/23 17:15:56 | 000,029,440 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass)
DRV - [2005/10/22 06:05:00 | 000,119,168 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Pwd_2k.sys -- (pwd_2k)
DRV - [2005/10/22 06:05:00 | 000,027,264 | ---- | M] (Sonic Solutions) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dvd_2k.sys -- (dvd_2K)
DRV - [2005/10/22 06:05:00 | 000,027,136 | ---- | M] (Sonic Solutions) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mmc_2k.sys -- (mmc_2K)
DRV - [2005/08/02 21:10:13 | 000,032,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2005/02/23 13:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/12/30 07:38:40 | 000,461,824 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (hardlock)
DRV - [2004/12/30 07:38:40 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2004/09/03 01:16:36 | 000,232,508 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btpcbcsp.sys -- (BTPCCARD)
DRV - [2004/09/02 14:16:56 | 000,017,024 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2004/09/02 14:15:44 | 000,023,271 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btserial.sys -- (BTSERIAL)
DRV - [2004/09/02 14:15:40 | 000,222,876 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btslbcsp.sys -- (BTSLBCSP)
DRV - [2004/09/02 14:15:40 | 000,147,896 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2004/09/02 14:14:06 | 001,241,066 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2004/09/02 14:11:44 | 000,030,267 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2004/09/02 14:11:18 | 000,054,488 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2004/08/04 05:29:36 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2004/07/22 14:50:16 | 001,268,234 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/03/22 20:59:52 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/03/08 12:55:50 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2003/07/17 14:32:34 | 000,578,752 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm)
DRV - [2003/07/15 19:34:48 | 000,761,472 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smrt.sys -- (smrt)
DRV - [2003/04/02 13:40:00 | 001,265,130 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003/03/04 09:56:26 | 000,145,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel®
DRV - [2002/10/15 22:41:06 | 000,102,220 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sonypvs1.sys -- (sonypvs1)
DRV - [2002/08/29 12:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2002/08/29 12:00:00 | 000,005,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM)
DRV - [2002/07/17 07:53:02 | 000,016,877 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2002/04/01 12:15:00 | 000,004,816 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio)
DRV - [2001/08/17 11:49:00 | 000,075,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atimpae.sys -- (atirage3)
DRV - [2001/05/25 16:32:22 | 000,038,176 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SbcpHid.sys -- (SbcpHid)
DRV - [2000/12/05 15:18:02 | 000,003,952 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

IE - HKU\S-1-5-21-647083260-3608435521-1528902028-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-647083260-3608435521-1528902028-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-647083260-3608435521-1528902028-1005\S-1-5-21-647083260-3608435521-1528902028-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/02/08 20:29:43 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/07/16 14:40:02 | 000,317,952 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 208.67.70.3
O1 - Hosts: 127.0.0.1 38.99.150.167
O1 - Hosts: 127.0.0.1 38.99.150.205
O1 - Hosts: 127.0.0.1 88.255.90.60
O1 - Hosts: 127.0.0.1 opal.spod.org
O1 - Hosts: 127.0.0.1 sendspace.com
O1 - Hosts: 127.0.0.1 ad1.ny.yieldmanager.com
O1 - Hosts: 127.0.0.1 ad2.ny.yieldmanager.com
O1 - Hosts: 127.0.0.1 ny.yieldmanager.com
O1 - Hosts: 127.0.0.1 yieldmanager.com
O1 - Hosts: 127.0.0.1 193.165.167.2
O1 - Hosts: 127.0.0.1 152.66.249.135
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 10908 more lines...
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-647083260-3608435521-1528902028-1005\..\Toolbar\ShellBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKU\S-1-5-21-647083260-3608435521-1528902028-1005\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKU\S-1-5-21-647083260-3608435521-1528902028-1005\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [ATIModeChange] C:\WINDOWS\System32\Ati2mdxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [EPSON Stylus Photo R320 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9XE.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe (McAfee)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exe (ArcSoft, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-647083260-3608435521-1528902028-1005\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-647083260-3608435521-1528902028-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-647083260-3608435521-1528902028-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-647083260-3608435521-1528902028-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-647083260-3608435521-1528902028-1005_Classes\Software\Policies\Microsoft\Internet Explorer\control panel present
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRDownload.htm ()
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRBrowse.htm ()
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll (Sun Microsystems, Inc.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
O15 - HKLM\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: sony-europe.com ([] in Local intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: sony-europe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sonystyle-europe.com ([] in Local intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: sonystyle-europe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: vaio-link.com ([] in Local intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: vaio-link.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: 56 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: sony-europe.com ([] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: sony-europe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sonystyle-europe.com ([] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: sonystyle-europe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: vaio-link.com ([] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: vaio-link.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: 56 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-647083260-3608435521-1528902028-1005\..Trusted Domains: facebook.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-647083260-3608435521-1528902028-1005\..Trusted Domains: free.fr ([gpl.download] https in Trusted sites)
O15 - HKU\S-1-5-21-647083260-3608435521-1528902028-1005\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-647083260-3608435521-1528902028-1005\..Trusted Domains: madonnafanzine.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-647083260-3608435521-1528902028-1005\..Trusted Domains: madonnatribe.net ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-647083260-3608435521-1528902028-1005\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-647083260-3608435521-1528902028-1005\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-647083260-3608435521-1528902028-1005\..Trusted Domains: megaupload.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-647083260-3608435521-1528902028-1005\..Trusted Domains: sony-europe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-647083260-3608435521-1528902028-1005\..Trusted Domains: sonystyle-europe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-647083260-3608435521-1528902028-1005\..Trusted Domains: vaio-link.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-647083260-3608435521-1528902028-1005\..Trusted Domains: 61 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase1140.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1172699171468 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} https://a248.e.akamai.net/f/248/5462/2h/www...ol/SymDlBrg.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} http://upload.mediamax.com/Upload/XUpload.ocx (Persits Software XUpload)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\widimg {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\BTXPPanel.dll (Broadcom Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Mark\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mark\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/05/15 14:35:22 | 000,000,000 | ---D | M] - O:\autorun -- [ FAT32 ]
O32 - AutoRun File - [2010/01/02 16:40:24 | 000,108,956 | ---- | M] () - O:\Autograph on Tribe.jpg -- [ FAT32 ]
O34 - HKLM BootExecute: ('autocheck autochk *') - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2007/11/09 06:55:48 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - C:\WINDOWS\system32\irmon.dll (Microsoft Corporation)
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SnagIt 8.lnk - C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe - (TechSmith Corporation)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: BitTorrent DNA - hkey= - key= - C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
MsConfig - StartUpReg: RoxWatchTray - hkey= - key= - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe (Sonic Solutions)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: mcmscsvc - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SafeBootMin: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: mcmscsvc - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SafeBootNet: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootNet: MpfService - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {057997dd-71e4-43cc-b161-3f8180691a9e} - Q824145
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - Internet Explorer Classes for Java
ActiveX: {0fde1f56-0d59-4fd7-9624-e3df6b419d0e} - Internet Explorer ReadMe
ActiveX: {0fde1f56-0d59-4fd7-9624-e3df6b419d0f} - IEEX
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {2298d453-bcae-4519-bf33-1cbf3faf1524} - Q867801
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2cc9d512-6db6-4f1c-8979-9a41fae88de0} - Q837009
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3e7bb08a-a7a3-4692-8eac-ac5e7895755b} - KB834707
ActiveX: {3fe8dce3-19f0-35c9-aaf2-efc830dc2105} -
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5f3c70b3-ac2f-432c-8f9c-1624df61f54f} - Microsoft Data Access Components KB870669
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {795d0712-722c-43ec-906a-fc5e678eada9} - Q831167
ActiveX: {7EC78E60-CF8E-11D4-84F8-005056A32B36} - Custom ICM Profile
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {DBB3C81D-3C91-4a1e-BDDF-905B61C7CEDF} - Security Update for the Microsoft VM
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {eddbec60-89cb-44ef-8291-0850fd28ff6a} - Q832894
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: {f5173cf0-1dfb-4978-8e50-a90169ee7ca9} - Q823353
ActiveX: {F5776D81-AE53-4935-8E84-B0B283D8BCEF} - Q330994
ActiveX: {f5de1b93-9d38-416b-b09e-aa85a8e84309} - Q818529
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /HideWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: AutorunsDisabled -

Drivers32: msacm.alf2cd - C:\WINDOWS\System32\alf2cd.acm (NCT Company)
Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\VIO\DVACM.acm (InterVideo Digital Technology Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.MPEGacm - C:\Program Files\Common Files\Ulead Systems\MPEG\MPEGACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.ulmp3acm - C:\Program Files\Common Files\Ulead Systems\MPEG\ulmp3acm.acm (Ulead systems)
Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.dvsd - C:\WINDOWS\System32\mcdvd_32.dll (MainConcept)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.mp42 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mp43 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mpg4 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: vidc.xvid - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16891891626803200)

========== Files/Folders - Created Within 30 Days ==========

[2010/02/11 22:52:40 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mark\Desktop\OTL.exe
[2010/02/09 15:36:47 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/02/09 10:07:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mark\Desktop\GooredFix Backups
[2010/02/09 09:31:18 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Mark\Recent
[2010/02/09 09:05:55 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/01/17 19:51:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mark\Desktop\MADONNA - THE IMMACULATE MIXTAPE EDITION
[2010/01/16 10:20:16 | 000,057,344 | ---- | C] (NexiTech, Inc.) -- C:\WINDOWS\System32\Wnaspint.dll
[2010/01/16 10:19:56 | 000,000,000 | ---D | C] -- C:\Program Files\Acoustica Shared Effects
[2010/01/16 10:19:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Acoustica
[2010/01/16 10:19:06 | 000,000,000 | ---D | C] -- C:\Program Files\Acoustica Mixcraft 4
[2009/10/30 21:12:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2009/10/28 18:33:17 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/10/28 16:20:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2009/10/28 16:20:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/09/15 06:50:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[2009/05/17 00:59:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2009/05/16 09:14:57 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/12/09 21:02:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2007/12/29 17:41:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/12/10 22:24:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Roxio
[2007/03/12 15:44:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\DivX
[2006/12/17 17:55:12 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Mark\Application Data\pcouffin.sys
[2005/03/29 17:33:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Symantec
[2003/08/02 12:15:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[27 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[12 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/12 06:30:39 | 000,008,384 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/02/12 06:29:49 | 018,612,224 | ---- | M] () -- C:\Documents and Settings\Mark\ntuser.dat
[2010/02/12 06:29:20 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/02/12 06:28:32 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/12 06:25:55 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/12 06:25:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/11 22:55:21 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\761vr56o.exe
[2010/02/11 22:53:05 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mark\Desktop\OTL.exe
[2010/02/11 14:49:03 | 030,534,984 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\cureit.exe
[2010/02/10 22:45:21 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Mark\ntuser.ini
[2010/02/10 17:23:32 | 003,508,767 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\26898.mp3
[2010/02/10 16:44:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/02/09 11:19:39 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/02/09 10:30:58 | 000,007,062 | ---- | M] () -- C:\WINDOWS\Mark8.xlb
[2010/02/09 10:22:32 | 000,746,446 | ---- | M] () -- C:\Documents and Settings\Mark\My Documents\cc_20100209_102156.reg
[2010/02/08 21:37:10 | 001,224,333 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\TNBT.JPG
[2010/02/08 21:25:39 | 000,219,311 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\538bqv.jpg
[2010/02/08 21:25:38 | 000,218,149 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\sys10l.jpg
[2010/02/07 09:52:06 | 065,719,472 | ---- | M] () -- C:\Documents and Settings\Mark\Local Settings\Application Data\rx_image.Cache
[2010/02/07 09:47:41 | 000,001,125 | ---- | M] () -- C:\WINDOWS\winamp.ini
[2010/02/07 09:40:10 | 003,382,992 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\Madonna - Celebration (Akon David Guetta Cover Remix).mp3
[2010/02/07 08:48:57 | 029,859,390 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\Take A Bow (Acapella - Back Vox).wav
[2010/02/06 23:48:18 | 054,247,138 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\No Substitute For Love (Untouched Demo).wav
[2010/02/06 23:42:46 | 012,666,253 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\Madonna_-_Liquid_Love__David_Guetta_Remix_Edit_.mp3
[2010/02/06 23:40:51 | 010,131,397 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\You Thrill Me (Erotica Uheard Vocals Version) .mp3
[2010/02/06 19:34:40 | 011,548,424 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\Take A Bow (Lead Vox).mp3
[2010/02/06 19:31:14 | 034,287,792 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\When Liquid Love Takes Over.wav
[2010/02/06 17:40:54 | 004,947,968 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\Speechless.mp3
[2010/02/06 17:40:39 | 002,412,544 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\Poker Face.mp3
[2010/02/06 11:33:40 | 037,566,752 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\Re-Invention Tour Rehersals - 2-08 - Crazy For You.wav
[2010/02/06 10:46:10 | 046,963,560 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\Re-Invention Tour Rehersals - 2-01 - Nothing Fails.wav
[2010/02/04 13:31:52 | 008,663,168 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\Into The Groove (DMC Remix).mp3
[2010/02/04 12:25:18 | 011,858,291 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\Celebration (Saint Ken's Fan-O-Rama Remix).mp3
[2010/02/03 18:42:31 | 000,068,714 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\17th+Annual+World+Team+Tennis+Smash+Hits+D5aBNBgN_1vl.jpg
[2010/02/03 10:20:50 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\dolce gabbana.doc
[2010/02/03 09:19:25 | 000,347,356 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\andy-lindsay-elton1.jpg
[2010/02/03 09:14:08 | 000,094,025 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\2009-smash-hits-group-shot_auvo.jpg
[2010/02/01 11:23:25 | 013,359,328 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\08 Celebration.mp3
[2010/02/01 01:00:26 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2010/02/01 00:24:19 | 005,377,561 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\Steven Klein 2006.jpg
[2010/01/31 18:37:50 | 009,667,375 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\1984 - Georges Holtz - First Album Cover Re-issu - 14.jpg
[2010/01/31 09:21:05 | 000,372,131 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\deg9.jpg
[2010/01/31 09:15:13 | 000,161,769 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\RIT_cover_LISBON.jpg
[2010/01/31 08:06:29 | 026,313,688 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\2008 - Meisel - Vuitton Commercial - 05c.jpg
[2010/01/31 08:00:18 | 003,689,613 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\1984 - Georges Holtz - First Album Cover Re-issu - 03.jpg
[2010/01/31 07:55:53 | 003,731,454 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\2004 - Commercial - Testino - Versace - 010.jpg
[2010/01/31 07:54:55 | 006,094,286 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\deg14.jpg
[2010/01/31 07:54:38 | 013,014,491 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\deg5.jpg
[2010/01/31 00:51:57 | 006,033,973 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\2009 - Steven Klein - W 2009 - Serie 01-01a.jpg
[2010/01/31 00:50:00 | 012,219,240 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\2005 - Klein - Unreleased Confession - 018a.jpg
[2010/01/31 00:00:44 | 009,591,767 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\LAV.jpg
[2010/01/30 23:54:40 | 000,186,360 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\RIT_cover_LISBON copy.jpg
[2010/01/30 18:51:46 | 002,413,151 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\sticker_rit_01092004_HQ.jpg
[2010/01/30 18:46:10 | 008,869,975 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\jaquette_rit_hte_reso.jpg
[2010/01/25 23:05:05 | 000,030,208 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\RIT.doc
[2010/01/24 17:05:46 | 003,227,525 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\Maroon_5_-_04_-_Wake_Up_Call.mp3
[2010/01/24 08:12:02 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\Driver Robot.job
[2010/01/23 19:44:21 | 022,684,319 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\Graphic Artwork [Madonna Mia].rar
[2010/01/23 18:29:09 | 000,570,483 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\hope_haiti_now_015.jpg
[2010/01/23 18:28:11 | 000,269,558 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\LFI_NYHopeforhaitihandout11.jpg
[2010/01/23 18:28:11 | 000,244,266 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\LFI_NYHopeforhaitihandout19.jpg
[2010/01/23 00:04:25 | 010,748,034 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\2009 - Madonna by Steven Klein - W Magazine - Serie 00-01.jpg
[2010/01/22 22:06:55 | 009,464,490 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\2010 - Madonna by Steven Klein for Dolce & Gabbana - 7e.jpg
[2010/01/22 07:15:00 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\Mark\My Documents\Anthony Dowsett.doc
[2010/01/22 07:09:48 | 009,033,332 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\Tom Munro - Elle - 2008 00024a.jpg
[2010/01/22 07:03:59 | 022,910,046 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\2008 - Meisel - Vuitton Commercial - 01b.jpg
[2010/01/21 23:35:19 | 000,108,286 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\Madonna_Re_invention_disc_by_Ludingirra.jpg
[2010/01/21 23:27:44 | 017,236,324 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\2007_-_Steven_Klein_-_H_amp_M_Commercial_-_Serie_White_-_06.tif
[2010/01/21 23:14:12 | 015,413,828 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\2007 - Steven Klein - H&amp;M Commercial - Serie Hall - 09 - Cropped.tif
[2010/01/21 22:56:09 | 018,098,069 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\2008 - Madonna by Steven Klein Outtake - 00104.jpg
[2010/01/21 18:26:50 | 015,414,508 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\2007 - Steven Klein - H&amp;M Commercial - Serie Hall - 07 - Cropped.tif
[2010/01/21 18:22:46 | 015,414,728 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\2007 - Steven Klein - H&amp;M Commercial - Serie Hall - 02 - Cropped.tif
[2010/01/21 17:32:12 | 015,414,292 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\2007 - Steven Klein - H&amp;M Commercial - Serie Hall - 01b - Cropped.tif
[2010/01/20 17:28:12 | 007,202,506 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\Re-invention Tour 2004 Lisbon.jpg
[2010/01/18 07:23:27 | 000,023,179 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\MADbanner2.jpg
[2010/01/18 07:23:25 | 000,024,459 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\MADbanner1.jpg
[2010/01/15 17:49:50 | 000,181,456 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\MADstandee1[1].JPG
[2010/01/15 07:10:19 | 000,728,478 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\MEN Arena.bmp
[2010/01/14 11:12:06 | 000,181,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010/01/14 06:41:51 | 000,001,482 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/01/14 06:41:51 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[27 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[12 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/11 22:55:14 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\761vr56o.exe
[2010/02/11 14:48:34 | 030,534,984 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\cureit.exe
[2010/02/10 17:23:17 | 003,508,767 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\26898.mp3
[2010/02/09 11:03:43 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/02/09 10:22:02 | 000,746,446 | ---- | C] () -- C:\Documents and Settings\Mark\My Documents\cc_20100209_102156.reg
[2010/02/08 21:37:09 | 001,224,333 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\TNBT.JPG
[2010/02/08 21:26:24 | 000,218,149 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\sys10l.jpg
[2010/02/08 21:26:16 | 000,219,311 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\538bqv.jpg
[2010/02/07 09:39:58 | 003,382,992 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\Madonna - Celebration (Akon David Guetta Cover Remix).mp3
[2010/02/07 08:48:41 | 029,859,390 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\Take A Bow (Acapella - Back Vox).wav
[2010/02/06 23:48:03 | 054,247,138 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\No Substitute For Love (Untouched Demo).wav
[2010/02/06 23:42:42 | 012,666,253 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\Madonna_-_Liquid_Love__David_Guetta_Remix_Edit_.mp3
[2010/02/06 23:40:49 | 010,131,397 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\You Thrill Me (Erotica Uheard Vocals Version) .mp3
[2010/02/06 19:34:37 | 011,548,424 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\Take A Bow (Lead Vox).mp3
[2010/02/06 19:30:49 | 034,287,792 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\When Liquid Love Takes Over.wav
[2010/02/06 17:40:32 | 004,947,968 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\Speechless.mp3
[2010/02/06 17:40:23 | 002,412,544 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\Poker Face.mp3
[2010/02/06 11:33:25 | 037,566,752 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\Re-Invention Tour Rehersals - 2-08 - Crazy For You.wav
[2010/02/06 10:45:32 | 046,963,560 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\Re-Invention Tour Rehersals - 2-01 - Nothing Fails.wav
[2010/02/04 13:31:49 | 008,663,168 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\Into The Groove (DMC Remix).mp3
[2010/02/04 12:25:05 | 011,858,291 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\Celebration (Saint Ken's Fan-O-Rama Remix).mp3
[2010/02/04 07:23:54 | 000,186,360 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\RIT_cover_LISBON copy.jpg
[2010/02/04 07:06:13 | 007,202,506 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\Re-invention Tour 2004 Lisbon.jpg
[2010/02/03 18:42:48 | 000,068,714 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\17th+Annual+World+Team+Tennis+Smash+Hits+D5aBNBgN_1vl.jpg
[2010/02/03 10:20:49 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\dolce gabbana.doc
[2010/02/03 09:19:33 | 000,347,356 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\andy-lindsay-elton1.jpg
[2010/02/03 09:14:25 | 000,094,025 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\2009-smash-hits-group-shot_auvo.jpg
[2010/02/01 11:23:19 | 013,359,328 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\08 Celebration.mp3
[2010/02/01 00:24:18 | 005,377,561 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\Steven Klein 2006.jpg
[2010/01/31 18:37:44 | 009,667,375 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\1984 - Georges Holtz - First Album Cover Re-issu - 14.jpg
[2010/01/31 09:21:10 | 000,372,131 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\deg9.jpg
[2010/01/31 09:15:10 | 000,161,769 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\RIT_cover_LISBON.jpg
[2010/01/31 08:06:18 | 026,313,688 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\2008 - Meisel - Vuitton Commercial - 05c.jpg
[2010/01/31 08:00:12 | 013,014,491 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\deg5.jpg
[2010/01/31 08:00:05 | 003,689,613 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\1984 - Georges Holtz - First Album Cover Re-issu - 03.jpg
[2010/01/31 07:59:18 | 006,094,286 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\deg14.jpg
[2010/01/31 07:55:42 | 003,731,454 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\2004 - Commercial - Testino - Versace - 010.jpg
[2010/01/31 00:51:55 | 006,033,973 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\2009 - Steven Klein - W 2009 - Serie 01-01a.jpg
[2010/01/31 00:49:57 | 012,219,240 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\2005 - Klein - Unreleased Confession - 018a.jpg
[2010/01/31 00:00:41 | 009,591,767 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\LAV.jpg
[2010/01/30 18:51:39 | 002,413,151 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\sticker_rit_01092004_HQ.jpg
[2010/01/30 18:46:06 | 008,869,975 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\jaquette_rit_hte_reso.jpg
[2010/01/25 20:48:53 | 000,030,208 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\RIT.doc
[2010/01/23 19:44:15 | 022,684,319 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\Graphic Artwork [Madonna Mia].rar
[2010/01/23 18:29:19 | 000,570,483 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\hope_haiti_now_015.jpg
[2010/01/23 18:28:36 | 000,244,266 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\LFI_NYHopeforhaitihandout19.jpg
[2010/01/23 18:28:28 | 000,269,558 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\LFI_NYHopeforhaitihandout11.jpg
[2010/01/23 14:20:57 | 010,748,034 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\2009 - Madonna by Steven Klein - W Magazine - Serie 00-01.jpg
[2010/01/23 09:47:54 | 003,227,525 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\Maroon_5_-_04_-_Wake_Up_Call.mp3
[2010/01/23 09:17:27 | 009,464,490 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\2010 - Madonna by Steven Klein for Dolce & Gabbana - 7e.jpg
[2010/01/23 09:01:08 | 018,098,069 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\2008 - Madonna by Steven Klein Outtake - 00104.jpg
[2010/01/22 07:14:59 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\Mark\My Documents\Anthony Dowsett.doc
[2010/01/22 07:09:46 | 009,033,332 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\Tom Munro - Elle - 2008 00024a.jpg
[2010/01/22 07:03:44 | 022,910,046 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\2008 - Meisel - Vuitton Commercial - 01b.jpg
[2010/01/21 23:36:07 | 000,108,286 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\Madonna_Re_invention_disc_by_Ludingirra.jpg
[2010/01/21 23:27:33 | 017,236,324 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\2007_-_Steven_Klein_-_H_amp_M_Commercial_-_Serie_White_-_06.tif
[2010/01/21 23:14:09 | 015,413,828 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\2007 - Steven Klein - H&amp;M Commercial - Serie Hall - 09 - Cropped.tif
[2010/01/21 18:26:47 | 015,414,508 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\2007 - Steven Klein - H&amp;M Commercial - Serie Hall - 07 - Cropped.tif
[2010/01/21 18:22:43 | 015,414,728 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\2007 - Steven Klein - H&amp;M Commercial - Serie Hall - 02 - Cropped.tif
[2010/01/21 17:32:07 | 015,414,292 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\2007 - Steven Klein - H&amp;M Commercial - Serie Hall - 01b - Cropped.tif
[2010/01/18 07:23:27 | 000,023,179 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\MADbanner2.jpg
[2010/01/18 07:23:17 | 000,024,459 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\MADbanner1.jpg
[2010/01/15 17:49:50 | 000,181,456 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\MADstandee1[1].JPG
[2010/01/15 07:10:19 | 000,728,478 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\MEN Arena.bmp
[2009/09/01 05:40:54 | 000,002,187 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2008/10/15 18:03:38 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/09/30 09:47:38 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
[2008/09/09 07:26:56 | 000,014,691 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\N360BUOptions.ini
[2008/02/16 15:33:13 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
[2008/01/27 17:30:51 | 000,008,704 | ---- | C] () -- C:\Documents and Settings\Mark\Application Data\DMX.bmk
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/09/05 14:46:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2007/07/12 17:31:06 | 000,210,456 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2007/07/12 17:31:06 | 000,194,072 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2007/07/12 17:31:05 | 000,206,360 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2007/07/12 17:31:05 | 000,198,168 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2007/07/12 17:31:05 | 000,198,168 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2007/07/12 17:31:05 | 000,026,136 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2007/07/05 13:53:12 | 000,000,828 | ---- | C] () -- C:\WINDOWS\ARPR.INI
[2007/06/28 16:44:26 | 000,000,535 | ---- | C] () -- C:\WINDOWS\IfoEdit.INI
[2007/04/23 00:01:47 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/03/30 05:50:24 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/03/30 05:50:24 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/03/29 15:04:29 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\FoxImager.dll
[2007/03/22 18:15:08 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\DVDEncoder.dll
[2006/12/30 14:09:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2006/12/28 12:04:29 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Mark\Local Settings\Application Data\fusioncache.dat
[2006/12/17 17:55:12 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Mark\Application Data\ezpinst.exe
[2006/12/17 17:55:12 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Mark\Application Data\pcouffin.cat
[2006/12/17 17:55:12 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Mark\Application Data\pcouffin.inf
[2006/08/22 17:10:31 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\PixText.dll
[2006/07/17 12:30:39 | 000,000,068 | ---- | C] () -- C:\WINDOWS\Power Video Converter.INI
[2006/07/02 08:10:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\AoADVDRipper.INI
[2006/06/12 09:21:38 | 000,036,363 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2006/06/11 16:11:21 | 000,000,532 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2006/06/11 07:22:14 | 000,000,067 | ---- | C] () -- C:\WINDOWS\AudioMidRecorder.INI
[2006/06/10 09:41:22 | 000,013,357 | ---- | C] () -- C:\WINDOWS\System32\vgadrv.dll
[2006/06/10 09:41:22 | 000,008,078 | ---- | C] () -- C:\WINDOWS\System32\drivers\vgadrv.sys
[2006/06/04 17:04:16 | 000,607,104 | ---- | C] () -- C:\Documents and Settings\Mark\Local Settings\Application Data\rx_audio.Cache
[2006/05/18 16:43:23 | 000,000,026 | ---- | C] () -- C:\WINDOWS\dvdSanta.INI
[2006/05/07 16:33:05 | 065,719,472 | ---- | C] () -- C:\Documents and Settings\Mark\Local Settings\Application Data\rx_image.Cache
[2006/05/05 19:44:27 | 000,000,735 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/03/18 21:14:33 | 000,000,071 | ---- | C] () -- C:\WINDOWS\EPSONCD.INI
[2006/03/05 09:12:45 | 001,060,864 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2006/03/05 09:12:45 | 000,909,312 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2006/03/05 09:12:45 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2006/03/05 09:12:45 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2006/02/23 20:46:39 | 000,000,284 | ---- | C] () -- C:\Documents and Settings\Mark\Application Data\ViewerApp.dat
[2006/02/21 21:20:30 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2006/02/17 19:21:32 | 000,000,099 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2006/02/17 19:16:48 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDER320.ini
[2005/12/17 13:21:16 | 000,000,193 | ---- | C] () -- C:\WINDOWS\sc.INI
[2005/12/17 11:31:51 | 000,491,520 | ---- | C] () -- C:\WINDOWS\System32\mp3lib.dll
[2005/12/08 20:02:24 | 000,000,001 | ---- | C] () -- C:\Documents and Settings\Mark\Application Data\FrontEndCD.ini
[2005/11/10 10:30:04 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/10/22 07:33:55 | 000,007,168 | ---- | C] () -- C:\WINDOWS\lq.dll
[2005/10/22 07:33:54 | 000,468,480 | ---- | C] () -- C:\WINDOWS\System32\NMDll.dll
[2005/10/22 07:33:54 | 000,020,480 | ---- | C] () -- C:\WINDOWS\yhl.dll
[2005/09/08 17:32:28 | 000,232,508 | ---- | C] () -- C:\WINDOWS\System32\drivers\btpcbcsp.sys
[2005/08/02 21:24:01 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2005/07/15 18:35:56 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/07/15 18:35:56 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/07/14 12:31:20 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2005/06/21 22:37:42 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\cygz.dll
[2005/04/15 06:24:28 | 000,000,004 | ---- | C] () -- C:\WINDOWS\todo.sys
[2005/04/05 18:07:57 | 000,000,739 | ---- | C] () -- C:\WINDOWS\STImgBrowser.INI
[2005/01/23 12:50:02 | 000,000,202 | ---- | C] () -- C:\WINDOWS\ppdrv.ini
[2004/12/30 07:38:40 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2004/11/21 09:44:45 | 000,000,066 | ---- | C] () -- C:\WINDOWS\StationRipper.INI
[2004/09/22 08:22:55 | 000,000,045 | ---- | C] () -- C:\WINDOWS\ICDEJGIJ.ini
[2004/09/12 17:13:50 | 003,354,044 | ---- | C] () -- C:\Documents and Settings\Mark\Local Settings\Application Data\imageCache7.db
[2004/09/03 17:52:50 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\GCCollection.dll
[2004/09/02 14:23:36 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2004/08/14 10:14:59 | 000,000,040 | ---- | C] () -- C:\WINDOWS\nero.INI
[2004/06/30 15:04:46 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\SDelete.dll
[2004/04/22 06:38:30 | 000,000,022 | ---- | C] () -- C:\WINDOWS\exchng.ini
[2004/04/22 06:38:29 | 000,000,160 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/04/18 18:36:10 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2004/03/30 06:25:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2004/03/27 09:41:36 | 000,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2004/03/25 21:27:10 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/03/14 09:59:26 | 000,000,004 | ---- | C] () -- C:\WINDOWS\System32\micr0st.dll
[2004/03/07 13:51:00 | 000,024,924 | ---- | C] () -- C:\WINDOWS\System32\openports.dll
[2004/02/12 07:34:33 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameE.txt
[2004/02/06 17:24:52 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS4b.DLL
[2004/02/01 08:13:31 | 000,001,411 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2004/01/11 10:30:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2003/11/08 21:13:02 | 000,232,448 | ---- | C] () -- C:\Documents and Settings\Mark\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2003/10/28 06:07:14 | 000,262,416 | ---- | C] () -- C:\WINDOWS\System32\ASFV2.DLL
[2003/10/28 06:06:29 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll
[2003/10/28 06:05:31 | 000,343,040 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2003/10/28 06:05:31 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2003/08/07 19:01:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2003/08/02 18:02:58 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/08/02 14:59:16 | 000,000,072 | ---- | C] () -- C:\WINDOWS\AcrobatSetupStatus.ini
[2003/08/02 13:26:00 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2003/08/02 12:17:40 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/08/02 10:47:20 | 000,002,698 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/05/22 00:50:38 | 000,352,256 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2003/03/28 11:34:12 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\cbldrm.dll
[2003/02/03 03:26:18 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2003/01/13 13:21:58 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2002/07/05 14:12:06 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\authdvd.dll
[2002/05/15 22:29:04 | 000,000,607 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2002/03/17 00:00:00 | 000,007,420 | ---- | C] () -- C:\WINDOWS\UA000080.DLL
[2001/11/23 17:18:00 | 000,000,597 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001/05/25 16:32:22 | 000,038,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\SbcpHid.sys
[1996/11/20 23:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1996/11/20 23:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1996/11/20 23:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== LOP Check ==========

[2003/08/02 14:59:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterTrust
[2010/01/16 10:19:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acoustica
[2007/07/01 11:13:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ashampoo
[2009/06/21 18:17:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OfficeRecovery
[2009/07/13 15:53:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2009/10/26 09:06:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2007/04/14 14:20:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2007/06/04 21:51:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2006/06/12 14:10:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2007/07/12 17:32:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2008/10/25 14:47:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2008/11/08 06:43:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
[2003/08/02 14:59:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\InterTrust
[2009/10/30 21:12:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2006/06/25 07:58:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\.ABC
[2010/01/16 10:20:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Acoustica
[2009/10/04 07:53:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Ashampoo
[2010/02/05 10:32:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\BitTorrent
[2009/10/26 09:06:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Blitware
[2006/06/12 09:20:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Canon
[2010/02/09 22:28:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\DNA
[2006/06/30 18:06:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\EPSON
[2007/02/17 18:06:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\GlobalSCAPE
[2005/05/02 09:21:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Internet Download Accelerator
[2006/06/11 16:11:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\ScanSoft
[2009/10/04 07:53:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Seven Zip
[2004/04/18 18:44:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Template
[2007/07/14 19:15:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Ulead Systems
[2008/11/08 06:45:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Uniblue
[2008/10/31 18:58:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Windows Desktop Search
[2008/10/31 22:57:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Windows Search
[2010/01/24 08:12:02 | 000,000,456 | ---- | M] () -- C:\WINDOWS\Tasks\Driver Robot.job
[2009/10/28 18:06:11 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2010/02/01 01:00:26 | 000,000,316 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job
[2010/02/12 06:29:20 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Custom Scans ==========


< %ALLUSERSPROFILE%\Application Data\*. >
[2010/01/16 10:19:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acoustica
[2008/11/17 20:47:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2007/12/22 23:53:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2006/12/25 18:59:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2005/08/07 10:23:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ArcSoft
[2007/07/01 11:13:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ashampoo
[2003/08/02 13:45:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2007/03/09 22:11:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DVD Shrink
[2008/10/26 12:02:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2006/05/05 19:18:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2009/07/13 07:49:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/10/28 18:19:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2009/05/16 08:54:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2009/07/19 10:35:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NOS
[2009/06/21 18:17:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OfficeRecovery
[2003/10/28 06:00:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickTime
[2009/07/14 16:29:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Roxio
[2008/11/02 00:03:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
[2009/07/13 15:53:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2009/10/26 09:06:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2006/12/23 19:17:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sonic
[2008/10/26 12:03:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony Corporation
[2010/02/09 09:25:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2007/04/14 14:20:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2007/06/04 21:51:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2006/06/12 14:10:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2007/07/12 17:32:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2006/02/15 07:22:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2008/10/25 14:47:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2008/11/08 06:43:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}

< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2008/07/04 12:35:42 | 000,053,096 | ---- | M] (GEAR Software, Inc.) -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x64\DifXInstall64.exe
[2008/07/04 12:35:40 | 000,054,632 | ---- | M] (GEAR Software, Inc.) -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\DifXInstall32.exe
[2008/10/26 05:16:28 | 002,567,153 | ---- | M] (Uniblue Systems ) -- C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}\Uniblue RegistryBooster.exe
[2008/08/26 16:48:09 | 000,111,912 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}\registrybooster2\65B92A91\6383BC9B\KillRBProcess.exe
[2008/08/26 16:48:09 | 000,099,624 | ---- | M] (Uniblue Software) -- C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}\registrybooster2\7390E4F0\6383BC9B\StartRegistryBooster.exe
[2008/08/26 16:48:09 | 002,019,624 | ---- | M] (Uniblue Software) -- C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}\registrybooster2\7CE1607E\6383BC9B\RegistryBooster.exe
[2007/11/15 13:25:24 | 000,116,008 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.5.0.20\iTunesSetupAdmin.exe
[2009/07/19 10:23:53 | 001,914,000 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe

< %APPDATA%\*. >
[2006/06/25 07:58:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\.ABC
[2010/01/16 10:20:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Acoustica
[2009/07/19 10:44:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Adobe
[2005/11/22 18:27:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Apple Computer
[2009/08/03 08:03:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\ArcSoft
[2009/10/04 07:53:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Ashampoo
[2006/12/28 12:04:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\ATI
[2010/02/05 10:32:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\BitTorrent
[2009/10/26 09:06:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Blitware
[2006/06/12 09:20:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Canon
[2003/11/08 21:53:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\CyberLink
[2007/01/27 17:16:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\DivX
[2010/02/09 22:28:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\DNA
[2003/10/28 06:19:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Drag'n Drop CD+DVD
[2009/10/27 06:34:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\dvdcss
[2006/06/30 18:06:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\EPSON
[2007/02/17 18:06:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\GlobalSCAPE
[2008/04/29 08:31:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Google
[2004/01/26 07:24:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Help
[2003/08/02 12:13:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Identities
[2005/05/02 09:21:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Internet Download Accelerator
[2004/02/15 13:47:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Macromedia
[2009/07/13 07:49:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Malwarebytes
[2009/10/28 17:57:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\McAfee
[2009/11/03 21:31:54 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Mark\Application Data\Microsoft
[2004/01/31 13:23:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Real
[2007/12/23 08:51:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Roxio
[2006/06/11 16:11:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\ScanSoft
[2009/10/04 07:53:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Seven Zip
[2006/06/01 20:04:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Sonic
[2004/04/15 15:32:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Sony Corporation
[2005/07/01 07:40:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Sun
[2009/12/09 19:01:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Symantec
[2004/04/18 18:44:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Template
[2007/07/14 19:15:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Ulead Systems
[2008/11/08 06:45:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Uniblue
[2004/09/08 10:17:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\vlc
[2008/10/31 18:58:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Windows Desktop Search
[2008/10/31 22:57:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Windows Search

< %APPDATA%\*.exe /s >
[2007/04/16 14:05:38 | 000,087,608 | ---- | M] () -- C:\Documents and Settings\Mark\Application Data\ezpinst.exe
[2009/10/26 09:31:29 | 010,592,136 | ---- | M] ( ) -- C:\Documents and Settings\Mark\Application Data\Blitware\DriverRobot\downloads\e23fe99478b41d1ad7cc552582c0366a\sp41804.exe
[2009/12/06 03:12:31 | 005,395,904 | ---- | M] (Blitware Technology Inc. ) -- C:\Documents and Settings\Mark\Application Data\Blitware\DriverRobot\updates\1.2.0.5\DriverRobot_Setup.exe
[2007/12/10 20:33:30 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Mark\Application Data\Microsoft\Installer\{098122AB-C605-4853-B441-C0A4EB359B75}\ARPPRODUCTICON.exe
[2006/06/11 11:17:55 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Mark\Application Data\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\ARPPRODUCTICON.exe
[2006/06/11 11:17:55 | 000,008,854 | R--- | M] () -- C:\Documents and Settings\Mark\Application Data\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\Uninstall_WD_Diagnos_0AB76F69E7614CFAB9B0A1906B4E9E4B.exe
[2006/06/11 11:17:55 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\Mark\Application Data\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\WinDlg.exe_0AB76F69E7614CFAB9B0A1906B4E9E4B_3.exe
[2008/12/01 09:56:52 | 000,382,472 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\Mark\Application Data\Real\RealOne Player\setup\AU_setup4.exe
[2008/04/02 17:07:14 | 002,613,088 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Mark\Application Data\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Setup.exe
[2008/02/19 23:03:53 | 000,778,080 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Mark\Application Data\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Stub.exe
[2008/01/25 23:57:36 | 000,031,576 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Mark\Application Data\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\Setup\FWCfg.exe
[2008/01/19 01:43:28 | 001,250,656 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Mark\Application Data\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\Setup\COH32\COH32.exe
[2008/01/19 01:58:48 | 001,996,336 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Mark\Application Data\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\Setup\COH64\COH64.exe
[2008/02/26 14:50:42 | 000,448,352 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Mark\Application Data\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\Setup\Norton\app\MainStub.exe
[2008/02/26 14:50:42 | 000,370,528 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Mark\Application Data\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\Setup\Norton\app\NSWRedir.exe
[2008/02/26 14:50:44 | 000,988,512 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Mark\Application Data\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\Setup\Norton\app\osCheck.exe
[2008/02/26 14:50:44 | 000,404,320 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Mark\Application Data\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\Setup\Norton\app\ScanStub.exe
[2008/02/26 14:50:46 | 000,972,640 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Mark\Application Data\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\Setup\Norton\app\tpNetMap.exe
[2008/02/25 05:21:32 | 000,096,424 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Mark\Application Data\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\Setup\Norton\app\WSCStub.exe
[2008/02/21 22:49:04 | 000,051,576 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Mark\Application Data\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\Setup\NPC\HSLoader.exe
[2008/02/21 22:49:08 | 000,036,728 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Mark\Application Data\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\Setup\NPC\isUAC.exe
[2008/02/21 22:49:14 | 000,042,360 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Mark\Application Data\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\Setup\NPC\npcLULdr.exe
[2008/02/21 22:49:16 | 000,082,808 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Mark\Application Data\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\Setup\NPC\npcLUStb.exe
[2008/02/24 00:41:38 | 000,423,304 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Mark\Application Data\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\Setup\OPC\cltUAC.exe
[2008/02/24 00:40:46 | 000,533,896 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Mark\Application Data\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\Setup\OPC\SSAutoRN.exe
[2008/02/24 00:41:28 | 000,611,712 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Mark\Application Data\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\Setup\OPC\SYMCUW.exe
[2008/01/22 22:09:02 | 002,368,888 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Mark\Application Data\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\Setup\SYMSHARE\IDS\IdsInst.exe
[2008/02/07 06:49:36 | 000,443,760 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Mark\Application Data\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\Setup\SYMSHARE\SecHist\MCUI32.exe
[2007/08/22 08:21:30 | 000,055,640 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Mark\Application Data\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\Setup\SYMSHARE\VASCAN\comHost.exe
[2007/08/22 08:22:08 | 000,267,096 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Mark\Application Data\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\Setup\SYMSHARE\VASCAN64\comHost.exe
[2008/02/24 00:40:46 | 000,533,896 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Mark\Application Data\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\SymLT\OPC\SSAutoRN.exe
[2008/01/30 20:55:54 | 001,279,368 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Mark\Application Data\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\SymLT\PIF_96E2\pifCrawl.exe
[2008/01/30 20:55:34 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Mark\Application Data\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\SymLT\PIF_96E2\PIFSvc.exe
[2008/01/25 17:16:59 | 001,022,848 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Mark\Application Data\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Supp64\SEVINST\Sevntx64.exe
[2008/02/26 08:34:20 | 000,137,568 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Mark\Application Data\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\Backup\Backup\buDump.exe
[2008/02/18 19:37:38 | 000,051,048 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Mark\Application Data\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\ccCommon\ccCommon\ccApp.exe
[2008/02/18 19:37:40 | 000,056,168 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Mark\Application Data\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\ccCommon\ccCommon\ccEvtMgr.exe
[2008/02/18 19:37:10 | 000,268,648 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Mark\Application Data\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\ccCommon\ccCommon\ccLgView.exe
[2008/02/18 19:37:18 | 000,046,440 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Mark\Application Data\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\ccCommon\ccCommon\ccSetMgr.exe
[2008/02/18 19:37:54 | 000,876,392 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Mark\Application Data\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\ccCommon\ccCommon\ccSEUPDT.exe
[2008/02/18 19:37:20 | 000,149,352 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Mark\Application Data\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\ccCommon\ccCommon\ccSvcHst.exe
[2008/02/21 22:02:33 | 000,152,952 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Mark\Application Data\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\LUpdate\WLUEX\ALUNOTIF.EXE
[2008/02/21 22:02:53 | 000,238,968 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Mark\Application Data\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\LUpdate\WLUEX\ALUSDSVC.EXE
[2008/02/21 22:02:34 | 000,308,600 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Mark\Application Data\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\LUpdate\WLUEX\AUPDATE.EXE
[2008/02/21 22:03:06 | 000,181,624 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Mark\Application Data\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\LUpdate\WLUEX\LSETUP.EXE
[2008/02/21 22:02:38 | 000,873,848 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Mark\Application Data\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\LUpdate\WLUEX\LUALL.EXE
[2008/02/21 22:02:46 | 000,062,840 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Mark\Application Data\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\LUpdate\WLUEX\LUCBPRXY.EXE
[2008/02/21 22:03:06 | 000,181,624 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Mark\Application Data\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\LUpdate\WLUEX\LUCheck.exe
[2008/02/21 22:02:44 | 003,220,856 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Mark\Application Data\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\LUpdate\WLUEX\LUCOMSVR.EXE
[2008/02/21 22:02:40 | 000,804,216 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Mark\Application Data\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\LUpdate\WLUEX\LuConfig.EXE
[2008/02/21 22:02:42 | 000,016,760 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Mark\Application Data\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\LUpdate\WLUEX\NotifyHA.exe
[2005/05/19 21:50:36 | 002,584,848 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Mark\Application Data\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\MSI\wiupdate.exe
[2008/02/24 02:08:52 | 000,382,320 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Mark\Application Data\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\NCO\NCO\APP\COExport.exe
[2008/02/24 02:08:18 | 000,095,600 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Mark\Application Data\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\NCO\NCO\APP\coVisPrx.exe
[2007/11/30 00:15:06 | 000,288,088 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Mark\Application Data\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\NCO\NCO\SYMSHARE\COL\COLUpdtr.exe
[2008/02/19 23:03:58 | 000,160,112 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Mark\Application Data\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\Remover\Remover.exe
[2008/02/19 23:03:51 | 000,990,056 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Mark\Application Data\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\Reporter\Reporter.exe
[2008/01/25 17:16:58 | 000,832,896 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Mark\Application Data\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\SEVINST\SEVINST.EXE
[2008/01/26 08:27:32 | 000,661,896 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Mark\Application Data\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\SPBBC\SPBBC32\SYMSHARE\SPBBC\UpdMgr.exe
[2008/02/19 23:03:49 | 000,687,976 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Mark\Application Data\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\SymLnch\SymLnch.exe
[2007/02/13 03:10:44 | 002,682,880 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Mark\Application Data\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\VCRedist\redist32.exe
[2007/02/13 03:10:44 | 003,161,088 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Mark\Application Data\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\VCRedist\redist64.exe

< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/10/20 07:34:56 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/09/17 06:44:35 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/10/20 07:34:56 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/09/17 06:44:35 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 18:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 18:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 18:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 06:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2002/08/29 12:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004/10/20 07:34:56 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/09/17 06:44:35 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2002/08/29 12:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp1.cab:atapi.sys
[2004/10/20 07:34:56 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/09/17 06:44:35 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 18:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 18:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2004/08/04 05:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2002/10/24 14:59:48 | 000,087,040 | ---- | M] (Microsoft Corporation) MD5=F1D915C3870E741D83B5142F3B358761 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[2008/04/13 18:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 00:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/14 00:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 00:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 07:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 00:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/14 00:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 00:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 07:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 07:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 00:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/14 00:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 00:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2010/01/05 10:00:20 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2010/01/05 10:00:21 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[27 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\services.exe:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\dfrg.msc:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Mark\~:SummaryInformation
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\system32\Samsung_USB_Drivers\4:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\system32\Samsung_USB_Drivers\3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\system32\Samsung_USB_Drivers\2:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\system32\Samsung_USB_Drivers\1:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\System32\Samsung_USB_Drivers:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\B_32846:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\system32\ReinstallBackups\0015:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\system32\ReinstallBackups\0014:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\system32\ReinstallBackups\0013:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\ie7updates\KB928090-IE7\spuninst:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\ie7updates\KB928090-IE7:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB931836$\spuninst:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB931836$:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB928843$\spuninst:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB928843$:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB928255$\spuninst:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB928255$:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB927802$\spuninst:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB927802$:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB927779$\spuninst:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB927779$:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB926436$\spuninst:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB926436$:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB924667$\spuninst:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB924667$:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB923723$\spuninst:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB923723$:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB918118$\spuninst:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB918118$:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$hf_mig$\KB931836\update:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$hf_mig$\KB931836:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$hf_mig$\KB928843\update:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$hf_mig$\KB928843:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$hf_mig$\KB928255\update:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$hf_mig$\KB928255:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$hf_mig$\KB927802\update:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$hf_mig$\KB927802:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$hf_mig$\KB927779\update:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$hf_mig$\KB927779:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$hf_mig$\KB926436\update:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$hf_mig$\KB926436:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$hf_mig$\KB918118\update:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\$hf_mig$\KB918118:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Mark\My Documents\St Mary's.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Mark\My Documents\Slideshow.dmsm:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Mark\My Documents\Roxio:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Mark\My Documents\Productions:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Mark\My Documents\cat2.gif:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Mark\My Documents\cat.gif:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Mark\My Documents\beta204.gif:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Mark\My Documents\beta198.gif:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Mark\My Documents\beta159.gif:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Mark\My Documents\beta156.gif:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Mark\My Documents\1497523024465caee5969e0.gif:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Mark\Desktop\Rank1VsDaBuzz.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Mark\Application Data\GlobalSCAPE:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Mark\Application Data\DivX:Roxio EMC Stream
< End of report >




OTL Extras logfile created on: 12/02/2010 06:35:22 - Run 2
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Mark\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 53.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.95 Gb Total Space | 11.81 Gb Free Space | 42.26% Space Free | Partition Type: NTFS
Drive D: | 83.84 Gb Total Space | 13.63 Gb Free Space | 16.25% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive O: | 232.83 Gb Total Space | 25.37 Gb Free Space | 10.90% Space Free | Partition Type: FAT32

Computer Name: YOUR-6R7DO13OX4
Current User Name: Mark
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [UsePrintFolders] -- "C:\Program Files\PrintFolders\PrintFolders.exe" "%1" (Stratopoint Software)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Real\RealOne Player\realplay.exe" = C:\Program Files\Real\RealOne Player\realplay.exe:*:Enabled:RealOne Player -- (RealNetworks, Inc.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0E3F1A40-3104-4C76-8A2D-2CC2ED414BD1}" = ISP Selector
"{0F0447B4-6DDD-4831-933A-1EDF52091150}" = SnagIt 8
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18A5DFF2-8A95-49F3-873F-743CB5549F3D}" = Canon ScanGear Starter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1B683082-8791-4D00-8ADE-6C8986FCCC68}" = Roxio CinePlayer
"{1D057E97-A116-4BF9-B307-83C3FBD86515}" = VAIO Clock Screen Saver
"{1EB317D8-8945-4FD6-B37F-DF470317C6AB}" = VAIO Media 2.5
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2366D960-F00F-11D3-99D3-00C04FCCB775}" = VAIO System Information
"{23B72D50-1C7E-491C-8086-9E060051D316}" = Manual CanoScan LiDE 60
"{27337663-2619-11D4-99DC-0000F49094C7}" = Memory Stick Formatter
"{29F61465-428A-11D4-B646-00C04F790F76}" = DVgate
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2F151B50-B434-4838-B51D-70442EBA093E}" = OpenMG Secure Module 4.1.00
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3147661C-2807-49EC-B971-3B0F23D95018}" = VAIO DeepSea Wallpaper
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B24B725-D81F-442D-8CE5-2AF05A4A4CC9}" = Music Visualizer Library 1.4.00
"{3E67A8DA-FE7B-4160-8465-F5571EA18753}" = Roxio Disc Gallery
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{45EBDA59-D33B-433A-956E-B2F236468B56}" = MUSICMATCH® Jukebox
"{49FA793C-785E-47E9-93DF-BD442B0B45D1}" = McAfee Virtual Technician
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4D1D6640-CD43-4AD9-A52F-E48265DB28E0}" = VAIO BrightColor Wallpaper
"{4F5CE18C-D97D-48FF-A510-A0D90C918294}" = iTunes
"{51C91B84-7B46-4FE7-8999-8228CFA75F89}" = Intel® Integrated Performance Primitives RTI 4.0
"{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}" = InterVideo DeviceService
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5DA7BC15-18D3-41A0-9F59-838DA3EAEF17}" = EPSON Easy Photo Print
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{624EA87E-9946-4DFF-8A3F-9C8346A185D3}" = PrintFolders 2.2
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{668B1BD6-4593-4959-970E-249AFFE6F35C}" = VOR
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6990A2BF-D1D2-11D3-81BC-00609789C908}" = Sony DV Shared Library
"{6AF90EF6-F7F9-466C-99F4-1774826FBB40}" = Symantec Network Driver Update
"{7128C69B-8F7E-4336-8698-3FD3CDD955EC}" = VAIO Media Redistribution 2.5
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{761C9026-14F0-4352-8658-934558272404}" = VAIO Edit Components LE
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}" = OmniPage SE 2.0
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C2F71B2-6C73-11D6-B659-00C04F790F76}" = Click to DVD 1.2
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{870815CA-6B60-47B6-88DD-A67F42D2F03E}" = GPL MPEG-1/2 DirectShow Decoder Filter
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Roxio CinePlayer Decoder Pack
"{8F7A5681-EE36-459C-B2F4-82CF5768A5B7}" = Recovery for Works
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90535871-81B9-4D99-8A13-A7EE97F2D7FE}" = Bluetooth Software
"{93B80FB1-7A23-11D3-B250-00105A1F4184}" =
"{9A9A1828-31D1-4590-A99F-022B7237AFAE}" = Roxio MediaShare
"{9E78C42C-4FF9-4F41-BBC4-BF872606E79D}_is1" = Driver Robot 1.1.0.14
"{9EE54C1F-FC99-44D6-916A-0CA2D45E740F}" = Digimax Viewer 2.1
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 3.0
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A351224F-533A-4EED-89F4-0BF3417FD31D}" = WD Backup
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5C209B1-8DDB-4642-A573-375B951514CB}" = Apple Mobile Device Support
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BF83EFE2-C9F0-40D4-841C-2066668C1D7A}" = Roxio Easy Media Creator 10 Suite
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C46B4678-0F42-4791-9D19-BE01BB3DD358}" = Roxio Easy DVD Copy
"{C797EAF2-707A-4239-BDF3-F2672314A734}" = First Step Guide
"{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}" = Canon CanoScan Toolbox 4.9
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CCAC48E4-4B4D-43CB-ABB5-E817E39873B3}" = VAIO Media Setup 2.5
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DDC146FA-73E0-4FA1-A353-841EA14BF600}" = Drag'n Drop CD+DVD
"{DF0DD6E9-F673-4466-8353-70B50A506FD9}" = VAIO Media Platform 2.5
"{DF666EE1-ED85-440E-A3B7-951C51C82310}" = VAIO Media Photo Server 2.5
"{DF733005-0F40-11D6-9254-0000F460E7A9}" = VAIO Media Music Server 2.5
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}" = Uniblue RegistryBooster 2009
"{E86BC406-944E-41F6-ADE6-2C136734C96B}" = EPSON File Manager
"{EA9FAF16-0E5C-42C4-9742-9AF8D5F6D69B}" = ATI Catalyst Control Center
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}" = VideoStudio
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"{FD04987D-96A6-4FE1-813B-82B77B8B809C}" = EPSON PRINT Image Framer Tool
"{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}" = EPSON Print CD
"3GP Video Converter 3" = 3GP Video Converter 3
"Acoustica CD/DVD Label Maker" = Acoustica CD/DVD Label Maker
"Acoustica Effects Pack" = Acoustica Effects Pack
"Acoustica Mixcraft 4.1" = Acoustica Mixcraft 4.1
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0
"Adobe Premiere 6 LE" = Adobe Premiere 6 LE
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"AVS VideoConverter 2.7_is1" = AVS VideoConverter 2.7.5.122
"Canon PhotoStitch 3.1" = Canon Utilities PhotoStitch 3.1
"CCleaner" = CCleaner
"dBpowerAMP CD Writer" = dBpowerAMP CD Writer
"dBpowerAMP FLAC Codec" = dBpowerAMP FLAC Codec
"dBpowerAMP Mp4 Codec" = dBpowerAMP Mp4 Codec
"dBpowerAMP Music Converter" = dBpowerAMP Music Converter
"dBpowerAMP Ogg Vorbis Codec" = dBpowerAMP Ogg Vorbis Codec
"dBpoweramp WavPack Codec" = dBpoweramp WavPack Codec
"dBpowerAMP WMA V9 Codec" = dBpowerAMP WMA V9 Codec
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"dvdSanta 4.00 - Create Your Own DVD Movies!_is1" = dvdSanta 4.00
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-WebPrint" = Easy-WebPrint
"EPSON Printer and Utilities" = EPSON Printer Software
"ESPR320 Reference Guide" = ESPR320 Reference Guide
"FLVPlayer" = FLV Player 1.3.3
"GetASFStream" = GetASFStream
"GetRight" = GetRight
"GSpot" = GSpot Codec Information Appliance
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{0E3F1A40-3104-4C76-8A2D-2CC2ED414BD1}" = ISP Selector (English)
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{2F151B50-B434-4838-B51D-70442EBA093E}" = OpenMG Secure Module 4.1.00
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{668B1BD6-4593-4959-970E-249AFFE6F35C}" = VAIO Online Registration (English)
"InstallShield_{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}" = Ulead VideoStudio 11
"madonna_wa.zip" = madonna_wa.zip
"Magic DVD Ripper_is1" = Magic DVD Ripper V3.6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mp3_File_Editor_5" = Mp3 File Editor 5.11 (complete pack)
"MRW!UninstallKey" = InCD Reader
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Ahead Nero Burning ROM
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"Office8.0" = Microsoft Office 97, Professional Edition
"OpenMG HotFix4.1-05-13-31-01" = OpenMG Limited Patch 4.1-05-13-31-01
"PhotoRecord" = Canon PhotoRecord
"PROSet" = Intel® PRO Network Adapters and Drivers
"RealPlayer 6.0" = RealOne Player
"Roxio UDF Reader" = Roxio UDF Reader
"SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SoundCapture" = SoundCapture
"SUPER ©" = SUPER © Version 2009.bld.35 (Jan 5, 2009)
"Super Screen Capture_is1" = Super Screen Capture 2.6
"Uniblue RegistryBooster 2009" = Uniblue RegistryBooster 2009
"VLC media player" = VideoLAN VLC media player 0.7.2
"Vodafone 804SS USB driver" = Vodafone 804SS USB driver Software
"Winamp" = Winamp (remove only)
"WinAVI VideoConverter_is1" = WinAVI VideoConverter
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinPcapInst" = WinPcap 3.1
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WM Recorder 11.0" = WM Recorder 11.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xvid_is1" = Xvid 1.2.2 final uninstall
"ZoomBrowserEXDeInstall" = Canon Utilities ZoomBrowser EX

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-647083260-3608435521-1528902028-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 09/01/2010 07:42:37 | Computer Name = YOUR-6R7DO13OX4 | Source = Application Error | ID = 1000
Description = Faulting application wmplayer.exe, version 11.0.5721.5145, faulting
module wmp.dll, version 11.0.5721.5268, fault address 0x00171f42.

Error - 23/01/2010 21:44:48 | Computer Name = YOUR-6R7DO13OX4 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 1.1.1593.0,
P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.

Error - 23/01/2010 23:12:05 | Computer Name = YOUR-6R7DO13OX4 | Source = Application Error | ID = 1000
Description = Faulting application driverrobot.exe, version 1.1.0.14, faulting module
msvcr90.dll, version 9.0.21022.8, fault address 0x0003ac58.

Error - 25/01/2010 12:50:30 | Computer Name = YOUR-6R7DO13OX4 | Source = Application Error | ID = 1000
Description = Faulting application DevSvc.exe, version 1.0.0.1, faulting module
ksproxy.ax, version 5.3.2600.5512, fault address 0x0001ae5a.

Error - 25/01/2010 22:16:46 | Computer Name = YOUR-6R7DO13OX4 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 1.1.1593.0,
P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.

Error - 31/01/2010 14:37:33 | Computer Name = YOUR-6R7DO13OX4 | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\MARK\RECENT\RIT RAPIDSHARE.LNK>
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 31/01/2010 14:37:33 | Computer Name = YOUR-6R7DO13OX4 | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\MARK\RECENT\RIT RAPIDSHARE.LNK>
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 31/01/2010 22:18:45 | Computer Name = YOUR-6R7DO13OX4 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 1.1.1593.0,
P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.

Error - 02/02/2010 17:35:12 | Computer Name = YOUR-6R7DO13OX4 | Source = Application Error | ID = 1000
Description = Faulting application videowave10.exe, version 10.0.0.78, faulting
module mpeg2muxer.dll, version 10.0.0.47, fault address 0x00020f51.

Error - 02/02/2010 21:46:48 | Computer Name = YOUR-6R7DO13OX4 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 1.1.1593.0,
P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.

[ System Events ]
Error - 11/02/2010 02:31:26 | Computer Name = YOUR-6R7DO13OX4 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.100.11 for the Network Card with network
address 000C6EA129DA has been denied by the DHCP server 192.168.100.1 (The DHCP
Server sent a DHCPNACK message).

Error - 11/02/2010 03:29:02 | Computer Name = YOUR-6R7DO13OX4 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service ImapiService
with arguments "-Service" in order to run the server: {520CCA63-51A5-11D3-9144-00104BA11C5E}

Error - 11/02/2010 03:30:24 | Computer Name = YOUR-6R7DO13OX4 | Source = Cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom3.

Error - 11/02/2010 03:34:53 | Computer Name = YOUR-6R7DO13OX4 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service ImapiService
with arguments "-Service" in order to run the server: {520CCA63-51A5-11D3-9144-00104BA11C5E}

Error - 12/02/2010 02:27:13 | Computer Name = YOUR-6R7DO13OX4 | Source = Service Control Manager | ID = 7000
Description = The SessionLauncher service failed to start due to the following error:
%%3

Error - 12/02/2010 02:27:21 | Computer Name = YOUR-6R7DO13OX4 | Source = DCOM | ID = 10010
Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
with DCOM within the required timeout.

Error - 12/02/2010 02:27:21 | Computer Name = YOUR-6R7DO13OX4 | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.100.11
on the Network Card with network address 000C6EA129DA.

Error - 12/02/2010 02:27:54 | Computer Name = YOUR-6R7DO13OX4 | Source = DCOM | ID = 10010
Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
with DCOM within the required timeout.

Error - 12/02/2010 02:29:18 | Computer Name = YOUR-6R7DO13OX4 | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.100.11
on the Network Card with network address 000C6EA129DA.

Error - 12/02/2010 02:30:07 | Computer Name = YOUR-6R7DO13OX4 | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.100.11
on the Network Card with network address 000C6EA129DA.


< End of report >


#4 CicconeUK

CicconeUK
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 12 February 2010 - 02:54 PM

I've ran GMER a few times now and it doesn't seem to be leaving a log file. I just click scan and leave it to it and when I come back it's gone from the screen.

Before I click scan there's a list already in GMER, should I post that?

#5 CicconeUK

CicconeUK
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 12 February 2010 - 03:02 PM

MBR log

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys >>UNKNOWN [0x8A5028C8]<<
kernel: MBR read successfully
user & kernel MBR OK

Volume in drive C is VAIO
Volume Serial Number is 6C9B-D1CE

Directory of C:\QooBox

09/02/2010 11:24 <DIR> .
09/02/2010 11:24 <DIR> ..
09/02/2010 11:22 10,647 Add-Remove Programs.txt
09/02/2010 11:05 <DIR> BackEnv
09/02/2010 11:23 370 ComboFix-quarantined-files.txt
20/07/2009 13:39 14,495 ComboFix2.txt
09/02/2010 11:03 <DIR> Quarantine
09/02/2010 11:20 1,389,971 SnapShot@2010-02-09_11.19.38.dat
4 File(s) 1,415,483 bytes

Directory of C:\QooBox\BackEnv

09/02/2010 11:05 <DIR> .
09/02/2010 11:05 <DIR> ..
09/02/2010 11:05 340 appdata.folder.dat
09/02/2010 11:05 240 cache.folder.dat
09/02/2010 11:05 144 Cookies.folder.dat
09/02/2010 11:05 89 desktop.folder.dat
09/02/2010 11:05 199 favorites.folder.dat
09/02/2010 11:05 216 localappdata.folder.dat
09/02/2010 11:05 224 localsettings.folder.dat
09/02/2010 11:05 120 mypictures.folder.dat
09/02/2010 11:05 96 personal.folder.dat
09/02/2010 11:04 307 Profiles.Folder.dat
09/02/2010 11:05 429 Profiles.Folder.folder.dat
09/02/2010 11:05 239 programs.folder.dat
09/02/2010 11:04 5,770 SetPath.bat
09/02/2010 11:05 148 startmenu.folder.dat
09/02/2010 11:05 201 startup.folder.dat
09/02/2010 11:04 2,054 SysPath.dat
09/02/2010 11:05 93 templates.folder.dat
17 File(s) 10,909 bytes

Directory of C:\QooBox\Quarantine

09/02/2010 11:03 <DIR> .
09/02/2010 11:03 <DIR> ..
04/10/2009 07:56 <DIR> C
09/02/2010 11:03 51 catchme.log
09/02/2010 11:21 <DIR> Registry_backups
1 File(s) 51 bytes

Directory of C:\QooBox\Quarantine\C

04/10/2009 07:56 <DIR> .
04/10/2009 07:56 <DIR> ..
04/10/2009 07:56 <DIR> Documents and Settings
04/10/2009 07:56 <DIR> WINDOWS
0 File(s) 0 bytes

Directory of C:\QooBox\Quarantine\C\Documents and Settings

04/10/2009 07:56 <DIR> .
04/10/2009 07:56 <DIR> ..
04/10/2009 07:56 <DIR> Mark
0 File(s) 0 bytes

Directory of C:\QooBox\Quarantine\C\Documents and Settings\Mark

04/10/2009 07:56 <DIR> .
04/10/2009 07:56 <DIR> ..
04/10/2009 07:56 <DIR> Application Data
04/10/2009 07:56 <DIR> Local Settings
0 File(s) 0 bytes

Directory of C:\QooBox\Quarantine\C\Documents and Settings\Mark\Application Data

04/10/2009 07:56 <DIR> .
04/10/2009 07:56 <DIR> ..
0 File(s) 0 bytes

Directory of C:\QooBox\Quarantine\C\Documents and Settings\Mark\Local Settings

04/10/2009 07:56 <DIR> .
04/10/2009 07:56 <DIR> ..
04/10/2009 07:56 <DIR> Temporary Internet Files
0 File(s) 0 bytes

Directory of C:\QooBox\Quarantine\C\Documents and Settings\Mark\Local Settings\Temporary Internet Files

04/10/2009 07:56 <DIR> .
04/10/2009 07:56 <DIR> ..
0 File(s) 0 bytes

Directory of C:\QooBox\Quarantine\C\WINDOWS

04/10/2009 07:56 <DIR> .
04/10/2009 07:56 <DIR> ..
04/10/2009 07:56 <DIR> Installer
09/02/2010 11:14 <DIR> system32
0 File(s) 0 bytes

Directory of C:\QooBox\Quarantine\C\WINDOWS\Installer

04/10/2009 07:56 <DIR> .
04/10/2009 07:56 <DIR> ..
0 File(s) 0 bytes

Directory of C:\QooBox\Quarantine\C\WINDOWS\system32

09/02/2010 11:14 <DIR> .
09/02/2010 11:14 <DIR> ..
04/10/2009 07:56 <DIR> drivers
09/02/2010 11:14 <DIR> spool
0 File(s) 0 bytes

Directory of C:\QooBox\Quarantine\C\WINDOWS\system32\drivers

04/10/2009 07:56 <DIR> .
04/10/2009 07:56 <DIR> ..
0 File(s) 0 bytes

Directory of C:\QooBox\Quarantine\C\WINDOWS\system32\spool

09/02/2010 11:14 <DIR> .
09/02/2010 11:14 <DIR> ..
09/02/2010 11:14 <DIR> prtprocs
0 File(s) 0 bytes

Directory of C:\QooBox\Quarantine\C\WINDOWS\system32\spool\prtprocs

09/02/2010 11:14 <DIR> .
09/02/2010 11:14 <DIR> ..
09/02/2010 11:14 <DIR> w32x86
0 File(s) 0 bytes

Directory of C:\QooBox\Quarantine\C\WINDOWS\system32\spool\prtprocs\w32x86

09/02/2010 11:14 <DIR> .
09/02/2010 11:14 <DIR> ..
05/02/2010 23:34 153,600 00005fa4.tmp.vir
1 File(s) 153,600 bytes

Directory of C:\QooBox\Quarantine\Registry_backups

09/02/2010 11:21 <DIR> .
09/02/2010 11:21 <DIR> ..
09/02/2010 11:13 9,280 tcpip.reg
1 File(s) 9,280 bytes

Total Files Listed:
24 File(s) 1,589,323 bytes
50 Dir(s) 12,607,094,784 bytes free

#6 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:13 AM

Posted 12 February 2010 - 03:07 PM

Hello,

Please do this...
  1. Post the initial Gmer list!!
  2. Close Gmer
  3. Please download DeFogger to your desktop.
    Double click DeFogger to run the tool.
    • The application window will appear
    • Click the Disable button to disable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger will now ask to reboot the machine - click OK
    IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.
    Do not re-enable these drivers until otherwise instructed.
    QUOTE
    To re-enable your Emulation drivers, double click DeFogger to run the tool.
    • The application window will appear
    • Click the Re-enable button to re-enable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger will now ask to reboot the machine - click OK
    IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.
    Your Emulation drivers are now re-enabled.
  4. Re-run Gmer
  5. If it fails again do this...
  6. Please re-open Gmer and uncheck "Devices". Now try to run it again and let me know if you have problems.
    thumbup2.gif

Thanks,
~ t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#7 CicconeUK

CicconeUK
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 12 February 2010 - 04:59 PM

This is the GMER log. My pc kept rebooting and freezing.
Windows defender said I had the Alureon virus.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-02-12 21:42:59
Windows 5.1.2600 Service Pack 3
Running: 761vr56o.exe; Driver: C:\DOCUME~1\Mark\LOCALS~1\Temp\awpyapow.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xAD00A78A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xAD00A821]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xAD00A738]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xAD00A74C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xAD00A835]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xAD00A861]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xAD00A8CF]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xAD00A8B9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xAD00A7CA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xAD00A8FB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xAD00A80D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xAD00A710]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xAD00A724]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xAD00A79E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xAD00A937]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xAD00A8A3]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xAD00A88D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xAD00A84B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xAD00A923]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xAD00A90F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xAD00A776]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xAD00A762]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xAD00A877]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xAD00A7F9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xAD00A8E5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xAD00A7E0]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xAD00A7B4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs InCDrec.SYS (InCD File System Recognizer/Nero AG)
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat InCDrec.SYS (InCD File System Recognizer/Nero AG)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----


#8 CicconeUK

CicconeUK
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 12 February 2010 - 05:07 PM

Defogger didn't ask me to reboot.
This is the log file.

defogger_disable by jpshortstuff (29.01.10.1)
Log created at 22:04 on 12/02/2010 (Mark)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

#9 CicconeUK

CicconeUK
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 12 February 2010 - 05:17 PM

This is the second GMER log -

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-02-12 22:10:27
Windows 5.1.2600 Service Pack 3
Running: 761vr56o.exe; Driver: C:\DOCUME~1\Mark\LOCALS~1\Temp\awpyapow.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xAD0E678A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xAD0E6821]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xAD0E6738]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xAD0E674C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xAD0E6835]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xAD0E6861]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xAD0E68CF]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xAD0E68B9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xAD0E67CA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xAD0E68FB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xAD0E680D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xAD0E6710]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xAD0E6724]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xAD0E679E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xAD0E6937]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xAD0E68A3]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xAD0E688D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xAD0E684B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xAD0E6923]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xAD0E690F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xAD0E6776]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xAD0E6762]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xAD0E6877]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xAD0E67F9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xAD0E68E5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xAD0E67E0]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xAD0E67B4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs InCDrec.SYS (InCD File System Recognizer/Nero AG)
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat InCDrec.SYS (InCD File System Recognizer/Nero AG)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----


#10 CicconeUK

CicconeUK
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 12 February 2010 - 05:21 PM

I just wanted to add, since I downloaded GMER my pc has frozen and rebooted a few times.

#11 CicconeUK

CicconeUK
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 12 February 2010 - 05:29 PM

It's late now so I have to go buy I'll check back tomorrow.
Thanks again! smile.gif

#12 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:13 AM

Posted 12 February 2010 - 05:32 PM

Hello,
Your welcome. thumbup2.gif

QUOTE
Windows defender said I had the Alureon virus.

Indeed you do! Let's fix that.

We need to disable Spybot S&D's "TeaTimer"
TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.
  1. Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  2. If prompted with a legal dialog, accept the warning.
  3. Click and then on "Advanced Mode"
  4. You may be presented with a warning dialog. If so, press
  5. Click on
  6. Click on
  7. Uncheck this checkbox:
  8. Close/Exit Spybot Search and Destroy

After you disabled Teatimer, download ResetTeaTimer.exe to your desktop.
Then run ResetTeaTimer.exe.
This will only take a few seconds.

==========

We need to run an OTL Fix
  1. Please reopen on your desktop.
  2. Copy and Paste the following code into the textbox. Do not include the word "Code"
    CODE
    :OTL
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O15 - HKLM\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
    O15 - HKU\.DEFAULT\..Trusted Domains: sony-europe.com ([] in Local intranet)
    O15 - HKU\.DEFAULT\..Trusted Domains: sony-europe.com ([]* in Trusted sites)
    O15 - HKU\.DEFAULT\..Trusted Domains: sonystyle-europe.com ([] in Local intranet)
    O15 - HKU\.DEFAULT\..Trusted Domains: sonystyle-europe.com ([]* in Trusted sites)
    O15 - HKU\.DEFAULT\..Trusted Domains: vaio-link.com ([] in Local intranet)
    O15 - HKU\.DEFAULT\..Trusted Domains: vaio-link.com ([]* in Trusted sites)
    O15 - HKU\.DEFAULT\..Trusted Domains: 56 domain(s) and sub-domain(s) not assigned to a zone.
    O15 - HKU\S-1-5-18\..Trusted Domains: sony-europe.com ([] in Local intranet)
    O15 - HKU\S-1-5-18\..Trusted Domains: sony-europe.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: sonystyle-europe.com ([] in Local intranet)
    O15 - HKU\S-1-5-18\..Trusted Domains: sonystyle-europe.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: vaio-link.com ([] in Local intranet)
    O15 - HKU\S-1-5-18\..Trusted Domains: vaio-link.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: 56 domain(s) and sub-domain(s) not assigned to a zone.
    O15 - HKU\S-1-5-21-647083260-3608435521-1528902028-1005\..Trusted Domains: facebook.com ([www] http in Trusted sites)
    O15 - HKU\S-1-5-21-647083260-3608435521-1528902028-1005\..Trusted Domains: free.fr ([gpl.download] https in Trusted sites)
    O15 - HKU\S-1-5-21-647083260-3608435521-1528902028-1005\..Trusted Domains: internet ([]about in Trusted sites)
    O15 - HKU\S-1-5-21-647083260-3608435521-1528902028-1005\..Trusted Domains: madonnafanzine.com ([www] https in Trusted sites)
    O15 - HKU\S-1-5-21-647083260-3608435521-1528902028-1005\..Trusted Domains: madonnatribe.net ([www] https in Trusted sites)
    O15 - HKU\S-1-5-21-647083260-3608435521-1528902028-1005\..Trusted Domains: mcafee.com ([]http in Trusted sites)
    O15 - HKU\S-1-5-21-647083260-3608435521-1528902028-1005\..Trusted Domains: mcafee.com ([]https in Trusted sites)
    O15 - HKU\S-1-5-21-647083260-3608435521-1528902028-1005\..Trusted Domains: megaupload.com ([www] http in Trusted sites)
    O15 - HKU\S-1-5-21-647083260-3608435521-1528902028-1005\..Trusted Domains: sony-europe.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-647083260-3608435521-1528902028-1005\..Trusted Domains: sonystyle-europe.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-647083260-3608435521-1528902028-1005\..Trusted Domains: vaio-link.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-647083260-3608435521-1528902028-1005\..Trusted Domains: 61 domain(s) and sub-domain(s) not assigned to a zone.
    O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
    O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
    [27 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [12 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    @Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\services.exe:SummaryInformation
    @Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\dfrg.msc:SummaryInformation
    @Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Mark\~:SummaryInformation
    @Alternate Data Stream - 76 bytes -> C:\WINDOWS\system32\Samsung_USB_Drivers\4:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\WINDOWS\system32\Samsung_USB_Drivers\3:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\WINDOWS\system32\Samsung_USB_Drivers\2:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\WINDOWS\system32\Samsung_USB_Drivers\1:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\WINDOWS\System32\Samsung_USB_Drivers:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\B_32846:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\WINDOWS\system32\ReinstallBackups\0015:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\WINDOWS\system32\ReinstallBackups\0014:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\WINDOWS\system32\ReinstallBackups\0013:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\WINDOWS\ie7updates\KB928090-IE7\spuninst:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\WINDOWS\ie7updates\KB928090-IE7:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB931836$\spuninst:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB931836$:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB928843$\spuninst:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB928843$:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB928255$\spuninst:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB928255$:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB927802$\spuninst:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB927802$:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB927779$\spuninst:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB927779$:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB926436$\spuninst:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB926436$:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB924667$\spuninst:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB924667$:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB923723$\spuninst:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB923723$:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB918118$\spuninst:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\WINDOWS\$NtUninstallKB918118$:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\WINDOWS\$hf_mig$\KB931836\update:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\WINDOWS\$hf_mig$\KB931836:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\WINDOWS\$hf_mig$\KB928843\update:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\WINDOWS\$hf_mig$\KB928843:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\WINDOWS\$hf_mig$\KB928255\update:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\WINDOWS\$hf_mig$\KB928255:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\WINDOWS\$hf_mig$\KB927802\update:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\WINDOWS\$hf_mig$\KB927802:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\WINDOWS\$hf_mig$\KB927779\update:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\WINDOWS\$hf_mig$\KB927779:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\WINDOWS\$hf_mig$\KB926436\update:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\WINDOWS\$hf_mig$\KB926436:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\WINDOWS\$hf_mig$\KB918118\update:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\WINDOWS\$hf_mig$\KB918118:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Mark\My Documents\St Mary's.jpg:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Mark\My Documents\Slideshow.dmsm:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Mark\My Documents\Roxio:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Mark\My Documents\Productions:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Mark\My Documents\cat2.gif:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Mark\My Documents\cat.gif:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Mark\My Documents\beta204.gif:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Mark\My Documents\beta198.gif:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Mark\My Documents\beta159.gif:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Mark\My Documents\beta156.gif:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Mark\My Documents\1497523024465caee5969e0.gif:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Mark\Desktop\Rank1VsDaBuzz.mp3:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Mark\Application Data\GlobalSCAPE:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Mark\Application Data\DivX:Roxio EMC Stream

    :Files
    C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys /e
    C:\WINDOWS\system32\drivers\atapi.sys|c:\atapi.sys /replace

    :Reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    "DisableMonitoring"=-

    :Commands
    [resethosts]
    [emptytemp]
    [Reboot]

  3. Push
  4. OTL may ask to reboot the machine. Please do so if asked.
  5. Click .
  6. A report will open. Copy and Paste that report in your next reply.

==========

With your next post please provide:

* OTL fix log
* Are you still getting redirected?

Kind regards,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#13 CicconeUK

CicconeUK
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 13 February 2010 - 03:00 AM

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\msn.com\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony-europe.com\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony-europe.com\ not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sonystyle-europe.com\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sonystyle-europe.com\ not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\vaio-link.com\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\vaio-link.com\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony-europe.com\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony-europe.com\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sonystyle-europe.com\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sonystyle-europe.com\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\vaio-link.com\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\vaio-link.com\ not found.
Registry key HKEY_USERS\S-1-5-21-647083260-3608435521-1528902028-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\facebook.com\www\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-647083260-3608435521-1528902028-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free.fr\gpl.download\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-647083260-3608435521-1528902028-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\internet\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-647083260-3608435521-1528902028-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\madonnafanzine.com\www\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-647083260-3608435521-1528902028-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\madonnatribe.net\www\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-647083260-3608435521-1528902028-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-647083260-3608435521-1528902028-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee.com\ not found.
Registry key HKEY_USERS\S-1-5-21-647083260-3608435521-1528902028-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\megaupload.com\www\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-647083260-3608435521-1528902028-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony-europe.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-647083260-3608435521-1528902028-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sonystyle-europe.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-647083260-3608435521-1528902028-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\vaio-link.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-647083260-3608435521-1528902028-1005\\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\facebook.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-647083260-3608435521-1528902028-1005\\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\madonnafanzine.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-647083260-3608435521-1528902028-1005\\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\madonnatribe.net\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-647083260-3608435521-1528902028-1005\\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\megaupload.com\ deleted successfully.
File Animation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab not found.
Starting removal of ActiveX control DirectAnimation Java Classes
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\DirectAnimation Java Classes\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\System32\nsb13A.tmp deleted successfully.
C:\WINDOWS\System32\nsbB9.tmp deleted successfully.
C:\WINDOWS\System32\nscE0.tmp deleted successfully.
C:\WINDOWS\System32\nsd5AB.tmp deleted successfully.
C:\WINDOWS\System32\nse5AA.tmp deleted successfully.
C:\WINDOWS\System32\nsf136.tmp deleted successfully.
C:\WINDOWS\System32\nsg138.tmp deleted successfully.
C:\WINDOWS\System32\nsg13C.tmp deleted successfully.
C:\WINDOWS\System32\nshDE.tmp deleted successfully.
C:\WINDOWS\System32\nshE2.tmp deleted successfully.
C:\WINDOWS\System32\nsl139.tmp deleted successfully.
C:\WINDOWS\System32\nsmDF.tmp deleted successfully.
C:\WINDOWS\System32\nsq137.tmp deleted successfully.
C:\WINDOWS\System32\nsq13B.tmp deleted successfully.
C:\WINDOWS\System32\nsrBA.tmp deleted successfully.
C:\WINDOWS\System32\nsrDC.tmp deleted successfully.
C:\WINDOWS\System32\nsrDD.tmp deleted successfully.
C:\WINDOWS\System32\nsrE1.tmp deleted successfully.
C:\WINDOWS\System32\nss5AC.tmp deleted successfully.
C:\WINDOWS\System32\nswBB.tmp deleted successfully.
C:\WINDOWS\System32\SET4E.tmp deleted successfully.
C:\WINDOWS\System32\SET51.tmp deleted successfully.
C:\WINDOWS\System32\SET5E.tmp deleted successfully.
C:\WINDOWS\System32\SET60.tmp deleted successfully.
C:\WINDOWS\System32\SET6B.tmp deleted successfully.
C:\WINDOWS\System32\SET9B.tmp deleted successfully.
C:\WINDOWS\002368_.tmp deleted successfully.
C:\WINDOWS\005554_.tmp deleted successfully.
C:\WINDOWS\msdownld.tmp folder deleted successfully.
C:\WINDOWS\nct3C.tmp deleted successfully.
C:\WINDOWS\nct42.tmp deleted successfully.
C:\WINDOWS\nct44.tmp deleted successfully.
C:\WINDOWS\nct45.tmp deleted successfully.
C:\WINDOWS\nct46.tmp deleted successfully.
C:\WINDOWS\nct47.tmp deleted successfully.
C:\WINDOWS\nct48.tmp deleted successfully.
C:\WINDOWS\nct49.tmp deleted successfully.
C:\WINDOWS\nct55.tmp deleted successfully.
ADS C:\WINDOWS\System32\services.exe:SummaryInformation deleted successfully.
ADS C:\WINDOWS\System32\dfrg.msc:SummaryInformation deleted successfully.
ADS C:\Documents and Settings\Mark\~:SummaryInformation deleted successfully.
ADS C:\WINDOWS\system32\Samsung_USB_Drivers\4:Roxio EMC Stream deleted successfully.
ADS C:\WINDOWS\system32\Samsung_USB_Drivers\3:Roxio EMC Stream deleted successfully.
ADS C:\WINDOWS\system32\Samsung_USB_Drivers\2:Roxio EMC Stream deleted successfully.
ADS C:\WINDOWS\system32\Samsung_USB_Drivers\1:Roxio EMC Stream deleted successfully.
ADS C:\WINDOWS\System32\Samsung_USB_Drivers:Roxio EMC Stream deleted successfully.
ADS C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\B_32846:Roxio EMC Stream deleted successfully.
ADS C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles:Roxio EMC Stream deleted successfully.
ADS C:\WINDOWS\system32\ReinstallBackups\0015:Roxio EMC Stream deleted successfully.
ADS C:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles:Roxio EMC Stream deleted successfully.
ADS C:\WINDOWS\system32\ReinstallBackups\0014:Roxio EMC Stream deleted successfully.
ADS C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles:Roxio EMC Stream deleted successfully.
ADS C:\WINDOWS\system32\ReinstallBackups\0013:Roxio EMC Stream deleted successfully.
ADS C:\WINDOWS\ie7updates\KB928090-IE7\spuninst:Roxio EMC Stream deleted successfully.
ADS C:\WINDOWS\ie7updates\KB928090-IE7:Roxio EMC Stream deleted successfully.
ADS C:\WINDOWS\$NtUninstallKB931836$\spuninst:Roxio EMC Stream deleted successfully.
ADS C:\WINDOWS\$NtUninstallKB931836$:Roxio EMC Stream deleted successfully.
ADS C:\WINDOWS\$NtUninstallKB928843$\spuninst:Roxio EMC Stream deleted successfully.
ADS C:\WINDOWS\$NtUninstallKB928843$:Roxio EMC Stream deleted successfully.
ADS C:\WINDOWS\$NtUninstallKB928255$\spuninst:Roxio EMC Stream deleted successfully.
ADS C:\WINDOWS\$NtUninstallKB928255$:Roxio EMC Stream deleted successfully.
ADS C:\WINDOWS\$NtUninstallKB927802$\spuninst:Roxio EMC Stream deleted successfully.
ADS C:\WINDOWS\$NtUninstallKB927802$:Roxio EMC Stream deleted successfully.
ADS C:\WINDOWS\$NtUninstallKB927779$\spuninst:Roxio EMC Stream deleted successfully.
ADS C:\WINDOWS\$NtUninstallKB927779$:Roxio EMC Stream deleted successfully.
ADS C:\WINDOWS\$NtUninstallKB926436$\spuninst:Roxio EMC Stream deleted successfully.
ADS C:\WINDOWS\$NtUninstallKB926436$:Roxio EMC Stream deleted successfully.
ADS C:\WINDOWS\$NtUninstallKB924667$\spuninst:Roxio EMC Stream deleted successfully.
ADS C:\WINDOWS\$NtUninstallKB924667$:Roxio EMC Stream deleted successfully.
ADS C:\WINDOWS\$NtUninstallKB923723$\spuninst:Roxio EMC Stream deleted successfully.
ADS C:\WINDOWS\$NtUninstallKB923723$:Roxio EMC Stream deleted successfully.
ADS C:\WINDOWS\$NtUninstallKB918118$\spuninst:Roxio EMC Stream deleted successfully.
ADS C:\WINDOWS\$NtUninstallKB918118$:Roxio EMC Stream deleted successfully.
ADS C:\WINDOWS\$hf_mig$\KB931836\update:Roxio EMC Stream deleted successfully.
ADS C:\WINDOWS\$hf_mig$\KB931836:Roxio EMC Stream deleted successfully.
ADS C:\WINDOWS\$hf_mig$\KB928843\update:Roxio EMC Stream deleted successfully.
ADS C:\WINDOWS\$hf_mig$\KB928843:Roxio EMC Stream deleted successfully.
ADS C:\WINDOWS\$hf_mig$\KB928255\update:Roxio EMC Stream deleted successfully.
ADS C:\WINDOWS\$hf_mig$\KB928255:Roxio EMC Stream deleted successfully.
ADS C:\WINDOWS\$hf_mig$\KB927802\update:Roxio EMC Stream deleted successfully.
ADS C:\WINDOWS\$hf_mig$\KB927802:Roxio EMC Stream deleted successfully.
ADS C:\WINDOWS\$hf_mig$\KB927779\update:Roxio EMC Stream deleted successfully.
ADS C:\WINDOWS\$hf_mig$\KB927779:Roxio EMC Stream deleted successfully.
ADS C:\WINDOWS\$hf_mig$\KB926436\update:Roxio EMC Stream deleted successfully.
ADS C:\WINDOWS\$hf_mig$\KB926436:Roxio EMC Stream deleted successfully.
ADS C:\WINDOWS\$hf_mig$\KB918118\update:Roxio EMC Stream deleted successfully.
ADS C:\WINDOWS\$hf_mig$\KB918118:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Mark\My Documents\St Mary's.jpg:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Mark\My Documents\Slideshow.dmsm:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Mark\My Documents\Roxio:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Mark\My Documents\Productions:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Mark\My Documents\cat2.gif:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Mark\My Documents\cat.gif:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Mark\My Documents\beta204.gif:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Mark\My Documents\beta198.gif:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Mark\My Documents\beta159.gif:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Mark\My Documents\beta156.gif:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Mark\My Documents\1497523024465caee5969e0.gif:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Mark\Desktop\Rank1VsDaBuzz.mp3:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Mark\Application Data\GlobalSCAPE:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\Mark\Application Data\DivX:Roxio EMC Stream deleted successfully.
========== FILES ==========
atapi.sys extracted to C:\
Unable to replace file: C:\WINDOWS\system32\drivers\atapi.sys with c:\atapi.sys without a reboot.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\DisableMonitoring deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: Default User
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 65670 bytes

User: Mark
->Temp folder emptied: 2204383 bytes
->Temporary Internet Files folder emptied: 59013213 bytes
->Java cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 8064 bytes
->Temporary Internet Files folder emptied: 49286 bytes

User: Owner

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2187197 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 211206 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 61.00 mb


OTL by OldTimer - Version 3.1.28.0 log created on 02132010_074459

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\TMP00000007F423318EA89267DF not found!

Registry entries deleted on Reboot...




I'm still getting redirected.


I got a 'system has recovered from a serious error' message when the pc came back on.
I got a link to this page -
http://wer.microsoft.com/responses/Respons...a9-399ec1e05c5c

It asks me to download the latest device drivers, will that be ok to do?

#14 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:13 AM

Posted 13 February 2010 - 08:40 AM

Hello,

No. Do not download drivers. Your still infected. That is why the computer BSOD'd.

QUOTE
========== FILES ==========
atapi.sys extracted to C:\
Unable to replace file: C:\WINDOWS\system32\drivers\atapi.sys with c:\atapi.sys without a reboot.


It can be stubborn. We will get it fixed.

Do it like this please......

First....

Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text inside the code box below:

CODE
copy c:\atapi.sys C:\WINDOWS\system32\drivers\atapi.sys


Name the file as fix.txt, making sure save as type is set to " All Files ".
Save it to C:\ <--- Important!

==========

Write this down exactly as written. There is one space between batch and c:\....

batch c:\fix.txt
  1. Restart your computer
  2. Before Windows loads, you will be prompted to choose which Operating System to start
  3. Use the up and down arrow key to select Microsoft Windows Recovery Console
  4. You must enter which Windows installation to log onto. Type 1 and press enter.
  5. At the C:\Windows prompt, type the following bolded text, and press Enter:

    batch c:\fix.txt



  6. The command should then show 1 file(s) copied.
  7. At the next prompt type the following green bolded text, and press Enter:

    exit
Windows will now begin loading
Still Redirected?

Edited by thcbytes, 13 February 2010 - 10:17 AM.

Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#15 CicconeUK

CicconeUK
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 13 February 2010 - 09:44 AM

On part 6 what do I type?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users