Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected with firstclassresults.cc/xyx/raisehellmunchies.php


  • This topic is locked This topic is locked
19 replies to this topic

#1 andy wardle

andy wardle

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:24 PM

Posted 09 September 2010 - 01:34 AM

Initially infected with AV Security Suite.(whilst watching the US open tennis on a free stream). Used kill.com, then Superantispyware and MAlwarebytes and Spybot numerous times but still getting google search re-directions to ad sites and Media Player starts up on its own. Can't get Windows to update either!

Usually the redirection is accompanied by bogus security warnings and small windows asking me to enable my anti-virus software.

Spybot and the others keep finding the odd thing (selection of Trojans and adware) and erasing it but every time, the problem recurrs.

Addresses noted were: babychat, firstclassresults.cc/xyx/raisehellmunchies.php, bidvertiser.com, sexintheuk.com

Can do several searches OK after cleaning then it starts playing up again.

Thanks in advance... hope you can help.

DDS (Ver_10-03-17.01) - NTFSx86
Run by andy at 0:19:51.42 on 09/09/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1918.1268 [GMT 1:00]

AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\D6SY2G3N\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:6092
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {77D7E795-33C5-4323-974D-A2A49AB75517} - No File
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No File
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [EPSON BX300F Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatieje.exe /fu "c:\windows\temp\E_SB1C.tmp" /EF "HKCU"
uRun: [NBJ] "c:\program files\nero\nero backitup\NBJ.exe"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [ccleaner] "c:\program files\ccleaner\CCleaner.exe" /AUTO
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\andy\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Send Image to Photo Library - file://c:\documents and settings\andy\application data\roxio\photosuite4\temp\ROXIO00000.html
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~2\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~2\INetRepl.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: topmarques.co.uk\www
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://bq.kp.2020.net/planner/Core/Player/2020PlayerAX_Win32.cab
DPF: {3BB1D69B-A780-4BE1-876E-F3D488877135} - hxxp://download.microsoft.com/download/3/B/E/3BE57995-8452-41F1-8297-DD75EF049853/VirtualEarth3D.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 wvauth
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-1-26 64160]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-4-23 35168]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-1-15 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-1-15 55024]
R2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-10-7 472280]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [2006-11-2 97536]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010-9-3 27632]
S3 FANTOM;LEGO MINDSTORMS NXT Driver;c:\windows\system32\drivers\fantom.sys [2008-7-29 39424]
S3 INIDVD;Initio USB DVD Filter Driver;c:\windows\system32\drivers\inidvd.sys [2009-1-8 7936]
S3 PL-40R;CASIO USB MIDI;c:\windows\system32\drivers\pl40rwdm.sys [2009-6-17 18048]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-7-7 14904]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [2009-8-19 86824]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [2009-8-19 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [2009-8-19 114600]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [2009-8-19 108328]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [2009-8-19 26024]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [2009-8-19 104616]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [2009-8-19 109736]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-1-15 7408]
S3 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [2004-8-11 5120]
S4 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-12-19 79432]
S4 gupdate1c8f01acecbeacc;Google Update Service (gupdate1c8f01acecbeacc);c:\program files\google\update\GoogleUpdate.exe [2008-7-27 133104]
S4 OMSI download service;Sony Ericsson OMSI download service;c:\program files\sony ericsson\sony ericsson pc suite\SupServ.exe [2010-9-3 90112]
S4 Polifslr;Polifslr; [x]

=============== Created Last 30 ================

2010-09-07 17:59:31 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-07 16:47:10 0 d-----w- c:\program files\Secunia
2010-09-07 06:12:50 112 ----a-w- c:\docume~1\alluse~1\applic~1\WqqAYSnuJ.dat
2010-09-07 01:26:35 0 d-----w- c:\docume~1\andy\applic~1\26634CAFC5E6AFABA102ED8567E43023
2010-09-03 04:35:37 148736 ----a-w- c:\docume~1\alluse~1\applic~1\hpe7867.dll
2010-09-03 04:00:23 27632 ----a-w- c:\windows\system32\drivers\seehcri.sys
2010-08-10 04:15:58 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-08-10 04:15:58 69632 ----a-w- c:\windows\system32\QuickTime.qts

==================== Find3M ====================

2010-07-27 06:30:35 8462336 ------w- c:\windows\system32\dllcache\shell32.dll
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-30 12:31:35 149504 ------w- c:\windows\system32\dllcache\schannel.dll
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-23 13:44:04 1851904 ------w- c:\windows\system32\dllcache\win32k.sys
2010-06-23 12:06:51 70656 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2010-06-23 12:06:51 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2010-06-21 15:27:11 354304 ------w- c:\windows\system32\dllcache\srv.sys
2010-06-18 13:36:12 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-06-17 15:12:57 634656 ------w- c:\windows\system32\dllcache\iexplore.exe
2010-06-17 15:11:25 161792 ------w- c:\windows\system32\dllcache\ieakui.dll
2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31:20 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-14 07:41:45 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll
2009-12-23 11:11:05 9902913 ----a-w- c:\program files\halwin_1.89.zip
2009-03-27 08:13:20 604 ---ha-w- c:\program files\STLL Notifier
2008-11-25 13:40:36 1226 ----a-w- c:\program files\setup.reg
2008-11-14 09:52:32 41937 ----a-w- c:\program files\release_notes_kav8.0cf2_en.html
2008-11-13 17:23:12 40375808 ----a-w- c:\program files\kav.en.msi
2008-09-08 14:02:12 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090820080909\index.dat

============= FINISH: 0:21:11.82 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:02:24 PM

Posted 15 September 2010 - 06:39 AM

Hello andy wardle, My name is Syler and I will be helping you to solve your malware issues. Sorry for the delay
in replying, we are very busy at the moment.

Please note because we are very busy, if I don't hear from you within 5 days the topic will be closed, If you
have since resolved your issues I would appreciate if you would let me no so I can close this topic.


Scan With RKUnHooker
  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check all of the boxes. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"




We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
    Under the Custom Scans/Fixes box at the bottom, paste in the following bold text.
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\*. /mp /s
    %SYSTEMDRIVE%\*.exe
    netsvcs
    msconfig
    drivers32
    CREATERESTOREPOINT

  5. Push the button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized


Then please post back here with the following logs:
  • RKUnHooker report
  • OTL.txt
  • Extra.txt

Thanks

unite.jpg


#3 andy wardle

andy wardle
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:24 PM

Posted 16 September 2010 - 01:40 AM

Syler,

Thanks for helping.



Apparently i've got the tdss so can't pst any logs!

Andy

#4 andy wardle

andy wardle
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:24 PM

Posted 16 September 2010 - 05:12 AM

Can't post logs or attach them either!

#5 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:02:24 PM

Posted 16 September 2010 - 10:02 AM

Ok, please do this then.

Download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • If any suspicious items are found, let it skip them for now
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

unite.jpg


#6 andy wardle

andy wardle
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:24 PM

Posted 16 September 2010 - 10:49 AM

Nothing found but here is the log:


2010/09/16 16:46:24.0718 TDSS rootkit removing tool 2.4.2.1 Sep 7 2010 14:43:44
2010/09/16 16:46:24.0718 ================================================================================
2010/09/16 16:46:24.0718 SystemInfo:
2010/09/16 16:46:24.0718
2010/09/16 16:46:24.0718 OS Version: 5.1.2600 ServicePack: 3.0
2010/09/16 16:46:24.0718 Product type: Workstation
2010/09/16 16:46:24.0718 ComputerName: DELLLAPTOP1
2010/09/16 16:46:24.0718 UserName: andy
2010/09/16 16:46:24.0718 Windows directory: C:\WINDOWS
2010/09/16 16:46:24.0718 System windows directory: C:\WINDOWS
2010/09/16 16:46:24.0718 Processor architecture: Intel x86
2010/09/16 16:46:24.0718 Number of processors: 1
2010/09/16 16:46:24.0718 Page size: 0x1000
2010/09/16 16:46:24.0718 Boot type: Normal boot
2010/09/16 16:46:24.0718 ================================================================================
2010/09/16 16:46:24.0953 Initialize success
2010/09/16 16:46:27.0000 ================================================================================
2010/09/16 16:46:27.0000 Scan started
2010/09/16 16:46:27.0000 Mode: Manual;
2010/09/16 16:46:27.0000 ================================================================================
2010/09/16 16:46:27.0968 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
2010/09/16 16:46:28.0062 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2010/09/16 16:46:28.0125 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/09/16 16:46:28.0171 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/09/16 16:46:28.0187 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2010/09/16 16:46:28.0250 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/09/16 16:46:28.0312 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/09/16 16:46:28.0343 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/09/16 16:46:28.0359 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2010/09/16 16:46:28.0390 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2010/09/16 16:46:28.0406 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2010/09/16 16:46:28.0453 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2010/09/16 16:46:28.0500 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2010/09/16 16:46:28.0515 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2010/09/16 16:46:28.0531 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2010/09/16 16:46:28.0562 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2010/09/16 16:46:28.0609 ApfiltrService (350f19eb5fe4ec37a2414df56cde1aa8) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
2010/09/16 16:46:28.0640 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
2010/09/16 16:46:28.0687 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/09/16 16:46:28.0718 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2010/09/16 16:46:28.0734 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2010/09/16 16:46:28.0765 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2010/09/16 16:46:28.0828 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/09/16 16:46:28.0890 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/09/16 16:46:29.0031 ati2mtag (aff027496f2d60f7f54a7cc8421a9f5a) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2010/09/16 16:46:29.0093 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/09/16 16:46:29.0140 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/09/16 16:46:29.0203 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
2010/09/16 16:46:29.0218 b57w2k (f96038aa1ec4013a93d2420fc689d1e9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2010/09/16 16:46:29.0296 BCM43XX (e9ea635b8432d68f0005b3f6cebab837) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2010/09/16 16:46:29.0343 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/09/16 16:46:29.0421 btaudio (faba1418646a2b433c0bded6ff92d2fa) C:\WINDOWS\system32\drivers\btaudio.sys
2010/09/16 16:46:29.0468 BTDriver (2f9f111d31aa3fbbe5781d829a4524e6) C:\WINDOWS\system32\DRIVERS\btport.sys
2010/09/16 16:46:29.0562 BTKRNL (aef038061bc1cafb4865d43a85beb1a1) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
2010/09/16 16:46:29.0609 BTWDNDIS (80f61de965c116051614ac2f04222ff7) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
2010/09/16 16:46:29.0640 btwhid (949eca9c56f657c06d3166d51f3226c7) C:\WINDOWS\system32\DRIVERS\btwhid.sys
2010/09/16 16:46:29.0671 BTWUSB (179a37c86fd2b9cc28eb93d093d394c7) C:\WINDOWS\system32\Drivers\btwusb.sys
2010/09/16 16:46:29.0734 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2010/09/16 16:46:29.0765 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/09/16 16:46:29.0875 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/09/16 16:46:30.0062 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2010/09/16 16:46:30.0140 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/09/16 16:46:30.0203 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/09/16 16:46:30.0265 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/09/16 16:46:30.0359 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/09/16 16:46:30.0390 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2010/09/16 16:46:30.0406 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/09/16 16:46:30.0453 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2010/09/16 16:46:30.0468 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2010/09/16 16:46:30.0500 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2010/09/16 16:46:30.0531 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/09/16 16:46:30.0593 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/09/16 16:46:30.0656 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/09/16 16:46:30.0687 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/09/16 16:46:30.0765 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/09/16 16:46:30.0812 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2010/09/16 16:46:30.0859 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/09/16 16:46:30.0984 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
2010/09/16 16:46:31.0031 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
2010/09/16 16:46:31.0109 DXEC01 (549734664886d91222969845e4311d1b) C:\WINDOWS\system32\drivers\dxec01.sys
2010/09/16 16:46:31.0156 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/09/16 16:46:31.0218 eamon (1ceb779239965000b8f6adee17d4515b) C:\WINDOWS\system32\DRIVERS\eamon.sys
2010/09/16 16:46:31.0265 ehdrv (7d300a43a7bd8769e0f901bf9e1ae367) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
2010/09/16 16:46:31.0328 epfwtdir (ecd5f68e32ff5c6a728eb03dc892ae7f) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
2010/09/16 16:46:31.0406 FANTOM (e3b0cd18146f9d51a34969e9bc2458d2) C:\WINDOWS\system32\DRIVERS\fantom.sys
2010/09/16 16:46:31.0468 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/09/16 16:46:31.0531 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/09/16 16:46:31.0578 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/09/16 16:46:31.0656 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/09/16 16:46:31.0703 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/09/16 16:46:31.0750 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/09/16 16:46:31.0765 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/09/16 16:46:31.0859 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/09/16 16:46:31.0906 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/09/16 16:46:31.0968 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/09/16 16:46:32.0015 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/09/16 16:46:32.0062 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2010/09/16 16:46:32.0125 HSFHWAZL (290cdbb05903742ea06b7203c5a662f5) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
2010/09/16 16:46:32.0171 HSF_DPV (7ab812355f98858b9ecdd46e6fcc221f) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2010/09/16 16:46:32.0250 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/09/16 16:46:32.0312 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/09/16 16:46:32.0375 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2010/09/16 16:46:32.0437 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/09/16 16:46:32.0468 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/09/16 16:46:32.0531 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2010/09/16 16:46:32.0578 INIDVD (5f798ff524694c54543a5735b1e87904) C:\WINDOWS\system32\DRIVERS\inidvd.sys
2010/09/16 16:46:32.0656 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/09/16 16:46:32.0718 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/09/16 16:46:32.0781 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/09/16 16:46:32.0875 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/09/16 16:46:32.0921 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/09/16 16:46:32.0984 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/09/16 16:46:33.0046 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/09/16 16:46:33.0109 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/09/16 16:46:33.0171 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/09/16 16:46:33.0203 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/09/16 16:46:33.0218 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/09/16 16:46:33.0265 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/09/16 16:46:33.0296 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/09/16 16:46:33.0328 Lbd (52320254d74ea11b6f129e7df1016975) C:\WINDOWS\system32\DRIVERS\Lbd.sys
2010/09/16 16:46:33.0437 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/09/16 16:46:33.0468 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/09/16 16:46:33.0531 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/09/16 16:46:33.0562 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/09/16 16:46:33.0625 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/09/16 16:46:33.0640 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/09/16 16:46:33.0703 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2010/09/16 16:46:33.0750 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/09/16 16:46:33.0843 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/09/16 16:46:33.0921 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
2010/09/16 16:46:33.0953 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/09/16 16:46:34.0031 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/09/16 16:46:34.0062 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/09/16 16:46:34.0109 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/09/16 16:46:34.0171 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/09/16 16:46:34.0234 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/09/16 16:46:34.0250 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/09/16 16:46:34.0312 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/09/16 16:46:34.0375 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/09/16 16:46:34.0453 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/09/16 16:46:34.0515 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/09/16 16:46:34.0593 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/09/16 16:46:34.0640 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/09/16 16:46:34.0718 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/09/16 16:46:34.0750 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/09/16 16:46:34.0796 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/09/16 16:46:34.0875 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/09/16 16:46:34.0921 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/09/16 16:46:34.0984 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/09/16 16:46:35.0062 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/09/16 16:46:35.0156 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/09/16 16:46:35.0250 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/09/16 16:46:35.0281 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/09/16 16:46:35.0296 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/09/16 16:46:35.0328 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/09/16 16:46:35.0359 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/09/16 16:46:35.0390 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/09/16 16:46:35.0406 PBADRV (9ec004140e1b675acdeb07f66ee797a4) C:\WINDOWS\system32\DRIVERS\PBADRV.sys
2010/09/16 16:46:35.0421 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/09/16 16:46:35.0468 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/09/16 16:46:35.0515 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2010/09/16 16:46:35.0625 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2010/09/16 16:46:35.0656 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2010/09/16 16:46:35.0734 PL-40R (e27087ed87311dc130e55a63e890615d) C:\WINDOWS\system32\Drivers\pl40rwdm.sys
2010/09/16 16:46:35.0781 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/09/16 16:46:35.0843 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/09/16 16:46:35.0859 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/09/16 16:46:35.0937 PSI (1df21f001f3a94eba4a2950c70cc358f) C:\WINDOWS\system32\DRIVERS\psi_mf.sys
2010/09/16 16:46:35.0953 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/09/16 16:46:36.0000 PxHelp20 (b572ed0c3e6165643fa116af20425a54) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
2010/09/16 16:46:36.0046 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2010/09/16 16:46:36.0078 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2010/09/16 16:46:36.0125 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2010/09/16 16:46:36.0156 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2010/09/16 16:46:36.0218 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2010/09/16 16:46:36.0281 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/09/16 16:46:36.0328 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/09/16 16:46:36.0359 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/09/16 16:46:36.0406 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/09/16 16:46:36.0453 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/09/16 16:46:36.0484 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/09/16 16:46:36.0546 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/09/16 16:46:36.0593 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/09/16 16:46:36.0640 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/09/16 16:46:36.0718 s0017bus (594ff5620661d1386475406e78cb6f2f) C:\WINDOWS\system32\DRIVERS\s0017bus.sys
2010/09/16 16:46:36.0781 s0017mdfl (7258f550419d543bc5c8e80c578a5d54) C:\WINDOWS\system32\DRIVERS\s0017mdfl.sys
2010/09/16 16:46:36.0828 s0017mdm (1de4f6607feb17a15dbd4f1b139e6d2f) C:\WINDOWS\system32\DRIVERS\s0017mdm.sys
2010/09/16 16:46:36.0875 s0017mgmt (9814e6bacc06d2526cd52981c7eeedf0) C:\WINDOWS\system32\DRIVERS\s0017mgmt.sys
2010/09/16 16:46:36.0906 s0017nd5 (2c62cd58225973f26682cd4f783ddede) C:\WINDOWS\system32\DRIVERS\s0017nd5.sys
2010/09/16 16:46:36.0953 s0017obex (f87c3422e84b2fb1b43e0a26247ad5a5) C:\WINDOWS\system32\DRIVERS\s0017obex.sys
2010/09/16 16:46:37.0000 s0017unic (df5e7360a0afa5956bf75da683d0679f) C:\WINDOWS\system32\DRIVERS\s0017unic.sys
2010/09/16 16:46:37.0109 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/09/16 16:46:37.0140 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
2010/09/16 16:46:37.0187 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
2010/09/16 16:46:37.0265 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/09/16 16:46:37.0328 seehcri (e5b56569a9f79b70314fede6c953641e) C:\WINDOWS\system32\DRIVERS\seehcri.sys
2010/09/16 16:46:37.0390 Ser2pl (6ce397c482bede91a38e56a8c4a0dc6d) C:\WINDOWS\system32\DRIVERS\ser2pl.sys
2010/09/16 16:46:37.0437 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/09/16 16:46:37.0484 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/09/16 16:46:37.0562 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/09/16 16:46:37.0640 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2010/09/16 16:46:37.0671 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/09/16 16:46:37.0718 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2010/09/16 16:46:37.0765 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/09/16 16:46:37.0843 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/09/16 16:46:37.0890 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/09/16 16:46:38.0015 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys
2010/09/16 16:46:38.0093 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
2010/09/16 16:46:38.0218 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/09/16 16:46:38.0343 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/09/16 16:46:38.0453 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/09/16 16:46:38.0515 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2010/09/16 16:46:38.0562 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2010/09/16 16:46:38.0593 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2010/09/16 16:46:38.0703 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2010/09/16 16:46:38.0750 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/09/16 16:46:38.0828 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/09/16 16:46:38.0968 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/09/16 16:46:39.0000 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/09/16 16:46:39.0046 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/09/16 16:46:39.0093 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2010/09/16 16:46:39.0140 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/09/16 16:46:39.0187 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2010/09/16 16:46:39.0234 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/09/16 16:46:39.0281 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/09/16 16:46:39.0312 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/09/16 16:46:39.0359 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/09/16 16:46:39.0421 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/09/16 16:46:39.0468 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2010/09/16 16:46:39.0546 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/09/16 16:46:39.0593 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/09/16 16:46:39.0671 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/09/16 16:46:39.0718 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/09/16 16:46:39.0796 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2010/09/16 16:46:39.0859 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/09/16 16:46:39.0875 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2010/09/16 16:46:39.0921 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/09/16 16:46:39.0968 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/09/16 16:46:40.0015 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/09/16 16:46:40.0093 WaveFDE (db626c46997c2430d4958da5c7ffb969) C:\WINDOWS\system32\DRIVERS\WaveFDE.sys
2010/09/16 16:46:40.0125 WavxDMgr (51e756f2bfb5e3adcb15f966ad293231) C:\WINDOWS\system32\DRIVERS\WavxDMgr.sys
2010/09/16 16:46:40.0156 wceusbsh (46a247f6617526afe38b6f12f5512120) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
2010/09/16 16:46:40.0218 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2010/09/16 16:46:40.0281 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/09/16 16:46:40.0359 winachsf (a8596cf86d445269a42ecc08b7066a4c) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2010/09/16 16:46:40.0421 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2010/09/16 16:46:40.0468 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2010/09/16 16:46:40.0515 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/09/16 16:46:40.0562 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/09/16 16:46:40.0625 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/09/16 16:46:40.0703 ================================================================================
2010/09/16 16:46:40.0703 Scan finished
2010/09/16 16:46:40.0703 ================================================================================

#7 andy wardle

andy wardle
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:24 PM

Posted 16 September 2010 - 10:51 AM


Here is the OTL log. Seems that it is letting me post now!

OTL logfile created on: 15/09/2010 16:02:07 - Run 1
OTL by OldTimer - Version 3.2.12.1 Folder = C:\Documents and Settings\andy\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 68.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.68 Gb Total Space | 67.67 Gb Free Space | 60.59% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DELLLAPTOP1
Current User Name: andy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/09/15 16:01:05 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\andy\Desktop\OTL.exe
PRC - [2010/09/15 15:56:45 | 000,006,656 | ---- | M] () -- C:\WINDOWS\system32\75110A00.exe
PRC - [2010/08/12 14:16:26 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2010/08/12 14:16:12 | 002,215,064 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/17 04:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
PRC - [2007/09/07 17:29:04 | 000,737,280 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
PRC - [2007/07/20 16:53:52 | 000,475,136 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2007/03/15 12:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2007/01/31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2007/01/11 04:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
PRC - [2006/11/13 13:39:52 | 001,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2006/11/13 13:39:34 | 000,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe


========== Modules (SafeList) ==========

MOD - [2010/09/15 16:01:05 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\andy\Desktop\OTL.exe
MOD - [2008/04/14 01:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (Polifslr)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2010/09/15 15:56:45 | 000,006,656 | ---- | M] () [On_Demand | Running] -- C:\WINDOWS\system32\75110A00.exe -- (75110A00)
SRV - [2010/08/12 14:18:40 | 000,033,584 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2010/08/12 14:16:26 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2009/04/30 11:23:26 | 000,090,112 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2009/03/27 21:52:21 | 000,655,624 | ---- | M] (Acresso Software Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/12/17 04:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01)
SRV - [2007/12/05 17:24:44 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [On_Demand | Stopped] -- C:\WINDOWS\system32\stacsv.exe -- (STacSV)
SRV - [2007/11/08 22:50:10 | 001,552,384 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2007/09/13 14:31:44 | 000,192,512 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe -- (WaveEnrollmentService)
SRV - [2007/09/07 17:29:04 | 000,737,280 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe -- (TdmService)
SRV - [2007/08/31 17:39:18 | 000,486,400 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2007/07/20 16:53:52 | 000,475,136 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2007/03/19 12:44:44 | 000,070,656 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/01/31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2007/01/11 04:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
SRV - [2006/12/19 14:21:48 | 000,079,432 | ---- | M] (Broadcom Corporation) [Disabled | Stopped] -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon)


========== Driver Services (SafeList) ==========

DRV - [2010/09/10 07:52:29 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/09/10 07:52:28 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/09/10 07:52:28 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/08/04 11:50:36 | 000,140,752 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2010/08/03 13:28:36 | 000,095,896 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2010/07/29 13:31:26 | 000,115,008 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010/07/07 15:05:32 | 000,014,904 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2009/03/03 20:43:08 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2008/10/21 09:22:48 | 000,114,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017mdm.sys -- (s0017mdm)
DRV - [2008/10/21 09:22:48 | 000,109,736 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017unic.sys -- (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM)
DRV - [2008/10/21 09:22:48 | 000,108,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017mgmt.sys -- (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM)
DRV - [2008/10/21 09:22:48 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017obex.sys -- (s0017obex)
DRV - [2008/10/21 09:22:48 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017bus.sys -- (s0017bus) Sony Ericsson Device 0017 driver (WDM)
DRV - [2008/10/21 09:22:48 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017nd5.sys -- (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS)
DRV - [2008/10/21 09:22:48 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017mdfl.sys -- (s0017mdfl)
DRV - [2008/07/29 15:09:16 | 000,039,424 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fantom.sys -- (FANTOM)
DRV - [2008/04/15 12:14:02 | 000,990,632 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2008/04/15 12:13:58 | 000,534,440 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2008/04/13 20:46:20 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2008/04/13 20:46:20 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2008/04/13 20:46:10 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
DRV - [2008/04/13 19:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 19:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 19:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 17:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/03/27 18:18:12 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2008/03/10 19:18:42 | 000,057,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2008/02/04 18:57:44 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2008/01/09 12:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\seehcri.sys -- (seehcri)
DRV - [2007/12/05 17:24:44 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/12/02 18:26:22 | 000,989,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/12/02 18:26:20 | 000,731,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/12/02 18:26:20 | 000,211,200 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/11/07 15:18:54 | 000,007,936 | R--- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\inidvd.sys -- (INIDVD)
DRV - [2007/10/09 04:17:42 | 001,123,328 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007/09/23 18:27:26 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/09/20 12:59:14 | 000,156,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2007/09/10 09:55:00 | 000,161,280 | ---- | M] (Wave Systems Corp.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\WavxDMgr.sys -- (WavxDMgr)
DRV - [2007/09/07 09:57:14 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\PBADRV.sys -- (PBADRV)
DRV - [2007/09/06 09:18:40 | 000,018,176 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WaveFDE.sys -- (WaveFDE)
DRV - [2007/04/24 18:09:56 | 001,975,808 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/03/20 15:53:00 | 000,160,256 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/11/02 12:32:32 | 000,097,536 | ---- | M] (Knowles Acoustics) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dxec01.sys -- (DXEC01)
DRV - [2006/10/05 17:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/08/12 17:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2004/10/01 08:08:38 | 000,018,048 | R--- | M] (CASIO COMPUTER CO., LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pl40rwdm.sys -- (PL-40R)
DRV - [2004/08/03 22:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/06/28 12:08:56 | 000,042,752 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk-rel&channel=uk&ibd=3080517
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.co.uk/ig/dell?hl=en&client=dell-usuk-rel&channel=uk&ibd=3080517


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk-rel&channel=uk&ibd=3080517
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6092

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk-rel&channel=uk&ibd=3080517
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6092



IE - HKU\S-1-5-21-429677481-3093094019-1146976091-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-429677481-3093094019-1146976091-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-429677481-3093094019-1146976091-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-429677481-3093094019-1146976091-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6092

FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/09/09 23:55:50 | 000,000,000 | ---D | M]

[2009/08/03 19:59:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andy\Application Data\Mozilla\Extensions
[2009/08/03 19:59:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\andy\Application Data\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2010/09/08 20:21:09 | 000,418,466 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14467 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {77D7E795-33C5-4323-974D-A2A49AB75517} - No CLSID value found.
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (no name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No CLSID value found.
O3 - HKU\S-1-5-21-429677481-3093094019-1146976091-1005\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKU\S-1-5-21-429677481-3093094019-1146976091-1005..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - HKU\S-1-5-21-429677481-3093094019-1146976091-1005..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-429677481-3093094019-1146976091-1005..\Run: [EPSON BX300F Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEJE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-429677481-3093094019-1146976091-1005..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-429677481-3093094019-1146976091-1005..\Run: [NBJ] C:\Program Files\nero\Nero BackItUp\NBJ.exe (Ahead Software AG)
O4 - Startup: C:\Documents and Settings\andy\Start Menu\Programs\Startup\Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe (Secunia)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-429677481-3093094019-1146976091-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-429677481-3093094019-1146976091-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-429677481-3093094019-1146976091-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-429677481-3093094019-1146976091-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_20.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKU\S-1-5-21-429677481-3093094019-1146976091-1005\..Trusted Domains: topmarques.co.uk ([www] http in Trusted sites)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} http://bq.kp.2020.net/planner/Core/Player/...yerAX_Win32.cab (20-20 3D Viewer)
O16 - DPF: {3BB1D69B-A780-4BE1-876E-F3D488877135} http://download.microsoft.com/download/3/B...tualEarth3D.cab (SentinelProxy Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase6770.cab (Windows Live Safety Center Base Module)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photo...ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\andy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\andy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (wvauth) - C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/12/26 21:34:18 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{579c184e-7ea7-11dd-85bc-001fe10b59f9}\Shell - "" = AutoRun
O33 - MountPoints2\{579c184e-7ea7-11dd-85bc-001fe10b59f9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{579c184e-7ea7-11dd-85bc-001fe10b59f9}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{6524c444-81c1-11dd-85bf-001fe10b59f9}\Shell - "" = AutoRun
O33 - MountPoints2\{6524c444-81c1-11dd-85bf-001fe10b59f9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6524c444-81c1-11dd-85bf-001fe10b59f9}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{6c3a4c28-d38c-11dd-85eb-001fe10b59f9}\Shell\AutoRun\command - "" = E:\system\viewer\FlipVideoforPC.exe -- File not found
O33 - MountPoints2\{6c3a4c28-d38c-11dd-85eb-001fe10b59f9}\Shell\Flip Video for PC\command - "" = E:\system\viewer\FlipVideoforPC.exe -- File not found
O33 - MountPoints2\{dd8722e7-1fe3-11df-86b3-001fe10b59f9}\Shell\AutoRun\command - "" = E:\Get_Started_for_Win.exe -- File not found
O33 - MountPoints2\{dd8722e8-1fe3-11df-86b3-001fe10b59f9}\Shell\AutoRun\command - "" = F:\Get_Started_for_Win.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - Services: "RichVideo"
MsConfig - Services: "ose"
MsConfig - Services: "odserv"
MsConfig - Services: "mnmsrvc"
MsConfig - Services: "LightScribeService"
MsConfig - Services: "Lavasoft Ad-Aware Service"
MsConfig - Services: "iPod Service"
MsConfig - Services: "ImapiService"
MsConfig - Services: "Bonjour Service"
MsConfig - Services: "gusvc"
MsConfig - Services: "ERSvc"
MsConfig - Services: "tcsd_win32.exe"
MsConfig - Services: "Tcnpadabgi"
MsConfig - Services: "RemoteRegistry"
MsConfig - Services: "RDSessMgr"
MsConfig - Services: "RasMan"
MsConfig - Services: "RasAuto"
MsConfig - Services: "FontCache3.0.0.0"
MsConfig - Services: "FLEXnet Licensing Service"
MsConfig - Services: "DSBrokerService"
MsConfig - Services: "ASFIPmon"
MsConfig - Services: "Apple Mobile Device"
MsConfig - Services: "OMSI download service"
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe - (Broadcom Corporation.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe - (Avanquest Software )
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^S2 Updater.lnk - C:\WINDOWS\Installer\{AEDADAC9-5EE5-4EBE-A2FC-31EDDA29B2AE}\IconAEDADAC92.exe - ()
MsConfig - StartUpReg: AdobeCS4ServiceManager - hkey= - key= - C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe File not found
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe File not found
MsConfig - StartUpReg: PDVDDXSrv - hkey= - key= - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
MsConfig - StartUpReg: RemoteControl - hkey= - key= - C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
MsConfig - StartUpReg: SecureUpgrade - hkey= - key= - C:\Program Files\Wave Systems Corp\SecureUpgrade.exe (Wave Systems Corp.)
MsConfig - StartUpReg: Sony Ericsson PC Suite - hkey= - key= - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)
MsConfig - StartUpReg: SpybotSD TeaTimer - hkey= - key= - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre6\bin\jusched.exe File not found
MsConfig - StartUpReg: SUPERAntiSpyware - hkey= - key= - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 2
MsConfig - State: "bootini" - 2
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2

Drivers32: ’ - Reg Error: Value error. File not found
Drivers32: aux - wdmaud.sys File not found
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.3IV2 - C:\WINDOWS\System32\3ivxVfWCodec.dll (3ivx Technologies Pty. Ltd.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax ()
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (11272609819787264)

========== Files/Folders - Created Within 30 Days ==========

[2010/09/15 16:00:42 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\andy\Desktop\OTL.exe
[2010/09/15 15:13:58 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\andy\Recent
[2010/09/13 20:28:34 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/09/13 10:41:51 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\andy\Desktop\ATF-Cleaner.exe
[2010/09/09 23:55:49 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/09/07 19:08:04 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/09/07 19:07:44 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/09/07 19:07:44 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/09/07 19:07:44 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/09/07 19:00:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/09/07 18:59:31 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/09/07 17:47:10 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2010/09/07 08:10:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\lffbhcmec
[2010/09/07 08:10:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/09/07 08:06:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/09/07 08:05:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/09/07 06:47:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ATI
[2010/09/07 06:47:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\ATI
[2010/09/07 02:26:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andy\Application Data\26634CAFC5E6AFABA102ED8567E43023
[2010/09/03 05:52:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andy\My Documents\Sony Ericsson
[2010/09/03 05:35:37 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\Documents and Settings\All Users\Application Data\hpe7867.dll
[2010/09/03 05:00:23 | 000,027,632 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\WINDOWS\System32\drivers\seehcri.sys
[2010/08/20 11:48:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\andy\Desktop\toy story 3
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/09/15 16:08:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/09/15 16:01:05 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\andy\Desktop\OTL.exe
[2010/09/15 16:00:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At89.job
[2010/09/15 16:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At65.job
[2010/09/15 16:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2010/09/15 16:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At113.job
[2010/09/15 15:51:50 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\andy\Desktop\RKUnhookerLE.EXE
[2010/09/15 15:17:56 | 000,443,034 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/09/15 15:17:56 | 000,072,134 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/09/15 15:17:55 | 000,524,016 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/09/15 15:14:41 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/15 15:12:50 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/09/15 15:12:44 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/15 15:12:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/14 20:02:20 | 012,320,768 | -H-- | M] () -- C:\Documents and Settings\andy\NTUSER.DAT
[2010/09/14 20:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At93.job
[2010/09/14 20:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At69.job
[2010/09/14 20:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2010/09/14 20:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At117.job
[2010/09/14 19:58:57 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/09/14 19:42:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily).job
[2010/09/14 15:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At88.job
[2010/09/14 15:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At64.job
[2010/09/14 15:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2010/09/14 15:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At112.job
[2010/09/14 14:08:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/09/14 14:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At87.job
[2010/09/14 14:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At63.job
[2010/09/14 14:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2010/09/14 14:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At111.job
[2010/09/14 13:08:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/09/14 13:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At86.job
[2010/09/14 13:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At62.job
[2010/09/14 13:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2010/09/14 13:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At110.job
[2010/09/14 12:08:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/09/14 12:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At85.job
[2010/09/14 12:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At61.job
[2010/09/14 12:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2010/09/14 12:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At109.job
[2010/09/14 09:08:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/09/14 09:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At82.job
[2010/09/14 09:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At58.job
[2010/09/14 09:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2010/09/14 09:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At106.job
[2010/09/14 08:08:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/09/14 08:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At81.job
[2010/09/14 08:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At57.job
[2010/09/14 08:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2010/09/14 08:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At105.job
[2010/09/14 07:08:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/09/14 07:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At80.job
[2010/09/14 07:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At56.job
[2010/09/14 07:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2010/09/14 07:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At104.job
[2010/09/14 06:08:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/09/14 06:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At79.job
[2010/09/14 06:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At55.job
[2010/09/14 06:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2010/09/14 06:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At103.job
[2010/09/14 05:08:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/09/14 05:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At78.job
[2010/09/14 05:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At54.job
[2010/09/14 05:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
[2010/09/14 05:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At102.job
[2010/09/14 04:08:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/09/14 04:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At77.job
[2010/09/14 04:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At53.job
[2010/09/14 04:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
[2010/09/14 04:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At101.job
[2010/09/14 03:08:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/09/14 03:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At76.job
[2010/09/14 03:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At52.job
[2010/09/14 03:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2010/09/14 03:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At100.job
[2010/09/14 01:08:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/09/14 01:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At98.job
[2010/09/14 01:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At74.job
[2010/09/14 01:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At50.job
[2010/09/14 01:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2010/09/14 00:53:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At73.job
[2010/09/14 00:28:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At97.job
[2010/09/14 00:25:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At49.job
[2010/09/14 00:08:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2010/09/14 00:08:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/09/13 23:08:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/09/13 23:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At96.job
[2010/09/13 23:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At72.job
[2010/09/13 23:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2010/09/13 23:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At120.job
[2010/09/13 22:08:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/09/13 22:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At95.job
[2010/09/13 22:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At71.job
[2010/09/13 22:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2010/09/13 22:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At119.job
[2010/09/13 21:18:00 | 000,000,482 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Scan (normal).job
[2010/09/13 21:08:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/09/13 21:00:02 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At94.job
[2010/09/13 21:00:02 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At70.job
[2010/09/13 21:00:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2010/09/13 21:00:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At118.job
[2010/09/13 20:08:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/09/13 15:08:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/09/13 11:08:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/09/13 11:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At84.job
[2010/09/13 11:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At60.job
[2010/09/13 11:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2010/09/13 11:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At108.job
[2010/09/13 10:41:52 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\andy\Desktop\ATF-Cleaner.exe
[2010/09/11 02:08:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/09/11 02:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At99.job
[2010/09/11 02:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At75.job
[2010/09/11 02:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At51.job
[2010/09/11 02:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2010/09/10 19:08:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/09/10 19:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At92.job
[2010/09/10 19:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At68.job
[2010/09/10 19:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2010/09/10 19:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At116.job
[2010/09/10 18:08:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/09/10 18:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At91.job
[2010/09/10 18:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At67.job
[2010/09/10 18:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2010/09/10 18:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At115.job
[2010/09/10 17:08:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/09/10 17:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At90.job
[2010/09/10 17:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At66.job
[2010/09/10 17:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2010/09/10 17:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At114.job
[2010/09/09 23:45:59 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/09/09 00:38:14 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/09/09 00:26:45 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\andy\My Documents\gmer.zip
[2010/09/09 00:23:50 | 000,005,927 | ---- | M] () -- C:\Documents and Settings\andy\Desktop\attach.zip
[2010/09/08 20:21:09 | 000,418,466 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/09/08 10:08:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/09/08 10:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At83.job
[2010/09/08 10:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At59.job
[2010/09/08 10:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2010/09/08 10:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At107.job
[2010/09/08 09:04:52 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2010/09/07 19:14:38 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/09/07 19:06:56 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/09/07 19:06:56 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/09/07 19:06:56 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/09/07 19:06:56 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/09/07 19:06:55 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/09/07 17:47:45 | 000,000,720 | ---- | M] () -- C:\Documents and Settings\andy\Start Menu\Programs\Startup\Secunia PSI.lnk
[2010/09/07 14:09:47 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\WqqAYSnuJ.dat
[2010/09/07 07:47:11 | 000,000,387 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/09/07 02:44:10 | 000,000,548 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/09/07 02:44:10 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/09/07 02:44:10 | 000,000,210 | RHS- | M] () -- C:\boot.ini
[2010/09/06 12:25:12 | 008,199,234 | ---- | M] () -- C:\Documents and Settings\andy\My Documents\ARPCatalog.pdf
[2010/09/04 19:37:21 | 000,012,173 | ---- | M] () -- C:\Documents and Settings\andy\My Documents\jalousie review.docx
[2010/09/04 11:14:35 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\andy\Desktop\word.lnk
[2010/09/03 09:53:44 | 000,010,888 | ---- | M] () -- C:\Documents and Settings\andy\My Documents\mix.docx
[2010/09/03 05:35:37 | 000,148,736 | ---- | M] (Avanquest Software) -- C:\Documents and Settings\All Users\Application Data\hpe7867.dll
[2010/09/02 20:28:45 | 000,417,106 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100908-202109.backup
[2010/08/22 11:28:08 | 000,035,840 | ---- | M] () -- C:\Documents and Settings\andy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/21 10:13:51 | 000,416,131 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100902-202844.backup
[2010/08/17 10:07:28 | 000,415,924 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100821-101350.backup
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/15 15:56:45 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\75110A00.exe
[2010/09/15 15:51:29 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\andy\Desktop\RKUnhookerLE.EXE
[2010/09/09 00:24:19 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\andy\My Documents\gmer.zip
[2010/09/09 00:23:50 | 000,005,927 | ---- | C] () -- C:\Documents and Settings\andy\Desktop\attach.zip
[2010/09/07 19:43:01 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2010/09/07 19:14:38 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/09/07 17:47:45 | 000,000,720 | ---- | C] () -- C:\Documents and Settings\andy\Start Menu\Programs\Startup\Secunia PSI.lnk
[2010/09/07 14:09:34 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At99.job
[2010/09/07 14:09:34 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At98.job
[2010/09/07 14:09:34 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At97.job
[2010/09/07 14:09:34 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At120.job
[2010/09/07 14:09:34 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At119.job
[2010/09/07 14:09:34 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At118.job
[2010/09/07 14:09:34 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At117.job
[2010/09/07 14:09:34 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At116.job
[2010/09/07 14:09:34 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At115.job
[2010/09/07 14:09:34 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At114.job
[2010/09/07 14:09:34 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At113.job
[2010/09/07 14:09:34 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At112.job
[2010/09/07 14:09:34 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At111.job
[2010/09/07 14:09:34 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At110.job
[2010/09/07 14:09:34 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At109.job
[2010/09/07 14:09:34 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At108.job
[2010/09/07 14:09:34 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At107.job
[2010/09/07 14:09:34 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At106.job
[2010/09/07 14:09:34 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At105.job
[2010/09/07 14:09:34 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At104.job
[2010/09/07 14:09:34 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At103.job
[2010/09/07 14:09:34 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At102.job
[2010/09/07 14:09:34 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At101.job
[2010/09/07 14:09:34 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At100.job
[2010/09/07 12:08:29 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At96.job
[2010/09/07 12:08:29 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At95.job
[2010/09/07 12:08:29 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At94.job
[2010/09/07 12:08:29 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At93.job
[2010/09/07 12:08:29 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At92.job
[2010/09/07 12:08:29 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At91.job
[2010/09/07 12:08:29 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At90.job
[2010/09/07 12:08:29 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At89.job
[2010/09/07 12:08:29 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At88.job
[2010/09/07 12:08:29 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At87.job
[2010/09/07 12:08:29 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At86.job
[2010/09/07 12:08:29 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At85.job
[2010/09/07 12:08:29 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At84.job
[2010/09/07 12:08:29 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At83.job
[2010/09/07 12:08:29 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At82.job
[2010/09/07 12:08:29 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At81.job
[2010/09/07 12:08:29 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At80.job
[2010/09/07 12:08:29 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At79.job
[2010/09/07 12:08:29 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At78.job
[2010/09/07 12:08:29 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At77.job
[2010/09/07 12:08:29 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At76.job
[2010/09/07 12:08:29 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At75.job
[2010/09/07 12:08:29 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At74.job
[2010/09/07 12:08:29 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At73.job
[2010/09/07 10:07:25 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At72.job
[2010/09/07 10:07:25 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At71.job
[2010/09/07 10:07:25 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At70.job
[2010/09/07 10:07:25 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At69.job
[2010/09/07 10:07:25 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At68.job
[2010/09/07 10:07:24 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At67.job
[2010/09/07 10:07:24 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At66.job
[2010/09/07 10:07:24 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At65.job
[2010/09/07 10:07:24 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At64.job
[2010/09/07 10:07:24 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At63.job
[2010/09/07 10:07:24 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At62.job
[2010/09/07 10:07:24 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At61.job
[2010/09/07 10:07:24 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At60.job
[2010/09/07 10:07:23 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At59.job
[2010/09/07 10:07:23 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At58.job
[2010/09/07 10:07:23 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At57.job
[2010/09/07 10:07:23 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At56.job
[2010/09/07 10:07:23 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At55.job
[2010/09/07 10:07:23 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At54.job
[2010/09/07 10:07:22 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At53.job
[2010/09/07 10:07:22 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At52.job
[2010/09/07 10:07:22 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At51.job
[2010/09/07 10:07:22 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At50.job
[2010/09/07 10:07:22 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At49.job
[2010/09/07 07:12:50 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At48.job
[2010/09/07 07:12:50 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At47.job
[2010/09/07 07:12:50 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At46.job
[2010/09/07 07:12:50 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At45.job
[2010/09/07 07:12:50 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At44.job
[2010/09/07 07:12:50 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At43.job
[2010/09/07 07:12:50 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At42.job
[2010/09/07 07:12:50 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At41.job
[2010/09/07 07:12:50 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At40.job
[2010/09/07 07:12:50 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At39.job
[2010/09/07 07:12:50 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At38.job
[2010/09/07 07:12:50 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At37.job
[2010/09/07 07:12:50 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At36.job
[2010/09/07 07:12:50 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At35.job
[2010/09/07 07:12:50 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At34.job
[2010/09/07 07:12:50 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At33.job
[2010/09/07 07:12:50 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At32.job
[2010/09/07 07:12:50 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At31.job
[2010/09/07 07:12:50 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At30.job
[2010/09/07 07:12:50 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At29.job
[2010/09/07 07:12:50 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At28.job
[2010/09/07 07:12:50 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At27.job
[2010/09/07 07:12:50 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At26.job
[2010/09/07 07:12:50 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At25.job
[2010/09/07 07:12:50 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\WqqAYSnuJ.dat
[2010/09/07 06:47:14 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010/09/07 06:47:14 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010/09/07 06:47:14 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010/09/07 06:47:14 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010/09/07 06:47:14 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010/09/07 06:47:14 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010/09/07 06:47:14 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010/09/07 06:47:14 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2010/09/07 06:47:14 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010/09/07 06:47:14 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010/09/07 06:47:14 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010/09/07 06:47:14 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010/09/07 06:47:14 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010/09/07 06:47:14 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010/09/07 06:47:14 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010/09/07 06:47:14 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010/09/07 06:47:14 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010/09/07 06:47:14 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010/09/07 06:47:14 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010/09/07 06:47:14 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010/09/07 06:47:14 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010/09/07 06:47:14 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010/09/07 06:47:14 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010/09/07 06:47:14 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/09/06 12:24:45 | 008,199,234 | ---- | C] () -- C:\Documents and Settings\andy\My Documents\ARPCatalog.pdf
[2010/09/04 19:37:21 | 000,012,173 | ---- | C] () -- C:\Documents and Settings\andy\My Documents\jalousie review.docx
[2010/09/03 09:53:43 | 000,010,888 | ---- | C] () -- C:\Documents and Settings\andy\My Documents\mix.docx
[2010/05/30 09:26:39 | 000,000,387 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/02/22 19:55:33 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\GIF89.DLL
[2010/02/22 19:55:07 | 000,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2009/12/23 12:11:05 | 009,902,913 | ---- | C] () -- C:\Program Files\halwin_1.89.zip
[2009/08/29 20:17:22 | 000,055,074 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/03/29 11:17:45 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\andy\Local Settings\Application Data\FASTWiz.html
[2009/03/29 11:14:38 | 000,000,077 | ---- | C] () -- C:\Documents and Settings\andy\Local Settings\Application Data\FASTWiz.log
[2009/03/27 09:13:20 | 000,000,604 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\T2
[2009/03/27 09:13:20 | 000,000,604 | -H-- | C] () -- C:\Program Files\STLL Notifier
[2009/01/11 18:23:49 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/01/11 18:23:48 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/01/11 18:01:12 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/01/08 20:44:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\lgfwup.ini
[2008/11/25 14:40:36 | 000,001,226 | ---- | C] () -- C:\Program Files\setup.reg
[2008/11/14 10:52:32 | 000,041,937 | ---- | C] () -- C:\Program Files\release_notes_kav8.0cf2_en.html
[2008/11/13 18:23:12 | 040,375,808 | ---- | C] () -- C:\Program Files\kav.en.msi
[2008/06/12 08:16:57 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\andy\Application Data\$_hpcst$.hpc
[2008/06/04 22:05:10 | 000,035,840 | ---- | C] () -- C:\Documents and Settings\andy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/05/27 14:07:48 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\andy\Local Settings\Application Data\fusioncache.dat
[2008/05/27 14:07:48 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\andy\Local Settings\Application Data\WavXMapDrive.bat
[2008/05/17 15:04:55 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/05/17 14:55:15 | 000,080,368 | ---- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll
[2008/05/17 14:52:40 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll
[2008/05/17 14:52:40 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\bioapi100.dll
[2008/05/17 14:49:12 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2008/05/17 14:49:10 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2008/05/17 14:22:43 | 000,001,203 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/04/14 13:58:40 | 002,854,912 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2008/02/19 07:33:34 | 000,446,352 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2007/09/13 14:42:30 | 000,499,712 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ru.dll
[2007/09/13 14:42:30 | 000,471,040 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pt-BR.dll
[2007/09/13 14:42:28 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_it.dll
[2007/09/13 14:42:28 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_fr.dll
[2007/09/13 14:42:28 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ko.dll
[2007/09/13 14:42:28 | 000,458,752 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ja.dll
[2007/09/13 14:42:26 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_es.dll
[2007/09/13 14:42:26 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_de.dll
[2007/09/13 14:42:26 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\AmRes_en.dll
[2007/09/13 14:42:26 | 000,434,176 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHT.dll
[2007/09/13 14:36:24 | 000,438,272 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHS.dll
[2007/09/12 15:05:08 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt.dll
[2007/09/12 15:04:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHT.dll
[2007/09/12 15:04:26 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ko.dll
[2007/09/12 15:04:06 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_es.dll
[2007/09/12 15:03:44 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ru.dll
[2007/09/12 15:03:24 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ja.dll
[2007/09/12 15:03:04 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_it.dll
[2007/09/12 15:02:44 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_de.dll
[2007/09/12 15:02:22 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fr.dll
[2007/09/12 15:02:02 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHS.dll
[2007/09/10 09:53:26 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\wxvault.dll
[2007/06/15 10:19:20 | 000,835,584 | ---- | C] () -- C:\WINDOWS\System32\DemoLicense.dll
[2006/08/14 11:02:10 | 000,072,192 | ---- | C] () -- C:\WINDOWS\System32\xltZlib.dll
[2006/06/12 08:01:16 | 000,348,160 | ---- | C] () -- C:\WINDOWS\tsp.dll
[2005/02/17 12:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 12:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2004/09/10 13:34:00 | 000,917,504 | ---- | C] () -- C:\WINDOWS\System32\lmgr10.dll
[2004/09/10 13:34:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll
[2004/08/11 17:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 17:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 17:00:45 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2004/08/11 17:00:45 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2004/08/11 17:00:45 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2004/08/11 17:00:45 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2004/08/11 17:00:45 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001/07/31 12:17:12 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2000/05/20 19:57:44 | 000,018,112 | ---- | C] () -- C:\WINDOWS\twacker.ini

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2010/06/24 13:15:26 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2010/06/24 13:15:26 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/08/11 17:06:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/11 17:06:14 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/11 17:06:14 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\*. /mp /s >

< %SYSTEMDRIVE%\*.exe >

< >
< End of report >

#8 andy wardle

andy wardle
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:24 PM

Posted 16 September 2010 - 10:53 AM

And the extras and the other one


OTL Extras logfile created on: 15/09/2010 16:02:07 - Run 1
OTL by OldTimer - Version 3.2.12.1 Folder = C:\Documents and Settings\andy\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 68.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.68 Gb Total Space | 67.67 Gb Free Space | 60.59% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DELLLAPTOP1
Current User Name: andy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-429677481-3093094019-1146976091-1005\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Documents and Settings\andy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Documents and Settings\andy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:*:Disabled:ActiveSync RAPI Manager -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{24A494F3-5B5F-4183-9F7D-9CE82812C1FC}" = tsp patch
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{27E25625-DB51-42E6-BEB7-0C8DC878770C}" = Broadcom ASF Management Applications
"{281ECE39-F043-492B-8337-F2E546B5604A}" = PowerDVD
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.011.00
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4AF6FE63-53AB-4D03-A4D0-8D42AC0A7856}" = Casio SMF Conveter
"{4B66765B-8596-4698-A208-E23D11D84AA7}" = Canon Camera WIA Driver
"{4BF18ED6-C888-4BCF-A4AF-AC7A16305BC1}" = GemSafe Standard Edition 5.1
"{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"{53753510-7620-4D2B-9C0B-111F871615D9}" = LEGO MINDSTORMS NXT - English Language Pack
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5EC5F187-9D2B-4051-8906-88656819A869}" = Dell Drivers MSI
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{636F5444-8C7C-40C6-A89B-A1D2F01DC7F6}" = ATI Catalyst Control Center
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C1D47CC-682C-4673-8CA8-DEE659628599}" = LEGO MINDSTORMS NXT Migration Package
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{80F6A672-C39B-41CE-8AF5-A9C2FA8C2B72}" = Sibelius Scorch
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{82CA0A0C-A3EC-4167-B694-909205B2EDEC}" = muvee Plugin 1.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9593C6E5-205E-45C3-B785-05CF146CA76A}" = biolsp patch
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9A3EABC0-CA06-11D4-BF77-00104B130C19}" = EPSON TWAIN 5
"{9EB1504E-FD95-4BCD-8E93-B4039F59C469}" = Sony Ericsson Media Manager 1.2
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A093D83F-429A-4AB2-A0CD-1F7E9C7B764A}" = Trusted Drive Manager
"{A14F7508-B784-40B8-B11A-E0E2EEB7229F}" = Adobe Premiere Pro 1.5
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update
"{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
"{AA72FB28-73B4-49E5-B6B4-E78F44BBD0AD}" = Epson Copy Utility 3.5
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.4
"{AEDADAC9-5EE5-4EBE-A2FC-31EDDA29B2AE}" = PP Snooper S2 Updater
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C23B8C30-E05E-4CB5-8188-F27CC3B2DD3E}" = Sibelius 5
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CB263F8D-EF2D-4EB5-A368-A27056EE92D4}" = LEGO MINDSTORMS NXT Software v2.0
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D02EDDE7-B5C5-40A2-AF57-73A3278F4EEB}" = ESET NOD32 Antivirus
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"{D30E4145-9120-4497-AD35-F78482C3CF88}" = LEGO MINDSTORMS NXT Driver
"{D9FCA292-1186-421F-8D93-9A5D272AD5D0}" = IntelliSonic Speech Enhancement
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EB4DF30B-102B-4F0C-927A-D50E037A325D}" = AuthenTec Fingerprint Sensor Minimum Install
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"{ECC22AFA-B905-4A6A-8072-10F52B9E09B7}" = Wave Infrastructure Installer
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"{EF05BA0F-AC15-4D12-AC5C-276225F5E751}" = Gemalto
"{F03D364C-924F-4CA3-8CBD-A7C9EFD51D80}" = Video Grabber
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F1802FA6-54E9-4B24-BD2A-B50866819795}" = EMBASSY Trust Suite by Wave Systems
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F43C7DE1-CB20-11DD-8D77-005056806466}" = Google Earth Plugin
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FBEC50B7-537C-4A0E-8B0B-F7A8F8BF13CE}" = upekmsi
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FEC193E4-6C5F-40E9-A249-7D8C8404A9EC}" = NTRU TCG Software Stack
"3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Any Sound Recorder" = Any Sound Recorder 2.93
"ATI Display Driver" = ATI Display Driver
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CAL" = Canon Camera Access Library
"CameraUserGuide-PSA480" = Canon PowerShot A480 Camera User Guide
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon Camera WIA Driver PowerShot A30" = Canon PowerShot A30 WIA Driver
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"Craterlet_is1" = Craterlet 1.0
"DVDStyler_is1" = DVDStyler v1.7.2 beta 3
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON BX300F Series" = EPSON BX300F Series Printer Uninstall
"ESET Online Scanner" = ESET Online Scanner v3
"ffdshow_is1" = ffdshow [rev 2202] [2008-10-10]
"Free DVD Creator (by minidvdsoft)_is1" = Free DVD Creator version 2.0
"Free Easy Burner_is1" = Free Easy Burner V 4.0
"Free Video Converter_is1" = Free Video Converter V 1.4
"GPL Ghostscript 8.63" = GPL Ghostscript 8.63
"HalwinV1.71" = HalwinV1.71
"HalwinV1.89" = HalwinV1.89
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"InstallShield_{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"InstallShield_{4AF6FE63-53AB-4D03-A4D0-8D42AC0A7856}" = Casio SMF Conveter
"InstallShield_{4B66765B-8596-4698-A208-E23D11D84AA7}" = Canon Camera WIA Driver 6.2.5
"InstallShield_{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"InstallShield_{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"InstallShield_{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"InstallShield_{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"InstallShield_{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"InstallShield_{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"LG USB Booster_is1" = Booster 1.03
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MetroGnome_is1" = MetroGnome
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MonkeyJam_is1" = MonkeyJam 3_050529
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"mTCi Application & TWAIN Driver 2.2_is1" = mTCi Application & TWAIN Driver 2.2
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"Nero Lite 9.2.61.7" = Nero Lite 9.2.6
"Neuratron PhotoScore Lite" = Neuratron PhotoScore Lite
"NightBar" = NightBar
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Phun_is1" = Phun beta 4.22
"RealPlayer 6.0" = RealPlayer
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"SearchAssist" = SearchAssist
"Secunia PSI" = Secunia PSI
"Sibelius Sounds Essentials" = Sibelius Sounds Essentials
"Stop Motion Animator 1.1.XP" = Stop Motion Animator 1.1.XP
"Take5" = Take5 1.22 Trial
"TBSB09835.TBSB09835Toolbar" = Bullseye Tool Bar
"UnityWebPlayer" = Unity Web Player
"VCD Menu Lite_is1" = VCD Menu Lite 2.01
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-429677481-3093094019-1146976091-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 14/09/2010 08:46:48 | Computer Name = DELLLAPTOP1 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 14/09/2010 08:47:20 | Computer Name = DELLLAPTOP1 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 14/09/2010 08:47:51 | Computer Name = DELLLAPTOP1 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 14/09/2010 14:31:18 | Computer Name = DELLLAPTOP1 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 14/09/2010 14:31:49 | Computer Name = DELLLAPTOP1 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 14/09/2010 14:32:21 | Computer Name = DELLLAPTOP1 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 14/09/2010 14:32:53 | Computer Name = DELLLAPTOP1 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 15/09/2010 10:15:56 | Computer Name = DELLLAPTOP1 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 15/09/2010 10:16:32 | Computer Name = DELLLAPTOP1 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 15/09/2010 10:17:03 | Computer Name = DELLLAPTOP1 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

[ System Events ]
Error - 14/09/2010 15:00:00 | Computer Name = DELLLAPTOP1 | Source = Schedule | ID = 7901
Description = The At69.job command failed to start due to the following error: %%2147942402

Error - 14/09/2010 15:00:00 | Computer Name = DELLLAPTOP1 | Source = Schedule | ID = 7901
Description = The At93.job command failed to start due to the following error: %%2147942402

Error - 15/09/2010 10:12:37 | Computer Name = DELLLAPTOP1 | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 15/09/2010 10:12:37 | Computer Name = DELLLAPTOP1 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 15/09/2010 10:16:32 | Computer Name = DELLLAPTOP1 | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 15/09/2010 11:00:00 | Computer Name = DELLLAPTOP1 | Source = Schedule | ID = 7901
Description = The At113.job command failed to start due to the following error:
%%2147942402

Error - 15/09/2010 11:00:00 | Computer Name = DELLLAPTOP1 | Source = Schedule | ID = 7901
Description = The At41.job command failed to start due to the following error: %%2147942402

Error - 15/09/2010 11:00:01 | Computer Name = DELLLAPTOP1 | Source = Schedule | ID = 7901
Description = The At65.job command failed to start due to the following error: %%2147942402

Error - 15/09/2010 11:00:02 | Computer Name = DELLLAPTOP1 | Source = Schedule | ID = 7901
Description = The At89.job command failed to start due to the following error: %%2147942402

Error - 15/09/2010 11:08:00 | Computer Name = DELLLAPTOP1 | Source = Schedule | ID = 7901
Description = The At17.job command failed to start due to the following error: %%2147942402


< End of report >












RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>SSDT State
==============================================
ntkrnlpa.exe-->NtAssignProcessToJobObject, Type: Address change 0x805CC944-->AF3E2610 [C:\WINDOWS\system32\DRIVERS\ehdrv.sys]
ntkrnlpa.exe-->NtCreateKey, Type: Address change 0x8061A344-->BA0F887E [Lbd.sys]
ntkrnlpa.exe-->NtDebugActiveProcess, Type: Address change 0x80639DBC-->AF3E2C10 [C:\WINDOWS\system32\DRIVERS\ehdrv.sys]
ntkrnlpa.exe-->NtDuplicateObject, Type: Address change 0x805B38CE-->AF3E2730 [C:\WINDOWS\system32\DRIVERS\ehdrv.sys]
ntkrnlpa.exe-->NtOpenProcess, Type: Address change 0x805C1316-->AF3E24B0 [C:\WINDOWS\system32\DRIVERS\ehdrv.sys]
ntkrnlpa.exe-->NtOpenThread, Type: Address change 0x805C15A2-->AF3E2570 [C:\WINDOWS\system32\DRIVERS\ehdrv.sys]
ntkrnlpa.exe-->NtProtectVirtualMemory, Type: Address change 0x805ADA88-->AF3E26D0 [C:\WINDOWS\system32\DRIVERS\ehdrv.sys]
ntkrnlpa.exe-->NtSetContextThread, Type: Address change 0x805C79AA-->AF3E2690 [C:\WINDOWS\system32\DRIVERS\ehdrv.sys]
ntkrnlpa.exe-->NtSetInformationThread, Type: Address change 0x805C1D94-->AF3E2650 [C:\WINDOWS\system32\DRIVERS\ehdrv.sys]
ntkrnlpa.exe-->NtSetSecurityObject, Type: Address change 0x805B6040-->AF3E27D0 [C:\WINDOWS\system32\DRIVERS\ehdrv.sys]
ntkrnlpa.exe-->NtSetValueKey, Type: Address change 0x806188B6-->BA0F8C10 [Lbd.sys]
ntkrnlpa.exe-->NtSuspendProcess, Type: Address change 0x805CAD6A-->AF3E2510 [C:\WINDOWS\system32\DRIVERS\ehdrv.sys]
ntkrnlpa.exe-->NtSuspendThread, Type: Address change 0x805CABDC-->AF3E2590 [C:\WINDOWS\system32\DRIVERS\ehdrv.sys]
ntkrnlpa.exe-->NtTerminateProcess, Type: Address change 0x805C8CAA-->AF3E24D0 [C:\WINDOWS\system32\DRIVERS\ehdrv.sys]
ntkrnlpa.exe-->NtTerminateThread, Type: Address change 0x805C8EA4-->AF3E25D0 [C:\WINDOWS\system32\DRIVERS\ehdrv.sys]
ntkrnlpa.exe-->NtWriteVirtualMemory, Type: Address change 0x805A9890-->AF3E2750 [C:\WINDOWS\system32\DRIVERS\ehdrv.sys]
==============================================
>Shadow
==============================================
==============================================
>Processes
==============================================
0x8A4E17C0 [4] System
0x890B9B98 [236] C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc., Canon Camera Access Library 8)
0x89239DA0 [240] C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET, ESET Service)
0x892237D0 [392] C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE (SEIKO EPSON CORPORATION, EPSON Status Monitor 3)
0x891CFDA0 [420] C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION, EPSON Status Monitor 3)
0x88D264F0 [460] C:\WINDOWS\notepad.exe (Microsoft Corporation, Notepad)
0x891BEDA0 [468] C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc., Java™ Quick Starter Service)
0x89217578 [508] C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc., Internal Network Card Power Management Service)
0x89E029E0 [588] C:\WINDOWS\system32\smss.exe (Microsoft Corporation, Windows NT Session Manager)
0x88B324B8 [628] C:\Documents and Settings\andy\Desktop\OTL.exe (OldTimer Tools, -)
0x8990F7D0 [640] C:\WINDOWS\system32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)
0x8990FB90 [676] C:\WINDOWS\system32\winlogon.exe (Microsoft Corporation, Windows NT Logon Application)
0x898E0DA0 [724] C:\WINDOWS\system32\services.exe (Microsoft Corporation, Services and Controller app)
0x89398020 [736] C:\WINDOWS\system32\lsass.exe (Microsoft Corporation, LSA Shell (Export Version))
0x89315DA0 [920] C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc., ATI External Event Utility EXE Module)
0x893288A8 [952] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8919F590 [980] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x89301378 [1052] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8930B9D0 [1116] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8919A718 [1132] C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe (Wave Systems Corp., Tdm Service)
0x892EF020 [1156] C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc., ATI External Event Utility EXE Module)
0x892ED3D8 [1268] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x892BFB98 [1360] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x892BB020 [1412] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x892AEB98 [1540] C:\WINDOWS\system32\WLTRYSVC.EXE
0x892C6DA0 [1564] C:\WINDOWS\system32\BCMWLTRY.EXE (Dell Inc., Dell Wireless WLAN Card Wireless Network Controller)
0x89285990 [1616] C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation, Spooler SubSystem App)
0x89145AA0 [1764] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET, ESET GUI)
0x89117390 [1772] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation, ActiveSync Connection Manager)
0x8926D990 [1796] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8912F718 [1812] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd., Dell Support)
0x8910E020 [1832] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation, CTF Loader)
0x892469A0 [2036] C:\WINDOWS\explorer.exe (Microsoft Corporation, Windows Explorer)
0x8911E450 [2044] C:\PROGRA~1\MICROS~2\rapimgr.exe (Microsoft Corporation, ActiveSync RAPI Manager)
0x8A0E7020 [2572] C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation, WMI)
0x89105378 [2584] C:\WINDOWS\system32\alg.exe (Microsoft Corporation, Application Layer Gateway Service)
0x88C60640 [2736] C:\WINDOWS\notepad.exe (Microsoft Corporation, Notepad)
0x88FDF520 [3068] C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation, WMI)
0x8906EBC0 [3284] C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation, Internet Explorer)
0x88918B30 [3484] C:\Documents and Settings\andy\Desktop\RKUnhookerLE.EXE (UG North, RKULE, SR2 Normandy)
0x883E2B20 [3900] C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation, Internet Explorer)
0x88673618 [4056] C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation, Internet Explorer)
==============================================
>Drivers
==============================================
0xBF0F7000 C:\WINDOWS\System32\ati3duag.dll 2830336 bytes (ATI Technologies Inc. , ati3duag.dll)
0xB9B50000 C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 2179072 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2066816 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2066816 bytes
0x804D7000 RAW 2066816 bytes
0x804D7000 WMIxWDM 2066816 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xBF3AA000 C:\WINDOWS\System32\ativvaxx.dll 1273856 bytes (ATI Technologies Inc. , Radeon Video Acceleration Universal Driver)
0xAF43C000 C:\WINDOWS\system32\drivers\sthda.sys 1171456 bytes (SigmaTel, Inc., NDRC)
0xB9A29000 C:\WINDOWS\system32\DRIVERS\bcmwl5.sys 1126400 bytes (Broadcom Corp., Broadcom 802.11 Network Adapter wireless driver)
0xB9822000 C:\WINDOWS\system32\DRIVERS\btkrnl.sys 987136 bytes (Broadcom Corporation., Bluetooth Bus Enumerator)
0xACBE9000 C:\WINDOWS\system32\DRIVERS\eamon.sys 684032 bytes (ESET, Amon monitor)
0xB9E04000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xB9913000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 503808 bytes (Microsoft Corporation, WDF Dynamic)
0xAF1E8000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB96A4000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xAF32D000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xAC4E2000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xBF056000 C:\WINDOWS\System32\ati2cqag.dll 348160 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)
0xBF0AB000 C:\WINDOWS\System32\atikvmag.dll 311296 bytes (ATI Technologies Inc., Virtual Command And Memory Manager)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xBF012000 C:\WINDOWS\System32\ati2dvag.dll 278528 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)
0xABE39000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB9702000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xB9F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xAC89C000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB9DD7000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB998E000 C:\WINDOWS\system32\DRIVERS\Apfiltr.sys 180224 bytes (Alps Electric Co., Ltd., Alps Touch Pad Driver)
0xAB93D000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xAF258000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB99BA000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xAF305000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xACC90000 C:\WINDOWS\system32\DRIVERS\WavxDMgr.sys 163840 bytes (Wave Systems Corp., WavX Document Manager Filter Driver)
0xB9F05000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xAF2DF000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xAF418000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB9A05000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB99E2000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xAF2A5000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xAF283000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x806D0000 ACPI_HAL 131840 bytes
0x806D0000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB9ECD000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xAF3E1000 C:\WINDOWS\system32\DRIVERS\ehdrv.sys 126976 bytes (ESET, ESET Helper driver)
0xB9F2B000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xB9DBD000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB9EED000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xAF400000 C:\WINDOWS\system32\drivers\dxec01.sys 98304 bytes (Knowles Acoustics, dxec01.sys)
0xAF2C7000 C:\WINDOWS\system32\DRIVERS\epfwtdir.sys 98304 bytes (ESET, ESET Antivirus Network Redirector)
0xB9EA4000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB980B000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xAC85F000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB9B3C000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xAF386000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xB9E91000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xB9EBB000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xB9F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB97D2000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xBA318000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xBA168000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xBA118000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xBA1A8000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xBA248000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xBA0F8000 Lbd.sys 61440 bytes (Lavasoft AB, Boot Driver)
0xBA178000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xAF1B8000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xBA238000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBA128000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xBA0E8000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xBA188000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xBA1B8000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xBA0C8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xBA198000 C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xBA1D8000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xBA2B8000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xBA158000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xBA0B8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xBA108000 PBADRV.sys 45056 bytes (Dell Inc, PBA Support Driver)
0xBA1C8000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xBA308000 C:\WINDOWS\System32\Drivers\btwusb.sys 40960 bytes (Broadcom Corporation., Driver for Bluetooth USB Devices)
0xBA0A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xBA228000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xBA1F8000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xBA0D8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xBA2F8000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xBA1E8000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xBA298000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xAF148000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xBA148000 C:\WINDOWS\system32\DRIVERS\processr.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xBA278000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xBA420000 C:\WINDOWS\system32\DRIVERS\btport.sys 32768 bytes (Broadcom Corporation., Bluetooth BTPORT Driver for Windows 2000)
0xBA498000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xBA380000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xBA470000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xBA328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xBA3A8000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xBA3A0000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xBA370000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0xBA400000 C:\WINDOWS\system32\DRIVERS\seehcri.sys 24576 bytes (Sony Ericsson Mobile Communications, seehcri Driver)
0xBA478000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xBA488000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xBA3D8000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xBA338000 PxHelp20.sys 20480 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xBA3E8000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xBA3C8000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xBA378000 C:\WINDOWS\system32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0xBA438000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xBA418000 C:\WINDOWS\system32\DRIVERS\WaveFDE.sys 20480 bytes (Windows ® Codename Longhorn DDK provider, WaveFDE Device Driver)
0xAF576000 C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS 16384 bytes (Dell Inc, App Support Driver)
0xBA4C0000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xBA564000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xAF3D5000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xAC611000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0xBA594000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xACAD9000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xBA55C000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xBA4BC000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xAF562000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xBA550000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 12288 bytes (GEAR Software Inc., CD DVD Filter)
0xAF566000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xBA560000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
0xAF3C1000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xBA574000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xB97FB000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xBA56C000 C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 12288 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0xBA5CA000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xBA668000 C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys 8192 bytes (Gteko Ltd., Process Trigger Driver)
0xBA626000 C:\WINDOWS\system32\DRIVERS\dsunidrv.sys 8192 bytes (Gteko Ltd., GUniDriver)
0xBA5C6000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xBA5D0000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xBA5D4000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xBA5B8000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xBA5C0000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xBA5AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xBA675000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xBA7D5000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xBA6D9000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
!!!!!!!!!!!Hidden driver: 0x89E10AEA ?_empty_? 1302 bytes
!!!!!!!!!!!Hidden driver: 0x8A3EA570 ?_empty_? 0 bytes
==============================================
>Stealth
==============================================
0xB9EED000 WARNING: suspicious driver modification [atapi.sys::0x89E10AEA]
0x89F20F53 Unknown page with executable code, 173 bytes
0x89FB1E44 Unknown page with executable code, 444 bytes
0x00EC0000 Hidden Image-->msvcm80.dll [ EPROCESS 0x8919A718 ] PID: 1132, 507904 bytes
0x00EB0000 Hidden Image-->TdmProxy.dll [ EPROCESS 0x8919A718 ] PID: 1132, 53248 bytes
0x00F40000 Hidden Image-->TdmUtil.dll [ EPROCESS 0x8919A718 ] PID: 1132, 61440 bytes
0x89FB9D66 Unknown page with executable code, 666 bytes
==============================================
>Files
==============================================
!-->[Hidden] C:\Documents and Settings\andy\Cookies\andy@66.230.188[1].txt
!-->[Hidden] C:\Documents and Settings\andy\Cookies\andy@admarketplace[1].txt
!-->[Hidden] C:\Documents and Settings\andy\Cookies\andy@bridge1.admarketplace[1].txt
!-->[Hidden] C:\Documents and Settings\andy\Cookies\andy@chitika[1].txt
!-->[Hidden] C:\Documents and Settings\andy\Cookies\andy@forums.techguy[1].txt
!-->[Hidden] C:\Documents and Settings\andy\Cookies\andy@google.co[3].txt
!-->[Hidden] C:\Documents and Settings\andy\Cookies\andy@google[2].txt
!-->[Hidden] C:\Documents and Settings\andy\Cookies\andy@intellitxt[2].txt
!-->[Hidden] C:\Documents and Settings\andy\Cookies\andy@live[2].txt
!-->[Hidden] C:\Documents and Settings\andy\Cookies\andy@looksmart[1].txt
!-->[Hidden] C:\Documents and Settings\andy\Cookies\andy@pixel.rubiconproject[2].txt
!-->[Hidden] C:\Documents and Settings\andy\Cookies\andy@rubiconproject[2].txt
!-->[Hidden] C:\Documents and Settings\andy\Cookies\andy@scorecardresearch[1].txt
!-->[Hidden] C:\Documents and Settings\andy\Cookies\andy@techguy[1].txt
!-->[Hidden] C:\Documents and Settings\andy\Cookies\andy@www.copart.co[1].txt
!-->[Hidden] C:\Documents and Settings\andy\Desktop\OTLExtras.Txt
!-->[Hidden] C:\Documents and Settings\andy\Desktop\tdsskiller.zip
!-->[Hidden] C:\Documents and Settings\andy\Desktop\tdsskiller\eula.txt
!-->[Hidden] C:\Documents and Settings\andy\Desktop\tdsskiller\TDSSKiller.exe
!-->[Hidden] C:\Documents and Settings\andy\Favorites\Copart Search Car Finder Current Sales.url
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MU6G57B5\11938370_1[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MU6G57B5\12899250_1[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MU6G57B5\13621129_1[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MU6G57B5\15425600_1[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MU6G57B5\15774240_1[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MU6G57B5\160x600_16_4_MSN_001[1].swf
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MU6G57B5\160x600_SF_LI_DrawingArticle_DntWait_280110[1].swf
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MU6G57B5\17121800_1[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MU6G57B5\18042910_1[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MU6G57B5\18655470_1[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MU6G57B5\18655470_5[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MU6G57B5\18655470_9[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MU6G57B5\19551180_1[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MU6G57B5\19635440_1[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MU6G57B5\1x1+Pixel[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MU6G57B5\20712169_1[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MU6G57B5\;tile=1;sz=728x90;ord=2223716219059681[1]
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MU6G57B5\;tile=2;sz=300x250;ord=1349162021073100[1].2
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MU6G57B5\;tile=2;sz=300x250;ord=5407729552678366[1]
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MU6G57B5\al[1].asp
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MU6G57B5\attach[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MU6G57B5\av-94960[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MU6G57B5\begin_10647[1].js
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MU6G57B5\Bid_Now_Green_Button1b[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MU6G57B5\bullet[1]
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MU6G57B5\bx_blue_A1[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MU6G57B5\bx_blue_Aback[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MU6G57B5\bx_blue_B4back[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MU6G57B5\bx_blue_news[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MU6G57B5\bx_blue_viewmore_Dback[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MU6G57B5\bx_yellow_watchvideo[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MU6G57B5\b_contactUs[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MU6G57B5\b_gold_right2[1].png
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MU6G57B5\b_green-sm_right[1].png
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MU6G57B5\checkFTSearchEnabled[1].htm
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MU6G57B5\createlink[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MU6G57B5\documentwrite[1].js
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MU6G57B5\down_arrow_ld[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MU6G57B5\down_arrow_lu[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MU6G57B5\edit_10647[1].js
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MU6G57B5\errorPageStrings[1]
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MU6G57B5\exclamation[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MU6G57B5\favicon[6].ico
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MU6G57B5\frm_yellow_Aback[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MU6G57B5\frm_yellow_Bback[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MU6G57B5\frm_yellow_inner_A4[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MU6G57B5\frm_yellow_inner_C2back[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MU6G57B5\func_11278[1].js
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MU6G57B5\fx_10693[1].js
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MU6G57B5\global[1].js
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MU6G57B5\global_2ndLevelNav_ie7[1].css
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MU6G57B5\graphics[1].js
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MU6G57B5\gsaAutoComplete[1].htm
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MU6G57B5\gsaAutoComplete[2].htm
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MU6G57B5\head2-selected[1].png
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MU6G57B5\HowItWorks_VideoImage[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MU6G57B5\html[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MU6G57B5\icon10[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MU6G57B5\icon11[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MU6G57B5\icon12[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MU6G57B5\icon14[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MU6G57B5\imgad[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MU6G57B5\insertorderedlist[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MU6G57B5\light_commercial[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MU6G57B5\list_blue_D1[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MU6G57B5\list_carrot[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MU6G57B5\lotdetail[1].js
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MU6G57B5\LWnmwlE2pkKQEkqXEyrPeryltOfX7AWWI1eKDAkPOj8-[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MU6G57B5\minimall[1].htm
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MU6G57B5\model[1].htm
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MU6G57B5\nav_1st_tier[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MU6G57B5\ncode_imageresizer[1].js
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MU6G57B5\pixel[1]
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MU6G57B5\print[1].css
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MU6G57B5\redo[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MU6G57B5\removeformat[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MU6G57B5\rolleyes[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MU6G57B5\search[2].css
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MU6G57B5\search[3]
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MU6G57B5\search[4]
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MU6G57B5\search[5]
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MU6G57B5\search[6]
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MU6G57B5\search[7]
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MU6G57B5\Search_Box[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MU6G57B5\sendtofriend[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MU6G57B5\server[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MU6G57B5\server[2].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MU6G57B5\slider[1].js
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MU6G57B5\style[1].css
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MU6G57B5\subfilter[1].js
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MU6G57B5\swfobject[1].js
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MU6G57B5\switchmode[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MU6G57B5\T53672_160x600_FCR_04_1_[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MU6G57B5\TDSSKillerSuspicious-1[1].png
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MU6G57B5\TechSupportGuy[1].png
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MU6G57B5\thumbsdown[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MU6G57B5\topPicks_blueBox[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MU6G57B5\unlink[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MU6G57B5\vbulletin_ajax_tagsugg[1].js
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MU6G57B5\vbulletin_attachment[1].js
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MU6G57B5\VisitUKSite_button[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MU6G57B5\widget43[1].css
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MU6G57B5\wink[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MU6G57B5\yahoo-dom-event[1].js
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MVMJN29R\12957310_1[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MVMJN29R\12957310_2[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MVMJN29R\13714670_1[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MVMJN29R\16528170_1[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MVMJN29R\17544230_1[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MVMJN29R\18459100_1[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MVMJN29R\18655470_3[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MVMJN29R\18655470_6[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MVMJN29R\18823079_1[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MVMJN29R\18948290_1[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MVMJN29R\19007720_1[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MVMJN29R\19145980_1[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MVMJN29R\19484150_1[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MVMJN29R\324[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MVMJN29R\745[1].swf
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MVMJN29R\background_gradient[1]
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MVMJN29R\blueBox_bottom[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MVMJN29R\BlueBox_singleButton[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MVMJN29R\bluemann[1].png
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MVMJN29R\br-out[1].png
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MVMJN29R\builder[1].js
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MVMJN29R\bx_blue_B1back[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MVMJN29R\bx_blue_B1[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MVMJN29R\bx_blue_viewmore_Cback[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MVMJN29R\bx_blue_viewmore_D4[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MVMJN29R\bx_yellow_carfinder_mini[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MVMJN29R\chunks[1].jsp
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MVMJN29R\confused[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MVMJN29R\cool[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MVMJN29R\copart_ie7[1].css
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MVMJN29R\core_11278[1].js
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MVMJN29R\data_11278[1].js
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MVMJN29R\debug_10486[1].js
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MVMJN29R\def-rgt[1].swf
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MVMJN29R\effects[1].js
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MVMJN29R\favicon[4].ico
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MVMJN29R\featured_car[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MVMJN29R\Filter_DotLine[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MVMJN29R\frm_yellow_A3[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MVMJN29R\frm_yellow_B1[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MVMJN29R\frm_yellow_B3back[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MVMJN29R\frm_yellow_inner_A2back[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MVMJN29R\frm_yellow_inner_B4back[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MVMJN29R\frm_yellow_inner_C4[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MVMJN29R\front[1].asp
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MVMJN29R\frown[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MVMJN29R\fullText[1].js
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MVMJN29R\ga[1].js
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MVMJN29R\gradient_tcat[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MVMJN29R\gradient_thead[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MVMJN29R\gsaAutoComplete[1].htm
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MVMJN29R\hgv[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MVMJN29R\http_404[1]
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MVMJN29R\icon3[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MVMJN29R\icon6[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MVMJN29R\icon8[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MVMJN29R\image[1].png
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MVMJN29R\imgad[2].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MVMJN29R\imgad[3].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MVMJN29R\indent[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MVMJN29R\insertimage[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MVMJN29R\i_yellowshield[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MVMJN29R\justifycenter[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MVMJN29R\list_blue_A1[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MVMJN29R\list_blue_C1back[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MVMJN29R\list_blue_D3[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MVMJN29R\list_car[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MVMJN29R\lotdetail[1].css
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MVMJN29R\mag-glass_10x10[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MVMJN29R\menu-global[1].css
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MVMJN29R\menupop[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MVMJN29R\motto[1].png
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MVMJN29R\nav_2nd_tier_divider[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MVMJN29R\pixel[1].htm
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MVMJN29R\plant[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MVMJN29R\prototype[1].js
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MVMJN29R\quant[1].js
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MVMJN29R\quote[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MVMJN29R\resize_0[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MVMJN29R\search[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MVMJN29R\search[1].htm
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MVMJN29R\search[2]
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MVMJN29R\search[2].htm
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MVMJN29R\search[3]
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MVMJN29R\search[4]
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MVMJN29R\search[5]
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MVMJN29R\search[6]
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MVMJN29R\share_save_171_16[1].png
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MVMJN29R\show_ads[1].js
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MVMJN29R\subfilter[1].css
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MVMJN29R\thumbsup[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MVMJN29R\tl-out[1].png
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MVMJN29R\TmnAdsense-min[1].js
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MVMJN29R\TSG-Logo[1].png
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MVMJN29R\twitter_small[1].png
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MVMJN29R\user_offline[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MVMJN29R\vb2[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MVMJN29R\vbulletin_ajax_taglist[1].js
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MVMJN29R\vbulletin_editor[1].css
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MVMJN29R\vbulletin_global[1].js
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MVMJN29R\vbulletin_textedit[1].js
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MVMJN29R\webquote[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MVMJN29R\wol_error[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\MVMJN29R\wz_tooltip[1].js
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\11x11progress[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\12957310_4[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\12957310_5[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\12957310_A[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\17420560_1[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\18141030_1[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\18199130_1[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\18655470_2[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\18655470_7[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\18655470_A[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\18727750_1[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\19503610_1[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\19644119_1[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\19773840_1[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\231_48577204_admarketplace_com[1].htm
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\320[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\321_20[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\323_20[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\765[1].swf
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\;tile=1;sz=728x90;ord=1140275357968992[1].7
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\abg[1].js
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\ads[1]
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\autocomplete[1].css
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\beacon[1].js
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\biggrin[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\blueBox_1px[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\blueBox_HR[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\bx_blue_A3[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\bx_blue_A4[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\bx_blue_viewmore_C1[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\bx_blue_viewmore_D1[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\b_green-sm_left[1].png
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\caravan[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\carImageNotFoundThumb[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\chunks[1].jsp
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\chunks[2].jsp
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\classic_car[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\clear[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\collapse_tcat[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\computer[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\connection-min[1].js
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\def-lft[1].swf
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\down[1]
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\EventMonitor_10797[1].js
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\exclamation[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\frm_yellow_A1[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\frm_yellow_C3[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\frm_yellow_inner_A1[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\frm_yellow_inner_B1back[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\frm_yellow_inner_C3back[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\global[1].js
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\global_2ndLevelNav[1].css
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\header1-bg[1].png
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\home[1].htm
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\home[1].js
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\httpErrorPagesScripts[1]
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\icon13[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\icon4[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\icon9[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\iconInfo[1].htm
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\icons_19[1].png
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\insertunorderedlist[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\italic[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\i[1].png
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\i_safe[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\justifyleft[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\list_blue_A3[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\list_blue_Aback[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\list_blue_Dback[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\list_classic_car[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\list_yellow_magnifier[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\Login_Button[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\logoAndSlogan[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\menu_open[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\nav_2nd_tier_bg[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\nav_2nd_tier_icons[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\oldui_10814[1].js
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\outdent[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\php[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\Play_gray[1].png
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\pmon_10280[1].js
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\reply[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\resize_1[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\saleList[1].js
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\scriptaculous[1].js
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\search[3]
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\search[4]
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\search[5]
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\search[6]
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\search[7]
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\search[8]
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\separator[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\server[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\sh23[1].htm
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\SliderBlue-160x600-Mar10[1].swf
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\smilie[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\sound[1].js
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\spelling[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\stateFacility[1].htm
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\tap[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\TDSSKillerCompleted[1].png
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\tdsskiller[1].zip
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\techguy.full[1].js
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\TMobile_PAYG_160x600_2nd_set[1].swf
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\transparent[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\underline[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\vbulletin_post_loader[1].js
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\vibitt_10556[1].css
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\QXSGRGFO\widget22[1].png
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\12957310_3[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\12957310_6[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\12957310_7[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\12957310_8[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\12957310_9[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\14583220_1[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\17191690_1[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\17335790_1[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\17415100_1[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\17832380_1[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\17980370_1[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\18655470_4[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\18655470_8[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\19285430_1[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\19704880_1[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\19847480_1[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\325_20[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\745[1].swf
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\770[1].swf
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\;tile=1;sz=728x90;ord=8410848983453968[1]
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\abg-en-100c-ffffff[1].png
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\addthis_widget[1].js
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\amm[1].js
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\arrow[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\arrow_down-black[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\authorized-malware[1].png
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\bl-out[1].png
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\blueBox_top[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\bold[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\bx_blue_A2[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\bx_blue_B4[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\bx_blue_carfinder_mini[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\bx_blue_viewmore_C4[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\b_copartfinder_blueBox[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\b_filter[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\b_gold_center2[1].png
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\b_gold_left2[1].png
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\b_green-sm_center[1].png
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\b_watchASale[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\car[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\cermaktech[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\code[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\collapse_thead[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\color[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\controls[1].js
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\copart[1].css
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\door[1].jsp
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\dragdrop[1].js
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\eek[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\email[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\ErrorPageTemplate[1]
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\favicon[1].htm
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\favicon[2].ico
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\FITM-L[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\FITM-S_20[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\frm_yellow_B1back[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\frm_yellow_B3[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\frm_yellow_C1[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\frm_yellow_Cback[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\frm_yellow_inner_A3back[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\frm_yellow_inner_C1[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\global_boxes[1].css
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\gradient_message[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\home[1].css
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\icon1[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\icon2[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\icon5[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\icon7[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\iframescript[1].htm
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\imgad[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\info_48[1]
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\j-44516-117296[1].js
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\justifyright[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\list_blue_C3back[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\loading_blue[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\mad[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\metrics_10076[1].js
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\minimall[1]
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\motorcycle[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\nav_2nd_tier_left[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\nav_2nd_tier_right[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\newreply[1].htm
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\OHMPJJ9hVQ1m4a0VyKsd7YwPiB7Sy6sUG9ouVocqUjQ-[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\page[1].js
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\pixel[1]
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\printer[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\quicksearch[1].css
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\redface[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\results[1].js
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\rounded[1].css
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\search[2]
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\search[2].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\search[3]
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\search[4]
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\search[5]
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\search[6]
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\SliderBlue-160x600-Mar10[1].htm
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\smile[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\spit[1].jsp
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\TDSSKillermain[1].png
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\TDSSKillerMal-1[1].png
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\tongue[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\tr-out[1].png
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\undo[1].gif
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\validation[1].js
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\vb2_patented[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\vbESqxKuWwmqVmFdkKa2uOjGuJkDniIY_KQUrkW91gc-[1].jpg
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\vbulletin_important[1].css
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\vbulletin_md5[1].js
!-->[Hidden] C:\Documents and Settings\andy\Local Settings\Temporary Internet Files\Content.IE5\W09EN8O2\vbulletin_menu.MJC[1].js
!-->[Hidden] C:\Documents and Settings\andy\Recent\tdsskiller.lnk
!-->[Hidden] C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP20\A0003655.ver
!-->[Hidden] C:\TDSSKiller.2.4.2.1_15.09.2010_16.43.57_log.txt
==============================================
>Hooks
==============================================
Key object-->ParseProcedure, Type: Kernel Object [klmd.sys]
ntkrnlpa.exe+0x0002AC60, Type: Inline - RelativeJump 0x80501C60-->80501BEE [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002ADBC, Type: Inline - RelativeJump 0x80501DBC-->80501DE7 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0006AA9A, Type: Inline - RelativeJump 0x80541A9A-->80541AA1 [ntkrnlpa.exe]
[1268]svchost.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page]
[1268]svchost.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page]
[1268]svchost.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page]
[1268]svchost.exe-->user32.dll-->GetCursorPos, Type: Inline - RelativeJump 0x7E42974E-->00000000 [unknown_code_page]
[2036]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[2036]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[2036]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]
[2036]explorer.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page]
[2036]explorer.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page]
[2036]explorer.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page]
[2036]explorer.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A51178-->00000000 [shimeng.dll]
[2036]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[2036]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[2036]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D931480-->00000000 [shimeng.dll]
[2036]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->00000000 [shimeng.dll]
[240]ekrn.exe-->kernel32.dll-->SetUnhandledExceptionFilter, Type: Inline - PushRet 0x7C84495D-->00000000 [unknown_code_page]
[3284]iexplore.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[3284]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DD1214-->00000000 [aclayers.dll]
[3284]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DD105C-->00000000 [aclayers.dll]
[3284]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DD11E0-->00000000 [aclayers.dll]
[3284]iexplore.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[3284]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77F11084-->00000000 [aclayers.dll]
[3284]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77F11078-->00000000 [aclayers.dll]
[3284]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77F110B8-->00000000 [aclayers.dll]
[3284]iexplore.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x0040111C-->00000000 [shimeng.dll]
[3284]iexplore.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x00401060-->00000000 [aclayers.dll]
[3284]iexplore.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x004010B8-->00000000 [aclayers.dll]
[3284]iexplore.exe-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x00401078-->00000000 [aclayers.dll]
[3284]iexplore.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page]
[3284]iexplore.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page]
[3284]iexplore.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page]
[3284]iexplore.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A51178-->00000000 [shimeng.dll]
[3284]iexplore.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71A51184-->00000000 [aclayers.dll]
[3284]iexplore.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x71A511A0-->00000000 [aclayers.dll]
[3284]iexplore.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[3284]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7C9C13E8-->00000000 [aclayers.dll]
[3284]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7C9C163C-->00000000 [aclayers.dll]
[3284]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7C9C161C-->00000000 [aclayers.dll]
[3284]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7C9C15A0-->00000000 [aclayers.dll]
[3284]iexplore.exe-->user32.dll-->DialogBoxIndirectParamA, Type: Inline - RelativeJump 0x7E456D7D-->00000000 [ieframe.dll]
[3284]iexplore.exe-->user32.dll-->DialogBoxIndirectParamW, Type: Inline - RelativeJump 0x7E432072-->00000000 [ieframe.dll]
[3284]iexplore.exe-->user32.dll-->DialogBoxParamA, Type: Inline - RelativeJump 0x7E43B144-->00000000 [ieframe.dll]
[3284]iexplore.exe-->user32.dll-->DialogBoxParamW, Type: Inline - RelativeJump 0x7E4247AB-->00000000 [ieframe.dll]
[3284]iexplore.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[3284]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E4112F4-->00000000 [aclayers.dll]
[3284]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [aclayers.dll]
[3284]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E411340-->00000000 [aclayers.dll]
[3284]iexplore.exe-->user32.dll-->MessageBoxExA, Type: Inline - RelativeJump 0x7E45085C-->00000000 [ieframe.dll]
[3284]iexplore.exe-->user32.dll-->MessageBoxExW, Type: Inline - RelativeJump 0x7E450838-->00000000 [ieframe.dll]
[3284]iexplore.exe-->user32.dll-->MessageBoxIndirectA, Type: Inline - RelativeJump 0x7E43A082-->00000000 [ieframe.dll]
[3284]iexplore.exe-->user32.dll-->MessageBoxIndirectW, Type: Inline - RelativeJump 0x7E4664D5-->00000000 [ieframe.dll]
[3284]iexplore.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D931480-->00000000 [shimeng.dll]
[3284]iexplore.exe-->wininet.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x3D931484-->00000000 [aclayers.dll]
[3284]iexplore.exe-->wininet.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x3D931418-->00000000 [aclayers.dll]
[3284]iexplore.exe-->wininet.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x3D9313EC-->00000000 [aclayers.dll]
[3284]iexplore.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->00000000 [shimeng.dll]
[3284]iexplore.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71AB10A8-->00000000 [aclayers.dll]
[4056]iexplore.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[4056]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DD1214-->00000000 [aclayers.dll]
[4056]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DD105C-->00000000 [aclayers.dll]
[4056]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DD11E0-->00000000 [aclayers.dll]
[4056]iexplore.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[4056]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77F11084-->00000000 [aclayers.dll]
[4056]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77F11078-->00000000 [aclayers.dll]
[4056]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77F110B8-->00000000 [aclayers.dll]
[4056]iexplore.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x0040111C-->00000000 [shimeng.dll]
[4056]iexplore.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x00401060-->00000000 [aclayers.dll]
[4056]iexplore.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x004010B8-->00000000 [aclayers.dll]
[4056]iexplore.exe-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x00401078-->00000000 [aclayers.dll]
[4056]iexplore.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page]
[4056]iexplore.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page]
[4056]iexplore.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page]
[4056]iexplore.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A51178-->00000000 [shimeng.dll]
[4056]iexplore.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71A51184-->00000000 [aclayers.dll]
[4056]iexplore.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x71A511A0-->00000000 [aclayers.dll]
[4056]iexplore.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[4056]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7C9C13E8-->00000000 [aclayers.dll]
[4056]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7C9C163C-->00000000 [aclayers.dll]
[4056]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7C9C161C-->00000000 [aclayers.dll]
[4056]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7C9C15A0-->00000000 [aclayers.dll]
[4056]iexplore.exe-->user32.dll-->DialogBoxIndirectParamA, Type: Inline - RelativeJump 0x7E456D7D-->00000000 [ieframe.dll]
[4056]iexplore.exe-->user32.dll-->DialogBoxIndirectParamW, Type: Inline - RelativeJump 0x7E432072-->00000000 [ieframe.dll]
[4056]iexplore.exe-->user32.dll-->DialogBoxParamA, Type: Inline - RelativeJump 0x7E43B144-->00000000 [ieframe.dll]
[4056]iexplore.exe-->user32.dll-->DialogBoxParamW, Type: Inline - RelativeJump 0x7E4247AB-->00000000 [ieframe.dll]
[4056]iexplore.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[4056]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E4112F4-->00000000 [aclayers.dll]
[4056]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [aclayers.dll]
[4056]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E411340-->00000000 [aclayers.dll]
[4056]iexplore.exe-->user32.dll-->MessageBoxExA, Type: Inline - RelativeJump 0x7E45085C-->00000000 [ieframe.dll]
[4056]iexplore.exe-->user32.dll-->MessageBoxExW, Type: Inline - RelativeJump 0x7E450838-->00000000 [ieframe.dll]
[4056]iexplore.exe-->user32.dll-->MessageBoxIndirectA, Type: Inline - RelativeJump 0x7E43A082-->00000000 [ieframe.dll]
[4056]iexplore.exe-->user32.dll-->MessageBoxIndirectW, Type: Inline - RelativeJump 0x7E4664D5-->00000000 [ieframe.dll]
[4056]iexplore.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D931480-->00000000 [shimeng.dll]
[4056]iexplore.exe-->wininet.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x3D931484-->00000000 [aclayers.dll]
[4056]iexplore.exe-->wininet.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x3D931418-->00000000 [aclayers.dll]
[4056]iexplore.exe-->wininet.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x3D9313EC-->00000000 [aclayers.dll]
[4056]iexplore.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->00000000 [shimeng.dll]
[4056]iexplore.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71AB10A8-->00000000 [aclayers.dll]




#9 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:02:24 PM

Posted 17 September 2010 - 09:27 AM

One or more of the identified infections is a backdoor trojan/Rootkit.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

If you decide you want to proceed with trying to clean your machine please follow these next steps.



Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed, click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Edited by syler, 17 September 2010 - 09:28 AM.

unite.jpg


#10 andy wardle

andy wardle
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:24 PM

Posted 17 September 2010 - 01:11 PM

Hi,

Will try to clean this up as no critical data stored on this computer.

Here is the combofix log:

ComboFix 10-09-16.07 - andy 17/09/2010 18:52:52.5.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1918.1273 [GMT 1:00]
Running from: c:\documents and settings\andy\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((( Files Created from 2010-08-17 to 2010-09-17 )))))))))))))))))))))))))))))))
.

2010-09-13 19:28 . 2010-09-13 22:26 -------- d-----w- c:\program files\Windows Live Safety Center
2010-09-10 06:52 . 2010-09-16 18:10 63488 ----a-w- c:\documents and settings\andy\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-09-09 22:55 . 2010-09-14 02:39 -------- d-----w- c:\program files\ESET
2010-09-07 18:08 . 2010-09-07 18:08 -------- d-----w- c:\program files\Apple Software Update
2010-09-07 18:00 . 2010-09-07 18:00 503808 ----a-w- c:\documents and settings\andy\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7a6baf05-n\msvcp71.dll
2010-09-07 18:00 . 2010-09-07 18:00 499712 ----a-w- c:\documents and settings\andy\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7a6baf05-n\jmc.dll
2010-09-07 18:00 . 2010-09-07 18:00 348160 ----a-w- c:\documents and settings\andy\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7a6baf05-n\msvcr71.dll
2010-09-07 17:59 . 2010-09-07 17:59 61440 ----a-w- c:\documents and settings\andy\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-3bf94553-n\decora-sse.dll
2010-09-07 17:59 . 2010-09-07 17:59 12800 ----a-w- c:\documents and settings\andy\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-3bf94553-n\decora-d3d.dll
2010-09-07 17:59 . 2010-09-07 18:06 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-07 17:54 . 2010-09-07 18:03 79488 ----a-w- c:\documents and settings\andy\Application Data\Sun\Java\jre1.6.0_20\gtapi.dll
2010-09-07 17:54 . 2010-09-07 18:03 152576 ----a-w- c:\documents and settings\andy\Application Data\Sun\Java\jre1.6.0_20\lzma.dll
2010-09-07 16:47 . 2010-09-07 16:47 -------- d-----w- c:\program files\Secunia
2010-09-07 05:47 . 2010-09-07 05:47 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\ATI
2010-09-07 05:47 . 2010-09-07 05:47 -------- d-----w- c:\documents and settings\NetworkService\Application Data\ATI
2010-09-07 01:26 . 2010-09-08 22:20 -------- d-----w- c:\documents and settings\andy\Application Data\26634CAFC5E6AFABA102ED8567E43023
2010-09-03 04:00 . 2008-01-09 11:28 27632 ----a-w- c:\windows\system32\drivers\seehcri.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-17 00:37 . 2008-06-04 20:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-16 18:10 . 2009-03-17 20:16 117760 ----a-w- c:\documents and settings\andy\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-16 17:59 . 2010-07-13 09:48 -------- d-----w- c:\documents and settings\andy\Application Data\Skype
2010-09-16 15:57 . 2008-07-28 02:24 -------- d-----w- c:\documents and settings\andy\Application Data\skypePM
2010-09-16 07:03 . 2008-12-15 18:10 -------- d-----w- c:\program files\QuickTime
2010-09-15 18:40 . 2004-08-11 16:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2010-09-15 14:19 . 2010-02-08 17:21 -------- d-----w- c:\documents and settings\andy\Application Data\ZoomBrowser EX
2010-09-15 14:19 . 2010-02-08 17:21 -------- d-----w- c:\documents and settings\andy\Application Data\CameraWindowDC
2010-09-10 06:52 . 2009-02-04 03:27 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-09-07 18:42 . 2008-06-04 20:26 -------- d-----w- c:\program files\Common Files\Adobe
2010-09-07 18:24 . 2008-05-17 13:43 -------- d-----w- c:\program files\Java
2010-09-07 18:22 . 2008-12-15 18:11 -------- d-----w- c:\program files\iTunes
2010-09-07 18:22 . 2008-12-15 18:08 -------- d-----w- c:\program files\Common Files\Apple
2010-09-07 17:52 . 2010-01-01 19:10 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-09-07 13:09 . 2010-09-07 06:12 112 ----a-w- c:\documents and settings\All Users\Application Data\WqqAYSnuJ.dat
2010-09-05 16:38 . 2008-09-09 19:42 -------- d-----w- c:\documents and settings\andy\Application Data\U3
2010-09-04 09:14 . 2009-11-16 20:46 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-03 04:35 . 2009-08-19 12:10 -------- d-----w- c:\program files\Sony Ericsson
2010-09-03 04:35 . 2008-05-17 13:47 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-21 17:47 . 2010-02-22 18:55 -------- d-----w- c:\documents and settings\andy\Application Data\FreeBurner
2010-08-17 13:17 . 2004-08-11 16:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-17 09:20 . 2009-01-26 19:35 -------- d-----w- c:\program files\Lavasoft
2010-08-17 09:20 . 2009-01-26 19:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-08-04 10:50 . 2008-04-23 13:52 140752 ----a-w- c:\windows\system32\drivers\eamon.sys
2010-08-03 12:28 . 2008-04-23 14:00 95896 ----a-w- c:\windows\system32\drivers\epfwtdir.sys
2010-07-29 12:31 . 2010-07-29 12:31 115008 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2010-07-22 15:49 . 2004-08-11 16:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-04-15 12:31 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-07 14:05 . 2010-07-07 14:05 14904 ----a-w- c:\windows\system32\drivers\psi_mf.sys
2010-06-30 12:31 . 2004-08-11 16:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:15 . 2004-08-11 16:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 12:15 . 2004-08-11 16:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-06-24 12:15 . 2004-08-11 16:00 17408 ------w- c:\windows\system32\corpol.dll
2010-06-23 13:44 . 2004-08-11 16:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-08-11 16:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-23 11:11 . 2009-12-23 11:11 9902913 ----a-w- c:\program files\halwin_1.89.zip
2009-03-27 08:13 . 2009-03-27 08:13 604 ---ha-w- c:\program files\STLL Notifier
2008-11-25 13:40 . 2008-11-25 13:40 1226 ----a-w- c:\program files\setup.reg
2008-11-14 09:52 . 2008-11-14 09:52 41937 ----a-w- c:\program files\release_notes_kav8.0cf2_en.html
2008-11-13 17:23 . 2008-11-13 17:23 40375808 ----a-w- c:\program files\kav.en.msi
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"NBJ"="c:\program files\nero\Nero BackItUp\NBJ.exe" [2005-01-04 1937408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2009-10-22 1700664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-08-12 2215064]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\andy\Start Menu\Programs\Startup\
Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2010-7-21 965176]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2010-09-10 06:52 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.sys

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^S2 Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\S2 Updater.lnk
backup=c:\windows\pss\S2 Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 07:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2006-10-20 16:23 118784 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2007-03-14 21:01 71216 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecureUpgrade]
2007-09-14 09:53 218424 ----a-w- c:\program files\Wave Systems Corp\SecureUpgrade.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2009-11-20 09:17 434176 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 16:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-09-10 06:52 2424560 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RichVideo"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"mnmsrvc"=3 (0x3)
"LightScribeService"=3 (0x3)
"Lavasoft Ad-Aware Service"=2 (0x2)
"iPod Service"=3 (0x3)
"ImapiService"=3 (0x3)
"Bonjour Service"=2 (0x2)
"gusvc"=3 (0x3)
"ERSvc"=2 (0x2)
"tcsd_win32.exe"=2 (0x2)
"Tcnpadabgi"=3 (0x3)
"RemoteRegistry"=2 (0x2)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"FontCache3.0.0.0"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"DSBrokerService"=3 (0x3)
"ASFIPmon"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"OMSI download service"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [26/01/2009 20:42 64160]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [29/07/2010 13:31 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [23/04/2008 15:00 95896]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [15/01/2009 17:17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [15/01/2009 17:17 67656]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [12/08/2010 14:16 810144]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [02/11/2006 12:32 97536]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [03/09/2010 05:00 27632]
S3 FANTOM;LEGO MINDSTORMS NXT Driver;c:\windows\system32\drivers\fantom.sys [29/07/2008 15:09 39424]
S3 INIDVD;Initio USB DVD Filter Driver;c:\windows\system32\drivers\inidvd.sys [08/01/2009 20:30 7936]
S3 PL-40R;CASIO USB MIDI;c:\windows\system32\drivers\pl40rwdm.sys [17/06/2009 17:13 18048]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [07/07/2010 15:05 14904]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [19/08/2009 13:11 86824]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [19/08/2009 13:11 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [19/08/2009 13:11 114600]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [19/08/2009 13:11 108328]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [19/08/2009 13:11 26024]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [19/08/2009 13:11 104616]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [19/08/2009 13:11 109736]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [15/01/2009 17:17 12872]
S3 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [11/08/2004 17:00 5120]
S4 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [19/12/2006 14:21 79432]
S4 gupdate1c8f01acecbeacc;Google Update Service (gupdate1c8f01acecbeacc);c:\program files\Google\Update\GoogleUpdate.exe [27/07/2008 19:58 133104]
S4 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [03/09/2010 05:35 90112]
.
Contents of the 'Scheduled Tasks' folder

2010-09-16 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 14:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send Image to Photo Library - file://c:\documents and settings\andy\Application Data\ROXIO\PhotoSuite4\Temp\ROXIO00000.html
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: topmarques.co.uk\www
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://bq.kp.2020.net/planner/Core/Player/2020PlayerAX_Win32.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-17 18:59
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\INIDVD]
"ImagePath"=multi:"system32\DRIVERS\inidvd.sys\00"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\INIDVD]
"ImagePath"=multi:"system32\DRIVERS\inidvd.sys\00"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Adobe\Premiere Pro\1.5\DefaultPreset]
@DACL=(02 0000)
@="c:\\Program Files\\Adobe\\Premiere Pro 1.5\\Settings\\DV - NTSC\\Standard 48kHz.prpreset"

[HKEY_LOCAL_MACHINE\software\Adobe\Premiere Pro\1.5\Help]
@DACL=(02 0000)
"AdobeMediaEncoder"="c:\\Program Files\\Adobe\\Premiere Pro 1.5\\Help\\1_0_0_0.html"
"Contents"="c:\\Program Files\\Adobe\\Premiere Pro 1.5\\Help\\1_0_0_0.html"
"ExportToDVD"="c:\\Program Files\\Adobe\\Premiere Pro 1.5\\Help\\1_19_2_0.html"
"HowToUse"="c:\\Program Files\\Adobe\\Premiere Pro 1.5\\Help\\0_0_0_0.html"
"Keyboard"="c:\\Program Files\\Adobe\\Premiere Pro 1.5\\Help\\1_21_0_0.html"
"Search"="c:\\Program Files\\Adobe\\Premiere Pro 1.5\\Help\\search.html"
"Support"="http://www.adobe.com/support/products/premiere.html"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(672)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'lsass.exe'(728)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll

- - - - - - - > 'explorer.exe'(2860)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-09-17 19:02:33
ComboFix-quarantined-files.txt 2010-09-17 18:02

Pre-Run: 72,424,558,592 bytes free
Post-Run: 72,379,535,360 bytes free

- - End Of File - - 10B02FBF35F374046CF86313246304A2

#11 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:02:24 PM

Posted 17 September 2010 - 04:38 PM

Hello,

Can you tell me if you are still getting redirected?


Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • A blank Windows shall open with the title "SystemLook v1.0-by Jpshortstuff".
  • Copy the content of the following codebox into the main textfield :
    CODE
    :filefind
    wdmaud.sys
  • Please Confirm everything is copied and Pasted as I have provided above
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan, Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

unite.jpg


#12 andy wardle

andy wardle
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:24 PM

Posted 18 September 2010 - 03:04 AM

Not getting re-directed. The computer is performing normally.

Here is the log:

SystemLook 04.09.10 by jpshortstuff
Log created at 09:01 on 18/09/2010 by andy
Administrator - Elevation successful

========== filefind ==========

Searching for "wdmaud.sys"
C:\i386\wdmaud.sys --a--c- 82944 bytes [12:09 06/06/2008] [09:00 14/06/2006] EFD235CA22B57C81118C1AEB4798F1C1
C:\WINDOWS\$hf_mig$\KB920872\SP2QFE\wdmaud.sys --a---- 82944 bytes [09:17 14/06/2006] [09:17 14/06/2006] 0BFA8203B8148FB4E54BC212C41CE497
C:\WINDOWS\$NtServicePackUninstall$\wdmaud.sys -----c- 82944 bytes [13:43 08/09/2008] [09:00 14/06/2006] EFD235CA22B57C81118C1AEB4798F1C1
C:\WINDOWS\$NtUninstallKB920872$\wdmaud.sys -----c- 82944 bytes [07:12 06/06/2008] [22:15 03/08/2004] 2797F33EBF50466020C430EE4F037933
C:\WINDOWS\ServicePackFiles\i386\wdmaud.sys ------- 83072 bytes [12:53 07/09/2008] [19:17 13/04/2008] 6768ACF64B18196494413695F0C3A00F
C:\WINDOWS\system32\drivers\wdmaud.sys --a---- 83072 bytes [13:46 17/05/2008] [19:17 13/04/2008] 6768ACF64B18196494413695F0C3A00F

-= EOF =-

I'll be away for the next week so won't be able to reply to your postings.

Thanks for the help so far - Is it possible that the computer is clean now?

Andy

#13 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:02:24 PM

Posted 20 September 2010 - 07:59 AM

Hello.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

CODE
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"="wdmaud.drv"
DirLook::
c:\documents and settings\andy\Application Data\26634CAFC5E6AFABA102ED8567E43023
RegLock::
[HKEY_LOCAL_MACHINE\software\Adobe\Premiere Pro\1.5\DefaultPreset]
[HKEY_LOCAL_MACHINE\software\Adobe\Premiere Pro\1.5\Help]


Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.



Once you have run combofix, please run RKUnHooker again and post the new log.

Thanks

unite.jpg


#14 andy wardle

andy wardle
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:24 PM

Posted 22 September 2010 - 03:19 AM

Won't be home till the weekend, so will do this on Sunday.

Sorry for delay.

Andy

#15 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:02:24 PM

Posted 22 September 2010 - 04:57 PM

That's no problem, thanks for letting me know.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users