Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TrojanClicker Win32--Yabector.A in Hillsboro


  • This topic is locked This topic is locked
39 replies to this topic

#1 Hajduk

Hajduk

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States
  • Local time:01:10 PM

Posted 10 December 2010 - 06:32 AM

Windows XP, Comodo firewall, Avira Antivirus. On-demand scanners: Spybot S&D, Malwarebytes AntiMalware, McAfee Stinger, Spyware Blaster.

For some weeks I have suspect a Trojan or Rootkit causing sluggish computer behavior, but the antimalware programs didn't find anything. Last week Spybot caught a Virtumonde bastard and killed it. Yesterday I ran Microsoft OneCare Live Safety Scan, and it found the Yabector.A but wouldn't remove it (frustrating MS interface made this effort an ordeal!).

Here's the DDS text:
DDS (Ver_10-12-05.01) - NTFSx86
Run by Stephen at 10:08:39.94 on Thu 12/09/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Professional 5.1.2600.3.1252.41.1033.18.511.29 [GMT -8:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Comodo Internet Securityl\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\ABC Chaos decrypt\mainserv.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\D4\D4.exe
C:\WINDOWS\StartupMonitor.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Comodo Internet Securityl\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\LClock\lclock.exe
C:\Program Files\COMODO\COMODO GeekBuddy\CLPS.exe
C:\Program Files\CallWave\IAM.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
c:\program files\avira\antivir desktop\avcenter.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Defogger\Defogger.exe
C:\Program Files\DDS\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://news.bbc.co.uk/
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: AutorunsDisabled - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: IE AdBlock: {46b37057-5ba8-4014-b28d-6448fd171a3e} - c:\program files\ie adblock\IE AdBlock.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~2\SDHelper.dll
BHO: Tracker Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: IE AdBlock: {be1b1f92-ac2e-4afb-bc9d-07fe272c1373} - c:\program files\ie adblock\IE AdBlock.dll
TB: FireShot: {6e6e744e-4d20-4ce3-9a7a-26dfffe22f68} -
TB: Tracker Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - No File
TB: {968631B6-4729-440D-9BF4-251F5593EC9A} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [LClock] c:\program files\lclock\lclock.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Dimension4] c:\program files\d4\D4.exe
mRun: [Run StartupMonitor] StartupMonitor.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [COMODO Internet Security] "c:\program files\comodo internet securityl\comodo\comodo internet security\cfp.exe" -h
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [COMODO] c:\program files\comodo\comodo geekbuddy\CLPSLA.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\stephen\startm~1\programs\startup\iamexe~1.lnk - c:\program files\callwave\IAM.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\lclock.lnk - c:\program files\lclock\LClock.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {FB858B22-55E2-413f-87F5-30ADC5552151} - c:\program files\plotsoft\pdfill\DownloadPDF.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~2\SDHelper.dll
Trusted Zone: gmail.com\www
Trusted Zone: google.com\www
Trusted Zone: lycos.com\www.mail
Trusted Zone: yahoo.com\www
Trusted Zone: yahoo.com\www.mail
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: {23978555-F043-4D6A-B0C1-37CFF6B396F0} = 216.99.193.2 216.99.193.19
TCP: {E57557EA-CFE9-4F5E-93CA-233D93F5C4CD} = 156.154.70.22,156.154.71.22
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
LSA: Authentication Packages = msv1_0 nwprovau
LSA: Notification Packages = :\windows\system32\srr

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\stephen\applic~1\mozilla\firefox\profiles\yc4ymxok.griefandwoe\
FF - plugin: c:\documents and settings\stephen\application data\mozilla\firefox\profiles\yc4ymxok.griefandwoe\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\stephen\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Download Panel: download-panel@kwok.wai.kan - c:\docume~1\stephen\applic~1\mozilla\firefox\profiles\yc4ymxok.griefandwoe\extensions\download-panel@kwok.wai.kan
FF - Extension: Element Hiding Helper for Adblock Plus: elemhidehelper@adblockplus.org - c:\docume~1\stephen\applic~1\mozilla\firefox\profiles\yc4ymxok.griefandwoe\extensions\elemhidehelper@adblockplus.org
FF - Extension: Save File to: savefileto@mozdev.org - c:\docume~1\stephen\applic~1\mozilla\firefox\profiles\yc4ymxok.griefandwoe\extensions\savefileto@mozdev.org
FF - Extension: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - c:\docume~1\stephen\applic~1\mozilla\firefox\profiles\yc4ymxok.griefandwoe\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Extension: Download status: {9fb8c270-7124-11dd-ad8b-0800200c9a66} - c:\docume~1\stephen\applic~1\mozilla\firefox\profiles\yc4ymxok.griefandwoe\extensions\{9fb8c270-7124-11dd-ad8b-0800200c9a66}
FF - Extension: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - c:\docume~1\stephen\applic~1\mozilla\firefox\profiles\yc4ymxok.griefandwoe\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Extension: Adobe DLM (powered by getPlus®): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - c:\docume~1\stephen\applic~1\mozilla\firefox\profiles\yc4ymxok.griefandwoe\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Extension: Download folder button: downloadfolderbutton@zen-ben.com - c:\docume~1\stephen\applic~1\mozilla\firefox\profiles\yc4ymxok.griefandwoe\extensions\downloadfolderbutton@zen-ben.com
FF - Extension: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - c:\docume~1\stephen\applic~1\mozilla\firefox\profiles\yc4ymxok.griefandwoe\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Extension: WebMail Notifier: {37fa1426-b82d-11db-8314-0800200c9a66} - c:\docume~1\stephen\applic~1\mozilla\firefox\profiles\yc4ymxok.griefandwoe\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}
FF - Extension: InvisibleHand: canitbecheaper@trafficbroker.co.uk - c:\docume~1\stephen\applic~1\mozilla\firefox\profiles\yc4ymxok.griefandwoe\extensions\canitbecheaper@trafficbroker.co.uk
FF - Extension: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - c:\docume~1\stephen\applic~1\mozilla\firefox\profiles\yc4ymxok.griefandwoe\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Extension: Flagfox: {1018e4d6-728f-4b20-ad56-37578a4de76b} - c:\docume~1\stephen\applic~1\mozilla\firefox\profiles\yc4ymxok.griefandwoe\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-11-29 11608]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2010-9-10 239240]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-9-10 25240]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-11-29 61960]
S3 3dfxvs;3dfxvs;c:\windows\system32\drivers\3dfxvsm.sys [2007-3-31 148352]
S3 ctencwdm;Creative PC-DVD Encore ( WDM );c:\windows\system32\drivers\ctencwdm.sys [1999-6-21 439460]

=============== Created Last 30 ================

2010-12-09 18:06:25 -------- d-----w- c:\program files\DDS
2010-12-09 17:48:43 -------- d-----w- c:\program files\Defogger
2010-12-08 04:16:43 -------- d-----w- c:\program files\Firefox IE Tab
2010-12-08 00:57:59 -------- d-----w- c:\program files\Traysoft
2010-12-07 18:44:47 -------- d-----w- c:\program files\PhoneTray DialUp
2010-12-04 14:18:27 -------- d-----w- c:\program files\Sophos
2010-12-01 15:11:25 -------- d-----w- c:\docume~1\stephen\applic~1\Easy Thumbnails
2010-12-01 15:08:47 -------- d-----w- c:\program files\Easy Thumbnails
2010-12-01 04:27:20 12112 ----a-w- C:\cc_20101130_202711.reg
2010-12-01 04:20:59 -------- d-----w- c:\program files\CCleaner 3.01.1327
2010-11-30 19:46:08 -------- d-----w- c:\program files\F-Secure Blacklight Rootkit Eliminator
2010-11-30 19:27:44 -------- d-----w- c:\program files\G--Sophos Anti-Rootkit
2010-11-30 02:48:43 -------- d--h--w- C:\VritualRoot
2010-11-30 02:41:34 -------- d-----w- c:\docume~1\stephen\applic~1\Avira
2010-11-30 00:57:14 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-11-30 00:57:06 -------- d-----w- c:\program files\Avira
2010-11-30 00:57:06 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira
2010-11-30 00:47:06 -------- d-----w- c:\program files\COMODO
2010-11-29 20:49:41 -------- d-----w- c:\program files\SpywareBlaster 44
2010-11-29 17:53:34 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-29 17:53:29 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-25 16:41:57 4912 ----a-w- c:\docume~1\stephen\locals~1\applic~1\d3d9caps.tmp
2010-11-25 05:59:32 35136 ----a-w- c:\program files\mozilla firefox\plugins\np_gp.dll
2010-11-25 05:41:22 -------- d-----w- c:\program files\Adobe Flash Player
2010-11-25 05:19:08 -------- d-----w- c:\windows\system32\Adobe
2010-11-25 04:45:42 -------- d-----w- c:\program files\Adobe Shockwave Player 11.5.9.615
2010-11-25 00:42:02 -------- d-----w- C:\Sun
2010-11-24 21:27:54 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-11-24 20:50:18 -------- d-----w- c:\windows\system32\appmgmt
2010-11-22 15:58:41 -------- d-----w- c:\docume~1\stephen\locals~1\applic~1\Help
2010-11-19 22:31:18 -------- d-----w- c:\program files\Protoporia
2010-11-12 13:18:24 536 ----a-w- C:\cc_20101112_051820.reg
2010-11-10 20:49:36 135568 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2010-11-10 20:49:36 135568 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll

==================== Find3M ====================

2010-10-16 15:06:13 1964 ----a-w- C:\cc_20101016_080557.reg
2010-10-13 19:35:45 13978 ----a-w- C:\cc_20101013_123531.reg
2010-09-18 20:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 12:50:37 472808 -c--a-w- c:\windows\system32\deployJava1.dll
2010-09-15 10:29:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-13 18:12:04 13382 ----a-w- C:\cc_20100913_111139.reg
2010-09-11 07:41:40 285480 ----a-w- c:\windows\system32\guard32.dll
2008-12-16 20:23:48 150528 -c--a-w- c:\program files\AWCInit.exe
2008-09-26 04:25:27 2404 -c--a-w- c:\program files\sysrestoreenable.reg
2008-07-22 02:38:02 3548609 -c--a-w- c:\program files\Free HTM to JPG Converter.exe
2008-02-05 04:23:00 71168 -c--a-w- c:\program files\OnLine Bible Setup.exe
2008-01-25 08:26:38 15070144 -c--a-w- c:\program files\ssftrialsnrsetup1_26338613.exe
2008-01-20 22:16:10 812344 -c--a-w- c:\program files\HiJack This Install.exe
2007-04-20 02:37:43 774144 -c--a-w- c:\program files\RngInterstitial.dll
2007-03-22 06:32:22 10159744 -c--a-w- c:\program files\iTunesSetup.exe
2007-02-17 14:40:21 5007104 -c--a-w- c:\program files\GoogleVideoPlayerSetup.exe
2007-01-10 03:53:57 856047 -c--a-w- c:\program files\EFRCSetup.exe
2006-12-31 14:21:04 504632 -c--a-w- c:\program files\WindowsXP-KB926247-x86-ENU.exe
2006-12-31 14:18:36 739640 -c--a-w- c:\program files\WindowsXP-KB926255-x86-ENU.exe
2006-12-31 14:17:36 5186048 -c--a-w- c:\program files\WindowsDefender.msi
2006-12-31 14:15:42 518888 -c--a-w- c:\program files\WindowsXP-KB884020-x86-enu.exe
2006-12-31 14:07:28 701752 -c--a-w- c:\program files\WindowsXP-KB921883-x86-ENU.exe
2006-11-13 04:16:04 359112 -c--a-w- c:\program files\LimeWireWin.exe
2006-11-07 20:14:11 12490317 -c--a-w- c:\program files\install_advance.exe
2006-10-28 04:16:16 10120112 -c--a-w- c:\program files\SkypeSetup.exe
2006-10-21 02:24:49 166144 -c--a-w- c:\program files\DECCHECKSetup.EXE
2006-10-19 03:54:43 761915 -c--a-w- c:\program files\Spikey setup.exe
2006-10-07 05:04:47 905728 -c--a-w- c:\program files\iview398.exe
2006-10-01 04:48:54 1681656 -c--a-w- c:\program files\foobar2000_0.9.4.exe
2006-09-23 01:57:00 1318176 -c--a-w- c:\program files\ns_abasetup162.exe
2006-09-23 00:24:44 3711728 -c--a-w- c:\program files\powarc963.exe
2006-09-22 14:54:31 12606880 -c--a-w- c:\program files\sp26286.exe
2006-09-22 05:47:53 12754672 -c--a-w- c:\program files\MP10Setup.exe
2006-08-27 22:40:12 3594752 -c--a-w- c:\program files\BabelMap.exe
2006-07-12 19:59:22 3278400 -c--a-w- c:\program files\procexp.exe
2006-04-05 01:44:36 3290930 -c--a-w- c:\program files\CharMapX_Setup.exe
2005-06-06 05:35:02 1121222 -c--a-w- c:\program files\CountryCode.v2.5.0_setup.exe
2005-03-30 05:33:54 49152 -c--a-w- c:\program files\CM Pro.exe
2004-09-10 21:40:38 75264 -c--a-w- c:\program files\DECCHECK.exe
2004-08-19 00:03:32 4897400 -c--a-w- c:\program files\WorldPad_0_8_setup.exe
1999-10-26 00:32:08 468992 -c--a-w- c:\program files\CHMAP.EXE
1998-12-20 20:19:24 420352 -c--a-w- c:\program files\ecm.exe

============= FINISH: 10:15:45.42 ===============

BC AdBot (Login to Remove)

 


#2 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:10 AM

Posted 17 December 2010 - 08:20 PM

Hello and welcome to Bleeping Computer :welcome:

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log




Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#3 Hajduk

Hajduk
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States
  • Local time:01:10 PM

Posted 24 December 2010 - 11:59 AM

Here's the new DDS scan. Let me know if you need the "Attach" file. Next I will do the GMER,

Attached Files

  • Attached File  DDS.txt   15.86KB   2 downloads


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:10 PM

Posted 26 December 2010 - 05:18 PM

Hello

My name is gringo and I will be Helping you from this point forward

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes unless I tell you so.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

If you have not done so please Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Here is the first thing I would like you to do.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Hajduk

Hajduk
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States
  • Local time:01:10 PM

Posted 29 December 2010 - 11:23 PM

OK, I am going to paste in the GMER scan here. I'll do the Combofix tomorrow.

Just got a message that the GMER log is too long to paste in. Rather than send several sections, I'll attach it.

Hajduk

Attached Files



#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:10 PM

Posted 30 December 2010 - 12:06 AM

Ok I will be waiting for the combofix scan when ready


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Hajduk

Hajduk
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States
  • Local time:01:10 PM

Posted 31 December 2010 - 01:54 AM

I disabled Comodo and Avira and downloaded ComboFix, but I can't run it because all I get is the message "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item."

AFAIK there are no programs running that should interfere with it. I ran Windows Live OneCare Security Scan (which detected the Trojan) several weeks ago and did not have this problem; and I ran ComboFix successfully a couple of years ago.

Hajduk

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:10 PM

Posted 31 December 2010 - 02:01 AM

Hello

Are you running this as admin and is combofix located on the desktop?

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Hajduk

Hajduk
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States
  • Local time:01:10 PM

Posted 31 December 2010 - 04:17 AM

Antivirus & Firewall disabled, I'm in Safe Mode, ComboFix icon is on desktop.

Case 1: I either doubleclick the icon, or I rightclick it and then click "Open." In this case I get a bullbleep message: the title is "Error--Win 32 Only," & the text of the message is "Incompatible OS. ComboFix only works for workstations with Windows 2000 and XP." I'm running XP (Win 32)--what OS does it think I have?

Case 2: I rightclick the icon and then click "Run As." In this case, I get first first a box with two questions: "Which user account do you want to use to run this program?" and "Protect my computer and data from unauthorized program activity" with a check box.

I go with the account I used to open to begin with, which is administrative. If I uncheck the "Protect my computer" box, I get same "Error--Win 32 Only" box I described above. If I leave it checked, I get a message the title of which is the ComboFix path and the text of which is "A device attached to the system is not functioning."

WTH

I'm going to bed now--it's late.

Hajduk

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:10 PM

Posted 31 December 2010 - 04:29 AM

Hello

ok when you return lets try this first

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Hajduk

Hajduk
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States
  • Local time:01:10 PM

Posted 31 December 2010 - 08:49 AM

Gringo, I have this program already installed on my computer. I use it for on-demand scans. I'll get right to it.

Hajduk

#12 Hajduk

Hajduk
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States
  • Local time:01:10 PM

Posted 31 December 2010 - 10:09 AM

OK, Gringo, here's the Malwarebytes log:

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 5214

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/31/2010 6:48:24 AM
mbam-log-2010-12-31 (06-48-24).txt

Scan type: Quick scan
Objects scanned: 155211
Time elapsed: 28 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\DelUS.bat (Malware.Trace) -> Quarantined and deleted successfully.


Do you know what this is? "Malware.Trace"?

Hajduk

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:10 PM

Posted 31 December 2010 - 11:20 AM

Hello

it is a file used by malware but alone is harmless

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click on Minimal Output at the top
  • Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select "Save"
  • Double click inside the Custom Scan box at the bottom
  • A window will appear saying "Click Ok to load a custom scan from a file or Cancel to cancel"
  • Click the Ok button and navigate to the file scan.txt which we just saved to your desktop
  • Select scan.txt and click Open. Writing will now appear under the Custom Scan box
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the OTL.Txt into this topic and please attach the Extras.Txt.


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Hajduk

Hajduk
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States
  • Local time:01:10 PM

Posted 31 December 2010 - 12:35 PM

Here's the ORT log. But I'm wondering if I shouldn't scan for 60 or 90 days rather than just 30.
OTL logfile created on: 12/31/2010 8:59:35 AM - Run 1
OTL by OldTimer - Version 3.2.18.2 Folder = C:\Documents and Settings\Stephen\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 174.00 Mb Available Physical Memory | 34.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 62.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 77.53 Gb Free Space | 69.35% Space Free | Partition Type: NTFS
Drive E: | 486.56 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: EAGLE-OWL | User Name: Stephen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Stephen\desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Traysoft\PhoneTray\PhoneTray.exe ()
PRC - C:\Program Files\Comodo Internet Securityl\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
PRC - C:\Program Files\Comodo Internet Securityl\COMODO\COMODO Internet Security\cfp.exe (COMODO)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\ABC Chaos decrypt\mainserv.exe (American Power Conversion Corporation)
PRC - C:\Program Files\LClock\LClock.exe ()
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe (HP)
PRC - C:\WINDOWS\StartupMonitor.exe ()


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Stephen\desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\guard32.dll (COMODO)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wtsapi32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\winsta.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\rtutils.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\onex.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msvcp60.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\iphlpapi.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\eappcfg.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\eappprxy.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\dot3api.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\dot3dlg.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\credui.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (cmdAgent) -- C:\Program Files\Comodo Internet Securityl\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV - (nosGetPlusHelper) getPlus® -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (getPlusHelper) getPlus® -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (APC UPS Service) -- C:\Program Files\ABC Chaos decrypt\mainserv.exe (American Power Conversion Corporation)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (IomegaAccess) -- C:\WINDOWS\System32\IomegaAccess.exe ( Iomega Corporation)
SRV - (ZipToA) -- C:\WINDOWS\System32\ZipToA.exe (Iomega Corporation)


========== Driver Services (SafeList) ==========

DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (Inspect) -- C:\WINDOWS\System32\DRIVERS\inspect.sys (COMODO)
DRV - (cmdGuard) -- C:\WINDOWS\system32\drivers\cmdGuard.sys (COMODO)
DRV - (cmdHlp) -- C:\WINDOWS\system32\drivers\cmdhlp.sys (COMODO)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (BANTExt) -- C:\WINDOWS\System32\Drivers\BANTExt.sys ()
DRV - (PhoneTrayDriver) -- C:\WINDOWS\system32\drivers\ptdrv.sys (Traysoft Inc.)
DRV - (videX32) -- C:\WINDOWS\system32\DRIVERS\videX32.sys (VIA Technologies, Inc.)
DRV - (klif) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab)
DRV - (NTIDrvr) -- C:\WINDOWS\system32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (oreans32) -- C:\WINDOWS\system32\drivers\oreans32.sys ()
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWCD2) -- C:\WINDOWS\system32\drivers\HSFHWCD2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (UBHelper) -- C:\WINDOWS\System32\drivers\UBHelper.sys ()
DRV - (ltmodem5) -- C:\WINDOWS\system32\drivers\ltmdmnt.sys (LT)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\rtl8139.sys (Realtek Semiconductor Corporation)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (viaagp1) -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.)
DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
DRV - (cmpci) C-Media PCI Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\cmaudio.sys (C-Media Inc)
DRV - (irsir) -- C:\WINDOWS\system32\drivers\irsir.sys (Microsoft Corporation)
DRV - (nv3) -- C:\WINDOWS\system32\drivers\nv3.sys (NVIDIA Corporation)
DRV - (HCF_MSFT) -- C:\WINDOWS\system32\drivers\HCF_MSFT.sys (Conexant)
DRV - (3dfxvs) -- C:\WINDOWS\system32\drivers\3dfxvsm.sys (3dfx Interactive, Inc.)
DRV - (EL90X) -- C:\WINDOWS\system32\drivers\el90xnd5.sys (3Com Corporation)
DRV - (ds1) Yamaha DS1 Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\ds1wdm.sys (Yamaha Corp.)
DRV - (ctencwdm) Creative PC-DVD Encore ( WDM ) -- C:\WINDOWS\system32\drivers\ctencwdm.sys (Creative Technology Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 48
FF - prefs.js..extensions.enabledItems: unloco@ArabicKeyBoard.net:1.0
FF - prefs.js..extensions.enabledItems: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB}:0.8.6
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.5
FF - prefs.js..extensions.enabledItems: {37fa1426-b82d-11db-8314-0800200c9a66}:1.5.3
FF - prefs.js..extensions.enabledItems: support@lastpass.com:1.60.0
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:3.3.18


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/10 13:05:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/25 08:33:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 0.3\extensions\\Components: C:\Program Files\Mozilla Sunbird\components [2007/05/21 13:17:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 0.3\extensions\\Plugins: C:\Program Files\Mozilla Sunbird\plugins [2010/12/25 08:33:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/09/10 11:34:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2010/10/16 20:23:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Stephen\Application Data\Mozilla\Extensions
[2010/10/16 20:23:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Stephen\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/08/14 14:51:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\624uyd64.default\extensions
[2009/11/11 08:35:39 | 000,000,000 | ---D | M] (Flagfox) -- C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\624uyd64.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2009/11/10 11:58:46 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\624uyd64.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2009/10/21 06:05:41 | 000,000,000 | ---D | M] (PDF Download) -- C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\624uyd64.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}(2)
[2009/10/14 05:00:15 | 000,000,000 | ---D | M] (WebMail Notifier) -- C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\624uyd64.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}
[2010/02/19 21:36:05 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\624uyd64.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/01/13 16:24:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\624uyd64.default\extensions\{8FFE139B-90A7-4460-A972-9D2738997F6D}
[2009/11/10 11:59:02 | 000,000,000 | ---D | M] (Update Notifier) -- C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\624uyd64.default\extensions\{95f24680-9e31-11da-a746-0800200c9a66}
[2010/01/13 16:24:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\624uyd64.default\extensions\{97c7d43c-4182-49b8-9b04-b78fed89d7fb}
[2009/11/10 11:58:46 | 000,000,000 | ---D | M] ("OpenBook") -- C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\624uyd64.default\extensions\{aba3f5c2-35d5-4960-bdfc-de9c162e39ce}
[2009/10/14 05:00:20 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\624uyd64.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/11/10 11:59:00 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\624uyd64.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2009/11/10 11:58:42 | 000,000,000 | ---D | M] (Tweak Network) -- C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\624uyd64.default\extensions\{DAD0F81A-CF67-4eed-98D6-26F6E47274CA}
[2009/11/10 11:58:45 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\624uyd64.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009/10/17 19:28:51 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\624uyd64.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/11/05 06:41:35 | 000,000,000 | ---D | M] (Download Manager Tweak) -- C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\624uyd64.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}
[2009/11/11 08:35:40 | 000,000,000 | ---D | M] (LastPass) -- C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\624uyd64.default\extensions\support@lastpass.com
[2009/11/10 11:58:42 | 000,000,000 | ---D | M] (Sxipper) -- C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\624uyd64.default\extensions\sxipper@sxip.com
[2010/11/06 05:03:52 | 000,000,000 | ---D | M] (@@toolbarname@@) -- C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\624uyd64.default\extensions\toolbar@ask.com
[2009/11/04 14:56:47 | 000,000,000 | ---D | M] ("ArabicKeyBoard") -- C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\624uyd64.default\extensions\unloco@ArabicKeyBoard.net
[2010/12/31 07:36:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\yc4ymxok.GriefandWoe\extensions
[2010/12/25 04:14:37 | 000,000,000 | ---D | M] (Flagfox) -- C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\yc4ymxok.GriefandWoe\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}(2)
[2010/04/16 19:26:30 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\yc4ymxok.GriefandWoe\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}(2)
[2010/12/12 14:31:36 | 000,000,000 | ---D | M] (WebMail Notifier) -- C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\yc4ymxok.GriefandWoe\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}
[2009/11/28 06:24:59 | 000,000,000 | ---D | M] (WebMail Notifier) -- C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\yc4ymxok.GriefandWoe\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}(2)
[2010/09/10 08:06:17 | 000,000,000 | ---D | M] (WebMail Notifier) -- C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\yc4ymxok.GriefandWoe\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}(3)
[2010/03/01 22:19:13 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\yc4ymxok.GriefandWoe\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/12/26 13:15:32 | 000,000,000 | ---D | M] (ImTranslator) -- C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\yc4ymxok.GriefandWoe\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
[2010/05/07 17:46:23 | 000,000,000 | ---D | M] (Download status) -- C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\yc4ymxok.GriefandWoe\extensions\{9fb8c270-7124-11dd-ad8b-0800200c9a66}
[2010/11/30 17:27:24 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\yc4ymxok.GriefandWoe\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/12/26 13:15:30 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\yc4ymxok.GriefandWoe\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/08/01 05:31:06 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\yc4ymxok.GriefandWoe\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(2)
[2010/05/31 18:20:23 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\yc4ymxok.GriefandWoe\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/02/02 16:59:16 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\yc4ymxok.GriefandWoe\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/04/16 19:26:03 | 000,000,000 | ---D | M] (Aeon Clouds) -- C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\yc4ymxok.GriefandWoe\extensions\{FDE3FEE9-893E-4cc7-A814-60E0DE7B2E01}(2)
[2010/11/03 02:30:35 | 000,000,000 | ---D | M] (InvisibleHand) -- C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\yc4ymxok.GriefandWoe\extensions\canitbecheaper@trafficbroker.co.uk
[2009/11/28 06:25:03 | 000,000,000 | ---D | M] (Add-on Compatibility Reporter) -- C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\yc4ymxok.GriefandWoe\extensions\compatibility@addons.mozilla(2).org
[2010/03/08 07:05:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\yc4ymxok.GriefandWoe\extensions\compatibility@addons.mozilla.org
[2010/03/08 10:39:37 | 000,000,000 | ---D | M] (Download folder button) -- C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\yc4ymxok.GriefandWoe\extensions\downloadfolderbutton@zen-ben.com
[2009/11/29 01:32:13 | 000,000,000 | ---D | M] (Download Panel) -- C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\yc4ymxok.GriefandWoe\extensions\download-panel@kwok.wai.kan
[2010/11/04 14:04:19 | 000,000,000 | ---D | M] (Element Hiding Helper for Adblock Plus) -- C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\yc4ymxok.GriefandWoe\extensions\elemhidehelper@adblockplus.org
[2010/05/31 18:20:26 | 000,000,000 | ---D | M] (Save File to) -- C:\Documents and Settings\Stephen\Application Data\Mozilla\Firefox\Profiles\yc4ymxok.GriefandWoe\extensions\savefileto@mozdev.org
[2010/10/19 16:32:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Stephen\Application Data\Mozilla\Sunbird\Profiles\udlnpaiw.default\extensions
[2010/12/31 07:36:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/03 08:09:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/24 20:06:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/01/13 16:42:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2009/09/25 04:31:28 | 000,257,124 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 8962 more lines...
O2 - BHO: (IE AdBlock) - {46B37057-5BA8-4014-B28D-6448FD171A3E} - C:\Program Files\IE AdBlock\IE AdBlock.dll (CatenaLogic)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Tracker Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - No CLSID value found.
O3 - HKLM\..\Toolbar: (IE AdBlock) - {BE1B1F92-AC2E-4AFB-BC9D-07FE272C1373} - C:\Program Files\IE AdBlock\IE AdBlock.dll (CatenaLogic)
O3 - HKLM\..\Toolbar: (Tracker Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {968631B6-4729-440D-9BF4-251F5593EC9A} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Tracker Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\Comodo Internet Securityl\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [Dimension4] C:\Program Files\D4\D4.exe (Thinking Man Software)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe (HP)
O4 - HKLM..\Run: [PhoneTray] C:\Program Files\Traysoft\PhoneTray\PhoneTray.exe ()
O4 - HKLM..\Run: [Run StartupMonitor] C:\WINDOWS\StartupMonitor.exe ()
O4 - HKCU..\Run: [LClock] C:\Program Files\LClock\LClock.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LClock.lnk = C:\Program Files\LClock\LClock.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe (PlotSoft LLC)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: gmail.com ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: google.com ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: google.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: lycos.com ([www.mail] * in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([www.mail] http in Trusted sites)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Value error.)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab (Windows Live Safety Center Base Module)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - Reg Error: Key error. File not found
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\Hp\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Stephen\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Stephen\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 20:11:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/06/21 02:44:14 | 000,103,800 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{ee338366-61ea-11df-8f64-dd3c2dee459e}\Shell - "" = AutoRun
O33 - MountPoints2\{ee338366-61ea-11df-8f64-dd3c2dee459e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ee338366-61ea-11df-8f64-dd3c2dee459e}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\AC3ACM.acm (fccHandler)
Drivers32: msacm.alf2cd - C:\WINDOWS\System32\alf2cd.acm (NCT Company)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.scg726 - C:\WINDOWS\System32\Scg726.acm (SHARP Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.dvsd - C:\WINDOWS\System32\mcdvd_32.dll (MainConcept)
Drivers32: vidc.ffds - C:\WINDOWS\System32\ffdshow.ax ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.wmv3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: vidc.xvid - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
Drivers32: wave2 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
Drivers32: wave3 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

MsConfig - Services: "WebrootSpySweeperService"
MsConfig - Services: "WinDefend"
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: aawservice - Reg Error: Value error.
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: aawservice - Reg Error: Value error.
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {0fde1f56-0d59-4fd7-9624-e3df6b419d0f} - IEEX
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4d64f3ba-f112-4efe-a02e-96680859937c} - KB918899
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5b7bf89d-d196-4c32-a303-a57b8ab7f18d} - KB918439
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} -
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {dd772a76-bef3-44d7-8b39-502c8504c1f1} - KB925486
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {f15ee071-deb7-4cbb-951f-431c98338d8e} - KB911567
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: AutorunsDisabled -

========== Files/Folders - Created Within 30 Days ==========

[2010/12/31 08:43:21 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Stephen\Desktop\OTL.exe
[2010/12/31 00:47:05 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2010/12/25 04:14:43 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Stephen\Recent
[2010/12/22 12:11:55 | 000,000,000 | ---D | C] -- C:\Program Files\Belarc
[2010/12/20 07:06:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stephen\My Documents\Catherine
[2010/12/16 14:14:47 | 000,000,000 | ---D | C] -- C:\Program Files\Power Archiver 1170
[2010/12/13 12:38:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stephen\Desktop\Music
[2010/12/13 12:35:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stephen\Desktop\Time
[2010/12/13 12:33:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stephen\Desktop\Word Processing
[2010/12/13 12:18:29 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner2.32.1165
[2010/12/12 14:12:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stephen\Application Data\Avira
[2010/12/12 14:01:27 | 000,135,096 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/12/12 14:01:27 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/12/12 14:01:27 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010/12/12 14:01:27 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/12/12 14:01:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010/12/10 22:31:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stephen\Desktop\SpaceSniffer
[2010/12/10 13:26:31 | 000,000,000 | ---D | C] -- C:\Program Files\Tray Wizard
[2010/12/10 07:06:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stephen\Desktop\Graphics
[2010/12/10 07:02:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stephen\Desktop\Media Players &c
[2010/12/10 04:12:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stephen\Desktop\Fonts
[2010/12/10 04:08:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\PhoneTray
[2010/12/10 03:58:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stephen\Desktop\Maintenance
[2010/12/10 03:51:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stephen\Desktop\Pee Dee Eff
[2010/12/10 03:01:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stephen\Desktop\Security
[2010/12/09 10:22:27 | 000,000,000 | ---D | C] -- C:\Program Files\GMER Rootkit Detector
[2010/12/09 10:22:27 | 000,000,000 | ---D | C] -- C:\Program Files\GMER Rootkit Detector
[2010/12/09 10:06:25 | 000,000,000 | ---D | C] -- C:\Program Files\DDS
[2010/12/09 09:48:43 | 000,000,000 | ---D | C] -- C:\Program Files\Defogger
[2010/12/07 20:16:43 | 000,000,000 | ---D | C] -- C:\Program Files\Firefox IE Tab
[2010/12/07 16:57:59 | 000,000,000 | ---D | C] -- C:\Program Files\Traysoft
[2010/12/07 10:44:47 | 000,000,000 | ---D | C] -- C:\Program Files\PhoneTray DialUp
[2010/12/04 06:18:27 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2008/07/21 18:18:08 | 003,548,609 | ---- | C] (Word-Pdf-Convert Software, Inc. ) -- C:\Program Files\Free HTM to JPG Converter.exe
[2008/01/24 23:40:07 | 015,070,144 | ---- | C] (Webroot Software, Inc. ) -- C:\Program Files\ssftrialsnrsetup1_26338613.exe
[2008/01/20 14:14:49 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Program Files\HiJack This Install.exe
[2007/04/19 18:38:11 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[2007/02/17 06:07:34 | 005,007,104 | ---- | C] (Google) -- C:\Program Files\GoogleVideoPlayerSetup.exe
[2006/12/31 06:19:32 | 000,504,632 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB926247-x86-ENU.exe
[2006/12/31 06:15:12 | 000,739,640 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB926255-x86-ENU.exe
[2006/12/31 06:12:47 | 000,518,888 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB884020-x86-enu.exe
[2006/12/31 06:03:22 | 000,701,752 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB921883-x86-ENU.exe
[2006/11/24 17:17:05 | 000,049,152 | ---- | C] (CoolFreeSoftware.com) -- C:\Program Files\CM Pro.exe
[2006/10/27 19:46:46 | 010,120,112 | ---- | C] (Skype Technologies S.A. ) -- C:\Program Files\SkypeSetup.exe
[2006/10/20 18:23:19 | 000,166,144 | ---- | C] (Microsoft Corporation) -- C:\Program Files\DECCHECKSetup.EXE
[2006/10/16 18:46:19 | 000,761,915 | ---- | C] (David Howorth ) -- C:\Program Files\Spikey setup.exe
[2006/09/30 20:43:47 | 001,681,656 | ---- | C] (foobar2000.org) -- C:\Program Files\foobar2000_0.9.4.exe
[2006/09/22 16:13:39 | 003,711,728 | ---- | C] (ConeXware, Inc. ) -- C:\Program Files\powarc963.exe
[2006/09/22 05:44:57 | 012,606,880 | ---- | C] (Hewlett-Packard ) -- C:\Program Files\sp26286.exe
[2006/09/21 21:03:36 | 012,754,672 | ---- | C] (Microsoft Corporation) -- C:\Program Files\MP10Setup.exe
[2006/08/27 14:40:12 | 003,594,752 | ---- | C] (www.BabelStone.co.uk/Software/BabelMap.html) -- C:\Program Files\BabelMap.exe
[2006/07/12 11:59:22 | 003,278,400 | ---- | C] (Sysinternals) -- C:\Program Files\procexp.exe
[2004/11/24 10:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[2004/09/10 13:40:38 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Program Files\DECCHECK.exe
[1 C:\Documents and Settings\Stephen\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Stephen\Local Settings\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/31 09:22:00 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E1A1B60D-879C-4A6A-8859-D9525B679127}.job
[2010/12/31 09:12:00 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-299502267-1580436667-839522115-1003UA.job
[2010/12/31 09:06:00 | 000,000,258 | ---- | M] () -- C:\WINDOWS\tasks\Clean System Memory.job
[2010/12/31 09:01:00 | 000,000,238 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/12/31 08:55:00 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/31 08:54:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/31 08:46:12 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Stephen\Desktop\OTL.exe
[2010/12/31 08:12:00 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-299502267-1580436667-839522115-1003Core.job
[2010/12/31 06:52:20 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/31 06:51:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/31 06:51:24 | 536,399,872 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/31 06:50:06 | 135,919,648 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2010/12/31 06:50:06 | 001,593,332 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2010/12/31 06:36:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/12/31 00:35:49 | 001,545,472 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/30 22:47:11 | 000,004,912 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/12/30 22:43:56 | 004,011,777 | ---- | M] () -- C:\Documents and Settings\Stephen\Desktop\ComboFix.exe
[2010/12/29 02:23:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\PC Health Advisor Defrag.job
[2010/12/26 00:59:07 | 000,135,096 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/12/25 15:09:11 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Stephen\My Documents\Angels do not multitask.doc
[2010/12/25 12:48:28 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Stephen\My Documents\Chorales in Bach’s Christmas Oratorio.doc
[2010/12/24 07:01:20 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Stephen\My Documents\Surnames--Invented.doc
[2010/12/23 10:55:43 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Stephen\My Documents\2010.12.22--to Jesse.doc
[2010/12/16 05:33:14 | 000,057,344 | ---- | M] () -- C:\Documents and Settings\Stephen\My Documents\Traveler’s Tale.doc
[2010/12/13 19:13:14 | 000,000,773 | ---- | M] () -- C:\Documents and Settings\Stephen\Desktop\PhoneTrayDialup.exe.lnk
[2010/12/13 12:23:22 | 000,001,340 | ---- | M] () -- C:\cc_20101213_122258.reg
[2010/12/13 06:58:54 | 000,000,616 | ---- | M] () -- C:\Documents and Settings\Stephen\Application Data\Microsoft\Internet Explorer\Quick Launch\SpiritOne.lnk
[2010/12/13 06:52:27 | 000,000,616 | ---- | M] () -- C:\Documents and Settings\Stephen\Desktop\SpiritOne.lnk
[2010/12/13 06:52:27 | 000,000,616 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SpiritOne.lnk
[2010/12/12 22:52:45 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/12/11 07:12:47 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\Stephen\My Documents\2010.XII.09--Social Security Payback Option Eliminated.doc
[2010/12/10 13:26:33 | 000,000,638 | ---- | M] () -- C:\Documents and Settings\Stephen\Desktop\Tray Wizard.lnk
[2010/12/09 09:51:47 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Stephen\defogger_reenable
[2010/12/06 15:56:30 | 000,130,560 | ---- | M] () -- C:\Documents and Settings\Stephen\My Documents\Income Inequality in America Continues to Grow.doc
[2010/12/05 17:42:31 | 000,130,560 | ---- | M] () -- C:\Documents and Settings\Stephen\My Documents\Orthodox Churches in Portland Area.doc
[2010/12/03 01:13:43 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\Stephen\My Documents\Zolzaya Moon correspondence.doc
[2010/12/03 00:45:44 | 000,038,400 | ---- | M] () -- C:\Documents and Settings\Stephen\My Documents\Mystery of Green Fireball ‘UFOs’ Solved.doc
[2010/12/01 16:47:52 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\Stephen\My Documents\How do I edit or change my Yahoo public profile image.doc
[1 C:\Documents and Settings\Stephen\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Stephen\Local Settings\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/31 00:49:52 | 536,399,872 | -HS- | C] () -- C:\hiberfil.sys
[2010/12/30 20:45:39 | 004,011,777 | ---- | C] () -- C:\Documents and Settings\Stephen\Desktop\ComboFix.exe
[2010/12/25 15:09:11 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Stephen\My Documents\Angels do not multitask.doc
[2010/12/25 12:31:17 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Stephen\My Documents\Chorales in Bach’s Christmas Oratorio.doc
[2010/12/23 10:55:42 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Stephen\My Documents\2010.12.22--to Jesse.doc
[2010/12/16 16:37:36 | 000,000,616 | ---- | C] () -- C:\Documents and Settings\Stephen\Desktop\SpiritOne.lnk
[2010/12/16 05:33:14 | 000,057,344 | ---- | C] () -- C:\Documents and Settings\Stephen\My Documents\Traveler’s Tale.doc
[2010/12/13 19:13:14 | 000,000,773 | ---- | C] () -- C:\Documents and Settings\Stephen\Desktop\PhoneTrayDialup.exe.lnk
[2010/12/13 12:23:04 | 000,001,340 | ---- | C] () -- C:\cc_20101213_122258.reg
[2010/12/13 06:58:54 | 000,000,616 | ---- | C] () -- C:\Documents and Settings\Stephen\Application Data\Microsoft\Internet Explorer\Quick Launch\SpiritOne.lnk
[2010/12/13 06:52:27 | 000,000,616 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SpiritOne.lnk
[2010/12/11 07:12:47 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\Stephen\My Documents\2010.XII.09--Social Security Payback Option Eliminated.doc
[2010/12/10 13:26:33 | 000,000,638 | ---- | C] () -- C:\Documents and Settings\Stephen\Desktop\Tray Wizard.lnk
[2010/12/10 11:51:38 | 000,134,245 | R--- | C] () -- C:\WINDOWS\System32\drivers\Bxt167U.cty
[2010/12/09 09:51:47 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Stephen\defogger_reenable
[2010/12/06 15:56:25 | 000,130,560 | ---- | C] () -- C:\Documents and Settings\Stephen\My Documents\Income Inequality in America Continues to Grow.doc
[2010/12/03 01:13:18 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\Stephen\My Documents\Zolzaya Moon correspondence.doc
[2010/12/03 00:45:18 | 000,038,400 | ---- | C] () -- C:\Documents and Settings\Stephen\My Documents\Mystery of Green Fireball ‘UFOs’ Solved.doc
[2010/12/01 16:47:52 | 000,027,648 | ---- | C] () -- C:\Documents and Settings\Stephen\My Documents\How do I edit or change my Yahoo public profile image.doc
[2010/04/27 09:22:53 | 000,000,011 | ---- | C] () -- C:\Program Files\labneh.txt
[2010/04/23 08:55:54 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Stephen\Local Settings\Application Data\housecall.guid.cache
[2010/02/06 22:23:03 | 000,003,885 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/01/08 07:28:31 | 000,150,528 | ---- | C] () -- C:\Program Files\AWCInit.exe
[2008/09/25 19:03:00 | 000,002,404 | ---- | C] () -- C:\Program Files\sysrestoreenable.reg
[2008/08/29 21:27:50 | 000,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/05/01 16:28:11 | 000,001,387 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2008/03/01 05:44:48 | 000,000,305 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\addr_file.html
[2008/01/10 17:50:15 | 000,014,290 | ---- | C] () -- C:\Program Files\settings.dat
[2007/12/06 13:09:37 | 000,000,119 | ---- | C] () -- C:\WINDOWS\KGallery Kaleidoscope.ini
[2007/09/04 10:37:12 | 000,071,168 | ---- | C] () -- C:\Program Files\OnLine Bible Setup.exe
[2007/07/25 05:13:12 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2007/05/23 21:10:41 | 000,000,058 | ---- | C] () -- C:\Documents and Settings\Stephen\Local Settings\Application Data\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2007/05/18 19:25:37 | 000,000,046 | ---- | C] () -- C:\Documents and Settings\Stephen\Local Settings\Application Data\DonationCoder_processtamer_InstallInfo.dat
[2007/05/15 12:33:25 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2007/04/25 20:29:39 | 000,000,227 | ---- | C] () -- C:\WINDOWS\pwcd.INI
[2007/04/25 13:39:12 | 000,000,207 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/04/24 17:12:01 | 000,000,007 | ---- | C] () -- C:\Documents and Settings\Stephen\Application Data\AVSDVDPlayer.m3u
[2007/04/21 12:26:00 | 000,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys
[2007/04/21 12:23:39 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll
[2007/04/21 12:23:38 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2007/04/21 12:23:38 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2007/04/21 12:23:38 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2007/04/13 10:03:03 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\glide2x.dll
[2007/04/13 10:03:02 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\3dfxvgl.dll
[2007/03/21 21:57:26 | 010,159,744 | ---- | C] () -- C:\Program Files\iTunesSetup.exe
[2007/03/13 00:18:59 | 000,000,262 | ---- | C] () -- C:\Documents and Settings\Stephen\Application Data\WinssCookie.txt
[2007/03/08 10:29:00 | 000,037,286 | ---- | C] () -- C:\Program Files\ET_SRC.ZIP
[2007/02/16 18:36:20 | 000,033,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\oreans32.sys
[2007/02/16 18:35:12 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/02/16 18:35:11 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/01/09 19:51:38 | 000,856,047 | ---- | C] () -- C:\Program Files\EFRCSetup.exe
[2006/12/31 05:58:11 | 005,186,048 | ---- | C] () -- C:\Program Files\WindowsDefender.msi
[2006/11/24 16:27:50 | 003,088,108 | ---- | C] () -- C:\Program Files\LATEST-IS-1.8.0
[2006/11/19 21:49:32 | 000,000,025 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2006/11/19 21:49:29 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\pdfmona.dll
[2006/11/19 21:49:29 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2006/11/12 20:14:36 | 000,359,112 | ---- | C] () -- C:\Program Files\LimeWireWin.exe
[2006/11/07 11:32:26 | 012,490,317 | ---- | C] () -- C:\Program Files\install_advance.exe
[2006/10/27 18:44:44 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Stephen\Local Settings\Application Data\fusioncache.dat
[2006/10/23 21:33:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2006/10/23 09:04:28 | 000,075,133 | ---- | C] () -- C:\WINDOWS\MultiKey.ini
[2006/10/21 05:13:21 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/10/21 05:13:21 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/10/21 05:13:21 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/10/21 05:13:21 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/10/21 05:13:20 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/10/21 05:13:20 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/10/18 20:00:06 | 000,000,222 | ---- | C] () -- C:\Program Files\chmap.ini
[2006/10/06 22:22:17 | 000,009,216 | ---- | C] () -- C:\Documents and Settings\Stephen\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/10/06 21:01:32 | 000,905,728 | ---- | C] () -- C:\Program Files\iview398.exe
[2006/10/02 22:37:52 | 000,000,180 | ---- | C] () -- C:\Program Files\ecm.ini
[2006/09/22 17:53:03 | 001,318,176 | ---- | C] () -- C:\Program Files\ns_abasetup162.exe
[2006/09/22 17:40:51 | 000,000,074 | ---- | C] () -- C:\Program Files\kmhd-sc-48.pls
[2006/09/19 20:02:50 | 000,000,025 | ---- | C] () -- C:\WINDOWS\mixerdef.ini
[2006/09/19 20:01:05 | 000,028,165 | ---- | C] () -- C:\WINDOWS\cmijack.ini
[2006/09/19 20:01:05 | 000,020,333 | ---- | C] () -- C:\WINDOWS\cmaudio.ini
[2006/09/19 20:01:05 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2006/09/19 20:01:05 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2006/09/19 06:56:07 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/18 12:53:13 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/07/28 08:32:44 | 000,007,005 | ---- | C] () -- C:\Program Files\EulaDiskvew.txt
[2006/07/28 08:32:44 | 000,007,005 | ---- | C] () -- C:\Program Files\Eula.txt
[2006/04/27 15:40:56 | 000,072,418 | ---- | C] () -- C:\Program Files\procexp.chm
[2006/04/04 17:44:36 | 003,290,930 | ---- | C] () -- C:\Program Files\CharMapX_Setup.exe
[2006/03/23 09:46:52 | 000,060,416 | ---- | C] () -- C:\WINDOWS\MultiKyb.dll
[2005/07/15 10:35:56 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/07/15 10:35:56 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/07/15 10:35:24 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/06/05 21:35:02 | 001,121,222 | ---- | C] () -- C:\Program Files\CountryCode.v2.5.0_setup.exe
[2005/06/05 21:33:28 | 000,006,139 | ---- | C] () -- C:\Program Files\pad_file.xml
[2004/10/11 21:40:58 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2004/10/11 21:39:48 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2004/10/11 21:39:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2004/10/08 21:40:16 | 000,454,144 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2004/10/04 23:16:08 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2004/10/03 08:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2004/08/18 16:03:31 | 004,897,400 | ---- | C] () -- C:\Program Files\WorldPad_0_8_setup.exe
[2002/04/14 17:00:22 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\kbdruss.dll
[2001/12/26 14:12:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/09/03 21:46:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/07/30 14:33:56 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/23 20:04:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[1999/10/25 16:32:36 | 000,001,295 | ---- | C] () -- C:\Program Files\CharacterMapPro README.TXT
[1999/10/25 16:32:08 | 000,468,992 | ---- | C] () -- C:\Program Files\CHMAP.EXE
[1999/01/22 10:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/12/20 12:19:24 | 000,420,352 | ---- | C] () -- C:\Program Files\ecm.exe
[1998/12/20 12:15:54 | 000,001,517 | ---- | C] () -- C:\Program Files\ecm.txt
[1998/01/12 00:00:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL

========== LOP Check ==========

[2010/09/10 08:05:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ConeXware
[2010/11/26 16:05:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2008/05/14 20:50:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes
[2010/11/27 08:44:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/06/20 13:16:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2006/11/19 21:49:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2006/09/19 06:59:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
[2010/07/08 01:57:50 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\System Restore
[2009/11/05 17:01:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}
[2009/04/09 21:10:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
[2009/10/21 06:05:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{A87EB928-0C6C-4071-AEF1-59E32BAEDF1B}
[2010/01/13 16:23:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephen\Application Data\Abakt
[2008/05/17 05:41:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephen\Application Data\Auslogics
[2009/09/19 21:53:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephen\Application Data\CBS Interactive
[2007/01/21 17:51:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephen\Application Data\CyberScrub
[2008/03/03 11:31:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephen\Application Data\Dexpot
[2010/09/28 19:12:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephen\Application Data\DriverCure
[2010/12/01 07:18:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephen\Application Data\Easy Thumbnails
[2010/07/08 01:59:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephen\Application Data\FireShot
[2009/02/24 19:33:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephen\Application Data\foobar2000
[2008/06/23 21:37:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephen\Application Data\GlarySoft
[2009/01/08 16:55:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephen\Application Data\IObit
[2007/09/01 12:16:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephen\Application Data\Leadertech
[2008/07/30 09:10:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephen\Application Data\PandoraRecovery
[2010/10/16 13:14:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephen\Application Data\ParetoLogic
[2008/11/19 18:31:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephen\Application Data\Pmcc
[2010/09/17 00:59:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephen\Application Data\Software Informer
[2009/10/20 08:55:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephen\Application Data\Stardock
[2010/01/13 20:30:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephen\Application Data\Thunderbird
[2010/08/09 09:12:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephen\Application Data\Uniblue
[2010/11/20 15:49:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stephen\Application Data\XnView
[2010/12/31 06:36:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/12/31 09:06:00 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Clean System Memory.job
[2009/07/28 15:18:57 | 000,000,316 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job
[2010/04/17 06:18:25 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job
[2010/12/29 02:23:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\PC Health Advisor Defrag.job
[2010/12/31 09:01:00 | 000,000,238 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2010/11/25 00:35:24 | 000,000,534 | ---- | M] () -- C:\WINDOWS\Tasks\SymInstallStub.job
[2008/03/03 10:01:45 | 000,000,274 | ---- | M] () -- C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
[2007/05/18 08:50:26 | 000,000,396 | ---- | M] () -- C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job
[2010/12/31 09:22:00 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{E1A1B60D-879C-4A6A-8859-D9525B679127}.job

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2010/10/12 19:01:48 | 000,019,968 | ---- | M] ()(C:\Documents and Settings\Stephen\My Documents\?e? ? ßas????? ????a?d???.doc) -- C:\Documents and Settings\Stephen\My Documents\Ζει ο βασιλιάς Αλέξανδρος.doc
[2010/10/12 19:01:47 | 000,019,968 | ---- | C] ()(C:\Documents and Settings\Stephen\My Documents\?e? ? ßas????? ????a?d???.doc) -- C:\Documents and Settings\Stephen\My Documents\Ζει ο βασιλιάς Αλέξανδρος.doc
[2010/08/30 12:05:37 | 000,083,968 | ---- | M] ()(C:\Documents and Settings\Stephen\My Documents\??????????? ??????.doc) -- C:\Documents and Settings\Stephen\My Documents\Олзийсайхан Золзая.doc
[2010/08/30 12:05:37 | 000,083,968 | ---- | C] ()(C:\Documents and Settings\Stephen\My Documents\??????????? ??????.doc) -- C:\Documents and Settings\Stephen\My Documents\Олзийсайхан Золзая.doc
[2010/07/12 22:07:56 | 000,019,968 | ---- | M] ()(C:\Documents and Settings\Stephen\My Documents\??????.doc) -- C:\Documents and Settings\Stephen\My Documents\الشباب.doc
[2010/07/12 22:07:55 | 000,019,968 | ---- | C] ()(C:\Documents and Settings\Stephen\My Documents\??????.doc) -- C:\Documents and Settings\Stephen\My Documents\الشباب.doc
[2010/06/25 22:01:12 | 000,024,576 | ---- | M] ()(C:\Documents and Settings\Stephen\My Documents\? G?????a.doc) -- C:\Documents and Settings\Stephen\My Documents\Η Γοργόνα.doc
[2010/06/25 22:01:12 | 000,024,576 | ---- | C] ()(C:\Documents and Settings\Stephen\My Documents\? G?????a.doc) -- C:\Documents and Settings\Stephen\My Documents\Η Γοργόνα.doc
[2010/05/24 12:20:07 | 000,023,552 | ---- | M] ()(C:\Documents and Settings\Stephen\My Documents\2010?05?24 to Nikita.doc) -- C:\Documents and Settings\Stephen\My Documents\2010‒05‒24 to Nikita.doc
[2010/05/24 12:20:07 | 000,023,552 | ---- | C] ()(C:\Documents and Settings\Stephen\My Documents\2010?05?24 to Nikita.doc) -- C:\Documents and Settings\Stephen\My Documents\2010‒05‒24 to Nikita.doc
[2010/01/31 22:27:04 | 000,025,088 | ---- | M] ()(C:\Documents and Settings\Stephen\My Documents\The Greek word ??s?a and hence the Latin form Pascha is derived from Hebrew Pesach.doc) -- C:\Documents and Settings\Stephen\My Documents\The Greek word Πάσχα and hence the Latin form Pascha is derived from Hebrew Pesach.doc
[2010/01/30 23:05:28 | 000,025,088 | ---- | C] ()(C:\Documents and Settings\Stephen\My Documents\The Greek word ??s?a and hence the Latin form Pascha is derived from Hebrew Pesach.doc) -- C:\Documents and Settings\Stephen\My Documents\The Greek word Πάσχα and hence the Latin form Pascha is derived from Hebrew Pesach.doc
[2009/11/10 12:07:55 | 000,021,504 | ---- | M] ()(C:\Documents and Settings\Stephen\My Documents\??.doc) -- C:\Documents and Settings\Stephen\My Documents\日本.doc
[2009/11/09 14:06:50 | 000,021,504 | ---- | C] ()(C:\Documents and Settings\Stephen\My Documents\??.doc) -- C:\Documents and Settings\Stephen\My Documents\日本.doc
[2009/10/27 14:41:26 | 000,019,968 | ---- | M] ()(C:\Documents and Settings\Stephen\My Documents\????????.doc) -- C:\Documents and Settings\Stephen\My Documents\Уткоёбов.doc
[2009/10/27 14:41:25 | 000,019,968 | ---- | C] ()(C:\Documents and Settings\Stephen\My Documents\????????.doc) -- C:\Documents and Settings\Stephen\My Documents\Уткоёбов.doc
[2009/09/23 12:38:28 | 000,024,064 | ---- | M] ()(C:\Documents and Settings\Stephen\My Documents\Eat at the Ph? King.doc) -- C:\Documents and Settings\Stephen\My Documents\Eat at the Phở King.doc
[2009/09/23 12:38:27 | 000,024,064 | ---- | C] ()(C:\Documents and Settings\Stephen\My Documents\Eat at the Ph? King.doc) -- C:\Documents and Settings\Stephen\My Documents\Eat at the Phở King.doc
[2009/09/14 14:22:12 | 000,026,624 | ---- | M] ()(C:\Documents and Settings\Stephen\My Documents\2009?09?14 To Mozillazine Forum.doc) -- C:\Documents and Settings\Stephen\My Documents\2009‒09‒14 To Mozillazine Forum.doc
[2009/09/14 14:22:11 | 000,026,624 | ---- | C] ()(C:\Documents and Settings\Stephen\My Documents\2009?09?14 To Mozillazine Forum.doc) -- C:\Documents and Settings\Stephen\My Documents\2009‒09‒14 To Mozillazine Forum.doc
[2009/07/26 05:42:57 | 000,025,600 | ---- | M] ()(C:\Documents and Settings\Stephen\My Documents\2009?07?26 Fr Matthew please announce.doc) -- C:\Documents and Settings\Stephen\My Documents\2009‒07‒26 Fr Matthew please announce.doc
[2009/07/26 05:42:56 | 000,025,600 | ---- | C] ()(C:\Documents and Settings\Stephen\My Documents\2009?07?26 Fr Matthew please announce.doc) -- C:\Documents and Settings\Stephen\My Documents\2009‒07‒26 Fr Matthew please announce.doc
[2009/07/03 20:13:41 | 000,028,160 | ---- | M] ()(C:\Documents and Settings\Stephen\My Documents\S?t????? ?t?? 2009.doc) -- C:\Documents and Settings\Stephen\My Documents\Σωτήριον ἔτος 2009.doc
[2009/07/03 20:13:41 | 000,028,160 | ---- | C] ()(C:\Documents and Settings\Stephen\My Documents\S?t????? ?t?? 2009.doc) -- C:\Documents and Settings\Stephen\My Documents\Σωτήριον ἔτος 2009.doc
[2009/04/18 17:19:45 | 000,092,672 | ---- | M] ()(C:\Documents and Settings\Stephen\My Documents\?? ???? ??? ????.doc) -- C:\Documents and Settings\Stephen\My Documents\От Меня это было.doc
[2009/04/18 16:45:12 | 000,092,672 | ---- | C] ()(C:\Documents and Settings\Stephen\My Documents\?? ???? ??? ????.doc) -- C:\Documents and Settings\Stephen\My Documents\От Меня это было.doc
[2009/04/18 14:08:36 | 000,025,600 | ---- | M] ()(C:\Documents and Settings\Stephen\My Documents\?ta? e?s????? e?? t?? ßas??e??? s??.doc) -- C:\Documents and Settings\Stephen\My Documents\ὅταν εἰσέλθης εἰς τὴν βασίλειον σου.doc
[2009/04/16 22:26:40 | 000,024,064 | ---- | M] ()(C:\Documents and Settings\Stephen\My Documents\?a? t? s??d?????.doc) -- C:\Documents and Settings\Stephen\My Documents\καὶ τὸ σουδάριον.doc
[2009/04/16 22:26:39 | 000,024,064 | ---- | C] ()(C:\Documents and Settings\Stephen\My Documents\?a? t? s??d?????.doc) -- C:\Documents and Settings\Stephen\My Documents\καὶ τὸ σουδάριον.doc
[2009/04/16 14:59:31 | 000,025,600 | ---- | C] ()(C:\Documents and Settings\Stephen\My Documents\?ta? e?s????? e?? t?? ßas??e??? s??.doc) -- C:\Documents and Settings\Stephen\My Documents\ὅταν εἰσέλθης εἰς τὴν βασίλειον σου.doc
[2009/04/14 13:12:54 | 000,024,064 | ---- | M] ()(C:\Documents and Settings\Stephen\My Documents\Ph? Qu?ng.doc) -- C:\Documents and Settings\Stephen\My Documents\Phở Quảng.doc
[2009/04/14 13:12:53 | 000,024,064 | ---- | C] ()(C:\Documents and Settings\Stephen\My Documents\Ph? Qu?ng.doc) -- C:\Documents and Settings\Stephen\My Documents\Phở Quảng.doc
[2009/03/22 16:47:54 | 000,025,600 | ---- | M] ()(C:\Documents and Settings\Stephen\My Documents\???????????? ?????.doc) -- C:\Documents and Settings\Stephen\My Documents\Здравствуйте Шімон.doc
[2009/03/22 16:47:52 | 000,025,600 | ---- | C] ()(C:\Documents and Settings\Stephen\My Documents\???????????? ?????.doc) -- C:\Documents and Settings\Stephen\My Documents\Здравствуйте Шімон.doc
[2009/03/20 15:01:32 | 000,024,064 | ---- | M] ()(C:\Documents and Settings\Stephen\My Documents\diên cái d?u.doc) -- C:\Documents and Settings\Stephen\My Documents\điên cái đầu.doc
[2009/03/20 15:01:29 | 000,024,064 | ---- | C] ()(C:\Documents and Settings\Stephen\My Documents\diên cái d?u.doc) -- C:\Documents and Settings\Stephen\My Documents\điên cái đầu.doc
[2009/03/14 19:24:48 | 000,024,064 | ---- | M] ()(C:\Documents and Settings\Stephen\My Documents\p????????p?p?fa???.doc) -- C:\Documents and Settings\Stephen\My Documents\πολυλολλιποπόφαγος.doc
[2009/03/14 19:24:48 | 000,024,064 | ---- | C] ()(C:\Documents and Settings\Stephen\My Documents\p????????p?p?fa???.doc) -- C:\Documents and Settings\Stephen\My Documents\πολυλολλιποπόφαγος.doc
[2008/12/14 13:57:25 | 000,177,664 | ---- | M] ()(C:\Documents and Settings\Stephen\My Documents\??????? ???????.doc) -- C:\Documents and Settings\Stephen\My Documents\Кишська церковь.doc
[2008/12/14 13:57:24 | 000,177,664 | ---- | C] ()(C:\Documents and Settings\Stephen\My Documents\??????? ???????.doc) -- C:\Documents and Settings\Stephen\My Documents\Кишська церковь.doc
[2008/11/09 21:58:23 | 000,024,064 | ---- | M] ()(C:\Documents and Settings\Stephen\My Documents\e??a? ??a e??e???? ??? µ??a.doc) -- C:\Documents and Settings\Stephen\My Documents\είναι όλα ελλενικά γιά μένα.doc
[2008/11/09 21:58:22 | 000,024,064 | ---- | C] ()(C:\Documents and Settings\Stephen\My Documents\e??a? ??a e??e???? ??? µ??a.doc) -- C:\Documents and Settings\Stephen\My Documents\είναι όλα ελλενικά γιά μένα.doc
[2008/11/09 21:48:54 | 000,024,064 | ---- | M] ()(C:\Documents and Settings\Stephen\My Documents\?????a.doc) -- C:\Documents and Settings\Stephen\My Documents\Ἀίγινα.doc
[2008/11/09 20:52:57 | 000,024,064 | ---- | C] ()(C:\Documents and Settings\Stephen\My Documents\?????a.doc) -- C:\Documents and Settings\Stephen\My Documents\Ἀίγινα.doc
[2008/11/08 23:04:15 | 000,024,064 | ---- | M] ()(C:\Documents and Settings\Stephen\My Documents\?????a.doc) -- C:\Documents and Settings\Stephen\My Documents\Αίγινα.doc
[2008/11/08 23:04:14 | 000,024,064 | ---- | C] ()(C:\Documents and Settings\Stephen\My Documents\?????a.doc) -- C:\Documents and Settings\Stephen\My Documents\Αίγινα.doc
[2008/10/14 04:25:29 | 000,085,504 | ---- | M] ()(C:\Documents and Settings\Stephen\My Documents\??????T??.doc) -- C:\Documents and Settings\Stephen\My Documents\ΑΚΟΛΟΥΘΙΑ.doc
[2008/10/14 04:25:23 | 000,085,504 | ---- | C] ()(C:\Documents and Settings\Stephen\My Documents\??????T??.doc) -- C:\Documents and Settings\Stephen\My Documents\ΑΚΟΛΟΥΘΙΑ.doc
[2008/10/08 12:18:14 | 000,293,888 | ---- | M] ()(C:\Documents and Settings\Stephen\My Documents\?????????? ?????? ?????? ?????? ???????????? ?????????? ?????? 1917.doc) -- C:\Documents and Settings\Stephen\My Documents\Алфавитный список Членов Собора Православной Российской Церкви 1917.doc
[2008/10/08 12:18:13 | 000,293,888 | ---- | C] ()(C:\Documents and Settings\Stephen\My Documents\?????????? ?????? ?????? ?????? ???????????? ?????????? ?????? 1917.doc) -- C:\Documents and Settings\Stephen\My Documents\Алфавитный список Членов Собора Православной Российской Церкви 1917.doc
[2008/10/07 04:48:03 | 000,500,736 | ---- | M] ()(C:\Documents and Settings\Stephen\My Documents\????????? ? ????????.doc) -- C:\Documents and Settings\Stephen\My Documents\Вернуться в Псалтырь.doc
[2008/10/07 04:48:02 | 000,500,736 | ---- | C] ()(C:\Documents and Settings\Stephen\My Documents\????????? ? ????????.doc) -- C:\Documents and Settings\Stephen\My Documents\Вернуться в Псалтырь.doc
[2008/05/01 07:18:03 | 000,024,064 | ---- | M] ()(C:\Documents and Settings\Stephen\My Documents\???.doc) -- C:\Documents and Settings\Stephen\My Documents\ثدي.doc
[2008/05/01 07:18:03 | 000,024,064 | ---- | C] ()(C:\Documents and Settings\Stephen\My Documents\???.doc) -- C:\Documents and Settings\Stephen\My Documents\ثدي.doc
[2008/02/20 12:56:09 | 000,024,576 | ---- | M] ()(C:\Documents and Settings\Stephen\My Documents\?ßß? in Kittel’s Theological Dict of NT.doc) -- C:\Documents and Settings\Stephen\My Documents\ἁββᾶ in Kittel’s Theological Dict of NT.doc
[2008/02/20 12:52:33 | 000,024,576 | ---- | C] ()(C:\Documents and Settings\Stephen\My Documents\?ßß? in Kittel’s Theological Dict of NT.doc) -- C:\Documents and Settings\Stephen\My Documents\ἁββᾶ in Kittel’s Theological Dict of NT.doc
[2008/01/31 08:08:17 | 000,026,112 | ---- | M] ()(C:\Documents and Settings\Stephen\My Documents\d? h? k? s? t? z?.doc) -- C:\Documents and Settings\Stephen\My Documents\ḍ ḥ ḳ ṣ ṭ ẓ.doc
[2008/01/14 23:56:03 | 000,091,648 | ---- | M] ()(C:\Documents and Settings\Stephen\My Documents\???????????? ????????????.doc) -- C:\Documents and Settings\Stephen\My Documents\Православная энциклопедия.doc
[2008/01/14 23:53:23 | 000,147,968 | ---- | M] ()(C:\Documents and Settings\Stephen\My Documents\???????????? ???????????1.doc) -- C:\Documents and Settings\Stephen\My Documents\Православная энциклопеди1.doc
[2008/01/14 23:50:16 | 000,029,696 | ---- | M] ()(C:\Documents and Settings\Stephen\My Documents\???????????? ?????.doc) -- C:\Documents and Settings\Stephen\My Documents\Православный Свято.doc
[2008/01/09 04:28:33 | 000,024,064 | ---- | M] ()(C:\Documents and Settings\Stephen\My Documents\?e?te ?a??.doc) -- C:\Documents and Settings\Stephen\My Documents\Δεῦτε λαοὶ.doc
[2008/01/09 04:28:33 | 000,024,064 | ---- | C] ()(C:\Documents and Settings\Stephen\My Documents\?e?te ?a??.doc) -- C:\Documents and Settings\Stephen\My Documents\Δεῦτε λαοὶ.doc
[2008/01/05 06:58:35 | 000,229,888 | ---- | M] ()(C:\Documents and Settings\Stephen\My Documents\????????? ??????.doc) -- C:\Documents and Settings\Stephen\My Documents\ЛЕМКІВСКЫ КОЛЯДЫ.doc
[2008/01/05 06:53:59 | 000,229,888 | ---- | C] ()(C:\Documents and Settings\Stephen\My Documents\????????? ??????.doc) -- C:\Documents and Settings\Stephen\My Documents\ЛЕМКІВСКЫ КОЛЯДЫ.doc
[2008/01/01 17:52:53 | 000,029,696 | ---- | C] ()(C:\Documents and Settings\Stephen\My Documents\???????????? ?????.doc) -- C:\Documents and Settings\Stephen\My Documents\Православный Свято.doc
[2007/12/06 07:18:34 | 000,040,960 | ---- | M] ()(C:\Documents and Settings\Stephen\My Documents\? ???, ???.doc) -- C:\Documents and Settings\Stephen\My Documents\О кто, кто.doc
[2007/12/06 07:18:34 | 000,040,960 | ---- | C] ()(C:\Documents and Settings\Stephen\My Documents\? ???, ???.doc) -- C:\Documents and Settings\Stephen\My Documents\О кто, кто.doc
[2007/10/26 07:05:11 | 000,026,112 | ---- | C] ()(C:\Documents and Settings\Stephen\My Documents\d? h? k? s? t? z?.doc) -- C:\Documents and Settings\Stephen\My Documents\ḍ ḥ ḳ ṣ ṭ ẓ.doc
[2007/10/11 11:14:28 | 000,026,112 | ---- | M] ()(C:\Documents and Settings\Stephen\My Documents\????? ???????????? ??????--obikhodnik download.doc) -- C:\Documents and Settings\Stephen\My Documents\Схема расположения листов--obikhodnik download.doc
[2007/10/11 11:14:28 | 000,026,112 | ---- | C] ()(C:\Documents and Settings\Stephen\My Documents\????? ???????????? ??????--obikhodnik download.doc) -- C:\Documents and Settings\Stephen\My Documents\Схема расположения листов--obikhodnik download.doc
[2007/10/05 11:31:13 | 000,024,064 | ---- | M] ()(C:\Documents and Settings\Stephen\My Documents\Palatino Linotype d?h?s??t?.doc) -- C:\Documents and Settings\Stephen\My Documents\Palatino Linotype ḍḥṣ̣ṭ.doc
[2007/10/05 11:31:11 | 000,024,064 | ---- | C] ()(C:\Documents and Settings\Stephen\My Documents\Palatino Linotype d?h?s??t?.doc) -- C:\Documents and Settings\Stephen\My Documents\Palatino Linotype ḍḥṣ̣ṭ.doc
[2007/09/30 21:24:26 | 000,026,624 | ---- | M] ()(C:\Documents and Settings\Stephen\My Documents\??? ?st? ????s?.doc) -- C:\Documents and Settings\Stephen\My Documents\οὐκ ἔστι λέουσι.doc
[2007/09/30 21:24:25 | 000,026,624 | ---- | C] ()(C:\Documents and Settings\Stephen\My Documents\??? ?st? ????s?.doc) -- C:\Documents and Settings\Stephen\My Documents\οὐκ ἔστι λέουσι.doc
[2007/09/23 05:51:43 | 000,031,232 | ---- | M] ()(C:\Documents and Settings\Stephen\My Documents\?????.doc) -- C:\Documents and Settings\Stephen\My Documents\微小的響鈴.doc
[2007/09/18 21:03:03 | 000,024,064 | ---- | M] ()(C:\Documents and Settings\Stephen\My Documents\????.doc) -- C:\Documents and Settings\Stephen\My Documents\چابک.doc
[2007/09/18 21:03:02 | 000,024,064 | ---- | C] ()(C:\Documents and Settings\Stephen\My Documents\????.doc) -- C:\Documents and Settings\Stephen\My Documents\چابک.doc
[2007/09/11 20:29:12 | 000,031,232 | ---- | C] ()(C:\Documents and Settings\Stephen\My Documents\?????.doc) -- C:\Documents and Settings\Stephen\My Documents\微小的響鈴.doc
[2007/08/29 12:11:34 | 000,024,576 | ---- | M] ()(C:\Documents and Settings\Stephen\My Documents\? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?.doc) -- C:\Documents and Settings\Stephen\My Documents\а б в г д е ж з и й к л м н о п р с т у ф х ц ч ш щ ъ ы ь э ю я ё є і ї ѣ ѳ ѵ ѫ.doc
[2007/08/29 12:11:34 | 000,024,576 | ---- | C] ()(C:\Documents and Settings\Stephen\My Documents\? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?.doc) -- C:\Documents and Settings\Stephen\My Documents\а б в г д е ж з и й к л м н о п р с т у ф х ц ч ш щ ъ ы ь э ю я ё є і ї ѣ ѳ ѵ ѫ.doc
[2007/05/30 21:49:49 | 000,022,327 | ---- | M] ()(C:\Documents and Settings\Stephen\My Documents\?????? ? ?????.rtf) -- C:\Documents and Settings\Stephen\My Documents\вопрос и ответ.rtf
[2007/04/27 19:48:04 | 000,029,696 | ---- | M] ()(C:\Documents and Settings\Stephen\My Documents\?????? ? ?????.doc) -- C:\Documents and Settings\Stephen\My Documents\вопрос и ответ.doc
[2007/04/27 19:47:56 | 000,029,696 | ---- | C] ()(C:\Documents and Settings\Stephen\My Documents\?????? ? ?????.doc) -- C:\Documents and Settings\Stephen\My Documents\вопрос и ответ.doc
[2007/04/27 19:43:49 | 000,022,327 | ---- | C] ()(C:\Documents and Settings\Stephen\My Documents\?????? ? ?????.rtf) -- C:\Documents and Settings\Stephen\My Documents\вопрос и ответ.rtf
[2007/04/12 09:29:31 | 000,061,952 | ---- | M] ()(C:\Documents and Settings\Stephen\My Documents\??? ??f?? S?? S?t??.doc) -- C:\Documents and Settings\Stephen\My Documents\Τον Τάφον Σου Σωτήρ.doc
[2007/04/12 09:29:31 | 000,061,952 | ---- | C] ()(C:\Documents and Settings\Stephen\My Documents\??? ??f?? S?? S?t??.doc) -- C:\Documents and Settings\Stephen\My Documents\Τον Τάφον Σου Σωτήρ.doc
[2007/03/18 17:17:38 | 000,049,152 | ---- | M] ()(C:\Documents and Settings\Stephen\My Documents\?????????.doc) -- C:\Documents and Settings\Stephen\My Documents\Кручинина.doc
[2007/03/18 17:17:38 | 000,049,152 | ---- | C] ()(C:\Documents and Settings\Stephen\My Documents\?????????.doc) -- C:\Documents and Settings\Stephen\My Documents\Кручинина.doc
[2007/03/18 17:12:46 | 000,147,968 | ---- | C] ()(C:\Documents and Settings\Stephen\My Documents\???????????? ???????????1.doc) -- C:\Documents and Settings\Stephen\My Documents\Православная энциклопеди1.doc
[2007/03/18 15:02:27 | 000,024,064 | ---- | M] ()(C:\Documents and Settings\Stephen\My Documents\???????? ????.doc) -- C:\Documents and Settings\Stephen\My Documents\Достойно есть.doc
[2007/03/18 15:02:26 | 000,024,064 | ---- | C] ()(C:\Documents and Settings\Stephen\My Documents\???????? ????.doc) -- C:\Documents and Settings\Stephen\My Documents\Достойно есть.doc
[2007/03/03 22:22:03 | 000,091,648 | ---- | C] ()(C:\Documents and Settings\Stephen\My Documents\???????????? ????????????.doc) -- C:\Documents and Settings\Stephen\My Documents\Православная энциклопедия.doc
[2007/03/02 13:12:02 | 000,074,240 | ---- | M] ()(C:\Documents and Settings\Stephen\My Documents\??????????.doc) -- C:\Documents and Settings\Stephen\My Documents\Стефановић.doc
[2007/03/02 13:12:02 | 000,074,240 | ---- | C] ()(C:\Documents and Settings\Stephen\My Documents\??????????.doc) -- C:\Documents and Settings\Stephen\My Documents\Стефановић.doc
[2007/02/25 18:50:41 | 000,081,408 | ---- | M] ()(C:\Documents and Settings\Stephen\My Documents\?radicionalno srpsko narodno crkveno pojanje u XX veku.doc) -- C:\Documents and Settings\Stephen\My Documents\Тradicionalno srpsko narodno crkveno pojanje u XX veku.doc
[2007/02/25 18:50:41 | 000,081,408 | ---- | C] ()(C:\Documents and Settings\Stephen\My Documents\?radicionalno srpsko narodno crkveno pojanje u XX veku.doc) -- C:\Documents and Settings\Stephen\My Documents\Тradicionalno srpsko narodno crkveno pojanje u XX veku.doc
[2007/01/13 23:45:14 | 000,024,064 | ---- | M] ()(C:\Documents and Settings\Stephen\My Documents\? ????????a t?? ?????? title page.doc) -- C:\Documents and Settings\Stephen\My Documents\Ἡ Ἀκολουϑία τοῦ Ὄρϑρου title page.doc
[2007/01/13 23:43:10 | 000,024,064 | ---- | C] ()(C:\Documents and Settings\Stephen\My Documents\? ????????a t?? ?????? title page.doc) -- C:\Documents and Settings\Stephen\My Documents\Ἡ Ἀκολουϑία τοῦ Ὄρϑρου title page.doc
[2006/12/11 05:35:56 | 000,026,112 | ---- | M] ()(C:\Documents and Settings\Stephen\My Documents\??????? ??????????.doc) -- C:\Documents and Settings\Stephen\My Documents\יְהֹוָה מִי־יָגוּר.doc
[2006/12/03 15:25:46 | 000,026,112 | ---- | C] ()(C:\Documents and Settings\Stephen\My Documents\??????? ??????????.doc) -- C:\Documents and Settings\Stephen\My Documents\יְהֹוָה מִי־יָגוּר.doc
[2006/09/27 17:53:35 | 000,019,456 | ---- | M] ()(C:\Documents and Settings\Stephen\My Documents\????????a????? ?3??2 ?? ?0?? ???H??.doc) -- C:\Documents and Settings\Stephen\My Documents\Препрослaвлена є3си2 въ р0дэ родHвъ.doc
[2006/09/27 17:53:35 | 000,019,456 | ---- | C] ()(C:\Documents and Settings\Stephen\My Documents\????????a????? ?3??2 ?? ?0?? ???H??.doc) -- C:\Documents and Settings\Stephen\My Documents\Препрослaвлена є3си2 въ р0дэ родHвъ.doc

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\vssvc.exe:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Program Files\sysrestoreenable.reg:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Program Files\Spikey setup.exe:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Program Files\OnLine Bible Setup.exe:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Stephen\Start Menu\Programs\Startup\desktop.ini:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Stephen\Desktop\Show Desktop.scf:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Stephen\Desktop\ComboFix.exe:SummaryInformation

< End of report >

Attached Files



#15 Hajduk

Hajduk
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States
  • Local time:01:10 PM

Posted 31 December 2010 - 01:26 PM

From time to time I get a popup message "Windows Live ID Internet Connection Error" text "Your request cannot be completed because the Windows Live ID service could not be found or did not respond. The service might be experiencing technical difficulties, or you may need to adjust your network settings." I have to click "close" three times to get rid of it; the first two times it just pops right back up again.

For a while I was getting Adobe Reader appearing in the taskbar, with a popup telling me that it had requested to close in an unusual way. This required three clicks to close too. I solve this be uninstalling Adobe Reader.

In neither case was there any obvious reason; I had not been running Adobe Reader, nor have I been making any request of Windows Live ID.

Hajduk




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users