Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

browser hijack IE8 and Firefox


  • This topic is locked This topic is locked
53 replies to this topic

#1 kerry21

kerry21

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:05:40 AM

Posted 29 June 2010 - 10:52 AM

Jun 25, 2010, my symantec a-v detected a trojan that had ANAZAWOSAFUZA.DLL attached to it. I did the normal clean up things recommended by SAV and also ran scans that found other locations of this .dll. I also checked MSCONFIG startup tab and found it there, along with a start up that was all blanks in the item name field. I chased these through the registry and deleted them where I found them.

I tried to engage Safe Mode and the boot hung up on a driver load-always the same driver. I was not able to use System Restore as I kept getting notice that the system could not be restored to the restore point I selected. This happened with every restore point I tried.

AV definition updates were also blocked.

After cleaning up that problem I discovered that my search results (all engines via firefox and ie8) were redirected when I selected a result link. A search result redirect attack I think.

I had to replace the power supply in the computer due to its failure. Once replaced, the computer seemed to run as new. Emachines w3400, xp home, sp, sp3, 2 gb ram.

Another problem: computer was slowing down if left on more than a few hours and especially during /after AV scans or NAS nightly backups. This was occurring before the PS died and continues even today--the GMER scan eventually made it so slow that I had to leave it overnight just to get the save file box to populate. Finally I had to force quit just to perform shutdown so it could reset/rest(?).


Help!

Here are the files requested in the preparation page of the forum:



DDS (Ver_10-03-17.01) - NTFSx86
Run by Owner at 18:06:18.39 on Mon 06/28/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1413 [GMT -4:00]

AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Windows Home Server\WHSConnector.exe
C:\Program Files\Common Files\AOL\1129654905\ee\AOLSoftware.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Microsoft Location Finder\LocationFinder.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Home Server\WHSTrayApp.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
c:\program files\common files\aol\1129654905\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:5577
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
mWinlogon: Userinit=c:\windows\system32\Userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - e:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: BrowserHelper Class: {9a065c65-4ee7-4ddd-9918-f129089a894a} - c:\program files\windows home server\WHSDeskBands.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - e:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
TB: Home Server Banner: {d73e76a3-f902-45bd-8fc8-95ae8e014671} - c:\program files\windows home server\WHSDeskBands.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No File
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [Microsoft Location Finder] c:\program files\microsoft location finder\LocationFinder.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [Jvefanitesuzupi] rundll32.exe "c:\windows\kbdhpup.dll",Startup
mRun: [HostManager] c:\program files\common files\aol\1129654905\ee\AOLSoftware.exe
mRun: [Adobe_ID0EYTHM] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~2.lnk - c:\windows\installer\{21e49794-7c13-4e84-8659-55bd378267d5}\WHSTrayApp.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper200711281.dll
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www2.snapfish.com/SnapfishActivia.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} - hxxp://aolsvc.aol.com/onlinegames/free-trial-burger-shop/GoBitGamesPlayer_v4.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://aolsvc.aol.com/onlinegames/bejeweled2/popcaploader_v10.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} - hxxp://samsclubus.pnimedia.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
Hosts: 192.168.1.69 HP000D9D1F9F1D
Hosts: 192.168.1.120 7913WBDN #Windows Home Server#
============= SERVICES / DRIVERS ===============

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 149040]
R2 WHSConnector;Windows Home Server Connector Service;c:\program files\windows home server\WHSConnector.exe [2009-10-7 376680]
S3 BackupReader;BackupReader;c:\windows\system32\drivers\BackupReader.sys [2008-7-12 46368]

=============== Created Last 30 ================

2010-06-28 22:04:17 0 ----a-w- c:\documents and settings\owner\defogger_reenable
2010-06-28 17:49:57 0 d-----w- c:\program files\Microsoft Security Essentials
2010-06-28 17:43:48 0 d-----w- c:\program files\CONEXANT
2010-06-28 01:59:16 0 d-sh--w- C:\found.000
2010-06-25 12:27:55 0 ----a-w- c:\windows\Onucimo.bin
2010-06-25 12:27:54 120 ----a-w- c:\windows\Mdozu.dat
2010-06-10 20:04:21 0 d-----w- C:\Windows Home Server Drivers for Restore
2010-06-10 04:32:03 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-07 19:05:56 27136 ----a-w- c:\windows\system32\PCWizard.cpl
2010-06-07 19:05:46 0 d-----w- c:\program files\CPUID
2010-06-06 22:44:11 20608 -c--a-w- c:\windows\system32\dllcache\usbuhci.sys
2010-06-06 22:44:11 20608 ----a-w- c:\windows\system32\drivers\usbuhci.sys

==================== Find3M ====================

2010-05-21 18:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-20 20:32:03 68577 ----a-w- c:\windows\hpoins05.dat
2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-16 12:33:36 3003680 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-04-08 17:20:02 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 17:20:02 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-03-31 04:16:34 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-03-31 04:10:40 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2008-10-01 00:51:00 466944 ----a-w- c:\program files\StroboSoft VST sLINK.dll
2007-07-20 23:21:59 774144 ----a-w- c:\program files\RngInterstitial.dll
2008-10-01 15:17:50 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008100120081002\index.dat

============= FINISH: 18:08:02.96 ===============



Thanks for the help!

Kerry

Attached Files



BC AdBot (Login to Remove)

 


#2 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:04:40 AM

Posted 02 July 2010 - 11:06 PM

Hi kerry21,

Welcome to Bleeping Computer!

My name is mpascal, and I will be helping you fix your problem.

Before we begin, I would like to make a few things clear so that we can fix your problem as efficiently as possible:
  • Be sure to follow all my instructions carefully! If there is anything you don't understand, don't hesitate to ask.
  • Please do not do anything or perform other steps unless I have asked you to do so.
  • Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.
  • Don't attach any logs unless asked. Posting them in the forums will make them easier to analyze.
  • If you are unsure of how to reply, or need help with anything regarding the website, please look here.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

STEP 1 - GMER

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.

STEP 2 - OTL

Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • In the Custom Scans box, copy and paste the following:
    CODE
    netsvcs
    safebootminimal
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of the files, and post it with your next reply.
STEP 3 - Reply

Please reply with the following logs:
  • GMER Log
  • OTL Log

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#3 kerry21

kerry21
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:05:40 AM

Posted 06 July 2010 - 04:06 PM

Sorry for the delay-let's blame it on the holiday!

I will download and send logs asap.

Thanks,

Kerry

#4 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:04:40 AM

Posted 06 July 2010 - 06:09 PM

Hi there,

Not a problem, thanks for the update. smile.gif

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#5 kerry21

kerry21
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:05:40 AM

Posted 06 July 2010 - 10:53 PM

OTL logfile created on: 7/6/2010 11:43:52 PM - Run 2
OTL by OldTimer - Version 3.2.7.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 67.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 576 1152 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.23 Gb Total Space | 12.06 Gb Free Space | 16.94% Space Free | Partition Type: NTFS
Drive D: | 3.30 Gb Total Space | 1.13 Gb Free Space | 34.17% Space Free | Partition Type: FAT32
Drive E: | 298.09 Gb Total Space | 183.16 Gb Free Space | 61.45% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive M: | 3.84 Gb Total Space | 3.83 Gb Free Space | 99.86% Space Free | Partition Type: FAT32

Computer Name: SPD4U
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Home Server\WHSTrayApp.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Home Server\WHSConnector.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files\Common Files\AOL\1129654905\ee\aolsoftware.exe (AOL LLC)
PRC - C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft ActiveSync\rapimgr.exe (Microsoft Corporation)
PRC - c:\Program Files\Common Files\AOL\1129654905\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe ()
PRC - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (AOL LLC)
PRC - C:\Program Files\Microsoft Location Finder\LocationFinder.exe (Microsoft Corporation)
PRC - C:\WINDOWS\wanmpsvc.exe (America Online, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (Adobe Version Cue CS3) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe File not found
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV - (WHSConnector) -- C:\Program Files\Windows Home Server\WHSConnector.exe (Microsoft Corporation)
SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (AOL LLC)
SRV - (PrismXL) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)
SRV - (WANMiniportService) WAN Miniport (ATW) -- C:\WINDOWS\wanmpsvc.exe (America Online, Inc.)


========== Driver Services (SafeList) ==========

DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\System32\drivers\ALCXWDM.SYS File not found
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (MpFilter) -- C:\WINDOWS\system32\drivers\MpFilter.sys (Microsoft Corporation)
DRV - (BackupReader) -- C:\WINDOWS\system32\drivers\BackupReader.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (MXOPSWD) -- C:\WINDOWS\system32\drivers\mxopswd.sys (Maxtor Corp.)
DRV - (SunkFilt) -- C:\WINDOWS\system32\drivers\Sunkfilt.sys (Alcor Micro Corp.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (S3SavageNB) -- C:\WINDOWS\system32\drivers\s3gnbm.sys (S3 Graphics, Inc.)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation )
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)
DRV - (PQNTDrv) -- C:\WINDOWS\System32\drivers\PQNTDRV.sys (PowerQuest Corporation)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (mxnic) -- C:\WINDOWS\system32\drivers\mxnic.sys (Macronix International Co., Ltd. )


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 38 EF 53 E6 DD 16 CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..keyword.URL: "http://aolsearch.aol.com/aol/search?invocationType=client_searchbox&query="


FF - HKLM\software\mozilla\Firefox\Extensions\\{DB230872-3C4A-442E-889A-5CF0102E4402}: C:\Documents and Settings\Owner\Local Settings\Application Data\{DB230872-3C4A-442E-889A-5CF0102E4402}\ [2010/06/26 00:15:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{0980F340-25F7-4D30-BCBB-6A0B56E63F3E}: C:\Documents and Settings\Owner\Local Settings\Application Data\{0980F340-25F7-4D30-BCBB-6A0B56E63F3E}\ [2010/06/26 00:15:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2279CE87-D2E8-4F4F-9357-42B7704E95E9}: C:\Documents and Settings\Owner\Local Settings\Application Data\{2279CE87-D2E8-4F4F-9357-42B7704E95E9}\ [2010/06/26 00:09:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{9FC63E82-C094-4A57-B9E9-A945363B68BC}: C:\Documents and Settings\Owner\Local Settings\Application Data\{9FC63E82-C094-4A57-B9E9-A945363B68BC}\ [2010/06/26 00:09:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2DA3EB77-3D62-4EFB-866C-E379AF4A30C6}: C:\Documents and Settings\Owner\Local Settings\Application Data\{2DA3EB77-3D62-4EFB-866C-E379AF4A30C6}\ [2010/06/26 00:29:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2B9BB56B-58B1-47A8-A1AB-B2D7792DA041}: C:\Documents and Settings\Owner\Local Settings\Application Data\{2B9BB56B-58B1-47A8-A1AB-B2D7792DA041}\ [2010/06/26 01:03:15 | 000,000,000 | ---D | M]

[2010/06/28 11:25:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\5bwyv5fx.default\extensions
[2010/06/28 11:25:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\5bwyv5fx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/06/19 22:32:11 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\5bwyv5fx.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2006/12/03 16:28:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\5bwyv5fx.default\extensions\{69D30031-F4A8-452a-A5B3-5D6787C3C5CF}
[2010/06/28 13:26:38 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2005/04/27 16:10:49 | 000,102,400 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npracplug.dll
[2008/06/03 01:35:57 | 000,002,275 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\aolsearch.xml

O1 HOSTS File: ([2010/05/20 16:28:55 | 000,000,841 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts:
O1 - Hosts: 192.168.1.69 HP000D9D1F9F1D
O1 - Hosts: 192.168.1.120 7913WBDN #Windows Home Server#
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - E:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (BrowserHelper Class) - {9A065C65-4EE7-4DDD-9918-F129089A894A} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - E:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (Home Server Banner) - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No CLSID value found.
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE File not found
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1129654905\ee\aolsoftware.exe (AOL LLC)
O4 - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Jvefanitesuzupi] C:\WINDOWS\kbdhpup.DLL File not found
O4 - HKCU..\Run: [Microsoft Location Finder] C:\Program Files\Microsoft Location Finder\LocationFinder.exe (Microsoft Corporation)
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Home Server.lnk = C:\WINDOWS\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll (Installation Support)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www2.snapfish.com/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase6087.cab (Windows Live Safety Center Base Module)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/...tiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} http://aolsvc.aol.com/onlinegames/free-tri...esPlayer_v4.cab (GoBit Games Player)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-31-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://aolsvc.aol.com/onlinegames/bejewele...ploader_v10.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} http://samsclubus.pnimedia.com/upload/acti...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll (PCPitstop Exam)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/03/23 14:13:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/09/13 12:15:24 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2003/08/08 17:24:26 | 000,000,045 | -HS- | M] () - D:\autorun.inf.aug.8 -- [ FAT32 ]
O32 - AutoRun File - [2007/09/15 15:53:38 | 000,017,920 | ---- | M] () - E:\auto purchase spreadsheet.xls -- [ NTFS ]
O33 - MountPoints2\{223e93ad-c410-11d9-b44b-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{223e93ad-c410-11d9-b44b-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{26aae926-4823-11dc-8c69-00038a000015}\Shell\AutoRun\command - "" = L:\JDSecure\Windows\JDSecure20.exe -- File not found
O33 - MountPoints2\{85066150-ea98-11de-8d47-00038a000015}\Shell\AutoRun\command - "" = L:\RDEapp.exe -- File not found
O33 - MountPoints2\{9546c4ea-eafb-11dc-8c8f-00038a000015}\Shell\AutoRun\command - "" = .\Encryption Tool\MaxtorEncryption.exe
O33 - MountPoints2\{9cff4e28-e609-11dc-8c8e-00038a000015}\Shell\AutoRun\command - "" = L:\Launch.exe -- File not found
O33 - MountPoints2\Y\Shell\AutoRun\command - "" = .\Encryption Tool\MaxtorEncryption.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

SafeBootMin: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: MsMpSvc - C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (69537929998893056)

========== Files/Folders - Created Within 30 Days ==========

[2010/07/06 17:20:06 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/06/28 18:20:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\gmer
[2010/06/28 17:01:02 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/06/28 13:49:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/06/28 13:43:48 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2010/06/28 12:24:47 | 011,862,896 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Owner\Desktop\mssefullinstall-x86fre-en-us-xp.exe
[2010/06/28 04:28:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/06/28 04:28:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/06/27 21:59:16 | 000,000,000 | -HSD | C] -- C:\found.000
[2010/06/27 17:27:24 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/06/27 01:24:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2010/06/26 01:03:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\{2B9BB56B-58B1-47A8-A1AB-B2D7792DA041}
[2010/06/26 00:29:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\{2DA3EB77-3D62-4EFB-866C-E379AF4A30C6}
[2010/06/26 00:18:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/06/26 00:18:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\epbwkhjxb
[2010/06/25 12:27:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\{9FC63E82-C094-4A57-B9E9-A945363B68BC}
[2010/06/25 12:02:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\{2279CE87-D2E8-4F4F-9357-42B7704E95E9}
[2010/06/25 11:23:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\{0980F340-25F7-4D30-BCBB-6A0B56E63F3E}
[2010/06/25 10:24:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2010/06/25 10:24:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
[2010/06/25 08:38:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/06/25 08:27:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\{DB230872-3C4A-442E-889A-5CF0102E4402}
[2010/06/18 23:47:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Western Union field solutions
[2010/06/10 16:04:21 | 000,000,000 | ---D | C] -- C:\Windows Home Server Drivers for Restore
[2010/06/10 00:32:03 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2010/06/07 15:05:56 | 000,027,136 | ---- | C] (CPUID) -- C:\WINDOWS\System32\PCWizard.cpl
[2010/06/07 15:05:46 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID
[2010/06/07 15:04:20 | 005,429,551 | ---- | C] (Laurent KUTIL & Franck DELATTRE ) -- C:\Documents and Settings\Owner\Desktop\pc-wizard_2010.1.94-setup.exe
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/06 23:42:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{AA0A052A-579A-4BA7-A05D-3EBF92A65430}.job
[2010/07/06 17:18:24 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/07/06 17:17:12 | 000,002,299 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Home Server.lnk
[2010/07/06 17:16:52 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/06 17:11:55 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/06 17:11:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/06 17:11:38 | 2145,964,032 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/06 17:10:40 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/07/06 17:08:44 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\kot41f5b.exe
[2010/06/29 12:44:58 | 011,010,048 | ---- | M] () -- C:\Documents and Settings\Owner\ntuser.dat
[2010/06/29 12:44:58 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/06/28 18:18:41 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2010/06/28 18:04:17 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\defogger_reenable
[2010/06/28 17:46:16 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2010/06/28 17:41:42 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Defogger.exe
[2010/06/28 16:46:48 | 003,722,957 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2010/06/28 13:50:04 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/06/28 12:24:47 | 011,862,896 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Owner\Desktop\mssefullinstall-x86fre-en-us-xp.exe
[2010/06/28 08:18:18 | 000,002,649 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\999ie8props.propdesc
[2010/06/28 07:35:44 | 000,000,596 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\virus names.rtf
[2010/06/27 16:14:33 | 000,057,308 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\999ACRORD32INFO.EXE-242CE4AA.pf
[2010/06/27 14:16:57 | 000,000,852 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/27 14:16:57 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/06/27 14:16:57 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/06/27 13:56:38 | 000,000,340 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\neat sayings.rtf
[2010/06/27 08:47:38 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Mdozu.dat
[2010/06/27 08:47:38 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Onucimo.bin
[2010/06/26 00:53:36 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/06/26 00:33:29 | 000,073,247 | ---- | M] () -- C:\VETlog.dmp
[2010/06/25 10:28:46 | 000,002,523 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\999ufoyaxukow.dll
[2010/06/24 00:20:45 | 000,537,080 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/24 00:20:45 | 000,466,760 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/24 00:20:45 | 000,079,850 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/23 22:20:07 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/06/15 18:30:39 | 000,037,376 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/15 18:15:09 | 002,465,863 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Italian-Chewing-Gum.wmv
[2010/06/10 03:49:22 | 001,640,904 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/10 03:29:19 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/07 15:05:57 | 000,000,755 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\PC Wizard 2010.lnk
[2010/06/07 15:05:57 | 000,000,737 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\PC Wizard 2010.lnk
[2010/06/07 15:04:32 | 005,429,551 | ---- | M] (Laurent KUTIL & Franck DELATTRE ) -- C:\Documents and Settings\Owner\Desktop\pc-wizard_2010.1.94-setup.exe
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/06 17:20:01 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\kot41f5b.exe
[2010/06/28 18:12:45 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2010/06/28 18:04:17 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\defogger_reenable
[2010/06/28 18:03:34 | 003,722,957 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2010/06/28 18:03:34 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2010/06/28 18:03:34 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Defogger.exe
[2010/06/28 13:55:49 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/06/28 13:50:03 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/06/28 12:03:00 | 000,057,308 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\999ACRORD32INFO.EXE-242CE4AA.pf
[2010/06/28 08:18:43 | 000,002,649 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\999ie8props.propdesc
[2010/06/28 07:35:44 | 000,000,596 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\virus names.rtf
[2010/06/27 13:56:38 | 000,000,340 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\neat sayings.rtf
[2010/06/26 00:52:04 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/06/26 00:22:56 | 2145,964,032 | -HS- | C] () -- C:\hiberfil.sys
[2010/06/25 10:28:46 | 000,002,523 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\999ufoyaxukow.dll
[2010/06/25 08:27:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Onucimo.bin
[2010/06/25 08:27:54 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Mdozu.dat
[2010/06/15 18:14:59 | 002,465,863 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Italian-Chewing-Gum.wmv
[2010/06/07 15:05:57 | 000,000,755 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\PC Wizard 2010.lnk
[2010/06/07 15:05:57 | 000,000,737 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\PC Wizard 2010.lnk
[2010/05/20 16:28:29 | 000,000,657 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2009/12/16 20:28:02 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\proxydll.dll
[2009/12/16 20:28:02 | 000,000,507 | ---- | C] () -- C:\WINDOWS\WinSig.Ini
[2009/12/16 20:28:02 | 000,000,144 | ---- | C] () -- C:\WINDOWS\Reader.Ini
[2009/12/16 20:28:01 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\Implode.dll
[2009/12/16 20:26:52 | 000,002,682 | ---- | C] () -- C:\WINDOWS\WinRos.Ini
[2009/08/26 15:10:11 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2009/05/13 02:43:17 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/01/26 23:09:58 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/03/08 09:38:36 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/02/25 20:32:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2005/12/31 20:22:19 | 000,000,227 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/10/15 00:10:11 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/10/14 22:33:50 | 000,000,428 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2005/10/14 22:33:49 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2005/05/09 14:36:34 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/03/24 00:07:42 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/03/23 12:53:24 | 000,001,420 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/03/23 12:53:24 | 000,000,481 | ---- | C] () -- C:\WINDOWS\System32\emver.ini

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2005/12/06 11:05:00 | 000,010,920 | ---- | M] () -- C:\aolconnfix.exe
[2005/12/06 11:05:00 | 000,001,039 | ---- | M] () -- C:\aolconnfix.txt
[2005/03/23 14:13:17 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2007/08/26 18:00:45 | 027,446,200 | ---- | M] (Avery ) -- C:\Avery_Wizard_31.exe
[2010/06/27 14:16:57 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA00.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA01.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA02.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA03.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA04.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA05.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA06.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA07.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA08.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA09.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA0A.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA0B.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA0C.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA0D.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA0E.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA0F.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA10.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA11.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA12.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA13.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA14.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA15.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA16.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA17.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA18.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA19.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA1A.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA1B.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA1C.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA1D.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA1E.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA1F.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA20.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA21.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA22.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA23.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA24.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA25.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA26.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA27.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA28.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA29.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA2A.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA2B.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA2C.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA2D.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA2E.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA2F.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA30.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA31.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA32.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA33.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA34.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA35.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA36.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA37.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA38.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA39.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA3A.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA3B.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA3C.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA3D.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA3E.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA3F.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA40.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA41.IDX
[2007/05/15 14:15:54 | 000,000,042 | ---- | M] () -- C:\CA42.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA43.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA44.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA45.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA46.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA47.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA48.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA49.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA4A.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA4B.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA4C.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA4D.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA4E.IDX
[2007/09/16 19:49:50 | 000,000,042 | ---- | M] () -- C:\CA4F.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA50.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA51.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA52.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA53.IDX
[2007/05/15 12:49:24 | 000,000,042 | ---- | M] () -- C:\CA54.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA55.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA56.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA57.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA58.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA59.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA5A.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA5B.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA5C.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA5D.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA5E.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA5F.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA60.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA61.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA62.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA63.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA64.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA65.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA66.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA67.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA68.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA69.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA6A.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA6B.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA6C.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA6D.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA6E.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA6F.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA70.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA71.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA72.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA73.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA74.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA75.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA76.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA77.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA78.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA79.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA7A.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA7B.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA7C.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA7D.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA7E.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA7F.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA80.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA81.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA82.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA83.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA84.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA85.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA86.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA87.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA88.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA89.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA8A.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA8B.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA8C.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA8D.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA8E.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA8F.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA90.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA91.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA92.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA93.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA94.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA95.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA96.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA97.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA98.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA99.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA9A.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA9B.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA9C.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA9D.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA9E.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CA9F.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CAA0.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CAA1.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CAA2.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CAA3.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CAA4.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CAA5.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CAA6.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CAA7.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CAA8.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CAA9.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CAAA.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CAAB.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CAAC.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CAAD.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CAAE.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CAAF.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CAB0.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CAB1.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CAB2.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CAB3.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CAB4.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CAB5.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CAB6.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CAB7.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CAB8.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CAB9.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CABA.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CABB.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CABC.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CABD.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CABE.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CABF.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CAC0.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CAC1.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CAC2.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CAC3.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CAC4.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CAC5.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CAC6.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CAC7.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CAC8.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CAC9.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CACA.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CACB.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CACC.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CACD.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CACE.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CACF.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CAD0.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CAD1.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CAD2.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CAD3.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CAD4.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CAD5.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CAD6.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CAD7.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CAD8.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CAD9.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CADA.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CADB.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CADC.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CADD.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CADE.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CADF.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CAE0.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CAE1.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CAE2.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CAE3.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CAE4.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CAE5.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CAE6.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CAE7.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CAE8.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CAE9.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CAEA.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CAEB.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CAEC.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CAED.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CAEE.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CAEF.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CAF0.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CAF1.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CAF2.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CAF3.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CAF4.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CAF5.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CAF6.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CAF7.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CAF8.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CAF9.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CAFA.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CAFB.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CAFC.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CAFD.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CAFE.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CAFF.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CAUC.IDX
[2007/09/16 19:49:50 | 000,003,080 | ---- | M] () -- C:\CDBIDXL.DAT
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH00.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH01.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH02.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH03.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH04.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH05.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH06.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH07.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH08.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH09.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH0A.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH0B.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH0C.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH0D.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH0E.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH0F.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH10.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH11.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH12.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH13.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH14.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH15.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH16.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH17.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH18.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH19.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH1A.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH1B.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH1C.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH1D.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH1E.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH1F.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH20.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH21.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH22.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH23.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH24.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH25.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH26.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH27.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH28.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH29.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH2A.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH2B.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH2C.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH2D.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH2E.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH2F.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH30.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH31.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH32.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH33.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH34.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH35.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH36.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH37.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH38.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH39.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH3A.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH3B.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH3C.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH3D.IDX
[2007/09/16 19:49:50 | 000,000,038 | ---- | M] () -- C:\CH3E.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH3F.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH40.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH41.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH42.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH43.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH44.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH45.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH46.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH47.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH48.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH49.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH4A.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH4B.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH4C.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH4D.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH4E.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH4F.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH50.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH51.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH52.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH53.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH54.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH55.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH56.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH57.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH58.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH59.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH5A.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH5B.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH5C.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH5D.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH5E.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH5F.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH60.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH61.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH62.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH63.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH64.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH65.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH66.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH67.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH68.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH69.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH6A.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH6B.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH6C.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH6D.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH6E.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH6F.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH70.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH71.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH72.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH73.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH74.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH75.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH76.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH77.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH78.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH79.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH7A.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH7B.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH7C.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH7D.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH7E.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH7F.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH80.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH81.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH82.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH83.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH84.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH85.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH86.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH87.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH88.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH89.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH8A.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH8B.IDX
[2007/05/15 14:15:54 | 000,000,038 | ---- | M] () -- C:\CH8C.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH8D.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH8E.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH8F.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH90.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH91.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH92.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH93.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH94.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH95.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH96.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH97.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH98.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH99.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH9A.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH9B.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH9C.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH9D.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH9E.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CH9F.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CHA0.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CHA1.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CHA2.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CHA3.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CHA4.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CHA5.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CHA6.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CHA7.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CHA8.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CHA9.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CHAA.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CHAB.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CHAC.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CHAD.IDX
[2007/05/15 12:49:24 | 000,000,038 | ---- | M] () -- C:\CHAE.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CHAF.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CHB0.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CHB1.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CHB2.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CHB3.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CHB4.IDX
[2007/05/15 12:49:18 | 000,000,030 | ---- | M] () -- C:\CHB5.IDX
[2007/05/15 12:49:19 | 000,000,030 | ---- | M] () -- C:\CHB6.IDX
[2007/05/15 12:49:19 | 000,000,030 | ---- | M] () -- C:\CHB7.IDX
[2007/05/15 12:49:19 | 000,000,030 | ---- | M] () -- C:\CHB8.IDX
[2007/05/15 12:49:19 | 000,000,030 | ---- | M] () -- C:\CHB9.IDX
[2007/05/15 12:49:19 | 000,000,030 | ---- | M] () -- C:\CHBA.IDX
[2007/05/15 12:49:19 | 000,000,030 | ---- | M] () -- C:\CHBB.IDX
[2007/05/15 12:49:19 | 000,000,030 | ---- | M] () -- C:\CHBC.IDX
[2007/05/15 12:49:19 | 000,000,030 | ---- | M] () -- C:\CHBD.IDX
[2007/05/15 12:49:19 | 000,000,030 | ---- | M] () -- C:\CHBE.IDX
[2007/05/15 12:49:19 | 000,000,030 | ---- | M] () -- C:\CHBF.IDX
[2007/05/15 12:49:19 | 000,000,030 | ---- | M] () -- C:\CHC0.IDX
[2007/05/15 12:49:19 | 000,000,030 | ---- | M] () -- C:\CHC1.IDX
[2007/05/15 12:49:19 | 000,000,030 | ---- | M] () -- C:\CHC2.IDX
[2007/05/15 12:49:19 | 000,000,030 | ---- | M] () -- C:\CHC3.IDX
[2007/05/15 12:49:19 | 000,000,030 | ---- | M] () -- C:\CHC4.IDX
[2007/05/15 12:49:19 | 000,000,030 | ---- | M] () -- C:\CHC5.IDX
[2007/05/15 12:49:19 | 000,000,030 | ---- | M] () -- C:\CHC6.IDX
[2007/05/15 12:49:19 | 000,000,030 | ---- | M] () -- C:\CHC7.IDX
[2007/05/15 12:49:19 | 000,000,030 | ---- | M] () -- C:\CHC8.IDX
[2007/05/15 12:49:19 | 000,000,030 | ---- | M] () -- C:\CHC9.IDX
[2007/05/15 12:49:19 | 000,000,030 | ---- | M] () -- C:\CHCA.IDX
[2007/05/15 12:49:19 | 000,000,030 | ---- | M] () -- C:\CHCB.IDX
[2007/05/15 12:49:19 | 000,000,030 | ---- | M] () -- C:\CHCC.IDX
[2007/05/15 12:49:19 | 000,000,030 | ---- | M] () -- C:\CHCD.IDX
[2007/05/15 12:49:19 | 000,000,030 | ---- | M] () -- C:\CHCE.IDX
[2007/05/15 12:49:19 | 000,000,030 | ---- | M] () -- C:\CHCF.IDX
[2007/05/15 12:49:19 | 000,000,030 | ---- | M] () -- C:\CHD0.IDX
[2007/05/15 12:49:19 | 000,000,030 | ---- | M] () -- C:\CHD1.IDX
[2007/05/15 12:49:19 | 000,000,030 | ---- | M] () -- C:\CHD2.IDX
[2007/05/15 12:49:19 | 000,000,030 | ---- | M] () -- C:\CHD3.IDX
[2007/05/15 12:49:19 | 000,000,030 | ---- | M] () -- C:\CHD4.IDX
[2007/05/15 12:49:19 | 000,000,030 | ---- | M] () -- C:\CHD5.IDX
[2007/05/15 12:49:19 | 000,000,030 | ---- | M] () -- C:\CHD6.IDX
[2007/05/15 12:49:19 | 000,000,030 | ---- | M] () -- C:\CHD7.IDX
[2007/05/15 12:49:19 | 000,000,030 | ---- | M] () -- C:\CHD8.IDX
[2007/05/15 12:49:19 | 000,000,030 | ---- | M] () -- C:\CHD9.IDX
[2007/05/15 12:49:19 | 000,000,030 | ---- | M] () -- C:\CHDA.IDX
[2007/05/15 12:49:19 | 000,000,030 | ---- | M] () -- C:\CHDB.IDX
[2007/05/15 12:49:19 | 000,000,030 | ---- | M] () -- C:\CHDC.IDX
[2007/05/15 12:49:19 | 000,000,030 | ---- | M] () -- C:\CHDD.IDX
[2007/05/15 12:49:19 | 000,000,030 | ---- | M] () -- C:\CHDE.IDX
[2007/05/15 12:49:19 | 000,000,030 | ---- | M] () -- C:\CHDF.IDX
[2007/05/15 12:49:19 | 000,000,030 | ---- | M] () -- C:\CHE0.IDX
[2007/05/15 12:49:19 | 000,000,030 | ---- | M] () -- C:\CHE1.IDX
[2007/05/15 12:49:19 | 000,000,030 | ---- | M] () -- C:\CHE2.IDX
[2007/05/15 12:49:19 | 000,000,030 | ---- | M] () -- C:\CHE3.IDX
[2007/05/15 12:49:19 | 000,000,030 | ---- | M] () -- C:\CHE4.IDX
[2007/05/15 12:49:19 | 000,000,030 | ---- | M] () -- C:\CHE5.IDX
[2007/05/15 12:49:19 | 000,000,030 | ---- | M] () -- C:\CHE6.IDX
[2007/05/15 12:49:19 | 000,000,030 | ---- | M] () -- C:\CHE7.IDX
[2007/05/15 12:49:19 | 000,000,030 | ---- | M] () -- C:\CHE8.IDX
[2007/05/15 12:49:19 | 000,000,030 | ---- | M] () -- C:\CHE9.IDX
[2007/05/15 12:49:19 | 000,000,030 | ---- | M] () -- C:\CHEA.IDX
[2007/05/15 12:49:19 | 000,000,030 | ---- | M] () -- C:\CHEB.IDX
[2007/05/15 12:49:19 | 000,000,030 | ---- | M] () -- C:\CHEC.IDX
[2007/05/15 12:49:19 | 000,000,030 | ---- | M] () -- C:\CHED.IDX
[2007/05/15 12:49:19 | 000,000,030 | ---- | M] () -- C:\CHEE.IDX
[2007/05/15 12:49:19 | 000,000,030 | ---- | M] () -- C:\CHEF.IDX
[2007/05/15 12:49:19 | 000,000,030 | ---- | M] () -- C:\CHF0.IDX
[2007/05/15 12:49:19 | 000,000,030 | ---- | M] () -- C:\CHF1.IDX
[2007/05/15 12:49:19 | 000,000,030 | ---- | M] () -- C:\CHF2.IDX
[2007/05/15 12:49:19 | 000,000,030 | ---- | M] () -- C:\CHF3.IDX
[2007/05/15 12:49:19 | 000,000,030 | ---- | M] () -- C:\CHF4.IDX
[2007/05/15 12:49:19 | 000,000,030 | ---- | M] () -- C:\CHF5.IDX
[2007/05/15 12:49:19 | 000,000,030 | ---- | M] () -- C:\CHF6.IDX
[2007/05/15 12:49:19 | 000,000,030 | ---- | M] () -- C:\CHF7.IDX
[2007/05/15 12:49:19 | 000,000,030 | ---- | M] () -- C:\CHF8.IDX
[2007/05/15 12:49:19 | 000,000,030 | ---- | M] () -- C:\CHF9.IDX
[2007/05/15 12:49:19 | 000,000,030 | ---- | M] () -- C:\CHFA.IDX
[2007/05/15 12:49:19 | 000,000,030 | ---- | M] () -- C:\CHFB.IDX
[2007/05/15 12:49:19 | 000,000,030 | ---- | M] () -- C:\CHFC.IDX
[2007/05/15 12:49:19 | 000,000,030 | ---- | M] () -- C:\CHFD.IDX
[2007/05/15 12:49:19 | 000,000,030 | ---- | M] () -- C:\CHFE.IDX
[2007/05/15 12:49:19 | 000,000,030 | ---- | M] () -- C:\CHFF.IDX
[2005/03/23 14:13:17 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT00.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT01.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT02.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT03.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT04.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT05.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT06.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT07.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT08.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT09.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT0A.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT0B.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT0C.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT0D.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT0E.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT0F.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT10.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT11.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT12.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT13.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT14.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT15.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT16.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT17.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT18.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT19.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT1A.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT1B.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT1C.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT1D.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT1E.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT1F.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT20.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT21.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT22.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT23.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT24.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT25.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT26.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT27.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT28.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT29.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT2A.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT2B.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT2C.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT2D.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT2E.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT2F.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT30.IDX
[2007/05/15 14:15:54 | 000,000,042 | ---- | M] () -- C:\CT31.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT32.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT33.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT34.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT35.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT36.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT37.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT38.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT39.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT3A.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT3B.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT3C.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT3D.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT3E.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT3F.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT40.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT41.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT42.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT43.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT44.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT45.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT46.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT47.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT48.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT49.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT4A.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT4B.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT4C.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT4D.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT4E.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT4F.IDX
[2007/05/15 12:49:24 | 000,000,042 | ---- | M] () -- C:\CT50.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT51.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT52.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT53.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT54.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT55.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT56.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT57.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT58.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT59.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT5A.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT5B.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT5C.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT5D.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT5E.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT5F.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT60.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT61.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT62.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT63.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT64.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT65.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT66.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT67.IDX
[2007/09/16 19:49:50 | 000,000,042 | ---- | M] () -- C:\CT68.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT69.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT6A.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT6B.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT6C.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT6D.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT6E.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT6F.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT70.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT71.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT72.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT73.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT74.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT75.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT76.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT77.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT78.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT79.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT7A.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT7B.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT7C.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT7D.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT7E.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT7F.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT80.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT81.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT82.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT83.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT84.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT85.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT86.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT87.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT88.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT89.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT8A.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT8B.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT8C.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT8D.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT8E.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT8F.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT90.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT91.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT92.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT93.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT94.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT95.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT96.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT97.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT98.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT99.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT9A.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT9B.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT9C.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT9D.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT9E.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CT9F.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CTA0.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CTA1.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CTA2.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CTA3.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CTA4.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CTA5.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CTA6.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CTA7.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CTA8.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CTA9.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CTAA.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CTAB.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CTAC.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CTAD.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CTAE.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CTAF.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CTB0.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CTB1.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CTB2.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CTB3.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CTB4.IDX
[2007/05/15 12:49:18 | 000,000,032 | ---- | M] () -- C:\CTB5.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CTB6.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CTB7.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CTB8.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CTB9.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CTBA.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CTBB.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CTBC.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CTBD.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CTBE.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CTBF.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CTC0.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CTC1.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CTC2.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CTC3.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CTC4.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CTC5.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CTC6.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CTC7.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CTC8.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CTC9.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CTCA.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CTCB.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CTCC.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CTCD.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CTCE.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CTCF.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CTD0.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CTD1.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CTD2.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CTD3.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CTD4.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CTD5.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CTD6.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CTD7.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CTD8.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CTD9.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CTDA.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CTDB.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CTDC.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CTDD.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CTDE.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CTDF.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CTE0.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CTE1.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CTE2.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CTE3.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CTE4.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CTE5.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CTE6.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CTE7.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CTE8.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CTE9.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CTEA.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CTEB.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CTEC.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CTED.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CTEE.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CTEF.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CTF0.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CTF1.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CTF2.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CTF3.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CTF4.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CTF5.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CTF6.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CTF7.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CTF8.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CTF9.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CTFA.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CTFB.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CTFC.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CTFD.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CTFE.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CTFF.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\CTUC.IDX
[2007/07/27 20:57:57 | 000,000,101 | ---- | M] () -- C:\DownloadLog.txt
[2010/07/06 17:11:38 | 2145,964,032 | -HS- | M] () -- C:\hiberfil.sys
[2009/01/13 18:06:18 | 000,000,170 | ---- | M] () -- C:\ImageExport.log
[2005/03/23 14:13:17 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2007/02/01 23:59:33 | 000,004,065 | ---- | M] () -- C:\journal entry of feb 1 2007.txt
[2007/08/21 20:24:39 | 000,057,541 | ---- | M] () -- C:\KerryKelleytechnicalresume with education addendum (6).doc
[2007/08/31 17:42:46 | 000,156,028 | ---- | M] () -- C:\libmp3lame-win-3.97.zip
[2007/08/21 19:47:51 | 000,040,960 | ---- | M] () -- C:\management resume.doc
[2005/03/23 14:13:17 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2007/09/16 19:49:50 | 000,002,477 | ---- | M] () -- C:\NECDB.DAT
[2007/09/16 19:49:50 | 000,006,552 | ---- | M] () -- C:\NETRKDB.DAT
[2007/07/09 16:52:03 | 000,001,090 | ---- | M] () -- C:\net_save.dna
[2004/08/04 15:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/10/01 08:57:13 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/07/06 17:11:33 | 603,979,776 | -HS- | M] () -- C:\pagefile.sys
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA00.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA01.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA02.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA03.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA04.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA05.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA06.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA07.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA08.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA09.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA0A.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA0B.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA0C.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA0D.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA0E.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA0F.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA10.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA11.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA12.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA13.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA14.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA15.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA16.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA17.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA18.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA19.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA1A.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA1B.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA1C.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA1D.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA1E.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA1F.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA20.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA21.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA22.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA23.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA24.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA25.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA26.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA27.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA28.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA29.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA2A.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA2B.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA2C.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA2D.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA2E.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA2F.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA30.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA31.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA32.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA33.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA34.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA35.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA36.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA37.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA38.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA39.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA3A.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA3B.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA3C.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA3D.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA3E.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA3F.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA40.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA41.IDX
[2007/05/15 14:15:54 | 000,000,302 | ---- | M] () -- C:\SA42.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA43.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA44.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA45.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA46.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA47.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA48.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA49.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA4A.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA4B.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA4C.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA4D.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA4E.IDX
[2007/09/16 19:49:50 | 000,000,082 | ---- | M] () -- C:\SA4F.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA50.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA51.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA52.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA53.IDX
[2007/05/15 12:49:24 | 000,000,172 | ---- | M] () -- C:\SA54.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA55.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA56.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA57.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA58.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA59.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA5A.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA5B.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA5C.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA5D.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA5E.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA5F.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA60.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA61.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA62.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA63.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA64.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA65.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA66.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA67.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA68.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA69.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA6A.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA6B.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA6C.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA6D.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA6E.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA6F.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA70.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA71.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA72.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA73.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA74.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA75.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA76.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA77.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA78.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA79.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA7A.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA7B.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA7C.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA7D.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA7E.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA7F.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA80.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA81.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA82.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA83.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA84.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA85.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA86.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA87.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA88.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA89.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA8A.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA8B.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA8C.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA8D.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA8E.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA8F.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA90.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA91.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA92.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA93.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA94.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA95.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA96.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA97.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA98.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA99.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA9A.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA9B.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA9C.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA9D.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA9E.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SA9F.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SAA0.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SAA1.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SAA2.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SAA3.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SAA4.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SAA5.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SAA6.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SAA7.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SAA8.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SAA9.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SAAA.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SAAB.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SAAC.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SAAD.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SAAE.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SAAF.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SAB0.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SAB1.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SAB2.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SAB3.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SAB4.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SAB5.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SAB6.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SAB7.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SAB8.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SAB9.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SABA.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SABB.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SABC.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SABD.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SABE.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SABF.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SAC0.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SAC1.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SAC2.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SAC3.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SAC4.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SAC5.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SAC6.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SAC7.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SAC8.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SAC9.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SACA.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SACB.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SACC.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SACD.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SACE.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SACF.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SAD0.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SAD1.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SAD2.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SAD3.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SAD4.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SAD5.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SAD6.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SAD7.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SAD8.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SAD9.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SADA.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SADB.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SADC.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SADD.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SADE.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SADF.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SAE0.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SAE1.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SAE2.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SAE3.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SAE4.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SAE5.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SAE6.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SAE7.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SAE8.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SAE9.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SAEA.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SAEB.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SAEC.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SAED.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SAEE.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SAEF.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SAF0.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SAF1.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SAF2.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SAF3.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SAF4.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SAF5.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SAF6.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SAF7.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SAF8.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SAF9.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SAFA.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SAFB.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SAFC.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SAFD.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SAFE.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SAFF.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\SAUC.IDX
[2008/03/05 15:46:05 | 000,000,289 | ---- | M] () -- C:\Shortcut to OneTouch4 Mini (L).lnk
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST00.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST01.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST02.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST03.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST04.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST05.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST06.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST07.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST08.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST09.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST0A.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST0B.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST0C.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST0D.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST0E.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST0F.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST10.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST11.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST12.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST13.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST14.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST15.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST16.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST17.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST18.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST19.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST1A.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST1B.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST1C.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST1D.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST1E.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST1F.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST20.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST21.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST22.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST23.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST24.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST25.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST26.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST27.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST28.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST29.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST2A.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST2B.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST2C.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST2D.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST2E.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST2F.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST30.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST31.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST32.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST33.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST34.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST35.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST36.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST37.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST38.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST39.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST3A.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST3B.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST3C.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST3D.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST3E.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST3F.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST40.IDX
[2007/05/15 14:15:54 | 000,000,082 | ---- | M] () -- C:\ST41.IDX
[2007/09/16 19:49:50 | 000,000,062 | ---- | M] () -- C:\ST42.IDX
[2007/05/15 14:15:54 | 000,000,062 | ---- | M] () -- C:\ST43.IDX
[2007/05/15 14:15:54 | 000,000,052 | ---- | M] () -- C:\ST44.IDX
[2007/05/15 14:15:54 | 000,000,052 | ---- | M] () -- C:\ST45.IDX
[2007/05/15 14:15:54 | 000,000,042 | ---- | M] () -- C:\ST46.IDX
[2007/09/16 19:49:50 | 000,000,052 | ---- | M] () -- C:\ST47.IDX
[2007/05/15 14:15:54 | 000,000,062 | ---- | M] () -- C:\ST48.IDX
[2007/09/16 19:49:50 | 000,000,072 | ---- | M] () -- C:\ST49.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST4A.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST4B.IDX
[2007/09/16 19:49:50 | 000,000,082 | ---- | M] () -- C:\ST4C.IDX
[2007/05/15 12:49:24 | 000,000,042 | ---- | M] () -- C:\ST4D.IDX
[2007/09/16 19:49:50 | 000,000,042 | ---- | M] () -- C:\ST4E.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST4F.IDX
[2007/05/15 14:15:54 | 000,000,072 | ---- | M] () -- C:\ST50.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST51.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST52.IDX
[2007/05/15 14:15:54 | 000,000,052 | ---- | M] () -- C:\ST53.IDX
[2007/05/15 14:15:54 | 000,000,082 | ---- | M] () -- C:\ST54.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST55.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST56.IDX
[2007/05/15 14:15:54 | 000,000,042 | ---- | M] () -- C:\ST57.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST58.IDX
[2007/05/15 14:15:54 | 000,000,052 | ---- | M] () -- C:\ST59.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST5A.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST5B.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST5C.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST5D.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST5E.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST5F.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST60.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST61.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST62.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST63.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST64.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST65.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST66.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST67.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST68.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST69.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST6A.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST6B.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST6C.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST6D.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST6E.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST6F.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST70.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST71.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST72.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST73.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST74.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST75.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST76.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST77.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST78.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST79.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST7A.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST7B.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST7C.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST7D.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST7E.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST7F.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST80.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST81.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST82.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST83.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST84.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST85.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST86.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST87.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST88.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST89.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST8A.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST8B.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST8C.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST8D.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST8E.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST8F.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST90.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST91.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST92.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST93.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST94.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST95.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST96.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST97.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST98.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST99.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST9A.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST9B.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST9C.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST9D.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST9E.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\ST9F.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\STA0.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\STA1.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\STA2.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\STA3.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\STA4.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\STA5.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\STA6.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\STA7.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\STA8.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\STA9.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\STAA.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\STAB.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\STAC.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\STAD.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\STAE.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\STAF.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\STB0.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\STB1.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\STB2.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\STB3.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\STB4.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\STB5.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\STB6.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\STB7.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\STB8.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\STB9.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\STBA.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\STBB.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\STBC.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\STBD.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\STBE.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\STBF.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\STC0.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\STC1.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\STC2.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\STC3.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\STC4.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\STC5.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\STC6.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\STC7.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\STC8.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\STC9.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\STCA.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\STCB.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\STCC.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\STCD.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\STCE.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\STCF.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\STD0.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\STD1.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\STD2.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\STD3.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\STD4.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\STD5.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\STD6.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\STD7.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\STD8.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\STD9.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\STDA.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\STDB.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\STDC.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\STDD.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\STDE.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\STDF.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\STE0.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\STE1.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\STE2.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\STE3.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\STE4.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\STE5.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\STE6.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\STE7.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\STE8.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\STE9.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\STEA.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\STEB.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\STEC.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\STED.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\STEE.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\STEF.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\STF0.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\STF1.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\STF2.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\STF3.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\STF4.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\STF5.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\STF6.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\STF7.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\STF8.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\STF9.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\STFA.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\STFB.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\STFC.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\STFD.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\STFE.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\STFF.IDX
[2007/05/15 12:49:19 | 000,000,032 | ---- | M] () -- C:\STUC.IDX
[2007/09/16 19:49:50 | 000,002,056 | ---- | M] () -- C:\TDBIDXL.DAT
[2007/08/21 18:37:59 | 000,040,960 | ---- | M] () -- C:\technical resume.doc
[2010/06/26 00:33:29 | 000,073,247 | ---- | M] () -- C:\VETlog.dmp
[2010/06/26 00:33:29 | 008,872,791 | ---- | M] () -- C:\VETlog.txt
[2009/05/22 16:38:46 | 018,734,784 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WDM_A406.exe
[2005/10/14 22:58:28 | 000,001,185 | ---- | M] () -- C:\_Sid.txt

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2005/03/23 06:02:03 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/03/23 06:02:03 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/03/23 06:02:03 | 000,851,968 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/04/16 08:33:36 | 000,041,472 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Owner\Desktop\999ie8props.propdesc:SummaryInformation
< End of report >





GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-06 23:33:13
Windows 5.1.2600 Service Pack 3
Running: kot41f5b.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\pxtdypob.sys


---- Kernel code sections - GMER 1.0.15 ----

.rsrc C:\WINDOWS\system32\drivers\symc810.sys entry point in ".rsrc" section [0xBA4C79B4]
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB8F79000, 0x1894F8, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[928] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0092000A
.text C:\WINDOWS\System32\svchost.exe[928] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0093000A
.text C:\WINDOWS\System32\svchost.exe[928] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0091000C
.text C:\WINDOWS\System32\svchost.exe[928] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 01D6000A
.text C:\WINDOWS\System32\svchost.exe[928] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00EA000A
.text C:\WINDOWS\system32\wuauclt.exe[1720] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0092000A
.text C:\WINDOWS\system32\wuauclt.exe[1720] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0093000A
.text C:\WINDOWS\system32\wuauclt.exe[1720] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0091000C
.text C:\WINDOWS\system32\SearchIndexer.exe[1844] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\WINDOWS\Explorer.EXE[2928] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B7000A
.text C:\WINDOWS\Explorer.EXE[2928] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00BD000A
.text C:\WINDOWS\Explorer.EXE[2928] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B6000C

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1408] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1408] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1408] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1408] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1408] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1408] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1408] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1408] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1408] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1408] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1408] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1408] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1408] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1408] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1408] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1408] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9DEB] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1408] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1408] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1408] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1408] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1408] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1408] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1408] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1408] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1408] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1408] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1408] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9DEB] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1408] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1408] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1408] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1408] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1408] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1408] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1408] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1408] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1408] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1408] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1408] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1408] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1408] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1408] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1408] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1408] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1408] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1408] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9DEB] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1408] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1408] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1408] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1408] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1408] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9DEB] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1408] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1408] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1129654905\ee\AOLSoftware.exe[3208] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1129654905\ee\AOLSoftware.exe[3208] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1129654905\ee\AOLSoftware.exe[3208] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1129654905\ee\AOLSoftware.exe[3208] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1129654905\ee\AOLSoftware.exe[3208] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1129654905\ee\AOLSoftware.exe[3208] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1129654905\ee\AOLSoftware.exe[3208] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1129654905\ee\AOLSoftware.exe[3208] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1129654905\ee\AOLSoftware.exe[3208] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1129654905\ee\AOLSoftware.exe[3208] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1129654905\ee\AOLSoftware.exe[3208] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1129654905\ee\AOLSoftware.exe[3208] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1129654905\ee\AOLSoftware.exe[3208] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1129654905\ee\AOLSoftware.exe[3208] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1129654905\ee\AOLSoftware.exe[3208] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1129654905\ee\AOLSoftware.exe[3208] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9DEB] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1129654905\ee\AOLSoftware.exe[3208] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1129654905\ee\AOLSoftware.exe[3208] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1129654905\ee\AOLSoftware.exe[3208] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1129654905\ee\AOLSoftware.exe[3208] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1129654905\ee\AOLSoftware.exe[3208] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1129654905\ee\AOLSoftware.exe[3208] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1129654905\ee\AOLSoftware.exe[3208] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1129654905\ee\AOLSoftware.exe[3208] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1129654905\ee\AOLSoftware.exe[3208] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1129654905\ee\AOLSoftware.exe[3208] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1129654905\ee\AOLSoftware.exe[3208] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9DEB] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1129654905\ee\AOLSoftware.exe[3208] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1129654905\ee\AOLSoftware.exe[3208] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1129654905\ee\AOLSoftware.exe[3208] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1129654905\ee\AOLSoftware.exe[3208] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1129654905\ee\AOLSoftware.exe[3208] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1129654905\ee\AOLSoftware.exe[3208] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1129654905\ee\AOLSoftware.exe[3208] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1129654905\ee\AOLSoftware.exe[3208] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1129654905\ee\AOLSoftware.exe[3208] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1129654905\ee\AOLSoftware.exe[3208] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1129654905\ee\AOLSoftware.exe[3208] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1129654905\ee\AOLSoftware.exe[3208] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9DEB] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1129654905\ee\AOLSoftware.exe[3208] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1129654905\ee\AOLSoftware.exe[3208] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1129654905\ee\AOLSoftware.exe[3208] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device -> \Driver\atapi \Device\Harddisk0\DR0 8AA57EC5

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 60: copy of MBR

---- Files - GMER 1.0.15 ----

File C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP2234 0 bytes
File C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP2234\RestorePointSize 8 bytes
File C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP2234\rp.log 536 bytes
File C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP2234\snapshot 0 bytes
File C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP2234\snapshot\ComDb.Dat 23584 bytes
File C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP2234\snapshot\domain.txt 36 bytes
File C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP2234\snapshot\Repository 0 bytes
File C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP2234\snapshot\Repository\$WinMgmt.CFG 20 bytes
File C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP2234\snapshot\Repository\FS 0 bytes
File C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP2234\snapshot\Repository\FS\INDEX.BTR 1236992 bytes
File C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP2234\snapshot\Repository\FS\INDEX.MAP 640 bytes
File C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP2234\snapshot\Repository\FS\MAPPING.VER 4 bytes
File C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP2234\snapshot\Repository\FS\MAPPING1.MAP 3860 bytes
File C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP2234\snapshot\Repository\FS\MAPPING2.MAP 3860 bytes
File C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP2234\snapshot\Repository\FS\OBJECTS.DATA 6512640 bytes
File C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP2234\snapshot\Repository\FS\OBJECTS.MAP 3220 bytes
File C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP2234\snapshot\_REGISTRY_MACHINE_SAM 24576 bytes
File C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP2234\snapshot\_REGISTRY_MACHINE_SECURITY 98304 bytes
File C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP2234\snapshot\_REGISTRY_MACHINE_SOFTWARE 47050752 bytes
File C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP2234\snapshot\_REGISTRY_MACHINE_SYSTEM 11374592 bytes
File C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP2234\snapshot\_REGISTRY_USER_.DEFAULT 397312 bytes
File C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP2234\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18 262144 bytes
File C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP2234\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19 233472 bytes
File C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP2234\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20 233472 bytes
File C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP2234\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-3144926750-4260176636-2200884193-1003 10752000 bytes
File C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP2234\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-18 262144 bytes
File C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP2234\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19 8192 bytes
File C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP2234\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20 8192 bytes
File C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP2234\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-3144926750-4260176636-2200884193-1003 282624 bytes
File C:\WINDOWS\system32\drivers\symc810.sys suspicious modification
File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----




OTL Extras logfile created on: 7/6/2010 11:35:45 PM - Run 1
OTL by OldTimer - Version 3.2.7.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 67.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 576 1152 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.23 Gb Total Space | 12.06 Gb Free Space | 16.94% Space Free | Partition Type: NTFS
Drive D: | 3.30 Gb Total Space | 1.13 Gb Free Space | 34.17% Space Free | Partition Type: FAT32
Drive E: | 298.09 Gb Total Space | 183.16 Gb Free Space | 61.45% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive M: | 3.84 Gb Total Space | 3.83 Gb Free Space | 99.86% Space Free | Partition Type: FAT32

Computer Name: SPD4U
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3703:TCP" = 3703:TCP:*:Enabled:Adobe Version Cue CS3 Server
"3704:TCP" = 3704:TCP:*:Enabled:Adobe Version Cue CS3 Server
"50900:TCP" = 50900:TCP:*:Enabled:Adobe Version Cue CS3 Server
"50901:TCP" = 50901:TCP:*:Enabled:Adobe Version Cue CS3 Server
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- (America Online, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\BitTornado\btdownloadgui.exe" = C:\Program Files\BitTornado\btdownloadgui.exe:*:Enabled:btdownloadgui -- ()
"C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe" = C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"C:\Program Files\Common Files\AOL\1129654905\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1129654905\ee\aolsoftware.exe:*:Enabled:AOL Shared Components -- (AOL LLC)
"C:\Program Files\Electric Quilt Company\EQ6\EQ6.exe" = C:\Program Files\Electric Quilt Company\EQ6\EQ6.exe:*:Enabled:EQ6 -- File not found
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\AOL 9.1\waol.exe" = C:\Program Files\AOL 9.1\waol.exe:*:Enabled:AOL -- (AOL, LLC.)
"C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe" = C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed -- (AOL LLC)
"C:\Program Files\Common Files\AOL\1129654905\ee\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1129654905\ee\AOLServiceHost.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL System Information -- (AOL LLC)
"C:\Program Files\TurboTax\Home & Business 2007\32bit\ttax.exe" = C:\Program Files\TurboTax\Home & Business 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Home & Business 2007\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Home & Business 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" = C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server -- File not found
"C:\Program Files\AOL 9.5\waol.exe" = C:\Program Files\AOL 9.5\waol.exe:*:Enabled:AOL -- (AOL, LLC.)
"C:\Program Files\Windows Home Server\Discovery.exe" = C:\Program Files\Windows Home Server\Discovery.exe:*:Enabled:Windows Home Server Connector -- (Microsoft Corporation)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00116AA6-4B2B-F8ED-09BE-2F31C8A3133A}" = CCC Help English
"{03EA3D6E-D92B-11D0-892B-00A0C91827B3}" = eSignal
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0BEE9908-C572-C898-29AB-599316AACF13}" = CCC Help French
"{0CF203DD-6CB7-5BC0-59A7-41EB9F1A1856}" = Catalyst Control Center Graphics Full Existing
"{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{13AD768A-9E04-499D-AE80-967A65DCCBA5}" = ebgcSDK
"{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy
"{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite eMachines
"{17293791-C82E-476C-9997-9A0FF234A19B}" = HP Product Assistant
"{181821B7-82AA-44DA-9DAF-EF254CCB670A}" = Fax
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare
"{1B680FBA-E317-4E93-AF43-3B59798A4BE0}" = Copy
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp
"{21E49794-7C13-4E84-8659-55BD378267D5}" = Windows Home Server Connector
"{272EC8BA-5A08-4ea1-A189-684466A06B02}" = cp_dwShrek2Albums1
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{2E7595EC-4FB1-4E29-93D4-9083C8A9B107}" = TurboTax ItsDeductible 2005
"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
"{302E6499-5A2F-4CFA-BB5F-6F31707C7AEE}" = PayPal Payment Request Wizard (for Outlook)
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36495C59-089C-49D1-BD15-9E5BD86DC9A1}" = ItsDeductible Express
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{3712BB20-EAA2-012B-AD56-000000000000}" = TurboTax 2009 wfliper
"{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}" = CueTour
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{391E18CE-7D3B-45E9-A8F0-34E77F14F47A}" = ProductContext
"{39940ED0-EAA2-012B-ADF1-000000000000}" = TurboTax 2009 wmdiper
"{39B1BD87-561E-4762-AED9-7C5213B06C24}" = ebgcInfra
"{3BE5A38D-AFC7-E22F-0212-E828A0EC082F}" = CCC Help Spanish
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{413CEBC4-ABA1-4AC4-ADFB-69FA195F09AB}" = 7300_Help
"{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme
"{499AC598-A762-B906-46A4-6186E524C5A8}" = Catalyst Control Center Graphics Light
"{52D9F8A1-CA3E-74CF-B389-8DA323176C39}" = Catalyst Control Center Localization French
"{5380B111-5047-413D-A6E5-70D69391D08E}" = ebgcRes
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{575BB7B4-181E-900F-2350-038909750C84}" = ccc-core-preinstall
"{595ED82D-446E-4C0B-B327-216AE31E9471}" = TurboTax 2008 wmdiper
"{5DA6F06A-B389-407B-BF8C-1548767914D8}" = ATI Problem Report Wizard
"{5E8D588F-307C-4250-B622-26969027319A}" = PanoStandAlone
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{6087F45E-358C-4173-8CB1-DE0AE26FFAE1}" = Catalyst Control Center - Branding
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects
"{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery
"{64FC0C98-B035-4530-B15D-3D30610B6DF1}" = HP Software Update
"{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68963635-14A4-48D9-B431-DF3A74D1AAE1}" = Destinations
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic
"{700A6597-3CE6-49C1-AA75-846B24CDA66D}" = BufferChm
"{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}" = cp_dwShrek2Cards1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}" = overland
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{78A95259-8ED6-51A0-9588-10EBBEB76382}" = Catalyst Control Center Core Implementation
"{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries
"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
"{7B70002F-99EB-4474-B5D4-4EE836732C2B}" = EduTrader
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1
"{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8BC3B99B-A6BE-4A0B-8535-B1B94BA4B1B1}" = DocProc
"{8CE75486-43C4-4E62-B184-E9CC6D653D3A}" = StroboSoft
"{8E404E69-8FB4-712B-1671-DA41DC207F2A}" = Catalyst Control Center Localization German
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{94824ADD-8F26-43D2-84DB-22E11F377E5E}" = Microsoft English TTS Engine
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9712BAB1-A117-49C4-4A42-1E777375FC92}" = Catalyst Control Center Graphics Previews Common
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}" = QuickProjects
"{9D18F7F8-B984-4249-8512-CC621BC59F12}" = Microsoft Location Finder
"{9D78F390-CEB0-D675-A4FE-110EEFA0542D}" = Catalyst Control Center Graphics Full New
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}" = PrintScreen
"{9EF5B77F-703E-4953-9DA9-186E28A62568}" = 7300Trb
"{A26EA334-7F6C-0BAE-6BC9-2F2E2DB6C34C}" = Catalyst Control Center Localization Spanish
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5B9D22C-755A-4AC6-9904-875E80838BB6}" = CP_AtenaShokunin1Config
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A6DBF17D-915F-42FA-BEE4-240C4C2AAE1A}" = StroboSoft VST sLINK
"{A7DEBAA4-B211-4D1A-A6B3-E52BFAAA1D0C}" = Garmin Communicator Plugin
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{ADBFF96D-EE54-46EA-A835-899955CDCFD8}" = 7300
"{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}" = TurboTax ItsDeductible 2006
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B1864C9A-EB83-2F77-6A08-889190944BE3}" = ccc-utility
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B41023CD-05AC-728C-1CB9-D67F06185FD0}" = Skins
"{B4FC29C3-21CA-4D9C-375D-4F4D977C9910}" = CCC Help Chinese Standard
"{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director
"{BD29EBAC-AD7D-4b27-B727-4CC6AC52D36B}" = MarketResearch
"{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}" = Windows Rights Management Client with Service Pack 2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4A978A3-CAE4-4856-89D5-696498A7B8F7}" = HPODiscovery
"{C82185E8-C27B-4EF4-2008-4444BC2C2B6D}" = Microsoft Streets & Trips 2008
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg
"{CE0C8CC5-E396-442B-A50E-D1D374A9E820}" = DocumentViewer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF3E63F8-9D7D-EE52-A43E-4A619C7D5BF1}" = CCC Help German
"{DAA83A60-587F-8A36-D805-5E40AF88BC2E}" = ccc-core-static
"{E590FD1C-E8C6-4D2E-8CA9-77B403F7EE01}" = Microsoft Antimalware
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{E8F5BF90-EA70-CA31-FD76-A8BFB4573B03}" = Catalyst Control Center Localization Chinese Standard
"{EB7A2041-6A16-4BAC-8079-43B985673C2C}" = Avery Wizard 3.1
"{EB9A4856-C28A-4BC2-9373-975A33BB9CD4}" = Live Search Maps Add-In for Microsoft Office Outlook
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"{FEA0CE81-7FC7-AAAE-FC8C-241A5F8684F0}" = Supercast
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"All ATI Software" = ATI - Software Uninstall Utility
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"ATI Display Driver" = ATI Display Driver
"Audit Support Center" = Audit Support Center 1.0
"BigFix" = BigFix
"BitTornado" = BitTornado 0.3.7
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1" = SoftV92 Data Fax Modem with SmartCP
"com.directv.supercast.AA1ECC8BBAFE4E1BBF2D418DC006AF207FACE6CA.1" = Supercast
"Easy Duplicate Finder_is1" = Easy Duplicate Finder v. 2.4.1
"HP Photo & Imaging" = HP Image Zone 4.7
"HPExtendedCapabilities" = HP Extended Capabilities 4.7
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0
"InstallShield_{EB7A2041-6A16-4BAC-8079-43B985673C2C}" = Avery Wizard 3.1
"InstallShield_{F5F75BE6-C2D9-40C3-8807-1026D9BE9944}" = Maxtor Manager
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Essentials" = Microsoft Security Essentials
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero OEM
"Nero BurnRights!UninstallKey" = Nero BurnRights
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PC Pitstop Optimize2_is1" = PC Pitstop Optimize2 2.0
"PC Wizard 2010_is1" = PC Wizard 2010.1.94
"PROPLUS" = Microsoft Office Professional Plus 2007
"TurboTax 2008" = TurboTax 2008
"TurboTax 2009" = TurboTax 2009
"TurboTax Deluxe Deduction Maximizer 2006" = TurboTax Deluxe Deduction Maximizer 2006
"TurboTax Home & Business 2007" = TurboTax Home & Business 2007
"TurboTax Premier 2004" = TurboTax Premier 2004
"TurboTax Premier 2005" = TurboTax Premier 2005
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows Mobile Device Handbook" = Mogul User Guide
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Adobe Acrobat Connect Add-in" = Adobe Acrobat Connect Add-in
"GoToMeeting" = GoToMeeting 4.1.0.366

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/28/2010 11:53:22 AM | Computer Name = SPD4U | Source = Symantec AntiVirus | ID = 16711685
Description =

Error - 6/28/2010 11:53:57 AM | Computer Name = SPD4U | Source = Symantec AntiVirus | ID = 16711731
Description =

Error - 6/28/2010 1:52:27 PM | Computer Name = SPD4U | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80072efe, P2 endsearch, P3 search, P4 2.1.6519.0,
P5 mpsigdwn.dll, P6 2.1.6519.0, P7 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P8 NIL, P9 NIL, P10 NIL.

Error - 6/28/2010 1:52:47 PM | Computer Name = SPD4U | Source = MSSecurityEssentials | ID = 5000
Description =

Error - 6/28/2010 2:01:25 PM | Computer Name = SPD4U | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80072efe, P2 endsearch, P3 search, P4 2.1.6519.0,
P5 mpsigdwn.dll, P6 2.1.6519.0, P7 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P8 NIL, P9 NIL, P10 NIL.

Error - 6/28/2010 2:02:04 PM | Computer Name = SPD4U | Source = MSSecurityEssentials | ID = 5000
Description =

Error - 6/28/2010 2:21:13 PM | Computer Name = SPD4U | Source = Application Hang | ID = 1002
Description = Hanging application msseces.exe, version 1.0.1961.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 6/28/2010 6:21:48 PM | Computer Name = SPD4U | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module Flash10e.ocx, version 10.0.45.2, fault address 0x000e6e00.

Error - 7/6/2010 5:23:31 PM | Computer Name = SPD4U | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 2.1.6519.0,
P5 mpsigdwn.dll, P6 2.1.6519.0, P7 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P8 NIL, P9 NIL, P10 NIL.

Error - 7/6/2010 5:23:32 PM | Computer Name = SPD4U | Source = MSSecurityEssentials | ID = 5000
Description =

[ OSession Events ]
Error - 3/23/2010 8:32:02 PM | Computer Name = SPD4U | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3331
seconds with 1320 seconds of active time. This session ended with a crash.

Error - 4/13/2010 2:48:50 PM | Computer Name = SPD4U | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1654
seconds with 900 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 6/28/2010 1:52:24 PM | Computer Name = SPD4U | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 0.0.0.0 Update Source: %%859 Update Stage: %%852

Source
Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072efe Error description:
The connection with the server was terminated abnormally

Error - 6/28/2010 2:01:04 PM | Computer Name = SPD4U | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.85.967.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.5902.0 Error
code: 0x80072efe Error description: The connection with the server was terminated
abnormally

Error - 6/28/2010 2:09:06 PM | Computer Name = SPD4U | Source = Service Control Manager | ID = 7031
Description = The Microsoft Antimalware Service service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
15000 milliseconds: Restart the service.

Error - 6/28/2010 2:09:20 PM | Computer Name = SPD4U | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Microsoft Antimalware Service
service, but this action failed with the following error: %%1056

Error - 7/6/2010 5:13:36 PM | Computer Name = SPD4U | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 7/6/2010 5:23:31 PM | Computer Name = SPD4U | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.85.967.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.5902.0 Error
code: 0x8024402c Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

Error - 7/6/2010 5:23:32 PM | Computer Name = SPD4U | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.85.967.0 Update Source: %%851 Update Stage:
%%852 Source Path: http://go.microsoft.com/fwlink/?LinkID=121...DE-D861FCBCFCDE

Signature
Type: %%800 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 1.1.5902.0 Error code: 0x80072ee7 Error description: The
server name or address could not be resolved

Error - 7/6/2010 5:23:32 PM | Computer Name = SPD4U | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.85.967.0 Update Source: %%851 Update Stage:
%%852 Source Path: http://go.microsoft.com/fwlink/?LinkID=121...DE-D861FCBCFCDE

Signature
Type: %%801 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 1.1.5902.0 Error code: 0x80072ee7 Error description: The
server name or address could not be resolved

Error - 7/6/2010 5:23:32 PM | Computer Name = SPD4U | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.85.967.0 Update Source: %%851 Update Stage:
%%852 Source Path: http://go.microsoft.com/fwlink/?LinkID=121...DE-D861FCBCFCDE

Signature
Type: %%800 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 1.1.5902.0 Error code: 0x80072ee7 Error description: The
server name or address could not be resolved

Error - 7/6/2010 5:23:32 PM | Computer Name = SPD4U | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.85.967.0 Update Source: %%851 Update Stage:
%%852 Source Path: http://go.microsoft.com/fwlink/?LinkID=121...DE-D861FCBCFCDE

Signature
Type: %%801 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 1.1.5902.0 Error code: 0x80072ee7 Error description: The
server name or address could not be resolved


< End of report >



Here are the reports, over to you on button two!

Thanks,

Kerry



#6 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:04:40 AM

Posted 06 July 2010 - 10:55 PM

Hi there,

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#7 kerry21

kerry21
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:05:40 AM

Posted 06 July 2010 - 11:08 PM

btw- there a few files on the desktop that have a filename starting with "999" --They looked suspicious from my start tab on MSCONFIG and other places, so I added the 999 and moved them to the desktop until I could determine if they are a problem.

#8 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:04:40 AM

Posted 06 July 2010 - 11:11 PM

Yep I see a few of them, we'll get rid of those soon. smile.gif

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#9 kerry21

kerry21
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:05:40 AM

Posted 07 July 2010 - 12:05 AM

ComboFix 10-07-06.02 - Owner 07/07/2010 0:43.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1528 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Outdated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\g2mdlhlpx.exe
c:\documents and settings\Owner\wildblue jobs as of 29jan06 .xls
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\F834AH3F.ocx
c:\windows\xpsp1hfm.log
D:\Autorun.inf
E:\nc.exe

Infected copy of c:\windows\system32\drivers\symc810.sys was found and disinfected
Restored copy from - Kitty had a snack tongue.gif
.
((((((((((((((((((((((((( Files Created from 2010-06-07 to 2010-07-07 )))))))))))))))))))))))))))))))
.

2010-06-28 17:49 . 2010-06-28 17:50 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-06-28 17:43 . 2010-06-28 17:43 -------- d-----w- c:\program files\CONEXANT
2010-06-28 08:28 . 2010-06-28 08:35 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-06-28 01:59 . 2010-06-28 01:59 -------- d-----w- C:\found.000
2010-06-27 21:27 . 2010-06-27 21:27 -------- d-----w- c:\program files\Windows Live Safety Center
2010-06-26 05:03 . 2010-06-26 05:03 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\{2B9BB56B-58B1-47A8-A1AB-B2D7792DA041}
2010-06-26 04:29 . 2010-06-26 04:29 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\{2DA3EB77-3D62-4EFB-866C-E379AF4A30C6}
2010-06-26 04:18 . 2010-06-26 04:18 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\epbwkhjxb
2010-06-25 16:27 . 2010-06-26 04:09 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\{9FC63E82-C094-4A57-B9E9-A945363B68BC}
2010-06-25 16:07 . 2010-06-25 16:07 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2010-06-25 16:02 . 2010-06-26 04:09 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\{2279CE87-D2E8-4F4F-9357-42B7704E95E9}
2010-06-25 15:23 . 2010-06-26 04:15 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\{0980F340-25F7-4D30-BCBB-6A0B56E63F3E}
2010-06-25 14:24 . 2010-06-25 14:24 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2010-06-25 14:24 . 2010-06-25 14:24 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer
2010-06-25 12:27 . 2010-06-27 12:47 0 ----a-w- c:\windows\Onucimo.bin
2010-06-25 12:27 . 2010-06-27 12:47 120 ----a-w- c:\windows\Mdozu.dat
2010-06-25 12:27 . 2010-06-26 04:15 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\{DB230872-3C4A-442E-889A-5CF0102E4402}
2010-06-10 20:04 . 2010-06-10 20:04 -------- d-----w- C:\Windows Home Server Drivers for Restore
2010-06-10 04:32 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-07 19:05 . 2010-06-07 19:05 -------- d-----w- c:\program files\CPUID

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-28 17:38 . 2007-10-12 08:23 -------- d-----w- c:\program files\Yahoo!
2010-06-28 17:31 . 2009-04-15 13:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-06-28 17:30 . 2009-04-15 13:29 -------- d-----w- c:\documents and settings\Owner\Application Data\Yahoo!
2010-06-28 17:29 . 2005-05-09 18:17 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-06-28 17:29 . 2006-02-26 00:29 -------- d-----w- c:\program files\Symantec
2010-06-28 17:29 . 2006-02-26 00:29 -------- d-----w- c:\program files\Symantec AntiVirus
2010-06-28 17:29 . 2005-05-09 18:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-06-28 16:50 . 2005-05-09 18:32 -------- d-----w- c:\program files\Pure Networks
2010-06-28 16:44 . 2005-05-09 18:30 -------- d-----w- c:\program files\Real
2010-06-28 16:44 . 2005-05-09 18:30 -------- d-----w- c:\program files\Common Files\Real
2010-06-28 16:40 . 2005-05-09 18:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-28 16:28 . 2005-05-09 18:29 -------- d-----w- c:\program files\Common Files\aolshare
2010-06-28 16:28 . 2005-05-09 18:29 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2010-06-26 04:50 . 2005-03-23 18:20 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-25 22:03 . 2009-05-13 15:23 -------- d-----w- c:\documents and settings\All Users\Application Data\PCPitstop
2010-06-10 20:59 . 2006-01-01 00:22 -------- d-----w- c:\program files\The Weather Channel FW
2010-06-10 20:58 . 2009-12-09 23:54 -------- d-----w- c:\documents and settings\Owner\Application Data\Amazon
2010-06-10 20:54 . 2008-03-05 21:36 -------- d-----w- c:\program files\Maxtor
2010-06-10 07:24 . 2009-08-18 02:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-05-29 14:53 . 2010-05-29 14:53 -------- d-----w- c:\program files\Windows Media Connect 2
2010-05-21 18:14 . 2009-10-03 03:58 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-20 20:32 . 2010-05-07 01:15 68577 ----a-w- c:\windows\hpoins05.dat
2010-05-07 00:31 . 2010-05-07 00:31 102400 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{787D1A33-A97B-4245-87C0-7174609A540C}\NewShortcut1_47F36D92E58E456DB73C3382737E4C42.exe
2010-05-06 10:41 . 2005-03-23 16:53 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-06 02:21 . 2010-05-06 02:21 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-05-02 05:22 . 2005-03-23 16:53 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2005-03-23 16:52 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-16 12:33 . 2009-11-21 20:13 3003680 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-04-16 12:33 . 2008-04-15 20:23 41472 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-04-08 17:20 . 2010-04-08 17:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 17:20 . 2010-04-08 17:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2008-10-01 00:51 . 2008-10-01 00:51 466944 ----a-w- c:\program files\StroboSoft VST sLINK.dll
2007-07-20 23:21 . 2007-07-20 23:22 774144 ----a-w- c:\program files\RngInterstitial.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Location Finder"="c:\program files\Microsoft Location Finder\LocationFinder.exe" [2005-08-24 101080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HostManager"="c:\program files\Common Files\AOL\1129654905\ee\AOLSoftware.exe" [2009-07-20 41264]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]
Windows Home Server.lnk - c:\windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe [2009-12-27 604008]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=c:\windows\pss\BigFix.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2005-03-18 04:05 339968 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-05-22 02:27 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 18:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2002-09-14 06:42 212992 ----a-w- c:\windows\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-03 03:24 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PrismXL"=2 (0x2)
"ose"=3 (0x3)
"MDM"=2 (0x2)
"IDriverT"=3 (0x3)
"Ati HotKey Poller"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitTornado\\btdownloadgui.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\1129654905\\ee\\aolsoftware.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\1129654905\\ee\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\AOL 9.5\\waol.exe"=
"c:\\Program Files\\Windows Home Server\\Discovery.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R2 WHSConnector;Windows Home Server Connector Service;c:\program files\Windows Home Server\WHSConnector.exe [10/7/2009 2:48 PM 376680]
S3 BackupReader;BackupReader;c:\windows\system32\drivers\BackupReader.sys [7/12/2008 3:42 PM 46368]
.
Contents of the 'Scheduled Tasks' folder

2010-06-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-07-07 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-09 22:02]

2010-07-07 c:\windows\Tasks\User_Feed_Synchronization-{AA0A052A-579A-4BA7-A05D-3EBF92A65430}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:5577
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
HKCU-Run-Jvefanitesuzupi - c:\windows\kbdhpup.dll
HKLM-Run-Adobe_ID0EYTHM - c:\progra~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
Notify-NavLogon - (no file)
MSConfigStartUp-Jvefanitesuzupi - c:\windows\kbdhpup.dll
MSConfigStartUp-Pure Networks Port Magic - c:\progra~1\PURENE~1\PORTMA~1\PortAOL.exe
MSConfigStartUp-Search Protection - c:\program files\Yahoo!\Search Protection\SearchProtection.exe
MSConfigStartUp-SoundMan - SOUNDMAN.EXE
MSConfigStartUp-SunKistEM - c:\program files\Digital Media Reader\shwiconem.exe
MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe
MSConfigStartUp-YSearchProtection - c:\program files\Yahoo!\Search Protection\SearchProtection.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-07 00:53
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(516)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-07-07 00:55:28
ComboFix-quarantined-files.txt 2010-07-07 04:55

Pre-Run: 12,803,764,224 bytes free
Post-Run: 14,656,249,856 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 0CD6EA9F0935BAF5D418DB743F44D8A0


here is the file. I have been downloading the tools to my laptop, as per instructions, and then jump driving them to my sick desktop. I did this so I could secure the internet connection while I have a virus. This is why I don''t have the exact file names requested.

Thanks,

Kerry


#10 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:04:40 AM

Posted 07 July 2010 - 03:08 PM

Hi there,

Close any open browsers, and close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Open notepad and copy/paste the text in the codebox below into it:

CODE
File::
c:\documents and settings\Owner\Local Settings\Application Data\epbwkhjxb
c:\windows\Onucimo.bin
c:\windows\Mdozu.dat
  • Save this as CFScript.txt, in the same location as ComboFix.exe


Refering to the picture above, drag CFScript into ComboFix.exe.

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#11 kerry21

kerry21
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:05:40 AM

Posted 07 July 2010 - 05:28 PM

ComboFix 10-07-06.02 - Owner 07/07/2010 16:51:51.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1526 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: Microsoft Security Essentials *On-access scanning disabled* (Outdated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

FILE ::
"c:\documents and settings\Owner\Local Settings\Application Data\epbwkhjxb"
"c:\windows\Mdozu.dat"
"c:\windows\Onucimo.bin"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\maxtor one touch backup\Bin\_desktop.ini
c:\maxtor one touch backup\Bin\ISSetupPrerequisites\_desktop.ini
c:\maxtor one touch backup\Bin\ISSetupPrerequisites\{726F97A8-63B9-4A58-ACFB-B8A56B383740}\_desktop.ini
c:\maxtor one touch backup\drivers\_desktop.ini
c:\maxtor one touch backup\drivers\1394\_desktop.ini
c:\maxtor one touch backup\drivers\security\_desktop.ini
c:\maxtor one touch backup\drivers\USB\_desktop.ini
c:\maxtor one touch backup\EULA\_desktop.ini
c:\maxtor one touch backup\guides\_desktop.ini
c:\maxtor one touch backup\guides\English\_desktop.ini
c:\maxtor one touch backup\guides\License\_desktop.ini
c:\maxtor one touch backup\Mac OneTouch 4 Mini.app\_desktop.ini
c:\maxtor one touch backup\Mac OneTouch 4 Mini.app\Contents\_desktop.ini
c:\maxtor one touch backup\Mac OneTouch 4 Mini.app\Contents\FormatDisk.app\_desktop.ini
c:\maxtor one touch backup\Mac OneTouch 4 Mini.app\Contents\FormatDisk.app\Contents\_desktop.ini
c:\maxtor one touch backup\Mac OneTouch 4 Mini.app\Contents\FormatDisk.app\Contents\MacOS\_desktop.ini
c:\maxtor one touch backup\Mac OneTouch 4 Mini.app\Contents\FormatDisk.app\Contents\Resources\_desktop.ini
c:\maxtor one touch backup\Mac OneTouch 4 Mini.app\Contents\FormatDisk.app\Contents\Resources\English.lproj\_desktop.ini
c:\maxtor one touch backup\Mac OneTouch 4 Mini.app\Contents\FormatDisk.app\Contents\Resources\English.lproj\main.nib\_desktop.ini
c:\maxtor one touch backup\Mac OneTouch 4 Mini.app\Contents\MacOS\_desktop.ini
c:\maxtor one touch backup\Mac OneTouch 4 Mini.app\Contents\Resources\_desktop.ini
c:\maxtor one touch backup\Mac OneTouch 4 Mini.app\Contents\Resources\English.lproj\_desktop.ini
c:\maxtor one touch backup\Mac OneTouch 4 Mini.app\Contents\Resources\English.lproj\main.nib\_desktop.ini
c:\windows\Mdozu.dat
c:\windows\Onucimo.bin

.
((((((((((((((((((((((((( Files Created from 2010-06-07 to 2010-07-07 )))))))))))))))))))))))))))))))
.

2010-06-28 17:49 . 2010-06-28 17:50 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-06-28 17:43 . 2010-06-28 17:43 -------- d-----w- c:\program files\CONEXANT
2010-06-28 08:28 . 2010-06-28 08:35 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-06-28 01:59 . 2010-06-28 01:59 -------- d-----w- C:\found.000
2010-06-27 21:27 . 2010-06-27 21:27 -------- d-----w- c:\program files\Windows Live Safety Center
2010-06-26 05:03 . 2010-06-26 05:03 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\{2B9BB56B-58B1-47A8-A1AB-B2D7792DA041}
2010-06-26 04:29 . 2010-06-26 04:29 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\{2DA3EB77-3D62-4EFB-866C-E379AF4A30C6}
2010-06-26 04:18 . 2010-06-26 04:18 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\epbwkhjxb
2010-06-25 16:27 . 2010-06-26 04:09 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\{9FC63E82-C094-4A57-B9E9-A945363B68BC}
2010-06-25 16:07 . 2010-06-25 16:07 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2010-06-25 16:02 . 2010-06-26 04:09 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\{2279CE87-D2E8-4F4F-9357-42B7704E95E9}
2010-06-25 15:23 . 2010-06-26 04:15 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\{0980F340-25F7-4D30-BCBB-6A0B56E63F3E}
2010-06-25 14:24 . 2010-06-25 14:24 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2010-06-25 14:24 . 2010-06-25 14:24 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer
2010-06-25 12:27 . 2010-06-26 04:15 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\{DB230872-3C4A-442E-889A-5CF0102E4402}
2010-06-10 20:04 . 2010-06-10 20:04 -------- d-----w- C:\Windows Home Server Drivers for Restore
2010-06-10 04:32 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-28 17:38 . 2007-10-12 08:23 -------- d-----w- c:\program files\Yahoo!
2010-06-28 17:31 . 2009-04-15 13:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-06-28 17:30 . 2009-04-15 13:29 -------- d-----w- c:\documents and settings\Owner\Application Data\Yahoo!
2010-06-28 17:29 . 2005-05-09 18:17 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-06-28 17:29 . 2006-02-26 00:29 -------- d-----w- c:\program files\Symantec
2010-06-28 17:29 . 2006-02-26 00:29 -------- d-----w- c:\program files\Symantec AntiVirus
2010-06-28 17:29 . 2005-05-09 18:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-06-28 16:50 . 2005-05-09 18:32 -------- d-----w- c:\program files\Pure Networks
2010-06-28 16:44 . 2005-05-09 18:30 -------- d-----w- c:\program files\Real
2010-06-28 16:44 . 2005-05-09 18:30 -------- d-----w- c:\program files\Common Files\Real
2010-06-28 16:40 . 2005-05-09 18:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-28 16:28 . 2005-05-09 18:29 -------- d-----w- c:\program files\Common Files\aolshare
2010-06-28 16:28 . 2005-05-09 18:29 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2010-06-26 04:50 . 2005-03-23 18:20 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-25 22:03 . 2009-05-13 15:23 -------- d-----w- c:\documents and settings\All Users\Application Data\PCPitstop
2010-06-10 20:59 . 2006-01-01 00:22 -------- d-----w- c:\program files\The Weather Channel FW
2010-06-10 20:58 . 2009-12-09 23:54 -------- d-----w- c:\documents and settings\Owner\Application Data\Amazon
2010-06-10 20:54 . 2008-03-05 21:36 -------- d-----w- c:\program files\Maxtor
2010-06-10 07:24 . 2009-08-18 02:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-06-07 19:05 . 2010-06-07 19:05 -------- d-----w- c:\program files\CPUID
2010-05-29 14:53 . 2010-05-29 14:53 -------- d-----w- c:\program files\Windows Media Connect 2
2010-05-21 18:14 . 2009-10-03 03:58 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-20 20:32 . 2010-05-07 01:15 68577 ----a-w- c:\windows\hpoins05.dat
2010-05-07 00:31 . 2010-05-07 00:31 102400 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{787D1A33-A97B-4245-87C0-7174609A540C}\NewShortcut1_47F36D92E58E456DB73C3382737E4C42.exe
2010-05-06 10:41 . 2005-03-23 16:53 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-06 02:21 . 2010-05-06 02:21 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-05-02 05:22 . 2005-03-23 16:53 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2005-03-23 16:52 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-16 12:33 . 2009-11-21 20:13 3003680 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-04-16 12:33 . 2008-04-15 20:23 41472 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2008-10-01 00:51 . 2008-10-01 00:51 466944 ----a-w- c:\program files\StroboSoft VST sLINK.dll
2007-07-20 23:21 . 2007-07-20 23:22 774144 ----a-w- c:\program files\RngInterstitial.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Location Finder"="c:\program files\Microsoft Location Finder\LocationFinder.exe" [2005-08-24 101080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HostManager"="c:\program files\Common Files\AOL\1129654905\ee\AOLSoftware.exe" [2009-07-20 41264]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]
Windows Home Server.lnk - c:\windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe [2009-12-27 604008]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=c:\windows\pss\BigFix.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2005-03-18 04:05 339968 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-05-22 02:27 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 18:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2002-09-14 06:42 212992 ----a-w- c:\windows\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-03 03:24 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PrismXL"=2 (0x2)
"ose"=3 (0x3)
"MDM"=2 (0x2)
"IDriverT"=3 (0x3)
"Ati HotKey Poller"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitTornado\\btdownloadgui.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\1129654905\\ee\\aolsoftware.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\1129654905\\ee\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\AOL 9.5\\waol.exe"=
"c:\\Program Files\\Windows Home Server\\Discovery.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R2 WHSConnector;Windows Home Server Connector Service;c:\program files\Windows Home Server\WHSConnector.exe [10/7/2009 2:48 PM 376680]
S3 BackupReader;BackupReader;c:\windows\system32\drivers\BackupReader.sys [7/12/2008 3:42 PM 46368]
.
Contents of the 'Scheduled Tasks' folder

2010-06-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-07-07 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-09 22:02]

2010-07-07 c:\windows\Tasks\User_Feed_Synchronization-{AA0A052A-579A-4BA7-A05D-3EBF92A65430}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:5577
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-07 17:07
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(512)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-07-07 17:13:31
ComboFix-quarantined-files.txt 2010-07-07 21:13
ComboFix2.txt 2010-07-07 04:55

Pre-Run: 14,682,980,352 bytes free
Post-Run: 14,661,185,536 bytes free

- - End Of File - - B920CA011FE22BEEEF0C05078216B59D

Attached Files



#12 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:04:40 AM

Posted 08 July 2010 - 12:56 AM

Hi there,

Close any open browsers, and close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Open notepad and copy/paste the text in the codebox below into it:

CODE
File::
c:\documents and settings\Owner\Local Settings\Application Data\epbwkhjxb
  • Save this as CFScript.txt, in the same location as ComboFix.exe


Refering to the picture above, drag CFScript into ComboFix.exe.

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#13 kerry21

kerry21
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:05:40 AM

Posted 08 July 2010 - 08:50 AM

ComboFix 10-07-06.02 - Owner 07/08/2010 9:29.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1172 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: M:\CFScript.txt
AV: Microsoft Security Essentials *On-access scanning disabled* (Outdated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

FILE ::
"c:\documents and settings\Owner\Local Settings\Application Data\epbwkhjxb"
.

((((((((((((((((((((((((( Files Created from 2010-06-08 to 2010-07-08 )))))))))))))))))))))))))))))))
.

2010-06-28 17:49 . 2010-06-28 17:50 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-06-28 17:43 . 2010-06-28 17:43 -------- d-----w- c:\program files\CONEXANT
2010-06-28 08:28 . 2010-06-28 08:35 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-06-28 01:59 . 2010-06-28 01:59 -------- d-----w- C:\found.000
2010-06-27 21:27 . 2010-06-27 21:27 -------- d-----w- c:\program files\Windows Live Safety Center
2010-06-26 05:03 . 2010-06-26 05:03 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\{2B9BB56B-58B1-47A8-A1AB-B2D7792DA041}
2010-06-26 04:29 . 2010-06-26 04:29 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\{2DA3EB77-3D62-4EFB-866C-E379AF4A30C6}
2010-06-26 04:18 . 2010-06-26 04:18 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\epbwkhjxb
2010-06-25 16:27 . 2010-06-26 04:09 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\{9FC63E82-C094-4A57-B9E9-A945363B68BC}
2010-06-25 16:07 . 2010-06-25 16:07 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2010-06-25 16:02 . 2010-06-26 04:09 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\{2279CE87-D2E8-4F4F-9357-42B7704E95E9}
2010-06-25 15:23 . 2010-06-26 04:15 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\{0980F340-25F7-4D30-BCBB-6A0B56E63F3E}
2010-06-25 14:24 . 2010-06-25 14:24 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2010-06-25 14:24 . 2010-06-25 14:24 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer
2010-06-25 12:27 . 2010-06-26 04:15 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\{DB230872-3C4A-442E-889A-5CF0102E4402}
2010-06-10 20:04 . 2010-06-10 20:04 -------- d-----w- C:\Windows Home Server Drivers for Restore
2010-06-10 04:32 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-28 17:38 . 2007-10-12 08:23 -------- d-----w- c:\program files\Yahoo!
2010-06-28 17:31 . 2009-04-15 13:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-06-28 17:30 . 2009-04-15 13:29 -------- d-----w- c:\documents and settings\Owner\Application Data\Yahoo!
2010-06-28 17:29 . 2005-05-09 18:17 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-06-28 17:29 . 2006-02-26 00:29 -------- d-----w- c:\program files\Symantec
2010-06-28 17:29 . 2006-02-26 00:29 -------- d-----w- c:\program files\Symantec AntiVirus
2010-06-28 17:29 . 2005-05-09 18:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-06-28 16:50 . 2005-05-09 18:32 -------- d-----w- c:\program files\Pure Networks
2010-06-28 16:44 . 2005-05-09 18:30 -------- d-----w- c:\program files\Real
2010-06-28 16:44 . 2005-05-09 18:30 -------- d-----w- c:\program files\Common Files\Real
2010-06-28 16:40 . 2005-05-09 18:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-28 16:28 . 2005-05-09 18:29 -------- d-----w- c:\program files\Common Files\aolshare
2010-06-28 16:28 . 2005-05-09 18:29 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2010-06-26 04:50 . 2005-03-23 18:20 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-25 22:03 . 2009-05-13 15:23 -------- d-----w- c:\documents and settings\All Users\Application Data\PCPitstop
2010-06-10 20:59 . 2006-01-01 00:22 -------- d-----w- c:\program files\The Weather Channel FW
2010-06-10 20:58 . 2009-12-09 23:54 -------- d-----w- c:\documents and settings\Owner\Application Data\Amazon
2010-06-10 20:54 . 2008-03-05 21:36 -------- d-----w- c:\program files\Maxtor
2010-06-10 07:24 . 2009-08-18 02:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-06-07 19:05 . 2010-06-07 19:05 -------- d-----w- c:\program files\CPUID
2010-05-29 14:53 . 2010-05-29 14:53 -------- d-----w- c:\program files\Windows Media Connect 2
2010-05-21 18:14 . 2009-10-03 03:58 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-20 20:32 . 2010-05-07 01:15 68577 ----a-w- c:\windows\hpoins05.dat
2010-05-07 00:31 . 2010-05-07 00:31 102400 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{787D1A33-A97B-4245-87C0-7174609A540C}\NewShortcut1_47F36D92E58E456DB73C3382737E4C42.exe
2010-05-06 10:41 . 2005-03-23 16:53 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-06 02:21 . 2010-05-06 02:21 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-05-02 05:22 . 2005-03-23 16:53 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2005-03-23 16:52 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-16 12:33 . 2009-11-21 20:13 3003680 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-04-16 12:33 . 2008-04-15 20:23 41472 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2008-10-01 00:51 . 2008-10-01 00:51 466944 ----a-w- c:\program files\StroboSoft VST sLINK.dll
2007-07-20 23:21 . 2007-07-20 23:22 774144 ----a-w- c:\program files\RngInterstitial.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Location Finder"="c:\program files\Microsoft Location Finder\LocationFinder.exe" [2005-08-24 101080]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HostManager"="c:\program files\Common Files\AOL\1129654905\ee\AOLSoftware.exe" [2009-07-20 41264]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]
Windows Home Server.lnk - c:\windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe [2009-12-27 604008]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=c:\windows\pss\BigFix.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2005-03-18 04:05 339968 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-05-22 02:27 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 18:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2002-09-14 06:42 212992 ----a-w- c:\windows\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-03 03:24 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PrismXL"=2 (0x2)
"ose"=3 (0x3)
"MDM"=2 (0x2)
"IDriverT"=3 (0x3)
"Ati HotKey Poller"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitTornado\\btdownloadgui.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\1129654905\\ee\\aolsoftware.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\1129654905\\ee\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\AOL 9.5\\waol.exe"=
"c:\\Program Files\\Windows Home Server\\Discovery.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R2 WHSConnector;Windows Home Server Connector Service;c:\program files\Windows Home Server\WHSConnector.exe [10/7/2009 2:48 PM 376680]
S3 BackupReader;BackupReader;c:\windows\system32\drivers\BackupReader.sys [7/12/2008 3:42 PM 46368]
.
Contents of the 'Scheduled Tasks' folder

2010-06-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-07-07 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-09 22:02]

2010-07-08 c:\windows\Tasks\User_Feed_Synchronization-{AA0A052A-579A-4BA7-A05D-3EBF92A65430}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:5577
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-08 09:38
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(512)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(35688)
c:\windows\system32\WININET.dll
c:\program files\Windows Media Player\wmpband.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-07-08 09:40:26
ComboFix-quarantined-files.txt 2010-07-08 13:40
ComboFix2.txt 2010-07-07 21:13
ComboFix3.txt 2010-07-07 04:55

Pre-Run: 14,678,851,584 bytes free
Post-Run: 14,660,087,808 bytes free

- - End Of File - - E3EE5D79812E65DB5D7C95E904926904



Here is the log you requested.

Thanks,

Kerry

Attached Files



#14 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:04:40 AM

Posted 08 July 2010 - 12:20 PM

Hi there,

Please download SystemLook from one of the links below and save it to your Desktop.Double-click SystemLook.exe to run it. Copy the content of the following code box into the main text field:
CODE
:dir
c:\documents and settings\Owner\Local Settings\Application Data\epbwkhjxb
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#15 kerry21

kerry21
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:05:40 AM

Posted 08 July 2010 - 03:37 PM

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 16:34 on 08/07/2010 by Owner (Administrator - Elevation successful)

========== dir ==========

c:\documents and settings\Owner\Local Settings\Application Data\epbwkhjxb - Parameters: "(none)"

---Files---
None found.

---Folders---
None found.

-=End Of File=-


Thanks,

Kerry




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users