Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I think the got me good this time


  • This topic is locked This topic is locked
19 replies to this topic

#1 process8

process8

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:05:49 AM

Posted 11 April 2010 - 02:31 AM

Been having various problems latley so I ran a routine Spybot S&D tonight and I watched it like a hawk.

I noticed it spent and abmormally long time ?scanning? something called virtumonde.sdn so I downloaded Dr. Spyware and ran it.

It confirmed virtumonde.sdn and something else called agent.duj. Said they were medium and high risk respectively.

So I did a system restore going back two weeks. The slowdown and other problems are not two weeks old. Anyway, aftger the sys. restore I ran Dr. Spyware again and it gave me the same results.

How bad is this. I did a little googling and I think it's pretty bad.

I'm going over to "Hijack this" for a log. i hope I post the right thing here.

If not, will someone please direct me as to what to do?

Thanks,

Mike

Here's a log file from Hijack this.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:34:27 AM, on 4/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WebUpdateSvc.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Documents and Settings\Owner\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [SunKistEM] "C:\Program Files\Digital Media Reader\shwiconem.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [BCInstall0] "C:\Program Files\Pc Cleaner\pcclean.exe" /REMOVE
O4 - HKCU\..\Run: [Window Washer] "C:\Program Files\Webroot\Washer\wwDisp.exe"
O4 - HKCU\..\Run: [SansaDispatch] C:\Documents and Settings\Owner\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM_ca.cab
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/n020p/EN/install/gtdownlr.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-48.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.my-etrust.com/Extern/RoadRunner...an/pestscan.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1160516019062
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) -
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) -
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Web Update Service by PowerProgrammer (WebUpdate) - Data Perceptions / PowerProgrammer - C:\WINDOWS\system32\WebUpdateSvc.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 7765 bytes

Merged posts. ~ OB

Edited by Orange Blossom, 11 April 2010 - 01:59 PM.


BC AdBot (Login to Remove)

 


#2 process8

process8
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:05:49 AM

Posted 12 April 2010 - 05:38 PM

Have I committed some faux pas? I ask because I have received no response(s) to this problem.

#3 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:10:49 AM

Posted 13 April 2010 - 11:32 AM

Hello and and Welcome to Bleepingcomputer

Please note we are very busy, so if I don't hear from you within 5 days the topic will be closed, If you have since
resolved your issues I would appreciate if you would let me no so I can close this topic.

QUOTE
Have I committed some faux pas? I ask because I have received no response(s) to this problem.


No, We are all volunteers doing this in our spare time, please bare that in mind.


We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
    Under the Custom Scans/Fixes box at the bottom, paste in the following bold text.
    %appdata%\*.exe
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %SYSTEMDRIVE%\*.exe
    netsvcs
    msconfig
    /md5start
    proquota.exe
    sfcfiles.dll
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    beep.sys
    iaStor.sys
    nvstor.sys
    atapi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    iastorv.sys
    /md5stop
    CREATERESTOREPOINT

  5. Push the button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Thanks

unite.jpg


#4 process8

process8
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:05:49 AM

Posted 13 April 2010 - 03:46 PM

Thank you for much for the help. It is truly appreciated.

Here are the logs:

OTL logfile created on: 4/13/2010 4:12:35 PM - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\Owner\Desktop\virus
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

894.00 Mb Total Physical Memory | 416.00 Mb Available Physical Memory | 47.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.29 Gb Total Space | 122.39 Gb Free Space | 84.24% Space Free | Partition Type: NTFS
Drive D: | 15.73 Gb Total Space | 15.72 Gb Free Space | 99.98% Space Free | Partition Type: FAT32
Drive E: | 3.75 Gb Total Space | 1.68 Gb Free Space | 44.81% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
Unable to calculate disk information.
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: X
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/13 16:08:38 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\virus\OTL.exe
PRC - [2010/01/22 09:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2009/12/09 18:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2009/11/24 19:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/24 19:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/24 19:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/11/24 19:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/11/24 19:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/10/01 16:03:14 | 001,858,144 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\a-squared Free\a2service.exe
PRC - [2009/03/05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/11/09 16:51:19 | 000,079,872 | ---- | M] (SanDisk Corporation) -- C:\Documents and Settings\Owner\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/05 15:43:24 | 000,389,448 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Washer\WasherSvc.exe
PRC - [2007/09/05 15:43:14 | 001,261,384 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Washer\wwDisp.exe
PRC - [2006/09/01 21:00:03 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2005/12/22 18:37:26 | 000,266,240 | ---- | M] (Data Perceptions / PowerProgrammer) -- C:\WINDOWS\system32\WebUpdateSvc.exe
PRC - [2004/11/15 18:04:32 | 000,135,168 | ---- | M] (Alcor Micro, Corp.) -- C:\Program Files\Digital Media Reader\shwiconEM.exe
PRC - [2003/05/08 12:00:58 | 000,049,152 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe


========== Modules (SafeList) ==========

MOD - [2010/04/13 16:08:38 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\virus\OTL.exe
MOD - [2003/05/08 12:00:46 | 000,159,744 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE2.0\OpHookSE2.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/03/15 12:50:36 | 001,142,224 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010/03/11 12:09:22 | 000,366,840 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2010/01/22 09:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/12/09 18:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/11/24 19:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 19:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 19:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 19:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/10/01 16:03:14 | 001,858,144 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\a-squared Free\a2service.exe -- (a2free)
SRV - [2007/09/05 15:43:24 | 000,389,448 | ---- | M] (Webroot Software, Inc.) [Auto | Running] -- C:\Program Files\Webroot\Washer\WasherSvc.exe -- (wwEngineSvc)
SRV - [2006/09/01 21:00:03 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2005/12/22 18:37:26 | 000,266,240 | ---- | M] (Data Perceptions / PowerProgrammer) [Auto | Running] -- C:\WINDOWS\system32\WebUpdateSvc.exe -- (WebUpdate)


========== Driver Services (SafeList) ==========

DRV - [2010/03/10 11:36:36 | 000,217,032 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/17 11:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/12/02 15:23:40 | 000,149,040 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2009/11/24 19:50:59 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009/11/24 19:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/11/24 19:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/11/24 19:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/11/24 19:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/11/24 19:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/01/23 01:13:52 | 000,069,575 | ---- | M] (Kingsun Semiconductor) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\UsbCoc.sys -- (UsbCoc)
DRV - [2008/04/13 14:46:20 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2008/04/13 14:46:20 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2008/04/13 14:46:09 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2006/10/31 17:33:50 | 000,022,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbsermpt.sys -- (usbsermpt)
DRV - [2005/03/21 11:00:24 | 000,004,096 | ---- | M] (SuperAdBlocker.com) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\sabprocenum.sys -- (SABProcEnum)
DRV - [2004/11/17 23:05:38 | 002,297,664 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/11/15 20:41:54 | 000,036,804 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Sunkfilt.sys -- (SunkFilt)
DRV - [2004/11/11 23:02:00 | 000,863,744 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/08/04 01:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/08/04 01:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/06/17 18:56:22 | 000,220,032 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2004/06/17 18:55:38 | 000,685,056 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/06/17 18:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/03/08 13:55:50 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2002/10/15 22:41:06 | 000,102,220 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sonypvs1.sys -- (sonypvs1)
DRV - [2001/08/18 00:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/18 00:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/18 00:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/18 00:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/18 00:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 23:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 23:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 23:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 23:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 23:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 23:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 23:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 23:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 23:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 23:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 16:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3808688571-1347212822-3530971873-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3808688571-1347212822-3530971873-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE - HKU\S-1-5-21-3808688571-1347212822-3530971873-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2008/09/17 15:07:03 | 000,259,844 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 9022 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [OpwareSE2] C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe (Alcor Micro, Corp.)
O4 - HKU\S-1-5-21-3808688571-1347212822-3530971873-1003..\Run: [SansaDispatch] C:\Documents and Settings\Owner\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
O4 - HKU\S-1-5-21-3808688571-1347212822-3530971873-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-3808688571-1347212822-3530971873-1003..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe (Webroot Software, Inc.)
O4 - HKLM..\RunOnce: [BCInstall0] C:\Program Files\Pc Cleaner\pcclean.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3808688571-1347212822-3530971873-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O15 - HKU\S-1-5-21-3808688571-1347212822-3530971873-1003\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (Reg Error: Key error.)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.5)
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} http://download.zonelabs.com/bin/free/cm/ICSCM_ca.cab (ICSScannerLight Class)
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} http://inst.c-wss.com/n020p/EN/install/gtdownlr.cab (Automatic Driver Installation Control)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-48.cab (EPUImageControl Class)
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} http://www.my-etrust.com/Extern/RoadRunner...an/pestscan.cab (PSFormX Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase8942.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1160516019062 (MUWebControl Class)
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} http://www3.ca.com/securityadvisor/virusinfo/webscan.cab (WScanCtl Class)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/05/09 21:59:44 | 000,000,189 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/09/13 12:15:24 | 000,000,053 | -HS- | M] () - E:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2003/08/08 17:24:26 | 000,000,045 | -HS- | M] () - E:\autorun.inf.aug.8 -- [ FAT32 ]
O33 - MountPoints2\{7af24f57-3a21-11db-b6e3-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{7af24f57-3a21-11db-b6e3-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/08/26 14:03:54 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

MsConfig - Services: "VETMSGNT"
MsConfig - Services: "CAISafe"
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk - C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk - C:\Program Files\BigFix\BigFix.exe - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe - (Eastman Kodak Company)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk - C:\PROGRA~1\Kodak\KODAKS~1\7288971\Program\KODAKS~1.EXE - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe - (Sony Corporation)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe - (Sony Corporation.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^run_startmenu.cmd - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\run_startmenu.cmd - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe - File not found
MsConfig - StartUpReg: CAVRID - hkey= - key= - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe File not found
MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found
MsConfig - StartUpReg: Iconoid - hkey= - key= - C:\My Backup -- 01-09-06 1740\Program Files\Iconoid\iconoid.exe (SillySot Software)
MsConfig - StartUpReg: KernelFaultCheck - hkey= - key= - File not found
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: MSSE - hkey= - key= - c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
MsConfig - StartUpReg: PC Suite Tray - hkey= - key= - C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe File not found
MsConfig - StartUpReg: PCSuiteTrayApplication - hkey= - key= - C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE File not found
MsConfig - StartUpReg: PcSync - hkey= - key= - C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe File not found
MsConfig - StartUpReg: QOELOADER - hkey= - key= - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe File not found
MsConfig - StartUpReg: SoundMan - hkey= - key= - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: SpyEmergency - hkey= - key= - C:\Program Files\NETGATE\Spy Emergency 2008\SpyEmergency.exe File not found
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe File not found
MsConfig - StartUpReg: SUPERAntiSpyware - hkey= - key= - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
MsConfig - StartUpReg: Uniblue RegistryBooster 2009 - hkey= - key= - C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe File not found
MsConfig - StartUpReg: updateMgr - hkey= - key= - C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183528496136192)

========== Files/Folders - Created Within 30 Days ==========

[2010/04/13 16:09:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\virus
[2010/04/11 19:09:08 | 000,181,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010/04/11 14:54:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/04/11 06:20:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\scans
[2010/04/11 04:22:01 | 000,000,000 | ---D | C] -- C:\Program Files\a-squared Free
[2010/04/11 04:22:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\a-squared Free
[2010/04/11 03:59:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/04/11 03:41:43 | 000,000,000 | ---D | C] -- C:\rei
[2010/04/11 03:41:41 | 000,000,000 | ---D | C] -- C:\Program Files\Reimage
[2010/04/11 03:08:44 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2010/04/11 03:08:43 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2010/04/11 03:08:43 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2010/04/11 03:07:26 | 000,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010/04/11 03:07:15 | 000,217,032 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010/04/11 03:07:15 | 000,088,040 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010/04/11 03:07:03 | 000,070,408 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010/04/11 03:06:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\PC Tools
[2010/04/11 03:06:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/04/11 02:28:34 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/04/11 02:28:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/03/31 21:20:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Router
[2010/03/30 13:01:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/03/30 13:01:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/03/30 13:01:02 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/03/30 13:01:02 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/03/30 13:01:02 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/03/28 17:45:46 | 000,000,000 | ---D | C] -- C:\Netgear
[2010/03/27 02:21:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Novel
[2010/03/27 02:21:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Novel rewrite
[2010/03/26 19:40:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\NC8230
[2010/01/15 05:52:14 | 000,092,064 | ---- | C] (MCCI) -- C:\Documents and Settings\Owner\mqdmmdm.sys
[2010/01/15 05:52:14 | 000,079,328 | ---- | C] (MCCI) -- C:\Documents and Settings\Owner\mqdmserd.sys
[2010/01/15 05:52:14 | 000,066,656 | ---- | C] (MCCI) -- C:\Documents and Settings\Owner\mqdmbus.sys
[2010/01/15 05:52:14 | 000,009,232 | ---- | C] (MCCI) -- C:\Documents and Settings\Owner\mqdmmdfl.sys
[2010/01/15 05:52:14 | 000,006,208 | ---- | C] (MCCI) -- C:\Documents and Settings\Owner\mqdmcmnt.sys
[2010/01/15 05:52:14 | 000,005,936 | ---- | C] (MCCI) -- C:\Documents and Settings\Owner\mqdmwhnt.sys
[2010/01/15 05:52:14 | 000,004,048 | ---- | C] (MCCI) -- C:\Documents and Settings\Owner\mqdmcr.sys
[2009/12/28 22:39:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/12/28 13:30:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/07/01 10:42:58 | 000,308,160 | ---- | C] (ALWIL Software) -- C:\Program Files\avast_home_setup.exe
[2009/01/20 02:48:20 | 037,090,648 | ---- | C] (Online Media Technologies Ltd. ) -- C:\Program Files\AVSDiscCreator.exe
[2009/01/20 01:59:20 | 052,307,672 | ---- | C] (Online Media Technologies Ltd. ) -- C:\Program Files\AVSVideoConverter.exe
[2008/11/14 22:58:53 | 007,943,541 | ---- | C] (DVD Video Soft Limited. ) -- C:\Program Files\FreeYouTubeToMp3Converter.exe
[2008/08/23 00:54:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/05/27 17:24:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SUPERAntiSpyware.com
[2008/05/17 17:25:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Help
[2008/05/17 17:25:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Help
[2008/05/12 17:09:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Webroot
[2008/04/27 07:50:27 | 045,145,784 | ---- | C] (CA) -- C:\Program Files\iss_en_32.exe
[2008/02/12 00:10:20 | 007,371,062 | ---- | C] ( ) -- C:\Program Files\dvdflick_setup_1.2.2.1.exe
[2007/02/19 06:52:24 | 002,816,504 | ---- | C] (Diplodock ) -- C:\Program Files\rng.exe
[2006/12/11 09:47:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Webroot(2)
[2006/12/11 09:47:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Webroot(4)
[2006/10/31 17:33:50 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Owner\usbsermptxp.sys
[2006/10/31 17:33:50 | 000,022,768 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Owner\usbsermpt.sys
[2006/09/05 21:46:08 | 000,630,784 | ---- | C] (Citrix Online) -- C:\Documents and Settings\Owner\chatlnk.exe
[2004/08/26 14:08:55 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2004/08/26 14:08:54 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2004/08/26 14:08:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[1 C:\Documents and Settings\Owner\*.tmp files -> C:\Documents and Settings\Owner\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/13 16:07:33 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Office Word 2003 (2).lnk
[2010/04/13 15:52:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/13 14:15:04 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/13 14:13:42 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/13 14:13:33 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/13 14:12:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/13 14:12:33 | 938,004,480 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/13 14:11:45 | 009,699,328 | ---- | M] () -- C:\Documents and Settings\Owner\ntuser.dat
[2010/04/13 14:11:45 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/04/13 14:10:51 | 000,000,988 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/13 14:10:51 | 000,000,227 | ---- | M] () -- C:\WINDOWS\SYSTEM.INI
[2010/04/13 14:10:51 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010/04/12 23:16:02 | 000,004,563 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\AAAA Vehicle operation costs rise 4.8% - WALB.com News, Weather and Sports for Albany, Valdosta and Thomasville. Leading the w.url
[2010/04/11 22:25:34 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\AAA.doc
[2010/04/11 03:42:06 | 000,000,232 | ---- | M] () -- C:\WINDOWS\reimage.ini
[2010/04/10 21:56:40 | 000,000,177 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Spokeo email instant.url
[2010/04/07 18:16:24 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\meds revised.doc
[2010/04/07 17:14:32 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\meds2.doc
[2010/03/30 21:58:34 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/03/30 17:37:32 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Employers.doc
[2010/03/30 13:42:40 | 000,048,128 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\CLOSE.doc
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/27 01:25:14 | 000,029,184 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Chapter 15 - In For A Penny.doc
[2010/03/27 00:02:22 | 000,035,328 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Chapter 14 - The Truth Will Out.doc
[2010/03/26 23:59:58 | 000,033,280 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Chapter 13 - The Undercard.doc
[2010/03/26 23:58:22 | 000,034,304 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Chapter 12 - The Niceties.doc
[2010/03/26 23:47:28 | 000,034,304 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Chapter 11 - Prelude To The Big Meeting.doc
[2010/03/26 23:42:58 | 000,029,184 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Chapter 10 - The 4th of July.doc
[2010/03/26 23:38:06 | 000,044,032 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Chapter 9 - What's Up With This Guy.doc
[2010/03/26 23:33:54 | 000,034,816 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Chapter 8 - Don't Answer It Before Noon.doc
[2010/03/26 23:27:20 | 000,043,520 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Chapter 7 - All's Well That Ends Well.doc
[2010/03/26 23:25:22 | 000,038,912 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Chapter 6 - Something.doc
[2010/03/26 23:21:36 | 000,035,328 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Chapter 5 - Do Something, Man.doc
[2010/03/26 23:18:22 | 000,046,080 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Chapter 4 - The Beginning.doc
[2010/03/26 23:16:00 | 000,038,912 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Chapter 1 - The Shooting.doc
[2010/03/26 23:03:56 | 000,035,328 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Chapter 3 - The M.E.doc
[2010/03/26 23:03:10 | 000,033,792 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Chapter 2 - The Aftermath.doc
[2010/03/26 19:43:54 | 000,000,698 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to fax instructions.lnk
[2010/03/21 22:53:04 | 000,000,252 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Kerr Thomas M MD.url
[2010/03/21 22:48:03 | 000,051,144 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\DR. KERR_CV.pdf
[2010/03/21 13:56:58 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\bird cage.doc
[2010/03/18 01:04:44 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\To Whom It May Concern.doc
[1 C:\Documents and Settings\Owner\*.tmp files -> C:\Documents and Settings\Owner\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/12 23:16:02 | 000,004,563 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\AAAA Vehicle operation costs rise 4.8% - WALB.com News, Weather and Sports for Albany, Valdosta and Thomasville. Leading the w.url
[2010/04/11 22:25:34 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\AAA.doc
[2010/04/11 03:42:05 | 000,000,232 | ---- | C] () -- C:\WINDOWS\reimage.ini
[2010/04/11 03:08:44 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010/04/11 03:07:26 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2010/04/11 03:07:15 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010/04/11 03:07:15 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2010/04/11 03:07:03 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2010/04/11 02:30:27 | 001,152,444 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2010/04/11 02:30:27 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2010/04/11 02:30:27 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2010/04/11 02:30:27 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2010/04/10 21:56:40 | 000,000,177 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Spokeo email instant.url
[2010/04/07 17:24:07 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\meds revised.doc
[2010/04/07 17:00:40 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\meds2.doc
[2010/03/30 13:42:40 | 000,048,128 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\CLOSE.doc
[2010/03/28 18:31:22 | 009,699,328 | ---- | C] () -- C:\Documents and Settings\Owner\ntuser.dat
[2010/03/27 15:52:07 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Employers.doc
[2010/03/27 02:17:31 | 000,046,080 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Chapter 4 - The Beginning.doc
[2010/03/27 02:17:31 | 000,044,032 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Chapter 9 - What's Up With This Guy.doc
[2010/03/27 02:17:31 | 000,043,520 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Chapter 7 - All's Well That Ends Well.doc
[2010/03/27 02:17:31 | 000,038,912 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Chapter 6 - Something.doc
[2010/03/27 02:17:31 | 000,038,912 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Chapter 1 - The Shooting.doc
[2010/03/27 02:17:31 | 000,035,328 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Chapter 5 - Do Something, Man.doc
[2010/03/27 02:17:31 | 000,035,328 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Chapter 3 - The M.E.doc
[2010/03/27 02:17:31 | 000,035,328 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Chapter 14 - The Truth Will Out.doc
[2010/03/27 02:17:31 | 000,034,816 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Chapter 8 - Don't Answer It Before Noon.doc
[2010/03/27 02:17:31 | 000,034,304 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Chapter 12 - The Niceties.doc
[2010/03/27 02:17:31 | 000,034,304 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Chapter 11 - Prelude To The Big Meeting.doc
[2010/03/27 02:17:31 | 000,033,792 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Chapter 2 - The Aftermath.doc
[2010/03/27 02:17:31 | 000,033,280 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Chapter 13 - The Undercard.doc
[2010/03/27 02:17:31 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Chapter 15 - In For A Penny.doc
[2010/03/27 02:17:31 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Chapter 10 - The 4th of July.doc
[2010/03/27 02:17:31 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Chapter X - PI bkgrnd .doc
[2010/03/27 02:17:31 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Tampa Tidbits.doc
[2010/03/27 02:17:31 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Dialogue.doc
[2010/03/21 22:53:04 | 000,000,252 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Kerr Thomas M MD.url
[2010/03/21 22:48:03 | 000,051,144 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\DR. KERR_CV.pdf
[2010/03/21 13:56:58 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\bird cage.doc
[2010/02/07 07:41:10 | 001,380,403 | ---- | C] () -- C:\WINDOWS\System32\avgsdk.dll
[2010/01/15 05:52:14 | 000,015,682 | ---- | C] () -- C:\Documents and Settings\Owner\Copy of oem38.PNF
[2010/01/15 05:52:14 | 000,013,998 | ---- | C] () -- C:\Documents and Settings\Owner\Copy of oem12.PNF
[2010/01/15 05:52:14 | 000,012,820 | ---- | C] () -- C:\Documents and Settings\Owner\Copy of oem13.PNF
[2010/01/15 05:52:14 | 000,012,682 | ---- | C] () -- C:\Documents and Settings\Owner\Copy of oem14.PNF
[2010/01/15 05:52:14 | 000,012,348 | ---- | C] () -- C:\Documents and Settings\Owner\Copy of oem37.PNF
[2010/01/15 05:52:14 | 000,009,913 | ---- | C] () -- C:\Documents and Settings\Owner\MCCI_MDM.INF
[2010/01/15 05:52:14 | 000,009,232 | ---- | C] () -- C:\Documents and Settings\Owner\Copy of oem38.inf
[2010/01/15 05:52:14 | 000,006,989 | ---- | C] () -- C:\Documents and Settings\Owner\MCCI_BUS.INF
[2010/01/15 05:52:14 | 000,006,947 | ---- | C] () -- C:\Documents and Settings\Owner\1263549134-(null)
[2010/01/15 05:52:14 | 000,006,009 | ---- | C] () -- C:\Documents and Settings\Owner\Copy of oem14.inf
[2010/01/15 05:52:14 | 000,005,877 | ---- | C] () -- C:\Documents and Settings\Owner\Copy of oem13.inf
[2010/01/15 05:52:14 | 000,005,813 | ---- | C] () -- C:\Documents and Settings\Owner\Copy of oem37.inf
[2010/01/15 05:52:14 | 000,004,477 | ---- | C] () -- C:\Documents and Settings\Owner\MCCI_SDM.INF
[2010/01/15 05:51:53 | 000,012,466 | ---- | C] () -- C:\Documents and Settings\Owner\1263549113-oem14.PNF
[2010/01/15 05:51:53 | 000,009,232 | ---- | C] () -- C:\Documents and Settings\Owner\USB_MOT_BRIT.INF
[2010/01/15 05:51:53 | 000,005,960 | ---- | C] () -- C:\Documents and Settings\Owner\USB_MOT_A1000.INF
[2010/01/15 05:51:53 | 000,005,798 | ---- | C] () -- C:\Documents and Settings\Owner\1263549113-oem14.inf
[2010/01/15 05:51:52 | 000,014,286 | ---- | C] () -- C:\Documents and Settings\Owner\1263549112-oem12.PNF
[2010/01/15 05:51:52 | 000,012,820 | ---- | C] () -- C:\Documents and Settings\Owner\1263549112-oem13.PNF
[2010/01/15 05:51:52 | 000,007,194 | ---- | C] () -- C:\Documents and Settings\Owner\1263549112-oem12.inf
[2010/01/15 05:51:52 | 000,005,877 | ---- | C] () -- C:\Documents and Settings\Owner\1263549112-oem13.inf
[2010/01/15 05:16:54 | 000,012,466 | ---- | C] () -- C:\Documents and Settings\Owner\1263547014-oem14.PNF
[2010/01/15 05:16:54 | 000,005,798 | ---- | C] () -- C:\Documents and Settings\Owner\1263547014-oem14.inf
[2010/01/15 05:16:53 | 000,014,286 | ---- | C] () -- C:\Documents and Settings\Owner\1263547013-oem12.PNF
[2010/01/15 05:16:53 | 000,012,820 | ---- | C] () -- C:\Documents and Settings\Owner\1263547013-oem13.PNF
[2010/01/15 05:16:53 | 000,007,194 | ---- | C] () -- C:\Documents and Settings\Owner\1263547013-oem12.inf
[2010/01/15 05:16:53 | 000,005,877 | ---- | C] () -- C:\Documents and Settings\Owner\1263547013-oem13.inf
[2009/08/13 02:10:50 | 000,000,078 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009/01/09 01:23:43 | 000,186,110 | ---- | C] () -- C:\Documents and Settings\All Users\NCCD.log
[2008/12/02 21:12:36 | 000,000,039 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2008/10/28 02:36:45 | 001,553,035 | ---- | C] () -- C:\Program Files\SetupImgBurn_2.3.2.0.rar
[2008/10/11 22:10:32 | 000,000,023 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\kodakpcd.ini
[2008/05/04 20:35:04 | 035,674,728 | ---- | C] () -- C:\Program Files\Nero-6.6.1.15a.exe
[2008/05/04 18:14:21 | 000,894,372 | ---- | C] () -- C:\Program Files\dvdate_70en.zip
[2008/05/04 17:17:32 | 000,315,487 | ---- | C] () -- C:\Program Files\vdts-trial.zip
[2008/05/04 08:45:39 | 008,408,102 | ---- | C] () -- C:\Program Files\vdm_free.exe
[2008/02/12 02:30:52 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/02/12 02:30:51 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/02/12 00:15:54 | 000,765,400 | ---- | C] () -- C:\Program Files\DownUtube3Exe.zip
[2008/02/11 15:46:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2007/09/12 23:50:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\core
[2007/02/19 02:43:01 | 001,322,913 | ---- | C] () -- C:\Program Files\RRNDemo.exe
[2007/01/18 21:05:00 | 000,000,284 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\ViewerApp.dat
[2007/01/18 19:40:20 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2006/11/23 03:29:12 | 000,004,096 | -H-- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\keyfile3.drm
[2006/10/31 17:33:50 | 000,006,141 | ---- | C] () -- C:\Documents and Settings\Owner\USBMOT2000XP.INF
[2006/10/31 17:33:50 | 000,005,880 | ---- | C] () -- C:\Documents and Settings\Owner\USB_CMCS_2000.INF
[2006/10/31 17:33:49 | 000,007,201 | ---- | C] () -- C:\Documents and Settings\Owner\USBMOT2000.INF
[2006/10/31 17:33:38 | 000,062,419 | ---- | C] () -- C:\Documents and Settings\Owner\Motorola_Driver_Log.txt
[2006/10/30 23:24:22 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2006/10/30 23:13:41 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/10/26 18:26:14 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2006/10/11 22:13:53 | 000,212,849 | ---- | C] () -- C:\Program Files\hijackthis.zip
[2006/10/11 16:58:48 | 000,713,418 | ---- | C] () -- C:\Program Files\dvdate60en.zip
[2006/09/28 22:26:33 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/09/26 21:30:08 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/09/09 13:18:37 | 000,003,010 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2006/09/05 19:10:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PestPatrol5.INI
[2006/09/02 18:03:29 | 000,009,151 | ---- | C] () -- C:\Documents and Settings\Owner\Our comparable sales tool can help price your property.eml
[2006/09/02 17:54:46 | 000,062,730 | ---- | C] () -- C:\Documents and Settings\Owner\MicroCap Gems Weekly Issue 6 22 05.eml
[2006/09/02 17:54:46 | 000,033,167 | ---- | C] () -- C:\Documents and Settings\Owner\eBay Item Won 200 MARRIOTT BONUS BUCKS GIFT CERTIFICATE Nov 21 2005 Item 5591510705.eml
[2006/09/02 17:54:46 | 000,026,200 | ---- | C] () -- C:\Documents and Settings\Owner\Press Release Asia Payment Systems Reports Growth in First Six Months of Operations.eml
[2006/09/02 17:54:46 | 000,024,396 | ---- | C] () -- C:\Documents and Settings\Owner\AOs(1).eml
[2006/09/02 17:54:46 | 000,024,394 | ---- | C] () -- C:\Documents and Settings\Owner\Accommodation(1).eml
[2006/09/02 17:54:46 | 000,024,386 | ---- | C] () -- C:\Documents and Settings\Owner\Accommodation(2).eml
[2006/09/02 17:54:46 | 000,023,866 | ---- | C] () -- C:\Documents and Settings\Owner\eBay Item Not Won Similar Items Found 200 MARRIOTT BONUS BUCKS GIFT CERTIFICATE exp JAN 2006.eml
[2006/09/02 17:54:46 | 000,022,594 | ---- | C] () -- C:\Documents and Settings\Owner\Battling the Bears.eml
[2006/09/02 17:54:46 | 000,022,139 | ---- | C] () -- C:\Documents and Settings\Owner\eBay Bid Confirmed MARRIOTT BONUS BUCKS 100 COUPON Free Ship No Reserv Item 5591496873.eml
[2006/09/02 17:54:46 | 000,021,718 | ---- | C] () -- C:\Documents and Settings\Owner\eBay Bid Confirmed 200 MARRIOTT BONUS BUCKS GIFT CERTIFICATE exp JAN 2006 Item 5591001529.eml
[2006/09/02 17:54:46 | 000,021,323 | ---- | C] () -- C:\Documents and Settings\Owner\eBay Bid Confirmed 200 MARRIOTT BONUS BUCKS GIFT CERTIFICATE Nov 21 2005 Item 5591510705.eml
[2006/09/02 17:54:46 | 000,020,429 | ---- | C] () -- C:\Documents and Settings\Owner\Your invoice for eBay purchases item 5591510705 200 MARRIOTT BONUS BUCKS GIFT CERTIFICATE Nov 21 200.eml
[2006/09/02 17:54:46 | 000,018,388 | ---- | C] () -- C:\Documents and Settings\Owner\Receipt for Your Payment to ebay don comcast net.eml
[2006/09/02 17:54:46 | 000,017,591 | ---- | C] () -- C:\Documents and Settings\Owner\The creation of Capnlizard.eml
[2006/09/02 17:54:46 | 000,016,703 | ---- | C] () -- C:\Documents and Settings\Owner\Response to your question for eBay item 3980872397 Larry Mahan s Diamond Back Rattlesnake Skin Boots(1).eml
[2006/09/02 17:54:46 | 000,016,485 | ---- | C] () -- C:\Documents and Settings\Owner\Response to your question for eBay item 3980872397 Larry Mahan s Diamond Back Rattlesnake Skin Boots.eml
[2006/09/02 17:54:46 | 000,015,919 | ---- | C] () -- C:\Documents and Settings\Owner\eBay Outbid Notice MARRIOTT BONUS BUCKS 100 COUPON Free Ship No Reserv Item 5591496873.eml
[2006/09/02 17:54:46 | 000,015,912 | ---- | C] () -- C:\Documents and Settings\Owner\eBay Outbid Notice 200 MARRIOTT BONUS BUCKS GIFT CERTIFICATE exp JAN 2006 Item 5591001529.eml
[2006/09/02 17:54:46 | 000,015,410 | ---- | C] () -- C:\Documents and Settings\Owner\contrary result today.eml
[2006/09/02 17:54:46 | 000,013,260 | ---- | C] () -- C:\Documents and Settings\Owner\AOs.eml
[2006/09/02 17:54:46 | 000,013,062 | ---- | C] () -- C:\Documents and Settings\Owner\i m surprised very.eml
[2006/09/02 17:54:46 | 000,011,187 | ---- | C] () -- C:\Documents and Settings\Owner\mikemm here s a gift from PokerRoom com to welcome you back.eml
[2006/09/02 17:54:46 | 000,010,801 | ---- | C] () -- C:\Documents and Settings\Owner\Accommodation.eml
[2006/09/02 17:54:46 | 000,008,642 | ---- | C] () -- C:\Documents and Settings\Owner\Your Window Washer subscription is expired.eml
[2006/09/02 17:54:46 | 000,008,149 | ---- | C] () -- C:\Documents and Settings\Owner\apym.eml
[2006/09/02 17:54:46 | 000,005,401 | ---- | C] () -- C:\Documents and Settings\Owner\P S on APYM.eml
[2006/09/02 17:54:46 | 000,005,195 | ---- | C] () -- C:\Documents and Settings\Owner\Fw Response to your question for eBay item 8197880801 ISO 8859 1 Q AMERICAN.eml
[2006/09/02 17:54:46 | 000,004,222 | ---- | C] () -- C:\Documents and Settings\Owner\Fw AOs.eml
[2006/09/02 17:54:46 | 000,004,124 | ---- | C] () -- C:\Documents and Settings\Owner\Fw Response to your question for eBay item 8197880801 AMERICAN ISO 8859 1 Q OPTICAL_(1).eml
[2006/09/02 17:54:46 | 000,004,046 | ---- | C] () -- C:\Documents and Settings\Owner\hmmm apym.eml
[2006/09/02 17:54:46 | 000,003,345 | ---- | C] () -- C:\Documents and Settings\Owner\luccese rattlesnake boots(3).eml
[2006/09/02 17:54:46 | 000,003,265 | ---- | C] () -- C:\Documents and Settings\Owner\Receipt for your Payment.eml
[2006/09/02 17:54:46 | 000,002,467 | ---- | C] () -- C:\Documents and Settings\Owner\Marriott com Email Subscription Confirmation.eml
[2006/09/02 17:54:46 | 000,002,368 | ---- | C] () -- C:\Documents and Settings\Owner\Registration at Wired Radio Message Board.eml
[2006/09/02 17:54:46 | 000,002,225 | ---- | C] () -- C:\Documents and Settings\Owner\Return Credit Notification(1).eml
[2006/09/02 17:54:46 | 000,002,182 | ---- | C] () -- C:\Documents and Settings\Owner\Email Transfer Confirmation.eml
[2006/09/02 17:54:46 | 000,001,401 | ---- | C] () -- C:\Documents and Settings\Owner\Welcome to our list.eml
[2006/09/02 17:54:46 | 000,001,224 | ---- | C] () -- C:\Documents and Settings\Owner\NoSubject(7).eml
[2006/09/02 17:54:46 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\NoSubject(6).eml
[2006/09/02 17:54:45 | 000,239,281 | ---- | C] () -- C:\Documents and Settings\Owner\Response to your question for eBay item 8197880801 AMERICAN OPTICAL MILITARY ISSUE PILOT SUNGLASSES.eml
[2006/09/02 17:54:45 | 000,070,605 | ---- | C] () -- C:\Documents and Settings\Owner\Last of the MOHN is in(1).eml
[2006/09/02 17:54:45 | 000,069,069 | ---- | C] () -- C:\Documents and Settings\Owner\NoSubject(5).eml
[2006/09/02 17:54:45 | 000,038,861 | ---- | C] () -- C:\Documents and Settings\Owner\Jump start your summer Special Edition Click n Save May 27 2005.eml
[2006/09/02 17:54:45 | 000,038,612 | ---- | C] () -- C:\Documents and Settings\Owner\OPTIK260609 null(6).eml
[2006/09/02 17:54:45 | 000,035,807 | ---- | C] () -- C:\Documents and Settings\Owner\eBay Item Purchase SUPERB CODE WEST PYTHON SNAKESKIN BOOTS 9D Item 5350303644.eml
[2006/09/02 17:54:45 | 000,035,654 | ---- | C] () -- C:\Documents and Settings\Owner\Caffeine and Nocturnal Hypoglycemia.eml
[2006/09/02 17:54:45 | 000,031,646 | ---- | C] () -- C:\Documents and Settings\Owner\OPTIK260609 null(5).eml
[2006/09/02 17:54:45 | 000,030,524 | ---- | C] () -- C:\Documents and Settings\Owner\Morning Digest How to Beat the Market with a Coffee Can Portfolio.eml
[2006/09/02 17:54:45 | 000,028,380 | ---- | C] () -- C:\Documents and Settings\Owner\OPTIK260609 null(4).eml
[2006/09/02 17:54:45 | 000,027,896 | ---- | C] () -- C:\Documents and Settings\Owner\eBay Item Won AWESOME snakeskin Cowboy boots with TOE TIPS sz 9 Item 3976356795.eml
[2006/09/02 17:54:45 | 000,026,730 | ---- | C] () -- C:\Documents and Settings\Owner\eBay Watched items ending soon.eml
[2006/09/02 17:54:45 | 000,021,851 | ---- | C] () -- C:\Documents and Settings\Owner\OPTIK260609 null(3).eml
[2006/09/02 17:54:45 | 000,020,813 | ---- | C] () -- C:\Documents and Settings\Owner\Here s Your June Humana e Newsletter.eml
[2006/09/02 17:54:45 | 000,020,373 | ---- | C] () -- C:\Documents and Settings\Owner\eBay Watch List May 30 05 01 14 55 PDT.eml
[2006/09/02 17:54:45 | 000,019,854 | ---- | C] () -- C:\Documents and Settings\Owner\Your invoice for eBay purchases item 3976356795 AWESOME snakeskin Cowboy boots with TOE TIPS sz 9.eml
[2006/09/02 17:54:45 | 000,017,418 | ---- | C] () -- C:\Documents and Settings\Owner\eBay Bid Confirmed AWESOME snakeskin Cowboy boots with TOE TIPS sz 9 Item 3976356795.eml
[2006/09/02 17:54:45 | 000,016,790 | ---- | C] () -- C:\Documents and Settings\Owner\Response to your question for eBay item 3976618445 Custom Justin Snake Skin cowboy boots 9 D Kool Co.eml
[2006/09/02 17:54:45 | 000,016,187 | ---- | C] () -- C:\Documents and Settings\Owner\Response to your question for eBay item 3976909437 LAREDO Snakeskin Western Cowboy BOOTS Mens 9M.eml
[2006/09/02 17:54:45 | 000,016,172 | ---- | C] () -- C:\Documents and Settings\Owner\Question from eBay Member.eml
[2006/09/02 17:54:45 | 000,015,381 | ---- | C] () -- C:\Documents and Settings\Owner\OPTIK260609 null(2).eml
[2006/09/02 17:54:45 | 000,012,734 | ---- | C] () -- C:\Documents and Settings\Owner\Receipt for Your Payment to busky7.eml
[2006/09/02 17:54:45 | 000,012,206 | ---- | C] () -- C:\Documents and Settings\Owner\Your Window Washer is out of date.eml
[2006/09/02 17:54:45 | 000,011,563 | ---- | C] () -- C:\Documents and Settings\Owner\Sig 228 on SigForum com.eml
[2006/09/02 17:54:45 | 000,009,898 | ---- | C] () -- C:\Documents and Settings\Owner\new computer(1).eml
[2006/09/02 17:54:45 | 000,009,676 | ---- | C] () -- C:\Documents and Settings\Owner\NoSubject(4).eml
[2006/09/02 17:54:45 | 000,009,618 | ---- | C] () -- C:\Documents and Settings\Owner\Your pictures have been shared.eml
[2006/09/02 17:54:45 | 000,008,766 | ---- | C] () -- C:\Documents and Settings\Owner\Ticketless Confirmation.eml
[2006/09/02 17:54:45 | 000,007,401 | ---- | C] () -- C:\Documents and Settings\Owner\Cashier Support Form Submission 944319.eml
[2006/09/02 17:54:45 | 000,007,138 | ---- | C] () -- C:\Documents and Settings\Owner\Party Poker New Account E mail Confirmation.eml
[2006/09/02 17:54:45 | 000,007,075 | ---- | C] () -- C:\Documents and Settings\Owner\New Reply by BigD6765 Re WTT exc P228 for 226 357 or 40.eml
[2006/09/02 17:54:45 | 000,006,821 | ---- | C] () -- C:\Documents and Settings\Owner\Software Instructions for Invoice D000001111886.eml
[2006/09/02 17:54:45 | 000,006,496 | ---- | C] () -- C:\Documents and Settings\Owner\OPTIK260609 null(1).eml
[2006/09/02 17:54:45 | 000,006,117 | ---- | C] () -- C:\Documents and Settings\Owner\luccese rattlesnake boots(2).eml
[2006/09/02 17:54:45 | 000,006,006 | ---- | C] () -- C:\Documents and Settings\Owner\article.eml
[2006/09/02 17:54:45 | 000,005,834 | ---- | C] () -- C:\Documents and Settings\Owner\Medscape Account Reactivation.eml
[2006/09/02 17:54:45 | 000,005,709 | ---- | C] () -- C:\Documents and Settings\Owner\Question for eBay item 5350303644 SUPERB CODE WEST PYTHON SNAKESKIN BOOTS 9D.eml
[2006/09/02 17:54:45 | 000,005,638 | ---- | C] () -- C:\Documents and Settings\Owner\Test successful Helpful links included Please do not respond to this email.eml
[2006/09/02 17:54:45 | 000,005,504 | ---- | C] () -- C:\Documents and Settings\Owner\Boot Hill Ranch.eml
[2006/09/02 17:54:45 | 000,004,891 | ---- | C] () -- C:\Documents and Settings\Owner\ebay customer has question(2).eml
[2006/09/02 17:54:45 | 000,004,860 | ---- | C] () -- C:\Documents and Settings\Owner\Your Software Update Spy Sweeper 1 Year Subscription.eml
[2006/09/02 17:54:45 | 000,004,471 | ---- | C] () -- C:\Documents and Settings\Owner\UPS Label for your Shoedini Return Order 3548646.eml
[2006/09/02 17:54:45 | 000,004,385 | ---- | C] () -- C:\Documents and Settings\Owner\new computer.eml
[2006/09/02 17:54:45 | 000,004,369 | ---- | C] () -- C:\Documents and Settings\Owner\luccese rattlesnake boots(1).eml
[2006/09/02 17:54:45 | 000,004,336 | ---- | C] () -- C:\Documents and Settings\Owner\Your Software Update Window Washer Renewal.eml
[2006/09/02 17:54:45 | 000,004,281 | ---- | C] () -- C:\Documents and Settings\Owner\new computer(2).eml
[2006/09/02 17:54:45 | 000,004,232 | ---- | C] () -- C:\Documents and Settings\Owner\TampaGov msg Overgrown Lot or Yard Complaint.eml
[2006/09/02 17:54:45 | 000,003,686 | ---- | C] () -- C:\Documents and Settings\Owner\Re RE Re RE Cashier Support Form Submission 943146.eml
[2006/09/02 17:54:45 | 000,003,676 | ---- | C] () -- C:\Documents and Settings\Owner\Response to your question for eBay item 8197880801 AMERICAN ISO 8859 1 Q OPTICAL_.eml
[2006/09/02 17:54:45 | 000,003,580 | ---- | C] () -- C:\Documents and Settings\Owner\cathy olsen.eml
[2006/09/02 17:54:45 | 000,003,425 | ---- | C] () -- C:\Documents and Settings\Owner\Re.eml
[2006/09/02 17:54:45 | 000,003,410 | ---- | C] () -- C:\Documents and Settings\Owner\Your Walgreens com Registration the Next Step(1).eml
[2006/09/02 17:54:45 | 000,003,314 | ---- | C] () -- C:\Documents and Settings\Owner\Your NETELLER Account Details.eml
[2006/09/02 17:54:45 | 000,003,295 | ---- | C] () -- C:\Documents and Settings\Owner\ebay customer has question(1).eml
[2006/09/02 17:54:45 | 000,003,249 | ---- | C] () -- C:\Documents and Settings\Owner\Return Credit Notification.eml
[2006/09/02 17:54:45 | 000,003,205 | ---- | C] () -- C:\Documents and Settings\Owner\Fw Response to your question for eBay item 8197880801 AMERICAN ISO 8859 1 Q OPTICAL_.eml
[2006/09/02 17:54:45 | 000,003,152 | ---- | C] () -- C:\Documents and Settings\Owner\Bonus details 2759204(2).eml
[2006/09/02 17:54:45 | 000,003,127 | ---- | C] () -- C:\Documents and Settings\Owner\great boots(1).eml
[2006/09/02 17:54:45 | 000,003,041 | ---- | C] () -- C:\Documents and Settings\Owner\Your prescription order has been shipped.eml
[2006/09/02 17:54:45 | 000,003,026 | ---- | C] () -- C:\Documents and Settings\Owner\Re RE Cashier Support Form Submission 942871.eml
[2006/09/02 17:54:45 | 000,002,959 | ---- | C] () -- C:\Documents and Settings\Owner\non acceptance for CC 943157.eml
[2006/09/02 17:54:45 | 000,002,925 | ---- | C] () -- C:\Documents and Settings\Owner\Re RE Cashier Support Form Submission 943146.eml
[2006/09/02 17:54:45 | 000,002,881 | ---- | C] () -- C:\Documents and Settings\Owner\NETELLER Password Reminder.eml
[2006/09/02 17:54:45 | 000,002,868 | ---- | C] () -- C:\Documents and Settings\Owner\BusinessWeek Online Thank You.eml
[2006/09/02 17:54:45 | 000,002,814 | ---- | C] () -- C:\Documents and Settings\Owner\OPTIK260608 logged in help express fund.eml
[2006/09/02 17:54:45 | 000,002,784 | ---- | C] () -- C:\Documents and Settings\Owner\OPTIK260609 null.eml
[2006/09/02 17:54:45 | 000,002,654 | ---- | C] () -- C:\Documents and Settings\Owner\Welcome to MyTampaGov.eml
[2006/09/02 17:54:45 | 000,002,629 | ---- | C] () -- C:\Documents and Settings\Owner\Re RE Cashier Support Form Submission 941629.eml
[2006/09/02 17:54:45 | 000,002,616 | ---- | C] () -- C:\Documents and Settings\Owner\Validation deposit failure re registration required.eml
[2006/09/02 17:54:45 | 000,002,591 | ---- | C] () -- C:\Documents and Settings\Owner\Webroot Software Inc Customer Receipt Purchase Confirmation.eml
[2006/09/02 17:54:45 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\Owner\TampaGov msg Tracking Nbr 50388 Case Created.eml
[2006/09/02 17:54:45 | 000,002,389 | ---- | C] () -- C:\Documents and Settings\Owner\Return Request Confirmation.eml
[2006/09/02 17:54:45 | 000,002,248 | ---- | C] () -- C:\Documents and Settings\Owner\luccese rattlesnake boots.eml
[2006/09/02 17:54:45 | 000,002,231 | ---- | C] () -- C:\Documents and Settings\Owner\great boots.eml
[2006/09/02 17:54:45 | 000,002,155 | ---- | C] () -- C:\Documents and Settings\Owner\am i missing something.eml
[2006/09/02 17:54:45 | 000,002,097 | ---- | C] () -- C:\Documents and Settings\Owner\The China Stock Blog.eml
[2006/09/02 17:54:45 | 000,001,994 | ---- | C] () -- C:\Documents and Settings\Owner\An interesting article from AllAboutArthritis com.eml
[2006/09/02 17:54:45 | 000,001,988 | ---- | C] () -- C:\Documents and Settings\Owner\Cashier Support Form Submission 943146.eml
[2006/09/02 17:54:45 | 000,001,976 | ---- | C] () -- C:\Documents and Settings\Owner\myCitadel Signup.eml
[2006/09/02 17:54:45 | 000,001,921 | ---- | C] () -- C:\Documents and Settings\Owner\Successful sign up with FirePay.eml
[2006/09/02 17:54:45 | 000,001,909 | ---- | C] () -- C:\Documents and Settings\Owner\Your FirePay Personal Account has been successfully reactivated.eml
[2006/09/02 17:54:45 | 000,001,908 | ---- | C] () -- C:\Documents and Settings\Owner\Bank Account Verified.eml
[2006/09/02 17:54:45 | 000,001,883 | ---- | C] () -- C:\Documents and Settings\Owner\ebay customer has question.eml
[2006/09/02 17:54:45 | 000,001,739 | ---- | C] () -- C:\Documents and Settings\Owner\iGM Pay Transfer Received and Pending.eml
[2006/09/02 17:54:45 | 000,001,732 | ---- | C] () -- C:\Documents and Settings\Owner\Request for password.eml
[2006/09/02 17:54:45 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\Owner\Cashier Support Form Submission 942871.eml
[2006/09/02 17:54:45 | 000,001,658 | ---- | C] () -- C:\Documents and Settings\Owner\Google Password Assistance.eml
[2006/09/02 17:54:45 | 000,001,566 | ---- | C] () -- C:\Documents and Settings\Owner\iGM Pay Instant Transfer Added to Your Account(2).eml
[2006/09/02 17:54:45 | 000,001,555 | ---- | C] () -- C:\Documents and Settings\Owner\iGM Pay Instant Transfer Added to Your Account(1).eml
[2006/09/02 17:54:45 | 000,001,554 | ---- | C] () -- C:\Documents and Settings\Owner\iGM Pay Instant Transfer Added to Your Account.eml
[2006/09/02 17:54:45 | 000,001,512 | ---- | C] () -- C:\Documents and Settings\Owner\iGM Pay Transfer Added to Your Account.eml
[2006/09/02 17:54:45 | 000,001,493 | ---- | C] () -- C:\Documents and Settings\Owner\Your FirePay password has been reset.eml
[2006/09/02 17:54:45 | 000,001,418 | ---- | C] () -- C:\Documents and Settings\Owner\UltimateBet password hint.eml
[2006/09/02 17:54:44 | 000,069,581 | ---- | C] () -- C:\Documents and Settings\Owner\Last of the MOHN is in.eml
[2006/09/02 17:54:44 | 000,031,181 | ---- | C] () -- C:\Documents and Settings\Owner\NoSubject.eml
[2006/09/02 17:54:44 | 000,028,680 | ---- | C] () -- C:\Documents and Settings\Owner\Your first issue of Canon News.eml
[2006/09/02 17:54:44 | 000,026,573 | ---- | C] () -- C:\Documents and Settings\Owner\NoSubject(1).eml
[2006/09/02 17:54:44 | 000,021,965 | ---- | C] () -- C:\Documents and Settings\Owner\NoSubject(2).eml
[2006/09/02 17:54:44 | 000,016,127 | ---- | C] () -- C:\Documents and Settings\Owner\The Diabetic Hand.eml
[2006/09/02 17:54:44 | 000,012,793 | ---- | C] () -- C:\Documents and Settings\Owner\Diabetic Retinopathy.eml
[2006/09/02 17:54:44 | 000,010,845 | ---- | C] () -- C:\Documents and Settings\Owner\Your New Card Account.eml
[2006/09/02 17:54:44 | 000,010,566 | ---- | C] () -- C:\Documents and Settings\Owner\Suite Request.eml
[2006/09/02 17:54:44 | 000,008,653 | ---- | C] () -- C:\Documents and Settings\Owner\NoSubject(3).eml
[2006/09/02 17:54:44 | 000,005,732 | ---- | C] () -- C:\Documents and Settings\Owner\Hey.eml
[2006/09/02 17:54:44 | 000,005,166 | ---- | C] () -- C:\Documents and Settings\Owner\Different artery test for ApoA 1 Milano efficiency.eml
[2006/09/02 17:54:44 | 000,003,986 | ---- | C] () -- C:\Documents and Settings\Owner\Further testing of ApoA 1 Milano.eml
[2006/09/02 17:54:44 | 000,003,275 | ---- | C] () -- C:\Documents and Settings\Owner\CZ.eml
[2006/09/02 17:54:44 | 000,003,210 | ---- | C] () -- C:\Documents and Settings\Owner\Your Walgreens com Registration the Next Step.eml
[2006/09/02 17:54:44 | 000,002,917 | ---- | C] () -- C:\Documents and Settings\Owner\ppk from ulm.eml
[2006/09/02 17:54:44 | 000,002,736 | ---- | C] () -- C:\Documents and Settings\Owner\Your recent SBC Internet Services Experience.eml
[2006/09/02 17:54:44 | 000,002,640 | ---- | C] () -- C:\Documents and Settings\Owner\Bonus details 2759204.eml
[2006/09/02 17:54:44 | 000,002,364 | ---- | C] () -- C:\Documents and Settings\Owner\NEW ADDRESS PHONE etc.eml
[2006/09/02 17:54:44 | 000,002,128 | ---- | C] () -- C:\Documents and Settings\Owner\Bonus details 2759204(1).eml
[2006/09/02 17:54:44 | 000,002,077 | ---- | C] () -- C:\Documents and Settings\Owner\how have you been.eml
[2006/09/02 17:54:44 | 000,001,583 | ---- | C] () -- C:\Documents and Settings\Owner\Walther PPK.eml
[2006/09/02 17:54:44 | 000,001,416 | ---- | C] () -- C:\Documents and Settings\Owner\Ted s phone.eml
[2006/09/02 17:54:44 | 000,001,258 | ---- | C] () -- C:\Documents and Settings\Owner\Medscape s Username Password reminder.eml
[2006/09/02 16:42:15 | 000,047,969 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\FASTWiz.log
[2006/09/02 03:17:43 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS6y.DLL
[2006/09/02 03:15:47 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2006/09/02 03:15:34 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2006/09/02 03:13:26 | 000,000,532 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2006/09/02 03:10:19 | 000,000,398 | ---- | C] () -- C:\WINDOWS\System32\CNCMP60.INI
[2006/09/01 22:14:23 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/09/01 21:13:35 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2006/09/01 21:13:35 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT.LOG
[2006/09/01 21:07:43 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2006/09/01 21:02:06 | 000,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll
[2006/09/01 21:02:06 | 000,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll
[2006/09/01 19:50:49 | 000,000,075 | ---- | C] () -- C:\Documents and Settings\Owner\LuResult.txt
[2004/08/27 06:50:59 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/26 14:09:28 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\Owner\ntuser.ini
[2004/08/26 14:09:27 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Owner\ntuser.dat.LOG
[2004/08/26 12:12:43 | 000,001,314 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/08/26 12:12:43 | 000,000,486 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1998/08/16 06:00:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll

========== Custom Scans ==========


< %appdata%\*.exe >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/13 20:11:52 | 000,357,888 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2008/04/13 20:11:52 | 000,205,312 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %SYSTEMDRIVE%\*.exe >
[2008/11/11 05:17:23 | 002,147,505 | ---- | M] () -- C:\E973100.EXE env print.EXE
[2007/01/18 18:24:29 | 001,410,680 | ---- | M] () -- C:\install_flash_player.exe
[2006/12/30 19:01:35 | 001,478,144 | ---- | M] () -- C:\MS-7093BIOS.exe
[2008/10/11 21:44:15 | 010,511,712 | ---- | M] () -- C:\winzip120.exe


< MD5 for: ATAPI.SYS >
[2004/08/04 15:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\My Backup -- 01-09-06 1740\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004/08/04 15:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\My Backup -- 01-09-06 1740\WINDOWS\I386\sp2.cab:atapi.sys
[2004/08/04 15:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/08/22 23:35:43 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/04 15:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2008/08/22 23:35:43 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 02:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\My Backup -- 01-09-06 1740\WINDOWS\system32\dllcache\atapi.sys
[2004/08/04 02:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\My Backup -- 01-09-06 1740\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 08:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\My Backup -- 01-09-06 1740\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys
[2004/08/04 01:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 08:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys

< MD5 for: BEEP.SYS >
[2004/08/04 15:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\My Backup -- 01-09-06 1740\WINDOWS\system32\dllcache\beep.sys
[2004/08/04 15:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\My Backup -- 01-09-06 1740\WINDOWS\system32\drivers\beep.sys
[2004/08/04 15:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys
[2004/08/04 15:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 15:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\My Backup -- 01-09-06 1740\WINDOWS\system32\dllcache\eventlog.dll
[2004/08/04 15:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\My Backup -- 01-09-06 1740\WINDOWS\system32\eventlog.dll
[2004/08/04 15:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 15:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\My Backup -- 01-09-06 1740\WINDOWS\system32\dllcache\netlogon.dll
[2004/08/04 15:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\My Backup -- 01-09-06 1740\WINDOWS\system32\netlogon.dll
[2004/08/04 15:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: PROQUOTA.EXE >
[2004/08/04 15:00:00 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=4D9D45A4370E0C2AD00C362B7118E2A4 -- C:\My Backup -- 01-09-06 1740\WINDOWS\system32\dllcache\proquota.exe
[2004/08/04 15:00:00 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=4D9D45A4370E0C2AD00C362B7118E2A4 -- C:\My Backup -- 01-09-06 1740\WINDOWS\system32\proquota.exe
[2004/08/04 15:00:00 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=4D9D45A4370E0C2AD00C362B7118E2A4 -- C:\WINDOWS\$NtServicePackUninstall$\proquota.exe
[2008/04/13 20:12:32 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\ServicePackFiles\i386\proquota.exe
[2008/04/13 20:12:32 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\system32\proquota.exe

< MD5 for: SCECLI.DLL >
[2004/08/04 15:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\My Backup -- 01-09-06 1740\WINDOWS\system32\dllcache\scecli.dll
[2004/08/04 15:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\My Backup -- 01-09-06 1740\WINDOWS\system32\scecli.dll
[2004/08/04 15:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SFCFILES.DLL >
[2004/08/04 15:00:00 | 001,580,544 | ---- | M] (Microsoft Corporation) MD5=30A609E00BD1D4FFC49D6B5A432BE7F2 -- C:\My Backup -- 01-09-06 1740\WINDOWS\system32\dllcache\sfcfiles.dll
[2004/08/04 15:00:00 | 001,580,544 | ---- | M] (Microsoft Corporation) MD5=30A609E00BD1D4FFC49D6B5A432BE7F2 -- C:\My Backup -- 01-09-06 1740\WINDOWS\system32\sfcfiles.dll
[2004/08/04 15:00:00 | 001,580,544 | ---- | M] (Microsoft Corporation) MD5=30A609E00BD1D4FFC49D6B5A432BE7F2 -- C:\WINDOWS\$NtServicePackUninstall$\sfcfiles.dll
[2008/04/13 20:12:05 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\ServicePackFiles\i386\sfcfiles.dll
[2008/04/13 20:12:05 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\system32\sfcfiles.dll

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 158 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CE646EE
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2BEAD632
< End of report >


------------------------------------------------------------------------------------------------------------------------------------------------------------------




OTL Extras logfile created on: 4/13/2010 4:12:35 PM - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\Owner\Desktop\virus
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

894.00 Mb Total Physical Memory | 416.00 Mb Available Physical Memory | 47.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.29 Gb Total Space | 122.39 Gb Free Space | 84.24% Space Free | Partition Type: NTFS
Drive D: | 15.73 Gb Total Space | 15.72 Gb Free Space | 99.98% Space Free | Partition Type: FAT32
Drive E: | 3.75 Gb Total Space | 1.68 Gb Free Space | 44.81% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
Unable to calculate disk information.
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: X
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found
"C:\My Backup -- 01-09-06 1740\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe" = C:\My Backup -- 01-09-06 1740\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe:*:Enabled:EasyShare -- File not found
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:TrueVector Service -- File not found
"C:\Program Files\TurboTax\Premier 2006\32bit\ttax.exe" = C:\Program Files\TurboTax\Premier 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Premier 2006\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Premier 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)
"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe" = C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater -- File not found
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{109AB81D-9732-40B3-9C1F-113A86CE6F93}" = Canon MP Navigator 1.0
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{18A5DFF2-8A95-49F3-873F-743CB5549F3D}" = Canon ScanGearStarter
"{1E2F8AE3-3437-44E6-BB75-E95751D6B83F}" = Picture Package
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{366FFC89-C800-4366-B903-B9C4314109A5}" = Garmin WebUpdater
"{3A7BF905-F37D-4DFB-8308-EC3AA4617B36}" = Garmin Communicator Plugin
"{3FF3DD04-F386-46B0-97FC-B86238B65487}" = Canon MP Drivers 6.0
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}" = OmniPage SE 2.0
"{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}" = Digital Media Reader
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A8DF8593-F619-47DE-AD27-BCABF233433A}" = STOIK Video Converter 2
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.0
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}" = TurboTax ItsDeductible 2006
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D6A1E429-CCE1-4140-A615-710B806D12BA}" = Motorola Driver Installation 3.2.0
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E590FD1C-E8C6-4D2E-8CA9-77B403F7EE01}" = Microsoft Antimalware
"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F8C6BABF-0837-4EA0-AD6C-8E5A392A7538}" = ImageMixer VCD2
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FF262740-C85A-11D5-BBEC-00D0B740900A}" = Multimedia Keyboard Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.57
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"All ATI Software" = ATI - Software Uninstall Utility
"America Online us" = America Online (Choose which version to remove)
"a-squared Free_is1" = a-squared Free 4.5
"ATI Display Driver" = ATI Display Driver
"avast!" = avast! Antivirus
"Browser Defender_is1" = Browser Defender 2.0.6.15
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1" = SoftV92 Data Fax Modem with SmartCP
"DriveSpacio_is1" = DriveSpacio 0.2.2 Build 1 (Beta)
"DVD Flick_is1" = DVD Flick
"ExpressBurn" = Express Burn
"FavOrg" = FavOrg
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"InstallShield_{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}" = Digital Media Reader
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.7.5 Basic
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Essentials" = Microsoft Security Essentials
"MobiMB Mobile Media Browser" = MobiMB Mobile Media Browser
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Reimage Repair" = Reimage Repair
"Spell Checker For OE 2.1" = Spell Checker For OE 2.1
"Spyware Doctor" = Spyware Doctor 7.0
"TurboTax Premier Investments 2006" = TurboTax Premier Investments 2006
"Window Washer" = Window Washer
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"yWriter5_is1" = yWriter5

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3808688571-1347212822-3530971873-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"QUICKMEDIACONVERTER" = Player
"Sansa Updater" = Sansa Updater

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 11/22/2009 12:51:32 PM | Computer Name = X | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\RPKO9BNT\570303-0[1].jpg
failed, 0000A413.

Error - 11/22/2009 12:51:40 PM | Computer Name = X | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\RPKO9BNT\styleswitcher[1].js
failed, 0000A413.

Error - 11/22/2009 12:52:22 PM | Computer Name = X | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\WT6FW5Q3\1157[1].jpg
failed, 0000A413.

Error - 11/22/2009 12:52:48 PM | Computer Name = X | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\WT6FW5Q3\sandraWipp_28_78x78[1].jpg
failed, 0000A413.

Error - 11/22/2009 12:53:47 PM | Computer Name = X | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\X5FJQOQD\darroXxX_25_110x110[1].jpg
failed, 0000A413.

Error - 11/22/2009 12:54:08 PM | Computer Name = X | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\Y0TZJ2LZ\2hotlatina33_28_78x78[1].jpg
failed, 0000A413.

Error - 11/22/2009 12:55:20 PM | Computer Name = X | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\ZZTUWPFF\base_media[4].jpg
failed, 0000A413.

Error - 11/22/2009 12:55:27 PM | Computer Name = X | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\ZZTUWPFF\xfridaynitespecialx_19_78x78[1].jpg
failed, 0000A413.

Error - 12/10/2009 12:59:11 AM | Computer Name = X | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://allthreatsremove-a7.com/scan1/?pid=...TEyNjE0NIEOMAkM
failed, 00000005.

Error - 12/13/2009 11:09:36 AM | Computer Name = X | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://micuvbcmpnf.com/nte/AVORP1TREST7.ht...81303J030006010
failed, 00000005.

[ Application Events ]
Error - 3/30/2010 1:52:05 AM | Computer Name = X | Source = Google Update | ID = 20
Description =

Error - 4/3/2010 11:52:14 PM | Computer Name = X | Source = Google Update | ID = 20
Description =

Error - 4/6/2010 8:11:59 PM | Computer Name = X | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/12/2010 11:09:43 AM | Computer Name = X | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P2 2.1.6519.0, P3 timeout, P4 0.0.0.0, P5 local, P6 unspecified, P7 unspecified,
P8 NIL, P9 NIL, P10 NIL.

Error - 4/12/2010 11:10:08 AM | Computer Name = X | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P2 2.1.6519.0, P3 timeout, P4 1.1.5605.0, P5 local, P6 unspecified, P7 unspecified,
P8 NIL, P9 NIL, P10 NIL.

Error - 4/13/2010 1:55:40 PM | Computer Name = X | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P2 2.1.6519.0, P3 timeout, P4 0.0.0.0, P5 local, P6 unspecified, P7 unspecified,
P8 NIL, P9 NIL, P10 NIL.

Error - 4/13/2010 1:56:03 PM | Computer Name = X | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P2 2.1.6519.0, P3 timeout, P4 1.1.5605.0, P5 local, P6 unspecified, P7 unspecified,
P8 NIL, P9 NIL, P10 NIL.

Error - 4/13/2010 1:56:05 PM | Computer Name = X | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P2 2.1.6519.0, P3 timeout, P4 1.1.5605.0, P5 local, P6 unspecified, P7 unspecified,
P8 NIL, P9 NIL, P10 NIL.

Error - 4/13/2010 1:56:05 PM | Computer Name = X | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P2 2.1.6519.0, P3 timeout, P4 1.1.5605.0, P5 local, P6 unspecified, P7 unspecified,
P8 NIL, P9 NIL, P10 NIL.

Error - 4/13/2010 1:56:06 PM | Computer Name = X | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P2 2.1.6519.0, P3 passthrough, P4 1.1.5605.0, P5 local, P6 unspecified, P7 unspecified,
P8 NIL, P9 NIL, P10 NIL.

[ System Events ]
Error - 4/11/2010 10:28:59 PM | Computer Name = X | Source = PlugPlayManager | ID = 12
Description = The device 'RAS Async Adapter' (SW\{eeab7790-c514-11d1-b42b-00805fc1270e}\asyncmac)
disappeared from the system without first being prepared for removal.

Error - 4/12/2010 11:10:00 AM | Computer Name = X | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the WebClient service to
connect.

Error - 4/12/2010 11:10:00 AM | Computer Name = X | Source = Service Control Manager | ID = 7000
Description = The WebClient service failed to start due to the following error:
%%1053

Error - 4/12/2010 11:10:37 AM | Computer Name = X | Source = PlugPlayManager | ID = 12
Description = The device 'RAS Async Adapter' (SW\{eeab7790-c514-11d1-b42b-00805fc1270e}\asyncmac)
disappeared from the system without first being prepared for removal.

Error - 4/12/2010 5:15:28 PM | Computer Name = X | Source = PlugPlayManager | ID = 12
Description = The device 'RAS Async Adapter' (SW\{eeab7790-c514-11d1-b42b-00805fc1270e}\asyncmac)
disappeared from the system without first being prepared for removal.

Error - 4/13/2010 1:55:32 PM | Computer Name = X | Source = Microsoft Antimalware | ID = 3002
Description = %%861 Real-Time Protection feature has encountered an error and failed.

Feature:
%%834 Error Code: 0x80004005 Error description: Unspecified error Reason: %%838

Error - 4/13/2010 1:55:56 PM | Computer Name = X | Source = Service Control Manager | ID = 7022
Description = The Workstation service hung on starting.

Error - 4/13/2010 1:59:06 PM | Computer Name = X | Source = PlugPlayManager | ID = 12
Description = The device 'RAS Async Adapter' (SW\{eeab7790-c514-11d1-b42b-00805fc1270e}\asyncmac)
disappeared from the system without first being prepared for removal.

Error - 4/13/2010 2:14:54 PM | Computer Name = X | Source = PlugPlayManager | ID = 12
Description = The device 'RAS Async Adapter' (SW\{eeab7790-c514-11d1-b42b-00805fc1270e}\asyncmac)
disappeared from the system without first being prepared for removal.

Error - 4/13/2010 4:08:12 PM | Computer Name = X | Source = PlugPlayManager | ID = 12
Description = The device 'RAS Async Adapter' (SW\{eeab7790-c514-11d1-b42b-00805fc1270e}\asyncmac)
disappeared from the system without first being prepared for removal.


< End of report >
--------------------------------------------------------



#5 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:10:49 AM

Posted 13 April 2010 - 04:35 PM

Hi process8,


I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either Avast or Microsoft Security Essentials.



Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    CODE
    :OTL
    O4 - HKLM..\RunOnce: [BCInstall0] C:\Program Files\Pc Cleaner\pcclean.exe File not found
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
    O33 - MountPoints2\{7af24f57-3a21-11db-b6e3-806d6172696f}\Shell - "" = AutoRun
    O33 - MountPoints2\{7af24f57-3a21-11db-b6e3-806d6172696f}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\E\Shell - "" = AutoRun
    O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
    MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk - C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE - File not found
    MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk - C:\Program Files\BigFix\BigFix.exe - File not found
    MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk - C:\PROGRA~1\Kodak\KODAKS~1\7288971\Program\KODAKS~1.EXE - File not found
    MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^run_startmenu.cmd - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\run_startmenu.cmd - File not found
    MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe - File not found
    MsConfig - StartUpReg: CAVRID - hkey= - key= - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe File not found
    MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found
    MsConfig - StartUpReg: PC Suite Tray - hkey= - key= - C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe File not found
    MsConfig - StartUpReg: PCSuiteTrayApplication - hkey= - key= - C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE File not found
    MsConfig - StartUpReg: PcSync - hkey= - key= - C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe File not found
    MsConfig - StartUpReg: QOELOADER - hkey= - key= - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe File not found
    MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe File not found
    MsConfig - StartUpReg: SpyEmergency - hkey= - key= - C:\Program Files\NETGATE\Spy Emergency 2008\SpyEmergency.exe File not found
    MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe File not found\RegistryBooster.exe File not found
    MsConfig - StartUpReg: updateMgr - hkey= - key= - C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe File not found
    @Alternate Data Stream - 158 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CE646EE
    @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
    @Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2BEAD632
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run a new OTL scan without the bold text, and post the new OTL log.


  1. Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  2. Disconnect from the Internet and close all running programs, as this process may crash your computer.
  3. Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
  4. Double click on Gmer to run it.
  5. Allow the gmer.sys driver to load if asked.
  6. You may see a rootkit warning window, If you do, click No.
  7. Untick the following boxes on the right side of the Gmer screen.
    Show All
  8. Click on and wait for the scan to finish.
  9. If you see a rootkit warning window, click OK.
  10. Push and save the logfile to your desktop.
  11. Copy and Paste the contents of that file in your next post.



Then please post back here with the following logs:
  • OTL results
  • New OTL log
  • Gmer log

Thanks

unite.jpg


#6 process8

process8
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:05:49 AM

Posted 13 April 2010 - 06:12 PM

Thank you for your help. Syler.

here's ther first log:

All processes killed
Error: Unable to interpret <O4 - HKLM..\RunOnce: [BCInstall0] C:\Program Files\Pc Cleaner\pcclean.exe File not found> in the current context!
Error: Unable to interpret <O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (Reg Error: Key error.)> in the current context!
Error: Unable to interpret <O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)> in the current context!
Error: Unable to interpret <O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{7af24f57-3a21-11db-b6e3-806d6172696f}\Shell - "" = AutoRun> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{7af24f57-3a21-11db-b6e3-806d6172696f}\Shell\AutoRun - "" = Auto&Play> in the current context!
Error: Unable to interpret <O33 - MountPoints2\E\Shell - "" = AutoRun> in the current context!
Error: Unable to interpret <O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play> in the current context!
Error: Unable to interpret <MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk - C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE - File not found> in the current context!
Error: Unable to interpret <MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk - C:\Program Files\BigFix\BigFix.exe - File not found> in the current context!
Error: Unable to interpret <MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk - C:\PROGRA~1\Kodak\KODAKS~1\7288971\Program\KODAKS~1.EXE - File not found> in the current context!
Error: Unable to interpret <MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^run_startmenu.cmd - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\run_startmenu.cmd - File not found> in the current context!
Error: Unable to interpret <MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe - File not found> in the current context!
Error: Unable to interpret <MsConfig - StartUpReg: CAVRID - hkey= - key= - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe File not found> in the current context!
Error: Unable to interpret <MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found> in the current context!
Error: Unable to interpret <MsConfig - StartUpReg: PC Suite Tray - hkey= - key= - C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe File not found> in the current context!
Error: Unable to interpret <MsConfig - StartUpReg: PCSuiteTrayApplication - hkey= - key= - C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE File not found> in the current context!
Error: Unable to interpret <MsConfig - StartUpReg: PcSync - hkey= - key= - C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe File not found> in the current context!
Error: Unable to interpret <MsConfig - StartUpReg: QOELOADER - hkey= - key= - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe File not found> in the current context!
Error: Unable to interpret <MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe File not found> in the current context!
Error: Unable to interpret <MsConfig - StartUpReg: SpyEmergency - hkey= - key= - C:\Program Files\NETGATE\Spy Emergency 2008\SpyEmergency.exe File not found> in the current context!
Error: Unable to interpret <MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe File not found\RegistryBooster.exe File not found> in the current context!
Error: Unable to interpret <MsConfig - StartUpReg: updateMgr - hkey= - key= - C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe File not found> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 158 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CE646EE> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2BEAD632> in the current context!
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41 bytes

User: LocalService
->Temp folder emptied: 65716 bytes
->Temporary Internet Files folder emptied: 33664 bytes

User: NetworkService
->Temp folder emptied: 25602 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Owner
->Temp folder emptied: 820768 bytes
->Temporary Internet Files folder emptied: 20724512 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 553986 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 109910 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 21.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: Owner
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.1.1 log created on 04132010_190559

Files\Folders moved on Reboot...
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\GR1ZI6NL\iframe[1].htm moved successfully.
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
C:\WINDOWS\temp\Perflib_Perfdata_624.dat moved successfully.

Registry entries deleted on Reboot...

--------------------------------------------------------------------------------

here's the otl run scan:

OTL logfile created on: 4/13/2010 7:13:09 PM - Run 2
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\Owner\Desktop\virus
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

894.00 Mb Total Physical Memory | 389.00 Mb Available Physical Memory | 44.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.29 Gb Total Space | 122.50 Gb Free Space | 84.31% Space Free | Partition Type: NTFS
Drive D: | 15.73 Gb Total Space | 15.72 Gb Free Space | 99.98% Space Free | Partition Type: FAT32
Drive E: | 3.75 Gb Total Space | 1.68 Gb Free Space | 44.81% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
Unable to calculate disk information.
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: X
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/13 16:08:38 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\virus\OTL.exe
PRC - [2010/01/22 09:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2009/12/18 09:58:00 | 000,040,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
PRC - [2009/11/24 19:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/24 19:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/24 19:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/11/24 19:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/11/24 19:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/10/01 16:03:14 | 001,858,144 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\a-squared Free\a2service.exe
PRC - [2009/03/05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/11/09 16:51:19 | 000,079,872 | ---- | M] (SanDisk Corporation) -- C:\Documents and Settings\Owner\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/05 15:43:24 | 000,389,448 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Washer\WasherSvc.exe
PRC - [2007/09/05 15:43:14 | 001,261,384 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Washer\wwDisp.exe
PRC - [2006/09/01 21:00:03 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2005/12/22 18:37:26 | 000,266,240 | ---- | M] (Data Perceptions / PowerProgrammer) -- C:\WINDOWS\system32\WebUpdateSvc.exe
PRC - [2004/11/15 18:04:32 | 000,135,168 | ---- | M] (Alcor Micro, Corp.) -- C:\Program Files\Digital Media Reader\shwiconEM.exe
PRC - [2003/05/08 12:00:58 | 000,049,152 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe


========== Modules (SafeList) ==========

MOD - [2010/04/13 16:08:38 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\virus\OTL.exe
MOD - [2003/05/08 12:00:46 | 000,159,744 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE2.0\OpHookSE2.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/03/15 12:50:36 | 001,142,224 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010/03/11 12:09:22 | 000,366,840 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2010/01/22 09:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/11/24 19:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 19:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 19:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 19:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/10/01 16:03:14 | 001,858,144 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\a-squared Free\a2service.exe -- (a2free)
SRV - [2007/09/05 15:43:24 | 000,389,448 | ---- | M] (Webroot Software, Inc.) [Auto | Running] -- C:\Program Files\Webroot\Washer\WasherSvc.exe -- (wwEngineSvc)
SRV - [2006/09/01 21:00:03 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2005/12/22 18:37:26 | 000,266,240 | ---- | M] (Data Perceptions / PowerProgrammer) [Auto | Running] -- C:\WINDOWS\system32\WebUpdateSvc.exe -- (WebUpdate)


========== Driver Services (SafeList) ==========

DRV - [2010/03/10 11:36:36 | 000,217,032 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/17 11:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/11/24 19:50:59 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009/11/24 19:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/11/24 19:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/11/24 19:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/11/24 19:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/11/24 19:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/01/23 01:13:52 | 000,069,575 | ---- | M] (Kingsun Semiconductor) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\UsbCoc.sys -- (UsbCoc)
DRV - [2008/04/13 14:46:20 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2008/04/13 14:46:20 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2008/04/13 14:46:09 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2006/10/31 17:33:50 | 000,022,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbsermpt.sys -- (usbsermpt)
DRV - [2005/03/21 11:00:24 | 000,004,096 | ---- | M] (SuperAdBlocker.com) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\sabprocenum.sys -- (SABProcEnum)
DRV - [2004/11/17 23:05:38 | 002,297,664 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/11/15 20:41:54 | 000,036,804 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Sunkfilt.sys -- (SunkFilt)
DRV - [2004/11/11 23:02:00 | 000,863,744 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/08/04 01:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/08/04 01:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/06/17 18:56:22 | 000,220,032 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2004/06/17 18:55:38 | 000,685,056 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/06/17 18:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/03/08 13:55:50 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2002/10/15 22:41:06 | 000,102,220 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sonypvs1.sys -- (sonypvs1)
DRV - [2001/08/18 00:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/18 00:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/18 00:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/18 00:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/18 00:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 23:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 23:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 23:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 23:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 23:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 23:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 23:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 23:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 23:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 23:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 16:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2008/09/17 15:07:03 | 000,259,844 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 9022 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [OpwareSE2] C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe (Alcor Micro, Corp.)
O4 - HKCU..\Run: [SansaDispatch] C:\Documents and Settings\Owner\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe (Webroot Software, Inc.)
O4 - HKLM..\RunOnce: [BCInstall0] C:\Program Files\Pc Cleaner\pcclean.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (Reg Error: Key error.)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.5)
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} http://download.zonelabs.com/bin/free/cm/ICSCM_ca.cab (ICSScannerLight Class)
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} http://inst.c-wss.com/n020p/EN/install/gtdownlr.cab (Automatic Driver Installation Control)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-48.cab (EPUImageControl Class)
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} http://www.my-etrust.com/Extern/RoadRunner...an/pestscan.cab (PSFormX Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase8942.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1160516019062 (MUWebControl Class)
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} http://www3.ca.com/securityadvisor/virusinfo/webscan.cab (WScanCtl Class)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/05/09 21:59:44 | 000,000,189 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/09/13 12:15:24 | 000,000,053 | -HS- | M] () - E:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2003/08/08 17:24:26 | 000,000,045 | -HS- | M] () - E:\autorun.inf.aug.8 -- [ FAT32 ]
O33 - MountPoints2\{7af24f57-3a21-11db-b6e3-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{7af24f57-3a21-11db-b6e3-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/04/13 19:05:59 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/04/13 16:09:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\virus
[2010/04/11 19:09:08 | 000,181,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010/04/11 14:54:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/04/11 06:20:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\scans
[2010/04/11 04:22:01 | 000,000,000 | ---D | C] -- C:\Program Files\a-squared Free
[2010/04/11 04:22:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\a-squared Free
[2010/04/11 03:59:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/04/11 03:41:43 | 000,000,000 | ---D | C] -- C:\rei
[2010/04/11 03:41:41 | 000,000,000 | ---D | C] -- C:\Program Files\Reimage
[2010/04/11 03:08:44 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2010/04/11 03:08:43 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2010/04/11 03:08:43 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2010/04/11 03:07:26 | 000,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010/04/11 03:07:15 | 000,217,032 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010/04/11 03:07:15 | 000,088,040 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010/04/11 03:07:03 | 000,070,408 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010/04/11 03:06:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\PC Tools
[2010/04/11 03:06:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/04/11 02:28:34 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/04/11 02:28:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/03/31 21:20:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Router
[2010/03/30 13:01:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/03/30 13:01:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/03/30 13:01:02 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/03/30 13:01:02 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/03/30 13:01:02 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/03/28 17:45:46 | 000,000,000 | ---D | C] -- C:\Netgear
[2010/03/27 02:21:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Novel
[2010/03/27 02:21:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Novel rewrite
[2010/03/26 19:40:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\NC8230
[2010/01/15 05:52:14 | 000,092,064 | ---- | C] (MCCI) -- C:\Documents and Settings\Owner\mqdmmdm.sys
[2010/01/15 05:52:14 | 000,079,328 | ---- | C] (MCCI) -- C:\Documents and Settings\Owner\mqdmserd.sys
[2010/01/15 05:52:14 | 000,066,656 | ---- | C] (MCCI) -- C:\Documents and Settings\Owner\mqdmbus.sys
[2010/01/15 05:52:14 | 000,009,232 | ---- | C] (MCCI) -- C:\Documents and Settings\Owner\mqdmmdfl.sys
[2010/01/15 05:52:14 | 000,006,208 | ---- | C] (MCCI) -- C:\Documents and Settings\Owner\mqdmcmnt.sys
[2010/01/15 05:52:14 | 000,005,936 | ---- | C] (MCCI) -- C:\Documents and Settings\Owner\mqdmwhnt.sys
[2010/01/15 05:52:14 | 000,004,048 | ---- | C] (MCCI) -- C:\Documents and Settings\Owner\mqdmcr.sys
[2009/12/28 22:39:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/12/28 13:30:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/07/01 10:42:58 | 000,308,160 | ---- | C] (ALWIL Software) -- C:\Program Files\avast_home_setup.exe
[2009/01/20 02:48:20 | 037,090,648 | ---- | C] (Online Media Technologies Ltd. ) -- C:\Program Files\AVSDiscCreator.exe
[2009/01/20 01:59:20 | 052,307,672 | ---- | C] (Online Media Technologies Ltd. ) -- C:\Program Files\AVSVideoConverter.exe
[2008/11/14 22:58:53 | 007,943,541 | ---- | C] (DVD Video Soft Limited. ) -- C:\Program Files\FreeYouTubeToMp3Converter.exe
[2008/08/23 00:54:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/05/27 17:24:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SUPERAntiSpyware.com
[2008/05/17 17:25:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Help
[2008/05/17 17:25:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Help
[2008/05/12 17:09:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Webroot
[2008/04/27 07:50:27 | 045,145,784 | ---- | C] (CA) -- C:\Program Files\iss_en_32.exe
[2008/02/12 00:10:20 | 007,371,062 | ---- | C] ( ) -- C:\Program Files\dvdflick_setup_1.2.2.1.exe
[2007/02/19 06:52:24 | 002,816,504 | ---- | C] (Diplodock ) -- C:\Program Files\rng.exe
[2006/12/11 09:47:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Webroot(2)
[2006/12/11 09:47:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Webroot(4)
[2006/10/31 17:33:50 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Owner\usbsermptxp.sys
[2006/10/31 17:33:50 | 000,022,768 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Owner\usbsermpt.sys
[2006/09/05 21:46:08 | 000,630,784 | ---- | C] (Citrix Online) -- C:\Documents and Settings\Owner\chatlnk.exe
[2004/08/26 14:08:55 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2004/08/26 14:08:54 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2004/08/26 14:08:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[1 C:\Documents and Settings\Owner\*.tmp files -> C:\Documents and Settings\Owner\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/13 19:09:36 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/13 19:08:44 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/13 19:08:37 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/13 19:08:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/13 19:08:09 | 938,004,480 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/13 19:07:26 | 009,699,328 | ---- | M] () -- C:\Documents and Settings\Owner\ntuser.dat
[2010/04/13 19:07:26 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/04/13 19:03:45 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Office Word 2003 (2).lnk
[2010/04/13 18:52:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/13 14:10:51 | 000,000,988 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/13 14:10:51 | 000,000,227 | ---- | M] () -- C:\WINDOWS\SYSTEM.INI
[2010/04/13 14:10:51 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010/04/12 23:16:02 | 000,004,563 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\AAAA Vehicle operation costs rise 4.8% - WALB.com News, Weather and Sports for Albany, Valdosta and Thomasville. Leading the w.url
[2010/04/11 22:25:34 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\AAA.doc
[2010/04/11 03:42:06 | 000,000,232 | ---- | M] () -- C:\WINDOWS\reimage.ini
[2010/04/10 21:56:40 | 000,000,177 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Spokeo email instant.url
[2010/04/07 18:16:24 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\meds revised.doc
[2010/04/07 17:14:32 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\meds2.doc
[2010/03/30 21:58:34 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/03/30 17:37:32 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Employers.doc
[2010/03/30 13:42:40 | 000,048,128 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\CLOSE.doc
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/27 01:25:14 | 000,029,184 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Chapter 15 - In For A Penny.doc
[2010/03/27 00:02:22 | 000,035,328 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Chapter 14 - The Truth Will Out.doc
[2010/03/26 23:59:58 | 000,033,280 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Chapter 13 - The Undercard.doc
[2010/03/26 23:58:22 | 000,034,304 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Chapter 12 - The Niceties.doc
[2010/03/26 23:47:28 | 000,034,304 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Chapter 11 - Prelude To The Big Meeting.doc
[2010/03/26 23:42:58 | 000,029,184 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Chapter 10 - The 4th of July.doc
[2010/03/26 23:38:06 | 000,044,032 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Chapter 9 - What's Up With This Guy.doc
[2010/03/26 23:33:54 | 000,034,816 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Chapter 8 - Don't Answer It Before Noon.doc
[2010/03/26 23:27:20 | 000,043,520 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Chapter 7 - All's Well That Ends Well.doc
[2010/03/26 23:25:22 | 000,038,912 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Chapter 6 - Something.doc
[2010/03/26 23:21:36 | 000,035,328 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Chapter 5 - Do Something, Man.doc
[2010/03/26 23:18:22 | 000,046,080 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Chapter 4 - The Beginning.doc
[2010/03/26 23:16:00 | 000,038,912 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Chapter 1 - The Shooting.doc
[2010/03/26 23:03:56 | 000,035,328 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Chapter 3 - The M.E.doc
[2010/03/26 23:03:10 | 000,033,792 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Chapter 2 - The Aftermath.doc
[2010/03/26 19:43:54 | 000,000,698 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to fax instructions.lnk
[2010/03/21 22:53:04 | 000,000,252 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Kerr Thomas M MD.url
[2010/03/21 22:48:03 | 000,051,144 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\DR. KERR_CV.pdf
[2010/03/21 13:56:58 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\bird cage.doc
[2010/03/18 01:04:44 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\To Whom It May Concern.doc
[1 C:\Documents and Settings\Owner\*.tmp files -> C:\Documents and Settings\Owner\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/12 23:16:02 | 000,004,563 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\AAAA Vehicle operation costs rise 4.8% - WALB.com News, Weather and Sports for Albany, Valdosta and Thomasville. Leading the w.url
[2010/04/11 22:25:34 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\AAA.doc
[2010/04/11 03:42:05 | 000,000,232 | ---- | C] () -- C:\WINDOWS\reimage.ini
[2010/04/11 03:08:44 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010/04/11 03:07:26 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2010/04/11 03:07:15 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010/04/11 03:07:15 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2010/04/11 03:07:03 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2010/04/11 02:30:27 | 001,152,444 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2010/04/11 02:30:27 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2010/04/11 02:30:27 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2010/04/11 02:30:27 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2010/04/10 21:56:40 | 000,000,177 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Spokeo email instant.url
[2010/04/07 17:24:07 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\meds revised.doc
[2010/04/07 17:00:40 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\meds2.doc
[2010/03/30 13:42:40 | 000,048,128 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\CLOSE.doc
[2010/03/28 18:31:22 | 009,699,328 | ---- | C] () -- C:\Documents and Settings\Owner\ntuser.dat
[2010/03/27 15:52:07 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Employers.doc
[2010/03/27 02:17:31 | 000,046,080 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Chapter 4 - The Beginning.doc
[2010/03/27 02:17:31 | 000,044,032 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Chapter 9 - What's Up With This Guy.doc
[2010/03/27 02:17:31 | 000,043,520 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Chapter 7 - All's Well That Ends Well.doc
[2010/03/27 02:17:31 | 000,038,912 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Chapter 6 - Something.doc
[2010/03/27 02:17:31 | 000,038,912 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Chapter 1 - The Shooting.doc
[2010/03/27 02:17:31 | 000,035,328 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Chapter 5 - Do Something, Man.doc
[2010/03/27 02:17:31 | 000,035,328 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Chapter 3 - The M.E.doc
[2010/03/27 02:17:31 | 000,035,328 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Chapter 14 - The Truth Will Out.doc
[2010/03/27 02:17:31 | 000,034,816 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Chapter 8 - Don't Answer It Before Noon.doc
[2010/03/27 02:17:31 | 000,034,304 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Chapter 12 - The Niceties.doc
[2010/03/27 02:17:31 | 000,034,304 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Chapter 11 - Prelude To The Big Meeting.doc
[2010/03/27 02:17:31 | 000,033,792 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Chapter 2 - The Aftermath.doc
[2010/03/27 02:17:31 | 000,033,280 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Chapter 13 - The Undercard.doc
[2010/03/27 02:17:31 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Chapter 15 - In For A Penny.doc
[2010/03/27 02:17:31 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Chapter 10 - The 4th of July.doc
[2010/03/27 02:17:31 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Chapter X - PI bkgrnd .doc
[2010/03/27 02:17:31 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Tampa Tidbits.doc
[2010/03/27 02:17:31 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Dialogue.doc
[2010/03/21 22:53:04 | 000,000,252 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Kerr Thomas M MD.url
[2010/03/21 22:48:03 | 000,051,144 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\DR. KERR_CV.pdf
[2010/03/21 13:56:58 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\bird cage.doc
[2010/02/07 07:41:10 | 001,380,403 | ---- | C] () -- C:\WINDOWS\System32\avgsdk.dll
[2010/01/15 05:52:14 | 000,015,682 | ---- | C] () -- C:\Documents and Settings\Owner\Copy of oem38.PNF
[2010/01/15 05:52:14 | 000,013,998 | ---- | C] () -- C:\Documents and Settings\Owner\Copy of oem12.PNF
[2010/01/15 05:52:14 | 000,012,820 | ---- | C] () -- C:\Documents and Settings\Owner\Copy of oem13.PNF
[2010/01/15 05:52:14 | 000,012,682 | ---- | C] () -- C:\Documents and Settings\Owner\Copy of oem14.PNF
[2010/01/15 05:52:14 | 000,012,348 | ---- | C] () -- C:\Documents and Settings\Owner\Copy of oem37.PNF
[2010/01/15 05:52:14 | 000,009,913 | ---- | C] () -- C:\Documents and Settings\Owner\MCCI_MDM.INF
[2010/01/15 05:52:14 | 000,009,232 | ---- | C] () -- C:\Documents and Settings\Owner\Copy of oem38.inf
[2010/01/15 05:52:14 | 000,006,989 | ---- | C] () -- C:\Documents and Settings\Owner\MCCI_BUS.INF
[2010/01/15 05:52:14 | 000,006,947 | ---- | C] () -- C:\Documents and Settings\Owner\1263549134-(null)
[2010/01/15 05:52:14 | 000,006,009 | ---- | C] () -- C:\Documents and Settings\Owner\Copy of oem14.inf
[2010/01/15 05:52:14 | 000,005,877 | ---- | C] () -- C:\Documents and Settings\Owner\Copy of oem13.inf
[2010/01/15 05:52:14 | 000,005,813 | ---- | C] () -- C:\Documents and Settings\Owner\Copy of oem37.inf
[2010/01/15 05:52:14 | 000,004,477 | ---- | C] () -- C:\Documents and Settings\Owner\MCCI_SDM.INF
[2010/01/15 05:51:53 | 000,012,466 | ---- | C] () -- C:\Documents and Settings\Owner\1263549113-oem14.PNF
[2010/01/15 05:51:53 | 000,009,232 | ---- | C] () -- C:\Documents and Settings\Owner\USB_MOT_BRIT.INF
[2010/01/15 05:51:53 | 000,005,960 | ---- | C] () -- C:\Documents and Settings\Owner\USB_MOT_A1000.INF
[2010/01/15 05:51:53 | 000,005,798 | ---- | C] () -- C:\Documents and Settings\Owner\1263549113-oem14.inf
[2010/01/15 05:51:52 | 000,014,286 | ---- | C] () -- C:\Documents and Settings\Owner\1263549112-oem12.PNF
[2010/01/15 05:51:52 | 000,012,820 | ---- | C] () -- C:\Documents and Settings\Owner\1263549112-oem13.PNF
[2010/01/15 05:51:52 | 000,007,194 | ---- | C] () -- C:\Documents and Settings\Owner\1263549112-oem12.inf
[2010/01/15 05:51:52 | 000,005,877 | ---- | C] () -- C:\Documents and Settings\Owner\1263549112-oem13.inf
[2010/01/15 05:16:54 | 000,012,466 | ---- | C] () -- C:\Documents and Settings\Owner\1263547014-oem14.PNF
[2010/01/15 05:16:54 | 000,005,798 | ---- | C] () -- C:\Documents and Settings\Owner\1263547014-oem14.inf
[2010/01/15 05:16:53 | 000,014,286 | ---- | C] () -- C:\Documents and Settings\Owner\1263547013-oem12.PNF
[2010/01/15 05:16:53 | 000,012,820 | ---- | C] () -- C:\Documents and Settings\Owner\1263547013-oem13.PNF
[2010/01/15 05:16:53 | 000,007,194 | ---- | C] () -- C:\Documents and Settings\Owner\1263547013-oem12.inf
[2010/01/15 05:16:53 | 000,005,877 | ---- | C] () -- C:\Documents and Settings\Owner\1263547013-oem13.inf
[2009/08/13 02:10:50 | 000,000,078 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009/01/09 01:23:43 | 000,186,110 | ---- | C] () -- C:\Documents and Settings\All Users\NCCD.log
[2008/12/02 21:12:36 | 000,000,039 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2008/10/28 02:36:45 | 001,553,035 | ---- | C] () -- C:\Program Files\SetupImgBurn_2.3.2.0.rar
[2008/10/11 22:10:32 | 000,000,023 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\kodakpcd.ini
[2008/05/04 20:35:04 | 035,674,728 | ---- | C] () -- C:\Program Files\Nero-6.6.1.15a.exe
[2008/05/04 18:14:21 | 000,894,372 | ---- | C] () -- C:\Program Files\dvdate_70en.zip
[2008/05/04 17:17:32 | 000,315,487 | ---- | C] () -- C:\Program Files\vdts-trial.zip
[2008/05/04 08:45:39 | 008,408,102 | ---- | C] () -- C:\Program Files\vdm_free.exe
[2008/02/12 02:30:52 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/02/12 02:30:51 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/02/12 00:15:54 | 000,765,400 | ---- | C] () -- C:\Program Files\DownUtube3Exe.zip
[2008/02/11 15:46:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2007/09/12 23:50:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\core
[2007/02/19 02:43:01 | 001,322,913 | ---- | C] () -- C:\Program Files\RRNDemo.exe
[2007/01/18 21:05:00 | 000,000,284 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\ViewerApp.dat
[2007/01/18 19:40:20 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2006/11/23 03:29:12 | 000,004,096 | -H-- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\keyfile3.drm
[2006/10/31 17:33:50 | 000,006,141 | ---- | C] () -- C:\Documents and Settings\Owner\USBMOT2000XP.INF
[2006/10/31 17:33:50 | 000,005,880 | ---- | C] () -- C:\Documents and Settings\Owner\USB_CMCS_2000.INF
[2006/10/31 17:33:49 | 000,007,201 | ---- | C] () -- C:\Documents and Settings\Owner\USBMOT2000.INF
[2006/10/31 17:33:38 | 000,062,419 | ---- | C] () -- C:\Documents and Settings\Owner\Motorola_Driver_Log.txt
[2006/10/30 23:24:22 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2006/10/30 23:13:41 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/10/26 18:26:14 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2006/10/11 22:13:53 | 000,212,849 | ---- | C] () -- C:\Program Files\hijackthis.zip
[2006/10/11 16:58:48 | 000,713,418 | ---- | C] () -- C:\Program Files\dvdate60en.zip
[2006/09/28 22:26:33 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/09/26 21:30:08 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/09/09 13:18:37 | 000,003,010 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2006/09/05 19:10:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PestPatrol5.INI
[2006/09/02 18:03:29 | 000,009,151 | ---- | C] () -- C:\Documents and Settings\Owner\Our comparable sales tool can help price your property.eml
[2006/09/02 17:54:46 | 000,062,730 | ---- | C] () -- C:\Documents and Settings\Owner\MicroCap Gems Weekly Issue 6 22 05.eml
[2006/09/02 17:54:46 | 000,033,167 | ---- | C] () -- C:\Documents and Settings\Owner\eBay Item Won 200 MARRIOTT BONUS BUCKS GIFT CERTIFICATE Nov 21 2005 Item 5591510705.eml
[2006/09/02 17:54:46 | 000,026,200 | ---- | C] () -- C:\Documents and Settings\Owner\Press Release Asia Payment Systems Reports Growth in First Six Months of Operations.eml
[2006/09/02 17:54:46 | 000,024,396 | ---- | C] () -- C:\Documents and Settings\Owner\AOs(1).eml
[2006/09/02 17:54:46 | 000,024,394 | ---- | C] () -- C:\Documents and Settings\Owner\Accommodation(1).eml
[2006/09/02 17:54:46 | 000,024,386 | ---- | C] () -- C:\Documents and Settings\Owner\Accommodation(2).eml
[2006/09/02 17:54:46 | 000,023,866 | ---- | C] () -- C:\Documents and Settings\Owner\eBay Item Not Won Similar Items Found 200 MARRIOTT BONUS BUCKS GIFT CERTIFICATE exp JAN 2006.eml
[2006/09/02 17:54:46 | 000,022,594 | ---- | C] () -- C:\Documents and Settings\Owner\Battling the Bears.eml
[2006/09/02 17:54:46 | 000,022,139 | ---- | C] () -- C:\Documents and Settings\Owner\eBay Bid Confirmed MARRIOTT BONUS BUCKS 100 COUPON Free Ship No Reserv Item 5591496873.eml
[2006/09/02 17:54:46 | 000,021,718 | ---- | C] () -- C:\Documents and Settings\Owner\eBay Bid Confirmed 200 MARRIOTT BONUS BUCKS GIFT CERTIFICATE exp JAN 2006 Item 5591001529.eml
[2006/09/02 17:54:46 | 000,021,323 | ---- | C] () -- C:\Documents and Settings\Owner\eBay Bid Confirmed 200 MARRIOTT BONUS BUCKS GIFT CERTIFICATE Nov 21 2005 Item 5591510705.eml
[2006/09/02 17:54:46 | 000,020,429 | ---- | C] () -- C:\Documents and Settings\Owner\Your invoice for eBay purchases item 5591510705 200 MARRIOTT BONUS BUCKS GIFT CERTIFICATE Nov 21 200.eml
[2006/09/02 17:54:46 | 000,018,388 | ---- | C] () -- C:\Documents and Settings\Owner\Receipt for Your Payment to ebay don comcast net.eml
[2006/09/02 17:54:46 | 000,017,591 | ---- | C] () -- C:\Documents and Settings\Owner\The creation of Capnlizard.eml
[2006/09/02 17:54:46 | 000,016,703 | ---- | C] () -- C:\Documents and Settings\Owner\Response to your question for eBay item 3980872397 Larry Mahan s Diamond Back Rattlesnake Skin Boots(1).eml
[2006/09/02 17:54:46 | 000,016,485 | ---- | C] () -- C:\Documents and Settings\Owner\Response to your question for eBay item 3980872397 Larry Mahan s Diamond Back Rattlesnake Skin Boots.eml
[2006/09/02 17:54:46 | 000,015,919 | ---- | C] () -- C:\Documents and Settings\Owner\eBay Outbid Notice MARRIOTT BONUS BUCKS 100 COUPON Free Ship No Reserv Item 5591496873.eml
[2006/09/02 17:54:46 | 000,015,912 | ---- | C] () -- C:\Documents and Settings\Owner\eBay Outbid Notice 200 MARRIOTT BONUS BUCKS GIFT CERTIFICATE exp JAN 2006 Item 5591001529.eml
[2006/09/02 17:54:46 | 000,015,410 | ---- | C] () -- C:\Documents and Settings\Owner\contrary result today.eml
[2006/09/02 17:54:46 | 000,013,260 | ---- | C] () -- C:\Documents and Settings\Owner\AOs.eml
[2006/09/02 17:54:46 | 000,013,062 | ---- | C] () -- C:\Documents and Settings\Owner\i m surprised very.eml
[2006/09/02 17:54:46 | 000,011,187 | ---- | C] () -- C:\Documents and Settings\Owner\mikemm here s a gift from PokerRoom com to welcome you back.eml
[2006/09/02 17:54:46 | 000,010,801 | ---- | C] () -- C:\Documents and Settings\Owner\Accommodation.eml
[2006/09/02 17:54:46 | 000,008,642 | ---- | C] () -- C:\Documents and Settings\Owner\Your Window Washer subscription is expired.eml
[2006/09/02 17:54:46 | 000,008,149 | ---- | C] () -- C:\Documents and Settings\Owner\apym.eml
[2006/09/02 17:54:46 | 000,005,401 | ---- | C] () -- C:\Documents and Settings\Owner\P S on APYM.eml
[2006/09/02 17:54:46 | 000,005,195 | ---- | C] () -- C:\Documents and Settings\Owner\Fw Response to your question for eBay item 8197880801 ISO 8859 1 Q AMERICAN.eml
[2006/09/02 17:54:46 | 000,004,222 | ---- | C] () -- C:\Documents and Settings\Owner\Fw AOs.eml
[2006/09/02 17:54:46 | 000,004,124 | ---- | C] () -- C:\Documents and Settings\Owner\Fw Response to your question for eBay item 8197880801 AMERICAN ISO 8859 1 Q OPTICAL_(1).eml
[2006/09/02 17:54:46 | 000,004,046 | ---- | C] () -- C:\Documents and Settings\Owner\hmmm apym.eml
[2006/09/02 17:54:46 | 000,003,345 | ---- | C] () -- C:\Documents and Settings\Owner\luccese rattlesnake boots(3).eml
[2006/09/02 17:54:46 | 000,003,265 | ---- | C] () -- C:\Documents and Settings\Owner\Receipt for your Payment.eml
[2006/09/02 17:54:46 | 000,002,467 | ---- | C] () -- C:\Documents and Settings\Owner\Marriott com Email Subscription Confirmation.eml
[2006/09/02 17:54:46 | 000,002,368 | ---- | C] () -- C:\Documents and Settings\Owner\Registration at Wired Radio Message Board.eml
[2006/09/02 17:54:46 | 000,002,225 | ---- | C] () -- C:\Documents and Settings\Owner\Return Credit Notification(1).eml
[2006/09/02 17:54:46 | 000,002,182 | ---- | C] () -- C:\Documents and Settings\Owner\Email Transfer Confirmation.eml
[2006/09/02 17:54:46 | 000,001,401 | ---- | C] () -- C:\Documents and Settings\Owner\Welcome to our list.eml
[2006/09/02 17:54:46 | 000,001,224 | ---- | C] () -- C:\Documents and Settings\Owner\NoSubject(7).eml
[2006/09/02 17:54:46 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\NoSubject(6).eml
[2006/09/02 17:54:45 | 000,239,281 | ---- | C] () -- C:\Documents and Settings\Owner\Response to your question for eBay item 8197880801 AMERICAN OPTICAL MILITARY ISSUE PILOT SUNGLASSES.eml
[2006/09/02 17:54:45 | 000,070,605 | ---- | C] () -- C:\Documents and Settings\Owner\Last of the MOHN is in(1).eml
[2006/09/02 17:54:45 | 000,069,069 | ---- | C] () -- C:\Documents and Settings\Owner\NoSubject(5).eml
[2006/09/02 17:54:45 | 000,038,861 | ---- | C] () -- C:\Documents and Settings\Owner\Jump start your summer Special Edition Click n Save May 27 2005.eml
[2006/09/02 17:54:45 | 000,038,612 | ---- | C] () -- C:\Documents and Settings\Owner\OPTIK260609 null(6).eml
[2006/09/02 17:54:45 | 000,035,807 | ---- | C] () -- C:\Documents and Settings\Owner\eBay Item Purchase SUPERB CODE WEST PYTHON SNAKESKIN BOOTS 9D Item 5350303644.eml
[2006/09/02 17:54:45 | 000,035,654 | ---- | C] () -- C:\Documents and Settings\Owner\Caffeine and Nocturnal Hypoglycemia.eml
[2006/09/02 17:54:45 | 000,031,646 | ---- | C] () -- C:\Documents and Settings\Owner\OPTIK260609 null(5).eml
[2006/09/02 17:54:45 | 000,030,524 | ---- | C] () -- C:\Documents and Settings\Owner\Morning Digest How to Beat the Market with a Coffee Can Portfolio.eml
[2006/09/02 17:54:45 | 000,028,380 | ---- | C] () -- C:\Documents and Settings\Owner\OPTIK260609 null(4).eml
[2006/09/02 17:54:45 | 000,027,896 | ---- | C] () -- C:\Documents and Settings\Owner\eBay Item Won AWESOME snakeskin Cowboy boots with TOE TIPS sz 9 Item 3976356795.eml
[2006/09/02 17:54:45 | 000,026,730 | ---- | C] () -- C:\Documents and Settings\Owner\eBay Watched items ending soon.eml
[2006/09/02 17:54:45 | 000,021,851 | ---- | C] () -- C:\Documents and Settings\Owner\OPTIK260609 null(3).eml
[2006/09/02 17:54:45 | 000,020,813 | ---- | C] () -- C:\Documents and Settings\Owner\Here s Your June Humana e Newsletter.eml
[2006/09/02 17:54:45 | 000,020,373 | ---- | C] () -- C:\Documents and Settings\Owner\eBay Watch List May 30 05 01 14 55 PDT.eml
[2006/09/02 17:54:45 | 000,019,854 | ---- | C] () -- C:\Documents and Settings\Owner\Your invoice for eBay purchases item 3976356795 AWESOME snakeskin Cowboy boots with TOE TIPS sz 9.eml
[2006/09/02 17:54:45 | 000,017,418 | ---- | C] () -- C:\Documents and Settings\Owner\eBay Bid Confirmed AWESOME snakeskin Cowboy boots with TOE TIPS sz 9 Item 3976356795.eml
[2006/09/02 17:54:45 | 000,016,790 | ---- | C] () -- C:\Documents and Settings\Owner\Response to your question for eBay item 3976618445 Custom Justin Snake Skin cowboy boots 9 D Kool Co.eml
[2006/09/02 17:54:45 | 000,016,187 | ---- | C] () -- C:\Documents and Settings\Owner\Response to your question for eBay item 3976909437 LAREDO Snakeskin Western Cowboy BOOTS Mens 9M.eml
[2006/09/02 17:54:45 | 000,016,172 | ---- | C] () -- C:\Documents and Settings\Owner\Question from eBay Member.eml
[2006/09/02 17:54:45 | 000,015,381 | ---- | C] () -- C:\Documents and Settings\Owner\OPTIK260609 null(2).eml
[2006/09/02 17:54:45 | 000,012,734 | ---- | C] () -- C:\Documents and Settings\Owner\Receipt for Your Payment to busky7.eml
[2006/09/02 17:54:45 | 000,012,206 | ---- | C] () -- C:\Documents and Settings\Owner\Your Window Washer is out of date.eml
[2006/09/02 17:54:45 | 000,011,563 | ---- | C] () -- C:\Documents and Settings\Owner\Sig 228 on SigForum com.eml
[2006/09/02 17:54:45 | 000,009,898 | ---- | C] () -- C:\Documents and Settings\Owner\new computer(1).eml
[2006/09/02 17:54:45 | 000,009,676 | ---- | C] () -- C:\Documents and Settings\Owner\NoSubject(4).eml
[2006/09/02 17:54:45 | 000,009,618 | ---- | C] () -- C:\Documents and Settings\Owner\Your pictures have been shared.eml
[2006/09/02 17:54:45 | 000,008,766 | ---- | C] () -- C:\Documents and Settings\Owner\Ticketless Confirmation.eml
[2006/09/02 17:54:45 | 000,007,401 | ---- | C] () -- C:\Documents and Settings\Owner\Cashier Support Form Submission 944319.eml
[2006/09/02 17:54:45 | 000,007,138 | ---- | C] () -- C:\Documents and Settings\Owner\Party Poker New Account E mail Confirmation.eml
[2006/09/02 17:54:45 | 000,007,075 | ---- | C] () -- C:\Documents and Settings\Owner\New Reply by BigD6765 Re WTT exc P228 for 226 357 or 40.eml
[2006/09/02 17:54:45 | 000,006,821 | ---- | C] () -- C:\Documents and Settings\Owner\Software Instructions for Invoice D000001111886.eml
[2006/09/02 17:54:45 | 000,006,496 | ---- | C] () -- C:\Documents and Settings\Owner\OPTIK260609 null(1).eml
[2006/09/02 17:54:45 | 000,006,117 | ---- | C] () -- C:\Documents and Settings\Owner\luccese rattlesnake boots(2).eml
[2006/09/02 17:54:45 | 000,006,006 | ---- | C] () -- C:\Documents and Settings\Owner\article.eml
[2006/09/02 17:54:45 | 000,005,834 | ---- | C] () -- C:\Documents and Settings\Owner\Medscape Account Reactivation.eml
[2006/09/02 17:54:45 | 000,005,709 | ---- | C] () -- C:\Documents and Settings\Owner\Question for eBay item 5350303644 SUPERB CODE WEST PYTHON SNAKESKIN BOOTS 9D.eml
[2006/09/02 17:54:45 | 000,005,638 | ---- | C] () -- C:\Documents and Settings\Owner\Test successful Helpful links included Please do not respond to this email.eml
[2006/09/02 17:54:45 | 000,005,504 | ---- | C] () -- C:\Documents and Settings\Owner\Boot Hill Ranch.eml
[2006/09/02 17:54:45 | 000,004,891 | ---- | C] () -- C:\Documents and Settings\Owner\ebay customer has question(2).eml
[2006/09/02 17:54:45 | 000,004,860 | ---- | C] () -- C:\Documents and Settings\Owner\Your Software Update Spy Sweeper 1 Year Subscription.eml
[2006/09/02 17:54:45 | 000,004,471 | ---- | C] () -- C:\Documents and Settings\Owner\UPS Label for your Shoedini Return Order 3548646.eml
[2006/09/02 17:54:45 | 000,004,385 | ---- | C] () -- C:\Documents and Settings\Owner\new computer.eml
[2006/09/02 17:54:45 | 000,004,369 | ---- | C] () -- C:\Documents and Settings\Owner\luccese rattlesnake boots(1).eml
[2006/09/02 17:54:45 | 000,004,336 | ---- | C] () -- C:\Documents and Settings\Owner\Your Software Update Window Washer Renewal.eml
[2006/09/02 17:54:45 | 000,004,281 | ---- | C] () -- C:\Documents and Settings\Owner\new computer(2).eml
[2006/09/02 17:54:45 | 000,004,232 | ---- | C] () -- C:\Documents and Settings\Owner\TampaGov msg Overgrown Lot or Yard Complaint.eml
[2006/09/02 17:54:45 | 000,003,686 | ---- | C] () -- C:\Documents and Settings\Owner\Re RE Re RE Cashier Support Form Submission 943146.eml
[2006/09/02 17:54:45 | 000,003,676 | ---- | C] () -- C:\Documents and Settings\Owner\Response to your question for eBay item 8197880801 AMERICAN ISO 8859 1 Q OPTICAL_.eml
[2006/09/02 17:54:45 | 000,003,580 | ---- | C] () -- C:\Documents and Settings\Owner\cathy olsen.eml
[2006/09/02 17:54:45 | 000,003,425 | ---- | C] () -- C:\Documents and Settings\Owner\Re.eml
[2006/09/02 17:54:45 | 000,003,410 | ---- | C] () -- C:\Documents and Settings\Owner\Your Walgreens com Registration the Next Step(1).eml
[2006/09/02 17:54:45 | 000,003,314 | ---- | C] () -- C:\Documents and Settings\Owner\Your NETELLER Account Details.eml
[2006/09/02 17:54:45 | 000,003,295 | ---- | C] () -- C:\Documents and Settings\Owner\ebay customer has question(1).eml
[2006/09/02 17:54:45 | 000,003,249 | ---- | C] () -- C:\Documents and Settings\Owner\Return Credit Notification.eml
[2006/09/02 17:54:45 | 000,003,205 | ---- | C] () -- C:\Documents and Settings\Owner\Fw Response to your question for eBay item 8197880801 AMERICAN ISO 8859 1 Q OPTICAL_.eml
[2006/09/02 17:54:45 | 000,003,152 | ---- | C] () -- C:\Documents and Settings\Owner\Bonus details 2759204(2).eml
[2006/09/02 17:54:45 | 000,003,127 | ---- | C] () -- C:\Documents and Settings\Owner\great boots(1).eml
[2006/09/02 17:54:45 | 000,003,041 | ---- | C] () -- C:\Documents and Settings\Owner\Your prescription order has been shipped.eml
[2006/09/02 17:54:45 | 000,003,026 | ---- | C] () -- C:\Documents and Settings\Owner\Re RE Cashier Support Form Submission 942871.eml
[2006/09/02 17:54:45 | 000,002,959 | ---- | C] () -- C:\Documents and Settings\Owner\non acceptance for CC 943157.eml
[2006/09/02 17:54:45 | 000,002,925 | ---- | C] () -- C:\Documents and Settings\Owner\Re RE Cashier Support Form Submission 943146.eml
[2006/09/02 17:54:45 | 000,002,881 | ---- | C] () -- C:\Documents and Settings\Owner\NETELLER Password Reminder.eml
[2006/09/02 17:54:45 | 000,002,868 | ---- | C] () -- C:\Documents and Settings\Owner\BusinessWeek Online Thank You.eml
[2006/09/02 17:54:45 | 000,002,814 | ---- | C] () -- C:\Documents and Settings\Owner\OPTIK260608 logged in help express fund.eml
[2006/09/02 17:54:45 | 000,002,784 | ---- | C] () -- C:\Documents and Settings\Owner\OPTIK260609 null.eml
[2006/09/02 17:54:45 | 000,002,654 | ---- | C] () -- C:\Documents and Settings\Owner\Welcome to MyTampaGov.eml
[2006/09/02 17:54:45 | 000,002,629 | ---- | C] () -- C:\Documents and Settings\Owner\Re RE Cashier Support Form Submission 941629.eml
[2006/09/02 17:54:45 | 000,002,616 | ---- | C] () -- C:\Documents and Settings\Owner\Validation deposit failure re registration required.eml
[2006/09/02 17:54:45 | 000,002,591 | ---- | C] () -- C:\Documents and Settings\Owner\Webroot Software Inc Customer Receipt Purchase Confirmation.eml
[2006/09/02 17:54:45 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\Owner\TampaGov msg Tracking Nbr 50388 Case Created.eml
[2006/09/02 17:54:45 | 000,002,389 | ---- | C] () -- C:\Documents and Settings\Owner\Return Request Confirmation.eml
[2006/09/02 17:54:45 | 000,002,248 | ---- | C] () -- C:\Documents and Settings\Owner\luccese rattlesnake boots.eml
[2006/09/02 17:54:45 | 000,002,231 | ---- | C] () -- C:\Documents and Settings\Owner\great boots.eml
[2006/09/02 17:54:45 | 000,002,155 | ---- | C] () -- C:\Documents and Settings\Owner\am i missing something.eml
[2006/09/02 17:54:45 | 000,002,097 | ---- | C] () -- C:\Documents and Settings\Owner\The China Stock Blog.eml
[2006/09/02 17:54:45 | 000,001,994 | ---- | C] () -- C:\Documents and Settings\Owner\An interesting article from AllAboutArthritis com.eml
[2006/09/02 17:54:45 | 000,001,988 | ---- | C] () -- C:\Documents and Settings\Owner\Cashier Support Form Submission 943146.eml
[2006/09/02 17:54:45 | 000,001,976 | ---- | C] () -- C:\Documents and Settings\Owner\myCitadel Signup.eml
[2006/09/02 17:54:45 | 000,001,921 | ---- | C] () -- C:\Documents and Settings\Owner\Successful sign up with FirePay.eml
[2006/09/02 17:54:45 | 000,001,909 | ---- | C] () -- C:\Documents and Settings\Owner\Your FirePay Personal Account has been successfully reactivated.eml
[2006/09/02 17:54:45 | 000,001,908 | ---- | C] () -- C:\Documents and Settings\Owner\Bank Account Verified.eml
[2006/09/02 17:54:45 | 000,001,883 | ---- | C] () -- C:\Documents and Settings\Owner\ebay customer has question.eml
[2006/09/02 17:54:45 | 000,001,739 | ---- | C] () -- C:\Documents and Settings\Owner\iGM Pay Transfer Received and Pending.eml
[2006/09/02 17:54:45 | 000,001,732 | ---- | C] () -- C:\Documents and Settings\Owner\Request for password.eml
[2006/09/02 17:54:45 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\Owner\Cashier Support Form Submission 942871.eml
[2006/09/02 17:54:45 | 000,001,658 | ---- | C] () -- C:\Documents and Settings\Owner\Google Password Assistance.eml
[2006/09/02 17:54:45 | 000,001,566 | ---- | C] () -- C:\Documents and Settings\Owner\iGM Pay Instant Transfer Added to Your Account(2).eml
[2006/09/02 17:54:45 | 000,001,555 | ---- | C] () -- C:\Documents and Settings\Owner\iGM Pay Instant Transfer Added to Your Account(1).eml
[2006/09/02 17:54:45 | 000,001,554 | ---- | C] () -- C:\Documents and Settings\Owner\iGM Pay Instant Transfer Added to Your Account.eml
[2006/09/02 17:54:45 | 000,001,512 | ---- | C] () -- C:\Documents and Settings\Owner\iGM Pay Transfer Added to Your Account.eml
[2006/09/02 17:54:45 | 000,001,493 | ---- | C] () -- C:\Documents and Settings\Owner\Your FirePay password has been reset.eml
[2006/09/02 17:54:45 | 000,001,418 | ---- | C] () -- C:\Documents and Settings\Owner\UltimateBet password hint.eml
[2006/09/02 17:54:44 | 000,069,581 | ---- | C] () -- C:\Documents and Settings\Owner\Last of the MOHN is in.eml
[2006/09/02 17:54:44 | 000,031,181 | ---- | C] () -- C:\Documents and Settings\Owner\NoSubject.eml
[2006/09/02 17:54:44 | 000,028,680 | ---- | C] () -- C:\Documents and Settings\Owner\Your first issue of Canon News.eml
[2006/09/02 17:54:44 | 000,026,573 | ---- | C] () -- C:\Documents and Settings\Owner\NoSubject(1).eml
[2006/09/02 17:54:44 | 000,021,965 | ---- | C] () -- C:\Documents and Settings\Owner\NoSubject(2).eml
[2006/09/02 17:54:44 | 000,016,127 | ---- | C] () -- C:\Documents and Settings\Owner\The Diabetic Hand.eml
[2006/09/02 17:54:44 | 000,012,793 | ---- | C] () -- C:\Documents and Settings\Owner\Diabetic Retinopathy.eml
[2006/09/02 17:54:44 | 000,010,845 | ---- | C] () -- C:\Documents and Settings\Owner\Your New Card Account.eml
[2006/09/02 17:54:44 | 000,010,566 | ---- | C] () -- C:\Documents and Settings\Owner\Suite Request.eml
[2006/09/02 17:54:44 | 000,008,653 | ---- | C] () -- C:\Documents and Settings\Owner\NoSubject(3).eml
[2006/09/02 17:54:44 | 000,005,732 | ---- | C] () -- C:\Documents and Settings\Owner\Hey.eml
[2006/09/02 17:54:44 | 000,005,166 | ---- | C] () -- C:\Documents and Settings\Owner\Different artery test for ApoA 1 Milano efficiency.eml
[2006/09/02 17:54:44 | 000,003,986 | ---- | C] () -- C:\Documents and Settings\Owner\Further testing of ApoA 1 Milano.eml
[2006/09/02 17:54:44 | 000,003,275 | ---- | C] () -- C:\Documents and Settings\Owner\CZ.eml
[2006/09/02 17:54:44 | 000,003,210 | ---- | C] () -- C:\Documents and Settings\Owner\Your Walgreens com Registration the Next Step.eml
[2006/09/02 17:54:44 | 000,002,917 | ---- | C] () -- C:\Documents and Settings\Owner\ppk from ulm.eml
[2006/09/02 17:54:44 | 000,002,736 | ---- | C] () -- C:\Documents and Settings\Owner\Your recent SBC Internet Services Experience.eml
[2006/09/02 17:54:44 | 000,002,640 | ---- | C] () -- C:\Documents and Settings\Owner\Bonus details 2759204.eml
[2006/09/02 17:54:44 | 000,002,364 | ---- | C] () -- C:\Documents and Settings\Owner\NEW ADDRESS PHONE etc.eml
[2006/09/02 17:54:44 | 000,002,128 | ---- | C] () -- C:\Documents and Settings\Owner\Bonus details 2759204(1).eml
[2006/09/02 17:54:44 | 000,002,077 | ---- | C] () -- C:\Documents and Settings\Owner\how have you been.eml
[2006/09/02 17:54:44 | 000,001,583 | ---- | C] () -- C:\Documents and Settings\Owner\Walther PPK.eml
[2006/09/02 17:54:44 | 000,001,416 | ---- | C] () -- C:\Documents and Settings\Owner\Ted s phone.eml
[2006/09/02 17:54:44 | 000,001,258 | ---- | C] () -- C:\Documents and Settings\Owner\Medscape s Username Password reminder.eml
[2006/09/02 16:42:15 | 000,047,969 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\FASTWiz.log
[2006/09/02 03:17:43 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS6y.DLL
[2006/09/02 03:15:47 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2006/09/02 03:15:34 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2006/09/02 03:13:26 | 000,000,532 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2006/09/02 03:10:19 | 000,000,398 | ---- | C] () -- C:\WINDOWS\System32\CNCMP60.INI
[2006/09/01 22:14:23 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/09/01 21:13:35 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2006/09/01 21:13:35 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT.LOG
[2006/09/01 21:07:43 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2006/09/01 21:02:06 | 000,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll
[2006/09/01 21:02:06 | 000,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll
[2006/09/01 19:50:49 | 000,000,075 | ---- | C] () -- C:\Documents and Settings\Owner\LuResult.txt
[2004/08/27 06:50:59 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/26 14:09:28 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\Owner\ntuser.ini
[2004/08/26 14:09:27 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Owner\ntuser.dat.LOG
[2004/08/26 12:12:43 | 000,001,314 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/08/26 12:12:43 | 000,000,486 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1998/08/16 06:00:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 158 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CE646EE
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2BEAD632
< End of report >
--------------------------------------------------------------------------

here's the Gmer log. it looks awfully short to me compared to the other logs. Did I do it right?

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-13 20:34:38
Windows 5.1.2600 Service Pack 3
Running: ocoelqjn.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\pxtdipob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xEE90B6B8]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF733CE64]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF731CEEE]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF731D0E0]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xF733D652]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xF733D906]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xEE90B14C]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF733BB64]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xEE90B08C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xEE90B0F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xEE90B76E]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF733DD72]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xEE90B72E]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xF733D124]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xF731CB5C]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\a-squared Free\a2service.exe[1112] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 0045495D C:\Program Files\a-squared Free\a2service.exe (a-squared Service/Emsi Software GmbH)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[628] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00390002
IAT C:\WINDOWS\system32\services.exe[628] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00390000

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

---- EOF - GMER 1.0.15 ----

Edited by process8, 13 April 2010 - 08:58 PM.


#7 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:10:49 AM

Posted 14 April 2010 - 05:45 AM

You didn't copy the OTL code properly, please do it again and make sure you copy everything in the code box.

QUOTE
here's the Gmer log. it looks awfully short to me compared to the other logs. Did I do it right?


If it was done really quick then it sound like you didn't run the full scan, when Gmer opens it will do a quick scan, you then need to push the Scan button to do a full scan, also make sure all the boxes are ticked except showall, thanks.

unite.jpg


#8 process8

process8
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:05:49 AM

Posted 14 April 2010 - 03:08 PM

okay.

here's the OTL run/fix

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\BCInstall0 deleted successfully.
Starting removal of ActiveX control {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}
C:\WINDOWS\Downloaded Program Files\QTPlugin.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7af24f57-3a21-11db-b6e3-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7af24f57-3a21-11db-b6e3-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7af24f57-3a21-11db-b6e3-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7af24f57-3a21-11db-b6e3-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpFolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk\ deleted successfully.
C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpFolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk\ deleted successfully.
C:\WINDOWS\pss\BigFix.lnkCommon Startup moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpFolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk\ deleted successfully.
C:\WINDOWS\pss\Kodak software updater.lnkCommon Startup moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpFolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^run_startmenu.cmd\ deleted successfully.
C:\WINDOWS\pss\run_startmenu.cmdCommon Startup moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpFolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk\ deleted successfully.
C:\WINDOWS\pss\Service Manager.lnkCommon Startup moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\CAVRID\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\ctfmon.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\PC Suite Tray\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\PCSuiteTrayApplication\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\PcSync\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\QOELOADER\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\QuickTime Task\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\SpyEmergency\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\SunJavaUpdateSched\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\updateMgr\ deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8CE646EE deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:2BEAD632 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 33664 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Owner
->Temp folder emptied: 143904 bytes
->Temporary Internet Files folder emptied: 8471256 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 6979 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 33432 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 136925 bytes

Total Files Cleaned = 9.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: Owner
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.1.1 log created on 04142010_154944

Files\Folders moved on Reboot...
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\YGLQGDFH\CAUZ6329.com moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\YGLQGDFH\ga_hid=1434293762&ga_fc=0&u_tz=-240&u_his=0&u_java=1&u_h=768&u_w=1024&u_ah=734&u_aw=1024&u_cd=32&u_nplug=0&u_nmime=0&biw=995&bih=570&ifk=3840244322&fu=4&ifi=1&dtd=31 moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\YGLQGDFH\ga_hid=1865798901&ga_fc=0&u_tz=-240&u_his=0&u_java=1&u_h=768&u_w=1024&u_ah=734&u_aw=1024&u_cd=32&u_nplug=0&u_nmime=0&biw=995&bih=570&ifk=2127385054&fu=4&ifi=1&dtd=31 moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\W9MR0527\iframescript[1].htm moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\VCBFUAO3\iframescript[1].htm moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\S9QNW92Z\iframescript[1].htm moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\S9QNW92Z\iframescript[2].htm moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\S9QNW92Z\iframe[1].htm moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\S9QNW92Z\topic308774[1].html moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\KHUJSTY7\CA2VW712.com moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\KHUJSTY7\iframescript[1].htm moved successfully.
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
C:\WINDOWS\temp\Perflib_Perfdata_5c8.dat moved successfully.

Registry entries deleted on Reboot...
_______________________________________



#9 process8

process8
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:05:49 AM

Posted 14 April 2010 - 03:11 PM

syler,

i'm lost here and i apologize for wasting your time.

could we begin again with you tellimg me exactly what logs you want me to run and what exactly you want me to copy and paste in the boxes?

thanks.

#10 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:10:49 AM

Posted 15 April 2010 - 05:19 AM

Don't worry about it the OTL fix has gone fine this time.


Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed, click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

unite.jpg


#11 process8

process8
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:05:49 AM

Posted 15 April 2010 - 05:37 PM

hi,

here's the combofix log:

ComboFix 10-04-14.04 - Owner 04/15/2010 17:05:07.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.540 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100415-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: eTrust EZ AntiSpyware *disabled* (Updated) {6B98D35F-BB76-41C0-876B-A50645ED099A}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-489265964-2881330501-2280977329-1003
c:\windows\Downloaded Program Files\Quarantine
c:\windows\system32\_000006_.tmp.dll
E:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-03-15 to 2010-04-15 )))))))))))))))))))))))))))))))
.

2010-04-14 05:45 . 2010-04-14 05:45 -------- d-----w- c:\documents and settings\Owner\Application Data\Content Cleaner
2010-04-14 05:44 . 2010-04-14 06:51 -------- d-----w- c:\program files\Content Cleaner
2010-04-14 05:33 . 2010-04-14 05:33 -------- d-----w- c:\documents and settings\Owner\Application Data\ParentalControl
2010-04-13 23:05 . 2010-04-13 23:05 -------- dc----w- C:\_OTL
2010-04-11 23:09 . 2010-02-24 14:16 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-04-11 08:22 . 2010-04-11 08:29 -------- d-----w- c:\program files\a-squared Free
2010-04-11 08:01 . 2010-04-11 08:01 52224 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-04-11 08:01 . 2010-04-11 08:01 117760 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-11 07:59 . 2010-04-11 07:59 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-11 07:41 . 2010-04-11 07:42 -------- dc----w- C:\rei
2010-04-11 07:41 . 2010-04-11 07:41 -------- d-----w- c:\program files\Reimage
2010-04-11 07:08 . 2010-01-22 13:56 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-04-11 07:08 . 2010-01-22 13:55 767952 ----a-w- c:\windows\BDTSupport.dll
2010-03-30 17:01 . 2010-03-30 17:01 -------- d-----w- c:\program files\Common Files\Java
2010-03-28 21:45 . 2010-03-29 03:37 -------- dc----w- C:\Netgear

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-15 20:53 . 2008-02-21 00:46 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-04-14 06:27 . 2006-10-27 06:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-14 03:22 . 2010-04-11 06:28 -------- d-----w- c:\program files\Spyware Doctor
2010-04-11 19:57 . 2006-10-10 21:40 -------- d-----w- c:\program files\Windows Live Safety Center
2010-04-11 10:13 . 2010-01-10 06:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-11 09:58 . 2006-09-02 01:08 -------- d-----w- c:\program files\Microsoft Works
2010-04-11 09:58 . 2009-01-08 23:52 -------- d-----w- c:\program files\Common Files\LogoManager
2010-04-11 08:00 . 2008-05-12 20:25 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-04-11 08:00 . 2008-05-12 20:25 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2010-04-11 07:08 . 2010-04-11 06:28 -------- d-----w- c:\program files\Common Files\PC Tools
2010-04-11 07:06 . 2010-04-11 07:06 -------- dc----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-04-11 07:06 . 2010-04-11 07:06 -------- d-----w- c:\documents and settings\Owner\Application Data\PC Tools
2010-04-11 06:54 . 2007-01-10 12:38 -------- d-----w- c:\documents and settings\Owner\Application Data\Canon
2010-04-11 06:53 . 2006-09-02 01:13 -------- d-----w- c:\program files\Google
2010-03-30 17:01 . 2010-01-10 19:20 -------- d-----w- c:\program files\Java
2010-03-30 04:46 . 2010-01-10 06:40 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 04:45 . 2010-01-10 06:40 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-10 15:36 . 2010-04-11 07:07 217032 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-03-09 11:09 . 2004-08-26 16:12 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-07 02:45 . 2010-03-07 02:40 -------- d-----w- c:\program files\DriveSpacio
2010-02-26 05:43 . 2004-08-26 16:12 667136 ----a-w- c:\windows\system32\wininet.dll
2010-02-26 05:43 . 2004-08-26 16:11 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-02-25 22:59 . 2010-01-20 23:14 -------- d-----w- c:\program files\yWriter5
2010-02-24 13:11 . 2004-08-26 16:12 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-18 04:29 . 2006-09-02 00:21 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-17 13:10 . 2004-08-26 16:12 2189952 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-04 05:59 2066816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2004-08-26 16:11 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-26 16:12 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-07 11:41 . 2010-02-07 11:41 352513 ----a-w- c:\windows\system32\savapi3.dll
2010-02-07 11:41 . 2010-02-07 11:41 1380403 ----a-w- c:\windows\system32\avgsdk.dll
2010-02-05 13:25 . 2010-04-11 07:07 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-02-05 13:17 . 2010-04-11 07:07 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-01-22 13:56 . 2010-04-11 07:08 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-01-22 13:56 . 2010-04-11 07:08 1652688 ----a-w- c:\windows\PCTBDCore.dll
2009-07-01 14:45 . 2009-07-01 14:42 308160 -c--a-w- c:\program files\avast_home_setup.exe
2009-01-20 06:48 . 2009-01-20 06:48 37090648 -c--a-w- c:\program files\AVSDiscCreator.exe
2009-01-20 06:43 . 2009-01-20 05:59 52307672 -c--a-w- c:\program files\AVSVideoConverter.exe
2008-11-15 02:59 . 2008-11-15 02:58 7943541 -c--a-w- c:\program files\FreeYouTubeToMp3Converter.exe
2008-10-28 06:37 . 2008-10-28 06:36 1553035 -c--a-w- c:\program files\SetupImgBurn_2.3.2.0.rar
2008-05-05 00:35 . 2008-05-05 00:35 35674728 -c--a-w- c:\program files\Nero-6.6.1.15a.exe
2008-05-04 22:14 . 2008-05-04 22:14 894372 ----a-w- c:\program files\dvdate_70en.zip
2008-05-04 21:17 . 2008-05-04 21:17 315487 ----a-w- c:\program files\vdts-trial.zip
2008-05-04 12:45 . 2008-05-04 12:45 8408102 -c--a-w- c:\program files\vdm_free.exe
2008-04-27 11:50 . 2008-04-27 11:50 45145784 -c--a-w- c:\program files\iss_en_32.exe
2008-02-12 04:15 . 2008-02-12 04:15 765400 ----a-w- c:\program files\DownUtube3Exe.zip
2008-02-12 04:10 . 2008-02-12 04:10 7371062 -c--a-w- c:\program files\dvdflick_setup_1.2.2.1.exe
2007-02-19 10:52 . 2007-02-19 10:52 2816504 -c----w- c:\program files\rng.exe
2007-02-19 06:43 . 2007-02-19 06:43 1322913 -c----w- c:\program files\RRNDemo.exe
2006-10-12 02:13 . 2006-10-12 02:13 212849 ------w- c:\program files\hijackthis.zip
2006-10-11 20:58 . 2006-10-11 20:58 713418 ------w- c:\program files\dvdate60en.zip
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Window Washer"="c:\program files\Webroot\Washer\wwDisp.exe" [2007-09-05 1261384]
"SansaDispatch"="c:\documents and settings\Owner\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe" [2008-11-09 79872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-11-15 135168]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-12 344064]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-10 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-04-02 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableClock"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoMultiIE"= 0 (0x0)
"LWA"= 0 (0x0)
"LWB"= 0 (0x0)
"LWC"= 0 (0x0)
"LWD"= 0 (0x0)
"LWE"= 0 (0x0)
"LWF"= 0 (0x0)
"LWG"= 0 (0x0)
"LWH"= 0 (0x0)
"LWI"= 0 (0x0)
"LWJ"= 0 (0x0)
"LWK"= 0 (0x0)
"LWL"= 0 (0x0)
"LWM"= 0 (0x0)
"LWN"= 0 (0x0)
"LWO"= 0 (0x0)
"LWP"= 0 (0x0)
"LWQ"= 0 (0x0)
"LWR"= 0 (0x0)
"LWS"= 0 (0x0)
"LWT"= 0 (0x0)
"LWU"= 0 (0x0)
"LWV"= 0 (0x0)
"LWW"= 0 (0x0)
"LWX"= 0 (0x0)
"LWY"= 0 (0x0)
"LWZ"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Picture Package Menu.lnk
backup=c:\windows\pss\Picture Package Menu.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Picture Package VCD Maker.lnk
backup=c:\windows\pss\Picture Package VCD Maker.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Iconoid]
2005-07-25 14:59 163840 -c--a-w- c:\my backup -- 01-09-06 1740\Program Files\Iconoid\iconoid.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2004-11-16 02:20 77824 -c--a-w- c:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 21:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-04-01 16:28 2010864 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"VETMSGNT"=2 (0x2)
"CAISafe"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare Software\\bin\\EasyShare.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [4/11/2010 3:07 AM 217032]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [7/1/2009 10:51 AM 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 11:15 AM 66632]
R2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [4/11/2010 4:22 AM 1858144]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7/1/2009 10:51 AM 20560]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [4/11/2010 3:08 AM 112592]
R2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [8/14/2007 11:43 AM 389448]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/28/2009 1:30 PM 135664]
S2 UsbCoc;Nokia CA-42 Driver Service;c:\windows\system32\drivers\UsbCoc.sys [5/13/2005 11:59 PM 69575]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys --> c:\windows\system32\DRIVERS\motodrv.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 11:15 AM 12872]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [4/11/2010 3:06 AM 366840]
.
Contents of the 'Scheduled Tasks' folder

2010-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-28 17:30]

2010-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-28 17:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.com
uInternet Connection Wizard,ShellNext = iexplore
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
Trusted Zone: turbotax.com
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-MSSE - c:\program files\Microsoft Security Essentials\msseces.exe
MSConfigStartUp-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe
AddRemove-HijackThis - c:\documents and settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\ZM9Z89R7\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-15 17:09
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
SansaDispatch = c:\documents and settings\Owner\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe?=&platform=&is-debug=&rom-version=&part-number=&product-name=&content-class=common_conten

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(584)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(644)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
Completion time: 2010-04-15 17:11:33
ComboFix-quarantined-files.txt 2010-04-15 21:11

Pre-Run: 131,135,643,648 bytes free
Post-Run: 131,120,832,512 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 679095C9095F8AA38E20ADFBB01C2E8B
-----------------------------------------------------------------------

i also ran the GMER. hope i did it right this time but it is once again very short:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-15 18:32:53
Windows 5.1.2600 Service Pack 3
Running: ocoelqjn.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\pxtdipow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xEE90B6B8]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF733CE64]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF731CEEE]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF731D0E0]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xF733D652]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xF733D906]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xEE90B14C]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF733BB64]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xEE90B08C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xEE90B0F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xEE90B76E]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF733DD72]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xEE90B72E]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xF733D124]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xF731CB5C]

Code \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys pIofCallDriver

---- Kernel code sections - GMER 1.0.15 ----

? C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys The system cannot find the file specified. !
? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\a-squared Free\a2service.exe[388] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 0045495D C:\Program Files\a-squared Free\a2service.exe (a-squared Service/Emsi Software GmbH)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[632] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00390002
IAT C:\WINDOWS\system32\services.exe[632] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00390000

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

---- EOF - GMER 1.0.15 ----





#12 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:10:49 AM

Posted 16 April 2010 - 07:50 AM

Can you tell me how your computer is running and if you are still having any problems?

Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

unite.jpg


#13 process8

process8
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:05:49 AM

Posted 16 April 2010 - 04:08 PM

Thank you. Heres' the mbam log:
--------------------------------------

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3997

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

4/16/2010 5:00:05 PM
mbam-log-2010-04-16 (17-00-05).txt

Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 207117
Time elapsed: 37 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 21

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Content Cleaner (Rogue.ContentCleaner) -> Quarantined and deleted successfully.
C:\Program Files\Content Cleaner\New Folder #1 (Rogue.ContentCleaner) -> Quarantined and deleted successfully.
C:\Program Files\Content Cleaner\tmp (Rogue.ContentCleaner) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Owner\Desktop\Photo & Video\CD - DVD copy\bpsvg1000.exe (Rogue.BulletProofSpyware) -> Quarantined and deleted successfully.
C:\Program Files\Content Cleaner\AForge.dll (Rogue.ContentCleaner) -> Quarantined and deleted successfully.
C:\Program Files\Content Cleaner\AForge.Imaging.dll (Rogue.ContentCleaner) -> Quarantined and deleted successfully.
C:\Program Files\Content Cleaner\AxInterop.WMPLib.dll (Rogue.ContentCleaner) -> Quarantined and deleted successfully.
C:\Program Files\Content Cleaner\Boot.UI.dll (Rogue.ContentCleaner) -> Quarantined and deleted successfully.
C:\Program Files\Content Cleaner\Class1.dll (Rogue.ContentCleaner) -> Quarantined and deleted successfully.
C:\Program Files\Content Cleaner\Dsofile.dll (Rogue.ContentCleaner) -> Quarantined and deleted successfully.
C:\Program Files\Content Cleaner\Interop.DexterLib.dll (Rogue.ContentCleaner) -> Quarantined and deleted successfully.
C:\Program Files\Content Cleaner\Interop.DSOFile.dll (Rogue.ContentCleaner) -> Quarantined and deleted successfully.
C:\Program Files\Content Cleaner\Interop.WMPLib.dll (Rogue.ContentCleaner) -> Quarantined and deleted successfully.
C:\Program Files\Content Cleaner\JockerSoft.Media.dll (Rogue.ContentCleaner) -> Quarantined and deleted successfully.
C:\Program Files\Content Cleaner\logo.ICO (Rogue.ContentCleaner) -> Quarantined and deleted successfully.
C:\Program Files\Content Cleaner\Proof_concept.exe (Rogue.ContentCleaner) -> Quarantined and deleted successfully.
C:\Program Files\Content Cleaner\Proof_concept.exe.config (Rogue.ContentCleaner) -> Quarantined and deleted successfully.
C:\Program Files\Content Cleaner\qedit.dll (Rogue.ContentCleaner) -> Quarantined and deleted successfully.
C:\Program Files\Content Cleaner\sbooks.chm (Rogue.ContentCleaner) -> Quarantined and deleted successfully.
C:\Program Files\Content Cleaner\Skin.dll (Rogue.ContentCleaner) -> Quarantined and deleted successfully.
C:\Program Files\Content Cleaner\Skin.Imaging.dll (Rogue.ContentCleaner) -> Quarantined and deleted successfully.
C:\Program Files\Content Cleaner\UrlHistoryLibrary.dll (Rogue.ContentCleaner) -> Quarantined and deleted successfully.
C:\Program Files\Content Cleaner\urls.dat (Rogue.ContentCleaner) -> Quarantined and deleted successfully.
C:\Program Files\Content Cleaner\wmp.dll (Rogue.ContentCleaner) -> Quarantined and deleted successfully.


#14 process8

process8
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:05:49 AM

Posted 16 April 2010 - 04:27 PM

... also here is the result of a Spyware Doctor scan. Anything to be concerned about?
________________________________
bpsvg1000.exe

Application.TrackingCookies

Trojan.Generic -

Application.NirCmd
_________________________________






#15 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:10:49 AM

Posted 17 April 2010 - 05:31 AM

Can you answer my question here please.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users