Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Working with an employee's slow home computer


  • This topic is locked This topic is locked
3 replies to this topic

#1 TKWizard

TKWizard

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:19 PM

Posted 22 February 2011 - 10:09 AM

Hello

One of our employees brought a computer over for me to look at to make it faster. I found some malware and removed it. However the computer still feels a little sluggish and I'm wondering if theres any remnant malware in the system.

Heres the DDS Log



DDS (Ver_10-12-12.02) - NTFSx86
Run by Owner at 9:51:04.81 on 22/02/2011
Internet Explorer: 8.0.6001.19019
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.1014.277 [GMT -5:00]

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conime.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.live.com/?scope=web&mkt=en-CA
uSearch Bar = Preserve
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=71&bd=Pavilion&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=71&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Google Update] "c:\users\owner\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [<NO NAME>]
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB}
IE: {925DAB62-F9AC-4221-806A-057BFB1014AA}
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: insuranceinstitute.ca\webmail
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w2/resources/VistaMSNPUplden-ca.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://fb.familylink.com/we_are_related/stream/core/lib/AurigmaImageUploader/ImageUploader5.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
STS: {33b8d257-07f6-4c06-8605-94bc21728635} - No File
Hosts: 91.212.127.221 viruskill2009.microsoft.com
Hosts: 91.212.127.221 viruskill2009.com
Hosts: 91.212.127.221 www.viruskill2009.com

============= SERVICES / DRIVERS ===============

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 MpKsladb8fe1d;MpKsladb8fe1d;c:\programdata\microsoft\microsoft antimalware\definition updates\{bdb7a550-d296-4ae8-993a-608a16a6ee48}\MpKsladb8fe1d.sys [2011-2-22 28752]
R2 DQLWinService;DQLWinService;c:\program files\common files\intel\inteldh\nms\adpplugins\DQLWinService.exe [2006-9-3 208896]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-5-8 21504]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9a32149f5de78;Google Update Service (gupdate1c9a32149f5de78);c:\program files\google\update\GoogleUpdate.exe [2009-3-12 133104]
S2 IntelDHSvcConf;Intel DH Service;c:\program files\intel\inteldh\intel media server\tools\IntelDHSvcConf.exe [2006-5-10 29696]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-2-18 38224]
S3 MCLServiceATL;Intel® Application Tracker;c:\program files\intel\inteldh\intel media server\shells\MCLServiceATL.exe [2006-9-11 167936]
S3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-12-18 1174152]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2011-02-22 13:19:27 28752 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{bdb7a550-d296-4ae8-993a-608a16a6ee48}\MpKsladb8fe1d.sys
2011-02-22 13:19:03 5890896 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2011-02-22 13:18:20 5890896 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{bdb7a550-d296-4ae8-993a-608a16a6ee48}\mpengine.dll
2011-02-18 21:43:41 -------- d-----w- c:\program files\iPod
2011-02-18 21:32:38 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2011-02-18 21:32:38 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2011-02-18 21:32:38 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2011-02-18 21:32:38 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2011-02-18 21:32:38 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2011-02-18 21:32:38 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2011-02-18 21:32:38 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2011-02-18 20:14:14 439632 ------w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{bd33f508-4bc8-4db2-a6b0-90f4e91a183c}\gapaengine.dll
2011-02-18 19:54:06 -------- d-----w- c:\program files\Microsoft Security Client
2011-02-18 19:53:12 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2011-02-18 17:57:58 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-02-18 17:57:54 7680 ----a-w- c:\program files\internet explorer\iecompat.dll
2011-02-18 17:57:51 1169408 ----a-w- c:\windows\system32\sdclt.exe
2011-02-18 17:53:33 601600 ----a-w- c:\windows\system32\schedsvc.dll
2011-02-18 17:53:33 352768 ----a-w- c:\windows\system32\taskschd.dll
2011-02-18 17:53:33 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-02-18 17:53:32 270336 ----a-w- c:\windows\system32\taskcomp.dll
2011-02-18 17:53:32 171520 ----a-w- c:\windows\system32\taskeng.exe
2011-02-18 17:53:26 81920 ----a-w- c:\windows\system32\consent.exe
2011-02-18 17:53:18 2048 ----a-w- c:\windows\system32\tzres.dll
2011-02-18 17:52:00 292352 ----a-w- c:\windows\system32\atmfd.dll
2011-02-18 17:51:59 72704 ----a-w- c:\windows\system32\fontsub.dll
2011-02-18 17:51:59 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-18 17:36:43 5890896 ------w- c:\progra~2\microsoft\windows defender\definition updates\{0f8ef6f1-fdb6-4628-b70d-f3d20e4e08d7}\mpengine.dll
2011-02-18 17:35:01 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-18 17:34:56 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-18 17:34:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-30 15:45:12 135568 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll

==================== Find3M ====================

2011-02-03 02:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-20 16:08:16 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08:06 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08:06 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:08:06 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08:06 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:07:58 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07:42 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07:16 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06:35 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04:54 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 14:28:38 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27:50 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26:30 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24:32 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-20 14:24:26 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15:10 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14:39 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14:03 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14:03 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47:51 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-01-20 13:44:05 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-01-20 13:44:03 797184 ----a-w- c:\windows\system32\FntCache.dll
2010-12-31 13:57:01 2039808 ----a-w- c:\windows\system32\win32k.sys
2010-12-28 15:55:03 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-12-18 06:27:04 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-18 06:22:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-18 06:22:27 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-18 06:22:11 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-12-18 06:22:11 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-12-18 05:25:26 385024 ----a-w- c:\windows\system32\html.iec
2010-12-18 04:48:39 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-12-18 04:47:11 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-11-29 22:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 22:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2007-04-01 17:02:33 35885568 ----a-w- c:\program files\iPod for Windows 2005-09-23.msi

============= FINISH: 9:52:07.49 ===============

I tried running GMER, but the computer blue screened so I couldn't get any log for that.

Thanks for your help! You were great last time, so I decided to try you again!

BC AdBot (Login to Remove)

 


#2 TKWizard

TKWizard
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:19 PM

Posted 23 February 2011 - 09:25 AM

Just following up with a small update

I fixed one of the obvious problems listed in the above log (The hosts file), and I also installed an additional two gigabytes of RAM which really seemed to speed up the processing/boot time.

Here is the updated DDS log with the hosts problems removed.



DDS (Ver_10-12-12.02) - NTFSx86
Run by Owner at 9:21:41.02 on 23/02/2011
Internet Explorer: 9.0.8080.16413
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.3062.2116 [GMT -5:00]

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Owner\Desktop\dds.scr
C:\Windows\system32\conime.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.live.com/?scope=web&mkt=en-CA
uSearch Bar = Preserve
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=71&bd=Pavilion&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=71&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Google Update] "c:\users\owner\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [<NO NAME>]
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB}
IE: {925DAB62-F9AC-4221-806A-057BFB1014AA}
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: insuranceinstitute.ca\webmail
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w2/resources/VistaMSNPUplden-ca.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://fb.familylink.com/we_are_related/stream/core/lib/AurigmaImageUploader/ImageUploader5.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
STS: {33b8d257-07f6-4c06-8605-94bc21728635} - No File

============= SERVICES / DRIVERS ===============

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 MpKsl9f3a7996;MpKsl9f3a7996;c:\programdata\microsoft\microsoft antimalware\definition updates\{06cf8f3f-7ded-4c11-9467-62d8ef973cdf}\MpKsl9f3a7996.sys [2011-2-23 28752]
R2 DQLWinService;DQLWinService;c:\program files\common files\intel\inteldh\nms\adpplugins\DQLWinService.exe [2006-9-3 208896]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-5-8 21504]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9a32149f5de78;Google Update Service (gupdate1c9a32149f5de78);c:\program files\google\update\GoogleUpdate.exe [2009-3-12 133104]
S2 IntelDHSvcConf;Intel DH Service;c:\program files\intel\inteldh\intel media server\tools\IntelDHSvcConf.exe [2006-5-10 29696]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-2-18 38224]
S3 MCLServiceATL;Intel® Application Tracker;c:\program files\intel\inteldh\intel media server\shells\MCLServiceATL.exe [2006-9-11 167936]
S3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-12-18 1174152]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2011-02-23 14:19:51 28752 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{06cf8f3f-7ded-4c11-9467-62d8ef973cdf}\MpKsl9f3a7996.sys
2011-02-23 13:53:30 -------- d-----w- c:\program files\Feedback Tool
2011-02-23 13:32:00 5890896 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{06cf8f3f-7ded-4c11-9467-62d8ef973cdf}\mpengine.dll
2011-02-22 13:19:03 5890896 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2011-02-18 21:43:41 -------- d-----w- c:\program files\iPod
2011-02-18 21:32:38 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2011-02-18 21:32:38 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2011-02-18 21:32:38 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2011-02-18 21:32:38 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2011-02-18 21:32:38 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2011-02-18 21:32:38 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2011-02-18 21:32:38 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2011-02-18 20:14:14 439632 ------w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{bd33f508-4bc8-4db2-a6b0-90f4e91a183c}\gapaengine.dll
2011-02-18 19:54:06 -------- d-----w- c:\program files\Microsoft Security Client
2011-02-18 19:53:12 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2011-02-18 17:57:58 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-02-18 17:57:54 7680 ----a-w- c:\program files\internet explorer\iecompat.dll
2011-02-18 17:57:51 1169408 ----a-w- c:\windows\system32\sdclt.exe
2011-02-18 17:53:33 601600 ----a-w- c:\windows\system32\schedsvc.dll
2011-02-18 17:53:33 352768 ----a-w- c:\windows\system32\taskschd.dll
2011-02-18 17:53:33 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-02-18 17:53:32 270336 ----a-w- c:\windows\system32\taskcomp.dll
2011-02-18 17:53:32 171520 ----a-w- c:\windows\system32\taskeng.exe
2011-02-18 17:53:26 81920 ----a-w- c:\windows\system32\consent.exe
2011-02-18 17:53:18 2048 ----a-w- c:\windows\system32\tzres.dll
2011-02-18 17:52:00 292352 ----a-w- c:\windows\system32\atmfd.dll
2011-02-18 17:51:59 72704 ----a-w- c:\windows\system32\fontsub.dll
2011-02-18 17:51:59 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-18 17:36:43 5890896 ------w- c:\progra~2\microsoft\windows defender\definition updates\{0f8ef6f1-fdb6-4628-b70d-f3d20e4e08d7}\mpengine.dll
2011-02-18 17:35:01 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-18 17:34:56 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-18 17:34:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-30 15:45:12 135568 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll

==================== Find3M ====================

2011-02-23 13:54:59 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-02-23 13:54:59 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-02-23 13:54:59 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-02-23 13:54:59 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-02-23 13:54:59 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-02-23 13:54:58 367104 ----a-w- c:\windows\system32\html.iec
2011-02-03 02:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-20 16:08:16 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08:06 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08:06 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:08:06 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08:06 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:07:58 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07:42 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07:16 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06:35 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04:54 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 14:28:38 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27:50 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26:30 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24:32 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-20 14:24:26 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15:10 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14:39 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14:03 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14:03 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47:51 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-01-20 13:44:05 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-01-20 13:44:03 797184 ----a-w- c:\windows\system32\FntCache.dll
2010-12-31 13:57:01 2039808 ----a-w- c:\windows\system32\win32k.sys
2010-12-28 15:55:03 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-11-29 22:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 22:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts

============= FINISH: 9:22:37.25 ===============

I'm thinking of running Combofix, but I rather wait for your instructions.

-edit- Nevermind. Despite the warning, I decided to take the initiative and bravery to run Combofix and it found a lot of stuff and deleted it.


ComboFix 11-02-22.05 - Owner 23/02/2011 9:33.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.3062.1949 [GMT -5:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Owner\AppData\Roaming\.#
c:\users\Owner\AppData\Roaming\.#\MBX@1008@1728F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@1008@172928.###
c:\users\Owner\AppData\Roaming\.#\MBX@1008@172958.###
c:\users\Owner\AppData\Roaming\.#\MBX@10A0@1B28F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@10A0@1B2928.###
c:\users\Owner\AppData\Roaming\.#\MBX@10A0@1B2958.###
c:\users\Owner\AppData\Roaming\.#\MBX@1194@1B128F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@1194@1B12928.###
c:\users\Owner\AppData\Roaming\.#\MBX@1194@1B12958.###
c:\users\Owner\AppData\Roaming\.#\MBX@1394@17028F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@1394@1702928.###
c:\users\Owner\AppData\Roaming\.#\MBX@1394@1702958.###
c:\users\Owner\AppData\Roaming\.#\MBX@139C@AF28F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@139C@AF2928.###
c:\users\Owner\AppData\Roaming\.#\MBX@139C@AF2958.###
c:\users\Owner\AppData\Roaming\.#\MBX@13C0@2628F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@13C0@262928.###
c:\users\Owner\AppData\Roaming\.#\MBX@13C0@262958.###
c:\users\Owner\AppData\Roaming\.#\MBX@14B4@18828F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@14B4@1882928.###
c:\users\Owner\AppData\Roaming\.#\MBX@14B4@1882958.###
c:\users\Owner\AppData\Roaming\.#\MBX@1608@1D628F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@1608@1D62928.###
c:\users\Owner\AppData\Roaming\.#\MBX@1608@1D62958.###
c:\users\Owner\AppData\Roaming\.#\MBX@161C@1E128F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@161C@1E12928.###
c:\users\Owner\AppData\Roaming\.#\MBX@161C@1E12958.###
c:\users\Owner\AppData\Roaming\.#\MBX@17B4@1C528F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@17B4@1C52928.###
c:\users\Owner\AppData\Roaming\.#\MBX@17B4@1C52958.###
c:\users\Owner\AppData\Roaming\.#\MBX@17B4@1D928F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@17B4@1D92928.###
c:\users\Owner\AppData\Roaming\.#\MBX@17B4@1D92958.###
c:\users\Owner\AppData\Roaming\.#\MBX@1D0@1D128F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@1D0@1D12928.###
c:\users\Owner\AppData\Roaming\.#\MBX@1D0@1D12958.###
c:\users\Owner\AppData\Roaming\.#\MBX@1D0@1D628F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@1D0@1D62928.###
c:\users\Owner\AppData\Roaming\.#\MBX@1D0@1D62958.###
c:\users\Owner\AppData\Roaming\.#\MBX@258@3A28F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@258@3A2928.###
c:\users\Owner\AppData\Roaming\.#\MBX@258@3A2958.###
c:\users\Owner\AppData\Roaming\.#\MBX@2A4@2B28F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@2A4@2B2928.###
c:\users\Owner\AppData\Roaming\.#\MBX@2A4@2B2958.###
c:\users\Owner\AppData\Roaming\.#\MBX@310@1D928F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@310@1D92928.###
c:\users\Owner\AppData\Roaming\.#\MBX@310@1D92958.###
c:\users\Owner\AppData\Roaming\.#\MBX@314@2428F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@314@242928.###
c:\users\Owner\AppData\Roaming\.#\MBX@314@242958.###
c:\users\Owner\AppData\Roaming\.#\MBX@360@3B28F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@360@3B2928.###
c:\users\Owner\AppData\Roaming\.#\MBX@360@3B2958.###
c:\users\Owner\AppData\Roaming\.#\MBX@384@3D28F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@384@3D2928.###
c:\users\Owner\AppData\Roaming\.#\MBX@384@3D2958.###
c:\users\Owner\AppData\Roaming\.#\MBX@3B4@2D28F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@3B4@2D2928.###
c:\users\Owner\AppData\Roaming\.#\MBX@3B4@2D2958.###
c:\users\Owner\AppData\Roaming\.#\MBX@3E4@1D428F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@3E4@1D42928.###
c:\users\Owner\AppData\Roaming\.#\MBX@3E4@1D42958.###
c:\users\Owner\AppData\Roaming\.#\MBX@3E8@3628F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@3E8@362928.###
c:\users\Owner\AppData\Roaming\.#\MBX@3E8@362958.###
c:\users\Owner\AppData\Roaming\.#\MBX@3FC@1C428F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@3FC@1C42928.###
c:\users\Owner\AppData\Roaming\.#\MBX@3FC@1C42958.###
c:\users\Owner\AppData\Roaming\.#\MBX@41C@1C528F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@41C@1C52928.###
c:\users\Owner\AppData\Roaming\.#\MBX@41C@1C52958.###
c:\users\Owner\AppData\Roaming\.#\MBX@450@1CB28F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@450@1CB2928.###
c:\users\Owner\AppData\Roaming\.#\MBX@450@1CB2958.###
c:\users\Owner\AppData\Roaming\.#\MBX@45C@3F28F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@45C@3F2928.###
c:\users\Owner\AppData\Roaming\.#\MBX@45C@3F2958.###
c:\users\Owner\AppData\Roaming\.#\MBX@484@1B128F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@484@1B12928.###
c:\users\Owner\AppData\Roaming\.#\MBX@484@1B12958.###
c:\users\Owner\AppData\Roaming\.#\MBX@4A4@1C128F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@4A4@1C12928.###
c:\users\Owner\AppData\Roaming\.#\MBX@4A4@1C12958.###
c:\users\Owner\AppData\Roaming\.#\MBX@4C8@18D28F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@4C8@18D2928.###
c:\users\Owner\AppData\Roaming\.#\MBX@4C8@18D2958.###
c:\users\Owner\AppData\Roaming\.#\MBX@58C@1B428F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@58C@1B42928.###
c:\users\Owner\AppData\Roaming\.#\MBX@58C@1B42958.###
c:\users\Owner\AppData\Roaming\.#\MBX@598@AF28F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@598@AF2928.###
c:\users\Owner\AppData\Roaming\.#\MBX@598@AF2958.###
c:\users\Owner\AppData\Roaming\.#\MBX@5BC@1A728F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@5BC@1A72928.###
c:\users\Owner\AppData\Roaming\.#\MBX@5BC@1A72958.###
c:\users\Owner\AppData\Roaming\.#\MBX@5E8@3E28F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@5E8@3E2928.###
c:\users\Owner\AppData\Roaming\.#\MBX@5E8@3E2958.###
c:\users\Owner\AppData\Roaming\.#\MBX@600@AC28F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@600@AC2928.###
c:\users\Owner\AppData\Roaming\.#\MBX@600@AC2958.###
c:\users\Owner\AppData\Roaming\.#\MBX@608@18528F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@608@1852928.###
c:\users\Owner\AppData\Roaming\.#\MBX@608@1852958.###
c:\users\Owner\AppData\Roaming\.#\MBX@630@1C328F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@630@1C32928.###
c:\users\Owner\AppData\Roaming\.#\MBX@630@1C32958.###
c:\users\Owner\AppData\Roaming\.#\MBX@6F4@18A28F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@6F4@18A2928.###
c:\users\Owner\AppData\Roaming\.#\MBX@6F4@18A2958.###
c:\users\Owner\AppData\Roaming\.#\MBX@6FC@1C728F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@6FC@1C72928.###
c:\users\Owner\AppData\Roaming\.#\MBX@6FC@1C72958.###
c:\users\Owner\AppData\Roaming\.#\MBX@720@1C228F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@720@1C22928.###
c:\users\Owner\AppData\Roaming\.#\MBX@720@1C22958.###
c:\users\Owner\AppData\Roaming\.#\MBX@734@7328F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@734@732928.###
c:\users\Owner\AppData\Roaming\.#\MBX@734@732958.###
c:\users\Owner\AppData\Roaming\.#\MBX@73C@1C328F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@73C@1C32928.###
c:\users\Owner\AppData\Roaming\.#\MBX@73C@1C32958.###
c:\users\Owner\AppData\Roaming\.#\MBX@740@18428F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@740@1842928.###
c:\users\Owner\AppData\Roaming\.#\MBX@740@1842958.###
c:\users\Owner\AppData\Roaming\.#\MBX@74C@18028F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@74C@1802928.###
c:\users\Owner\AppData\Roaming\.#\MBX@74C@1802958.###
c:\users\Owner\AppData\Roaming\.#\MBX@7A0@1AA28F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@7A0@1AA2928.###
c:\users\Owner\AppData\Roaming\.#\MBX@7A0@1AA2958.###
c:\users\Owner\AppData\Roaming\.#\MBX@80C@3A28F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@80C@3A2928.###
c:\users\Owner\AppData\Roaming\.#\MBX@80C@3A2958.###
c:\users\Owner\AppData\Roaming\.#\MBX@844@1CA28F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@844@1CA2928.###
c:\users\Owner\AppData\Roaming\.#\MBX@844@1CA2958.###
c:\users\Owner\AppData\Roaming\.#\MBX@864@1C528F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@864@1C52928.###
c:\users\Owner\AppData\Roaming\.#\MBX@864@1C52958.###
c:\users\Owner\AppData\Roaming\.#\MBX@878@17428F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@878@1742928.###
c:\users\Owner\AppData\Roaming\.#\MBX@878@1742958.###
c:\users\Owner\AppData\Roaming\.#\MBX@8A8@1AE28F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@8A8@1AE2928.###
c:\users\Owner\AppData\Roaming\.#\MBX@8A8@1AE2958.###
c:\users\Owner\AppData\Roaming\.#\MBX@8A8@1D728F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@8A8@1D72928.###
c:\users\Owner\AppData\Roaming\.#\MBX@8A8@1D72958.###
c:\users\Owner\AppData\Roaming\.#\MBX@91C@6F28F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@91C@6F2928.###
c:\users\Owner\AppData\Roaming\.#\MBX@91C@6F2958.###
c:\users\Owner\AppData\Roaming\.#\MBX@964@1828F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@964@182928.###
c:\users\Owner\AppData\Roaming\.#\MBX@964@182958.###
c:\users\Owner\AppData\Roaming\.#\MBX@980@1BC28F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@980@1BC2928.###
c:\users\Owner\AppData\Roaming\.#\MBX@980@1BC2958.###
c:\users\Owner\AppData\Roaming\.#\MBX@998@2628F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@998@262928.###
c:\users\Owner\AppData\Roaming\.#\MBX@998@262958.###
c:\users\Owner\AppData\Roaming\.#\MBX@9B0@17328F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@9B0@1732928.###
c:\users\Owner\AppData\Roaming\.#\MBX@9B0@1732958.###
c:\users\Owner\AppData\Roaming\.#\MBX@9B4@1C328F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@9B4@1C32928.###
c:\users\Owner\AppData\Roaming\.#\MBX@9B4@1C32958.###
c:\users\Owner\AppData\Roaming\.#\MBX@9DC@18E28F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@9DC@18E2928.###
c:\users\Owner\AppData\Roaming\.#\MBX@9DC@18E2958.###
c:\users\Owner\AppData\Roaming\.#\MBX@9E0@1BD28F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@9E0@1BD2928.###
c:\users\Owner\AppData\Roaming\.#\MBX@9E0@1BD2958.###
c:\users\Owner\AppData\Roaming\.#\MBX@A00@1A28F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@A00@1A2928.###
c:\users\Owner\AppData\Roaming\.#\MBX@A00@1A2958.###
c:\users\Owner\AppData\Roaming\.#\MBX@A18@7628F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@A18@762928.###
c:\users\Owner\AppData\Roaming\.#\MBX@A18@762958.###
c:\users\Owner\AppData\Roaming\.#\MBX@A28@18328F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@A28@1832928.###
c:\users\Owner\AppData\Roaming\.#\MBX@A28@1832958.###
c:\users\Owner\AppData\Roaming\.#\MBX@A4C@1B928F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@A4C@1B92928.###
c:\users\Owner\AppData\Roaming\.#\MBX@A4C@1B92958.###
c:\users\Owner\AppData\Roaming\.#\MBX@A58@1E528F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@A58@1E52928.###
c:\users\Owner\AppData\Roaming\.#\MBX@A58@1E52958.###
c:\users\Owner\AppData\Roaming\.#\MBX@A6C@9C28F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@A6C@9C2928.###
c:\users\Owner\AppData\Roaming\.#\MBX@A6C@9C2958.###
c:\users\Owner\AppData\Roaming\.#\MBX@A8C@1BE28F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@A8C@1BE2928.###
c:\users\Owner\AppData\Roaming\.#\MBX@A8C@1BE2958.###
c:\users\Owner\AppData\Roaming\.#\MBX@AB4@2328F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@AB4@232928.###
c:\users\Owner\AppData\Roaming\.#\MBX@AB4@232958.###
c:\users\Owner\AppData\Roaming\.#\MBX@AD0@18A28F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@AD0@18A2928.###
c:\users\Owner\AppData\Roaming\.#\MBX@AD0@18A2958.###
c:\users\Owner\AppData\Roaming\.#\MBX@AFC@1B28F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@AFC@1B2928.###
c:\users\Owner\AppData\Roaming\.#\MBX@AFC@1B2958.###
c:\users\Owner\AppData\Roaming\.#\MBX@B18@1BC28F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@B18@1BC2928.###
c:\users\Owner\AppData\Roaming\.#\MBX@B18@1BC2958.###
c:\users\Owner\AppData\Roaming\.#\MBX@B28@1C428F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@B28@1C42928.###
c:\users\Owner\AppData\Roaming\.#\MBX@B28@1C42958.###
c:\users\Owner\AppData\Roaming\.#\MBX@B2C@3328F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@B2C@332928.###
c:\users\Owner\AppData\Roaming\.#\MBX@B2C@332958.###
c:\users\Owner\AppData\Roaming\.#\MBX@B34@18528F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@B34@1852928.###
c:\users\Owner\AppData\Roaming\.#\MBX@B34@1852958.###
c:\users\Owner\AppData\Roaming\.#\MBX@B60@2B28F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@B60@2B2928.###
c:\users\Owner\AppData\Roaming\.#\MBX@B60@2B2958.###
c:\users\Owner\AppData\Roaming\.#\MBX@B78@1728F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@B78@172928.###
c:\users\Owner\AppData\Roaming\.#\MBX@B78@172958.###
c:\users\Owner\AppData\Roaming\.#\MBX@B80@1F28F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@B80@1F2928.###
c:\users\Owner\AppData\Roaming\.#\MBX@B80@1F2958.###
c:\users\Owner\AppData\Roaming\.#\MBX@B90@1BC28F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@B90@1BC2928.###
c:\users\Owner\AppData\Roaming\.#\MBX@B90@1BC2958.###
c:\users\Owner\AppData\Roaming\.#\MBX@B9C@1DB28F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@B9C@1DB2928.###
c:\users\Owner\AppData\Roaming\.#\MBX@B9C@1DB2958.###
c:\users\Owner\AppData\Roaming\.#\MBX@BC4@6D28F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@BC4@6D2928.###
c:\users\Owner\AppData\Roaming\.#\MBX@BC4@6D2958.###
c:\users\Owner\AppData\Roaming\.#\MBX@BDC@1B028F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@BDC@1B02928.###
c:\users\Owner\AppData\Roaming\.#\MBX@BDC@1B02958.###
c:\users\Owner\AppData\Roaming\.#\MBX@BF4@1628F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@BF4@162928.###
c:\users\Owner\AppData\Roaming\.#\MBX@BF4@162958.###
c:\users\Owner\AppData\Roaming\.#\MBX@C20@1BB28F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@C20@1BB2928.###
c:\users\Owner\AppData\Roaming\.#\MBX@C20@1BB2958.###
c:\users\Owner\AppData\Roaming\.#\MBX@C8C@16B28F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@C8C@16B2928.###
c:\users\Owner\AppData\Roaming\.#\MBX@C8C@16B2958.###
c:\users\Owner\AppData\Roaming\.#\MBX@CE0@3E28F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@CE0@3E2928.###
c:\users\Owner\AppData\Roaming\.#\MBX@CE0@3E2958.###
c:\users\Owner\AppData\Roaming\.#\MBX@D0C@1B928F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@D0C@1B92928.###
c:\users\Owner\AppData\Roaming\.#\MBX@D0C@1B92958.###
c:\users\Owner\AppData\Roaming\.#\MBX@D18@2628F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@D18@262928.###
c:\users\Owner\AppData\Roaming\.#\MBX@D18@262958.###
c:\users\Owner\AppData\Roaming\.#\MBX@D38@6528F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@D38@652928.###
c:\users\Owner\AppData\Roaming\.#\MBX@D38@652958.###
c:\users\Owner\AppData\Roaming\.#\MBX@D54@9F28F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@D54@9F2928.###
c:\users\Owner\AppData\Roaming\.#\MBX@D54@9F2958.###
c:\users\Owner\AppData\Roaming\.#\MBX@D60@1628F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@D60@162928.###
c:\users\Owner\AppData\Roaming\.#\MBX@D60@162958.###
c:\users\Owner\AppData\Roaming\.#\MBX@D70@1B028F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@D70@1B02928.###
c:\users\Owner\AppData\Roaming\.#\MBX@D70@1B02958.###
c:\users\Owner\AppData\Roaming\.#\MBX@D74@A128F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@D74@A12928.###
c:\users\Owner\AppData\Roaming\.#\MBX@D74@A12958.###
c:\users\Owner\AppData\Roaming\.#\MBX@D80@18228F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@D80@1822928.###
c:\users\Owner\AppData\Roaming\.#\MBX@D80@1822958.###
c:\users\Owner\AppData\Roaming\.#\MBX@D80@7128F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@D80@712928.###
c:\users\Owner\AppData\Roaming\.#\MBX@D80@712958.###
c:\users\Owner\AppData\Roaming\.#\MBX@D90@17828F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@D90@1782928.###
c:\users\Owner\AppData\Roaming\.#\MBX@D90@1782958.###
c:\users\Owner\AppData\Roaming\.#\MBX@D90@1B828F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@D90@1B82928.###
c:\users\Owner\AppData\Roaming\.#\MBX@D90@1B82958.###
c:\users\Owner\AppData\Roaming\.#\MBX@D98@1B928F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@D98@1B92928.###
c:\users\Owner\AppData\Roaming\.#\MBX@D98@1B92958.###
c:\users\Owner\AppData\Roaming\.#\MBX@DA0@1BC28F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@DA0@1BC2928.###
c:\users\Owner\AppData\Roaming\.#\MBX@DA0@1BC2958.###
c:\users\Owner\AppData\Roaming\.#\MBX@DA8@18628F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@DA8@1862928.###
c:\users\Owner\AppData\Roaming\.#\MBX@DA8@1862958.###
c:\users\Owner\AppData\Roaming\.#\MBX@DB0@17328F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@DB0@1732928.###
c:\users\Owner\AppData\Roaming\.#\MBX@DB0@1732958.###
c:\users\Owner\AppData\Roaming\.#\MBX@DD8@1D828F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@DD8@1D82928.###
c:\users\Owner\AppData\Roaming\.#\MBX@DD8@1D82958.###
c:\users\Owner\AppData\Roaming\.#\MBX@DD8@1DC28F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@DD8@1DC2928.###
c:\users\Owner\AppData\Roaming\.#\MBX@DD8@1DC2958.###
c:\users\Owner\AppData\Roaming\.#\MBX@DF0@17428F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@DF0@1742928.###
c:\users\Owner\AppData\Roaming\.#\MBX@DF0@1742958.###
c:\users\Owner\AppData\Roaming\.#\MBX@DF4@16D28F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@DF4@16D2928.###
c:\users\Owner\AppData\Roaming\.#\MBX@DF4@16D2958.###
c:\users\Owner\AppData\Roaming\.#\MBX@E44@3C28F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@E44@3C2928.###
c:\users\Owner\AppData\Roaming\.#\MBX@E44@3C2958.###
c:\users\Owner\AppData\Roaming\.#\MBX@E44@3E28F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@E44@3E2928.###
c:\users\Owner\AppData\Roaming\.#\MBX@E44@3E2958.###
c:\users\Owner\AppData\Roaming\.#\MBX@E4C@1D328F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@E4C@1D32928.###
c:\users\Owner\AppData\Roaming\.#\MBX@E4C@1D32958.###
c:\users\Owner\AppData\Roaming\.#\MBX@E50@1B028F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@E50@1B02928.###
c:\users\Owner\AppData\Roaming\.#\MBX@E50@1B02958.###
c:\users\Owner\AppData\Roaming\.#\MBX@E50@1C528F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@E50@1C52928.###
c:\users\Owner\AppData\Roaming\.#\MBX@E50@1C52958.###
c:\users\Owner\AppData\Roaming\.#\MBX@E68@1D328F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@E68@1D32928.###
c:\users\Owner\AppData\Roaming\.#\MBX@E68@1D32958.###
c:\users\Owner\AppData\Roaming\.#\MBX@E68@2B28F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@E68@2B2928.###
c:\users\Owner\AppData\Roaming\.#\MBX@E68@2B2958.###
c:\users\Owner\AppData\Roaming\.#\MBX@E88@1BF28F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@E88@1BF2928.###
c:\users\Owner\AppData\Roaming\.#\MBX@E88@1BF2958.###
c:\users\Owner\AppData\Roaming\.#\MBX@E8C@1A928F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@E8C@1A92928.###
c:\users\Owner\AppData\Roaming\.#\MBX@E8C@1A92958.###
c:\users\Owner\AppData\Roaming\.#\MBX@EC8@1BC28F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@EC8@1BC2928.###
c:\users\Owner\AppData\Roaming\.#\MBX@EC8@1BC2958.###
c:\users\Owner\AppData\Roaming\.#\MBX@EC8@3528F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@EC8@352928.###
c:\users\Owner\AppData\Roaming\.#\MBX@EC8@352958.###
c:\users\Owner\AppData\Roaming\.#\MBX@EE4@1AD28F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@EE4@1AD2928.###
c:\users\Owner\AppData\Roaming\.#\MBX@EE4@1AD2958.###
c:\users\Owner\AppData\Roaming\.#\MBX@EFC@3828F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@EFC@382928.###
c:\users\Owner\AppData\Roaming\.#\MBX@EFC@382958.###
c:\users\Owner\AppData\Roaming\.#\MBX@F00@1B228F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@F00@1B22928.###
c:\users\Owner\AppData\Roaming\.#\MBX@F00@1B22958.###
c:\users\Owner\AppData\Roaming\.#\MBX@F08@1B828F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@F08@1B82928.###
c:\users\Owner\AppData\Roaming\.#\MBX@F08@1B82958.###
c:\users\Owner\AppData\Roaming\.#\MBX@F10@1CE28F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@F10@1CE2928.###
c:\users\Owner\AppData\Roaming\.#\MBX@F10@1CE2958.###
c:\users\Owner\AppData\Roaming\.#\MBX@F28@1C528F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@F28@1C52928.###
c:\users\Owner\AppData\Roaming\.#\MBX@F28@1C52958.###
c:\users\Owner\AppData\Roaming\.#\MBX@F40@18328F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@F40@1832928.###
c:\users\Owner\AppData\Roaming\.#\MBX@F40@1832958.###
c:\users\Owner\AppData\Roaming\.#\MBX@F58@1BE28F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@F58@1BE2928.###
c:\users\Owner\AppData\Roaming\.#\MBX@F58@1BE2958.###
c:\users\Owner\AppData\Roaming\.#\MBX@F60@2328F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@F60@232928.###
c:\users\Owner\AppData\Roaming\.#\MBX@F60@232958.###
c:\users\Owner\AppData\Roaming\.#\MBX@F88@18C28F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@F88@18C2928.###
c:\users\Owner\AppData\Roaming\.#\MBX@F88@18C2958.###
c:\users\Owner\AppData\Roaming\.#\MBX@FB0@3A28F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@FB0@3A2928.###
c:\users\Owner\AppData\Roaming\.#\MBX@FB0@3A2958.###
c:\users\Owner\AppData\Roaming\.#\MBX@FCC@1CB28F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@FCC@1CB2928.###
c:\users\Owner\AppData\Roaming\.#\MBX@FCC@1CB2958.###
c:\users\Owner\AppData\Roaming\.#\MBX@FF8@3728F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@FF8@372928.###
c:\users\Owner\AppData\Roaming\.#\MBX@FF8@372958.###
c:\users\Owner\AppData\Roaming\.#\MBX@FFC@1BA28F8.###
c:\users\Owner\AppData\Roaming\.#\MBX@FFC@1BA2928.###
c:\users\Owner\AppData\Roaming\.#\MBX@FFC@1BA2958.###
c:\windows\10197wo5z95.bin
c:\windows\10748vizus59.exe
c:\windows\10930wo5mz20.bin
c:\windows\10991zpamb5t469.cpl
c:\windows\11190zi5us38e.bin
c:\windows\11374troj59z.ocx
c:\windows\11399hac5tooz43f.dll
c:\windows\1153s9zm5ot487.bin
c:\windows\11975not-a-viruz1c0.cpl
c:\windows\11dzsparse25549.bin
c:\windows\120435o9mz9c.bin
c:\windows\12481h9cktoolz6b5.exe
c:\windows\12976worz5c.ocx
c:\windows\13435troj79z.bin
c:\windows\13475s9y641z.cpl
c:\windows\13bvirz6599.dll
c:\windows\13d0t9rzat26595.bin
c:\windows\13z815py94c.dll
c:\windows\141z0v9rus566.dll
c:\windows\144z0t5oj499.dll
c:\windows\14589vi9uz642.exe
c:\windows\14916hacktoz548d.exe
c:\windows\14z94hack5ool1e8.dll
c:\windows\15190ha5ktooz1d7.dll
c:\windows\151zba5kdoor941.dll
c:\windows\15444ha95tzol58f.ocx
c:\windows\15529sp547z.bin
c:\windows\15599troj39z.exe
c:\windows\15b1tzreat9597.cpl
c:\windows\15z0addware359.dll
c:\windows\16268not9a-v5rus7bcz.bin
c:\windows\16902zroj795.exe
c:\windows\16959spam9o56zb.bin
c:\windows\169th5eatz398.cpl
c:\windows\17132not-9-virus351z.ocx
c:\windows\17356s9ambot42z.cpl
c:\windows\17649ddware22z5.exe
c:\windows\17935wzrm95.exe
c:\windows\179z5w5rmf6.ocx
c:\windows\18169hackto9l5zf.cpl
c:\windows\18185worz493.exe
c:\windows\183ddoznloader1559.cpl
c:\windows\18815not-a-vi9us1za.cpl
c:\windows\18909zoj75d.dll
c:\windows\18z34w9r573d.dll
c:\windows\193f5ir1284z.ocx
c:\windows\194195irus16z9.dll
c:\windows\19592hazkt5ol5bb.dll
c:\windows\199z5acktool1c7.exe
c:\windows\1a39szeal3557.dll
c:\windows\1aa5back9ooz2557.exe
c:\windows\1ab0vi92z085.exe
c:\windows\1cbbthr9at13z455.bin
c:\windows\1edesp5rsez989.cpl
c:\windows\1fz6spy9are5721.dll
c:\windows\1z1965pambot39a9.exe
c:\windows\1z511hacktool6489.exe
c:\windows\1z573not-a-vir9s5f95.dll
c:\windows\1z91threat15598.bin
c:\windows\1zf65parse25379.ocx
c:\windows\20500sz5912.cpl
c:\windows\20655not-azv9rus533.bin
c:\windows\208475zt-a-virus4f9.dll
c:\windows\2091downzoa95r2996.dll
c:\windows\20z5dow5loader3950.ocx
c:\windows\20z919or5574.ocx
c:\windows\211az9a5se1144.cpl
c:\windows\2148thief9z45.bin
c:\windows\2169spzware5315.cpl
c:\windows\21805tzoj19c.dll
c:\windows\219aspyzare515.bin
c:\windows\21a9spywaz5590.bin
c:\windows\225bthief17z9.cpl
c:\windows\22979spazbot25c.cpl
c:\windows\2359viz11849.exe
c:\windows\24014t5oj1z59.ocx
c:\windows\240z9tr5j719.cpl
c:\windows\24152not9a-viruszca.exe
c:\windows\24857spy3z9.dll
c:\windows\24935not-a-vzrus2d2.cpl
c:\windows\2520stealz9265.exe
c:\windows\2525tro5z9e.exe
c:\windows\25451s5ambzt749.dll
c:\windows\25594hacktooz599.dll
c:\windows\25597hackzool5d3.dll
c:\windows\25698zackto5l717.bin
c:\windows\25891not-a-9irus58az.dll
c:\windows\259zspyw9re1559.ocx
c:\windows\25e0stzal2907.ocx
c:\windows\25e19zdware895.exe
c:\windows\25ez5tea9401.bin
c:\windows\25z72spamb5957.bin
c:\windows\2699s95zf3.ocx
c:\windows\26esp5wa9e4z8.dll
c:\windows\26z8959ambot37.dll
c:\windows\27636worm9z95.exe
c:\windows\27a59zr304.exe
c:\windows\2809vir591z.cpl
c:\windows\287919pyz5d.exe
c:\windows\28879z5mbot7f1.exe
c:\windows\29055zack5ool99.cpl
c:\windows\29105zor538e9.exe
c:\windows\2921zn9t-5-virus7e4.bin
c:\windows\29247hzck5oo94c0.bin
c:\windows\29392spam5otzea.dll
c:\windows\294zdown5oader546.bin
c:\windows\29651spz3e4.dll
c:\windows\29656s5y6fz9.exe
c:\windows\29675troj55z.bin
c:\windows\2993ztr5j9e2.bin
c:\windows\2998troz6a5.cpl
c:\windows\29e3b95kdoorz531.cpl
c:\windows\29e5sparse190z.dll
c:\windows\29z7spyw5re1630.bin
c:\windows\2a13zte5l9106.cpl
c:\windows\2bf2spazse57159.bin
c:\windows\2d8czhrea929751.dll
c:\windows\2ee4downlozde52549.exe
c:\windows\2z09t9ief1256.cpl
c:\windows\2z36backdoo931725.cpl
c:\windows\2z529spy2a0.ocx
c:\windows\2z625s5ambot789.dll
c:\windows\2zd5backdoor32769.ocx
c:\windows\30290hac5toolz9.cpl
c:\windows\303675zambo916e.exe
c:\windows\303859ot-a-zirus6b35.exe
c:\windows\30586not-9-vir5s2c4z.cpl
c:\windows\30769v5zus4a8.dll
c:\windows\30ad5zarse1907.exe
c:\windows\30do5nzoade92895.dll
c:\windows\31069no5za-viru95be.dll
c:\windows\31413v5rus590z.dll
c:\windows\3192095rme1z.cpl
c:\windows\32161not9a-v5zus4b6.bin
c:\windows\32285tr596fz.dll
c:\windows\32537virus590z.bin
c:\windows\32594tzoj3a95.bin
c:\windows\326zs5yware27999.ocx
c:\windows\3274ztro955e.ocx
c:\windows\333woz59c.exe
c:\windows\33f4zir56939.ocx
c:\windows\34159ownloader30z4.exe
c:\windows\3465vi933z.bin
c:\windows\3482st95l1632z.ocx
c:\windows\3499backdoorz55.ocx
c:\windows\35569pywzre1878.cpl
c:\windows\358z9hackto9l556.exe
c:\windows\35c6b9zkdoor2834.bin
c:\windows\3649addwar52485z.cpl
c:\windows\36bzsp9ware5047.ocx
c:\windows\3756downz9ader267.dll
c:\windows\37b3downzoader23895.dll
c:\windows\38459ddware31z2.ocx
c:\windows\3954back9ooz965.exe
c:\windows\3958thief29z9.dll
c:\windows\39bfsparsz1594.exe
c:\windows\3a86sparze2594.bin
c:\windows\3a989ownloadez5590.bin
c:\windows\3ab4spa9sz8055.cpl
c:\windows\3adsz5rse913.exe
c:\windows\3be2ba9kd5zr2674.cpl
c:\windows\3f3t9i5f269z.cpl
c:\windows\3f759reatz7294.exe
c:\windows\3z95ste5l1059.cpl
c:\windows\4195vir9z4.ocx
c:\windows\41cd5pzrse1901.bin
c:\windows\4219sp9rsez539.ocx
c:\windows\4245dzwnl5a9er2934.bin
c:\windows\42c69ddwzre31675.cpl
c:\windows\439eb9ckdozr1545.ocx
c:\windows\4405backdoor294z.dll
c:\windows\45dethi9f87z.ocx
c:\windows\462astezl15649.dll
c:\windows\4696dzwnload5r1991.bin
c:\windows\46ffback5oor3z419.ocx
c:\windows\4755thr9at9z30.ocx
c:\windows\4796bz95door2757.bin
c:\windows\4814thr9at521z1.dll
c:\windows\48165hrzat142999.exe
c:\windows\4819t9oz7d25.dll
c:\windows\4994not-z-9ir5s59a.cpl
c:\windows\49cdt5r9az16739.ocx
c:\windows\49cdth9ea5z9159.ocx
c:\windows\4a55stzal469.exe
c:\windows\4ae5th9e5t320z5.ocx
c:\windows\4bzct9ief28715.dll
c:\windows\4d2d9ddware2z75.exe
c:\windows\4ez3s9eal2654.bin
c:\windows\4ff3spyzare9525.dll
c:\windows\4z0asp9rse257.bin
c:\windows\4z58s5y31d9.bin
c:\windows\50059ackzool459.bin
c:\windows\502fsp9war518z.dll
c:\windows\509aspyzar59150.bin
c:\windows\5103b9ck5zor482.dll
c:\windows\51d5backdoorz905.ocx
c:\windows\52484z9y43d.dll
c:\windows\5264bzckdoor895.bin
c:\windows\53397troj7z0.ocx
c:\windows\5358dowzloade93009.ocx
c:\windows\535eaddwa5919z.bin
c:\windows\53athie91150z.cpl
c:\windows\5450tz9eat7116.exe
c:\windows\548bdownloz9er2242.cpl
c:\windows\54z09worm6c9.bin
c:\windows\54z99troja5.ocx
c:\windows\553cbackd9oz716.bin
c:\windows\5553down5zader9213.dll
c:\windows\5559troj9cdz.dll
c:\windows\556bspywaze295.bin
c:\windows\5589sparze559.ocx
c:\windows\5597steaz572.exe
c:\windows\55d9viz5752.cpl
c:\windows\55f7th59f3193z.ocx
c:\windows\563threat699z.exe
c:\windows\56685izus9d7.dll
c:\windows\5698t5rzat31256.exe
c:\windows\57333tro97z9.ocx
c:\windows\581f5zckdoor9524.cpl
c:\windows\58547szy29c.bin
c:\windows\5859zi9us15b.bin
c:\windows\59169szy47d.cpl
c:\windows\591as5ealz508.ocx
c:\windows\5937spamboz559.dll
c:\windows\5949steal165z5.exe
c:\windows\5956downloazer2721.cpl
c:\windows\595fdownloaderz983.dll
c:\windows\59619pz495.cpl
c:\windows\5970ztroj281.exe
c:\windows\5988v9rz35.cpl
c:\windows\59977wzrm579.bin
c:\windows\599fback5oor32z8.ocx
c:\windows\59azvir1361.cpl
c:\windows\59d0bzc5door2326.bin
c:\windows\59d8sp5waze2410.cpl
c:\windows\59ecazd5are3080.cpl
c:\windows\59z5thief2529.cpl
c:\windows\5a06sparze4329.dll
c:\windows\5adddownloaderz9459.dll
c:\windows\5b5csparz92771.cpl
c:\windows\5bdzthreat30519.exe
c:\windows\5cbtzief934.exe
c:\windows\5d2caddware3z459.exe
c:\windows\5d79thzef13889.exe
c:\windows\5d9ezpyware9424.bin
c:\windows\5e50zhr9at2635.bin
c:\windows\5ed5spyware6z9.dll
c:\windows\5f2f9tealz955.cpl
c:\windows\5f57azdwar9693.bin
c:\windows\5f95doznl5ader1521.bin
c:\windows\5f99vzr29329.cpl
c:\windows\5fzb59ief351.dll
c:\windows\5z51spambot5389.cpl
c:\windows\5zaathre5t76449.dll
c:\windows\617addwar593z5.cpl
c:\windows\619fvir29z5.bin
c:\windows\61d0sparz524659.ocx
c:\windows\6216sza5se9217.ocx
c:\windows\6479pa5se1997z.dll
c:\windows\6491s5ezl2935.dll
c:\windows\64zdspywar5769.cpl
c:\windows\651d5w9loadez1740.dll
c:\windows\6599bazkdoor1574.exe
c:\windows\65c3do9nloazer1759.bin
c:\windows\65cdoznloader9490.ocx
c:\windows\665ztroj96e.cpl
c:\windows\66zdste5l1759.ocx
c:\windows\6862not-a9zi5us56f.cpl
c:\windows\694cthreat2951z.ocx
c:\windows\6951zirus4da.bin
c:\windows\69559py6f6z.bin
c:\windows\6c7down5oazer1933.exe
c:\windows\6e51addwar9z053.cpl
c:\windows\6ef05oznloa9er2922.ocx
c:\windows\6fz0down5oader1092.exe
c:\windows\7012zd9ware550.dll
c:\windows\701zno9-a-virus5ed.bin
c:\windows\718aad5ware985z.bin
c:\windows\745worm9c9z.cpl
c:\windows\7523spamboz59a.cpl
c:\windows\7563not-z-vi5usb9.dll
c:\windows\759athizf2017.dll
c:\windows\75e8down9ozder24425.dll
c:\windows\75f4zparse9127.exe
c:\windows\7659not-a-virus13ez.dll
c:\windows\76b8backdoor944z5.ocx
c:\windows\7718hac59ool74fz.exe
c:\windows\78c5zpywa9e2954.dll
c:\windows\7998szy9b5.exe
c:\windows\79e6viz9625.dll
c:\windows\79eespyw5re1z16.cpl
c:\windows\7a9cszywar51570.cpl
c:\windows\7b569ackdoor2z35.ocx
c:\windows\7bb2azdw9re14585.exe
c:\windows\7c2ea5dwar9z426.exe
c:\windows\7faz5pyware699.exe
c:\windows\7ffe59rz29.ocx
c:\windows\7z57tro9356.dll
c:\windows\7zbbsp5ware597.exe
c:\windows\7zc1s95ware825.bin
c:\windows\8075s9azbot198.ocx
c:\windows\8413tzo91be5.dll
c:\windows\88dad9warz5453.cpl
c:\windows\90265irz090.dll
c:\windows\905irz949.bin
c:\windows\9075hreatz656.dll
c:\windows\909spywzre3245.dll
c:\windows\920z15irusc2.cpl
c:\windows\9405virz872.dll
c:\windows\94499not-a-5irus3z3.cpl
c:\windows\94c7spyware250z.dll
c:\windows\95309pamzo544a.cpl
c:\windows\95354wz5m5c9.exe
c:\windows\9553spy48ez.bin
c:\windows\9555thizf2644.exe
c:\windows\95565spamzot2.ocx
c:\windows\9595zpy2be.dll
c:\windows\95ad9waze1908.cpl
c:\windows\96fzthreat21563.ocx
c:\windows\9731zpyw5re2408.exe
c:\windows\9833not-a-virus395z.cpl
c:\windows\9839spzrse23485.exe
c:\windows\989zvir4925.dll
c:\windows\9985hacktzol374.cpl
c:\windows\99994spambzt40b5.ocx
c:\windows\99z75spy7c5.cpl
c:\windows\9b64steal5z89.dll
c:\windows\9c55p9rsz763.ocx
c:\windows\9de8st5al1996z.cpl
c:\windows\9ez5vir1690.dll
c:\windows\9ez6s5eal2348.cpl
c:\windows\9z220spy538.ocx
c:\windows\9z33hack9o5l62b.ocx
c:\windows\9z437not-a-vir5s46d.ocx
c:\windows\9z46backd5or813.dll
c:\windows\9z717wor5613.dll
c:\windows\a5zdownl9ader1730.cpl
c:\windows\b895a9kdoorz466.bin
c:\windows\d295tzal387.dll
c:\windows\d80thze5t255569.ocx
c:\windows\d89stealz755.ocx
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\dz95pyware25919.exe
c:\windows\ea9backzoor3645.bin
c:\windows\eacspzrse5955.ocx
c:\windows\f08dzwnload9r5408.bin
c:\windows\f2zs5eal1933.cpl
c:\windows\f88z5re9t49.exe
c:\windows\f89tzreat54383.cpl
c:\windows\system32\10282notza9virus5.bin
c:\windows\system32\10595not-5-virzs7e8.dll
c:\windows\system32\1065s9zr5e37.dll
c:\windows\system32\106z8hacktoo5429.cpl
c:\windows\system32\10855worm109z.bin
c:\windows\system32\10985n9t-a-virusz54.bin
c:\windows\system32\1145spy5ar92z59.cpl
c:\windows\system32\11625spz295.cpl
c:\windows\system32\11adszars59092.cpl
c:\windows\system32\1209tr5j6fz9.cpl
c:\windows\system32\1221z95rus2fa.bin
c:\windows\system32\12ebac95oor1z30.exe
c:\windows\system32\133929acktoolz895.cpl
c:\windows\system32\13489t5o94f4z.exe
c:\windows\system32\13683zac9to5l6a3.bin
c:\windows\system32\1467zsp5759.ocx
c:\windows\system32\14a5ste9512z4.bin
c:\windows\system32\150075pzmbot3c9.ocx
c:\windows\system32\15959hacktooz493.bin
c:\windows\system32\1595tr5z281.ocx
c:\windows\system32\15b4ste5lz959.cpl
c:\windows\system32\16139hac5zo9l5b4.ocx
c:\windows\system32\1628zviru9567.exe
c:\windows\system32\166dbazkdo9r528.ocx
c:\windows\system32\16844z5oj1249.bin
c:\windows\system32\169845zy439.ocx
c:\windows\system32\16996nzt-a-virus7a5.ocx
c:\windows\system32\17399troj35ez.bin
c:\windows\system32\17575not5a-virus3zb9.cpl
c:\windows\system32\176555py9a6z.exe
c:\windows\system32\1799threatz19475.dll
c:\windows\system32\18259spazbot9b.ocx
c:\windows\system32\18314spa5bot9zc.cpl
c:\windows\system32\18431spzmbo92ed5.bin
c:\windows\system32\18512spamb5z49d.dll
c:\windows\system32\1855zorm18e9.exe
c:\windows\system32\18744s5amb9tz4b.exe
c:\windows\system32\194959zojf2.exe
c:\windows\system32\19508trzj50d.bin
c:\windows\system32\19516sp9mbot2dz.bin
c:\windows\system32\19540zo9m3db.dll
c:\windows\system32\1954spy7z8.bin
c:\windows\system32\19852no59azvirus8e.dll
c:\windows\system32\19d2b5ckdooz3176.cpl
c:\windows\system32\19e7stea52150z.ocx
c:\windows\system32\19eebackdooz2255.ocx
c:\windows\system32\1baespar593z39.ocx
c:\windows\system32\1bdzv95958.bin
c:\windows\system32\1c99virz539.dll
c:\windows\system32\1cb6th9efz575.dll
c:\windows\system32\1f5baddwaz9513.dll
c:\windows\system32\1z00th5ef4489.cpl
c:\windows\system32\1z053spa59ot47.exe
c:\windows\system32\1ze45ddw9re883.cpl
c:\windows\system32\20259spa9bot28z.dll
c:\windows\system32\20406not-a-v9rus45cz.dll
c:\windows\system32\205aspars5196z.bin
c:\windows\system32\2064zack9oo5581.bin
c:\windows\system32\206z5ackdoor2597.bin
c:\windows\system32\20eds5arz91813.dll
c:\windows\system32\21589hacztool153.cpl
c:\windows\system32\21595vizu97ab.ocx
c:\windows\system32\219z3troj550.ocx
c:\windows\system32\22356t9oj70bz.dll
c:\windows\system32\22499sp5mbot665z.ocx
c:\windows\system32\2281addwzr51987.ocx
c:\windows\system32\22890hack5ozl629.dll
c:\windows\system32\229z8not-a-vi5us53e.ocx
c:\windows\system32\233539roj5f0z.dll
c:\windows\system32\23673s59713z.ocx
c:\windows\system32\239275zy4ff9.ocx
c:\windows\system32\23az9hie5286.cpl
c:\windows\system32\23z0495rm2f.exe
c:\windows\system32\242cthzef5639.bin
c:\windows\system32\24468zo5-a-viru94d3.dll
c:\windows\system32\249525roz27d9.cpl
c:\windows\system32\24de95reat29755z.ocx
c:\windows\system32\24e5spy5arz963.bin
c:\windows\system32\250599zt-a-viru52ff.exe
c:\windows\system32\25297viz5s9d.dll
c:\windows\system32\25304s9amzot195.bin
c:\windows\system32\255899zy593.dll
c:\windows\system32\255z0spam5ot494.exe
c:\windows\system32\2597not-a-9izus7f8.exe
c:\windows\system32\25z8backdoor9.bin
c:\windows\system32\2615t9reatz6031.dll
c:\windows\system32\26495t9az1784.ocx
c:\windows\system32\2691noz-a-virus6e5.cpl
c:\windows\system32\26z9195y598.exe
c:\windows\system32\27521zackto9l382.ocx
c:\windows\system32\27539vzru56ab.dll
c:\windows\system32\27602zacktoo9578.exe
c:\windows\system32\27899szambot598.dll
c:\windows\system32\27952zorm9a9.ocx
c:\windows\system32\27977sp9zbot4e5.ocx
c:\windows\system32\27d95parze2959.exe
c:\windows\system32\27dezownloade929285.cpl
c:\windows\system32\2815backdoor1193z.ocx
c:\windows\system32\2828thizf1594.bin
c:\windows\system32\282zstea51292.cpl
c:\windows\system32\28385hack9o5l212z.cpl
c:\windows\system32\28ecviz58549.dll
c:\windows\system32\28z33h5cktoola09.exe
c:\windows\system32\29239not-a-vi5us1z1.exe
c:\windows\system32\29300zpamb9t4fe5.ocx
c:\windows\system32\2936zworm659.ocx
c:\windows\system32\294045pz469.cpl
c:\windows\system32\2947zro57af.bin
c:\windows\system32\294not-z9vi5us475.dll
c:\windows\system32\29509w5rm7b9z.ocx
c:\windows\system32\29535vi5zs90.cpl
c:\windows\system32\295609o5-a-vzrus1b4.ocx
c:\windows\system32\29646hacktooz559.bin
c:\windows\system32\29d8s5eal11z3.exe
c:\windows\system32\2c29tzief5653.cpl
c:\windows\system32\2c56s9eaz1051.exe
c:\windows\system32\2c9cvir95z.bin
c:\windows\system32\2d50thi5f197z.cpl
c:\windows\system32\2d90thie5z95.dll
c:\windows\system32\2e2fbackdz59230.dll
c:\windows\system32\2e95stza9419.cpl
c:\windows\system32\2ez9pywar51032.cpl
c:\windows\system32\2f66s5zware9093.bin
c:\windows\system32\2f85zhi9f786.cpl
c:\windows\system32\2z159s5y1e3.dll
c:\windows\system32\2z754ha5ktool69c.bin
c:\windows\system32\30269wormzc95.dll
c:\windows\system32\30755spz913.bin
c:\windows\system32\312159ozm251.ocx
c:\windows\system32\313559pambotz98.exe
c:\windows\system32\315939ot-a-vizus41f.cpl
c:\windows\system32\31693not-a-zi5u967d.exe
c:\windows\system32\31b2thr5a9z1507.exe
c:\windows\system32\31zfsparse9165.exe
c:\windows\system32\32099vir5zdc.ocx
c:\windows\system32\3239195zmbot1ab.bin
c:\windows\system32\325espyzar525519.ocx
c:\windows\system32\32695no9-a-zirus6a5.exe
c:\windows\system32\3292zspy5d1.exe
c:\windows\system32\330f9pyzar52354.ocx
c:\windows\system32\3359v5r291z.exe
c:\windows\system32\3425virz95d.exe
c:\windows\system32\347bsp5rse3093z.bin
c:\windows\system32\35036t9ojz33.dll
c:\windows\system32\351zs95al1577.dll
c:\windows\system32\35299ziru952d.cpl
c:\windows\system32\35855notza-virus9a6.bin
c:\windows\system32\35b29ddwaze5056.exe
c:\windows\system32\36a5steal99z.ocx
c:\windows\system32\3820d9wnzoader4155.bin
c:\windows\system32\395bbzckdoor2062.ocx
c:\windows\system32\398zthreat244685.exe
c:\windows\system32\399a9t5alz862.exe
c:\windows\system32\39a8zack59or2856.bin
c:\windows\system32\39ezth5ef3099.exe
c:\windows\system32\3a52thi9f1495z.exe
c:\windows\system32\3b945hief3z61.cpl
c:\windows\system32\3c5cs9ywarez25.bin
c:\windows\system32\3d59stezl9245.bin
c:\windows\system32\3z14spyw5r91101.bin
c:\windows\system32\3z176virus50f9.cpl
c:\windows\system32\3z7bvir9598.cpl
c:\windows\system32\3zf5vir22249.exe
c:\windows\system32\404ea9dwaze14735.dll
c:\windows\system32\40895ddwaz92072.dll
c:\windows\system32\4295spywa5e15z7.dll
c:\windows\system32\429cthz5f1419.exe
c:\windows\system32\4315spars9204z.dll
c:\windows\system32\4369b5ckdoor999z.dll
c:\windows\system32\4549i5zs485.ocx
c:\windows\system32\454threatz38579.cpl
c:\windows\system32\4576st9al413z.dll
c:\windows\system32\45cfdo5nzoader2519.exe
c:\windows\system32\4647tzoj9fb5.cpl
c:\windows\system32\4652viru9534z.dll
c:\windows\system32\4752stzal16349.dll
c:\windows\system32\47f9zteal52119.dll
c:\windows\system32\48d9threa52z394.ocx
c:\windows\system32\4949not-5-vi9uz1a9.exe
c:\windows\system32\496dvir2518z.ocx
c:\windows\system32\499fs5yzare2934.ocx
c:\windows\system32\49c5b9ckdoor1z0.ocx
c:\windows\system32\4a97zt5al9593.ocx
c:\windows\system32\4a9thizf27475.dll
c:\windows\system32\4b01spywa5z3094.exe
c:\windows\system32\4b55stezl1499.dll
c:\windows\system32\4bzdthre5t32629.bin
c:\windows\system32\4d89ba5kdooz660.bin
c:\windows\system32\4e8dzhre9t28545.cpl
c:\windows\system32\4e95ad59aze154.cpl
c:\windows\system32\4f5dtzief2964.bin
c:\windows\system32\5004zackdo5r2911.dll
c:\windows\system32\50051not-z-vir9s541.exe
c:\windows\system32\50571w9rm3d9z.ocx
c:\windows\system32\508bthizf792.dll
c:\windows\system32\51407w9rmz78.cpl
c:\windows\system32\5151noz-a9v5rus189.bin
c:\windows\system32\51692troj676z.cpl
c:\windows\system32\51c8a9dw5ze853.exe
c:\windows\system32\51cbspa9s51271z.cpl
c:\windows\system32\51z55ddw9re1548.dll
c:\windows\system32\52295spambot5z6.ocx
c:\windows\system32\52688spambotza9.cpl
c:\windows\system32\5297no9-a-virus1z35.bin
c:\windows\system32\52z5s9eal2871.ocx
c:\windows\system32\53997zroj24e.cpl
c:\windows\system32\53f59ownzo5der1587.cpl
c:\windows\system32\5400backdoorz293.bin
c:\windows\system32\541ds9arse281z.ocx
c:\windows\system32\54294spambotcz9.bin
c:\windows\system32\54749hrea531z55.exe
c:\windows\system32\5495steal5z3.bin
c:\windows\system32\54e1sz9rse1569.dll
c:\windows\system32\552z9pyware396.bin
c:\windows\system32\556bvi9z958.ocx
c:\windows\system32\55758v9rusz95.exe
c:\windows\system32\55899spambot58z.dll
c:\windows\system32\55908spambzt60e.bin
c:\windows\system32\55e9sparse308z.exe
c:\windows\system32\565spywaze3590.exe
c:\windows\system32\57096spamzot53d.bin
c:\windows\system32\575ebackdo5r31z9.exe
c:\windows\system32\577cdownlz5der239.cpl
c:\windows\system32\579fadd5zre1512.bin
c:\windows\system32\5921viruz7a5.cpl
c:\windows\system32\593aza5kdoor491.ocx
c:\windows\system32\59470troj6zc.bin
c:\windows\system32\59669ir453z.bin
c:\windows\system32\5975worm75z5.dll
c:\windows\system32\59c9zpyware1952.exe
c:\windows\system32\59csparsez0479.cpl
c:\windows\system32\5a29thzeat5725.ocx
c:\windows\system32\5a43ad5zare31839.dll
c:\windows\system32\5b03s5zware9293.dll
c:\windows\system32\5b30virz459.cpl
c:\windows\system32\5b3za9dware1561.cpl
c:\windows\system32\5b9cadzware1788.exe
c:\windows\system32\5bd3zt5al5959.ocx
c:\windows\system32\5c0bthr9az28413.cpl
c:\windows\system32\5c4thr9at14971z.dll
c:\windows\system32\5c85thiez7959.bin
c:\windows\system32\5d4e9ackdzor3254.exe
c:\windows\system32\5d4z9hi5f73.bin
c:\windows\system32\5ddbthrezt29329.cpl
c:\windows\system32\5dz8v9r2453.exe
c:\windows\system32\5e705hreaz97302.exe
c:\windows\system32\5eacvi95315z.ocx
c:\windows\system32\5f459hzeat1589.bin
c:\windows\system32\5f5btz9eat5020.bin
c:\windows\system32\5fe5downloz9er3100.dll
c:\windows\system32\5fza9dware96.dll
c:\windows\system32\5z1est9al985.ocx
c:\windows\system32\5z338w9rm75.bin
c:\windows\system32\5z639p5rse2217.cpl
c:\windows\system32\5zba9parse722.cpl
c:\windows\system32\6036not-z-v9ru567b.bin
c:\windows\system32\608ddowzload9r2315.cpl
c:\windows\system32\6117a9dzare1577.cpl
c:\windows\system32\620adown9oade5196z.bin
c:\windows\system32\6259downl9zder1969.bin
c:\windows\system32\6285szambot9cb.dll
c:\windows\system32\63c1th5eat316z89.cpl
c:\windows\system32\64395hief116z.cpl
c:\windows\system32\64c9sp5rsez678.cpl
c:\windows\system32\6652not-a-vi9usz95.cpl
c:\windows\system32\6655backdo9r257z.cpl
c:\windows\system32\6765baczdoor18369.bin
c:\windows\system32\67e2threz9558.bin
c:\windows\system32\6887vzru94ce5.cpl
c:\windows\system32\696zvir24555.bin
c:\windows\system32\697fthie5z242.cpl
c:\windows\system32\6a40bazkdo5r3956.bin
c:\windows\system32\6a95sparze985.exe
c:\windows\system32\6bf0szars53229.dll
c:\windows\system32\6c4zaddware50419.ocx
c:\windows\system32\6c50zackdoo95294.bin
c:\windows\system32\6c53backdoor1592z.ocx
c:\windows\system32\6df9d9wn5ozder220.ocx
c:\windows\system32\6e7cbackz9o52769.ocx
c:\windows\system32\6f55t95eat10261z.cpl
c:\windows\system32\6f9sp5rs923z2.cpl
c:\windows\system32\6f9z5t9al2616.bin
c:\windows\system32\6z8cadd5are119.ocx
c:\windows\system32\6zf9thr5at21385.cpl
c:\windows\system32\7281sp95aze1035.bin
c:\windows\system32\72z9backdo9r5072.cpl
c:\windows\system32\7332dowzloa9er554.exe
c:\windows\system32\7499thr5az10377.exe
c:\windows\system32\7529zhreat5604.ocx
c:\windows\system32\753athre9t258z3.cpl
c:\windows\system32\7559tzoj279.bin
c:\windows\system32\75dzteal938.bin
c:\windows\system32\7747backdoo9z598.exe
c:\windows\system32\7793sp9zse5505.exe
c:\windows\system32\7880thi5f292z.bin
c:\windows\system32\789cst5al9081z.ocx
c:\windows\system32\7941zownlo9der5500.exe
c:\windows\system32\796dtzie51209.ocx
c:\windows\system32\798dstea9z1595.bin
c:\windows\system32\7a96bazkd5or1395.ocx
c:\windows\system32\7dafbac5door9z72.dll
c:\windows\system32\7dc3th9e5t21z8.cpl
c:\windows\system32\7dfa9oznloade51807.exe
c:\windows\system32\7e059iz2218.exe
c:\windows\system32\7ef05ackdooz1992.bin
c:\windows\system32\7fz3thr5at17961.dll
c:\windows\system32\7z55downl59der1173.ocx
c:\windows\system32\82999pz5bot3c4.dll
c:\windows\system32\8980not-a-vzr5s5eb.exe
c:\windows\system32\8f3thief198z5.bin
c:\windows\system32\9026vi5us2za.bin
c:\windows\system32\9074addw5ze565.bin
c:\windows\system32\90785vzrus658.cpl
c:\windows\system32\9092thief5249z.ocx
c:\windows\system32\90b3downl5ader159z.bin
c:\windows\system32\90z42spambot46e5.cpl
c:\windows\system32\91564hacktozlaf.exe
c:\windows\system32\924z5hief1906.ocx
c:\windows\system32\93095hacktoolzf2.bin
c:\windows\system32\93097virz5393.cpl
c:\windows\system32\9324no9-z-viru5218.dll
c:\windows\system32\93509worm5z45.cpl
c:\windows\system32\9350trojz1f.exe
c:\windows\system32\9359st5al1240z.cpl
c:\windows\system32\935daddwarez541.ocx
c:\windows\system32\93767troj3z45.ocx
c:\windows\system32\95190viruz135.cpl
c:\windows\system32\95510hack5zol256.bin
c:\windows\system32\9606ztroj7d5.exe
c:\windows\system32\96653virzs539.exe
c:\windows\system32\96712spazbo5218.cpl
c:\windows\system32\9700backz5or2284.cpl
c:\windows\system32\996305zy109.exe
c:\windows\system32\99ddaddw5rez23.cpl
c:\windows\system32\9a9bszea5970.exe
c:\windows\system32\9d35addwzre2258.exe
c:\windows\system32\9eezddware52499.bin
c:\windows\system32\9z37sparse1155.bin
c:\windows\system32\9z794spy65a.dll
c:\windows\system32\azc95ief2205.cpl
c:\windows\system32\d55zp9ware2751.dll
c:\windows\system32\e10do9zlo5der2922.dll
c:\windows\system32\e54thrza928265.exe
c:\windows\system32\eb9zir5646.ocx
c:\windows\system32\f49thie9z595.bin
c:\windows\system32\z0c6b9ckdoor528.bin
c:\windows\system32\z10339irus451.dll
c:\windows\system32\z1509p5rse3123.dll
c:\windows\system32\z205hacktoo559e.cpl
c:\windows\system32\z2079hacktool59f.dll
c:\windows\system32\z30dthie9965.exe
c:\windows\system32\z355vir5s119.cpl
c:\windows\system32\z3992spambo5146.exe
c:\windows\system32\z3easp9rse5936.ocx
c:\windows\system32\z4029spa9bot405.bin
c:\windows\system32\z4357spy9d7.dll
c:\windows\system32\z53adownlo9der24575.bin
c:\windows\system32\z5546vi9us2.dll
c:\windows\system32\z5929vi5us29c9.cpl
c:\windows\system32\z603bac5do9r1552.bin
c:\windows\system32\z606hackt5ol49.exe
c:\windows\system32\z6936viru5f9.bin
c:\windows\system32\z6978tr5j304.ocx
c:\windows\system32\z69975ot-a-9irus446.ocx
c:\windows\system32\z8729ddware2625.exe
c:\windows\system32\z918sp53e9.dll
c:\windows\system32\z9759virus2c7.exe
c:\windows\system32\z9940tr5j6e.ocx
c:\windows\z054worm39c.cpl
c:\windows\z05fs9arse3026.exe
c:\windows\z0edow5lo9der2052.exe
c:\windows\z1121vi95s7d1.cpl
c:\windows\z1349worm5af5.ocx
c:\windows\z13bbackdoo5391.cpl
c:\windows\z22215py9e.exe
c:\windows\z25estea91973.cpl
c:\windows\z399v5r29059.exe
c:\windows\z39wo5m693.bin
c:\windows\z4422w5r9191.exe
c:\windows\z541t5r9at388.dll
c:\windows\z5550wormef9.ocx
c:\windows\z5905worm359.bin
c:\windows\z5976spy675.bin
c:\windows\z59wormf4.cpl
c:\windows\z5ad59reat1635.dll
c:\windows\z7053not-a5virus39a.dll
c:\windows\z9061worm2a15.dll
c:\windows\z9c7vir522.ocx
c:\windows\ze995ackdoor9216.exe

.
((((((((((((((((((((((((( Files Created from 2011-01-23 to 2011-02-23 )))))))))))))))))))))))))))))))
.

2011-02-23 14:40 . 2011-02-23 14:40 -------- d-----w- c:\users\Owner\AppData\Local\temp
2011-02-23 14:40 . 2011-02-23 14:40 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp
2011-02-23 14:40 . 2011-02-23 14:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-23 14:19 . 2011-02-23 14:19 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{06CF8F3F-7DED-4C11-9467-62D8EF973CDF}\MpKsl9f3a7996.sys
2011-02-23 13:53 . 2011-02-23 13:53 -------- d-----w- c:\program files\Feedback Tool
2011-02-23 13:32 . 2011-02-02 22:10 5890896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{06CF8F3F-7DED-4C11-9467-62D8EF973CDF}\mpengine.dll
2011-02-22 13:19 . 2011-02-02 22:10 5890896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-02-18 21:43 . 2011-02-18 21:43 -------- d-----w- c:\program files\iPod
2011-02-18 21:32 . 2011-02-18 21:32 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2011-02-18 21:32 . 2011-02-18 21:32 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2011-02-18 21:32 . 2011-02-18 21:32 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2011-02-18 21:32 . 2011-02-18 21:32 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2011-02-18 21:32 . 2011-02-18 21:32 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2011-02-18 21:32 . 2011-02-18 21:32 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2011-02-18 21:32 . 2011-02-18 21:32 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2011-02-18 21:32 . 2011-02-18 21:32 -------- d-----w- c:\program files\QuickTime
2011-02-18 20:42 . 2011-02-18 20:42 -------- d-----w- c:\program files\Common Files\Adobe
2011-02-18 20:14 . 2010-11-30 15:43 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BD33F508-4BC8-4DB2-A6B0-90F4E91A183C}\gapaengine.dll
2011-02-18 19:54 . 2011-02-18 19:54 -------- d-----w- c:\program files\Microsoft Security Client
2011-02-18 19:53 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2011-02-18 19:47 . 2011-02-18 19:47 -------- d-----w- c:\program files\Common Files\Java
2011-02-18 17:57 . 2011-01-06 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-02-18 17:57 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2011-02-18 17:57 . 2010-12-14 14:49 1169408 ----a-w- c:\windows\system32\sdclt.exe
2011-02-18 17:53 . 2010-11-04 18:56 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-02-18 17:53 . 2010-11-04 18:55 352768 ----a-w- c:\windows\system32\taskschd.dll
2011-02-18 17:53 . 2010-11-04 18:55 601600 ----a-w- c:\windows\system32\schedsvc.dll
2011-02-18 17:53 . 2010-11-04 18:55 270336 ----a-w- c:\windows\system32\taskcomp.dll
2011-02-18 17:53 . 2010-11-04 16:34 171520 ----a-w- c:\windows\system32\taskeng.exe
2011-02-18 17:53 . 2010-10-18 13:37 81920 ----a-w- c:\windows\system32\consent.exe
2011-02-18 17:53 . 2010-10-28 13:20 2048 ----a-w- c:\windows\system32\tzres.dll
2011-02-18 17:52 . 2011-01-08 06:28 292352 ----a-w- c:\windows\system32\atmfd.dll
2011-02-18 17:51 . 2011-01-08 08:47 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-18 17:51 . 2010-06-16 15:30 72704 ----a-w- c:\windows\system32\fontsub.dll
2011-02-18 17:36 . 2011-02-02 22:10 5890896 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0F8EF6F1-FDB6-4628-B70D-F3D20E4E08D7}\mpengine.dll
2011-02-18 17:35 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-18 17:34 . 2011-02-18 17:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-18 17:34 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-30 15:45 . 2011-01-30 15:45 135568 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-03 02:40 . 2010-06-30 23:56 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Google Update"="c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-10-15 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-04-01 133656]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-04-01 141848]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2008-06-02 178712]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-04-01 166424]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-25 44136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCUTRAYICON]
FactoryMode [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-12-14 22:17 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
2006-09-28 13:42 65536 ----a-w- c:\hp\support\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-01-25 20:08 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
2006-12-08 19:16 65536 ----a-w- c:\hp\KBD\KbdStub.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2010-09-23 04:47 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-01-15 15:26 4874240 ----a-w- c:\windows\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-02-14 15:52 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiSpywareOverride"=dword:00000001

R1 MpKsl6249172b;MpKsl6249172b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6F80B6D8-18E7-422F-A3BA-47F27EABEAB9}\MpKsl6249172b.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c9a32149f5de78;Google Update Service (gupdate1c9a32149f5de78);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-12 133104]
R2 IntelDHSvcConf;Intel DH Service;c:\program files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [2006-05-10 29696]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-12-20 38224]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-25 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 MpKsl9f3a7996;MpKsl9f3a7996;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{06CF8F3F-7DED-4C11-9467-62D8EF973CDF}\MpKsl9f3a7996.sys [2011-02-23 28752]
S2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-09-03 208896]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-25 43392]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - MPKSL9F3A7996

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2011-02-22 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-05-08 01:44]

2011-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-12 14:46]

2011-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-12 14:46]

2011-02-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3755258399-2393947472-1914487811-1001Core.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-18 10:37]

2011-02-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3755258399-2393947472-1914487811-1001UA.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-18 10:37]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=71&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
Trusted Zone: insuranceinstitute.ca\webmail
.
- - - - ORPHANS REMOVED - - - -

BHO-{c95a4e8e-816d-4655-8c79-d736da1adb6d} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-fssui - c:\program files\Windows Live\Family Safety\fsui.exe
MSConfigStartUp-HP Software Update - c:\program files\HP\HP Software Update\HPWuSchd2.exe
MSConfigStartUp-HPADVISOR - c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-23 09:40
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-02-23 09:42:15
ComboFix-quarantined-files.txt 2011-02-23 14:42

Pre-Run: 224,018,046,976 bytes free
Post-Run: 223,393,832,960 bytes free

- - End Of File - - E3B1B618427DB5D59099BC15EA687E84

Edited by TKWizard, 23 February 2011 - 09:46 AM.


#3 TKWizard

TKWizard
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:19 PM

Posted 24 February 2011 - 11:52 AM

Requested Help on another forum. Sorry guys!

Thanks a lot last time though.

#4 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:19 PM

Posted 24 February 2011 - 05:43 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users