Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

iexplore.exe + K4D0QTEx.exe trojan/virus


  • This topic is locked This topic is locked
21 replies to this topic

#1 redslime

redslime

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, IL, USA
  • Local time:03:31 PM

Posted 09 April 2010 - 09:46 AM

OS: Windows XP Media Center Edition SP3
Antivirus: Eset NOD32
Antimalware: Malwarebytes' Anti-Malware (real time protection enabled)
Antispyware: Spybot SD, Spyware Doctor
Trojan Removal software: Trojan Remover

My computer seems to be infected with a trojan that disguises itself as iexpore.exe, except it is not a process under a username, but rather under SYSTEM.
I've done much research and tried many different approaches but nothing seems to work to remove this.
Well what it does: It opens two "iexpore.exe" processes under SYSTEM in the task manager, and takes up alot of memory, brings up popup windows and audio ads. If i end either of the two processes, they run themselves again often within a minute.
However I have noticed they come along with a process called "K4D0QTEx.exe" I was able to track down that file to my C:/documents and settings/all users/application data folder as well as an accompanied file (sW3n8O10O.dat) There is also a very similarly named file in my Prefetch folder (contains the name, and alot of random text) If i end this process, it and the two iexplore.exe go away for sometimes a few minutes, sometimes hours, then suddenly reappear later.

I have tried scanning with the programs listed above, and none has detected anything.
I've searched for all traces of iexpore.exe and i've only found (seemingly) legitimate IE files located in their proper place. (all of which i scanned, finding no infections) None were in common residing places for infectious files such as system32.
I've concluded their source seems to be that weird K4D0QTE file, because of how they are connected when i end that process.


NOTE: right before posting this I have discovered something that looks suspiciously like another part of the infection. A process called "3DXgsW3B.com". i did a search and found it in my C:/WINDOWS/Fonts. There is also an accompanied file in the prefetch folder as there was with the other.

It also appears my rundll32.exe has been infected. It runs in my processes under my username which it never used to. It doesn't use much memory though. And yes, I checked the actual file and it has changed its icon into a 'page' icon.

EDIT: Today, my antivirus blocked the attacks upon booting my pc (i dont see why it hasnt done this before) and theyve been quarentined (but im sure theyll regenerate later like they keep doing whenever i tried to remove them). Anyways, I've discovered from NOD32 that they are "A variant of Win32/Kryptik.DPG trojan". Another thing to note is that my malwarebytes real-time protection is constantly blocking "potentially malicious websites" from several IP's ever since i updated it.

Thank you for reading this, and hopefully helping me solve this issue.
If I have missed any key information you need, please let me know. I hope I can find a solution here.
Here's my DDS log.


DDS (Ver_10-03-17.01) - NTFSx86
Run by User at 23:10:01.26 on Thu 04/08/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1406.732 [GMT -5:00]

AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Iconoid\iconoid.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox 3.6\firefox.exe
C:\Program Files\DAP\DAP.EXE
C:\Documents and Settings\User\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uStart Page = hxxp://search.speedbit.com
mSearchAssistant = hxxp://www.google.com/ie
mWinlogon: UIHost=c:\program files\tgtsoft\stylexp\logon\CurrentLogon.EXE
BHO: Yahoo! Companion BHO: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\compan~1\installs\cpn\YCOMP5~1.DLL
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: Internet Explorer Plugin: {f4f5b58a-d3a6-4f85-b3ef-5642e8937e6f} - nsfwj2.dll
BHO: DAPIELoader Class: {ff6c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~1\dap\DAPIEL~1.DLL
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: Yahoo! Companion: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\compan~1\installs\cpn\YCOMP5~1.DLL
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US
uRun: [Iconoid] "c:\program files\iconoid\iconoid.exe"
uRun: [igndlm.exe] c:\program files\download manager\DLM.exe /windowsstart /startifwork
uRun: [Google Update] "c:\documents and settings\user\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
uRun: [STYLEXP] c:\program files\tgtsoft\stylexp\StyleXP.exe -Hide
mRun: [ShowWnd] ShowWnd.exe
mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [Reminder] %WINDIR%\Creator\Remind_XP.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [LogonStudio] "c:\program files\wincustomize\logonstudio\logonstudio.exe" /RANDOM
StartupFolder: c:\docume~1\user\startm~1\programs\startup\yahoo!~1.lnk - c:\program files\yahoo!\widgets\YahooWidgets.exe
uPolicies-explorer: NoActiveDesktop = 1 (0x1)
IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\dap\dapextie.htm
IE: Download &all with DAP - c:\program files\dap\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - c:\program files\paltalk messenger\Paltalk.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1238871823806
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: gport_ - gport_.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {A794B62F-01A7-4F56-B1C7-4A568C1BECFF} - rundll32 nsfwj2.dll,laspi
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\8mwa2ci6.default\
FF - prefs.js: browser.search.selectedEngine - swagbucks.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\user\application data\mozilla\firefox\profiles\8mwa2ci6.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\user\application data\mozilla\firefox\profiles\8mwa2ci6.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\user\application data\mozilla\firefox\profiles\8mwa2ci6.default\extensions\cfxhelper@triton\components\dwmxpcom.dll
FF - component: c:\program files\dap\dapfirefox\components\DAPFireFox.dll
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\documents and settings\user\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\download manager\npfpdlm.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox 3.6\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\mozilla firefox 3.6\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox 3.6\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox 3.6\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox 3.6\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox 3.6\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox 3.6\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox 3.6\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox 3.6\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox 3.6\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox 3.6\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox 3.6\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox 3.6\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox 3.6\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox 3.6\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox 3.6\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox 3.6\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox 3.6\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox 3.6\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\mozilla firefox 3.6\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox 3.6\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox 3.6\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox 3.6\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox 3.6\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox 3.6\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox 3.6\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox 3.6\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox 3.6\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox 3.6\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox 3.6\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox 3.6\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox 3.6\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox 3.6\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox 3.6\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox 3.6\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox 3.6\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox 3.6\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox 3.6\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-4-4 64160]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-4-8 217032]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-2-6 106208]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-2-6 93336]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-4-8 112592]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-2-6 727720]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-4-5 55152]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-4-4 211216]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-4-4 19096]
S0 nielprt;Nielsen Patch Service;c:\windows\system32\drivers\nielprt.sys --> c:\windows\system32\drivers\nielprt.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-7-22 133104]
S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\user\locals~1\temp\alsysio.sys --> c:\docume~1\user\locals~1\temp\ALSysIO.sys [?]
S3 NielGfx;Nielsen USB GFX;c:\windows\system32\drivers\nielgfx.sys --> c:\windows\system32\drivers\nielgfx.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-4-8 366840]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-4-8 1142224]
S4 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]

=============== Created Last 30 ================

2010-04-09 04:03:50 20 ----a-w- c:\documents and settings\user\defogger_reenable
2010-04-09 01:31:40 71170 ----a-w- c:\docume~1\alluse~1\applic~1\K4D0QTEx.exe
2010-04-09 01:31:37 112 ----a-w- c:\docume~1\alluse~1\applic~1\sW3n8O10O.dat
2010-04-09 00:11:59 0 d-----w- c:\docume~1\user\applic~1\PC Tools
2010-04-09 00:11:59 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2010-04-09 00:11:56 0 d-----w- c:\docume~1\user\applic~1\Simply Super Software
2010-04-08 23:35:00 882 ----a-w- c:\windows\RegSDImport.xml
2010-04-08 23:35:00 879 ----a-w- c:\windows\RegISSImport.xml
2010-04-08 23:35:00 767952 ----a-w- c:\windows\BDTSupport.dll
2010-04-08 23:35:00 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-04-08 23:35:00 131 ----a-w- c:\windows\IDB.zip
2010-04-08 23:34:59 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-04-08 23:34:59 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-04-08 23:34:59 1152444 ----a-w- c:\windows\UDB.zip
2010-04-08 23:32:40 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2010-04-08 23:32:40 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-04-08 23:32:29 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-04-08 23:32:29 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2010-04-08 23:32:29 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2010-04-08 23:32:29 217032 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-04-08 23:32:19 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2010-04-08 23:32:19 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-04-08 23:32:04 0 d-----w- c:\program files\Spyware Doctor
2010-04-08 23:32:04 0 d-----w- c:\program files\common files\PC Tools
2010-04-08 19:36:30 60416 ----a-w- c:\windows\system32\klgd.bmp
2010-04-08 19:36:30 45568 ----a-w- c:\windows\system32\nsfwj2.dll
2010-04-08 19:36:30 3519 ----a-w- c:\windows\system32\krv
2010-04-08 11:20:38 0 ----a-w- c:\windows\system32\REN804F.tmp
2010-04-08 11:20:38 0 ----a-w- c:\windows\system32\REN804E.tmp
2010-04-08 11:20:38 0 ----a-w- c:\windows\system32\REN804D.tmp
2010-04-07 05:12:38 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-04-07 05:12:38 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-04-07 05:12:38 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-04-07 05:12:38 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-04-07 05:12:38 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2010-04-07 05:12:36 0 d-----w- c:\program files\Trojan Remover
2010-04-07 05:12:36 0 d-----w- c:\docume~1\alluse~1\applic~1\Simply Super Software
2010-04-07 03:23:11 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-04-06 08:41:58 5136 ----a-w- c:\windows\system32\gport_.dll
2010-04-05 00:28:06 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_nielprt_01007.Wdf
2010-04-05 00:28:03 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2010-04-05 00:27:55 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2010-04-05 00:27:36 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2010-03-30 14:24:24 0 d-----w- c:\windows\system32\Adobe
2010-03-28 23:03:10 24 ----a-w- c:\windows\LogonStudio.ini
2010-03-28 23:02:53 187392 ----a-w- c:\windows\system32\JPGUtils.dll
2010-03-28 23:02:52 0 d-----w- c:\program files\WinCustomize
2010-03-28 23:02:52 0 d-----w- c:\program files\common files\Stardock
2010-03-28 22:08:26 0 d-----w- c:\program files\FileSubmit
2010-03-28 21:27:07 209 --sha-r- C:\BOOT.BKK
2010-03-21 17:34:56 88 ----a-w- c:\windows\StyleBuilder.INI
2010-03-21 17:33:10 0 d-----w- c:\program files\TGTSoft
2010-03-21 04:24:16 0 d-----w- c:\program files\Yu-Gi-Oh
2010-03-20 23:59:38 0 d-----w- C:\magic
2010-03-17 04:11:43 0 d-----w- c:\program files\ConWare

==================== Find3M ====================

2010-04-09 00:12:01 6656 ----a-w- c:\windows\system32\drivers\cmdide.sys
2010-04-06 10:42:00 48128 ----a-w- c:\windows\fonts\3DXgsW3B.com
2010-03-28 23:27:38 2516 --sha-w- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys
2010-03-28 23:24:23 4232704 ----a-w- c:\windows\system32\logonuiX.exe
2010-03-10 12:06:36 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-03-10 12:06:36 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-02-25 06:24:37 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-04 16:01:14 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-02-04 16:01:14 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-02-04 16:01:14 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-02-04 16:01:14 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2009-07-29 10:52:05 192512 --sh--w- c:\windows\fonts\ICSharpCode.SharpZipLib.dll

============= FINISH: 23:11:47.25 ===============

Attached Files


Edited by Orange Blossom, 11 April 2010 - 04:07 PM.
Edited full log into post and removed reply post containing it. ~ OB


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:31 PM

Posted 12 April 2010 - 10:12 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\*. /mp /s
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 redslime

redslime
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, IL, USA
  • Local time:03:31 PM

Posted 12 April 2010 - 07:17 PM

Originally the problem was a process named 'K4D0QTEx', along with two iexpore.exe processes showing up in my process list even if i ended them.
However, soon after that, the process '3DXgsW3B.com' also started appearing. They were both taking up nearly all my memory and slowing down my computer vastly. The two iexplore.exe files kept bringing up popups and audio ads.

Later on my eset NOD32 antivirus detected these two files, and quarantined them (I don't know why it hadn't done this before). Following that, I quarantined three other files myself that i knew were associated with the infection. Their locations are as follows:
C:\WINDOWS\Prefetch\3DXGSW3B.COM-348FCD9F.pf - quarantined manually
C:\WINDOWS\Prefetch\K4D0QTEX.EXE-3434B8BA.pf - quarantined manually
C:\WINDOWS\Documents and Settings\All Users\Application Data\sW3n8O10O.dat - quarantined manually
C:\WINDOWS\Documents and Settings\All Users\Application Data\K4D0QTEx.exe - quarantined by eset NOD32: reason 'a variant of Win32/Kryptik.DPG trojan
C:\WINDOWS\Fonts\3DXgsW3B.com - quarantined by eset NOD32: reason 'a variant of Win32/Kryptik.DPG trojan


After I did this, the processes stopped appearing (and they still have not reappeared or regenerated). However a new problem had arisen. Now two things happened:
1. my malwarebytes' anti-malware real-time protection is constantly blocking malicious websites from several IP's, both when i use a web browser and when i am not.
2. rundll.exe has started running in my processes, as well as two 'dllhost.exe' files. When I end one of the dllhost.exe files, it always comes back within 1 second.


And now that I turned on my computer today, another problem has arisen. Eset NOD32 is now also blocking malicious websites whenever i use my web browser (Firefox 3.6). A great number of pages don't work. I recieve 3 red notifications that a malicious site has been blocked, then my browser crashes (fortunately this site still works) It seems to affect any sort of search engines the most.

Right now as we speak, I checked my prefetch folder and found several files starting with 'rundll' and 'dllhost' so I quarantined them. I have yet to see the results of this.

In addition, something of note is, my wireless connection has started dropping the connection to my router at a much much higher rate then it used to (about 5 times a day). And another thing: When I used my firefox (before today) i would time-to-time, get a pop-up tab on firefox which I never used to.

UPDATE: it appears i cannot post on my infected pc. i get a 'connection resetted' error. So now i am posting this using a different pc.

For now, here are my two reports with OTL:

OTL logfile created on: 4/12/2010 6:14:21 PM - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\User\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 40.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 182.10 Gb Total Space | 8.38 Gb Free Space | 4.60% Space Free | Partition Type: NTFS
Drive D: | 4.20 Gb Total Space | 0.99 Gb Free Space | 23.62% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BLUE
Current User Name: User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/12 18:13:40 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
PRC - [2010/04/02 16:10:52 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox 3.6\firefox.exe
PRC - [2010/03/30 00:46:14 | 000,303,952 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/03/30 00:46:12 | 000,437,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2010/03/08 16:04:49 | 003,972,440 | ---- | M] (AOL Inc.) -- C:\Program Files\AIM\aim.exe
PRC - [2010/02/28 08:42:56 | 002,815,488 | ---- | M] (SpeedBit Ltd.) -- C:\Program Files\DAP\DAP.exe
PRC - [2010/01/22 09:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/04/04 14:49:42 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2009/02/06 14:23:36 | 000,727,720 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2009/02/06 14:23:12 | 002,021,400 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/18 19:31:20 | 004,736,986 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
PRC - [2007/09/17 09:19:14 | 000,147,456 | ---- | M] (Lime Wire, LLC) -- C:\My Backup -- 28-07-08 1412\Program Files\LimeWire\LimeWire.exe
PRC - [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007/02/03 18:38:24 | 000,277,504 | ---- | M] (SillySot Software) -- C:\Program Files\Iconoid\iconoid.exe
PRC - [2006/10/18 21:46:20 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmplayer.exe
PRC - [2006/05/24 13:31:39 | 001,372,160 | ---- | M] () -- C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
PRC - [2006/05/24 13:31:06 | 000,372,736 | ---- | M] () -- C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe


========== Modules (SafeList) ==========

MOD - [2010/04/12 18:13:40 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
MOD - [2010/02/26 08:16:18 | 000,154,160 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\smum32.dll
MOD - [2009/10/30 11:18:16 | 000,147,024 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\PCTGMhk.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/03/30 00:46:14 | 000,303,952 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/03/15 12:50:36 | 001,142,224 | ---- | M] (PC Tools) [Auto | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010/03/11 12:09:22 | 000,366,840 | ---- | M] (PC Tools) [Auto | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2010/01/22 09:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/04/04 14:49:42 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/03/15 16:37:00 | 002,804,788 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2009/02/06 18:08:58 | 000,533,360 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/02/06 14:27:06 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/02/06 14:23:36 | 000,727,720 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2006/05/24 13:31:06 | 000,372,736 | ---- | M] () [Auto | Running] -- C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe -- (StyleXPService)


========== Driver Services (SafeList) ==========

DRV - [2010/04/11 20:36:05 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/03/10 11:36:36 | 000,217,032 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/07/22 14:13:20 | 000,028,592 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
DRV - [2009/07/19 18:55:50 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/05/01 16:03:38 | 000,009,464 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2009/05/01 16:03:38 | 000,009,336 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2009/03/09 14:06:56 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/03/09 05:03:24 | 000,121,984 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2009/02/06 18:08:42 | 000,055,152 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/02/06 14:24:24 | 000,093,336 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2009/02/06 14:23:18 | 000,106,208 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/02/06 14:19:52 | 000,113,448 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2008/04/13 13:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/04/16 22:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2006/02/21 21:46:26 | 001,505,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/10/31 16:44:39 | 000,010,880 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | System | Running] -- C:\Program Files\TGTSoft\StyleXP\StyleXPHelper.exe -- (StyleXPHelper)
DRV - [2005/07/22 12:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/22 12:01:10 | 000,231,168 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2005/07/22 12:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/12/02 00:40:08 | 002,300,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/11/15 20:41:54 | 000,036,804 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sunkfilt.sys -- (SunkFilt)
DRV - [2004/08/10 14:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
DRV - [2004/08/04 00:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/06/17 17:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/06/04 14:12:10 | 000,379,488 | ---- | M] (NETGEAR, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wg111nd5.sys -- (wg111nd5)
DRV - [2001/08/17 23:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 23:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 23:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 23:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 23:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 22:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 22:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 22:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 22:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 22:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 22:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 22:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 22:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 22:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 15:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-14370713-637039518-2802728689-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.speedbit.com
IE - HKU\S-1-5-21-14370713-637039518-2802728689-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-14370713-637039518-2802728689-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 142.150.238.12:3127

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "swagbucks.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.11
FF - prefs.js..extensions.enabledItems: cfxHelper@Triton:1.0
FF - prefs.js..extensions.enabledItems: ChrominFrame@zero.fire:1.0.9.6
FF - prefs.js..extensions.enabledItems: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}:9.4.0.1
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:3.1
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe41}:1.0.9
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.3
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:3.3.3
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.2
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:4.2
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.8
FF - prefs.js..extensions.enabledItems: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {0fa2149e-bb2c-4ac2-a8d3-479599819475}:1.6
FF - prefs.js..extensions.enabledItems: web@veoh.com:1.4
FF - prefs.js..extensions.enabledItems: {b065cadc-711c-4074-a257-63df8e2128d7}:0.1.7
FF - prefs.js..extensions.enabledItems: locationbar2@design-noir.de:1.0.5
FF - prefs.js..extensions.enabledItems: chromifox@altmusictv.com:3.6.5
FF - prefs.js..extensions.enabledItems: cfxe@Triton:3.6
FF - prefs.js..extensions.enabledItems: cfxec@Triton:2.0.1
FF - prefs.js..extensions.enabledItems: {00352F14-3F76-4e4d-ACFF-9972D7E4B3B9}:0.7.2
FF - prefs.js..extensions.enabledItems: {07b2a769-ed19-4483-87ce-c643914c81bb}:3.0.0.90
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.gopher: ""
FF - prefs.js..network.proxy.backup.gopher_port: 0
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.ftp: "142.150.238.12"
FF - prefs.js..network.proxy.ftp_port: 3127
FF - prefs.js..network.proxy.gopher: "142.150.238.12"
FF - prefs.js..network.proxy.gopher_port: 3127
FF - prefs.js..network.proxy.http: "142.150.238.12"
FF - prefs.js..network.proxy.http_port: 3127
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "142.150.238.12"
FF - prefs.js..network.proxy.socks_port: 3127
FF - prefs.js..network.proxy.ssl: "142.150.238.12"
FF - prefs.js..network.proxy.ssl_port: 3127


FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/10 07:08:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Minefield 3.7a1pre\extensions\\Components: C:\Program Files\Minefield\components
FF - HKLM\software\mozilla\Minefield 3.7a1pre\extensions\\Plugins: C:\Program Files\Minefield\plugins [2010/02/14 09:27:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox 3.5 Beta 4\components
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox 3.5 Beta 4\plugins [2010/04/01 10:16:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox 3.5\components
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox 3.5\plugins [2010/04/01 10:16:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox 3.6\components [2010/04/08 19:11:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox 3.6\plugins [2010/04/12 18:10:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6b1\extensions\\Components: C:\Program Files\Mozilla Firefox 3.6 Beta 1\components
FF - HKLM\software\mozilla\Mozilla Firefox 3.6b1\extensions\\Plugins: C:\Program Files\Mozilla Firefox 3.6 Beta 1\plugins [2010/04/01 10:16:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2009/06/05 17:46:05 | 000,000,000 | ---D | M]

[2009/09/28 21:06:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2009/09/28 21:06:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions\{a23983c0-fd0e-11dc-95ff-0800200c9a66}
[2009/09/28 21:06:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla\Fennec\Profiles\7ntkk0e8.default\extensions
[2010/04/12 18:15:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\8mwa2ci6.default\extensions
[2010/03/12 21:25:24 | 000,000,000 | ---D | M] (MacOSX Theme) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\8mwa2ci6.default\extensions\{00352F14-3F76-4e4d-ACFF-9972D7E4B3B9}
[2010/03/12 21:25:38 | 000,000,000 | ---D | M] (Vista-aero) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\8mwa2ci6.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}
[2010/01/18 12:57:58 | 000,000,000 | ---D | M] (All-in-One Sidebar) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\8mwa2ci6.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}
[2010/01/11 18:03:13 | 000,000,000 | ---D | M] (URL Fixer) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\8mwa2ci6.default\extensions\{0fa2149e-bb2c-4ac2-a8d3-479599819475}
[2010/02/27 14:10:40 | 000,000,000 | ---D | M] (Flagfox) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\8mwa2ci6.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}(2)
[2009/05/18 19:13:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\8mwa2ci6.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe41}
[2009/07/29 13:58:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\8mwa2ci6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/01/24 23:16:34 | 000,000,000 | ---D | M] (Tab Control) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\8mwa2ci6.default\extensions\{39952c40-5197-11da-8cd6-0800200c9a66}
[2010/02/22 22:00:16 | 000,000,000 | ---D | M] (Stylish) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\8mwa2ci6.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2010/01/21 18:51:54 | 000,000,000 | ---D | M] (Swag Bucks Toolbar) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\8mwa2ci6.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}
[2010/01/05 22:36:21 | 000,000,000 | ---D | M] (ImTranslator) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\8mwa2ci6.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
[2010/04/10 22:28:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\8mwa2ci6.default\extensions\{b065cadc-711c-4074-a257-63df8e2128d7}
[2010/04/08 19:11:32 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\8mwa2ci6.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
[2010/01/10 11:46:09 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\8mwa2ci6.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/01/22 19:21:24 | 000,000,000 | ---D | M] (FoxTab) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\8mwa2ci6.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2010/03/30 18:02:44 | 000,000,000 | ---D | M] (SearchPreview) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\8mwa2ci6.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
[2009/10/24 20:53:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\8mwa2ci6.default\extensions\anycolor.pavlos256@gmail.com
[2010/02/15 09:08:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\8mwa2ci6.default\extensions\cfxe@Triton
[2009/08/29 10:28:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\8mwa2ci6.default\extensions\cfxeblade@Triton
[2009/12/09 20:08:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\8mwa2ci6.default\extensions\cfxec@Triton
[2010/02/15 09:08:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\8mwa2ci6.default\extensions\cfxHelper@Triton
[2010/03/03 23:16:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\8mwa2ci6.default\extensions\chromifox@altmusictv.com
[2010/01/25 20:38:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\8mwa2ci6.default\extensions\ChrominFrame@zero.fire
[2010/01/22 22:50:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\8mwa2ci6.default\extensions\coc@ble.pl
[2009/10/05 21:21:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\8mwa2ci6.default\extensions\elemhidehelper@adblockplus.org
[2010/03/06 09:17:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\8mwa2ci6.default\extensions\locationbar2@design-noir.de
[2010/03/30 18:02:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\8mwa2ci6.default\extensions\personas@christopher.beard
[2009/05/21 19:28:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\8mwa2ci6.default\extensions\searchrecs@veoh.com
[2010/03/12 21:25:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\8mwa2ci6.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}\chrome\mozapps\extensions
[2010/04/09 21:38:37 | 000,001,540 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\8mwa2ci6.default\searchplugins\swagbuckscom.xml

O1 HOSTS File: ([2010/04/06 22:45:39 | 000,385,900 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 13312 more lines...
O2 - BHO: (Yahoo! Companion BHO) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (Yahoo! Inc.)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (Internet Explorer Plugin) - {F4F5B58A-D3A6-4F85-B3EF-5642E8937E6F} - C:\WINDOWS\System32\nsfwj2.dll (Rox)
O2 - BHO: (DAPIELoader Class) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\DAP\dapieloader.dll (SpeedBit Ltd.)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKU\S-1-5-21-14370713-637039518-2802728689-1008\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-14370713-637039518-2802728689-1008\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-14370713-637039518-2802728689-1008\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKU\S-1-5-21-14370713-637039518-2802728689-1008\..\Toolbar\WebBrowser: (Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe File not found
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe File not found
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LogonStudio] C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe File not found
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\WINDOWS\creator\Remind_XP.exe (SoftThinks)
O4 - HKLM..\Run: [ShowWnd] C:\WINDOWS\ShowWnd.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe File not found
O4 - HKU\S-1-5-21-14370713-637039518-2802728689-1008..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL Inc.)
O4 - HKU\S-1-5-21-14370713-637039518-2802728689-1008..\Run: [Iconoid] C:\Program Files\Iconoid\iconoid.exe (SillySot Software)
O4 - HKU\S-1-5-21-14370713-637039518-2802728689-1008..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe (IGN Entertainment)
O4 - HKU\S-1-5-21-14370713-637039518-2802728689-1008..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-14370713-637039518-2802728689-1008..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe ()
O4 - Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\Vanessa\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-14370713-637039518-2802728689-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-14370713-637039518-2802728689-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-14370713-637039518-2802728689-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1238871823806 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (C:\Program Files\TGTSoft\StyleXP\Logon\CurrentLogon.EXE) - C:\Program Files\TGTSoft\StyleXP\Logon\CurrentLogon.EXE ()
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\gport_: DllName - gport_.dll - C:\WINDOWS\System32\gport_.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/04/13 12:20:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/08/04 18:41:18 | 000,000,031 | ---- | M] () - D:\autorun.inf.vir -- [ FAT32 ]
O32 - AutoRun File - [2004/09/13 12:15:24 | 000,000,053 | -HS- | M] () - D:\AUTORUN.FCB -- [ FAT32 ]
O33 - MountPoints2\{f0d0d357-3a72-11de-949a-000fb591e724}\Shell - "" = AutoRun
O33 - MountPoints2\{f0d0d357-3a72-11de-949a-000fb591e724}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f0d0d357-3a72-11de-949a-000fb591e724}\Shell\AutoRun\command - "" = M:\LaunchU3.exe -- File not found
O33 - MountPoints2\M\Shell - "" = AutoRun
O33 - MountPoints2\M\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\M\Shell\AutoRun\command - "" = M:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-14370713-637039518-2802728689-1008\...com [@ = comfile] -- Reg Error: Key error. File not found
O37 - HKU\S-1-5-21-14370713-637039518-2802728689-1008\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2005/04/13 12:19:19 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - Services: "Lavasoft Ad-Aware Service"
MsConfig - Services: "wlidsvc"
MsConfig - Services: "fsssvc"
MsConfig - StartUpFolder: C:^Documents and Settings^User^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe - ()
MsConfig - StartUpFolder: C:^Documents and Settings^User^Start Menu^Programs^Startup^Raptr.lnk - C:\PROGRA~1\Raptr\RAPTRS~1.EXE - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^User^Start Menu^Programs^Startup^SystemMON.exe - Reg Error: Value error. - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^User^Start Menu^Programs^Startup^taksman.exe - Reg Error: Value error. - File not found
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe File not found
MsConfig - StartUpReg: BitTorrent DNA - hkey= - key= - C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
MsConfig - StartUpReg: Corel File Shell Monitor - hkey= - key= - C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe ()
MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
MsConfig - StartUpReg: DownloadAccelerator - hkey= - key= - C:\Program Files\DAP\DAP.EXE (SpeedBit Ltd.)
MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: HP Component Manager - hkey= - key= - C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)
MsConfig - StartUpReg: PHIME2002A - hkey= - key= - File not found
MsConfig - StartUpReg: PHIME2002ASync - hkey= - key= - File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe File not found
MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Common Files\Real\Update_OB\realsched.exe File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: nm - C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
SafeBootNet: nm.sys - C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A794B62F-01A7-4F56-B1C7-4A568C1BECFF} - rundll32 nsfwj2.dll,laspi
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295)
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.ffds - C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.VSPX - C:\WINDOWS\System32\vspxvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

========== Files/Folders - Created Within 30 Days ==========

[2010/04/12 18:13:37 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2010/04/12 18:10:59 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/04/12 18:10:59 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/04/12 18:10:59 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/04/12 18:10:59 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/04/12 18:09:02 | 016,525,088 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\User\Desktop\javadl.sun_1.com
[2010/04/12 18:07:42 | 000,918,816 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\User\Desktop\javadl.sun.com
[2010/04/11 17:02:47 | 000,000,000 | ---D | C] -- C:\bc764f2eb9870b2808003f9910
[2010/04/11 11:16:35 | 000,175,256 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\User\Desktop\FixWelch.exe
[2010/04/08 23:13:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\New Folder
[2010/04/08 19:12:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Threat Expert
[2010/04/08 19:12:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Threat Expert
[2010/04/08 19:11:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\PC Tools
[2010/04/08 19:11:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/04/08 19:11:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/04/08 19:11:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Simply Super Software
[2010/04/08 19:11:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2010/04/08 18:35:00 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2010/04/08 18:34:59 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2010/04/08 18:34:59 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2010/04/08 18:32:40 | 000,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010/04/08 18:32:29 | 000,217,032 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010/04/08 18:32:29 | 000,088,040 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010/04/08 18:32:19 | 000,070,408 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010/04/08 18:32:04 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/04/08 18:32:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/04/08 14:36:30 | 000,045,568 | ---- | C] (Rox) -- C:\WINDOWS\System32\nsfwj2.dll
[2010/04/08 10:05:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/04/08 08:21:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2010/04/07 06:31:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/04/07 06:31:28 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/04/07 01:15:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/04/07 01:15:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/04/07 00:12:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\Simply Super Software
[2010/04/07 00:12:38 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ztvcabinet.dll
[2010/04/07 00:12:36 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2010/04/07 00:12:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2010/04/06 22:23:11 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/04/06 08:49:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/04/05 22:07:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/04/05 21:07:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/04/05 00:23:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\tilem-0.973
[2010/04/04 23:30:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\vti
[2010/04/04 19:27:55 | 000,014,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsgXP_2k3.dll
[2010/04/04 19:27:36 | 001,112,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WdfCoInstaller01007.dll
[2010/03/30 09:24:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2010/03/28 18:02:52 | 000,000,000 | ---D | C] -- C:\Program Files\WinCustomize
[2010/03/28 18:02:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Stardock
[2010/03/28 17:15:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\logins
[2010/03/28 17:08:26 | 000,000,000 | ---D | C] -- C:\Program Files\FileSubmit
[2010/03/21 12:33:10 | 000,000,000 | ---D | C] -- C:\Program Files\TGTSoft
[2010/03/20 23:24:16 | 000,000,000 | ---D | C] -- C:\Program Files\Yu-Gi-Oh
[2010/03/20 18:59:38 | 000,000,000 | ---D | C] -- C:\magic
[2010/03/16 23:11:43 | 000,000,000 | ---D | C] -- C:\Program Files\ConWare
[2009/11/02 03:08:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
[2009/09/17 22:00:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ESET
[2009/08/11 20:00:58 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/07/22 07:07:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/07/22 07:03:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/06/23 23:33:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ESET
[2009/04/06 23:06:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2006/07/29 05:52:05 | 000,192,512 | -HS- | C] (ICSharpCode.net) -- C:\WINDOWS\Fonts\ICSharpCode.SharpZipLib.dll
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/12 18:36:32 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/12 18:36:21 | 000,001,917 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/04/12 18:19:30 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-14370713-637039518-2802728689-1008.job
[2010/04/12 18:19:29 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-14370713-637039518-2802728689-1008.job
[2010/04/12 18:13:40 | 017,301,504 | ---- | M] () -- C:\Documents and Settings\User\ntuser.dat
[2010/04/12 18:13:40 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2010/04/12 18:10:37 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2010/04/12 18:10:37 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/04/12 18:10:37 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/04/12 18:10:37 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/04/12 18:10:37 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/04/12 18:09:27 | 016,525,088 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\User\Desktop\javadl.sun_1.com
[2010/04/12 18:07:49 | 000,918,816 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\User\Desktop\javadl.sun.com
[2010/04/12 18:02:03 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-14370713-637039518-2802728689-1008UA.job
[2010/04/12 17:59:43 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/12 17:59:38 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-18.job
[2010/04/12 17:58:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/04/12 17:57:45 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/12 17:57:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/12 17:57:38 | 1474,875,392 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/12 14:21:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/04/12 05:48:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-14370713-637039518-2802728689-1008Core1cac81a228a063a.job
[2010/04/11 20:36:05 | 000,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\System32\drivers\cmdide.sys
[2010/04/11 20:36:05 | 000,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\System32\dllcache\cmdide.sys
[2010/04/11 11:16:37 | 000,175,256 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\User\Desktop\FixWelch.exe
[2010/04/11 03:44:33 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\User\ntuser.ini
[2010/04/11 03:44:11 | 001,578,358 | -H-- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\IconCache.db
[2010/04/10 21:58:49 | 000,016,256 | ---- | M] () -- C:\Documents and Settings\User\Desktop\asian-pussy.JPG
[2010/04/10 00:02:09 | 000,091,662 | ---- | M] () -- C:\Documents and Settings\User\Desktop\asssssss.jpg
[2010/04/09 23:29:30 | 000,004,657 | ---- | M] () -- C:\Documents and Settings\User\Desktop\ormrr.JPG
[2010/04/09 23:22:16 | 000,097,244 | ---- | M] () -- C:\Documents and Settings\User\Desktop\asdasd.jpg
[2010/04/09 21:52:31 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-18.job
[2010/04/08 23:12:49 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\User\Desktop\gmer.zip
[2010/04/08 23:09:36 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\User\Desktop\dds.scr
[2010/04/08 23:04:03 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\User\defogger_reenable
[2010/04/08 19:20:02 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Defogger.exe
[2010/04/08 18:32:24 | 000,001,639 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/04/08 14:36:30 | 000,060,416 | ---- | M] () -- C:\WINDOWS\System32\klgd.bmp
[2010/04/08 14:36:30 | 000,045,568 | ---- | M] (Rox) -- C:\WINDOWS\System32\nsfwj2.dll
[2010/04/08 14:36:30 | 000,003,519 | ---- | M] () -- C:\WINDOWS\System32\krv
[2010/04/08 04:45:54 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/07 00:35:56 | 000,000,965 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Spybot - Search & Destroy.lnk
[2010/04/07 00:12:41 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Trojan Remover.lnk
[2010/04/06 23:30:38 | 000,058,368 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/06 22:45:39 | 000,385,900 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/04/06 19:40:00 | 000,000,768 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/06 03:41:58 | 000,005,136 | ---- | M] () -- C:\WINDOWS\System32\gport_.dll
[2010/04/05 23:07:19 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/05 21:02:05 | 000,000,024 | ---- | M] () -- C:\WINDOWS\LogonStudio.ini
[2010/04/05 00:23:32 | 000,463,181 | ---- | M] () -- C:\Documents and Settings\User\Desktop\tilem-0.973.tar.gz
[2010/04/05 00:20:14 | 000,063,786 | ---- | M] () -- C:\Documents and Settings\User\Desktop\ti84plus.zip
[2010/04/04 19:28:06 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_nielprt_01007.Wdf
[2010/04/04 19:28:03 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2010/04/04 17:01:25 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/04 17:00:28 | 000,166,790 | ---- | M] () -- C:\Documents and Settings\User\Desktop\=D.jpg
[2010/04/03 08:40:48 | 009,661,588 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Goo.mp3
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/28 18:27:38 | 000,002,516 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2010/03/28 18:24:23 | 004,232,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\logonuiX.exe
[2010/03/28 16:24:03 | 000,001,936 | -H-- | M] () -- C:\IPH.PH
[2010/03/28 16:24:01 | 000,001,576 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
[2010/03/23 00:05:00 | 000,525,770 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/23 00:05:00 | 000,444,690 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/23 00:05:00 | 000,072,456 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/21 13:27:58 | 000,000,088 | ---- | M] () -- C:\WINDOWS\StyleBuilder.INI
[2010/03/20 23:26:19 | 000,000,517 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Yu-Gi-Oh.lnk
[2010/03/20 19:01:41 | 000,000,580 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Magic.exe.lnk
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/10 21:58:49 | 000,016,256 | ---- | C] () -- C:\Documents and Settings\User\Desktop\asian-pussy.JPG
[2010/04/10 00:02:24 | 000,091,662 | ---- | C] () -- C:\Documents and Settings\User\Desktop\asssssss.jpg
[2010/04/09 23:29:29 | 000,004,657 | ---- | C] () -- C:\Documents and Settings\User\Desktop\ormrr.JPG
[2010/04/09 23:22:29 | 000,097,244 | ---- | C] () -- C:\Documents and Settings\User\Desktop\asdasd.jpg
[2010/04/08 23:12:50 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\User\Desktop\gmer.zip
[2010/04/08 23:09:34 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\User\Desktop\dds.scr
[2010/04/08 23:03:50 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\User\defogger_reenable
[2010/04/08 19:20:02 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Defogger.exe
[2010/04/08 18:35:00 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010/04/08 18:35:00 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2010/04/08 18:35:00 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2010/04/08 18:35:00 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2010/04/08 18:34:59 | 001,152,444 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2010/04/08 18:32:40 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2010/04/08 18:32:29 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010/04/08 18:32:29 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2010/04/08 18:32:24 | 000,001,639 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/04/08 18:32:19 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2010/04/08 14:36:30 | 000,060,416 | ---- | C] () -- C:\WINDOWS\System32\klgd.bmp
[2010/04/08 14:36:30 | 000,003,519 | ---- | C] () -- C:\WINDOWS\System32\krv
[2010/04/07 00:12:41 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Trojan Remover.lnk
[2010/04/07 00:12:38 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2010/04/07 00:12:38 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2010/04/07 00:12:38 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2010/04/07 00:12:38 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2010/04/06 22:23:43 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\ntuser.dat.LOG
[2010/04/06 22:23:30 | 000,000,965 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Spybot - Search & Destroy.lnk
[2010/04/06 07:12:45 | 000,000,288 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-18.job
[2010/04/06 07:12:45 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-18.job
[2010/04/06 03:41:58 | 000,005,136 | ---- | C] () -- C:\WINDOWS\System32\gport_.dll
[2010/04/05 00:23:29 | 000,463,181 | ---- | C] () -- C:\Documents and Settings\User\Desktop\tilem-0.973.tar.gz
[2010/04/05 00:20:12 | 000,063,786 | ---- | C] () -- C:\Documents and Settings\User\Desktop\ti84plus.zip
[2010/04/04 19:28:06 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_nielprt_01007.Wdf
[2010/04/04 19:28:03 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2010/04/04 17:00:47 | 000,166,790 | ---- | C] () -- C:\Documents and Settings\User\Desktop\=D.jpg
[2010/03/28 18:03:10 | 000,000,024 | ---- | C] () -- C:\WINDOWS\LogonStudio.ini
[2010/03/28 18:02:53 | 000,187,392 | ---- | C] () -- C:\WINDOWS\System32\JPGUtils.dll
[2010/03/28 16:27:07 | 000,000,209 | RHS- | C] () -- C:\BOOT.BKK
[2010/03/21 12:34:56 | 000,000,088 | ---- | C] () -- C:\WINDOWS\StyleBuilder.INI
[2010/03/20 23:26:19 | 000,000,517 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Yu-Gi-Oh.lnk
[2010/03/20 19:01:41 | 000,000,580 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Magic.exe.lnk
[2010/03/20 05:43:10 | 000,000,922 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-14370713-637039518-2802728689-1008Core1cac81a228a063a.job
[2010/02/22 23:20:41 | 017,301,504 | ---- | C] () -- C:\Documents and Settings\User\ntuser.dat
[2010/02/21 16:07:53 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\User\Application Data\winscp.rnd
[2010/01/31 09:58:24 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2010/01/31 09:58:24 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2010/01/30 09:55:21 | 000,000,292 | ---- | C] () -- C:\WINDOWS\vtmb.ini
[2010/01/28 19:29:44 | 000,000,262 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2009/11/14 10:31:27 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\fusioncache.dat
[2009/09/18 19:55:50 | 000,030,464 | ---- | C] () -- C:\WINDOWS\macromix.dll
[2009/09/18 19:39:30 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2009/09/16 00:03:06 | 000,000,509 | ---- | C] () -- C:\WINDOWS\vsp.ini
[2009/09/14 20:30:26 | 000,002,528 | ---- | C] () -- C:\WINDOWS\FCIC.INI
[2009/09/04 16:41:05 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\nocashio.sys
[2009/08/31 16:50:49 | 000,000,122 | ---- | C] () -- C:\Documents and Settings\User\default.pls
[2009/07/19 19:34:32 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\User\ntuser.pol
[2009/07/14 19:04:52 | 000,000,083 | ---- | C] () -- C:\WINDOWS\wwp.INI
[2009/06/25 14:12:58 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/06/22 20:36:32 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2009/04/29 12:29:08 | 000,000,159 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/04/06 16:16:17 | 000,000,106 | ---- | C] () -- C:\WINDOWS\WinFrotz.INI
[2009/04/05 19:20:26 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI
[2009/04/04 23:16:11 | 000,203,144 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/04/04 16:34:09 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/04/04 16:01:20 | 000,058,368 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/04 16:01:18 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\User\ntuser.dat.LOG
[2009/04/04 16:01:18 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\User\ntuser.ini
[2009/04/04 15:56:55 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2009/04/04 15:36:04 | 000,002,516 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2009/04/04 15:36:04 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\8C417EDD1B.sys
[2009/04/04 15:15:33 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2009/04/04 15:10:21 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2009/04/04 15:10:18 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/04/04 14:51:44 | 000,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll
[2009/04/04 14:51:44 | 000,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll
[2009/01/16 14:45:48 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2005/10/20 17:58:52 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\vspxvfw.dll
[2005/09/01 09:20:46 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\vspxcore.dll
[2005/08/05 14:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/04/13 14:02:03 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/04/13 11:57:05 | 000,001,436 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/04/13 11:57:05 | 000,000,494 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2005/04/13 11:55:59 | 001,291,264 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
[2003/01/07 10:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/13 19:11:51 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll
[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >


< MD5 for: AGP440.SYS >
[2004/08/10 14:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/04/04 16:57:32 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/10 14:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2009/04/04 16:57:32 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 08:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/10 14:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/04/04 16:57:32 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/10 14:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2009/04/04 16:57:32 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/10 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\pebuilder3110a\BartPE\I386\SYSTEM32\DRIVERS\ATAPI.SYS
[2004/08/04 01:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 07:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/10 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/10 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\pebuilder3110a\BartPE\I386\SYSTEM32\NETLOGON.DLL
[2004/08/10 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/10 14:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\pebuilder3110a\BartPE\I386\SYSTEM32\SCECLI.DLL
[2004/08/10 14:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\User\Desktop\Pokemon Emerald.txt:SummaryInformation
@Alternate Data Stream - 235 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:85AA7074
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A9662AE0
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D74B6CF5
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:364682BC
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >











OTL Extras logfile created on: 4/12/2010 6:14:21 PM - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\User\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 40.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 182.10 Gb Total Space | 8.38 Gb Free Space | 4.60% Space Free | Partition Type: NTFS
Drive D: | 4.20 Gb Total Space | 0.99 Gb Free Space | 23.62% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BLUE
Current User Name: User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-14370713-637039518-2802728689-1008\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.com [@ = comfile] -- Reg Error: Key error. File not found
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox 3.6\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with Corel Paint Shop Pro Photo X2] -- "C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"58811:TCP" = 58811:TCP:*:Enabled:Pando Media Booster
"58811:UDP" = 58811:UDP:*:Enabled:Pando Media Booster
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"58278:TCP" = 58278:TCP:*:Enabled:Pando Media Booster
"58278:UDP" = 58278:UDP:*:Enabled:Pando Media Booster
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"8484:TCP" = 8484:TCP:*:Enabled:MS1
"8585:TCP" = 8585:TCP:*:Enabled:MS2
"8686:TCP" = 8686:TCP:*:Enabled:MS3
"8787:TCP" = 8787:TCP:*:Enabled:MS4
"58811:TCP" = 58811:TCP:*:Enabled:Pando Media Booster
"58811:UDP" = 58811:UDP:*:Enabled:Pando Media Booster
"18752:TCP" = 18752:TCP:*:Enabled:bit
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"57582:TCP" = 57582:TCP:*:Enabled:Pando Media Booster
"57582:UDP" = 57582:UDP:*:Enabled:Pando Media Booster

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- (Nexon)
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe -- (Nexon)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- (Veoh Networks)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Ntreev\Grand Chase\main.exe" = C:\Ntreev\Grand Chase\main.exe:*:Enabled:GrandChase -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\My Backup -- 28-07-08 1412\Program Files\LimeWire\LimeWire.exe" = C:\My Backup -- 28-07-08 1412\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\ijji\ENGLISH\u_skid.exe" = C:\ijji\ENGLISH\u_skid.exe:*:Enabled:<ijji Downloader> -- (NHN USA inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- (Nexon)
"C:\Nexon\Combat Arms\NMService.exe" = C:\Nexon\Combat Arms\NMService.exe:*:Enabled:Nexon Messenger Core -- (Nexon Corp.)
"C:\Program Files\DAP\DAP.exe" = C:\Program Files\DAP\DAP.exe:*:Enabled:Download Accelerator Plus (DAP) -- (SpeedBit Ltd.)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- File not found
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL Inc.)
"C:\Program Files\softnyx\GunboundWC\GunBound.gme" = C:\Program Files\softnyx\GunboundWC\GunBound.gme:*:Enabled:GunBound -- (Softnyx)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:Torrent -- (BitTorrent, Inc.)
"C:\Nexon\DFO\DFO.exe" = C:\Nexon\DFO\DFO.exe:*:Enabled:Dungeon Fighter Online -- File not found
"C:\Program Files\Starcraft\StarCraft.exe" = C:\Program Files\Starcraft\StarCraft.exe:*:Enabled:Starcraft -- (Blizzard Entertainment)
"C:\Program Files\Paltalk Messenger\paltalk.exe" = C:\Program Files\Paltalk Messenger\paltalk.exe:*:Enabled:PaltalkScene -- (AVM Software Inc.)
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*:Enabled:Combat Arms -- (Nexon)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\WINDOWS\TEMP\evkm.tmp\svchost.exe" = C:\WINDOWS\TEMP\evkm.tmp\svchost.exe:*:Enabled:svchost -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{08C0729E-3E50-11DF-9D81-005056806466}" = Google Earth
"{08F8FD7C-44A5-4423-B87C-EBD3D94C9F87}" = Vampire - The Masquerade Bloodlines
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite eMachines
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{18FC2A03-B955-4F92-8A56-B6E37A9AEBEA}" = Mission Pack
"{1A2A15C2-6780-49c1-B296-503230E9DE00}" = The Sims 2 Mansion and Garden Stuff
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.3
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java™ 6 Update 19
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2D37F6AE-D201-4580-B91A-6BF9BB93ED2D}" = The Sims 2 Double Deluxe
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4817189D-1785-4627-A33C-39FD90919300}" = The Sims 2 Pets
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{5290930D-C6D8-4EDB-98ED-7E025E65CAFF}" = Vampire Realism II
"{57E983EF-FD01-432D-BF7B-F8A7E6913101}" = The Secret of the Silver Earring
"{5C648FDB-0138-4619-B66E-230EF53E8E2C}" = The Sims 2 Teen Style Stuff
"{5D0482A8-BD3E-4656-9002-EF4057899E98}" = 28222
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{643346A5-4EE4-480E-AF8A-0BF7664DE498}_is1" = Oxin's Style! VirtuallyJenna 2
"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
"{6522C636-B04C-4333-9BEB-9E0C0B6350D6}" = The Sims 2 Kitchen & Bath Interior Design Stuff
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6BDD9CE6-D0A6-478A-BAD3-BA6945E89EB0}" = The Sims 2 Family Fun Stuff
"{6E17F9751-F056-4335-B718-8AF1B1092AFB}" = The Sims 2 IKEA Home Stuff
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}" = overland
"{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}" = Windows Live Family Safety
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = The Sims 2 Open For Business
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}" = Digital Media Reader
"{84DDE556-43EF-43ed-B2DF-37AF9E5DDD75}" = The Sims 2 H&M Fashion Stuff
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}" = The Sims 2 FreeTime
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C453F13-6877-4D34-8816-009ABDE306DB}" = Prince of Persia The Sands of Time
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{8ECBE643-8230-11D5-9D6B-00A024112F81}" = VDMSound 2.0.4
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A200E68-D5F4-4E70-910F-2871753A0E2B}" = Worms World Party
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CDBC303-3EED-40b0-8E41-A7C65AA96C26}" = The Sims 2 Glamour Life Stuff
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.2
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B42F73D4-AFDA-4761-B3F4-23A872D11339}" = Morrowind
"{B6F5B704-06D3-4687-90F3-6195304AD755}" = The Sims 2 Apartment Life
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C48AD49C-9BBF-4056-B756-846C8548507E}_is1" = Oxin's Style! Hentai3D 2.056.001
"{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = The Sims 2 Seasons
"{E0990010-9FC0-47CB-0095-C4F40C9432A9}" = The Sims 2 University
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F248ADFA-64E0-4b03-8A83-059078BED6A0}" = The Sims 2 Bon Voyage
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FF262740-C85A-11D5-BBEC-00D0B740900A}" = Multimedia Keyboard Driver
"{FF70923C-8A51-47F4-A7E9-893C6D54EB68}" = TES Construction Set
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"AIM_7" = AIM 7
"All ATI Software" = ATI - Software Uninstall Utility
"Altap Salamander 2.52" = Altap Salamander 2.52
"America Online us" = America Online (Choose which version to remove)
"AnalogX Capture" = AnalogX Capture
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.6
"Browser Defender_is1" = Browser Defender 2.0.6.15
"CCleaner" = CCleaner (remove only)
"Cherry_Dolls_1.0" = Cherry Dolls 1.0
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1" = Soft Data Fax Modem with SmartCP
"Combat Arms" = Combat Arms
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-09-21 16:18
"Cpukiller3_is1" = Cpukiller3 v1.0.5
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Desperados 1.0" = Desperados 1.0
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Download Accelerator Plus (DAP)" = Download Accelerator Plus (DAP)
"Download Manager" = Download Manager 2.3.10
"DtsFilter" = DTS+AC3 Filter
"Elasto Mania" = Elasto Mania
"Game Booster_is1" = Game Booster
"Gargoyle" = Gargoyle
"Google Updater" = Google Updater
"Grand Chase" = Grand Chase
"GunboundWC_is1" = GunboundWC
"Hitman 2 Silent Assassin" = Hitman 2 Silent Assassin
"HP Photo & Imaging" = HP Image Zone 4.2
"IconArt" = IconArt
"Iconoid_is1" = Iconoid Version 3.8.5
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}" = Digital Media Reader
"InstallShield_{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"LimeWire" = LimeWire 5.2.13
"LogonStudio" = LogonStudio
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MapleStory" = MapleStory
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Minefield (3.7a1pre)" = Minefield (3.7a1pre)
"Morrowind Graphics Extender_is1" = Morrowind Graphics Extender 3.3.2
"Morrowind Mods Database_is1" = Morrowind Mods Database 1.2
"Mozilla Firefox (3.5.2)" = Mozilla Firefox (3.5.2)
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mozilla Firefox (3.6b1)" = Mozilla Firefox (3.6b1)
"MPEG2 Codec(libmpeg2/mad)" = MPEG2 Codec(libmpeg2/mad)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero OEM
"Nero BurnRights!UninstallKey" = Nero BurnRights
"NeroVision!UninstallKey" = Nero Digital
"NifSkope" = NifSkope (remove only)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PalTalk8.2" = PaltalkScene
"PE Builder_is1" = PE Builder 3.1.10a
"RealPlayer 12.0" = RealPlayer
"Spyware Doctor" = Spyware Doctor 7.0
"Starcraft" = Starcraft
"StyleBuilder" = StyleBuilder (remove only)
"StyleXP" = StyleXP (remove only)
"Syberia 1 1.00" = Syberia 1 1.00
"SystemRequirementsLab" = System Requirements Lab
"Trojan Remover_is1" = Trojan Remover 6.8.1
"uTorrent" = Torrent
"Veoh Web Player Beta" = Veoh Web Player
"VirtuallyJenna-029.002" = thriXXX VirtuallyJenna-029.002
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Widget Engine" = Yahoo! Widgets
"Yahoo!ツールバー" = Yahoo!ツールバー
"YInstHelper" = Yahoo! Install Manager

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-14370713-637039518-2802728689-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"Google Chrome" = Google Chrome
"ijji FireFox Launcher" = ijji FireFox Launcher 1.0
"ijji.com" = ijji

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/7/2010 6:02:07 PM | Computer Name = BLUE | Source = Google Update | ID = 20
Description =

Error - 4/8/2010 8:03:17 PM | Computer Name = BLUE | Source = Google Update | ID = 20
Description =

Error - 4/9/2010 12:27:57 AM | Computer Name = BLUE | Source = Application Error | ID = 1000
Description = Faulting application yahoowidgets.exe, version 4.5.2.0, faulting module
yahoowidgets.exe, version 4.5.2.0, fault address 0x0012f047.

Error - 4/9/2010 5:30:18 AM | Computer Name = BLUE | Source = Google Update | ID = 20
Description =

Error - 4/9/2010 6:30:29 AM | Computer Name = BLUE | Source = Google Update | ID = 20
Description =

Error - 4/9/2010 7:02:23 AM | Computer Name = BLUE | Source = Google Update | ID = 20
Description =

Error - 4/9/2010 7:30:26 AM | Computer Name = BLUE | Source = Google Update | ID = 20
Description =

Error - 4/9/2010 1:22:36 PM | Computer Name = BLUE | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x015f29c0.

Error - 4/10/2010 4:58:07 PM | Computer Name = BLUE | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 3.5-kb958484,
P2 1033, P3 1605, P4 msi, P5 f, P6 9.0.31211.0, P7 install, P8 x86, P9 xp, P10
0.

Error - 4/11/2010 4:45:29 AM | Computer Name = BLUE | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 3.5-kb958484,
P2 1033, P3 1605, P4 msi, P5 f, P6 9.0.31211.0, P7 install, P8 x86, P9 xp, P10
0.

[ OSession Events ]
Error - 4/6/2009 3:13:29 PM | Computer Name = BLUE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 144
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 4/11/2010 6:04:12 PM | Computer Name = BLUE | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework
3.5 Family Update for .NET versions 2.0 through 3.5 (KB951847) x86.

Error - 4/12/2010 12:03:10 AM | Computer Name = BLUE | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service upnphost with
arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 4/12/2010 6:57:52 PM | Computer Name = BLUE | Source = Service Control Manager | ID = 7001
Description = The Media Center Extender Service service depends on the SSDP Discovery
Service service which failed to start because of the following error: %%1058

Error - 4/12/2010 7:02:17 PM | Computer Name = BLUE | Source = Service Control Manager | ID = 7031
Description = The COM+ System Application service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 1000 milliseconds:
Restart the service.

Error - 4/12/2010 7:04:02 PM | Computer Name = BLUE | Source = Service Control Manager | ID = 7034
Description = The PC Tools Security Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 4/12/2010 7:04:02 PM | Computer Name = BLUE | Source = Service Control Manager | ID = 7034
Description = The PC Tools Auxiliary Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 4/12/2010 7:12:43 PM | Computer Name = BLUE | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service upnphost with
arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 4/12/2010 7:22:16 PM | Computer Name = BLUE | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service upnphost with
arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 4/12/2010 7:22:23 PM | Computer Name = BLUE | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service upnphost with
arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 4/12/2010 7:40:04 PM | Computer Name = BLUE | Source = Service Control Manager | ID = 7034
Description = The Browser Defender Update Service service terminated unexpectedly.
It has done this 1 time(s).


< End of report >

Edited by redslime, 12 April 2010 - 07:41 PM.


#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:31 PM

Posted 14 April 2010 - 06:51 AM

Hi,

I'm afraid I have bad news:

Your logs reveal an information stealing trojan.


I recommend that you disconnect this PC from the Internet immediately, and only reconnect to download any tools that are required to clean your PC.

If you do any banking or other financial transactions on the PC or it if it contains any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation as soon as possible.

If you do not have access to a known clean computer, you will still need to change your passwords, and all other sensitive information, but only once your system is deemed clean.

Please run ComboFix as a next step:
Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 redslime

redslime
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, IL, USA
  • Local time:03:31 PM

Posted 14 April 2010 - 03:19 PM

Hi. Thank you for the reply. I suspected the infection to steal information ever since i did a bit of research on the name of the infection NOD32 provided me, so I have refrained from using that pc much.

However fortunately, I never use that pc for anything that may contain sensetive information. The only information there at risk is probably game logins which are also protected by PINs. I will still change all my passwords regardless.

One thing of note since I last posted, is that my browser no longer crashes nor do i recieve notifications from NOD32 regarding it. I am unsure of the reason why that problem came or went though.

As you have said, I successfully installed Combofix and ran a scan. Here are my results:




ComboFix 10-04-14.01 - User 04/14/2010 14:53:52.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1406.669 [GMT -5:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\FCMC4C.tmp
C:\FCMC4D.tmp
C:\FCMC4E.tmp
C:\FCMC4F.tmp
C:\FCMC50.tmp
c:\recycler\S-1-5-21-4235993964-3224686558-1804696107-500
c:\recycler\S-1-5-21-5381550753-2065269574-694374887-6036
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
c:\windows\system32\fsc.txt
c:\windows\system32\ide.txt
c:\windows\system32\klgd.bmp
c:\windows\system32\lpe.txt
c:\windows\system32\qks.txt

.
((((((((((((((((((((((((( Files Created from 2010-03-14 to 2010-04-14 )))))))))))))))))))))))))))))))
.

2010-04-11 22:02 . 2010-04-11 22:02 -------- d-----w- C:\bc764f2eb9870b2808003f9910
2010-04-09 00:12 . 2010-04-09 00:12 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Threat Expert
2010-04-09 00:12 . 2010-04-09 00:12 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Threat Expert
2010-04-09 00:11 . 2010-04-09 00:11 -------- d-----w- c:\documents and settings\User\Application Data\PC Tools
2010-04-09 00:11 . 2010-04-09 00:11 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-04-09 00:11 . 2010-04-09 00:11 -------- d-----w- c:\documents and settings\User\Application Data\Simply Super Software
2010-04-08 23:35 . 2010-01-22 14:56 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-04-08 23:35 . 2010-01-22 14:55 767952 ----a-w- c:\windows\BDTSupport.dll
2010-04-08 23:35 . 2008-11-26 17:08 131 ----a-w- c:\windows\IDB.zip
2010-04-08 23:34 . 2010-01-22 14:56 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-04-08 23:34 . 2010-01-22 14:56 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-04-08 23:34 . 2009-10-28 06:36 1152444 ----a-w- c:\windows\UDB.zip
2010-04-08 23:32 . 2010-02-05 14:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-04-08 23:32 . 2010-03-10 16:36 217032 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-04-08 23:32 . 2009-11-23 18:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-04-08 23:32 . 2010-02-05 14:25 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-04-08 23:32 . 2010-04-13 00:52 -------- d-----w- c:\program files\Spyware Doctor
2010-04-08 23:32 . 2010-04-09 00:12 -------- d-----w- c:\program files\Common Files\PC Tools
2010-04-08 19:36 . 2010-04-08 19:36 45568 ----a-w- c:\windows\system32\nsfwj2.dll
2010-04-08 13:21 . 2010-04-08 13:21 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2010-04-08 03:04 . 2010-02-28 01:46 3691384 ----a-w- c:\documents and settings\User\Application Data\Simply Super Software\Trojan Remover\qpj128D.exe
2010-04-07 11:31 . 2010-04-07 11:31 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2010-04-07 06:10 . 2010-04-07 06:10 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-04-07 05:12 . 2006-06-19 17:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-04-07 05:12 . 2006-05-25 19:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-04-07 05:12 . 2005-08-26 05:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-04-07 05:12 . 2003-02-03 00:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2010-04-07 05:12 . 2002-03-06 05:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-04-07 05:12 . 2010-04-09 00:11 -------- d-----w- c:\program files\Trojan Remover
2010-04-07 05:12 . 2010-04-07 05:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2010-04-07 03:23 . 2010-04-09 00:11 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-06 13:49 . 2010-04-08 15:05 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-04-06 08:41 . 2010-04-06 08:41 5136 ----a-w- c:\windows\system32\gport_.dll
2010-04-05 00:27 . 2008-03-21 18:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2010-04-05 00:27 . 2008-12-16 17:44 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2010-03-30 14:24 . 2010-03-30 14:24 -------- d-----w- c:\windows\system32\Adobe
2010-03-28 23:02 . 2000-05-17 14:52 187392 ----a-w- c:\windows\system32\JPGUtils.dll
2010-03-28 23:02 . 2010-03-28 23:02 -------- d-----w- c:\program files\WinCustomize
2010-03-28 23:02 . 2010-03-28 23:02 -------- d-----w- c:\program files\Common Files\Stardock
2010-03-28 22:08 . 2010-03-28 22:08 -------- d-----w- c:\program files\FileSubmit
2010-03-21 17:33 . 2010-03-21 17:34 -------- d-----w- c:\program files\TGTSoft
2010-03-21 04:24 . 2010-03-23 05:13 -------- d-----w- c:\program files\Yu-Gi-Oh
2010-03-20 23:59 . 2010-03-20 23:59 -------- d-----w- C:\magic
2010-03-17 04:11 . 2010-03-17 04:11 -------- d-----w- c:\program files\ConWare

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-14 01:29 . 2009-10-05 02:14 -------- d-----w- c:\documents and settings\User\Application Data\uTorrent
2010-04-13 03:35 . 2009-04-04 20:04 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-04-12 23:35 . 2009-04-04 20:08 -------- d-----w- c:\program files\Google
2010-04-12 23:10 . 2009-04-04 20:53 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-12 01:36 . 2005-04-13 18:58 6656 ----a-w- c:\windows\system32\drivers\cmdide.sys
2010-04-10 16:28 . 2009-06-24 02:46 -------- d-----w- c:\documents and settings\User\Application Data\U3
2010-04-09 14:49 . 2009-04-04 19:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-09 14:47 . 2009-06-24 04:27 5918776 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-09 00:11 . 2010-01-27 17:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-09 00:11 . 2009-04-04 20:05 -------- d-----w- c:\program files\Pure Networks
2010-04-09 00:11 . 2009-04-04 20:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2010-04-09 00:11 . 2010-02-04 04:56 -------- d-----w- c:\program files\QuickTime
2010-04-09 00:11 . 2010-01-21 23:42 -------- d-----w- c:\program files\Mozilla Firefox 3.6
2010-04-09 00:09 . 2005-04-13 17:41 -------- d-----w- c:\program files\Common Files\Java
2010-04-08 11:20 . 2010-04-08 11:20 0 ----a-w- c:\windows\system32\REN804F.tmp
2010-04-08 11:20 . 2010-04-08 11:20 0 ----a-w- c:\windows\system32\REN804E.tmp
2010-04-08 11:20 . 2010-04-08 11:20 0 ----a-w- c:\windows\system32\REN804D.tmp
2010-04-08 09:45 . 2010-01-30 01:14 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-07 22:49 . 2009-04-04 21:01 10134 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\ARPPRODUCTICON.exe
2010-04-07 22:49 . 2009-04-04 21:01 49152 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\NewShortcut3_15377C3E9655400FB441E69F0A6BEAFE.EXE
2010-04-07 22:49 . 2009-04-04 21:01 45056 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\NewShortcut2_15377C3E9655400FB441E69F0A6BEAFE.EXE
2010-04-07 22:49 . 2009-04-04 21:01 45056 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\NewShortcut1_15377C3E9655400FB441E69F0A6BEAFE.exe
2010-04-05 00:28 . 2010-04-05 00:28 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_nielprt_01007.Wdf
2010-04-05 00:28 . 2010-04-05 00:28 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2010-04-01 15:16 . 2009-04-04 19:14 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-03-30 05:46 . 2009-04-04 19:18 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 05:45 . 2009-04-04 19:18 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-28 23:27 . 2009-04-04 20:36 2516 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2010-03-28 23:27 . 2009-04-04 20:36 2516 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2010-03-28 23:24 . 2005-04-13 16:55 4232704 ----a-w- c:\windows\system32\logonuiX.exe
2010-03-28 21:23 . 2009-07-07 18:54 -------- d-----w- c:\program files\AIM
2010-03-13 20:08 . 2009-10-05 02:15 -------- d-----w- c:\program files\uTorrent
2010-03-10 12:08 . 2010-03-10 12:08 300616 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-03-10 12:08 . 2010-03-10 12:08 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-03-10 12:08 . 2010-03-10 12:08 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-03-10 12:08 . 2010-03-10 12:08 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-03-10 12:08 . 2010-03-10 12:08 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-03-10 12:08 . 2010-03-10 12:08 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-03-10 12:08 . 2010-03-10 12:08 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-03-10 12:08 . 2010-03-10 12:08 329312 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-03-10 12:08 . 2009-04-04 20:02 -------- d-----w- c:\program files\Common Files\Real
2010-03-10 12:07 . 2009-04-06 17:16 -------- d-----w- c:\program files\Real
2010-03-10 12:06 . 2003-03-19 12:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-03-10 12:06 . 2003-02-21 18:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-03-05 23:29 . 2009-08-21 14:17 -------- d-----w- c:\documents and settings\Vanessa\Application Data\LimeWire
2010-03-01 20:36 . 2009-04-05 00:58 -------- d-----w- c:\program files\SystemRequirementsLab
2010-03-01 20:36 . 2010-03-01 20:36 85504 ----a-w- c:\documents and settings\User\Application Data\SystemRequirementsLab\srlproxy_cyri_4.1.71.0A.dll
2010-03-01 20:36 . 2009-04-05 00:58 -------- d-----w- c:\documents and settings\User\Application Data\SystemRequirementsLab
2010-02-28 13:45 . 2009-04-04 20:04 -------- d-----w- c:\program files\DAP
2010-02-28 13:37 . 2009-05-29 02:08 98304 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
2010-02-28 13:37 . 2009-05-29 02:08 258352 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\unicows.dll
2010-02-28 13:37 . 2009-05-29 02:08 126976 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\nxgameus.dll
2010-02-28 13:37 . 2009-05-29 02:08 401408 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMResource.dll
2010-02-28 13:37 . 2009-05-29 02:08 765952 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMDll.dll
2010-02-28 13:37 . 2009-05-29 02:08 172032 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGM.exe
2010-02-28 05:25 . 2010-02-27 19:10 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2010-02-28 05:24 . 2010-02-06 23:47 -------- d-----w- c:\documents and settings\User\Application Data\IGN_DLM
2010-02-28 04:58 . 2010-02-28 04:58 -------- d-----w- c:\program files\Lame for Audacity
2010-02-28 04:55 . 2010-02-28 04:55 -------- d-----w- c:\program files\Audacity
2010-02-27 19:10 . 2009-05-29 00:28 -------- d-----w- c:\program files\Pando Networks
2010-02-25 06:24 . 2005-04-13 16:56 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-22 01:53 . 2009-11-14 15:31 -------- d-----w- c:\documents and settings\User\Application Data\MWSE
2010-02-22 00:34 . 2009-10-06 21:44 -------- d-----w- c:\program files\Bethesda Softworks
2010-02-21 21:00 . 2010-02-21 21:00 -------- d-----w- c:\program files\Altap Salamander 2.5
2010-02-18 00:10 . 2009-08-08 23:43 -------- d-----w- c:\program files\IObit
2010-02-16 03:18 . 2010-02-16 03:18 -------- d-----w- c:\program files\NifTools
2010-02-14 20:44 . 2010-02-13 09:17 -------- d-----w- c:\program files\WorldOfGoo
2010-02-14 14:27 . 2009-06-26 19:35 -------- d-----w- c:\program files\DivX
2010-02-14 14:27 . 2010-02-14 14:27 -------- d-----w- c:\program files\Mozilla Firefox 3.6 Beta 1
2010-02-14 14:27 . 2010-02-14 14:27 -------- d-----w- c:\program files\Mozilla Firefox 3.5 Beta 4
2010-02-14 14:27 . 2010-02-14 14:27 -------- d-----w- c:\program files\Mozilla Firefox 3.5
2010-02-14 14:27 . 2010-02-14 14:27 -------- d-----w- c:\program files\Minefield
2010-02-14 14:26 . 2009-06-26 19:35 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-02-14 14:23 . 2009-12-27 04:30 -------- d-----w- c:\documents and settings\User\Application Data\GRETECH
2010-02-14 14:23 . 2009-12-27 04:19 -------- d-----w- c:\program files\GRETECH
2010-02-13 21:37 . 2009-08-06 16:27 -------- d-----w- c:\program files\Eidos Interactive
2010-02-13 08:16 . 2010-02-13 08:16 88064 ----a-w- c:\documents and settings\User\Application Data\SystemRequirementsLab\srlproxy_cyri_4.1.62.0A.dll
2010-02-09 05:03 . 2010-02-09 05:03 88064 ----a-w- c:\documents and settings\User\Application Data\SystemRequirementsLab\srlproxy_cyri_4.1.55.0A.dll
2010-02-04 16:01 . 2010-02-22 01:47 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-02-04 16:01 . 2010-02-22 01:47 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-02-04 16:01 . 2010-02-22 01:47 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-02-04 16:01 . 2010-02-22 01:47 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-01-27 14:50 . 2010-01-27 14:50 503808 ----a-w- c:\documents and settings\Vanessa\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6035f69c-n\msvcp71.dll
2010-01-27 14:50 . 2010-01-27 14:50 499712 ----a-w- c:\documents and settings\Vanessa\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6035f69c-n\jmc.dll
2010-01-27 14:50 . 2010-01-27 14:50 348160 ----a-w- c:\documents and settings\Vanessa\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6035f69c-n\msvcr71.dll
2010-01-27 14:50 . 2010-01-27 14:50 61440 ----a-w- c:\documents and settings\Vanessa\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-734dbf0d-n\decora-sse.dll
2010-01-27 14:50 . 2010-01-27 14:50 12800 ----a-w- c:\documents and settings\Vanessa\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-734dbf0d-n\decora-d3d.dll
2010-01-27 02:40 . 2010-01-27 02:40 503808 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-528728b7-n\msvcp71.dll
2010-01-27 02:40 . 2010-01-27 02:40 499712 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-528728b7-n\jmc.dll
2010-01-27 02:40 . 2010-01-27 02:40 348160 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-528728b7-n\msvcr71.dll
2010-01-27 02:40 . 2010-01-27 02:40 61440 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2f518dd6-n\decora-sse.dll
2010-01-27 02:40 . 2010-01-27 02:40 12800 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2f518dd6-n\decora-d3d.dll
2010-01-24 05:47 . 2010-01-24 05:47 2855 ----a-w- c:\windows\PIF\VVESA.PIF
2010-01-24 05:46 . 2010-01-24 05:46 2855 ----a-w- c:\windows\PIF\VESAINST.PIF
2010-01-24 05:34 . 2010-01-24 05:34 2855 ----a-w- c:\windows\PIF\INST.PIF
2010-01-21 23:14 . 2010-01-21 23:51 52224 ----a-w- c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\8mwa2ci6.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\FFExternalAlert.dll
2010-01-21 23:14 . 2010-01-21 23:51 101376 ----a-w- c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\8mwa2ci6.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\RadioWMPCore.dll
2009-07-29 10:52 . 2006-07-29 10:52 192512 --sh--w- c:\windows\Fonts\ICSharpCode.SharpZipLib.dll
.
CODE
<pre>
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe
c:\program files\Common Files\Java\Java Update\jusched .exe
c:\program files\Common Files\Real\Update_OB\realsched .exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui .exe
c:\program files\QuickTime\QTTask .exe
c:\program files\Spyware Doctor\pctsTray .exe
c:\program files\WinCustomize\LogonStudio\logonstudio .exe
c:\windows\creator\Remind_XP .exe
c:\windows\ime\imjp8_1\IMJPMIG .exe
c:\windows\ime\imkr6_1\IMEKRMIG .exe
c:\windows\SMINST\RECGUARD .exe
</pre>


------- Sigcheck -------

[7] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . A943F3280AB53CB9C1A32392D2D95B36 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2004-08-10 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim"="c:\program files\AIM\aim.exe" [2010-03-08 3972440]
"Iconoid"="c:\program files\Iconoid\iconoid.exe" [2007-02-03 277504]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2009-10-27 1103216]
"Google Update"="c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-04-23 133104]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-02-28 2937528]
"STYLEXP"="c:\program files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 1372160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShowWnd"="ShowWnd.exe" [2003-09-19 36864]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 67000]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-02-25 966656]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [N/A]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [N/A]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [N/A]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [N/A]
"LogonStudio"="c:\program files\WinCustomize\LogonStudio\logonstudio.exe" [N/A]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-03-30 437584]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [N/A]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

c:\documents and settings\Vanessa\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-7-31 139776]

c:\documents and settings\User\Start Menu\Programs\Startup\
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-18 4736986]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\program files\TGTSoft\StyleXP\Logon\CurrentLogon.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gport_]
2010-04-06 08:41 5136 ----a-w- c:\windows\system32\gport_.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\documents and settings\User\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^Raptr.lnk]
backup=c:\windows\pss\Raptr.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^SystemMON.exe]
backup=c:\windows\pss\SystemMON.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^taksman.exe]
backup=c:\windows\pss\taksman.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2009-05-09 22:16 342848 ----a-w- c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel File Shell Monitor]
2008-08-18 22:53 16712 ----a-r- c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-04-23 13:51 691656 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
2010-02-28 13:42 2815488 ----a-w- c:\program files\DAP\DAP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-04-23 19:40 133104 ----atw- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2004-05-12 20:18 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2004-08-10 19:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2004-08-10 19:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
c:\program files\QuickTime\qttask.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-07-22 12:01 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
c:\program files\Common Files\Real\Update_OB\realsched.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Lavasoft Ad-Aware Service"=3 (0x3)
"wlidsvc"=2 (0x2)
"fsssvc"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\My Backup -- 28-07-08 1412\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\ijji\\ENGLISH\\u_skid.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"c:\\Nexon\\Combat Arms\\NMService.exe"=
"c:\\Program Files\\DAP\\DAP.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\softnyx\\GunboundWC\\GunBound.gme"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Starcraft\\StarCraft.exe"=
"c:\\Program Files\\Paltalk Messenger\\paltalk.exe"=
"c:\\Nexon\\Combat Arms\\Engine.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58278:TCP"= 58278:TCP:Pando Media Booster
"58278:UDP"= 58278:UDP:Pando Media Booster
"8484:TCP"= 8484:TCP:MS1
"8585:TCP"= 8585:TCP:MS2
"8686:TCP"= 8686:TCP:MS3
"8787:TCP"= 8787:TCP:MS4
"58811:TCP"= 58811:TCP:Pando Media Booster
"58811:UDP"= 58811:UDP:Pando Media Booster
"18752:TCP"= 18752:TCP:bit
"57582:TCP"= 57582:TCP:Pando Media Booster
"57582:UDP"= 57582:UDP:Pando Media Booster

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [4/4/2009 3:21 PM 64160]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [4/8/2010 6:32 PM 217032]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2/6/2009 2:23 PM 106208]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2/6/2009 2:24 PM 93336]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2/6/2009 2:23 PM 727720]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/4/2009 2:18 PM 303952]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/4/2009 2:18 PM 20824]
S0 nielprt;Nielsen Patch Service;c:\windows\system32\DRIVERS\nielprt.sys --> c:\windows\system32\DRIVERS\nielprt.sys [?]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [4/8/2010 6:35 PM 112592]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/22/2009 7:02 AM 133104]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [4/8/2010 6:32 PM 366840]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\User\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\User\LOCALS~1\Temp\ALSysIO.sys [?]
S3 NielGfx;Nielsen USB GFX;c:\windows\system32\drivers\nielgfx.sys --> c:\windows\system32\drivers\nielgfx.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4/5/2009 9:31 AM 721904]

--- Other Services/Drivers In Memory ---

*Deregistered* - PCTSDInjDriver32

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A794B62F-01A7-4F56-B1C7-4A568C1BECFF}]
2010-04-08 19:36 45568 ----a-w- c:\windows\system32\nsfwj2.dll
.
Contents of the 'Scheduled Tasks' folder

2010-04-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-04-13 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-22 12:01]

2010-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-22 04:42]

2010-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-22 04:42]

2010-04-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-14370713-637039518-2802728689-1008Core1cac81a228a063a.job
- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-23 19:40]

2010-04-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-14370713-637039518-2802728689-1008UA.job
- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-23 19:40]

2010-04-13 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-18.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 04:09]

2010-04-14 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-14370713-637039518-2802728689-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 04:09]

2010-04-10 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-18.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 04:09]

2010-04-14 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-14370713-637039518-2802728689-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 04:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.speedbit.com
uInternet Settings,ProxyServer = 142.150.238.12:3127
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\8mwa2ci6.default\
FF - prefs.js: browser.search.selectedEngine - swagbucks.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\8mwa2ci6.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\8mwa2ci6.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\8mwa2ci6.default\extensions\cfxHelper@Triton\components\dwmxpcom.dll
FF - component: c:\program files\DAP\DAPFireFox\components\DAPFireFox.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox 3.6\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\Mozilla Firefox 3.6\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox 3.6\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox 3.6\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox 3.6\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox 3.6\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox 3.6\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox 3.6\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox 3.6\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox 3.6\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox 3.6\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox 3.6\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox 3.6\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox 3.6\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox 3.6\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox 3.6\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox 3.6\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox 3.6\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox 3.6\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox 3.6\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox 3.6\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox 3.6\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox 3.6\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox 3.6\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox 3.6\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox 3.6\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox 3.6\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox 3.6\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox 3.6\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox 3.6\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox 3.6\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox 3.6\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox 3.6\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox 3.6\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox 3.6\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox 3.6\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox 3.6\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Elasto Mania - c:\docume~1\User\Desktop\NEWFOL~1\ELASTO~1\UNWISE.EXE
AddRemove-Grand Chase - c:\ntreev\Grand Chase\uninst.exe
AddRemove-Minefield (3.7a1pre) - c:\program files\Minefield\uninstall\helper.exe
AddRemove-Mozilla Firefox (3.5.5) - c:\program files\Mozilla Firefox 3.5\uninstall\helper.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-14 15:10
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys PCTCore.sys ACPI.sys hal.dll >>UNKNOWN [0x8A23CAC8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba17cf28
\Driver\ACPI -> ACPI.sys @ 0xb9f5fcb8
\Driver\atapi -> atapi.sys @ 0xb9e5d852
IoDeviceObjectType -> ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
\Device\Harddisk0\DR0 -> ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
user & kernel MBR OK
malicious code @ sector 0x1749ddc1 size 0x1e4 !
copy of MBR has been found in sector 62 !
PE file found in sector at 0x01749DDC1 !

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,96,60,f0,44,76,d9,2c,45,81,08,82,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,96,60,f0,44,76,d9,2c,45,81,08,82,\

[HKEY_USERS\S-1-5-21-14370713-637039518-2802728689-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\C*C*~0_0o0000D*V*D*n0fM00\0000000]
"Order"=hex:08,00,00,00,02,00,00,00,4c,02,00,00,01,00,00,00,04,00,00,00,6e,00,
00,00,00,00,00,00,60,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,4e,00,35,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(816)
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\gport_.dll

- - - - - - - > 'lsass.exe'(880)
c:\windows\system32\WININET.dll
.
Completion time: 2010-04-14 15:17:15
ComboFix-quarantined-files.txt 2010-04-14 20:17

Pre-Run: 8,697,761,792 bytes free
Post-Run: 9,187,905,536 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - 14AE97241A6E0882B8D9B35CB1928F9C


#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:31 PM

Posted 14 April 2010 - 03:33 PM

Hi,

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the browse button and navigate to the files listed below in bold, then click Submit. You will only be able to have one file scanned at a time.

c:\windows\system32\nsfwj2.dll
c:\windows\system32\gport_.dll

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 redslime

redslime
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, IL, USA
  • Local time:03:31 PM

Posted 14 April 2010 - 04:28 PM

Here are the results for nsfwj2.dll:

Jotti logo


Jotti's malware scan
Filename: nsfwj2.dll
Status:
Scan finished. 3 out of 20 scanners reported malware.
Scan taken on: Wed 14 Apr 2010 23:22:55 (CET) Permalink

Additional info
File size: 45568 bytes
Filetype: PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
MD5: 8dfe3934cf8cc25405b20ca8c08ebc17
SHA1: 1231d4265f4f3b9caa7ff0125e2879eb00a7781c
Packer (Drweb): UPX
Packer (Kaspersky): PE_Patch.UPX, UPX




Scanners
[ArcaVir]
2010-04-14 Variant:Downloader.Bho.Ncm
[F-Secure Anti-Virus]
2010-04-14 Found nothing
[A-Squared]
2010-04-14 Trojan-Spy.Win32.Ambler!IK
[G DATA]
2010-04-14 Found nothing
[Avast! antivirus]
2010-04-14 Found nothing
[Ikarus]
2010-04-14 Trojan-Spy.Win32.Ambler
[Grisoft AVG Anti-Virus]
2010-04-14 Found nothing
[Kaspersky Anti-Virus]
2010-04-14 Found nothing
[Avira AntiVir]
2010-04-14 Found nothing
[ESET NOD32]
2010-04-14 Found nothing
[Softwin BitDefender]
2010-04-14 Found nothing
[Panda Antivirus]
2010-04-14 Found nothing
[ClamAV]
2010-04-14 Found nothing
[Quick Heal]
2010-04-14 Found nothing
[CPsecure]
2010-04-13 Found nothing
[Sophos]
2010-04-14 Found nothing
[Dr.Web]
2010-04-14 Found nothing
[VirusBlokAda VBA32]
2010-04-14 Found nothing
[Frisk F-Prot Antivirus]
2010-04-14 Found nothing
[VirusBuster]
2010-04-14 Found nothing










And the results for gport_.dll:

Jotti logo


Jotti's malware scan
Filename: gport_.dll
Status:
Scan finished. 13 out of 20 scanners reported malware.
Scan taken on: Wed 14 Apr 2010 23:24:51 (CET) Permalink

Additional info
File size: 5136 bytes
Filetype: PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
MD5: 5e3e2e12e35b902fd6e68d1d492f99bc
SHA1: 51838d71019ffc20199c04423e50724d769c5eb2
Packer (Drweb): UPX




Scanners
[ArcaVir]
2010-04-14 Trojan.Proxy.Agent.Cgk
[F-Secure Anti-Virus]
2010-04-14 Trojan-Proxy.Win32.Agent.cgi
[A-Squared]
2010-04-14 Trojan-Spy.Goldun.NDC!IK
[G DATA]
2010-04-14 Win32:Malware-gen
[Avast! antivirus]
2010-04-14 Win32:Malware-gen
[Ikarus]
2010-04-14 Trojan-Spy.Goldun.NDC
[Grisoft AVG Anti-Virus]
2010-04-14 Proxy.AJYF
[Kaspersky Anti-Virus]
2010-04-14 Trojan-Proxy.Win32.Agent.cgi
[Avira AntiVir]
2010-04-14 TR/Spy.Gen
[ESET NOD32]
2010-04-14 Found nothing
[Softwin BitDefender]
2010-04-14 Found nothing
[Panda Antivirus]
2010-04-14 Trj/Downloader.XND
[ClamAV]
2010-04-14 Found nothing
[Quick Heal]
2010-04-14 TrojanProxy.Agent.cgm
[CPsecure]
2010-04-13 Found nothing
[Sophos]
2010-04-14 Mal/TinyDL-T
[Dr.Web]
2010-04-14 Found nothing
[VirusBlokAda VBA32]
2010-04-14 Malware.Agent.40 (paranoid heuristics)
[Frisk F-Prot Antivirus]
2010-04-14 Found nothing
[VirusBuster]
2010-04-14 Found nothing




#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:31 PM

Posted 14 April 2010 - 04:51 PM

Hi,

let's remove those then:

Open notepad and copy/paste the text in the quotebox below into it:

CODE
http://www.bleepingcomputer.com/forums/t/308357/iexploreexe-k4d0qtexexe-trojanvirus/
Collect::
c:\windows\system32\gport_.dll
c:\docume~1\User\LOCALS~1\Temp\ALSysIO.sys
c:\windows\system32\nsfwj2.dll

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gport_]
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A794B62F-01A7-4F56-B1C7-4A568C1BECFF}]
Driver::
ALSysIO
RenV::
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe
c:\program files\Common Files\Java\Java Update\jusched .exe
c:\program files\Common Files\Real\Update_OB\realsched .exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui .exe
c:\program files\QuickTime\QTTask .exe
c:\program files\Spyware Doctor\pctsTray .exe
c:\program files\WinCustomize\LogonStudio\logonstudio .exe
c:\windows\creator\Remind_XP .exe
c:\windows\ime\imjp8_1\IMJPMIG .exe
c:\windows\ime\imkr6_1\IMEKRMIG .exe
c:\windows\SMINST\RECGUARD .exe


Save this as CFScript.txt





Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 redslime

redslime
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, IL, USA
  • Local time:03:31 PM

Posted 17 April 2010 - 08:31 PM

Sorry for the long delay. I was having problems with my ISP.

Here is the log i got:

ComboFix 10-04-14.01 - User 04/17/2010 19:52:01.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1406.819 [GMT -5:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((( Files Created from 2010-03-18 to 2010-04-18 )))))))))))))))))))))))))))))))
.

2010-04-11 22:02 . 2010-04-11 22:02 -------- d-----w- C:\bc764f2eb9870b2808003f9910
2010-04-09 00:12 . 2010-04-09 00:12 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Threat Expert
2010-04-09 00:12 . 2010-04-09 00:12 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Threat Expert
2010-04-09 00:11 . 2010-04-09 00:11 -------- d-----w- c:\documents and settings\User\Application Data\PC Tools
2010-04-09 00:11 . 2010-04-09 00:11 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-04-09 00:11 . 2010-04-09 00:11 -------- d-----w- c:\documents and settings\User\Application Data\Simply Super Software
2010-04-08 23:35 . 2010-01-22 14:56 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-04-08 23:35 . 2010-01-22 14:55 767952 ----a-w- c:\windows\BDTSupport.dll
2010-04-08 23:35 . 2008-11-26 17:08 131 ----a-w- c:\windows\IDB.zip
2010-04-08 23:34 . 2010-01-22 14:56 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-04-08 23:34 . 2010-01-22 14:56 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-04-08 23:34 . 2009-10-28 06:36 1152444 ----a-w- c:\windows\UDB.zip
2010-04-08 23:32 . 2010-02-05 14:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-04-08 23:32 . 2010-03-10 16:36 217032 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-04-08 23:32 . 2009-11-23 18:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-04-08 23:32 . 2010-02-05 14:25 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-04-08 23:32 . 2010-04-18 00:13 -------- d-----w- c:\program files\Spyware Doctor
2010-04-08 23:32 . 2010-04-09 00:12 -------- d-----w- c:\program files\Common Files\PC Tools
2010-04-08 13:21 . 2010-04-08 13:21 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2010-04-08 03:04 . 2010-02-28 01:46 3691384 ----a-w- c:\documents and settings\User\Application Data\Simply Super Software\Trojan Remover\qpj128D.exe
2010-04-07 11:31 . 2010-04-07 11:31 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2010-04-07 06:10 . 2010-04-07 06:10 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-04-07 05:12 . 2006-06-19 17:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-04-07 05:12 . 2006-05-25 19:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-04-07 05:12 . 2005-08-26 05:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-04-07 05:12 . 2003-02-03 00:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2010-04-07 05:12 . 2002-03-06 05:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-04-07 05:12 . 2010-04-09 00:11 -------- d-----w- c:\program files\Trojan Remover
2010-04-07 05:12 . 2010-04-07 05:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2010-04-07 03:23 . 2010-04-09 00:11 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-06 13:49 . 2010-04-08 15:05 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-04-05 00:27 . 2008-03-21 18:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2010-04-05 00:27 . 2008-12-16 17:44 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2010-03-30 14:24 . 2010-03-30 14:24 -------- d-----w- c:\windows\system32\Adobe
2010-03-28 23:02 . 2000-05-17 14:52 187392 ----a-w- c:\windows\system32\JPGUtils.dll
2010-03-28 23:02 . 2010-03-28 23:02 -------- d-----w- c:\program files\WinCustomize
2010-03-28 23:02 . 2010-03-28 23:02 -------- d-----w- c:\program files\Common Files\Stardock
2010-03-28 22:08 . 2010-03-28 22:08 -------- d-----w- c:\program files\FileSubmit
2010-03-21 17:33 . 2010-03-21 17:34 -------- d-----w- c:\program files\TGTSoft
2010-03-21 04:24 . 2010-03-23 05:13 -------- d-----w- c:\program files\Yu-Gi-Oh
2010-03-20 23:59 . 2010-03-20 23:59 -------- d-----w- C:\magic

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-18 00:14 . 2009-04-04 20:04 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-04-17 23:34 . 2010-02-04 04:56 -------- d-----w- c:\program files\QuickTime
2010-04-17 23:34 . 2009-04-04 19:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-17 00:14 . 2010-01-30 01:14 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-14 01:29 . 2009-10-05 02:14 -------- d-----w- c:\documents and settings\User\Application Data\uTorrent
2010-04-12 23:35 . 2009-04-04 20:08 -------- d-----w- c:\program files\Google
2010-04-12 23:10 . 2009-04-04 20:53 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-12 01:36 . 2005-04-13 18:58 6656 ----a-w- c:\windows\system32\drivers\cmdide.sys
2010-04-10 16:28 . 2009-06-24 02:46 -------- d-----w- c:\documents and settings\User\Application Data\U3
2010-04-09 14:47 . 2009-06-24 04:27 5918776 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-09 00:11 . 2010-01-27 17:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-09 00:11 . 2009-04-04 20:05 -------- d-----w- c:\program files\Pure Networks
2010-04-09 00:11 . 2009-04-04 20:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2010-04-09 00:11 . 2010-01-21 23:42 -------- d-----w- c:\program files\Mozilla Firefox 3.6
2010-04-09 00:09 . 2005-04-13 17:41 -------- d-----w- c:\program files\Common Files\Java
2010-04-08 11:20 . 2010-04-08 11:20 0 ----a-w- c:\windows\system32\REN804F.tmp
2010-04-08 11:20 . 2010-04-08 11:20 0 ----a-w- c:\windows\system32\REN804E.tmp
2010-04-08 11:20 . 2010-04-08 11:20 0 ----a-w- c:\windows\system32\REN804D.tmp
2010-04-07 22:49 . 2009-04-04 21:01 10134 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\ARPPRODUCTICON.exe
2010-04-07 22:49 . 2009-04-04 21:01 49152 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\NewShortcut3_15377C3E9655400FB441E69F0A6BEAFE.EXE
2010-04-07 22:49 . 2009-04-04 21:01 45056 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\NewShortcut2_15377C3E9655400FB441E69F0A6BEAFE.EXE
2010-04-07 22:49 . 2009-04-04 21:01 45056 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\NewShortcut1_15377C3E9655400FB441E69F0A6BEAFE.exe
2010-04-05 00:28 . 2010-04-05 00:28 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_nielprt_01007.Wdf
2010-04-05 00:28 . 2010-04-05 00:28 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2010-04-01 15:16 . 2009-04-04 19:14 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-03-30 05:46 . 2009-04-04 19:18 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 05:45 . 2009-04-04 19:18 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-28 23:27 . 2009-04-04 20:36 2516 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2010-03-28 23:27 . 2009-04-04 20:36 2516 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2010-03-28 23:24 . 2005-04-13 16:55 4232704 ----a-w- c:\windows\system32\logonuiX.exe
2010-03-28 21:23 . 2009-07-07 18:54 -------- d-----w- c:\program files\AIM
2010-03-17 04:11 . 2010-03-17 04:11 -------- d-----w- c:\program files\ConWare
2010-03-13 20:08 . 2009-10-05 02:15 -------- d-----w- c:\program files\uTorrent
2010-03-10 12:08 . 2010-03-10 12:08 300616 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-03-10 12:08 . 2010-03-10 12:08 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-03-10 12:08 . 2010-03-10 12:08 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-03-10 12:08 . 2010-03-10 12:08 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-03-10 12:08 . 2010-03-10 12:08 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-03-10 12:08 . 2010-03-10 12:08 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-03-10 12:08 . 2010-03-10 12:08 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-03-10 12:08 . 2010-03-10 12:08 329312 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-03-10 12:08 . 2009-04-04 20:02 -------- d-----w- c:\program files\Common Files\Real
2010-03-10 12:07 . 2009-04-06 17:16 -------- d-----w- c:\program files\Real
2010-03-10 12:06 . 2003-03-19 12:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-03-10 12:06 . 2003-02-21 18:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-03-05 23:29 . 2009-08-21 14:17 -------- d-----w- c:\documents and settings\Vanessa\Application Data\LimeWire
2010-03-01 20:36 . 2009-04-05 00:58 -------- d-----w- c:\program files\SystemRequirementsLab
2010-03-01 20:36 . 2010-03-01 20:36 85504 ----a-w- c:\documents and settings\User\Application Data\SystemRequirementsLab\srlproxy_cyri_4.1.71.0A.dll
2010-03-01 20:36 . 2009-04-05 00:58 -------- d-----w- c:\documents and settings\User\Application Data\SystemRequirementsLab
2010-02-28 13:45 . 2009-04-04 20:04 -------- d-----w- c:\program files\DAP
2010-02-28 13:37 . 2009-05-29 02:08 98304 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
2010-02-28 13:37 . 2009-05-29 02:08 258352 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\unicows.dll
2010-02-28 13:37 . 2009-05-29 02:08 126976 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\nxgameus.dll
2010-02-28 13:37 . 2009-05-29 02:08 401408 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMResource.dll
2010-02-28 13:37 . 2009-05-29 02:08 765952 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMDll.dll
2010-02-28 13:37 . 2009-05-29 02:08 172032 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGM.exe
2010-02-28 05:25 . 2010-02-27 19:10 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2010-02-28 05:24 . 2010-02-06 23:47 -------- d-----w- c:\documents and settings\User\Application Data\IGN_DLM
2010-02-28 04:58 . 2010-02-28 04:58 -------- d-----w- c:\program files\Lame for Audacity
2010-02-28 04:55 . 2010-02-28 04:55 -------- d-----w- c:\program files\Audacity
2010-02-27 19:10 . 2009-05-29 00:28 -------- d-----w- c:\program files\Pando Networks
2010-02-25 06:24 . 2005-04-13 16:56 916480 ------w- c:\windows\system32\wininet.dll
2010-02-22 01:53 . 2009-11-14 15:31 -------- d-----w- c:\documents and settings\User\Application Data\MWSE
2010-02-22 00:34 . 2009-10-06 21:44 -------- d-----w- c:\program files\Bethesda Softworks
2010-02-21 21:00 . 2010-02-21 21:00 -------- d-----w- c:\program files\Altap Salamander 2.5
2010-02-18 00:10 . 2009-08-08 23:43 -------- d-----w- c:\program files\IObit
2010-02-13 08:16 . 2010-02-13 08:16 88064 ----a-w- c:\documents and settings\User\Application Data\SystemRequirementsLab\srlproxy_cyri_4.1.62.0A.dll
2010-02-09 05:03 . 2010-02-09 05:03 88064 ----a-w- c:\documents and settings\User\Application Data\SystemRequirementsLab\srlproxy_cyri_4.1.55.0A.dll
2010-02-04 16:01 . 2010-02-22 01:47 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-02-04 16:01 . 2010-02-22 01:47 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-02-04 16:01 . 2010-02-22 01:47 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-02-04 16:01 . 2010-02-22 01:47 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-01-27 14:50 . 2010-01-27 14:50 503808 ----a-w- c:\documents and settings\Vanessa\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6035f69c-n\msvcp71.dll
2010-01-27 14:50 . 2010-01-27 14:50 499712 ----a-w- c:\documents and settings\Vanessa\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6035f69c-n\jmc.dll
2010-01-27 14:50 . 2010-01-27 14:50 348160 ----a-w- c:\documents and settings\Vanessa\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6035f69c-n\msvcr71.dll
2010-01-27 14:50 . 2010-01-27 14:50 61440 ----a-w- c:\documents and settings\Vanessa\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-734dbf0d-n\decora-sse.dll
2010-01-27 14:50 . 2010-01-27 14:50 12800 ----a-w- c:\documents and settings\Vanessa\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-734dbf0d-n\decora-d3d.dll
2010-01-27 02:40 . 2010-01-27 02:40 503808 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-528728b7-n\msvcp71.dll
2010-01-27 02:40 . 2010-01-27 02:40 499712 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-528728b7-n\jmc.dll
2010-01-27 02:40 . 2010-01-27 02:40 348160 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-528728b7-n\msvcr71.dll
2010-01-27 02:40 . 2010-01-27 02:40 61440 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2f518dd6-n\decora-sse.dll
2010-01-27 02:40 . 2010-01-27 02:40 12800 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2f518dd6-n\decora-d3d.dll
2010-01-24 05:47 . 2010-01-24 05:47 2855 ----a-w- c:\windows\PIF\VVESA.PIF
2010-01-24 05:46 . 2010-01-24 05:46 2855 ----a-w- c:\windows\PIF\VESAINST.PIF
2010-01-24 05:34 . 2010-01-24 05:34 2855 ----a-w- c:\windows\PIF\INST.PIF
2010-01-21 23:14 . 2010-01-21 23:51 52224 ----a-w- c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\8mwa2ci6.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\FFExternalAlert.dll
2010-01-21 23:14 . 2010-01-21 23:51 101376 ----a-w- c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\8mwa2ci6.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\RadioWMPCore.dll
2009-07-29 10:52 . 2006-07-29 10:52 192512 --sh--w- c:\windows\Fonts\ICSharpCode.SharpZipLib.dll
.

------- Sigcheck -------

[7] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . A943F3280AB53CB9C1A32392D2D95B36 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2004-08-10 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-04-14_20.11.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-17 23:56 . 2010-04-17 23:56 16384 c:\windows\Temp\Perflib_Perfdata_668.dat
+ 2002-09-14 04:42 . 2002-09-14 07:42 212992 c:\windows\SMINST\RECGUARD.exe
- 2002-09-14 04:42 . 2002-09-14 04:42 212992 c:\windows\SMINST\Recguard.exe
+ 2005-02-25 23:24 . 2005-03-09 15:49 966656 c:\windows\creator\Remind_XP.exe
- 2005-02-25 23:24 . 2005-02-25 23:24 966656 c:\windows\creator\Remind_XP.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim"="c:\program files\AIM\aim.exe" [2010-03-08 3972440]
"Iconoid"="c:\program files\Iconoid\iconoid.exe" [2007-02-03 277504]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2009-10-27 1103216]
"Google Update"="c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-04-23 133104]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-02-28 2937528]
"STYLEXP"="c:\program files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 1372160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShowWnd"="ShowWnd.exe" [2003-09-19 36864]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 67000]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-03-09 966656]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-10 202256]
"LogonStudio"="c:\program files\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-03 987187]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-07-13 414992]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]

c:\documents and settings\Vanessa\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-7-31 139776]

c:\documents and settings\User\Start Menu\Programs\Startup\
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-18 4736986]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\program files\TGTSoft\StyleXP\Logon\CurrentLogon.EXE"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\documents and settings\User\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^Raptr.lnk]
backup=c:\windows\pss\Raptr.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^SystemMON.exe]
backup=c:\windows\pss\SystemMON.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^taksman.exe]
backup=c:\windows\pss\taksman.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 10:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2009-05-09 22:16 342848 ----a-w- c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel File Shell Monitor]
2008-08-18 22:53 16712 ----a-r- c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-04-23 13:51 691656 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
2010-02-28 13:42 2815488 ----a-w- c:\program files\DAP\DAP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-04-23 19:40 133104 ----atw- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2004-05-12 20:18 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2004-08-10 19:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2004-08-10 19:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 05:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-07-22 12:01 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-03-10 12:06 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Lavasoft Ad-Aware Service"=3 (0x3)
"wlidsvc"=2 (0x2)
"fsssvc"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\My Backup -- 28-07-08 1412\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\ijji\\ENGLISH\\u_skid.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"c:\\Nexon\\Combat Arms\\NMService.exe"=
"c:\\Program Files\\DAP\\DAP.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\softnyx\\GunboundWC\\GunBound.gme"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Starcraft\\StarCraft.exe"=
"c:\\Program Files\\Paltalk Messenger\\paltalk.exe"=
"c:\\Nexon\\Combat Arms\\Engine.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58278:TCP"= 58278:TCP:Pando Media Booster
"58278:UDP"= 58278:UDP:Pando Media Booster
"8484:TCP"= 8484:TCP:MS1
"8585:TCP"= 8585:TCP:MS2
"8686:TCP"= 8686:TCP:MS3
"8787:TCP"= 8787:TCP:MS4
"58811:TCP"= 58811:TCP:Pando Media Booster
"58811:UDP"= 58811:UDP:Pando Media Booster
"18752:TCP"= 18752:TCP:bit
"57582:TCP"= 57582:TCP:Pando Media Booster
"57582:UDP"= 57582:UDP:Pando Media Booster

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [4/4/2009 3:21 PM 64160]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [4/8/2010 6:32 PM 217032]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2/6/2009 2:23 PM 106208]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2/6/2009 2:24 PM 93336]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [4/8/2010 6:35 PM 112592]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2/6/2009 2:23 PM 727720]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/4/2009 2:18 PM 303952]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/4/2009 2:18 PM 20824]
S0 nielprt;Nielsen Patch Service;c:\windows\system32\DRIVERS\nielprt.sys --> c:\windows\system32\DRIVERS\nielprt.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/22/2009 7:02 AM 133104]
S3 NielGfx;Nielsen USB GFX;c:\windows\system32\drivers\nielgfx.sys --> c:\windows\system32\drivers\nielgfx.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [4/8/2010 6:32 PM 366840]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4/5/2009 9:31 AM 721904]

--- Other Services/Drivers In Memory ---

*Deregistered* - PCTSDInjDriver32
.
Contents of the 'Scheduled Tasks' folder

2010-04-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-04-17 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-22 12:01]

2010-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-22 04:42]

2010-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-22 04:42]

2010-04-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-14370713-637039518-2802728689-1008Core1cac81a228a063a.job
- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-23 19:40]

2010-04-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-14370713-637039518-2802728689-1008UA.job
- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-23 19:40]

2010-04-17 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-18.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 04:09]

2010-04-18 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-14370713-637039518-2802728689-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 04:09]

2010-04-17 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-18.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 04:09]

2010-04-18 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-14370713-637039518-2802728689-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 04:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.speedbit.com
uInternet Settings,ProxyServer = 142.150.238.12:3127
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\8mwa2ci6.default\
FF - prefs.js: browser.search.selectedEngine - swagbucks.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\8mwa2ci6.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\8mwa2ci6.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\8mwa2ci6.default\extensions\cfxHelper@Triton\components\dwmxpcom.dll
FF - component: c:\program files\DAP\DAPFireFox\components\DAPFireFox.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox 3.6\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\Mozilla Firefox 3.6\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox 3.6\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox 3.6\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox 3.6\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox 3.6\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox 3.6\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox 3.6\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox 3.6\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox 3.6\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox 3.6\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox 3.6\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox 3.6\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox 3.6\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox 3.6\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox 3.6\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox 3.6\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox 3.6\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox 3.6\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox 3.6\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox 3.6\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox 3.6\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox 3.6\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox 3.6\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox 3.6\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox 3.6\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox 3.6\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox 3.6\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox 3.6\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox 3.6\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox 3.6\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox 3.6\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox 3.6\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox 3.6\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox 3.6\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox 3.6\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox 3.6\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-17 20:09
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys PCTCore.sys ACPI.sys hal.dll >>UNKNOWN [0x8A206AC8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba17cf28
\Driver\ACPI -> ACPI.sys @ 0xb9f5fcb8
\Driver\atapi -> atapi.sys @ 0xb9e5d852
IoDeviceObjectType -> ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
\Device\Harddisk0\DR0 -> ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
user & kernel MBR OK
malicious code @ sector 0x1749ddc1 size 0x1e4 !
copy of MBR has been found in sector 62 !
PE file found in sector at 0x01749DDC1 !

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,96,60,f0,44,76,d9,2c,45,81,08,82,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,96,60,f0,44,76,d9,2c,45,81,08,82,\

[HKEY_USERS\S-1-5-21-14370713-637039518-2802728689-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\C*C*~0_0o0000D*V*D*n0fM00\0000000]
"Order"=hex:08,00,00,00,02,00,00,00,4c,02,00,00,01,00,00,00,04,00,00,00,6e,00,
00,00,00,00,00,00,60,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,4e,00,35,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(632)
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(692)
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(3176)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-04-17 20:16:58
ComboFix-quarantined-files.txt 2010-04-18 01:16
ComboFix2.txt 2010-04-18 00:14
ComboFix3.txt 2010-04-14 20:17

Pre-Run: 9,099,980,800 bytes free
Post-Run: 9,081,602,048 bytes free

- - End Of File - - A58C9056A6D511D458B4BA443A9353D3


#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:31 PM

Posted 19 April 2010 - 04:56 AM

Hi,

how is your PC doing now?

Please run a scan with gmer next:
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 redslime

redslime
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, IL, USA
  • Local time:03:31 PM

Posted 19 April 2010 - 05:13 PM

Hi. My PC is still infected with the same problems as before. I haven't noticed much change.


Everytime I post my log, it says that my post is too long, so I will post part of in this reply, and the other part in my next reply.


Here's the first part of my GMER log:



GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-19 16:55:48
Windows 5.1.2600 Service Pack 3
Running: ds3oxonu.exe; Driver: C:\DOCUME~1\User\LOCALS~1\Temp\ugtdqpow.sys


---- System - GMER 1.0.15 ----

SSDT 89963580 ZwAssignProcessToJobObject
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xB9DF2E64]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xB9DD2EEE]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xB9DD30E0]
SSDT 89964100 ZwDebugActiveProcess
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xB9DF3652]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xB9DF3906]
SSDT 89963B30 ZwDuplicateObject
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xB9DF1B64]
SSDT 89962CC0 ZwOpenProcess
SSDT 89962FC0 ZwOpenThread
SSDT 899639C0 ZwProtectVirtualMemory
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xB9DF3D72]
SSDT 89963860 ZwSetContextThread
SSDT 899636E0 ZwSetInformationThread
SSDT 89960700 ZwSetSecurityObject
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xB9DF3124]
SSDT 89963420 ZwSuspendProcess
SSDT 899632C0 ZwSuspendThread
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xB9DD2B5C]
SSDT 89963150 ZwTerminateThread
SSDT 89963F50 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.rsrc C:\WINDOWS\system32\drivers\cmdide.sys entry point in ".rsrc" section [0xBA5AF514]
init C:\WINDOWS\System32\Drivers\sunkfilt.sys entry point in "init" section [0xA3BBB300]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[1160] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 006D000A
.text C:\WINDOWS\System32\svchost.exe[1160] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 006E000A
.text C:\WINDOWS\System32\svchost.exe[1160] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 006C000C
.text C:\WINDOWS\System32\svchost.exe[1160] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 00DB000A
.text C:\WINDOWS\System32\svchost.exe[1160] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00DA000A
.text C:\WINDOWS\system32\wuauclt.exe[1808] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00BA000A
.text C:\WINDOWS\system32\wuauclt.exe[1808] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00BB000A
.text C:\WINDOWS\system32\wuauclt.exe[1808] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B9000C
.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1816] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 00]
.text C:\WINDOWS\Explorer.EXE[3232] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B7000A
.text C:\WINDOWS\Explorer.EXE[3232] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00BD000A
.text C:\WINDOWS\Explorer.EXE[3232] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B6000C
.text C:\Program Files\Mozilla Firefox 3.6\firefox.exe[3580] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0131000A
.text C:\Program Files\Mozilla Firefox 3.6\firefox.exe[3580] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0132000A
.text C:\Program Files\Mozilla Firefox 3.6\firefox.exe[3580] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0130000C
.text C:\Program Files\Pando Networks\Media Booster\PMB.exe[4020] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\DAP\DAP.EXE[3008] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileA] 0121BFC0
IAT C:\Program Files\DAP\DAP.EXE[3008] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileW] 0121C030
IAT C:\Program Files\DAP\DAP.EXE[3008] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetCommandLineA] 0121C560
IAT C:\Program Files\DAP\DAP.EXE[3008] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CloseHandle] 0121B230
IAT C:\Program Files\DAP\DAP.EXE[3008] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] 012186C0
IAT C:\Program Files\DAP\DAP.EXE[3008] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] 01219920
IAT C:\Program Files\DAP\DAP.EXE[3008] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary] 01219B90
IAT C:\Program Files\DAP\DAP.EXE[3008] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleA] 0121C230
IAT C:\Program Files\DAP\DAP.EXE[3008] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcessHeap] 0121C550
IAT C:\Program Files\DAP\DAP.EXE[3008] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetEnvironmentVariableA] 01219CA0
IAT C:\Program Files\DAP\DAP.EXE[3008] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetFileType] 0121B340
IAT C:\Program Files\DAP\DAP.EXE[3008] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!DuplicateHandle] 0121B190
IAT C:\Program Files\DAP\DAP.EXE[3008] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetFilePointer] 0121AFF0
IAT C:\Program Files\DAP\DAP.EXE[3008] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileA] 0121A3F0
IAT C:\Program Files\DAP\DAP.EXE[3008] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!ReadFile] 0121AB80
IAT C:\Program Files\DAP\DAP.EXE[3008] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileW] 0121A830
IAT C:\Program Files\DAP\DAP.EXE[3008] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!WriteFile] 0121AFB0
IAT C:\Program Files\DAP\DAP.EXE[3008] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetACP] 0121C570
IAT C:\Program Files\DAP\DAP.EXE[3008] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetEnvironmentStrings] 01219E00
IAT C:\Program Files\DAP\DAP.EXE[3008] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetEnvironmentStringsW] 01219E80
IAT C:\Program Files\DAP\DAP.EXE[3008] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!ExitProcess] 01219F00
IAT C:\Program Files\DAP\DAP.EXE[3008] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!ExitThread] 0121A070
IAT C:\Program Files\DAP\DAP.EXE[3008] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateThread] 0121A150
IAT C:\Program Files\DAP\DAP.EXE[3008] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!TerminateProcess] 0121A000
IAT C:\Program Files\DAP\DAP.EXE[3008] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] 0121C4C0
IAT C:\Program Files\DAP\DAP.EXE[3008] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] 0121C470
IAT C:\Program Files\DAP\DAP.EXE[3008] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 012186C0
IAT C:\Program Files\DAP\DAP.EXE[3008] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 01219920
IAT C:\Program Files\DAP\DAP.EXE[3008] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CloseHandle] 0121B230
IAT C:\Program Files\DAP\DAP.EXE[3008] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 01219B90
IAT C:\Program Files\DAP\DAP.EXE[3008] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 012199A0
IAT C:\Program Files\DAP\DAP.EXE[3008] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 0121A830
IAT C:\Program Files\DAP\DAP.EXE[3008] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalUnlock] 0121C170
IAT C:\Program Files\DAP\DAP.EXE[3008] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalLock] 0121C1B0
IAT C:\Program Files\DAP\DAP.EXE[3008] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcessHeap] 0121C550
IAT C:\Program Files\DAP\DAP.EXE[3008] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] 0121C030
IAT C:\Program Files\DAP\DAP.EXE[3008] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!DuplicateHandle] 0121B190
IAT C:\Program Files\DAP\DAP.EXE[3008] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] 0121A150
IAT C:\Program Files\DAP\DAP.EXE[3008] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 01219B00
IAT C:\Program Files\DAP\DAP.EXE[3008] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetEnvironmentStringsW] 01219E80
IAT C:\Program Files\DAP\DAP.EXE[3008] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!IsDebuggerPresent] 0121CAD0
IAT C:\Program Files\DAP\DAP.EXE[3008] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!ReadFile] 0121AB80
IAT C:\Program Files\DAP\DAP.EXE[3008] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetFilePointer] 0121AFF0
IAT C:\Program Files\DAP\DAP.EXE[3008] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFileEx] 0121B6B0
IAT C:\Program Files\DAP\DAP.EXE[3008] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingW] 0121B440
IAT C:\Program Files\DAP\DAP.EXE[3008] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFile] 0121B630
IAT C:\Program Files\DAP\DAP.EXE[3008] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!OpenFileMappingW] 0121BB10
IAT C:\Program Files\DAP\DAP.EXE[3008] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!UnmapViewOfFile] 0121B820
IAT C:\Program Files\DAP\DAP.EXE[3008] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] 01219A70
IAT C:\Program Files\DAP\DAP.EXE[3008] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!TerminateProcess] 0121A000
IAT C:\Program Files\DAP\DAP.EXE[3008] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalAlloc] 0121C290
IAT C:\Program Files\DAP\DAP.EXE[3008] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FlushViewOfFile] 0121B580
IAT C:\Program Files\DAP\DAP.EXE[3008] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileSize] 0121B130
IAT C:\Program Files\DAP\DAP.EXE[3008] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!WriteFile] 0121AFB0
IAT C:\Program Files\DAP\DAP.EXE[3008] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileType] 0121B340
IAT C:\Program Files\DAP\DAP.EXE[3008] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetACP] 0121C570
IAT C:\Program Files\DAP\DAP.EXE[3008] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingA] 0121B380
IAT C:\Program Files\DAP\DAP.EXE[3008] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadIconW] 0121C810
IAT C:\Program Files\DAP\DAP.EXE[3008] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadCursorW] 0121C7B0
IAT C:\Program Files\DAP\DAP.EXE[3008] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!CreateDialogParamW] 0121CA00
IAT C:\Program Files\DAP\DAP.EXE[3008] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DialogBoxParamW] 0121CAA0
IAT C:\Program Files\DAP\DAP.EXE[3008] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadStringW] 0121C8D0

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)

Device -> \Driver\atapi \Device\Harddisk0\DR0 8A240AC8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xCF 0x50 0xFA 0x7F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x22 0xAB 0x58 0x17 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD4 0x2F 0xAF 0xC6 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xD3 0xB6 0x2B 0xF1 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x59 0xFE 0xE9 0xED ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x0A 0xEB 0x04 0x90 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x38 0x1F 0xEA 0x52 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xDA 0x30 0x85 0x4F ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xCF 0x50 0xFA 0x7F ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x22 0xAB 0x58 0x17 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD4 0x2F 0xAF 0xC6 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xD3 0xB6 0x2B 0xF1 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x59 0xFE 0xE9 0xED ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x0A 0xEB 0x04 0x90 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x38 0x1F 0xEA 0x52 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xDA 0x30 0x85 0x4F ...

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 61: malicious code @ sector 0x1749ddc1 size 0x1e4
Disk \Device\Harddisk0\DR0 sector 62: copy of MBR

---- Files - GMER 1.0.15 ----

File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\opensearch_desc[1].php 884 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\OtP_x6i5[1].jpg 2515 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\iw_minus[1].gif 73 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\jslog[1].js 986 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\logoback_withoutsearch_bg[1].gif 288 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\logobar[1].jpg 13004 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\enter[2].htm 265 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\EVERGREEN_FEATURED_PROFILE_UNIT[1].gif 17791 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\expanded[1].swf 167654 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\eZ8cXoAx[1].jpg 1770 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\ads[4] 3134 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\ads[5] 1593 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\adv_081224_1[1].htm 45561 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\search[5] 572 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\search[8] 8106 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\search[9] 36 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\search_v17.4.25[1].css 1558 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\1046061035[1].htm 4890 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\popups[1].js 20378 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\processing[1].gif 572 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\ProductDefs[1].js 1779 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\product_registration_icon[1].gif 1193 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\profile_adl4r-y8[1].css 1485 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\Promo3back[1].jpg 16757 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\q1[1].htm 12046 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\Q1_TGX_Wavey_728x90[1].htm 5998 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\Q3_Dynamic_Creative_Kermit_728x90[1].js 2613 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\celebrity-doubles[1].htm 23727 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\clearpixel[1].gif 43 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\clear[1].gif 43 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\clear[2].gif 49 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\clickhere[1].jpg 9960 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\click[1].htm 5763 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\th_P1020248[1].jpg 4359 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\th_P7120021[1].jpg 3808 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\th_peace5[1].jpg 8715 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\th_Picture026[1].jpg 16732 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\th_Picture101[1].jpg 3411 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\th_Picture101[2].jpg 3411 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\icon_whatsnew_captions-vfl56859[1].gif 14060 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\WPT_FP2[1].gif 25308 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\main[2].css 27106 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\maps[2].htm 4710 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\maptilecompress[10].jpg 9291 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\maptilecompress[11].jpg 9750 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\maptilecompress[1].png 7390 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\maptilecompress[6].jpg 9488 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\maptilecompress[7].jpg 10250 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\maptilecompress[8].jpg 11681 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\maptilecompress[9].jpg 11572 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\7842ccf0efba90b5b8a51779dcedda29_final[1].jpg 38734 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\7c3ef8aa068b1450574e92621d3e413c[1].swf 16915 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\8217_728x90_Free_Samsung_Blast_Refresh[1].swf 15029 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\87eb17f5c917b7d18f61a9fbd5d8a591[1].jpg 2546 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\DSSCA3TQF3OCACIXWQRCAG467IGCASH0RBECAO7NJRICA7X5Z1JCABIRFUOCA44KGRWCARHB8QVCAPITNTGCA02YMCZCAYU4P32CABYFSBECABD7IY5CARAIZPGCACMKP0VCAEN73HCCA3ICL5OCAKXR78R.jpg 12851 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\DUc1xkOT[1].jpg 4383 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\ducks_slingshot_ipodtouch[1].swf 9843 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\ec293dceef74dd3f680da1858376d5b8[1].png 10535 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\education_728x90_h7ff6_mys[1].swf 9376 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\ele[1].htm 7731 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\ele[2].htm 5165 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\MusicStatsService[1].ashx 0 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\MusicStatsService[2].ashx 0 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\MusicStatsService[3].ashx 0 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\MusicStatsService[4].ashx 0 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\music[1].htm 138228 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\MYSCAGA1CX2CAFB2LTGCAPS329LCAZ8NZ3FCAPIA88HCA9YAMYTCAZE5IAACAD6YVFWCA8STNN4CASQWIYMCAR4WF1CCAAA0Y52CAMCROFZCATYJEVLCA69CF9DCAZT9IYWCADTN0ZLCAI1FMNSCA4HUXOC.jpg 9937 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\myspace_385x261[1].jpg 13621 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\myspace_n2_cfowr[1].js 164829 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\R_cyclops_160x600_fl[1].swf 21651 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\sandwin-bg[1].gif 227 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\sandwin-footer[1].gif 2170 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\viewmorepics_qfgup1xv[1].css 17012 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\vt[2].png 3127 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\vt[3].png 4022 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\vt[4].png 2954 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\BkA.HMIAAIAAAAAAP8AAAADCQIACgKC7wUAcBgMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQCpEkAAAAA,,http%3A%2F%2Fwww.hotfreelayouts[1].com%2Flayouts%2Flatest%2F2,;ord=1235485236 3973 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\m_63855cdc83e143969a8a56103d0468e8[1].jpg 9800 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\m_663eebaf2950424e802d8c982c0ee1e1[1].jpg 5076 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\m_742febaf26804898b5307ba2e83df6dc[1].jpg 9493 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\m_7f539ec3b2a343128e9d676e2beebc37[1].jpg 7316 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\m_83224a410d1a46089f5a80fd68c2af26[1].jpg 4976 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\m_8380ff344f06416bbc6effabb14df05b[1].jpg 12747 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\m_8943b69a84274368b30db78e4a7c642b[1].jpg 11262 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\m_a0c8d5d21592496fa17cc80e2b19c6aa[1].jpg 13646 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\m_acf49e94290c4f80b52b0b50f80a5807[1].jpg 11653 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\th_Resizeof1year001[1].jpg 2580 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\th_scan0002[1].jpg 3786 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\th_THEMEMORYKEEPERSDAUGHTER[1].jpg 4866 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\th_WeddingPics649[1].jpg 4252 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\th_wife[1].jpg 4662 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\tload[1].htm 6 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\graph[1].css 5957 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\greenbar_slice[1].gif 886 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\gympost-all-728x90[1].swf 19145 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\header[1].jpg 49915 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\ykUeyOWB[1].jpg 2029 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\YP6CAPHFOAICACYRNJBCAV760OLCAR88X2FCANS8NBLCAJ80VVMCAQ4FC11CA6Q86WJCARSIR54CA7TL333CAKGFAIECAG891SUCAC17CSLCAMVRAALCAOUM2VQCA5UNSLOCAQZJTYHCAXPGISZCAUUP1QH.jpg 8527 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\ZG9CAF5JH7WCA4ZDV0ICA8PEZZICAVCO6PPCAFCB934CARP2TQCCA2XW5EQCAV9XAW1CAGZKT31CAZAZALJCA72MVKOCAPC7CUWCAKAZ2JACA8JV5PSCAX7FHA1CAYUOY3ACAR4PQISCA4OL904CABUKA3H.jpg 7935 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\40aa413868729bd86bc9a83e01922f48[1].gif 123415 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\4124c71bd4a6017f11bccc1634c415ea[1].jpg 6457 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\422afa89c9f06022984f6fa421a55f0d[1].gif 19965 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\43660ea7e7427f53701120ee884fa08f_final[1].jpg 31591 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\43df2831b93a8669ec9081c74f3ed784[1].gif 12854 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\44351[1].jpg 10087 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\448420ef864e7ff6ecfa5226ee892b29_final[1].jpg 47740 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\4ff6a08addd97601118636c84e300e63[1].css 50079 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\9c46a0f3411dfaba70524bbd844b0911[1].jpg 6312 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\9cd01397f28857967ba30bebf1a6c666[1].jpg 35212 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\a20149476c9cc036e6dfb520beb0a970_00136[1].jpg 3728 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\a20149476c9cc036e6dfb520beb0a970_00204[1].jpg 3121 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\a20149476c9cc036e6dfb520beb0a970_00272[1].jpg 2708 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\a3aXpLOz[1].jpg 2204 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\main[1].css 52947 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\m_f034d94eb16c4b69bc0e7f25a586565f[1].jpg 4809 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\OnSubmit[2].htm 12963 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\ozmokramer_com[1].htm 9808 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\defaultCAYZWLIA.jpg 2692 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\index[1].htm 64178 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\index[2].htm 81891 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\index[4].htm 75469 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\index_15[1].gif 334 bytes


And here is the rest of my GMER log:




File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\insurance_dice_728x90_v2[1].swf 35895 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\interact[1].htm 6 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\list[1].htm 1982 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\li[1].gif 36 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\lnk.htm 5162 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\lnk[10].htm 5162 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\lnk[11].htm 822 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\lnk[3].htm 4423 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\lnk[5].htm 822 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\lnk[6].htm 5014 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\lnk[8].htm 4996 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\th_IMG_0013[1].jpg 4853 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\th_inconthievable[1].jpg 2744 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\th_lacilogan[1].jpg 4437 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\th_Lamontyourmotherissendingallherlove[1].gif 214068 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\th_LargeWeddingPhotoAlbum[1].jpg 2010 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\th_LexiJo11-5-08[1].jpg 17556 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\th_Libmanan_19[1].jpg 3980 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\General_Car_Game_728x90[1].swf 31285 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\global_0902[1].css 139095 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\global_styles[1].css 7491 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\googlePower[1].gif 1172 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\refurb_post_180x150_121208[1].swf 19420 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\related_32x128[1].png 1672 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\rihanna_disturbiamp3[1].htm 138500 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\row1[1].gif 2252 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\2203662774088080_1[1].jpg 1544 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\25x25_cry[1].gif 820 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\25[1].gif 1895 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\27700[1].jpg 11929 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\th_BridalShowerTowelCake[1].jpg 3044 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\th_bride[1].jpg 3163 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\th_bride_momndad_small[1].jpg 4110 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\th_bright[1].gif 3756 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\th_brotherandjustina[1].jpg 4937 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\th_BryonyNicksWedding020[1].jpg 4124 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\th_carlosandkidz134[1].jpg 1283 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\th_daughter-4[1].jpg 1897 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\th_062[1].jpg 12728 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\th_100_1171[1].jpg 20188 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\th_100_8423[1].jpg 3853 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\th_11[1].jpg 3622 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\th_2005_1104Image0010[1].jpg 4989 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\th_36c4[1].jpg 3606 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\th_3b986c36[1].jpg 4611 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\th_48m[1].jpg 3129 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\th_56MotherBabyMonkey[1].jpg 5940 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\clinelogo[1].jpg 9120 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\cm02_120x600_0308[1].swf 7706 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\color_mc_takeover[1].swf 112952 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\th_631[1].gif 1737 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\th_6a00d8341c789e53ef00e55025951e8833-[1].jpg 4039 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\th_80MotherBabyOragutan[1].jpg 3115 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\th_859ee4a8[1].jpg 2567 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\th_AmiyaandPayson[1].jpg 3215 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\th_AnnasCamera349[1].jpg 45535 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\th_ap19[1].jpg 11786 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\th_b1-1[1].jpg 5121 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\th_b2[1].jpg 5310 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\api[1].php 26 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\arrowGold[1].gif 79 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\arrow_right[1].png 416 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\assurant_160x600_emotional[1].swf 38622 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\avatar[1].png 17751 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\th_l_867414800bf0707a971c60596bc7c261[1].jpg 3820 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\th_l_93544ee263b14d59c77b50f212d70553[1].jpg 4878 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\th_MEjESSi039[1].jpg 3660 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\th_mibponies[1].jpg 6221 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\th_MWE_6411[1].jpg 3657 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\th_MWE_7068[1].jpg 5096 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\th_mz_080409_10017902647[1].jpg 5402 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\th_n26904432_31769935_9305[1].jpg 5604 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\th_newlywed[1].png 18894 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\th_NotDixiesPresident[1].jpg 4742 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\activity;src=1322164;met=1;v=1;pid=33198896;aid=211771680;ko=0;cid=30076722;rid=30094599;rv=1;&timestamp=1235436762694;eid1=2;ecn1=0;etm1=10;[1].gif 43 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\addfriendrequest003_m6cw2t2j[1].css 9501 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\AdDisplayTrackerServlet[1].htm 0 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\AdDisplayTrackerServlet[2].htm 0 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\AdDisplayTrackerServlet[3].htm 0 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\AdDisplayTrackerServlet[5].htm 0 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\ba9149c07b6a0a7fd40cb70629239a59[1].swf 23721 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\th_doggie[1].jpg 4138 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\th_DSC00560[1].jpg 2924 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\th_DSC00689[1].jpg 39810 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\th_DSCF8223[1].jpg 14735 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\th_DSC_0018rszdcopy[1].jpg 3829 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\th_DSC_0217[1].jpg 5784 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\th_DSC_6357[1].jpg 68017 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\th_DSC_6358[1].jpg 67931 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\th_fashion[3].jpg 4069 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\th_FotosBridalshowerforAndrea2008074[1].jpg 3461 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\th_hairext21[1].jpg 3597 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\th_handles[1].jpg 2979 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\th_HPIM0423[1].jpg 3920 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\th_HPIM0424[1].jpg 3798 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\hlpcloseicon2[1].gif 275 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\HOFCADULJTRCAW379LSCA0Y4Q0UCAABEQIMCA77IH95CA81ZL49CAO3JWKECAFSBY1GCA37AQ7LCABVOEJWCA9OHOXCCANQREKXCA4Z6T72CAV6OMR2CANSFA52CAQU6E1PCAPZ24PQCA37O1A9CAQT43TV.jpg 4204 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\homeajaxmodules_7dfm61ok[1].js 36744 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\HYACAYQQJ4ZCAGZ0BRBCATM3IOHCA1BFFS3CAP1MXLDCAZPLKKCCAG57D25CARW7WB3CA4XNJN3CAE6HDKCCAGV7DA3CA552IUACAZGNVOFCA5WUVH1CAC7B4PFCAOWUBS9CAXL9T0TCA41Y6KNCATVSW3D.jpg 12490 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\site.min[1].js 129636 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\slideshow2[1].js 4241 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\solb_arrow_up[1].gif 188 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\sony_pp2_paw_gameswithkids_728x90_main[1].swf 18890 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\spin_january_TVOTR_leader_jm_v1_010509[1].gif 20906 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\SearchMediaHistory[1] 2 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\search[1] 513 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\search[1].png 1460 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\search[2].htm 20567 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\search[3].htm 23384 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\search[4] 401 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\3kc3p13o51111f412a91ie315ff1910a3189d[1].jpg 7408 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\3kd3m93o8ZZZZZZZZZ92n05aee9536ef41eb6[1].jpg 5316 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\3mc3pc3l1ZZZZZZZZZ92mbfe7cda838791eea[1].jpg 5706 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\3mc3pc3l8ZZZZZZZZZ92h031c59f0c2f31b4c[1].jpg 6254 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\OnSubmit[1].htm 20378 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\FetchImage[1].jpg 2337 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\FetchImage[2].jpg 3195 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\FetchImage[3].jpg 2587 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\findstuff2_homepage_banner[1].jpg 37291 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\UkosyuV[1].jpg 968 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\uop_connie_300x250[1].swf 15998 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\V8MCMo9H[1].jpg 5450 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\imtdz[1].htm 523 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\0218_cw_clutch_300x250[1].swf 33638 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\0218_cw_online_offerings_300x250[1].swf 28521 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\0271528cc289e27e10239b7e242aa9cf[1].gif 14353 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\069c5f2d0bf9d1c8afec2737d5317e28[1].swf 5256 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\1Ms8ag[1].jpg 1083 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\1[1].gif 944 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\1[3].jpg 1888 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\4qi1tsyV[1].jpg 2836 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\4[1].htm 26883 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\525daafb6935247e5e2850b3416c68dc[1].gif 7076 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\5771ff4_18[1].jpg 3770 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\5b45d3f59e3bb20390d3e482ec401df8_final[1].jpg 41644 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\5f2c7dfe816324d4eacb40880a3ea492[1].gif 31250 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\5[2].htm 25754 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\mod_jslinker[1].js 4945 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\morefeat_djulien[1].jpg 7617 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\ThumbnailServer2[1].jpg 1595 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\v=36&hl=en&x=11460&s=&y=26502&z=16&s=Ga[1].jpg 25660 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\WebResource[1].axd 20931 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\Ozzy744-1213410898[1].jpg 2188 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\P5A2[1].jpg 295375 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\P5A7[1].jpg 257601 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\pdf[1].gif 1007 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\3na3k43oc1f812713791l0f4c5b976bfc187d[1].jpg 10504 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\3nb3oe3p211412413091j20c319c4f10f1c96[1].jpg 7754 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\3ne3oc3ldZZZZZZZZZ92m9ed451b7beae1739[1].jpg 7518 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\3oe3p03l21f412113291k7df03e7c5c031737[1].jpg 1911 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\dcs[1].gif 43 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\dd085514132dd5d8aab26d34c76ae448[1].gif 27608 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\ddichamp8_2620_728x90[1].swf 17392 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\de436ecb89150f30c7873c0177664575_00010[1].jpg 2615 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\3601016176958080_5[1].jpg 2868 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\3k13m53o411712c13091je45ebf93a7581a0c[1].jpg 1521 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\1047437315[1].htm 4106 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\1057262_125x125[1].jpg 8022 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\1231286136581[1].htm 5926 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\3me3o23lc1f414b13891keff1d6ba38961e07[1].jpg 883 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\3n53m63o4ZZZZZZZZZ92m3abfbc013f6a15f6[1].jpg 6308 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\3n83pe3l01201341g391j96d1b4297fad12be[1].jpg 1467 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\BT_300_250[1].jpg 22037 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\BudgetFree_post_180x150_022409[1].swf 26620 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\bulletincommentswsproxy_oldc0hq-[1].js 3698 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\BurstingInteractionsPipe[1].htm 0 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\pf_lock[1].gif 87 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\photolinksbox_fhb_rmpt[1].css 690 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\photoPrinting_PMU_v4_dr_111308[1].gif 16057 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\PID_900353_rx_shapes_728_90_expandable[1].swf 52111 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\pingbox_149801[1].swf 135148 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\pinkiphone_728x90[1].swf 14114 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\pinkiphone_728x90[2].swf 14114 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\pinkiphone_728x90[3].swf 14114 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\crossdomain[1].xml 1035 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\crossdomain[2].xml 343 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\crossdomain[5].xml 1213 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\CR_impactchannel_pp_120x250-1[1].gif 29277 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\CR_TampaChicago_300x250[1].gif 51003 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\d8c9f3d62b89bd6a29058c91816a55db[1].jpg 9147 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\daughter[1].htm 89509 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\KI4CADLF3T0CAFDUWEZCA2XUHXHCAW5AQZGCA6F91UCCARQGB75CA2D8LZ6CAU974GPCAHLJMLKCAVYS51ICA1WABJVCA5AKOXBCARBM0HMCAS6EOJKCA6V03CACAS4H2FXCA8FMHVCCA9LV8BPCA054GE6.jpg 7715 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\KT8KePF[1].jpg 1206 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\lang_zh-tw_11px_default[1].png 379 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\lecompress.jpg 9364 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\leo[1].jpg 48380 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\lggeorgebush[1].jpg 26012 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\list1[1].htm 3873 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\addvideo_k3op0xjd[1].css 11607 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\AdId=198524;BnId=4;ct=2920038284;st=122840;adcid=1;itime=484621695;reqtype=5[1] 1 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\adopt[1].htm 519 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\ads[1] 1295 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\ads[1].htm 2029 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\ads[2] 1578 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\ads[2].htm 1854 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\defaultCAIM20OC.jpg 1903 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\defaultCAQXN3P0.jpg 2345 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\fpuX54[1].gif 39865 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\freefreefree_120x600[1].swf 11781 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\func_200812091439[1].js 142593 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\th_003[1].jpg 7758 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\th_022[1].jpg 4007 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\th_023[1].jpg 45737 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\th_025[1].jpg 3194 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\showFolder;_ylt=AroRR41LnjtABT5yYOc_5I7uk70X[1].htm 81495 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\showMessage[1].htm 1599 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\side_border_fade_1x167[1].gif 154 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\silent[1].mp3 998 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\silent[3].mp3 998 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\m_f2d92781010249e9b2d3d2b9f359dd91[1].jpg 7929 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\m_f8cc14a75a2b433c8bccb9a5d421cb0a[1].jpg 4517 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\m_s[1].png 1179 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\navbg[1].jpg 5043 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\navi-spacer-6[1].gif 152 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\navigation_blank_r3_c1[1].gif 113 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\Banner_2_Confetti_HSI_728x90_Adcom[1].swf 13505 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\BDZCAS12FC8CAQM05LMCAOZ42QQCAHOMKOPCAHNOF9LCA48FL78CADGASVKCAW1T6FDCAGK1TTPCAPSZGYICAKDNHFNCAJJ4J0ECA26CND6CA36TN1RCAQ5B1PWCA7KJX8PCAMR27N4CAWFGD8FCAOA737T.png 12931 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\bethea1-sm[1].jpg 757 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\beyonce-knowles-stars-300a101006[1].jpg 1868 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\beyonce_bg[1].jpg 40588 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\ads[3] 1320 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\reddit[1].png 813 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\red_icons_A_J[1].png 3186 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\reelawards_f2[1].gif 2269 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\news_article_bkg[1].gif 1768 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\next_inactive[1].gif 230 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\Nxtgc1c527X_education_300x250_h7709_ad_1-7-09[1].swf 14336 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\obama1bigA[1].jpg 75702 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\obama1bigB[1].jpg 128264 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\Me%20Again[1].jpg 1605 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\meandbey[1].jpg 27036 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\conversion_script-passcode-reset[1].js 1787 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\coolness_X29-1220665291[1].gif 14560 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\coremetrics[1].js 49300 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\credit-1[1].gif 2574 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\13f81ce2c68159126c2c91faae2019b4[1].png 22853 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\1403032563138080_1[1].jpg 2500 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\15bd141554f1dacbced0e249410acc68[1].gif 11142 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\16x16-digg-guy[1].gif 256 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\1a8fddfd299daa7c89564a3c2a48f9e3_00054[1].jpg 3844 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\1a9ed8f0bc577db52e8ca660fd64c8ac[1].jpg 2511 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\script[1].js 9087 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\ifr[1].htm 3442 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\images[1].jpg 2833 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\61379[1].jpg 16947 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\66090[1].jpg 17424 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\66286[1].jpg 16085 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\67060[1].jpg 12607 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\67143[1].jpg 14517 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\6758971f4fae09bd05fd53f93f237533[1].gif 169344 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\3452jje_18[1].jpg 5926 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\347ac84f3ac7739285ae157c3361efb9[1].gif 6096 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\3501668683708080_1[1].jpg 1923 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\s_27097fba9264be8f7ae8697a4aff8bf2[1].jpg 2346 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\s_32c41b5f071e4a248d4ef7dac14375b7[1].jpg 3199 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\s_35835fcd6bf74ce89bc34704379cbbd1[1].jpg 2288 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\s_359c8c421b904f48a5eab31b0894cd4f[1].jpg 3705 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\s_3a1b7a49ab853fff485a7c36713f51ce[1].jpg 1852 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\s_467c02855de4418db9e1d6d892b9536b[1].jpg 1893 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\s_5184792204f2406f9913575cdd917e1b[1].jpg 2232 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\s_524459e067a6904f552c622a3f0ac2c9[1].jpg 1616 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\brides_myspace300cd[1].swf 28358 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\browsedetail_v18.0.10[1].js 134196 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\br[1].png 124 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\btn-bg[1].gif 1679 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\lonelyisland_UHP[1].jpg 32041 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\lv_gKHPa[1].jpg 2405 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\l[2].swf 2655 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\l_7f539ec3b2a343128e9d676e2beebc37[1].jpg 12805 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\l_a392accb78f140c69c34c5a06769eeed[1].jpg 11804 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\Mafia2_BN_IGM_175x110[1].gif 13428 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\magnoliacom[1].png 711 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\search[4].htm 9648 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\ains5_207-728x90[1].swf 29863 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\documentwrite[1].js 58 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\dollhouse_pp[1].gif 32287 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\dots_1x3_023465_0_0[1].gif 49 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\s_fb33b4a84b40760b3090f73a9bf771e3[1].jpg 2138 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\s_fd9dfa0ebcca46c2a994ce74b325165f[1].jpg 2483 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\T0no1Wz[1].jpg 1595 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\tags[1].js 8864 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\talktome[1].png 1851 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\v=36&hl=en&x=16809&s=&y=24343&z=16&s=Ga[1].jpg 23937 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\v=36&hl=en&x=2101&y=3047&z=13&s=Galile[1].jpg 24132 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\v=36&hl=en&x=4201&y=6094&z=14&s=G[1].jpg 24380 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\v=36&hl=en&x=5731&s=&y=13250&z=15&s=Gal[1].jpg 24458 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\v=36&hl=en&x=5732&s=&y=13253&z=15&s=G[1].jpg 21222 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\v=36&hl=en&x=5734&s=&y=13251&z=15&s=Galil[1].jpg 20734 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\6[1].htm 26049 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\728x90br[1].swf 4435 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\VI9CAMB7U4OCA6IFPXCCA18HBP2CA0TBKOYCAKTDQ15CAGNZCC3CA5DMPUDCATG5ZIRCARF1YLBCAS358IOCALCOXZDCAT6KQ4MCAHGQWTPCA4UMGF3CAN65ISFCAZOK5VCCACV63UTCAUMG5YCCAVFTFE4.jpg 8731 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\defaultCASPJQHS.jpg 3671 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\defaultCAUXIAMW.jpg 4127 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\defaultCAWARCAL.jpg 4062 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\defaultCAXOBKU0.jpg 4195 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\dm[3].gif 43 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\imgad[1].jpg 18947 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\interact[2].htm 6 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\ncomplete_1-1222031006[1].gif 12779 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\NewintropicSR[1].jpg 23585 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\newpremiumproduct_expertise_728x90[1].swf 15717 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\defaultCAA2R1LJ.jpg 3097 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\defaultCABEP2FV.jpg 2745 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\defaultCABNLQZX.jpg 2732 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\defaultCAI9FCAK.jpg 2578 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\s_00b8bd5277554cb8bacc86c850d7bbc9[1].jpg 2260 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\s_0e9a6e0e75ec4e53a013a139565ba3c1[1].jpg 2617 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\s_0f33bc481c0d4c80b2458ccf189e8d26[1].jpg 2251 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\s_12e7cf4acaaa413b0dcc60391df2c599[1].jpg 2820 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\s_2164ef0f8ba440218c08e3705141cbb4[1].jpg 2664 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\s_2175d6431355d0484a506085e1ac4f2b[1].jpg 4023 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\tpix[1].htm 0 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\trg_bs[1].js 0 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\TT_TurboDog_V1_160x600[1].swf 39422 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\Tyra2-sm[1].jpg 22528 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\t[1].gif 49 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\iq_mee_728x90_code3[1].swf 24121 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\iw3[1].png 9948 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\iw_fullscreen[1].gif 210 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\ss.jpg 7063 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\ss[1].jpg 1106 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\star10[1].gif 879 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\star11[1].gif 868 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\star[1].gif 249 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\star_small[1].png 4612 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\s_aff20fb887ed4ba6b0947e33ca80e6f6[1].jpg 2344 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\s_c57499999916462681a26d354a6814a3[1].jpg 2324 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\s_ce37a001bfc248b7985b27562e6ca6e6[1].jpg 2177 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\s_d8ee2385d63a4a279ad5e394cf02e656[1].jpg 2787 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\s_df47376153c643aa92754f94d68833c9[1].jpg 1908 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\f625_18[1].jpg 7423 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\favicon[1].ico 1406 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\favicon[4].ico 3638 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\m_dd457298ad0e4a4aa77c8d4b1a1d6444[1].jpg 8325 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\m_de5933b9428141aea4e203a0b4164795[1].jpg 4745 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\m_ded44a01a8c81eed071f09748940af27[1].jpg 5883 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\m_e94220f060f84d8fa32b1e9a7e950ceb[1].jpg 8077 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\m_002a789eaa264c9a84cb255fb80b566e[1].jpg 4859 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\m_0172e279f278715f73d951578beb5577[1].jpg 5838 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\m_064935223ca140abbe82e1e2ffadf4fb[1].jpg 6746 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\m_24ba35ce0d0040cab68ca5a4f4006215[1].jpg 7696 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\m_27722b6c9fcd4e558dcce9f75d33e947[1].jpg 8697 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\s_7a8ec5ab22cd510b0ec82fa64428b63d[1].jpg 1505 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\s_7e93e5f905e443e0aa15e00ef18ce5f2[1].jpg 2841 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\s_98b31b0c739d4a53bfda88f21f3665a0[1].jpg 3086 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\s_ac73e2151be94d439d83144e466d225b[1].jpg 3775 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\s_acf49e94290c4f80b52b0b50f80a5807[1].jpg 4200 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\8c0b27e3d7e519f4ed882130e43ec4ef[1].png 29276 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\944ba609371c3ec52e30e956ce08c200_00090[1].jpg 2222 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\s_542386c56ad994c3c543495a926a529a[1].jpg 3331 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\s_580ac45b7815403795dd7a55a423323d[1].jpg 2358 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\s_6111240998cf4fc78014f9d1607fbbf1[1].jpg 2395 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\s_70885bc3ed206841dcde007473f2d02b[1].jpg 2080 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\s_70ed2356106df636bee65fd1643e5190[1].jpg 2274 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\s_742febaf26804898b5307ba2e83df6dc[1].jpg 3788 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\s_78ec6b344fb054db5454fafb506c27ce[1].jpg 2957 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\s_e7eb88f4a47b4b0f8c56fafa967f7392[1].jpg 2392 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\s_eb48a8a142123dfab161140119bcb958[1].jpg 2914 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\s_f518e4017c4b497f8d76a3673f4058b9[1].jpg 2305 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\c8abbd77bf553a4232a5bea547d2379a[1].gif 8377 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\cbk[2].jpg 9295 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\cbk[3].jpg 12039 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\aboutus_f2[1].gif 2220 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\aboutus_f3[1].gif 2607 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\ac47e85cfd6d85c7a3e11a20670e9913[1].swf 27525 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\dm[2].gif 43 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\W3YCA25LJASCAIFXUL9CA429QXMCAEHSEBICAN02VKGCA9NI3YOCAMXGT4QCAC3OYGMCAAP0L4WCAG0DBTBCA93R04ACASC605DCAIPHCYLCABW01RZCABK9HGYCAKZV67PCAHW7A57CARCU2C4CAYDDNHK.jpg 11782 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\3k33m73l012014513291i66f26e425b63105c[1].jpg 9368 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\3k43od3ld1181f413291i012ca1e0048d1e59[1].jpg 5663 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\3k53pd3l312b1481g591k4308b81642d61371[1].jpg 6516 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\compass_small[1].png 1245 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\Con3_728x90[1].swf 20927 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\Con3_728x90[2].swf 20927 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\configuration_baseline[1].js 2857 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\Contact_NRScherzo_ButtonOver[1].gif 2321 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\contentspacer_light[1].gif 47 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\default[6].jpg 2568 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\default[9].jpg 2298 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\desktop.ini 67 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\de[1].htm 8868 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\de[2].htm 8482 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\dicapriologo[1].jpg 7814 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\dicaprio_index[1].jpg 7437 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\defaultCA0R2AUI.jpg 3141 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\defaultCA1NIJNU.jpg 2715 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\defaultCA231VVJ.jpg 3548 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\Alt_hero_jm_v1_011609[1].jpg 89749 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\amcload[1].htm 6 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\defaultCAN06M9N.jpg 2282 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\defaultCAPJ3OKK.jpg 3963 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\280x100_Meshuggah[1].gif 50414 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\29798[1].jpg 15246 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\2[1].jpg 1642 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\300x250_US_Burlesque[1].swf 26898 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\3104ee5990a766713cc2c3b0e8f8f68f[1].jpg 6269 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\1000040288[1].htm 4354 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\1000126_125x125[1].jpg 3234 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\1001144234[1].htm 4002 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\m_3662211c2682451aa2ac29bd4d33768e[1].jpg 9532 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\m_377be5ac1d094ec5b5049de72c84ebbd[1].jpg 4298 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\m_3c7821bf66d04207bf298b2fe53afdc4[1].jpg 7153 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\m_3c91782614874addaa28b0d0a69af36d[1].jpg 7309 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\m_5ab1e10ad7d1473f95e507b0037d5fd1[1].jpg 11407 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\v=w2t[2].png 16373 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\v=w2t[3].png 9443 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\v=w2[1].png 19173 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\v=w2[2].png 10938 bytes
File C:\My Backup -- 04-04-09 1226\Documents and Settings\vanessa\Local Settings\Temporary Internet Files\Content.IE5\KMS7K9LI\vane[1].jpg 11001 bytes
File C:\WINDOWS\system32\drivers\cmdide.sys suspicious modification
File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

#12 redslime

redslime
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, IL, USA
  • Local time:03:31 PM

Posted 19 April 2010 - 05:14 PM

sorry, double post.

Edited by redslime, 19 April 2010 - 05:16 PM.


#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:31 PM

Posted 20 April 2010 - 10:12 AM

Hi,

you have been infected by a nasty rootkit. It is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.


If you decide to clean, then please run ComboFix and post the log in your next reply:

Please download ComboFix from one of these locations:

Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#14 redslime

redslime
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, IL, USA
  • Local time:03:31 PM

Posted 20 April 2010 - 08:20 PM

Hi.

Yes, I wish to attempt to clean my PC even though there is no guarantee of success.

However, The instructions you gave me in the last post, you've already asked me to do that before and I have already done that. Would you still like me to run another combofix scan and post the new log?

#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:31 PM

Posted 21 April 2010 - 05:23 AM

Hi,

yes, ComboFix has been updated to take on this specific infection. Please delete the copy of Combofix that you still may have and download a fresh copy of ComboFix and run it.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users