Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan TDSS.c!mem detected


  • Please log in to reply
8 replies to this topic

#1 mastobeam

mastobeam

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Local time:03:56 PM

Posted 01 October 2010 - 11:25 AM

I have issues with re-directs and additional screens opening in IE. Malwarebytes and Spybot don't pick up anything and McAfee picks up the trojan TDSS.c!mem but can't remove it. I have run gmer but it hangs my PC every time (I have checked for CD emulation).



DDS (Ver_10-03-17.01) - NTFSx86
Run by Andrew at 18:08:54.26 on 29/09/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3071.2121 [GMT 1:00]

AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files\O2\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\VirusScan\mcods.exe
C:\PROGRA~1\MICROS~3\OFFICE11\OUTLOOK.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Andrew\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20100915211456.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\andrew\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ControlCenter2.0] c:\program files\brother\controlcenter2\brctrcen.exe /autorun
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dPolicies-explorer: DisallowRun = 1 (0x1)
dPolicies-disallowrun: 1 = firefox.exe
dPolicies-disallowrun: 2 = opera.exe
dPolicies-disallowrun: 3 = chrome.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: o2.co.uk\*.broadband
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/mygarmin/m/GarminAxControl.CAB
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1230641167750
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2006-12-28 386712]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-4-8 84072]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-4-8 271480]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-4-8 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-4-8 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-4-8 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-4-8 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-4-8 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-4-8 141792]
R2 sprtsvc_O2;SupportSoft Sprocket Service (O2);c:\program files\o2\bin\sprtsvc.exe [2007-6-7 202280]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-4-8 55840]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2006-12-28 152992]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2006-12-28 52104]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-4-8 312904]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-4-8 88544]
S1 MpKsl5f86aa1b;MpKsl5f86aa1b;\??\c:\windows\system32\mpenginestore\mpksl5f86aa1b.sys --> c:\windows\system32\mpenginestore\MpKsl5f86aa1b.sys [?]
S1 uvnwrzvq;uvnwrzvq;\??\c:\windows\system32\drivers\uvnwrzvq.sys --> c:\windows\system32\drivers\uvnwrzvq.sys [?]
S2 gupdate1c98c9cf9ad3ffc;Google Update Service (gupdate1c98c9cf9ad3ffc);c:\program files\google\update\GoogleUpdate.exe [2009-2-12 133104]
S3 bkn50USB;Belkin 54Mbps Wireless USB Network Adapter;c:\windows\system32\drivers\rt2500usb.sys [2006-3-30 140416]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-4-8 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-4-8 84264]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2006-12-28 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2006-12-28 40552]

=============== Created Last 30 ================

2010-09-28 22:51:08 0 d-----w- C:\Adobe Premiere Elements CD
2010-09-26 20:46:31 51320 ----a-w- c:\windows\Aware40.mch
2010-09-26 20:45:36 35 ----a-w- c:\windows\A4W.INI
2010-09-26 20:45:36 0 d-----w- c:\windows\A4W_DATA
2010-09-04 22:39:56 81920 ----a-w- c:\windows\system32\Startup.cpl
2010-09-04 16:39:36 0 d-----w- c:\docume~1\andrew\applic~1\PCFix

==================== Find3M ====================

2010-08-24 13:57:38 95600 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-08-24 13:57:38 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-08-24 13:57:38 88544 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2010-08-24 13:57:38 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-08-24 13:57:38 84072 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2010-08-24 13:57:38 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-08-24 13:57:38 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-08-24 13:57:38 386712 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-08-24 13:57:38 312904 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-08-24 13:57:38 152992 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-07-17 04:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll
2009-07-24 13:02:13 19501 ----a-w- c:\program files\common files\isuse.db
2009-07-24 13:02:13 18453 ----a-w- c:\program files\common files\ymuxecehev.lib
2009-05-19 18:05:18 23867080 ----a-w- c:\program files\epenInstaller.exe
2008-11-14 23:46:51 3586880 ----a-w- c:\program files\vixybeta_install_0.7.exe
2007-12-09 20:07:51 6167158 ----a-w- c:\program files\dvdripper.exe
2010-06-17 16:29:39 110592 --sha-r- c:\windows\system32\taskmand.dll
2008-09-26 10:47:37 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092620080927\index.dat

============= FINISH: 18:10:35.92 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:56 AM

Posted 05 October 2010 - 08:06 PM

Hello mastobeam .

You will want to print out or copy these instructions to Notepad for offline reference!

If you are a casual viewer, do NOT try this on your system!
If you are not mastobeam and have a similar problem, do NOT post here; start your own topic


Do not run or start any other programs while these utilities and tools are in use!
Do NOT run any other tools on your own or do any fixes other than what is listed here.
If you have questions, please ask before you do something on your own.
But it is important that you get going on these following steps.

First, make sure you have saved all your work before you begin, and close your open apps.

Turn off the Mcafee Shield real-time monitor, othwerwise it may interfere.
Look for the McAfee icon Double-click the taskbar icon to open SecurityCenter
Click Advanced Menu
Click Configure
Click Computer & Files
Turn it off .

Step 1
1. Go >> Here << and download ERUNT
(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
2. Install ERUNT by following the prompts
(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
3. Start ERUNT
(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
4. Choose a location for the backup
(the default location is C:\WINDOWS\ERDNT which is acceptable).
5. Make sure that at least the first two check boxes are ticked
6. Press OK
7. Press YES to create the folder.

Step 2
Set Windows to show all files and all folders.
On your Desktop, double click My Computer, from the menu options, select tools, then Folder Options, and then select VIEW Tab and look at all of settings listed.

"CHECK" (turn on) Display the contents of system folders.

Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders.
Next, un-check Hide extensions for known file types.
Next un-check Hide protected operating system files.

Step 3
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Do NOT turn off the firewall

Please download Rkill by Grinler and save it to your desktop.
    Link 2
    Link 3
    Link 4
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • If your antivirus program gives a prompt message, respond positive to allow RKILL to run.
  • If a malware-rogue gives a message regarding RKILL, proceed forward to running RKILL
Step 4
Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
    If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.




  • If an infected file is detected, the default action will be Cure, click on Continue.




  • If a suspicious file is detected, the default action will be Skip, click on Continue.




  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.




  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 5
Note: If using Firefox right-click on any download links and choose Save As

Please download OTH to your desktop
Please download OTL to your desktop
Please download the attached file Scan.txt to your desktop

Double click the OTH file to run it and click Kill All Processes, your desktop will go blank.



Then select Start OTL. OTL will now run
  • Double-click on the Custom Scans box and a message box will popup asking if you want to load a custom scan from a file
    Select Scan.txt that you downloaded
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Click the Internet Explorer button, post these logs into your reply.
Re-enable your McAfee antivirus.
Reply with copy of contents of OTL.txt
Extras.txt
TDSSKILLER log

Edited by Maurice Naggar, 05 October 2010 - 08:09 PM.

~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#3 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:56 AM

Posted 11 October 2010 - 07:39 PM

This thread closed due to lack of response.

#4 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:56 AM

Posted 16 October 2010 - 07:50 AM

Topic re-opened.
~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#5 mastobeam

mastobeam
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Local time:03:56 PM

Posted 17 October 2010 - 02:37 PM

Maurice,

I think a recent update to McAfee may have got rid of the trojan. However I followed all your instructions down to the final OTL program run. No suspicious objects have been found. I couldn't though find the scan.txt attachment you mention so that is the only step I haven't done. Could you please re-attach so I can do that final check.

Many thanks

#6 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:56 AM

Posted 17 October 2010 - 02:57 PM

Attached

Attached Files


~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#7 mastobeam

mastobeam
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Local time:03:56 PM

Posted 23 October 2010 - 12:35 PM

Maurice,

When I double click in the box and open the file selection it doesn't see the .txt file. If I drag the file from the desktop into the box it says 'not valid fix file'?

#8 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:56 AM

Posted 27 October 2010 - 07:49 PM

Sorry for the delay in getting back to your case.
Let's not use my previous instructions. Instead do the following

Locate the OTL

Double-click OTL Posted Image to start it.

Look at the upper left of window. Press the pink color Quick Scan button.
Have patience while it runs.
It will produce a new log. Save it.

Copy and paste back here a copy of the new OTL.txt
AND Tell me, How is your system now ?
~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#9 mastobeam

mastobeam
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Local time:03:56 PM

Posted 04 November 2010 - 05:57 AM

Maurice,

In general the PC seems to be OK. The google re-directs have gone and the virus scan isn't picking up the trojan. I have run OTL as instructed. Log below

OTL logfile created on: 04/11/2010 10:40:46 - Run 3
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Documents and Settings\Andrew\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 81.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 109.46 Gb Free Space | 23.50% Space Free | Partition Type: NTFS
Drive D: | 514.58 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: AANDJNO2 | User Name: Andrew | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2010/10/15 11:51:49 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andrew\Desktop\OTL.scr
PRC - [2010/08/24 13:57:38 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2010/08/24 13:57:38 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
PRC - [2010/08/24 13:57:38 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe
PRC - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/06/07 16:28:36 | 001,193,848 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/07 15:19:40 | 000,202,280 | R--- | M] (SupportSoft, Inc.) -- C:\Program Files\O2\bin\sprtsvc.exe


========== Modules (SafeList) ==========

MOD - [2010/10/15 11:51:49 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andrew\Desktop\OTL.scr
MOD - [2010/07/14 12:30:14 | 000,018,688 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2008/04/14 00:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2008/04/13 17:39:24 | 002,897,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\xpsp2res.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (wuauserv)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/08/24 13:57:38 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2010/08/24 13:57:38 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2010/08/24 13:57:38 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/04/15 08:45:10 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2007/07/27 04:39:32 | 000,382,320 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2007/06/07 15:19:40 | 000,202,280 | R--- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\O2\bin\sprtsvc.exe -- (sprtsvc_O2) SupportSoft Sprocket Service (O2)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\uvnwrzvq.sys -- (uvnwrzvq)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\MpEngineStore\MpKsl5f86aa1b.sys -- (MpKsl5f86aa1b)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Combo-Fix\catchme.sys -- (catchme)
DRV - [2010/08/24 13:57:38 | 000,386,712 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/08/24 13:57:38 | 000,312,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2010/08/24 13:57:38 | 000,152,992 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/08/24 13:57:38 | 000,095,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/08/24 13:57:38 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2010/08/24 13:57:38 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2010/08/24 13:57:38 | 000,084,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010/08/24 13:57:38 | 000,084,072 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2010/08/24 13:57:38 | 000,055,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/08/24 13:57:38 | 000,052,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/02/11 07:38:10 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/09/16 09:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 09:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2008/04/13 18:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 18:46:18 | 000,061,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ohci1394.sy@ -- (ohci1394)
DRV - [2008/04/13 16:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2005/08/18 13:35:00 | 003,856,896 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/01/07 16:07:16 | 000,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004/07/16 10:14:30 | 000,140,416 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2500usb.sys -- (bkn50USB)
DRV - [2003/11/13 17:19:48 | 000,210,304 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/13 17:18:36 | 000,679,808 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/13 17:17:00 | 001,042,816 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2002/07/17 08:53:02 | 000,016,877 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{FFF34590-ED27-4CA1-B3EE-5FBECD40246D}: C:\Documents and Settings\Andrew\Local Settings\Application Data\{FFF34590-ED27-4CA1-B3EE-5FBECD40246D} [2010/06/19 11:25:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/11/02 02:34:11 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/11/01 11:40:49 | 000,420,902 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14540 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20100915211456.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: o2.co.uk ([*.broadband] http in Trusted sites)
O15 - HKCU\..Trusted Domains: o2.co.uk ([*.broadband] https in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1230641167750 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: Garmin Communicator Plug-In https://my.garmin.com/mygarmin/m/GarminAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - CLSID or File not found.
O24 - Desktop WallPaper: C:\Documents and Settings\Andrew\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Andrew\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/11/30 16:33:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/07/27 10:46:10 | 000,000,045 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{244f6d5c-15d1-11df-ad98-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{244f6d5c-15d1-11df-ad98-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{244f6d5c-15d1-11df-ad98-806d6172696f}\Shell\AutoRun\command - "" = E:\OblivionLauncher.exe -- File not found
O33 - MountPoints2\{3ab55d0e-4458-11de-a9fc-001485b5cefa}\Shell\AutoRun\command - "" = L:\WDSetup.exe -- File not found
O33 - MountPoints2\{949bb665-85f7-11da-b124-001485b5cefa}\Shell\AutoRun\command - "" = G:\launch.bat -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/11/03 17:39:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ATI
[2010/11/01 17:57:26 | 000,000,000 | ---D | C] -- C:\Program Files\Xvid
[2010/11/01 02:30:52 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Andrew\Recent
[2010/10/15 11:51:47 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Andrew\Desktop\OTL.scr
[2010/10/15 11:51:31 | 000,258,560 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Andrew\Desktop\OTH.scr
[2010/10/15 11:43:39 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/10/15 11:42:41 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Andrew\Desktop\erunt-setup.exe
[2010/10/07 23:54:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2010/10/06 22:05:53 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/10/06 22:05:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/10/06 22:00:57 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/10/06 21:58:21 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/10/04 08:08:00 | 001,325,656 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Andrew\Desktop\TDSSKiller.exe
[2010/09/30 20:54:36 | 000,000,000 | ---D | C] -- C:\Adobe Premiere Elements CD
[2010/09/29 17:14:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Desktop\gmer
[2010/09/26 20:45:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\A4W_DATA
[2010/09/12 09:43:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Google
[2010/09/04 16:39:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Application Data\PCFix
[2010/08/30 08:37:17 | 000,000,000 | ---D | C] -- C:\Program Files\Spotify
[2010/08/30 08:27:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/08/14 15:25:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Local Settings\Application Data\WMTools Downloaded Files
[2009/05/19 18:05:15 | 023,867,080 | ---- | C] (Macrovision Corporation) -- C:\Program Files\epenInstaller.exe
[2008/11/14 23:46:51 | 003,586,880 | ---- | C] (Farside Inc. ) -- C:\Program Files\vixybeta_install_0.7.exe
[2007/12/09 20:07:11 | 006,167,158 | ---- | C] (AoAMedia.Com ) -- C:\Program Files\dvdripper.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/11/03 22:28:34 | 000,030,720 | ---- | M] () -- C:\Documents and Settings\Andrew\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/03 20:32:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/11/03 19:04:39 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/11/03 17:34:16 | 000,001,601 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee AntiVirus Plus.lnk
[2010/11/03 17:33:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/03 17:33:29 | 3220,754,432 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/03 17:32:33 | 000,001,107 | ---- | M] () -- C:\WINDOWS\ATICIM.INI
[2010/11/03 17:02:31 | 000,051,320 | ---- | M] () -- C:\WINDOWS\Aware40.mch
[2010/11/03 17:01:27 | 000,000,035 | ---- | M] () -- C:\WINDOWS\A4W.INI
[2010/11/03 16:45:23 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/01 11:40:49 | 000,420,902 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/10/31 23:26:11 | 000,000,023 | ---- | M] () -- C:\WINDOWS\BlendSettings.ini
[2010/10/27 16:24:11 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/27 05:40:51 | 000,420,902 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20101101-114049.backup
[2010/10/18 16:30:51 | 000,420,902 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20101027-064051.backup
[2010/10/17 22:29:34 | 000,420,902 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20101018-173051.backup
[2010/10/17 17:39:03 | 000,420,902 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20101017-232934.backup
[2010/10/15 13:41:02 | 000,001,921 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/10/15 11:51:49 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andrew\Desktop\OTL.scr
[2010/10/15 11:51:32 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andrew\Desktop\OTH.scr
[2010/10/15 11:49:49 | 001,325,656 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Andrew\Desktop\TDSSKiller.exe
[2010/10/15 11:49:20 | 001,211,285 | ---- | M] () -- C:\Documents and Settings\Andrew\Desktop\tdsskiller.zip
[2010/10/15 11:46:33 | 000,364,032 | ---- | M] () -- C:\Documents and Settings\Andrew\Desktop\rkill.com
[2010/10/15 11:43:39 | 000,000,617 | ---- | M] () -- C:\Documents and Settings\Andrew\Desktop\NTREGOPT.lnk
[2010/10/15 11:43:39 | 000,000,598 | ---- | M] () -- C:\Documents and Settings\Andrew\Desktop\ERUNT.lnk
[2010/10/15 11:42:43 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Andrew\Desktop\erunt-setup.exe
[2010/10/07 10:58:00 | 000,418,700 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20101017-183903.backup
[2010/10/06 22:01:46 | 000,001,610 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/10/06 16:34:46 | 000,418,700 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20101007-115800.backup
[2010/10/03 12:07:30 | 000,418,700 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20101006-173446.backup
[2010/10/01 16:22:14 | 002,165,767 | ---- | M] () -- C:\Documents and Settings\Andrew\Desktop\mcafee output.rtf
[2010/09/30 20:36:10 | 000,015,236 | ---- | M] () -- C:\WINDOWS\System32\PRE20_FCBlueprint.dat
[2010/09/30 20:36:10 | 000,000,156 | ---- | M] () -- C:\WINDOWS\System32\{11C98E1A-EC91-4B38-B44C-C562292D8453}-FunctionContent.dat
[2010/09/29 19:43:48 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Andrew\defogger_reenable
[2010/09/29 19:42:55 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Andrew\Desktop\Defogger.exe
[2010/09/29 17:13:45 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Andrew\Desktop\gmer.zip
[2010/09/29 17:13:09 | 000,003,177 | ---- | M] () -- C:\Documents and Settings\Andrew\Desktop\Attach.zip
[2010/09/29 17:08:03 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Andrew\Desktop\dds.scr
[2010/09/28 22:56:07 | 000,418,700 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20101003-130730.backup
[2010/09/27 20:11:59 | 000,418,700 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100928-235607.backup
[2010/09/26 20:26:54 | 000,001,806 | ---- | M] () -- C:\Documents and Settings\Andrew\Desktop\Oblivion.lnk
[2010/09/26 20:25:55 | 000,001,049 | ---- | M] () -- C:\Documents and Settings\Andrew\Desktop\Oblivion Mod Manager.lnk
[2010/09/26 20:06:18 | 000,418,632 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100927-211159.backup
[2010/09/19 17:15:51 | 000,417,094 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100926-210618.backup
[2010/09/18 14:32:49 | 000,417,094 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100919-181551.backup
[2010/09/16 17:20:14 | 000,000,426 | ---- | M] () -- C:\WINDOWS\brwmark.ini
[2010/09/16 17:04:07 | 000,417,094 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100918-153249.backup
[2010/09/14 21:55:03 | 000,417,094 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100916-180407.backup
[2010/09/12 20:45:06 | 000,417,094 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100914-225503.backup
[2010/09/12 10:43:16 | 000,417,094 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100912-214506.backup
[2010/09/09 16:16:54 | 000,417,094 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100912-114316.backup
[2010/09/08 18:53:31 | 000,417,094 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100909-171654.backup
[2010/09/04 22:50:50 | 000,000,821 | ---- | M] () -- C:\Documents and Settings\Andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/09/04 16:29:58 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/09/04 16:18:38 | 000,417,094 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100908-195330.backup
[2010/09/03 17:45:49 | 000,417,094 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100904-171838.backup
[2010/09/01 12:43:09 | 000,417,094 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100903-184549.backup
[2010/09/01 10:36:01 | 000,415,172 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100901-134309.backup
[2010/08/31 14:32:29 | 000,415,172 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100901-113601.backup
[2010/08/30 20:38:25 | 000,415,172 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100831-153229.backup
[2010/08/29 19:03:45 | 000,415,172 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100830-213825.backup
[2010/08/24 13:57:38 | 000,386,712 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
[2010/08/24 13:57:38 | 000,312,904 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfefirek.sys
[2010/08/24 13:57:38 | 000,152,992 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2010/08/24 13:57:38 | 000,095,600 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys
[2010/08/24 13:57:38 | 000,088,544 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfendisk.sys
[2010/08/24 13:57:38 | 000,084,264 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
[2010/08/24 13:57:38 | 000,084,072 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdi2k.sys
[2010/08/24 13:57:38 | 000,055,840 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\cfwids.sys
[2010/08/24 13:57:38 | 000,052,104 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2010/08/24 13:57:38 | 000,009,344 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeclnk.sys
[2010/08/19 22:13:18 | 000,415,172 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100829-200345.backup
[2010/08/16 16:11:59 | 000,415,172 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100819-231318.backup
[2010/08/15 17:27:16 | 000,415,172 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100816-171159.backup
[2010/08/14 13:51:17 | 000,415,172 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100815-182716.backup
[2010/08/12 15:17:03 | 000,415,172 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100814-145117.backup
[2010/08/11 20:49:46 | 000,415,172 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100812-161703.backup
[2010/08/11 01:51:59 | 001,849,514 | ---- | M] () -- C:\Documents and Settings\Andrew\My Documents\20050626_1_a5_kr.zip
[2010/08/10 20:43:01 | 000,415,172 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100811-214946.backup
[2010/08/10 07:04:19 | 000,415,172 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100810-214301.backup
[2010/08/10 07:02:43 | 000,415,172 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100810-080419.backup
[2010/08/06 18:50:33 | 000,407,846 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100810-080243.backup
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/03 17:29:30 | 000,001,107 | ---- | C] () -- C:\WINDOWS\ATICIM.INI
[2010/11/03 17:09:54 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2010/11/01 17:57:26 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/11/01 17:57:26 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/11/01 17:57:26 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\xvid.ax
[2010/10/15 13:41:02 | 000,001,921 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/10/15 11:49:16 | 001,211,285 | ---- | C] () -- C:\Documents and Settings\Andrew\Desktop\tdsskiller.zip
[2010/10/15 11:46:32 | 000,364,032 | ---- | C] () -- C:\Documents and Settings\Andrew\Desktop\rkill.com
[2010/10/15 11:43:39 | 000,000,617 | ---- | C] () -- C:\Documents and Settings\Andrew\Desktop\NTREGOPT.lnk
[2010/10/15 11:43:39 | 000,000,598 | ---- | C] () -- C:\Documents and Settings\Andrew\Desktop\ERUNT.lnk
[2010/10/06 22:01:46 | 000,001,610 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/10/01 16:22:14 | 002,165,767 | ---- | C] () -- C:\Documents and Settings\Andrew\Desktop\mcafee output.rtf
[2010/10/01 16:13:17 | 000,061,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\ohci1394.sy@
[2010/09/30 20:19:51 | 000,015,236 | ---- | C] () -- C:\WINDOWS\System32\PRE20_FCBlueprint.dat
[2010/09/30 20:19:51 | 000,000,156 | ---- | C] () -- C:\WINDOWS\System32\{11C98E1A-EC91-4B38-B44C-C562292D8453}-FunctionContent.dat
[2010/09/29 19:43:48 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Andrew\defogger_reenable
[2010/09/29 19:42:55 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Andrew\Desktop\Defogger.exe
[2010/09/29 17:13:45 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Andrew\Desktop\gmer.zip
[2010/09/29 17:13:09 | 000,003,177 | ---- | C] () -- C:\Documents and Settings\Andrew\Desktop\Attach.zip
[2010/09/29 17:08:01 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Andrew\Desktop\dds.scr
[2010/09/26 20:46:31 | 000,051,320 | ---- | C] () -- C:\WINDOWS\Aware40.mch
[2010/09/26 20:45:36 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A4W.INI
[2010/09/04 22:50:50 | 000,000,821 | ---- | C] () -- C:\Documents and Settings\Andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/09/04 22:39:56 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Startup.cpl
[2010/06/17 16:29:39 | 000,110,592 | RHS- | C] () -- C:\WINDOWS\System32\taskmand.dll
[2010/05/16 14:10:35 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/02/19 21:13:42 | 000,011,522 | -HS- | C] () -- C:\Documents and Settings\Andrew\Local Settings\Application Data\NLF6AMiFd8F
[2010/02/08 19:16:37 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Andrew\Local Settings\Application Data\housecall.guid.cache
[2010/01/25 18:43:07 | 000,000,429 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009/11/22 17:12:09 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\Andrew\Application Data\wklnhst.dat
[2009/07/24 13:02:13 | 000,019,501 | ---- | C] () -- C:\Program Files\Common Files\isuse.db
[2009/07/24 13:02:13 | 000,018,453 | ---- | C] () -- C:\Program Files\Common Files\ymuxecehev.lib
[2008/07/02 13:40:01 | 000,000,728 | ---- | C] () -- C:\WINDOWS\{4507868A-A9CD-4ECC-BD54-0EAB6EE81D42}_WiseFW.ini
[2008/02/04 17:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/12/09 20:08:43 | 000,000,067 | ---- | C] () -- C:\WINDOWS\AoADVDRipper.INI
[2007/11/14 16:43:03 | 000,000,073 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2007/11/14 16:43:03 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2007/07/29 23:23:57 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2007/04/01 18:05:28 | 000,000,141 | ---- | C] () -- C:\WINDOWS\asym.ini
[2007/03/31 13:36:59 | 000,000,212 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2007/03/31 13:36:20 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL
[2007/03/31 13:36:12 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2007/03/31 13:32:54 | 000,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2006/09/28 18:49:26 | 000,000,106 | ---- | C] () -- C:\WINDOWS\Brpcfx.ini
[2006/09/28 18:49:22 | 000,000,426 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2006/09/28 18:49:22 | 000,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2006/03/11 00:00:40 | 000,001,355 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/02/20 12:55:22 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/01/24 18:08:29 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006/01/19 22:31:37 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/01/15 21:21:27 | 000,030,720 | ---- | C] () -- C:\Documents and Settings\Andrew\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/01/15 18:48:56 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Andrew\Local Settings\Application Data\fusioncache.dat
[2005/11/30 17:26:42 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/11/30 17:23:36 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/11/30 17:12:36 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/11/30 17:12:36 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/11/30 17:12:36 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/11/30 17:12:36 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/11/30 17:12:36 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/11/30 17:12:36 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/11/30 17:12:24 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/11/30 17:02:14 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/11/30 16:35:24 | 000,000,828 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/11/30 16:30:44 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/12 21:57:09 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/03/04 09:16:34 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll

========== LOP Check ==========

[2009/03/02 22:56:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2007/03/31 13:32:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2008/07/02 13:40:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2008/12/11 00:15:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/10/06 22:07:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/12/30 20:52:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/08/12 20:16:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\GARMIN
[2006/02/20 12:56:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\InterVideo
[2010/09/04 16:40:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\PCFix
[2007/03/31 14:13:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\ScanSoft
[2009/11/22 17:12:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Template
[2010/11/04 10:47:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\uTorrent

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:30FD0CBD
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users