Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

RootKit with redirect /MalwareBytes ,AVG will not run


  • This topic is locked This topic is locked
27 replies to this topic

#1 Tom Ketch

Tom Ketch

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:04:41 AM

Posted 29 September 2011 - 03:18 AM

DDS results:

Program did not run. First line says:
MZ   @  !L!This program cannot be run in DOS mode.

Followed by lots more gibberish


GMER:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-09-29 01:31:00
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: I:\DOCUME~1\TK\LOCALS~1\Temp\fxtdqpog.sys


---- Kernel code sections - GMER 1.0.15 ----

.text I:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF439E000, 0x1B85E6, 0xE8000020]
.text I:\WINDOWS\system32\DRIVERS\serial.sys section is writeable [0xF42C3000, 0x3A84, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text I:\Program Files\Internet Explorer\iexplore.exe[2068] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 I:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[2068] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AC9 I:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[2068] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD12D I:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[2068] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB3C I:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[2068] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E2546A6 I:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[2068] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5337 I:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[2068] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E5269 I:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[2068] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E52D4 I:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[2068] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E513A I:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[2068] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E519C I:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[2068] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E539A I:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[2068] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E51FE I:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[2068] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDB98 I:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[2068] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E569F I:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[2068] ws2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 46CB3704 I:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[2068] ws2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 46CB41DF I:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[2068] ws2_32.dll!socket 71AB4211 5 Bytes JMP 46CB354C I:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[2068] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 46CB35DC I:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[2068] ws2_32.dll!send 71AB4C27 5 Bytes JMP 46CB3B92 I:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[2068] ws2_32.dll!recv 71AB676F 5 Bytes JMP 46CB4549 I:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text I:\WINDOWS\system32\SearchIndexer.exe[2632] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C I:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[3344] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 I:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[3344] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB3C I:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[3344] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5337 I:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[3344] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E5269 I:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[3344] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E52D4 I:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[3344] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E513A I:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[3344] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E519C I:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[3344] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E539A I:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[3344] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E51FE I:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[6124] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 I:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[6124] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AC9 I:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[6124] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD12D I:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[6124] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB3C I:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[6124] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E2546A6 I:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[6124] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5337 I:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[6124] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E5269 I:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[6124] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E52D4 I:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[6124] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E513A I:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[6124] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E519C I:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[6124] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E539A I:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[6124] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E51FE I:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[6124] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDB98 I:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[6124] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E569F I:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[6124] ws2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 46CB3704 I:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[6124] ws2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 46CB41DF I:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[6124] ws2_32.dll!socket 71AB4211 5 Bytes JMP 46CB354C I:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[6124] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 46CB35DC I:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[6124] ws2_32.dll!send 71AB4C27 5 Bytes JMP 46CB3B92 I:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text I:\Program Files\Internet Explorer\iexplore.exe[6124] ws2_32.dll!recv 71AB676F 5 Bytes JMP 46CB4549 I:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)

AttachedDevice tdrpm258.sys (Acronis Try&Decide Volume Filter Driver/Acronis)

Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
Device ACPI.sys (ACPI Driver for NT/Microsoft Corporation)

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 tdrpm258.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device usbhub.sys (Default Hub Driver for USB/Microsoft Corporation)
Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device Fs_Rec.SYS (File System Recognizer Driver/Microsoft Corporation)
Device \Driver\00000588 \GLOBAL??\651ab40f 8A494830
Device Cdfs.SYS (CD-ROM File System Driver/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk1\DR2 sector 00: rootkit-like behavior

---- Files - GMER 1.0.15 ----

ADS I:\WINDOWS\263461477:2598718448.exe 784 bytes executable <-- ROOTKIT !!!

---- Services - GMER 1.0.15 ----

Service I:\WINDOWS\263461477:2598718448.exe [MANUAL] 651ab40f <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:41 AM

Posted 04 October 2011 - 03:20 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/421033 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:11:41 AM

Posted 04 October 2011 - 09:53 AM

Hi,

My name is Casey and I will be helping you with your malware problems.

Whilst I research the problems in your logs, it is very important that you do not make any changes to this PC. Specifically, do not run any further malware removal tools or try to remove anything yourself.

You may wish to "Watch Topic" so that you are immediately informed of any replies I make. I also ask that you reply to my posts within 5 days else your topic will be closed as stale.

Throughout the removal process, if you have any questions then you should ask them. If you are unsure of my instructions or something does not go as planned - then please tell me. Conversely, it is also important that you answer any questions I have and that you keep me updated on the state of the PC.

Regards,

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#4 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:11:41 AM

Posted 04 October 2011 - 10:05 AM

Hi again,

Download and run ComboFix

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. If you are prompted to install the Recovery Console, then please do so.

Please include the C:\ComboFix.txt in your next reply for further review.

Note: If you have trouble running ComboFix, then please rename ComboFix.exe to Caseyboy.exe and re-run.

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#5 Tom Ketch

Tom Ketch
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:04:41 AM

Posted 05 October 2011 - 07:53 AM

Thanks Casey_boy

Before running I got several message warnings regarding Mneed to shut down Microsoft se3curity essentials. Couldn't find where it was runninng and ran combofix despite without apparently shutting it down.
Here's the results:

ComboFix 11-10-05.01 - TK 10/05/2011 6:11.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2475 [GMT -6:00]
Running from: i:\documents and settings\TK\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
i:\documents and settings\Default User\Start Menu\Programs\Startup\KOEBU.0XE
i:\documents and settings\TK\GoToAssistDownloadHelper.exe
i:\documents and settings\TK\WINDOWS
I:\Install.exe
i:\windows\$BLSTUN$
i:\windows\$BLSTUN$\apUninstall.exe
i:\windows\$BLSTUN$\lmatn.dll
i:\windows\$BLSTUN$\qgnnv.dll
i:\windows\system32\comct332.ocx
i:\windows\system32\d3d9caps.dat
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_651ab40f
.
.
((((((((((((((((((((((((( Files Created from 2011-09-05 to 2011-10-05 )))))))))))))))))))))))))))))))
.
.
2011-09-27 05:49 . 2011-09-27 05:49 -------- d-----w- i:\documents and settings\TK\Application Data\f-secure
2011-09-27 05:49 . 2011-09-27 05:49 -------- d-----w- i:\documents and settings\All Users\Application Data\F-Secure
2011-09-27 04:28 . 2011-10-05 12:18 1409 ----a-w- i:\windows\QTFont.for
2011-09-26 14:51 . 2011-09-26 14:58 -------- d-----w- i:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-09-26 14:51 . 2011-09-26 14:52 -------- d-----w- i:\program files\Spybot - Search & Destroy
2011-09-26 13:57 . 2011-09-26 14:25 -------- d---a-w- i:\documents and settings\All Users\Application Data\TEMP
2011-09-26 13:55 . 2011-09-26 13:56 34061558 ----a-w- I:\7.0.0.538f-sdasetup-regnow201-AVP.exe
2011-09-23 17:05 . 2011-09-27 03:36 -------- d-----w- i:\documents and settings\TK\Application Data\Fezysuk
2011-09-23 17:05 . 2011-09-27 11:55 -------- d-----w- i:\documents and settings\TK\Application Data\Odesate
2011-09-23 17:00 . 2011-09-23 17:00 -------- d-----w- i:\windows\system32\wbem\Repository
2011-09-22 21:31 . 2011-09-22 21:31 -------- d-----w- i:\documents and settings\TK\Application Data\AVG2012
2011-09-22 21:29 . 2011-09-23 16:08 -------- d-----w- i:\documents and settings\All Users\Application Data\AVG2012
2011-09-22 21:29 . 2011-09-22 21:29 -------- d-----w- i:\windows\system32\drivers\AVG
2011-09-22 21:28 . 2011-09-22 21:28 -------- d-----w- i:\program files\AVG
2011-09-22 20:40 . 2011-09-27 11:55 -------- d-----w- i:\documents and settings\TK\Application Data\Suteif
2011-09-22 20:40 . 2011-09-22 20:40 -------- d-----w- i:\documents and settings\TK\Application Data\Evbo
2011-09-22 20:21 . 2011-09-22 20:21 -------- d-----w- i:\documents and settings\All Users\Application Data\WSTB
2011-09-22 20:21 . 2011-09-22 20:21 2459648 ----a-w- i:\windows\system32\OPENCLOUD SECURITY.0XE
2011-09-22 20:21 . 2011-09-22 20:21 -------- d-----w- I:\OpenCloud Security
2011-09-22 19:36 . 2011-09-22 19:36 -------- d--h--w- i:\documents and settings\All Users\Application Data\Common Files
2011-09-22 19:32 . 2011-09-22 21:24 -------- d-----w- i:\documents and settings\All Users\Application Data\MFAData
2011-09-21 22:19 . 2011-09-21 22:19 -------- d-----w- i:\documents and settings\NetworkService\Application Data\FileOpen
2011-09-21 22:19 . 2011-09-21 22:19 -------- d-----w- i:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-09-21 20:38 . 2011-09-23 17:20 -------- d-----w- I:\Malwarebytes' Anti-Malware
2011-09-21 20:38 . 2011-08-31 23:00 22216 ----a-w- i:\windows\system32\drivers\mbam.sys
2011-09-21 06:22 . 2011-09-21 05:26 1008092 ----a-w- I:\arekle.exe
2011-09-21 06:20 . 2011-09-22 21:45 -------- d-----w- i:\documents and settings\Admin2
2011-09-21 05:55 . 2011-09-21 06:00 -------- d-----w- i:\documents and settings\Guest
2011-09-21 04:47 . 2011-09-21 04:46 205072 ----a-w- i:\windows\system32\drivers\tmcomm.sys
2011-09-20 18:03 . 2009-06-30 16:37 28552 ----a-w- i:\windows\system32\drivers\pavboot.sys
2011-09-20 18:03 . 2011-09-20 18:03 -------- d-----w- i:\program files\Panda Security
2011-09-20 15:41 . 2011-09-20 15:44 -------- d-----w- i:\documents and settings\Administrator
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-09 09:12 . 2008-04-14 12:00 599040 ----a-w- i:\windows\system32\crypt32.dll
2011-09-04 19:38 . 2009-08-18 17:30 564632 ----a-w- i:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\wlidui.dll
2011-09-04 19:38 . 2009-08-18 17:24 18328 ----a-w- i:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-08-16 16:10 . 2011-05-22 14:49 404640 ----a-w- i:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-08 12:08 . 2011-08-08 12:08 40016 ----a-w- i:\windows\system32\drivers\avgmfx86.sys
2011-07-15 13:29 . 2008-04-14 12:00 456320 ----a-w- i:\windows\system32\drivers\mrxsmb.sys
2011-07-11 07:14 . 2011-07-11 07:14 295248 ----a-w- i:\windows\system32\drivers\avgtdix.sys
2011-07-11 07:14 . 2011-07-11 07:14 16720 ----a-w- i:\windows\system32\drivers\AVGIDSShim.sys
2011-07-11 07:14 . 2011-07-11 07:14 24272 ----a-w- i:\windows\system32\drivers\AVGIDSFilter.sys
2011-07-11 07:14 . 2011-07-11 07:14 23120 ----a-w- i:\windows\system32\drivers\AVGIDSEH.sys
2011-07-11 07:14 . 2011-07-11 07:14 134608 ----a-w- i:\windows\system32\drivers\AVGIDSDriver.sys
2011-07-11 07:13 . 2011-07-11 07:13 229840 ----a-w- i:\windows\system32\drivers\avgldx86.sys
2011-07-11 07:13 . 2011-07-11 07:13 32464 ----a-w- i:\windows\system32\drivers\avgrkx86.sys
2011-07-08 14:02 . 2008-04-14 12:00 10496 ----a-w- i:\windows\system32\drivers\ndistapi.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2011-03-04 02:52 762000 ----a-r- i:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2011-03-04 02:52 762000 ----a-r- i:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2011-03-04 02:52 762000 ----a-r- i:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="i:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-02-25 2387968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="i:\program files\IDT\WDM\sttray.exe" [2008-11-28 446571]
"StartCCC"="i:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-30 61440]
"SunJavaUpdateSched"="i:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"Acrobat Assistant 8.0"="i:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-23 620152]
"QuickTime Task"="i:\program files\QuickTime\qttask.exe" [2010-03-21 77824]
"Bing Bar"="i:\program files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe" [2010-03-24 243544]
"Microsoft Default Manager"="i:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
"TrueImageMonitor.exe"="i:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2010-03-27 5107232]
"Acronis Scheduler2 Service"="i:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-03-27 362232]
"The Assistant"="i:\program files\a la mode\Sched\eSched.exe" [2007-04-16 99840]
"Carbonite Backup"="i:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2011-03-04 948880]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="i:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
i:\documents and settings\TK\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - i:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
.
i:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - i:\windows\Installer\{AC76BA86-1033-0000-BA7E-000000000003}\_SC_Acrobat.exe [2010-3-4 295606]
Adobe Acrobat Synchronizer.lnk - i:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
Windows Search.lnk - i:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "i:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"i:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"i:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"i:\\Program Files\\a la mode\\Sched\\eSched.exe"=
"i:\\Program Files\\Microsoft SQL Server\\MSSQL$ALAMODE\\Binn\\sqlservr.exe"=
"i:\\WINDOWS\\system32\\VaultFilesDownloader.exe"=
.
R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);i:\windows\system32\drivers\tdrpm258.sys [12/1/2010 8:52 AM 911680]
R2 afcdpsrv;Acronis Nonstop Backup service;i:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [12/1/2010 8:52 AM 2480048]
R2 MSSQL$ALAMODE;MSSQL$ALAMODE;i:\program files\Microsoft SQL Server\MSSQL$ALAMODE\Binn\sqlservr.exe [5/4/2005 1:04 AM 9158656]
R3 afcdp;afcdp;i:\windows\system32\drivers\afcdp.sys [12/1/2010 8:52 AM 160704]
S1 MpKsl24b0fa41;MpKsl24b0fa41;\??\i:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9E09E290-B022-4892-BC8E-5163078DF532}\MpKsl24b0fa41.sys --> i:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9E09E290-B022-4892-BC8E-5163078DF532}\MpKsl24b0fa41.sys [?]
S1 MpKsl6d31ba17;MpKsl6d31ba17;\??\i:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{93A7E235-7347-4E91-8A65-FA2B673A98BB}\MpKsl6d31ba17.sys --> i:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{93A7E235-7347-4E91-8A65-FA2B673A98BB}\MpKsl6d31ba17.sys [?]
S1 MpKsl7bbc14b1;MpKsl7bbc14b1;\??\i:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{18A97571-1972-4C70-963E-B021151C9695}\MpKsl7bbc14b1.sys --> i:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{18A97571-1972-4C70-963E-B021151C9695}\MpKsl7bbc14b1.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;i:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);i:\program files\Google\Update\GoogleUpdate.exe [3/17/2010 1:21 AM 136176]
S3 gupdatem;Google Update Service (gupdatem);i:\program files\Google\Update\GoogleUpdate.exe [3/17/2010 1:21 AM 136176]
S3 PLTurbh;Prolific turbo filter driver for hdd;i:\windows\system32\drivers\plturbh.sys [3/21/2010 8:35 AM 16384]
S3 PLTurbo;Prolific turbo filter driver for odd;i:\windows\system32\drivers\plturbo.sys [3/21/2010 8:35 AM 16640]
S3 SQLAgent$ALAMODE;SQLAgent$ALAMODE;i:\program files\Microsoft SQL Server\MSSQL$ALAMODE\Binn\sqlagent.EXE [5/3/2005 10:42 PM 323584]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;i:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;i:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [7/22/2009 9:08 PM 47128]
S4 RsFx0103;RsFx0103 Driver;i:\windows\system32\drivers\RsFx0103.sys [3/30/2009 3:09 AM 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);i:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [9/17/2010 11:14 AM 370008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-02-25 17:12 451872 ----a-w- i:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-05 i:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- i:\program files\Google\Update\GoogleUpdate.exe [2010-03-17 07:21]
.
2011-10-05 i:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- i:\program files\Google\Update\GoogleUpdate.exe [2010-03-17 07:21]
.
2011-10-05 i:\windows\Tasks\User_Feed_Synchronization-{B44547AC-B04C-42EE-AB19-1318D412F1D1}.job
- i:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
2011-10-05 i:\windows\Tasks\VersionCheck.job
- i:\documents and settings\All Users\Application Data\WSTB\verupd.exe [2011-09-21 16:11]
.
.
------- Supplementary Scan -------
.
mStart Page = about:blank
IE: Append to existing PDF - i:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - i:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - i:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - i:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - i:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - i:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - i:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - i:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - i:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 68.87.85.102 68.87.69.150
DPF: {CD27EEF6-55B8-4F24-99C5-E1191D814445} - file:///I:/a%20la%20mode/WinTOTAL/Content/cabs/alaWeb5.CAB
FF - ProfilePath - i:\documents and settings\TK\Application Data\Mozilla\Firefox\Profiles\dtr2auh1.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - i:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: jqs@sun.com - i:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - i:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - user.js: browser.search.selectedEngine - Search
FF - user.js: browser.search.order.1 - Search
FF - user.js: keyword.URL - hxxp://search.internet-search-results.com/?sid=10101179100&s=
.
.
------- File Associations -------
.
.scr=AutoCADScript
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-{FCE10A86-5FD4-5E96-E10D-09F42ABF3321} - i:\documents and settings\TK\Application Data\Odesate\locine.exe
HKLM-Run-MSC - i:\program files\Microsoft Security Client\msseces.exe
AddRemove-Microsoft Security Client - i:\program files\Microsoft Security Client\Setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-05 06:21
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
i:\windows\263461477:2598718448.exe 784 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1056)
i:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3708)
i:\windows\system32\WININET.dll
i:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
i:\windows\system32\msi.dll
i:\windows\system32\ieframe.dll
i:\windows\system32\webcheck.dll
i:\windows\system32\WPDShServiceObj.dll
i:\windows\system32\PortableDeviceTypes.dll
i:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
i:\windows\system32\Ati2evxx.exe
i:\windows\system32\Ati2evxx.exe
i:\program files\idt\5902xp_6033v_012208\wdm\STacSV.exe
i:\program files\Common Files\Acronis\Schedule2\schedul2.exe
i:\program files\Carbonite\Carbonite Backup\carboniteservice.exe
i:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
i:\program files\Common Files\LightScribe\LSSrvc.exe
i:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
i:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
i:\program files\Visioneer\OneTouch 4.0\OtService.exe
i:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
i:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
i:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
i:\windows\system32\SearchIndexer.exe
i:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
i:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
i:\windows\system32\SearchProtocolHost.exe
i:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
i:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
i:\program files\OpenOffice.org 3\program\soffice.exe
i:\program files\OpenOffice.org 3\program\soffice.bin
i:\windows\system32\SearchFilterHost.exe
i:\program files\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Completion time: 2011-10-05 06:26:57 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-05 12:26
.
Pre-Run: 677,998,567,424 bytes free
Post-Run: 681,516,023,808 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 2835D7824944EC93875B63E5C0D37F25

#6 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:11:41 AM

Posted 05 October 2011 - 08:48 AM

Hi,

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the box below into it.

4. Combofix might upload a few suspicious files. Please allow this!!

Folder::
i:\documents and settings\TK\Application Data\Fezysuk
i:\documents and settings\TK\Application Data\Odesate
i:\documents and settings\TK\Application Data\Suteif
i:\documents and settings\TK\Application Data\Evbo
i:\documents and settings\All Users\Application Data\WSTB
I:\OpenCloud Security

Collect::
i:\windows\system32\OPENCLOUD SECURITY.0XE
i:\windows\263461477:2598718448.exe

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.



Reboot. How is your PC now running?

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#7 Tom Ketch

Tom Ketch
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:04:41 AM

Posted 05 October 2011 - 10:05 AM

Got warning box regarding Microsoft Security Essentials that doesn't seem to be running anywhere.
Ran combofix despite this warning with results below.

Still getting a redirect after this. For instance After most recent attempt Bleepingcomputers address was redirected to http://computertrainingcenterr.info/?rid=559242&rname=bleepingcomputers.com&OptId=10

Thanks again Casey_boy


ComboFix Redeaux:

ComboFix 11-10-05.01 - TK 10/05/2011 8:25.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2413 [GMT -6:00]
Running from: i:\documents and settings\TK\Desktop\ComboFix.exe
Command switches used :: i:\documents and settings\TK\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
file zipped: i:\windows\263461477:2598718448.exe
file zipped: i:\windows\system32\OPENCLOUD SECURITY.0XE
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
i:\documents and settings\All Users\Application Data\WSTB
i:\documents and settings\All Users\Application Data\WSTB\verupd.exe
i:\documents and settings\TK\Application Data\Evbo
i:\documents and settings\TK\Application Data\Evbo\issune.tmp
i:\documents and settings\TK\Application Data\Fezysuk
i:\documents and settings\TK\Application Data\Odesate
i:\documents and settings\TK\Application Data\Odesate\LOCINE.0XE
i:\documents and settings\TK\Application Data\Suteif
i:\documents and settings\TK\Application Data\Suteif\OBONOKA.0XE
I:\OpenCloud Security
i:\windows\263461477:2598718448.exe
i:\windows\system32\OPENCLOUD SECURITY.0XE
.
.
((((((((((((((((((((((((( Files Created from 2011-09-05 to 2011-10-05 )))))))))))))))))))))))))))))))
.
.
2011-09-27 05:49 . 2011-09-27 05:49 -------- d-----w- i:\documents and settings\TK\Application Data\f-secure
2011-09-27 05:49 . 2011-09-27 05:49 -------- d-----w- i:\documents and settings\All Users\Application Data\F-Secure
2011-09-27 04:28 . 2011-10-05 14:29 1409 ----a-w- i:\windows\QTFont.for
2011-09-26 14:51 . 2011-09-26 14:58 -------- d-----w- i:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-09-26 14:51 . 2011-09-26 14:52 -------- d-----w- i:\program files\Spybot - Search & Destroy
2011-09-26 13:57 . 2011-09-26 14:25 -------- d---a-w- i:\documents and settings\All Users\Application Data\TEMP
2011-09-26 13:55 . 2011-09-26 13:56 34061558 ----a-w- I:\7.0.0.538f-sdasetup-regnow201-AVP.exe
2011-09-23 17:00 . 2011-09-23 17:00 -------- d-----w- i:\windows\system32\wbem\Repository
2011-09-22 21:31 . 2011-09-22 21:31 -------- d-----w- i:\documents and settings\TK\Application Data\AVG2012
2011-09-22 21:29 . 2011-09-23 16:08 -------- d-----w- i:\documents and settings\All Users\Application Data\AVG2012
2011-09-22 21:29 . 2011-09-22 21:29 -------- d-----w- i:\windows\system32\drivers\AVG
2011-09-22 21:28 . 2011-09-22 21:28 -------- d-----w- i:\program files\AVG
2011-09-22 19:36 . 2011-09-22 19:36 -------- d--h--w- i:\documents and settings\All Users\Application Data\Common Files
2011-09-22 19:32 . 2011-09-22 21:24 -------- d-----w- i:\documents and settings\All Users\Application Data\MFAData
2011-09-21 22:19 . 2011-09-21 22:19 -------- d-----w- i:\documents and settings\NetworkService\Application Data\FileOpen
2011-09-21 22:19 . 2011-09-21 22:19 -------- d-----w- i:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-09-21 20:38 . 2011-09-23 17:20 -------- d-----w- I:\Malwarebytes' Anti-Malware
2011-09-21 20:38 . 2011-08-31 23:00 22216 ----a-w- i:\windows\system32\drivers\mbam.sys
2011-09-21 06:22 . 2011-09-21 05:26 1008092 ----a-w- I:\arekle.exe
2011-09-21 06:20 . 2011-09-22 21:45 -------- d-----w- i:\documents and settings\Admin2
2011-09-21 05:55 . 2011-09-21 06:00 -------- d-----w- i:\documents and settings\Guest
2011-09-21 04:47 . 2011-09-21 04:46 205072 ----a-w- i:\windows\system32\drivers\tmcomm.sys
2011-09-20 18:03 . 2009-06-30 16:37 28552 ----a-w- i:\windows\system32\drivers\pavboot.sys
2011-09-20 18:03 . 2011-09-20 18:03 -------- d-----w- i:\program files\Panda Security
2011-09-20 15:41 . 2011-09-20 15:44 -------- d-----w- i:\documents and settings\Administrator
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-09 09:12 . 2008-04-14 12:00 599040 ----a-w- i:\windows\system32\crypt32.dll
2011-09-04 19:38 . 2009-08-18 17:30 564632 ----a-w- i:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\wlidui.dll
2011-09-04 19:38 . 2009-08-18 17:24 18328 ----a-w- i:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-08-16 16:10 . 2011-05-22 14:49 404640 ----a-w- i:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-08 12:08 . 2011-08-08 12:08 40016 ----a-w- i:\windows\system32\drivers\avgmfx86.sys
2011-07-15 13:29 . 2008-04-14 12:00 456320 ----a-w- i:\windows\system32\drivers\mrxsmb.sys
2011-07-11 07:14 . 2011-07-11 07:14 295248 ----a-w- i:\windows\system32\drivers\avgtdix.sys
2011-07-11 07:14 . 2011-07-11 07:14 16720 ----a-w- i:\windows\system32\drivers\AVGIDSShim.sys
2011-07-11 07:14 . 2011-07-11 07:14 24272 ----a-w- i:\windows\system32\drivers\AVGIDSFilter.sys
2011-07-11 07:14 . 2011-07-11 07:14 23120 ----a-w- i:\windows\system32\drivers\AVGIDSEH.sys
2011-07-11 07:14 . 2011-07-11 07:14 134608 ----a-w- i:\windows\system32\drivers\AVGIDSDriver.sys
2011-07-11 07:13 . 2011-07-11 07:13 229840 ----a-w- i:\windows\system32\drivers\avgldx86.sys
2011-07-11 07:13 . 2011-07-11 07:13 32464 ----a-w- i:\windows\system32\drivers\avgrkx86.sys
2011-07-08 14:02 . 2008-04-14 12:00 10496 ----a-w- i:\windows\system32\drivers\ndistapi.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-05_12.21.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-10-05 14:30 . 2011-10-05 14:30 16384 i:\windows\Temp\Perflib_Perfdata_5c0.dat
+ 2011-10-05 14:30 . 2011-10-05 14:30 16384 i:\windows\Temp\Perflib_Perfdata_12c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2011-03-04 02:52 762000 ----a-r- i:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2011-03-04 02:52 762000 ----a-r- i:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2011-03-04 02:52 762000 ----a-r- i:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="i:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-02-25 2387968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="i:\program files\IDT\WDM\sttray.exe" [2008-11-28 446571]
"StartCCC"="i:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-30 61440]
"SunJavaUpdateSched"="i:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"Acrobat Assistant 8.0"="i:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-23 620152]
"QuickTime Task"="i:\program files\QuickTime\qttask.exe" [2010-03-21 77824]
"Bing Bar"="i:\program files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe" [2010-03-24 243544]
"Microsoft Default Manager"="i:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
"TrueImageMonitor.exe"="i:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2010-03-27 5107232]
"Acronis Scheduler2 Service"="i:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-03-27 362232]
"The Assistant"="i:\program files\a la mode\Sched\eSched.exe" [2007-04-16 99840]
"Carbonite Backup"="i:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2011-03-04 948880]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="i:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
i:\documents and settings\TK\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - i:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
.
i:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - i:\windows\Installer\{AC76BA86-1033-0000-BA7E-000000000003}\_SC_Acrobat.exe [2010-3-4 295606]
Adobe Acrobat Synchronizer.lnk - i:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
Windows Search.lnk - i:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "i:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"i:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"i:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"i:\\Program Files\\a la mode\\Sched\\eSched.exe"=
"i:\\Program Files\\Microsoft SQL Server\\MSSQL$ALAMODE\\Binn\\sqlservr.exe"=
"i:\\WINDOWS\\system32\\VaultFilesDownloader.exe"=
.
R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);i:\windows\system32\drivers\tdrpm258.sys [12/1/2010 8:52 AM 911680]
R2 afcdpsrv;Acronis Nonstop Backup service;i:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [12/1/2010 8:52 AM 2480048]
R2 MSSQL$ALAMODE;MSSQL$ALAMODE;i:\program files\Microsoft SQL Server\MSSQL$ALAMODE\Binn\sqlservr.exe [5/4/2005 1:04 AM 9158656]
R3 afcdp;afcdp;i:\windows\system32\drivers\afcdp.sys [12/1/2010 8:52 AM 160704]
S1 MpKsl24b0fa41;MpKsl24b0fa41;\??\i:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9E09E290-B022-4892-BC8E-5163078DF532}\MpKsl24b0fa41.sys --> i:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9E09E290-B022-4892-BC8E-5163078DF532}\MpKsl24b0fa41.sys [?]
S1 MpKsl6d31ba17;MpKsl6d31ba17;\??\i:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{93A7E235-7347-4E91-8A65-FA2B673A98BB}\MpKsl6d31ba17.sys --> i:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{93A7E235-7347-4E91-8A65-FA2B673A98BB}\MpKsl6d31ba17.sys [?]
S1 MpKsl7bbc14b1;MpKsl7bbc14b1;\??\i:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{18A97571-1972-4C70-963E-B021151C9695}\MpKsl7bbc14b1.sys --> i:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{18A97571-1972-4C70-963E-B021151C9695}\MpKsl7bbc14b1.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;i:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);i:\program files\Google\Update\GoogleUpdate.exe [3/17/2010 1:21 AM 136176]
S3 CFcatchme;CFcatchme;\??\i:\docume~1\TK\LOCALS~1\Temp\CFcatchme.sys --> i:\docume~1\TK\LOCALS~1\Temp\CFcatchme.sys [?]
S3 gupdatem;Google Update Service (gupdatem);i:\program files\Google\Update\GoogleUpdate.exe [3/17/2010 1:21 AM 136176]
S3 PLTurbh;Prolific turbo filter driver for hdd;i:\windows\system32\drivers\plturbh.sys [3/21/2010 8:35 AM 16384]
S3 PLTurbo;Prolific turbo filter driver for odd;i:\windows\system32\drivers\plturbo.sys [3/21/2010 8:35 AM 16640]
S3 SQLAgent$ALAMODE;SQLAgent$ALAMODE;i:\program files\Microsoft SQL Server\MSSQL$ALAMODE\Binn\sqlagent.EXE [5/3/2005 10:42 PM 323584]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;i:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;i:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [7/22/2009 9:08 PM 47128]
S4 RsFx0103;RsFx0103 Driver;i:\windows\system32\drivers\RsFx0103.sys [3/30/2009 3:09 AM 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);i:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [9/17/2010 11:14 AM 370008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-02-25 17:12 451872 ----a-w- i:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-05 i:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- i:\program files\Google\Update\GoogleUpdate.exe [2010-03-17 07:21]
.
2011-10-05 i:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- i:\program files\Google\Update\GoogleUpdate.exe [2010-03-17 07:21]
.
2011-10-05 i:\windows\Tasks\User_Feed_Synchronization-{B44547AC-B04C-42EE-AB19-1318D412F1D1}.job
- i:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
.
------- Supplementary Scan -------
.
mStart Page = about:blank
IE: Append to existing PDF - i:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - i:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - i:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - i:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - i:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - i:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - i:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - i:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - i:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 68.87.85.102 68.87.69.150
DPF: {CD27EEF6-55B8-4F24-99C5-E1191D814445} - file:///I:/a%20la%20mode/WinTOTAL/Content/cabs/alaWeb5.CAB
FF - ProfilePath - i:\documents and settings\TK\Application Data\Mozilla\Firefox\Profiles\dtr2auh1.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - i:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: jqs@sun.com - i:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - i:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - user.js: browser.search.selectedEngine - Search
FF - user.js: browser.search.order.1 - Search
FF - user.js: keyword.URL - hxxp://search.internet-search-results.com/?sid=10101179100&s=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-05 08:33
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
i:\windows\263461477:2598718448.exe 784 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1056)
i:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(4016)
i:\windows\system32\WININET.dll
i:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
i:\windows\system32\msi.dll
i:\windows\system32\ieframe.dll
i:\windows\system32\webcheck.dll
i:\windows\system32\WPDShServiceObj.dll
i:\windows\system32\PortableDeviceTypes.dll
i:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
i:\windows\system32\Ati2evxx.exe
i:\windows\system32\Ati2evxx.exe
i:\program files\idt\5902xp_6033v_012208\wdm\STacSV.exe
i:\program files\Common Files\Acronis\Schedule2\schedul2.exe
i:\program files\Carbonite\Carbonite Backup\carboniteservice.exe
i:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
i:\program files\Common Files\LightScribe\LSSrvc.exe
i:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
i:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
i:\program files\Visioneer\OneTouch 4.0\OtService.exe
i:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
i:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
i:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
i:\windows\system32\SearchIndexer.exe
i:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
i:\windows\system32\SearchProtocolHost.exe
i:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
i:\program files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe
i:\program files\OpenOffice.org 3\program\soffice.exe
i:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
i:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
i:\program files\OpenOffice.org 3\program\soffice.bin
i:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Completion time: 2011-10-05 08:37:35 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-05 14:37
ComboFix2.txt 2011-10-05 12:26
.
Pre-Run: 681,402,171,392 bytes free
Post-Run: 681,406,791,680 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - D41A6AF089DA3692D1826497079D6B92

#8 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:11:41 AM

Posted 05 October 2011 - 11:14 AM

Hi,

:step1: Please visit the online Jotti Virus Scanner Posted Image<--link
  • Browse to the following filepath:

    I:\7.0.0.538f-sdasetup-regnow201-AVP.exe
    I:\arekle.exe

  • Click on the Posted Image button.
    The scanner will check the file with various AV companies.
  • Copy and paste the results box into a reply to this thread.

:step2: We need to create an OTL Report
  • Please download OTL from here
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#9 Tom Ketch

Tom Ketch
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:04:41 AM

Posted 05 October 2011 - 12:27 PM

Jotti didn't seem to gve me a response for the first file.
I restarted it about 15 minutes ago and it hasn't responded yet.
Service load progress bar is partially green but doesn't seem to prgoress

Does it take awhile?

Meanwhile, here is OTL and extras

'****OTL*******
OTL logfile created on: 10/5/2011 11:13:08 AM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = I:\Documents and Settings\TK\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.15 Gb Available Physical Memory | 66.26% Memory free
5.09 Gb Paging File | 3.85 Gb Available in Paging File | 75.66% Paging File free
Paging file location(s): I:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = I: | %SystemRoot% = I:\WINDOWS | %ProgramFiles% = I:\Program Files
Unable to calculate disk information.
Drive I: | 698.63 Gb Total Space | 634.54 Gb Free Space | 90.83% Space Free | Partition Type: NTFS

Computer Name: KETCH | User Name: TK | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/05 11:12:10 | 000,582,656 | ---- | M] (OldTimer Tools) -- I:\Documents and Settings\TK\Desktop\OTL.exe
PRC - [2011/03/03 20:52:00 | 003,410,576 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) -- I:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
PRC - [2011/03/03 20:52:00 | 000,948,880 | R--- | M] (Carbonite, Inc.) -- I:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
PRC - [2010/12/01 08:52:02 | 002,480,048 | ---- | M] (Acronis) -- I:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2010/03/27 17:07:26 | 000,362,232 | ---- | M] (Acronis) -- I:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2010/03/27 17:07:20 | 000,751,464 | ---- | M] (Acronis) -- I:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2010/03/27 17:06:16 | 005,107,232 | ---- | M] (Acronis) -- I:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2010/03/04 11:52:22 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- I:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2010/02/02 01:10:14 | 007,418,368 | ---- | M] (OpenOffice.org) -- I:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/02/02 01:10:10 | 007,424,000 | ---- | M] (OpenOffice.org) -- I:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2010/01/22 10:58:18 | 000,210,944 | ---- | M] (Visioneer Inc.) -- I:\Program Files\Visioneer\OneTouch 4.0\OtService.exe
PRC - [2010/01/11 16:21:52 | 000,490,216 | ---- | M] (Sun Microsystems, Inc.) -- I:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- I:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2008/11/27 19:28:34 | 000,446,571 | ---- | M] (IDT, Inc.) -- I:\Program Files\IDT\WDM\sttray.exe
PRC - [2008/11/27 19:28:34 | 000,237,665 | ---- | M] (IDT, Inc.) -- i:\Program Files\IDT\5902XP_6033V_012208\WDM\stacsv.exe
PRC - [2008/04/14 06:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\explorer.exe
PRC - [2007/04/16 09:18:04 | 000,099,840 | ---- | M] (a la mode, inc.) -- I:\Program Files\a la mode\Sched\eSched.exe
PRC - [2006/10/23 00:24:02 | 000,620,152 | ---- | M] (Adobe Systems Inc.) -- I:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/11 10:47:48 | 000,212,992 | ---- | M] () -- I:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\70a1400affdc775d7c7398e036359286\System.ServiceProcess.ni.dll
MOD - [2011/08/11 10:47:42 | 011,800,576 | ---- | M] () -- I:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\40893760431f8f0dcce3e18630e45b23\System.Web.ni.dll
MOD - [2011/08/11 10:47:35 | 000,771,584 | ---- | M] () -- I:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b7e0214a811f81e09041864081139641\System.Runtime.Remoting.ni.dll
MOD - [2011/08/11 10:47:28 | 000,971,264 | ---- | M] () -- I:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\77df2cd21a5b85a1605b335aa9ad9d44\System.Configuration.ni.dll
MOD - [2011/08/11 08:07:31 | 005,450,752 | ---- | M] () -- I:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\10154dcad2d62f226af2fd4211460a4b\System.Xml.ni.dll
MOD - [2011/08/11 08:07:27 | 012,430,848 | ---- | M] () -- I:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d00cc387e462e4c3cdcd112b137cac87\System.Windows.Forms.ni.dll
MOD - [2011/08/11 08:07:15 | 001,587,200 | ---- | M] () -- I:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7ed09623172a292eaee51e2e3bcaf784\System.Drawing.ni.dll
MOD - [2011/08/11 08:05:56 | 007,950,848 | ---- | M] () -- I:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e6c79e1d71b0c9000afd7e5e439b5c54\System.ni.dll
MOD - [2011/08/11 01:57:14 | 002,933,248 | ---- | M] () -- I:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2011/08/11 01:57:14 | 000,114,688 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
MOD - [2011/08/11 01:57:13 | 002,048,000 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2011/08/11 01:57:12 | 000,626,688 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2011/08/11 01:57:09 | 003,182,592 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2011/08/11 01:57:03 | 000,258,048 | ---- | M] () -- I:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
MOD - [2011/08/11 01:57:01 | 000,303,104 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2011/08/11 01:57:00 | 000,261,632 | ---- | M] () -- I:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2011/08/11 01:56:59 | 000,425,984 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2011/08/11 01:56:57 | 005,025,792 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2011/08/11 01:53:01 | 000,025,600 | ---- | M] () -- I:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\d9228d58804dfd75fd92a4d12ffac8af\Accessibility.ni.dll
MOD - [2011/08/11 01:50:04 | 011,490,816 | ---- | M] () -- I:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2010/10/09 00:31:48 | 003,391,488 | ---- | M] () -- i:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_4940645d\mscorlib.dll
MOD - [2010/10/09 00:31:46 | 000,835,584 | ---- | M] () -- i:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_392d914d\system.drawing.dll
MOD - [2010/10/09 00:31:40 | 003,018,752 | ---- | M] () -- i:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_e893f614\system.windows.forms.dll
MOD - [2010/10/09 00:31:31 | 001,966,080 | ---- | M] () -- i:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_1f8a02dc\system.dll
MOD - [2010/10/09 00:31:25 | 001,232,896 | ---- | M] () -- i:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2010/04/05 13:28:33 | 000,854,016 | ---- | M] () -- I:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
MOD - [2010/04/05 13:28:32 | 000,403,456 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
MOD - [2010/04/05 13:28:32 | 000,270,336 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\log4net\1.2.10.0__1b44e1d426115821\log4net.dll
MOD - [2010/04/05 13:28:31 | 000,471,040 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
MOD - [2010/04/05 13:28:29 | 000,046,880 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
MOD - [2010/04/05 13:28:28 | 000,419,616 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
MOD - [2010/04/05 13:28:28 | 000,270,112 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\2.0.445.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll
MOD - [2010/04/05 13:28:28 | 000,120,096 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
MOD - [2010/04/05 13:28:28 | 000,070,432 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
MOD - [2010/04/05 13:28:28 | 000,023,840 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll
MOD - [2010/04/05 13:28:28 | 000,018,720 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
MOD - [2010/04/05 13:28:28 | 000,012,064 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll
MOD - [2010/04/05 13:28:27 | 000,121,632 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
MOD - [2010/03/27 17:30:50 | 000,279,904 | ---- | M] () -- I:\Program Files\Acronis\TrueImageHome\Common\resource.dll
MOD - [2010/03/27 16:14:56 | 000,028,512 | ---- | M] () -- I:\Program Files\Acronis\TrueImageHome\Common\rpc_client.dll
MOD - [2010/03/27 16:13:36 | 000,019,808 | ---- | M] () -- I:\Program Files\Acronis\TrueImageHome\Common\thread_pool.dll
MOD - [2010/03/12 11:49:54 | 000,466,944 | ---- | M] () -- i:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2010/03/12 11:49:54 | 000,323,584 | ---- | M] () -- i:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll
MOD - [2010/03/12 11:49:53 | 002,052,096 | ---- | M] () -- i:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2010/03/12 11:49:52 | 000,299,008 | ---- | M] () -- i:\windows\assembly\gac\microsoft.visualbasic\7.0.5000.0__b03f5f7f11d50a3a\microsoft.visualbasic.dll
MOD - [2010/03/04 11:28:59 | 000,970,752 | ---- | M] () -- I:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2010/03/03 21:56:36 | 000,307,200 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HydraVision.Wizard\2.0.3300.40238__90ba9c70f846762e\CLI.Aspect.HydraVision.Wizard.dll
MOD - [2010/03/03 21:56:36 | 000,011,776 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Runtime\2.0.3300.40230__90ba9c70f846762e\CLI.Caste.HydraVision.Runtime.dll
MOD - [2010/03/03 21:56:36 | 000,008,704 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Shared\2.0.3300.40229__90ba9c70f846762e\CLI.Caste.HydraVision.Shared.dll
MOD - [2010/03/03 21:56:36 | 000,007,680 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Wizard\2.0.3300.40235__90ba9c70f846762e\CLI.Caste.HydraVision.Wizard.dll
MOD - [2010/03/03 21:56:35 | 001,691,648 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3300.40123__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2010/03/03 21:56:35 | 000,692,224 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.3300.40178__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.dll
MOD - [2010/03/03 21:56:35 | 000,466,944 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3300.40212__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2010/03/03 21:56:35 | 000,376,832 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3300.40172__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2010/03/03 21:56:35 | 000,364,544 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.3300.40193__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll
MOD - [2010/03/03 21:56:35 | 000,286,720 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3300.40106__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2010/03/03 21:56:35 | 000,204,800 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3300.40125__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2010/03/03 21:56:35 | 000,139,264 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3300.40213__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2010/03/03 21:56:35 | 000,106,496 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.3300.40124__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll
MOD - [2010/03/03 21:56:35 | 000,094,208 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3300.40173__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2010/03/03 21:56:35 | 000,077,824 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3300.40188__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2010/03/03 21:56:35 | 000,073,728 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3300.40113__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2010/03/03 21:56:35 | 000,069,632 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3300.40166__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2010/03/03 21:56:35 | 000,061,440 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3300.40171__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2010/03/03 21:56:35 | 000,040,960 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3300.40120__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2010/03/03 21:56:35 | 000,036,864 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3300.40150__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2010/03/03 21:56:35 | 000,028,672 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.3300.40123__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll
MOD - [2010/03/03 21:56:35 | 000,020,480 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3300.40114__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2010/03/03 21:56:35 | 000,007,680 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Dashboard\2.0.3300.40230__90ba9c70f846762e\CLI.Caste.HydraVision.Dashboard.dll
MOD - [2010/03/03 21:56:34 | 000,811,008 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3300.40153__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2010/03/03 21:56:34 | 000,798,720 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.3300.40189__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll
MOD - [2010/03/03 21:56:34 | 000,712,704 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3300.40115__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2010/03/03 21:56:34 | 000,671,744 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.3300.40228__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll
MOD - [2010/03/03 21:56:34 | 000,589,824 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3300.40126__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2010/03/03 21:56:34 | 000,405,504 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3300.40182__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2010/03/03 21:56:34 | 000,225,280 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3300.40125__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2010/03/03 21:56:34 | 000,126,976 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3300.40163__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2010/03/03 21:56:34 | 000,081,920 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3300.40152__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2010/03/03 21:56:34 | 000,077,824 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3300.40228__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll
MOD - [2010/03/03 21:56:34 | 000,040,960 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3300.40129__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2010/03/03 21:56:34 | 000,036,864 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3300.40162__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2010/03/03 21:56:33 | 000,675,840 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.3300.40167__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.dll
MOD - [2010/03/03 21:56:33 | 000,450,560 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3300.40146__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2010/03/03 21:56:33 | 000,438,272 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3300.40151__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2010/03/03 21:56:33 | 000,061,440 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3300.40150__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2010/03/03 21:56:33 | 000,040,960 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3300.40151__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2010/03/03 21:56:33 | 000,032,768 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3246.34138__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2010/03/03 21:56:33 | 000,032,768 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3300.40164__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2010/03/03 21:56:33 | 000,028,672 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3246.34145__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2010/03/03 21:56:33 | 000,020,480 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3246.34297__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2010/03/03 21:56:33 | 000,020,480 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll
MOD - [2010/03/03 21:56:33 | 000,020,480 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3246.34233__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2010/03/03 21:56:33 | 000,020,480 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3246.34194__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2010/03/03 21:56:33 | 000,016,384 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3246.34264__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2010/03/03 21:56:33 | 000,016,384 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.3246.34295__90ba9c70f846762e\DEM.OS.dll
MOD - [2010/03/03 21:56:33 | 000,016,384 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2010/03/03 21:56:33 | 000,016,384 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3246.34290__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2010/03/03 21:56:33 | 000,016,384 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3246.34445__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2010/03/03 21:56:33 | 000,016,384 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3246.34278__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2010/03/03 21:56:33 | 000,016,384 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3246.34443__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2010/03/03 21:56:33 | 000,006,656 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2010/03/03 21:56:32 | 000,073,728 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3246.34155__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2010/03/03 21:56:32 | 000,065,536 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3246.34350__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2010/03/03 21:56:32 | 000,061,440 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3246.34242__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2010/03/03 21:56:32 | 000,061,440 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3246.34459__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll
MOD - [2010/03/03 21:56:32 | 000,053,248 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3246.34337__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2010/03/03 21:56:32 | 000,053,248 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3246.34335__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2010/03/03 21:56:32 | 000,049,152 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3246.34346__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2010/03/03 21:56:32 | 000,049,152 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3246.34333__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2010/03/03 21:56:32 | 000,045,056 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2010/03/03 21:56:32 | 000,040,960 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3246.34407__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2010/03/03 21:56:32 | 000,040,960 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3246.34345__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2010/03/03 21:56:32 | 000,032,768 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3246.34279__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2010/03/03 21:56:32 | 000,028,672 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3246.34574__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2010/03/03 21:56:32 | 000,028,672 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3246.34319__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2010/03/03 21:56:32 | 000,028,672 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3246.34305__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2010/03/03 21:56:32 | 000,028,672 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3246.34282__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2010/03/03 21:56:32 | 000,024,576 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3246.34340__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2010/03/03 21:56:32 | 000,020,480 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3246.34251__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2010/03/03 21:56:32 | 000,020,480 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3246.34236__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2010/03/03 21:56:32 | 000,020,480 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3246.34198__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2010/03/03 21:56:32 | 000,020,480 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.3246.34318__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll
MOD - [2010/03/03 21:56:32 | 000,020,480 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3246.34307__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2010/03/03 21:56:32 | 000,020,480 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.3246.34274__90ba9c70f846762e\APM.Foundation.dll
MOD - [2010/03/03 21:56:32 | 000,016,384 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.3246.34300__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2010/03/03 21:56:32 | 000,016,384 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2010/03/03 21:56:32 | 000,016,384 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3246.34229__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2010/03/03 21:56:32 | 000,016,384 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3246.34316__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2010/03/03 21:56:32 | 000,016,384 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3246.34304__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2010/03/03 21:56:31 | 000,540,672 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3300.40197__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2010/03/03 21:56:31 | 000,405,504 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3300.40119__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2010/03/03 21:56:31 | 000,106,496 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3300.40205__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2010/03/03 21:56:31 | 000,077,824 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3300.40103__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2010/03/03 21:56:31 | 000,061,440 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3300.40203__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2010/03/03 21:56:31 | 000,057,344 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3300.40105__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2010/03/03 21:56:31 | 000,045,056 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3246.34261__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2010/03/03 21:56:31 | 000,045,056 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3300.40222__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2010/03/03 21:56:31 | 000,040,960 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3246.34183__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2010/03/03 21:56:31 | 000,032,768 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3246.34205__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2010/03/03 21:56:31 | 000,024,576 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3246.34258__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2010/03/03 21:56:31 | 000,024,576 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2010/03/03 21:56:31 | 000,020,480 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3246.34292__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2010/03/03 21:56:31 | 000,020,480 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3246.34289__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2010/03/03 21:56:31 | 000,016,384 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.3246.34174__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll
MOD - [2010/03/03 21:56:31 | 000,016,384 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3246.34235__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2010/03/03 21:56:31 | 000,014,848 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
MOD - [2010/03/03 21:56:31 | 000,013,312 | ---- | M] () -- I:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll
MOD - [2010/03/03 21:56:31 | 000,011,264 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3300.40231__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll
MOD - [2010/03/03 21:56:31 | 000,007,168 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3300.40101__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2010/03/03 21:56:30 | 001,077,248 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3300.40110__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2010/03/03 21:56:30 | 000,081,920 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.3300.40104__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2010/03/03 21:56:30 | 000,061,440 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3300.40103__90ba9c70f846762e\APM.Server.dll
MOD - [2010/03/03 21:56:30 | 000,045,056 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3300.40102__90ba9c70f846762e\AEM.Server.dll
MOD - [2010/03/03 21:56:30 | 000,040,960 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3246.34227__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2010/03/03 21:56:30 | 000,032,768 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2010/03/03 21:56:30 | 000,028,672 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3300.40205__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2010/03/03 21:56:30 | 000,020,480 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3246.34356__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2009/02/25 10:44:06 | 007,331,840 | ---- | M] () -- I:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2009/02/25 10:44:06 | 002,023,424 | ---- | M] () -- I:\Program Files\Common Files\LightScribe\QtCore4.dll
MOD - [2009/02/25 10:43:54 | 000,135,168 | ---- | M] () -- I:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2009/02/14 06:04:38 | 000,756,040 | ---- | M] () -- I:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
MOD - [2008/10/30 15:39:12 | 000,016,384 | R--- | M] () -- I:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2008/10/26 06:42:14 | 000,065,376 | ---- | M] () -- I:\Program Files\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
MOD - [2006/11/17 19:18:50 | 000,122,880 | ---- | M] () -- I:\WINDOWS\system32\ala32.dll
MOD - [2006/10/27 16:35:18 | 000,436,512 | ---- | M] () -- I:\Program Files\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll



========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (wuauserv)
SRV - File not found [Auto | Stopped] -- -- (MsMpSvc)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/03/03 20:52:00 | 003,410,576 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- I:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe -- (CarboniteService)
SRV - [2010/12/01 08:52:02 | 002,480,048 | ---- | M] (Acronis) [Auto | Running] -- I:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2010/03/27 17:07:20 | 000,751,464 | ---- | M] (Acronis) [Auto | Running] -- I:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2010/03/04 11:52:22 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- I:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/01/22 10:58:18 | 000,210,944 | ---- | M] (Visioneer Inc.) [Auto | Running] -- I:\Program Files\Visioneer\OneTouch 4.0\OtService.exe -- (OneTouch 4.0 Monitor)
SRV - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- I:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/11/27 19:28:34 | 000,237,665 | ---- | M] (IDT, Inc.) [Auto | Running] -- i:\Program Files\IDT\5902XP_6033V_012208\WDM\stacsv.exe -- (STacSV)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2010/12/01 08:52:05 | 000,160,704 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- I:\WINDOWS\system32\drivers\afcdp.sys -- (afcdp)
DRV - [2010/12/01 08:52:00 | 000,911,680 | ---- | M] (Acronis) [Kernel | Boot | Running] -- I:\WINDOWS\system32\DRIVERS\tdrpm258.sys -- (tdrpman258) Acronis Try&Decide and Restore Points filter (build 258)
DRV - [2010/12/01 08:51:58 | 000,581,984 | ---- | M] (Acronis) [Kernel | Boot | Running] -- I:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2010/12/01 08:51:51 | 000,166,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- I:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2010/07/06 04:13:10 | 000,234,392 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/07/01 12:26:08 | 000,016,640 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- I:\WINDOWS\system32\drivers\plturbo.sys -- (PLTurbo)
DRV - [2009/07/01 12:26:04 | 000,016,384 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- I:\WINDOWS\system32\drivers\plturbh.sys -- (PLTurbh)
DRV - [2009/03/30 03:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- I:\WINDOWS\system32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2009/01/14 01:14:00 | 003,455,488 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/11/27 19:28:34 | 001,392,498 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2008/10/31 12:52:16 | 000,093,184 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2008/04/14 06:00:00 | 000,064,512 | ---- | M] () [Kernel | System | Running] -- I:\WINDOWS\system32\drivers\serial.sys -- (Serial)
DRV - [2007/10/11 19:40:12 | 000,009,096 | R--- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- I:\WINDOWS\system32\DRIVERS\amdide.sys -- (amdide)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-329068152-412668190-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-329068152-412668190-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - user.js..browser.search.selectedEngine: "Search"
FF - user.js..browser.search.order.1: "Search"
FF - user.js..keyword.URL: "http://search.internet-search-results.com/?sid=10101179100&s="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: I:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: I:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: i:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: I:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: I:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: I:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: i:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: I:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: I:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\msntoolbar@msn.com: I:\Program Files\MSN Toolbar\Platform\5.0.1423.0\Firefox [2010/04/12 09:11:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{27182e60-b5f3-411c-b545-b44205977502}: I:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/06/14 03:08:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: I:\Program Files\Mozilla Firefox\components [2010/03/21 16:28:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: I:\Program Files\Mozilla Firefox\plugins [2010/03/21 16:28:33 | 000,000,000 | ---D | M]

[2010/03/08 14:43:50 | 000,000,000 | ---D | M] (No name found) -- I:\Documents and Settings\TK\Application Data\Mozilla\Extensions
[2010/04/14 07:43:59 | 000,000,000 | ---D | M] (No name found) -- I:\Documents and Settings\TK\Application Data\Mozilla\Firefox\Profiles\dtr2auh1.default\extensions
[2010/03/11 22:16:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- I:\Documents and Settings\TK\Application Data\Mozilla\Firefox\Profiles\dtr2auh1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/14 07:43:59 | 000,000,000 | ---D | M] (Microsoft Default Manager) -- I:\Documents and Settings\TK\Application Data\Mozilla\Firefox\Profiles\dtr2auh1.default\extensions\DefaultManager@Microsoft
[2010/03/08 14:43:27 | 000,000,000 | ---D | M] (No name found) -- I:\Program Files\Mozilla Firefox\extensions
[2010/03/04 11:28:20 | 000,000,000 | ---D | M] (Java Quick Starter) -- I:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/09/21 10:10:06 | 000,002,223 | ---- | M] () -- I:\Program Files\mozilla firefox\searchplugins\websearch.xml

========== Chrome ==========

CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}

O1 HOSTS File: ([2011/10/05 08:33:31 | 000,000,027 | ---- | M]) - I:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - I:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - I:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - I:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-329068152-412668190-682003330-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - I:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] I:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] I:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [Carbonite Backup] I:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [StartCCC] I:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SysTrayApp] I:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [The Assistant] I:\Program Files\a la mode\Sched\eSched.exe (a la mode, inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] I:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - Startup: I:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = I:\WINDOWS\Installer\{AC76BA86-1033-0000-BA7E-000000000003}\_SC_Acrobat.exe ()
O4 - Startup: I:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk = I:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe ()
O4 - Startup: I:\Documents and Settings\TK\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = I:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-329068152-412668190-682003330-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-329068152-412668190-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-329068152-412668190-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-329068152-412668190-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append to existing PDF - I:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - I:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - I:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - I:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - I:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - I:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - I:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - I:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - I:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKU\S-1-5-21-329068152-412668190-682003330-1003\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-329068152-412668190-682003330-1003\..Trusted Domains: localhost ([]* in Local intranet)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.sitecheck.com/upload/ImageUploader5.cab (Image Uploader Control)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {A7DB6550-3269-11D4-8C30-0001023CA9DC} https://vault.alamode.com/cab/vfd.cab (Vault Files Downloader)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CD27EEF6-55B8-4F24-99C5-E1191D814445} file:///I:/a%20la%20mode/WinTOTAL/Content/cabs/alaWeb5.CAB (alaWeb5.cUtil)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.85.102 68.87.69.150
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{292C0DC0-0F05-4161-8E7C-537F0F07C632}: DhcpNameServer = 68.87.85.102 68.87.69.150
O20 - HKLM Winlogon: Shell - (Explorer.exe) -I:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (I:\WINDOWS\system32\userinit.exe) -I:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - I:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: I:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: I:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - I:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/05 11:12:07 | 000,582,656 | ---- | C] (OldTimer Tools) -- I:\Documents and Settings\TK\Desktop\OTL.exe
[2011/10/05 09:34:00 | 000,000,000 | -HSD | C] -- I:\RECYCLER
[2011/10/05 08:23:58 | 000,000,000 | RHSD | C] -- I:\cmdcons
[2011/09/28 20:32:11 | 000,000,000 | ---D | C] -- I:\Documents and Settings\TK\Desktop\gmer
[2011/09/28 20:24:14 | 000,607,260 | ---- | C] (Swearware) -- I:\Documents and Settings\TK\Desktop\dds.scr
[2011/09/26 23:49:53 | 000,000,000 | ---D | C] -- I:\Documents and Settings\TK\Application Data\f-secure
[2011/09/26 23:49:34 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Application Data\F-Secure
[2011/09/26 20:53:54 | 000,518,144 | ---- | C] (SteelWerX) -- I:\WINDOWS\SWREG.exe
[2011/09/26 20:53:54 | 000,406,528 | ---- | C] (SteelWerX) -- I:\WINDOWS\SWSC.exe
[2011/09/26 20:53:54 | 000,212,480 | ---- | C] (SteelWerX) -- I:\WINDOWS\SWXCACLS.exe
[2011/09/26 20:53:54 | 000,060,416 | ---- | C] (NirSoft) -- I:\WINDOWS\NIRCMD.exe
[2011/09/26 20:53:47 | 000,000,000 | ---D | C] -- I:\WINDOWS\ERDNT
[2011/09/26 20:39:59 | 000,000,000 | ---D | C] -- I:\Qoobox
[2011/09/26 20:31:35 | 004,243,642 | R--- | C] (Swearware) -- I:\Documents and Settings\TK\Desktop\ComboFix.exe
[2011/09/26 08:51:19 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/09/26 08:51:16 | 000,000,000 | ---D | C] -- I:\Program Files\Spybot - Search & Destroy
[2011/09/26 08:51:16 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/09/26 07:57:12 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Application Data\TEMP
[2011/09/26 07:55:49 | 034,061,558 | ---- | C] (PC Tools ) -- I:\7.0.0.538f-sdasetup-regnow201-AVP.exe
[2011/09/22 15:31:17 | 000,000,000 | ---D | C] -- I:\Documents and Settings\TK\Application Data\AVG2012
[2011/09/22 15:29:42 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Start Menu\Programs\AVG 2012
[2011/09/22 15:29:14 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Application Data\AVG2012
[2011/09/22 15:29:14 | 000,000,000 | ---D | C] -- I:\WINDOWS\System32\drivers\AVG
[2011/09/22 15:28:56 | 000,000,000 | ---D | C] -- I:\Program Files\AVG
[2011/09/22 13:36:11 | 000,000,000 | -H-D | C] -- I:\Documents and Settings\All Users\Application Data\Common Files
[2011/09/22 13:32:08 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Application Data\MFAData
[2011/09/21 16:19:08 | 000,000,000 | ---D | C] -- I:\Documents and Settings\NetworkService\Application Data\FileOpen
[2011/09/21 16:19:01 | 000,000,000 | ---D | C] -- I:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/09/21 14:38:16 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/21 14:38:12 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- I:\WINDOWS\System32\drivers\mbam.sys
[2011/09/21 14:38:12 | 000,000,000 | ---D | C] -- I:\Malwarebytes' Anti-Malware
[2011/09/20 23:23:10 | 009,851,496 | ---- | C] (Malwarebytes Corporation ) -- I:\Documents and Settings\TK\Desktop\MB--setup.exe
[2011/09/20 22:47:00 | 000,205,072 | ---- | C] (Trend Micro Inc.) -- I:\WINDOWS\System32\drivers\tmcomm.sys
[2011/09/20 22:46:19 | 000,000,000 | ---D | C] -- I:\Documents and Settings\TK\Desktop\RootkitBuster_5.00.1041
[2011/09/20 22:41:45 | 000,000,000 | ---D | C] -- I:\Documents and Settings\NetworkService\Application Data\Sun
[2011/09/20 12:03:26 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- I:\WINDOWS\System32\drivers\pavboot.sys
[2011/09/20 12:03:17 | 000,000,000 | ---D | C] -- I:\Program Files\Panda Security
[2011/09/20 08:59:31 | 000,000,000 | ---D | C] -- I:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/09/20 08:58:28 | 000,000,000 | ---D | C] -- I:\Documents and Settings\NetworkService\Application Data\Adobe
[2009/02/02 14:12:40 | 000,122,880 | ---- | C] ( ) -- I:\WINDOWS\System32\alauploader.exe
[2004/07/28 11:46:06 | 000,098,304 | ---- | C] ( ) -- I:\WINDOWS\System32\AutoLicense.dll
[2002/07/16 18:12:58 | 000,045,056 | ---- | C] ( ) -- I:\WINDOWS\System32\AutoPAX.dll
[3 I:\WINDOWS\*.tmp files -> I:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/05 11:12:10 | 000,582,656 | ---- | M] (OldTimer Tools) -- I:\Documents and Settings\TK\Desktop\OTL.exe
[2011/10/05 10:56:00 | 000,000,878 | ---- | M] () -- I:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/05 09:25:58 | 000,002,521 | ---- | M] () -- I:\Documents and Settings\TK\Desktop\Microsoft Office Outlook 2007.lnk
[2011/10/05 08:33:48 | 000,002,337 | ---- | M] () -- I:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2011/10/05 08:33:45 | 000,054,156 | -H-- | M] () -- I:\WINDOWS\QTFont.qfn
[2011/10/05 08:33:31 | 000,000,027 | ---- | M] () -- I:\WINDOWS\System32\drivers\etc\hosts
[2011/10/05 08:33:24 | 000,013,746 | ---- | M] () -- I:\WINDOWS\System32\wpa.dbl
[2011/10/05 08:33:24 | 000,000,874 | ---- | M] () -- I:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/05 08:30:29 | 000,002,048 | --S- | M] () -- I:\WINDOWS\bootstat.dat
[2011/10/05 08:29:24 | 000,001,409 | ---- | M] () -- I:\WINDOWS\QTFont.for
[2011/10/05 08:24:03 | 000,000,327 | RHS- | M] () -- I:\boot.ini
[2011/10/05 06:09:19 | 000,000,327 | ---- | M] () -- I:\Boot.bak
[2011/10/05 06:06:17 | 004,243,642 | R--- | M] (Swearware) -- I:\Documents and Settings\TK\Desktop\ComboFix.exe
[2011/10/05 05:59:36 | 000,000,416 | -H-- | M] () -- I:\WINDOWS\tasks\User_Feed_Synchronization-{B44547AC-B04C-42EE-AB19-1318D412F1D1}.job
[2011/10/05 05:41:33 | 000,052,507 | ---- | M] () -- I:\WINDOWS\alaredun.ini
[2011/10/05 05:41:32 | 000,003,254 | ---- | M] () -- I:\WINDOWS\alamode.ini
[2011/09/28 20:29:52 | 000,294,216 | ---- | M] () -- I:\Documents and Settings\TK\Desktop\gmer.zip
[2011/09/28 20:24:14 | 000,607,260 | ---- | M] (Swearware) -- I:\Documents and Settings\TK\Desktop\dds.scr
[2011/09/28 19:55:58 | 000,000,000 | ---- | M] () -- I:\Documents and Settings\TK\defogger_reenable
[2011/09/28 19:50:34 | 000,050,477 | ---- | M] () -- I:\Documents and Settings\TK\Desktop\Defogger.exe
[2011/09/26 10:27:12 | 000,000,000 | ---- | M] () -- I:\WINDOWS\263461477
[2011/09/26 08:54:39 | 000,437,753 | R--- | M] () -- I:\WINDOWS\System32\drivers\etc\hosts.20110926-085837.backup
[2011/09/26 07:56:53 | 034,061,558 | ---- | M] (PC Tools ) -- I:\7.0.0.538f-sdasetup-regnow201-AVP.exe
[2011/09/22 15:29:42 | 000,000,735 | ---- | M] () -- I:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2011/09/22 15:29:28 | 000,413,380 | ---- | M] () -- I:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/09/22 13:46:24 | 000,001,945 | ---- | M] () -- I:\WINDOWS\epplauncher.mif
[2011/09/21 14:46:20 | 000,000,669 | ---- | M] () -- I:\Documents and Settings\TK\Desktop\Shortcut to TK_BAm.exe.lnk
[2011/09/20 23:26:48 | 001,008,092 | ---- | M] () -- I:\Documents and Settings\TK\Desktop\arekle.exe
[2011/09/20 23:26:48 | 001,008,092 | ---- | M] () -- I:\arekle.exe
[2011/09/20 23:23:10 | 009,851,496 | ---- | M] (Malwarebytes Corporation ) -- I:\Documents and Settings\TK\Desktop\MB--setup.exe
[2011/09/20 22:46:59 | 000,205,072 | ---- | M] (Trend Micro Inc.) -- I:\WINDOWS\System32\drivers\tmcomm.sys
[2011/09/20 22:45:01 | 004,104,900 | ---- | M] () -- I:\Documents and Settings\TK\Desktop\RootkitBuster_5.00.1041.zip
[2011/09/20 08:14:40 | 000,001,028 | -HS- | M] () -- I:\Documents and Settings\TK\Local Settings\Application Data\6j0j7s2kek4
[2011/09/20 08:14:40 | 000,001,028 | -HS- | M] () -- I:\Documents and Settings\All Users\Application Data\6j0j7s2kek4
[2011/09/17 10:03:43 | 002,121,146 | ---- | M] () -- I:\Documents and Settings\TK\My Documents\ZN_Ticks.csv
[2011/09/17 09:56:32 | 000,105,491 | ---- | M] () -- I:\Documents and Settings\TK\My Documents\ZN60.csv
[2011/09/17 09:56:10 | 000,225,242 | ---- | M] () -- I:\Documents and Settings\TK\My Documents\ZN10.csv
[2011/09/17 09:55:46 | 000,182,487 | ---- | M] () -- I:\Documents and Settings\TK\My Documents\ZN01.csv
[2011/09/17 09:45:46 | 000,001,354 | ---- | M] () -- I:\Documents and Settings\TK\Desktop\acad.err
[2011/09/17 09:45:40 | 000,009,236 | ---- | M] () -- I:\Documents and Settings\TK\Desktop\acadstk.dmp
[2011/09/17 09:42:12 | 000,025,600 | ---- | M] () -- I:\Documents and Settings\TK\Desktop\mtalctrl.exe
[2011/09/15 17:31:26 | 000,681,805 | ---- | M] () -- I:\Documents and Settings\TK\Desktop\test1.dwg
[2011/09/15 01:33:30 | 000,001,374 | ---- | M] () -- I:\WINDOWS\imsins.BAK
[2011/09/14 10:41:42 | 000,035,000 | ---- | M] () -- I:\Documents and Settings\TK\My Documents\BillPresentment.pdf
[2011/09/14 00:20:19 | 000,000,882 | RH-- | M] () -- I:\WINDOWS\System32\drivers\etc\hosts.20110926-085439.backup
[2011/09/09 03:12:13 | 000,599,040 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\crypt32.dll
[2011/09/06 11:11:15 | 000,033,453 | ---- | M] () -- I:\Documents and Settings\TK\My Documents\Carbonite Order.pdf
[3 I:\WINDOWS\*.tmp files -> I:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/29 05:08:43 | 000,052,507 | ---- | C] () -- I:\WINDOWS\alaredun.ini
[2011/09/28 20:29:49 | 000,294,216 | ---- | C] () -- I:\Documents and Settings\TK\Desktop\gmer.zip
[2011/09/28 19:55:58 | 000,000,000 | ---- | C] () -- I:\Documents and Settings\TK\defogger_reenable
[2011/09/28 19:54:58 | 000,050,477 | ---- | C] () -- I:\Documents and Settings\TK\Desktop\Defogger.exe
[2011/09/26 22:28:29 | 000,001,409 | ---- | C] () -- I:\WINDOWS\QTFont.for
[2011/09/26 22:28:28 | 000,054,156 | -H-- | C] () -- I:\WINDOWS\QTFont.qfn
[2011/09/26 20:57:33 | 000,000,327 | ---- | C] () -- I:\Boot.bak
[2011/09/26 20:57:31 | 000,260,272 | RHS- | C] () -- I:\cmldr
[2011/09/26 20:53:54 | 000,256,000 | ---- | C] () -- I:\WINDOWS\PEV.exe
[2011/09/26 20:53:54 | 000,208,896 | ---- | C] () -- I:\WINDOWS\MBR.exe
[2011/09/26 20:53:54 | 000,098,816 | ---- | C] () -- I:\WINDOWS\sed.exe
[2011/09/26 20:53:54 | 000,080,412 | ---- | C] () -- I:\WINDOWS\grep.exe
[2011/09/26 20:53:54 | 000,068,096 | ---- | C] () -- I:\WINDOWS\zip.exe
[2011/09/22 15:29:42 | 000,000,735 | ---- | C] () -- I:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2011/09/21 14:46:20 | 000,000,669 | ---- | C] () -- I:\Documents and Settings\TK\Desktop\Shortcut to TK_BAm.exe.lnk
[2011/09/21 00:22:42 | 001,008,092 | ---- | C] () -- I:\arekle.exe
[2011/09/20 23:26:43 | 001,008,092 | ---- | C] () -- I:\Documents and Settings\TK\Desktop\arekle.exe
[2011/09/20 22:45:00 | 004,104,900 | ---- | C] () -- I:\Documents and Settings\TK\Desktop\RootkitBuster_5.00.1041.zip
[2011/09/20 08:14:46 | 000,000,000 | ---- | C] () -- I:\WINDOWS\263461477
[2011/09/20 08:14:40 | 000,001,028 | -HS- | C] () -- I:\Documents and Settings\TK\Local Settings\Application Data\6j0j7s2kek4
[2011/09/20 08:14:40 | 000,001,028 | -HS- | C] () -- I:\Documents and Settings\All Users\Application Data\6j0j7s2kek4
[2011/09/18 08:57:24 | 000,413,380 | ---- | C] () -- I:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/09/17 09:31:59 | 000,025,600 | ---- | C] () -- I:\Documents and Settings\TK\Desktop\mtalctrl.exe
[2011/09/17 09:00:09 | 000,001,354 | ---- | C] () -- I:\Documents and Settings\TK\Desktop\acad.err
[2011/09/17 08:59:59 | 000,009,236 | ---- | C] () -- I:\Documents and Settings\TK\Desktop\acadstk.dmp
[2011/09/15 17:41:34 | 000,681,805 | ---- | C] () -- I:\Documents and Settings\TK\Desktop\test1.dwg
[2011/09/14 10:41:42 | 000,035,000 | ---- | C] () -- I:\Documents and Settings\TK\My Documents\BillPresentment.pdf
[2011/09/06 11:11:15 | 000,033,453 | ---- | C] () -- I:\Documents and Settings\TK\My Documents\Carbonite Order.pdf
[2010/12/10 00:22:27 | 000,000,000 | ---- | C] () -- I:\WINDOWS\Irremote.ini
[2010/12/03 08:47:35 | 000,065,536 | ---- | C] () -- I:\WINDOWS\System32\DM510.dll
[2010/12/02 19:07:25 | 000,098,304 | ---- | C] () -- I:\WINDOWS\System32\apshext.dll
[2010/12/02 10:42:14 | 000,000,125 | ---- | C] () -- I:\Documents and Settings\TK\Local Settings\Application Data\fusioncache.dat
[2010/12/01 13:10:54 | 000,000,000 | ---- | C] () -- I:\WINDOWS\Mercury.ini
[2010/12/01 13:10:53 | 000,000,188 | ---- | C] () -- I:\WINDOWS\MercuryWT.ini
[2010/12/01 13:09:04 | 000,003,254 | ---- | C] () -- I:\WINDOWS\alamode.ini
[2010/10/12 01:20:55 | 000,701,368 | ---- | C] () -- I:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/08/09 02:10:42 | 001,714,036 | ---- | C] () -- I:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-329068152-412668190-682003330-1003-0.dat
[2010/08/09 02:10:40 | 000,365,894 | ---- | C] () -- I:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2010/06/05 08:00:55 | 000,000,074 | ---- | C] () -- I:\Documents and Settings\TK\Application Data\default.pls
[2010/06/04 23:53:45 | 000,000,069 | ---- | C] () -- I:\WINDOWS\NeroDigital.ini
[2010/05/01 15:23:32 | 000,000,288 | ---- | C] () -- I:\WINDOWS\ODBC.INI
[2010/03/17 08:24:24 | 000,042,496 | ---- | C] () -- I:\WINDOWS\System32\MTSTACK.EXE
[2010/03/17 08:24:24 | 000,000,000 | ---- | C] () -- I:\WINDOWS\MTSTACK.INI
[2010/03/12 01:26:56 | 000,000,165 | ---- | C] () -- I:\WINDOWS\QUICKEN.INI
[2010/03/12 01:14:26 | 000,003,584 | ---- | C] () -- I:\Documents and Settings\TK\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/08 14:43:34 | 000,000,000 | ---- | C] () -- I:\WINDOWS\nsreg.dat
[2010/03/04 10:31:45 | 000,000,000 | ---- | C] () -- I:\WINDOWS\ativpsrm.bin
[2010/03/03 21:53:11 | 000,593,920 | ---- | C] () -- I:\WINDOWS\System32\ati2sgag.exe
[2010/03/03 21:53:04 | 000,887,724 | R--- | C] () -- I:\WINDOWS\System32\ativva6x.dat
[2010/03/03 21:53:03 | 003,107,788 | R--- | C] () -- I:\WINDOWS\System32\ativva5x.dat
[2010/03/03 21:53:02 | 003,107,788 | R--- | C] () -- I:\WINDOWS\System32\ativvaxx.dat
[2010/03/03 21:53:02 | 000,180,720 | R--- | C] () -- I:\WINDOWS\System32\atiicdxx.dat
[2010/03/03 21:26:08 | 000,080,416 | ---- | C] () -- I:\WINDOWS\System32\RtNicProp32.dll
[2010/03/03 21:11:42 | 000,002,048 | --S- | C] () -- I:\WINDOWS\bootstat.dat
[2010/03/03 21:07:04 | 000,021,640 | ---- | C] () -- I:\WINDOWS\System32\emptyregdb.dat
[2010/03/03 13:52:14 | 000,004,161 | ---- | C] () -- I:\WINDOWS\ODBCINST.INI
[2010/03/03 13:51:10 | 000,380,832 | ---- | C] () -- I:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- I:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- I:\WINDOWS\System32\OGAEXEC.exe
[2009/02/02 14:12:42 | 000,495,616 | ---- | C] () -- I:\WINDOWS\System32\TX32.dll
[2009/02/02 14:12:42 | 000,327,680 | ---- | C] () -- I:\WINDOWS\System32\SmaRTEng.dll
[2009/02/02 14:12:42 | 000,053,248 | ---- | C] () -- I:\WINDOWS\System32\P2kDesk.dll
[2009/02/02 14:12:42 | 000,034,304 | ---- | C] () -- I:\WINDOWS\System32\UnlockFile.exe
[2009/02/02 14:12:42 | 000,000,530 | ---- | C] () -- I:\WINDOWS\System32\tx14_ic.ini
[2009/02/02 14:12:41 | 000,338,944 | ---- | C] () -- I:\WINDOWS\System32\LFfpx7.dll
[2009/02/02 14:12:41 | 000,118,784 | ---- | C] () -- I:\WINDOWS\System32\LFKodak.dll
[2009/02/02 14:12:41 | 000,040,960 | ---- | C] () -- I:\WINDOWS\System32\DeskSkt.dll
[2009/02/02 14:12:41 | 000,036,864 | ---- | C] () -- I:\WINDOWS\System32\DP2kFrms.dll
[2009/02/02 14:12:41 | 000,024,576 | ---- | C] () -- I:\WINDOWS\System32\fmt_jb2.dll
[2009/02/02 14:12:41 | 000,018,944 | ---- | C] () -- I:\WINDOWS\System32\fmt_xcx.dll
[2009/02/02 14:12:41 | 000,011,264 | ---- | C] () -- I:\WINDOWS\System32\fmt_xmf.dll
[2009/02/02 14:12:41 | 000,000,313 | ---- | C] () -- I:\WINDOWS\System32\ic32.ini
[2009/02/02 14:12:40 | 001,159,168 | ---- | C] () -- I:\WINDOWS\System32\alaMFC2.dll
[2009/02/02 14:12:40 | 000,220,160 | ---- | C] () -- I:\WINDOWS\System32\Carcla30.dll
[2009/02/02 14:12:40 | 000,204,864 | ---- | C] () -- I:\WINDOWS\System32\AtxWrap.dll
[2009/02/02 14:12:40 | 000,151,552 | ---- | C] () -- I:\WINDOWS\System32\alaMapi.dll
[2009/02/02 14:12:40 | 000,122,880 | ---- | C] () -- I:\WINDOWS\System32\ala32.dll
[2009/02/02 14:12:40 | 000,086,016 | ---- | C] () -- I:\WINDOWS\System32\alaLaunch2.dll
[2009/02/02 14:12:40 | 000,073,728 | ---- | C] () -- I:\WINDOWS\System32\alaLaunch.dll
[2009/02/02 14:12:40 | 000,018,432 | ---- | C] () -- I:\WINDOWS\System32\alavistautils.dll
[2009/02/02 14:12:40 | 000,001,597 | ---- | C] () -- I:\WINDOWS\System32\alaUploader.exe.config
[2009/01/05 16:44:10 | 000,053,248 | ---- | C] () -- I:\WINDOWS\bdoscandel.exe
[2009/01/05 16:44:10 | 000,000,453 | ---- | C] () -- I:\WINDOWS\bdoscandellang.ini
[2008/10/21 11:40:00 | 000,081,920 | ---- | C] () -- I:\WINDOWS\System32\ATIODE.exe
[2008/10/21 11:40:00 | 000,045,056 | ---- | C] () -- I:\WINDOWS\System32\ATIODCLI.exe
[2008/05/26 22:59:42 | 000,018,904 | ---- | C] () -- I:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 22:59:40 | 000,106,605 | ---- | C] () -- I:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/14 06:00:00 | 013,107,200 | ---- | C] () -- I:\WINDOWS\System32\oembios.bin
[2008/04/14 06:00:00 | 000,673,088 | ---- | C] () -- I:\WINDOWS\System32\mlang.dat
[2008/04/14 06:00:00 | 000,610,472 | ---- | C] () -- I:\WINDOWS\System32\perfh009.dat
[2008/04/14 06:00:00 | 000,272,128 | ---- | C] () -- I:\WINDOWS\System32\perfi009.dat
[2008/04/14 06:00:00 | 000,218,003 | ---- | C] () -- I:\WINDOWS\System32\dssec.dat
[2008/04/14 06:00:00 | 000,129,068 | ---- | C] () -- I:\WINDOWS\System32\perfc009.dat
[2008/04/14 06:00:00 | 000,064,512 | ---- | C] () -- I:\WINDOWS\System32\drivers\serial.sys
[2008/04/14 06:00:00 | 000,046,258 | ---- | C] () -- I:\WINDOWS\System32\mib.bin
[2008/04/14 06:00:00 | 000,028,626 | ---- | C] () -- I:\WINDOWS\System32\perfd009.dat
[2008/04/14 06:00:00 | 000,004,569 | ---- | C] () -- I:\WINDOWS\System32\secupd.dat
[2008/04/14 06:00:00 | 000,004,461 | ---- | C] () -- I:\WINDOWS\System32\oembios.dat
[2008/04/14 06:00:00 | 000,001,804 | ---- | C] () -- I:\WINDOWS\System32\Dcache.bin
[2008/04/14 06:00:00 | 000,000,741 | ---- | C] () -- I:\WINDOWS\System32\noise.dat
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- I:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- I:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- I:\WINDOWS\System32\gthrctr.ini
[2007/04/09 21:49:10 | 000,008,704 | ---- | C] () -- I:\WINDOWS\System32\VFDINI.exe
[2003/12/11 18:05:40 | 000,401,408 | ---- | C] () -- I:\WINDOWS\System32\AXF_AXS.dll
[2002/07/16 18:15:02 | 000,577,536 | ---- | C] () -- I:\WINDOWS\System32\PAXMeta.dll
[1998/06/10 00:00:00 | 000,015,120 | ---- | C] () -- I:\WINDOWS\System32\REPUTIL.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 784 bytes -> I:\WINDOWS\263461477:2598718448.exe
@Alternate Data Stream - 121 bytes -> I:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >



****Extras******

OTL Extras logfile created on: 10/5/2011 11:13:08 AM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = I:\Documents and Settings\TK\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.15 Gb Available Physical Memory | 66.26% Memory free
5.09 Gb Paging File | 3.85 Gb Available in Paging File | 75.66% Paging File free
Paging file location(s): I:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = I: | %SystemRoot% = I:\WINDOWS | %ProgramFiles% = I:\Program Files
Unable to calculate disk information.
Drive I: | 698.63 Gb Total Space | 634.54 Gb Free Space | 90.83% Space Free | Partition Type: NTFS

Computer Name: KETCH | User Name: TK | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-329068152-412668190-682003330-1003\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"I:\Program Files\Google\Google Earth\client\googleearth.exe" = I:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"I:\Program Files\a la mode\Sched\eSched.exe" = I:\Program Files\a la mode\Sched\eSched.exe:*:Enabled:a la mode Assistant -- (a la mode, inc.)
"I:\WINDOWS\system32\VaultFilesDownloader.exe" = I:\WINDOWS\system32\VaultFilesDownloader.exe:*:Enabled:a la mode Vault Tools -- (a la mode, inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{045ECA18-1DB2-64C8-2279-F73A8DCE3B5E}" = CCC Help Hungarian
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B1F138F-F085-22C6-6A38-3DBFB785B14B}" = Catalyst Control Center Graphics Full New
"{0C19D563-5F25-4621-BF10-01F741BD283F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools English
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2481EC4A-B95E-6B1F-9240-EC3C7A72CF6F}" = Skins
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 18
"{26C3A7CB-30DC-798B-21CC-63BDF56F0657}" = CCC Help Chinese Traditional
"{28240E4E-E367-7844-846E-4E8427B53211}" = CCC Help Spanish
"{2A1BC0F0-110B-EDD7-4C3D-0864DEF60677}" = CCC Help Turkish
"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3C637334-FE5D-E488-4F11-BF9EFD6ADAA9}" = CCC Help English
"{41BCC278-007E-993C-61DC-25B86926F45E}" = CCC Help Finnish
"{433AA25B-442D-D97B-6492-71D2747355DB}" = ccc-utility
"{4644EC10-EFE8-0235-41CC-C48491CF83E3}" = CCC Help Greek
"{4655D394-1F7C-F51A-70BC-0561FF71E9D7}" = CCC Help Norwegian
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4BE9562E-A31B-A5FF-5DF9-A69F9CB74746}" = CCC Help Japanese
"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
"{5B161932-9D42-4D5E-858D-29BF4C670944}" = Microsoft SQL Server 2008 Setup Support Files
"{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
"{5D1EA3CE-3356-2EB7-A5C7-2F2608BDEACB}" = CCC Help German
"{61BCD850-1A0F-E253-06FF-2A9778945765}" = ccc-core-static
"{6264F0C5-3D33-A669-62ED-AD8E325723BB}" = Catalyst Control Center Core Implementation
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{67ED38A3-4882-448B-B44D-3428AB00D7D5}" = AcronisTrueImageHome
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
"{6ADD0603-16EF-400D-9F9E-486432835002}" = OpenOffice.org 3.2
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime
"{75A61756-C727-40E3-A11F-F0D8ACBCC33D}" = Visual CSharp Step By Step
"{7AB96F30-68CC-1F9E-A7C4-7A80FF06EFAC}" = CCC Help Dutch
"{83BF9176-882C-3AE7-3E1F-3F7E62EFD459}" = ccc-core-preinstall
"{856499F9-51B6-C958-BADC-0B2F930ED59E}" = CCC Help Swedish
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8BA510D1-045B-4E1A-AF52-2282BBF69D5D}" = LightScribe System Software
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{932B8CC5-06AB-375C-42B9-B0CB58BC7019}" = Catalyst Control Center HydraVision Full
"{94317163-C5D1-4FCE-A0D9-F48FE06A7D7D}" = Microsoft SQL Server 2008 Native Client
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96D33319-C14C-3070-A464-CE8416E46487}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{98282981-0E26-50CD-6D7F-F0E3E3DF6486}" = Catalyst Control Center Graphics Full Existing
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = iSEEK AnswerWorks English Runtime
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4418082-E601-3954-805B-D56A2B50EC8B}" = Microsoft Visual C# 2008 Express Edition with SP1 - ENU
"{A8248F67-8160-7AAB-371F-03221340D539}" = CCC Help Italian
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB0BFB0B-116C-54DA-1B41-CBBE94B43007}" = CCC Help Czech
"{AC76BA86-1033-0000-BA7E-000000000003}" = Adobe Acrobat 8 Standard
"{AED142A8-96EA-42DE-B212-60BFC98D6CC7}" = USBFast
"{B0043B14-E6FE-67F1-54A8-DA2C8DA5B1FA}" = CCC Help Portuguese
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B17C8039-DDDE-E6DE-3632-40186451799C}" = CCC Help Polish
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B31FFE22-A9BB-CB94-F91B-E678B8645D49}" = Catalyst Control Center Localization All
"{B3736663-7797-9F1E-77E8-6D78021B2921}" = CCC Help Danish
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B57890F1-05B2-265D-62A6-C4B8EF212786}" = CCC Help French
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B80964E3-9445-46C3-3A2F-6556B595CBAC}" = Catalyst Control Center Graphics Light
"{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer
"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C0510E20-B6DA-47AC-B435-29CAAB68E53A}" = HP Scanjet N6010 Drivers and Tools
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4842EAA-7ACA-3466-9DC0-D0BF174B9F6E}" = CCC Help Chinese Standard
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C6DD625F-4B61-4561-8286-87CA0275CEA1}" = Microsoft Sync Framework Runtime v1.0 SP1 (x86)
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}" = Quicken 2010
"{CE09BA21-399C-FCE7-E2E5-C9BCF14D61F3}" = CCC Help Russian
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D410670C-B1B7-E7A4-0CD1-5C18669D35E5}" = Catalyst Control Center Graphics Previews Common
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (ALAMODE)
"{E21DA178-9FB0-4F91-B79C-5A6DDEEBFB8D}" = Bing Bar Platform
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E5DD5532-5CE8-8A47-C05F-DD8EC0ED3557}" = CCC Help Korean
"{E989D16F-0B39-4E74-8BD5-149BEE1477FE}" = Microsoft SQL Server 2008 RsFx Driver
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F937494E-4340-FFB4-6911-54E9FB4B5998}" = CCC Help Thai
"{FD8D8382-4058-4F74-8EF1-FE61091F854A}" = Xerox DocuMate 510 Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Acrobat 8 Standard" = Adobe Acrobat 8 Standard
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"ATCTrader Demo_is1" = ATCTrader Demo 3.5
"ATCTrader_is1" = ATCTrader 3.5
"ATI Display Driver" = ATI Display Driver
"AutoCAD R14.0 Uninstall" = AutoCAD R14.0
"Carbonite Backup" = Carbonite
"Google Chrome" = Google Chrome
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Developer Network - Visual Studio 6.0a" = MSDN Library - Visual Studio 6.0a
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Visual C# 2008 Express Edition with SP1 - ENU" = Microsoft Visual C# 2008 Express Edition with SP1 - ENU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"OEC API COM_is1" = OEC API COM 3.5
"OEC Chart Package Demo_is1" = OEC Chart Package Demo 3.5
"OEC Chart Package Developer_is1" = OEC Chart Package Developer 3.5
"OEC Chart Package_is1" = OEC Chart Package 3.5
"OEC eSignal_is1" = OEC eSignal 3.4
"OEC Excel Add-In_is1" = OEC Excel Add-In 3.3
"OEC Market Replay Demo_is1" = OEC Market Replay Demo 3.5
"OEC Market Replay_is1" = OEC Market Replay 3.5
"OEC RSS News Feed Demo_is1" = OEC RSS News Feed Demo 3.5
"OEC RSS News Feed_is1" = OEC RSS News Feed 3.5
"OEC Trader Developer_is1" = OEC Trader Developer 3.5
"PDF-XChange 3_is1" = PDF-XChange 3
"PROR" = Microsoft Office Professional 2007
"QuickTime" = QuickTime
"Rosetta Stone 2.1.4.1A" = Rosetta Stone 2.1.4.1A
"TurboTax 2009" = TurboTax 2009
"Visual Basic 6.0 Professional Edition" = Microsoft Visual Basic 6.0 Professional Edition
"WebPost" = Microsoft Web Publishing Wizard 1.53
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/5/2011 8:14:26 AM | Computer Name = KETCH | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 10/5/2011 10:27:46 AM | Computer Name = KETCH | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 10/5/2011 10:32:01 AM | Computer Name = KETCH | Source = Windows Search Service | ID = 3013
Description = The entry <I:\COMBOFIX\TEMP00> in the hash map cannot be updated. Context:
Application, SystemIndex Catalog Details: A device attached to the system is not
functioning. (0x8007001f)

Error - 10/5/2011 10:32:01 AM | Computer Name = KETCH | Source = Windows Search Service | ID = 3013
Description = The entry <I:\COMBOFIX\TEMP00> in the hash map cannot be updated. Context:
Application, SystemIndex Catalog Details: A device attached to the system is not
functioning. (0x8007001f)

Error - 10/5/2011 10:33:51 AM | Computer Name = KETCH | Source = Windows Search Service | ID = 3013
Description = The entry <I:\COMBOFIX\TEMP00> in the hash map cannot be updated. Context:
Application, SystemIndex Catalog Details: A device attached to the system is not
functioning. (0x8007001f)

Error - 10/5/2011 10:34:13 AM | Computer Name = KETCH | Source = Windows Search Service | ID = 3013
Description = The entry <I:\COMBOFIX\TEMP01> in the hash map cannot be updated. Context:
Application, SystemIndex Catalog Details: A device attached to the system is not
functioning. (0x8007001f)

Error - 10/5/2011 10:34:24 AM | Computer Name = KETCH | Source = Windows Search Service | ID = 3013
Description = The entry <I:\COMBOFIX\TEMP00> in the hash map cannot be updated. Context:
Application, SystemIndex Catalog Details: A device attached to the system is not
functioning. (0x8007001f)

Error - 10/5/2011 10:35:59 AM | Computer Name = KETCH | Source = Windows Search Service | ID = 3013
Description = The entry <I:\COMBOFIX\TEMP00> in the hash map cannot be updated. Context:
Application, SystemIndex Catalog Details: A device attached to the system is not
functioning. (0x8007001f)

Error - 10/5/2011 10:36:41 AM | Computer Name = KETCH | Source = Windows Search Service | ID = 3013
Description = The entry <I:\COMBOFIX\TEMP00> in the hash map cannot be updated. Context:
Application, SystemIndex Catalog Details: A device attached to the system is not
functioning. (0x8007001f)

Error - 10/5/2011 10:36:41 AM | Computer Name = KETCH | Source = Windows Search Service | ID = 3013
Description = The entry <I:\COMBOFIX\TEMP00> in the hash map cannot be updated. Context:
Application, SystemIndex Catalog Details: A device attached to the system is not
functioning. (0x8007001f)

[ OSession Events ]
Error - 4/18/2010 1:22:47 AM | Computer Name = KETCH | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 21722
seconds with 540 seconds of active time. This session ended with a crash.

Error - 11/26/2010 11:50:28 AM | Computer Name = KETCH | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 628
seconds with 60 seconds of active time. This session ended with a crash.

Error - 6/7/2011 7:51:25 PM | Computer Name = KETCH | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 625
seconds with 0 seconds of active time. This session ended with a crash.

Error - 6/14/2011 8:17:13 PM | Computer Name = KETCH | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 45638
seconds with 6120 seconds of active time. This session ended with a crash.

Error - 6/26/2011 1:40:19 AM | Computer Name = KETCH | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 55772
seconds with 5220 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 10/5/2011 8:20:31 AM | Computer Name = KETCH | Source = ati2mtag | ID = 43036
Description = EDID does not contain the range limitation

Error - 10/5/2011 8:20:31 AM | Computer Name = KETCH | Source = ati2mtag | ID = 43036
Description = EDID does not contain the range limitation

Error - 10/5/2011 8:20:31 AM | Computer Name = KETCH | Source = ati2mtag | ID = 43036
Description = EDID does not contain the range limitation

Error - 10/5/2011 8:20:31 AM | Computer Name = KETCH | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
MpFilter

Error - 10/5/2011 10:30:46 AM | Computer Name = KETCH | Source = Service Control Manager | ID = 7000
Description = The Microsoft Antimalware Service service failed to start due to the
following error: %%3

Error - 10/5/2011 10:30:46 AM | Computer Name = KETCH | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126

Error - 10/5/2011 10:30:53 AM | Computer Name = KETCH | Source = ati2mtag | ID = 43036
Description = EDID does not contain the range limitation

Error - 10/5/2011 10:30:53 AM | Computer Name = KETCH | Source = ati2mtag | ID = 43036
Description = EDID does not contain the range limitation

Error - 10/5/2011 10:30:53 AM | Computer Name = KETCH | Source = ati2mtag | ID = 43036
Description = EDID does not contain the range limitation

Error - 10/5/2011 10:30:54 AM | Computer Name = KETCH | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
MpFilter


< End of report >

#10 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:11:41 AM

Posted 05 October 2011 - 01:33 PM

Hi,

No it shouldn't take that long, but the first file checks out. Could you just try the second one please?

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :processes
    killallprocesses
    
    :OTL
    FF - user.js..browser.search.selectedEngine: "Search"
    FF - user.js..browser.search.order.1: "Search"
    FF - user.js..keyword.URL: http://search.internet-search-results.com/?sid=10101179100&s=
    [2011/09/21 10:10:06 | 000,002,223 | ---- | M] () -- I:\Program Files\mozilla firefox\searchplugins\websearch.xml
    [2011/09/20 08:14:40 | 000,001,028 | -HS- | M] () -- I:\Documents and Settings\TK\Local Settings\Application Data\6j0j7s2kek4
    [2011/09/20 08:14:40 | 000,001,028 | -HS- | M] () -- I:\Documents and Settings\All Users\Application Data\6j0j7s2kek4
    [2011/09/20 08:14:46 | 000,000,000 | ---- | C] () -- I:\WINDOWS\263461477
    @Alternate Data Stream - 784 bytes -> I:\WINDOWS\263461477:2598718448.exe
    @Alternate Data Stream - 121 bytes -> I:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    
    :commands
    [CREATERESTOREPOINT]
    [PURITY]
    

    Casey
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.

Edited by Casey_boy, 05 October 2011 - 01:35 PM.

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#11 Tom Ketch

Tom Ketch
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:04:41 AM

Posted 05 October 2011 - 04:07 PM

Thanks for your continuing advice:

Attached are results for OTL redone and Jotti Scan for I:/Arelle.exe requested earlier

Arekle first: (I belive this is rkill renamed)

2011-10-03 Generic.23.37338 2011-10-03 Found nothing
2011-10-03 Found nothing 2011-10-03 Found nothing
2011-10-03 Found nothing 2011-10-03 Found nothing
2011-10-03 Found nothing 2011-10-03 Found nothing
2011-10-03 Found nothing 2011-10-03 Found nothing
2011-10-03 Trojan.Hupigon-33703 2011-10-03 Found nothing
2011-10-03 Troj.Downloader.W32.Aphex.020 2011-10-03 Found nothing
2011-10-03 Found nothing 2011-10-03 Found nothing
2011-10-03 Malware.Win32.AMN!A2 2011-10-03 Backdoor.Hupigon.opao
2011-10-03 Found nothing 2011-10-03 Found nothing


OTL Redone


========== PROCESSES ==========
All processes killed
========== OTL ==========
I:\Documents and Settings\TK\Application Data\Mozilla\FireFox\Profiles\dtr2auh1.default\user.js moved successfully.
I:\Program Files\Mozilla Firefox\searchplugins\websearch.xml moved successfully.
I:\Documents and Settings\TK\Local Settings\Application Data\6j0j7s2kek4 moved successfully.
I:\Documents and Settings\All Users\Application Data\6j0j7s2kek4 moved successfully.
I:\WINDOWS\263461477 moved successfully.
Unable to delete ADS I:\WINDOWS\263461477:2598718448.exe .
ADS I:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.29.1 log created on 10052011_134608

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

#12 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:11:41 AM

Posted 05 October 2011 - 04:14 PM

No problem :thumbup2:

(I belive this is rkill renamed)


OK, that's fine then :)

How is the PC running? Still getting the redirects?

Let's see if MBAM will now work:

Run a scan with MBAM

Please update and run a full scan with MalwareByte's Anti-Malware. Post me the log.

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#13 Tom Ketch

Tom Ketch
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:04:41 AM

Posted 05 October 2011 - 06:27 PM

Ran Malwarebydtes, Files found and removed.

still getting redirect.

Malwarebytes log:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7882

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/5/2011 5:18:25 PM
mbam-log-2011-10-05 (17-18-25).txt

Scan type: Full scan (I:\|)
Objects scanned: 337596
Time elapsed: 43 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 13

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
i:\documents and settings\networkservice\application data\Sun\Java\deployment\cache\6.0\36\84b7364-4a7f03a6.0 (Trojan.Zbot.H) -> Quarantined and deleted successfully.
i:\Qoobox\quarantine\I\documents and settings\all users\application data\WSTB\verupd.exe.vir (Trojan.Clicker) -> Quarantined and deleted successfully.
i:\Qoobox\quarantine\I\documents and settings\default user\start menu\Programs\Startup\koebu.0xe.vir (Trojan.Zbot.H) -> Quarantined and deleted successfully.
i:\Qoobox\quarantine\I\WINDOWS\$BLSTUN$\lmatn.dll.vir (Adware.BHO) -> Quarantined and deleted successfully.
i:\system volume information\_restore{d60ae972-2603-40f3-b85f-2d2b1887a9db}\RP189\A0031383.exe (Trojan.Exploit.Drop) -> Quarantined and deleted successfully.
i:\system volume information\_restore{d60ae972-2603-40f3-b85f-2d2b1887a9db}\RP191\A0063679.exe (Trojan.Zbot.H) -> Quarantined and deleted successfully.
i:\system volume information\_restore{d60ae972-2603-40f3-b85f-2d2b1887a9db}\RP193\A0067885.exe (Trojan.Zbot.H) -> Quarantined and deleted successfully.
i:\system volume information\_restore{d60ae972-2603-40f3-b85f-2d2b1887a9db}\RP193\A0067886.exe (Trojan.Zbot.H) -> Quarantined and deleted successfully.
i:\system volume information\_restore{d60ae972-2603-40f3-b85f-2d2b1887a9db}\RP193\A0067887.exe (Trojan.Zbot.H) -> Quarantined and deleted successfully.
i:\system volume information\_restore{d60ae972-2603-40f3-b85f-2d2b1887a9db}\RP193\A0067908.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
i:\system volume information\_restore{d60ae972-2603-40f3-b85f-2d2b1887a9db}\RP193\A0067911.exe (Trojan.Zbot.H) -> Quarantined and deleted successfully.
i:\system volume information\_restore{d60ae972-2603-40f3-b85f-2d2b1887a9db}\RP197\A0068445.dll (Adware.BHO) -> Quarantined and deleted successfully.
i:\system volume information\_restore{d60ae972-2603-40f3-b85f-2d2b1887a9db}\RP197\A0068717.exe (Trojan.Clicker) -> Quarantined and deleted successfully.

#14 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:11:41 AM

Posted 06 October 2011 - 05:31 AM

Hi again,

OK, let's try this:

:step1:
  • Download TDSSKiller.exe and save it to your desktop.
  • Double-click TDSSKiller.exe to run it.
  • Under "Objects to scan" ensure both "Services and Drivers" and "Boot Sectors" are checked.
  • Click Start scan and allow it to scan for Malicious objects.
    • If malicious objects are found, the default action will be Cure, ensure Cure is selected then click Continue.
    • If suspicious objects are detected, the default action will be Skip, ensure Skip is selected then click Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now and allow the computer to reboot.
  • A log will be created on your root (usually C:) drive. The log is like UtilityName.Version_Date_Time_log.txt.
    for example, C:\TDSSKiller.2.4.1.2_20.04.2010_15.31.43_log.txt
  • If no reboot is required, click on Report. A log file should appear.
  • Please post the contents of the logfile in your next reply


:step2: Could you get a fresh OTL scan for me also (post #8, step 2).

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#15 Tom Ketch

Tom Ketch
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:04:41 AM

Posted 06 October 2011 - 01:33 PM

Casey,

TDSKiller and OTL Files attached.

TDS didn't ask for a reboot and didn't seem to find anything.
OTL Files didn't include an "Extras" file.

Thanks, as usual, TK


****TDS******

12:05:38.0765 5400 TDSS rootkit removing tool 2.6.5.0 Oct 5 2011 20:52:46
12:05:39.0171 5400 ============================================================
12:05:39.0171 5400 Current date / time: 2011/10/06 12:05:39.0171
12:05:39.0171 5400 SystemInfo:
12:05:39.0171 5400
12:05:39.0187 5400 OS Version: 5.1.2600 ServicePack: 3.0
12:05:39.0187 5400 Product type: Workstation
12:05:39.0187 5400 ComputerName: KETCH
12:05:39.0187 5400 UserName: TK
12:05:39.0187 5400 Windows directory: I:\WINDOWS
12:05:39.0187 5400 System windows directory: I:\WINDOWS
12:05:39.0187 5400 Processor architecture: Intel x86
12:05:39.0187 5400 Number of processors: 2
12:05:39.0187 5400 Page size: 0x1000
12:05:39.0187 5400 Boot type: Normal boot
12:05:39.0187 5400 ============================================================
12:05:40.0390 5400 Initialize success
12:06:19.0078 5580 ============================================================
12:06:19.0078 5580 Scan started
12:06:19.0078 5580 Mode: Manual;
12:06:19.0078 5580 ============================================================
12:06:19.0609 5580 Abiosdsk - ok
12:06:19.0609 5580 abp480n5 - ok
12:06:19.0656 5580 ACPI (8fd99680a539792a30e97944fdaecf17) I:\WINDOWS\system32\DRIVERS\ACPI.sys
12:06:19.0656 5580 ACPI - ok
12:06:19.0687 5580 ACPIEC (9859c0f6936e723e4892d7141b1327d5) I:\WINDOWS\system32\drivers\ACPIEC.sys
12:06:19.0687 5580 ACPIEC - ok
12:06:19.0687 5580 adpu160m - ok
12:06:19.0734 5580 aec (8bed39e3c35d6a489438b8141717a557) I:\WINDOWS\system32\drivers\aec.sys
12:06:19.0734 5580 aec - ok
12:06:19.0765 5580 afcdp (4fa0ca536dab995baf48bd41b4e2ed00) I:\WINDOWS\system32\DRIVERS\afcdp.sys
12:06:19.0765 5580 afcdp - ok
12:06:19.0796 5580 AFD (355556d9e580915118cd7ef736653a89) I:\WINDOWS\System32\drivers\afd.sys
12:06:19.0796 5580 AFD - ok
12:06:19.0796 5580 Aha154x - ok
12:06:19.0812 5580 aic78u2 - ok
12:06:19.0828 5580 aic78xx - ok
12:06:19.0828 5580 AliIde - ok
12:06:19.0859 5580 amdide (6e58654cb25730b2579e45e1fd116a47) I:\WINDOWS\system32\DRIVERS\amdide.sys
12:06:19.0859 5580 amdide - ok
12:06:19.0875 5580 amsint - ok
12:06:19.0890 5580 asc - ok
12:06:19.0890 5580 asc3350p - ok
12:06:19.0906 5580 asc3550 - ok
12:06:19.0937 5580 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) I:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:06:19.0937 5580 AsyncMac - ok
12:06:19.0937 5580 atapi (9f3a2f5aa6875c72bf062c712cfa2674) I:\WINDOWS\system32\DRIVERS\atapi.sys
12:06:19.0937 5580 atapi - ok
12:06:19.0937 5580 Atdisk - ok
12:06:20.0031 5580 ati2mtag (1db0e5f78a67307f9c68d777873c1164) I:\WINDOWS\system32\DRIVERS\ati2mtag.sys
12:06:20.0046 5580 ati2mtag - ok
12:06:20.0078 5580 AtiHdmiService (d9bc8892b9440a2551b8148c57aa039e) I:\WINDOWS\system32\drivers\AtiHdmi.sys
12:06:20.0078 5580 AtiHdmiService - ok
12:06:20.0093 5580 Atmarpc (9916c1225104ba14794209cfa8012159) I:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:06:20.0093 5580 Atmarpc - ok
12:06:20.0109 5580 audstub (d9f724aa26c010a217c97606b160ed68) I:\WINDOWS\system32\DRIVERS\audstub.sys
12:06:20.0109 5580 audstub - ok
12:06:20.0140 5580 Beep (da1f27d85e0d1525f6621372e7b685e9) I:\WINDOWS\system32\drivers\Beep.sys
12:06:20.0140 5580 Beep - ok
12:06:20.0156 5580 catchme - ok
12:06:20.0203 5580 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) I:\WINDOWS\system32\drivers\cbidf2k.sys
12:06:20.0203 5580 cbidf2k - ok
12:06:20.0203 5580 cd20xrnt - ok
12:06:20.0218 5580 Cdaudio (c1b486a7658353d33a10cc15211a873b) I:\WINDOWS\system32\drivers\Cdaudio.sys
12:06:20.0218 5580 Cdaudio - ok
12:06:20.0234 5580 Cdfs (c885b02847f5d2fd45a24e219ed93b32) I:\WINDOWS\system32\drivers\Cdfs.sys
12:06:20.0234 5580 Cdfs - ok
12:06:20.0234 5580 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) I:\WINDOWS\system32\DRIVERS\cdrom.sys
12:06:20.0234 5580 Cdrom - ok
12:06:20.0343 5580 CFcatchme - ok
12:06:20.0343 5580 Changer - ok
12:06:20.0375 5580 CmdIde - ok
12:06:20.0406 5580 Cpqarray - ok
12:06:20.0421 5580 dac2w2k - ok
12:06:20.0437 5580 dac960nt - ok
12:06:20.0453 5580 Disk (044452051f3e02e7963599fc8f4f3e25) I:\WINDOWS\system32\DRIVERS\disk.sys
12:06:20.0453 5580 Disk - ok
12:06:20.0484 5580 dmboot (d992fe1274bde0f84ad826acae022a41) I:\WINDOWS\system32\drivers\dmboot.sys
12:06:20.0500 5580 dmboot - ok
12:06:20.0500 5580 dmio (7c824cf7bbde77d95c08005717a95f6f) I:\WINDOWS\system32\drivers\dmio.sys
12:06:20.0500 5580 dmio - ok
12:06:20.0515 5580 dmload (e9317282a63ca4d188c0df5e09c6ac5f) I:\WINDOWS\system32\drivers\dmload.sys
12:06:20.0515 5580 dmload - ok
12:06:20.0531 5580 DMusic (8a208dfcf89792a484e76c40e5f50b45) I:\WINDOWS\system32\drivers\DMusic.sys
12:06:20.0531 5580 DMusic - ok
12:06:20.0531 5580 dpti2o - ok
12:06:20.0546 5580 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) I:\WINDOWS\system32\drivers\drmkaud.sys
12:06:20.0546 5580 drmkaud - ok
12:06:20.0593 5580 Fastfat (38d332a6d56af32635675f132548343e) I:\WINDOWS\system32\drivers\Fastfat.sys
12:06:20.0593 5580 Fastfat - ok
12:06:20.0593 5580 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) I:\WINDOWS\system32\DRIVERS\fdc.sys
12:06:20.0593 5580 Fdc - ok
12:06:20.0609 5580 Fips (d45926117eb9fa946a6af572fbe1caa3) I:\WINDOWS\system32\drivers\Fips.sys
12:06:20.0609 5580 Fips - ok
12:06:20.0625 5580 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) I:\WINDOWS\system32\DRIVERS\flpydisk.sys
12:06:20.0625 5580 Flpydisk - ok
12:06:20.0625 5580 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) I:\WINDOWS\system32\DRIVERS\fltMgr.sys
12:06:20.0625 5580 FltMgr - ok
12:06:20.0640 5580 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) I:\WINDOWS\system32\drivers\Fs_Rec.sys
12:06:20.0640 5580 Fs_Rec - ok
12:06:20.0656 5580 Ftdisk (6ac26732762483366c3969c9e4d2259d) I:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:06:20.0656 5580 Ftdisk - ok
12:06:20.0656 5580 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) I:\WINDOWS\system32\DRIVERS\msgpc.sys
12:06:20.0671 5580 Gpc - ok
12:06:20.0671 5580 HDAudBus (573c7d0a32852b48f3058cfd8026f511) I:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:06:20.0671 5580 HDAudBus - ok
12:06:20.0703 5580 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) I:\WINDOWS\system32\DRIVERS\hidusb.sys
12:06:20.0703 5580 HidUsb - ok
12:06:20.0703 5580 hpn - ok
12:06:20.0750 5580 HTTP (f80a415ef82cd06ffaf0d971528ead38) I:\WINDOWS\system32\Drivers\HTTP.sys
12:06:20.0750 5580 HTTP - ok
12:06:20.0765 5580 i2omgmt - ok
12:06:20.0765 5580 i2omp - ok
12:06:20.0796 5580 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) I:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:06:20.0796 5580 i8042prt - ok
12:06:20.0812 5580 Imapi (083a052659f5310dd8b6a6cb05edcf8e) I:\WINDOWS\system32\DRIVERS\imapi.sys
12:06:20.0812 5580 Imapi - ok
12:06:20.0812 5580 ini910u - ok
12:06:20.0828 5580 IntelIde - ok
12:06:20.0843 5580 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) I:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
12:06:20.0843 5580 Ip6Fw - ok
12:06:20.0875 5580 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) I:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:06:20.0875 5580 IpFilterDriver - ok
12:06:20.0890 5580 IpInIp (b87ab476dcf76e72010632b5550955f5) I:\WINDOWS\system32\DRIVERS\ipinip.sys
12:06:20.0890 5580 IpInIp - ok
12:06:20.0906 5580 IpNat (cc748ea12c6effde940ee98098bf96bb) I:\WINDOWS\system32\DRIVERS\ipnat.sys
12:06:20.0906 5580 IpNat - ok
12:06:20.0921 5580 IPSec (23c74d75e36e7158768dd63d92789a91) I:\WINDOWS\system32\DRIVERS\ipsec.sys
12:06:20.0921 5580 IPSec - ok
12:06:20.0953 5580 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) I:\WINDOWS\system32\DRIVERS\irenum.sys
12:06:20.0953 5580 IRENUM - ok
12:06:20.0968 5580 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) I:\WINDOWS\system32\DRIVERS\isapnp.sys
12:06:20.0968 5580 isapnp - ok
12:06:20.0984 5580 Kbdclass (463c1ec80cd17420a542b7f36a36f128) I:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:06:20.0984 5580 Kbdclass - ok
12:06:21.0015 5580 kmixer (692bcf44383d056aed41b045a323d378) I:\WINDOWS\system32\drivers\kmixer.sys
12:06:21.0015 5580 kmixer - ok
12:06:21.0046 5580 KSecDD (b467646c54cc746128904e1654c750c1) I:\WINDOWS\system32\drivers\KSecDD.sys
12:06:21.0046 5580 KSecDD - ok
12:06:21.0062 5580 lbrtfdc - ok
12:06:21.0093 5580 MBAMSwissArmy - ok
12:06:21.0125 5580 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) I:\WINDOWS\system32\drivers\mnmdd.sys
12:06:21.0125 5580 mnmdd - ok
12:06:21.0156 5580 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) I:\WINDOWS\system32\drivers\Modem.sys
12:06:21.0156 5580 Modem - ok
12:06:21.0156 5580 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) I:\WINDOWS\system32\DRIVERS\mouclass.sys
12:06:21.0156 5580 Mouclass - ok
12:06:21.0171 5580 mouhid (b1c303e17fb9d46e87a98e4ba6769685) I:\WINDOWS\system32\DRIVERS\mouhid.sys
12:06:21.0171 5580 mouhid - ok
12:06:21.0171 5580 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) I:\WINDOWS\system32\drivers\MountMgr.sys
12:06:21.0171 5580 MountMgr - ok
12:06:21.0187 5580 MpFilter - ok
12:06:21.0203 5580 MpKsl24b0fa41 - ok
12:06:21.0203 5580 MpKsl6d31ba17 - ok
12:06:21.0218 5580 MpKsl7bbc14b1 - ok
12:06:21.0218 5580 mraid35x - ok
12:06:21.0234 5580 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) I:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:06:21.0234 5580 MRxDAV - ok
12:06:21.0250 5580 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) I:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:06:21.0250 5580 MRxSmb - ok
12:06:21.0265 5580 Msfs (c941ea2454ba8350021d774daf0f1027) I:\WINDOWS\system32\drivers\Msfs.sys
12:06:21.0265 5580 Msfs - ok
12:06:21.0296 5580 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) I:\WINDOWS\system32\drivers\MSKSSRV.sys
12:06:21.0296 5580 MSKSSRV - ok
12:06:21.0296 5580 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) I:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:06:21.0296 5580 MSPCLOCK - ok
12:06:21.0312 5580 MSPQM (bad59648ba099da4a17680b39730cb3d) I:\WINDOWS\system32\drivers\MSPQM.sys
12:06:21.0312 5580 MSPQM - ok
12:06:21.0328 5580 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) I:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:06:21.0328 5580 mssmbios - ok
12:06:21.0359 5580 Mup (de6a75f5c270e756c5508d94b6cf68f5) I:\WINDOWS\system32\drivers\Mup.sys
12:06:21.0359 5580 Mup - ok
12:06:21.0375 5580 NDIS (1df7f42665c94b825322fae71721130d) I:\WINDOWS\system32\drivers\NDIS.sys
12:06:21.0375 5580 NDIS - ok
12:06:21.0375 5580 NdisTapi (0109c4f3850dfbab279542515386ae22) I:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:06:21.0375 5580 NdisTapi - ok
12:06:21.0390 5580 Ndisuio (f927a4434c5028758a842943ef1a3849) I:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:06:21.0390 5580 Ndisuio - ok
12:06:21.0406 5580 NdisWan (edc1531a49c80614b2cfda43ca8659ab) I:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:06:21.0406 5580 NdisWan - ok
12:06:21.0421 5580 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) I:\WINDOWS\system32\drivers\NDProxy.sys
12:06:21.0421 5580 NDProxy - ok
12:06:21.0437 5580 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) I:\WINDOWS\system32\DRIVERS\netbios.sys
12:06:21.0437 5580 NetBIOS - ok
12:06:21.0453 5580 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) I:\WINDOWS\system32\DRIVERS\netbt.sys
12:06:21.0453 5580 NetBT - ok
12:06:21.0468 5580 Npfs (3182d64ae053d6fb034f44b6def8034a) I:\WINDOWS\system32\drivers\Npfs.sys
12:06:21.0468 5580 Npfs - ok
12:06:21.0484 5580 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) I:\WINDOWS\system32\drivers\Ntfs.sys
12:06:21.0500 5580 Ntfs - ok
12:06:21.0531 5580 Null (73c1e1f395918bc2c6dd67af7591a3ad) I:\WINDOWS\system32\drivers\Null.sys
12:06:21.0531 5580 Null - ok
12:06:21.0562 5580 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) I:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:06:21.0562 5580 NwlnkFlt - ok
12:06:21.0578 5580 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) I:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:06:21.0578 5580 NwlnkFwd - ok
12:06:21.0609 5580 Parport (5575faf8f97ce5e713d108c2a58d7c7c) I:\WINDOWS\system32\drivers\Parport.sys
12:06:21.0609 5580 Parport - ok
12:06:21.0609 5580 PartMgr (beb3ba25197665d82ec7065b724171c6) I:\WINDOWS\system32\drivers\PartMgr.sys
12:06:21.0609 5580 PartMgr - ok
12:06:21.0640 5580 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) I:\WINDOWS\system32\drivers\ParVdm.sys
12:06:21.0640 5580 ParVdm - ok
12:06:21.0640 5580 PCI (a219903ccf74233761d92bef471a07b1) I:\WINDOWS\system32\DRIVERS\pci.sys
12:06:21.0640 5580 PCI - ok
12:06:21.0656 5580 PCIDump - ok
12:06:21.0671 5580 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) I:\WINDOWS\system32\DRIVERS\pciide.sys
12:06:21.0671 5580 PCIIde - ok
12:06:21.0687 5580 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) I:\WINDOWS\system32\drivers\Pcmcia.sys
12:06:21.0687 5580 Pcmcia - ok
12:06:21.0687 5580 PDCOMP - ok
12:06:21.0703 5580 PDFRAME - ok
12:06:21.0718 5580 PDRELI - ok
12:06:21.0718 5580 PDRFRAME - ok
12:06:21.0734 5580 perc2 - ok
12:06:21.0750 5580 perc2hib - ok
12:06:21.0796 5580 PLTurbh (7e32b692fcf44c3add10186b54111f29) I:\WINDOWS\system32\drivers\plturbh.sys
12:06:21.0796 5580 PLTurbh - ok
12:06:21.0812 5580 PLTurbo (8454c205ba53d22b5a34d9b2613859a9) I:\WINDOWS\system32\drivers\plturbo.sys
12:06:21.0812 5580 PLTurbo - ok
12:06:21.0828 5580 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) I:\WINDOWS\system32\DRIVERS\raspptp.sys
12:06:21.0828 5580 PptpMiniport - ok
12:06:21.0828 5580 Processor (a32bebaf723557681bfc6bd93e98bd26) I:\WINDOWS\system32\DRIVERS\processr.sys
12:06:21.0828 5580 Processor - ok
12:06:21.0843 5580 PSched (09298ec810b07e5d582cb3a3f9255424) I:\WINDOWS\system32\DRIVERS\psched.sys
12:06:21.0843 5580 PSched - ok
12:06:21.0859 5580 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) I:\WINDOWS\system32\DRIVERS\ptilink.sys
12:06:21.0859 5580 Ptilink - ok
12:06:21.0875 5580 ql1080 - ok
12:06:21.0875 5580 Ql10wnt - ok
12:06:21.0890 5580 ql12160 - ok
12:06:21.0890 5580 ql1240 - ok
12:06:21.0906 5580 ql1280 - ok
12:06:21.0906 5580 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) I:\WINDOWS\system32\DRIVERS\rasacd.sys
12:06:21.0906 5580 RasAcd - ok
12:06:21.0921 5580 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) I:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:06:21.0921 5580 Rasl2tp - ok
12:06:21.0937 5580 RasPppoe (5bc962f2654137c9909c3d4603587dee) I:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:06:21.0937 5580 RasPppoe - ok
12:06:21.0937 5580 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) I:\WINDOWS\system32\DRIVERS\raspti.sys
12:06:21.0937 5580 Raspti - ok
12:06:21.0953 5580 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) I:\WINDOWS\system32\DRIVERS\rdbss.sys
12:06:21.0953 5580 Rdbss - ok
12:06:21.0953 5580 RDPCDD (4912d5b403614ce99c28420f75353332) I:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:06:21.0953 5580 RDPCDD - ok
12:06:21.0984 5580 rdpdr (15cabd0f7c00c47c70124907916af3f1) I:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:06:21.0984 5580 rdpdr - ok
12:06:22.0015 5580 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) I:\WINDOWS\system32\drivers\RDPWD.sys
12:06:22.0015 5580 RDPWD - ok
12:06:22.0031 5580 redbook (f828dd7e1419b6653894a8f97a0094c5) I:\WINDOWS\system32\DRIVERS\redbook.sys
12:06:22.0031 5580 redbook - ok
12:06:22.0078 5580 RsFx0103 (fd692c6ffade58f7c4c3c3c9a0ec35bd) I:\WINDOWS\system32\DRIVERS\RsFx0103.sys
12:06:22.0078 5580 RsFx0103 - ok
12:06:22.0093 5580 RTLE8023xp (c6d34a1874cd2b212dc3e788091c64b4) I:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
12:06:22.0093 5580 RTLE8023xp - ok
12:06:22.0125 5580 Secdrv (90a3935d05b494a5a39d37e71f09a677) I:\WINDOWS\system32\DRIVERS\secdrv.sys
12:06:22.0125 5580 Secdrv - ok
12:06:22.0140 5580 serenum (0f29512ccd6bead730039fb4bd2c85ce) I:\WINDOWS\system32\DRIVERS\serenum.sys
12:06:22.0140 5580 serenum - ok
12:06:22.0156 5580 Serial (72c1235c2cb499eca2d1d7e6140c2130) I:\WINDOWS\system32\DRIVERS\serial.sys
12:06:22.0156 5580 Serial - ok
12:06:22.0171 5580 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) I:\WINDOWS\system32\drivers\Sfloppy.sys
12:06:22.0171 5580 Sfloppy - ok
12:06:22.0187 5580 Simbad - ok
12:06:22.0218 5580 snapman (4f7ed0c2f594f1b8e9cafab21eb86126) I:\WINDOWS\system32\DRIVERS\snapman.sys
12:06:22.0218 5580 snapman - ok
12:06:22.0234 5580 Sparrow - ok
12:06:22.0265 5580 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) I:\WINDOWS\system32\drivers\splitter.sys
12:06:22.0265 5580 splitter - ok
12:06:22.0281 5580 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) I:\WINDOWS\system32\DRIVERS\sr.sys
12:06:22.0281 5580 sr - ok
12:06:22.0312 5580 Srv (47ddfc2f003f7f9f0592c6874962a2e7) I:\WINDOWS\system32\DRIVERS\srv.sys
12:06:22.0312 5580 Srv - ok
12:06:22.0375 5580 STHDA (376f5cb88c4a176c4e2d6ac9a6226b1e) I:\WINDOWS\system32\drivers\sthda.sys
12:06:22.0375 5580 STHDA - ok
12:06:22.0390 5580 swenum (3941d127aef12e93addf6fe6ee027e0f) I:\WINDOWS\system32\DRIVERS\swenum.sys
12:06:22.0390 5580 swenum - ok
12:06:22.0406 5580 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) I:\WINDOWS\system32\drivers\swmidi.sys
12:06:22.0421 5580 swmidi - ok
12:06:22.0421 5580 symc810 - ok
12:06:22.0437 5580 symc8xx - ok
12:06:22.0437 5580 sym_hi - ok
12:06:22.0453 5580 sym_u3 - ok
12:06:22.0468 5580 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) I:\WINDOWS\system32\drivers\sysaudio.sys
12:06:22.0468 5580 sysaudio - ok
12:06:22.0500 5580 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) I:\WINDOWS\system32\DRIVERS\tcpip.sys
12:06:22.0515 5580 Tcpip - ok
12:06:22.0531 5580 TDPIPE (6471a66807f5e104e4885f5b67349397) I:\WINDOWS\system32\drivers\TDPIPE.sys
12:06:22.0531 5580 TDPIPE - ok
12:06:22.0546 5580 tdrpman258 (8de3e45000ba8c9ebb16737d3f83e216) I:\WINDOWS\system32\DRIVERS\tdrpm258.sys
12:06:22.0546 5580 tdrpman258 - ok
12:06:22.0562 5580 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) I:\WINDOWS\system32\drivers\TDTCP.sys
12:06:22.0562 5580 TDTCP - ok
12:06:22.0578 5580 TermDD (88155247177638048422893737429d9e) I:\WINDOWS\system32\DRIVERS\termdd.sys
12:06:22.0578 5580 TermDD - ok
12:06:22.0609 5580 timounter (3e06987fedbcdfbff8e85ef8108565f9) I:\WINDOWS\system32\DRIVERS\timntr.sys
12:06:22.0609 5580 timounter - ok
12:06:22.0625 5580 TosIde - ok
12:06:22.0656 5580 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) I:\WINDOWS\system32\drivers\Udfs.sys
12:06:22.0656 5580 Udfs - ok
12:06:22.0671 5580 ultra - ok
12:06:22.0687 5580 Update (402ddc88356b1bac0ee3dd1580c76a31) I:\WINDOWS\system32\DRIVERS\update.sys
12:06:22.0687 5580 Update - ok
12:06:22.0703 5580 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) I:\WINDOWS\system32\DRIVERS\usbehci.sys
12:06:22.0703 5580 usbehci - ok
12:06:22.0718 5580 usbhub (1ab3cdde553b6e064d2e754efe20285c) I:\WINDOWS\system32\DRIVERS\usbhub.sys
12:06:22.0718 5580 usbhub - ok
12:06:22.0718 5580 usbohci (0daecce65366ea32b162f85f07c6753b) I:\WINDOWS\system32\DRIVERS\usbohci.sys
12:06:22.0718 5580 usbohci - ok
12:06:22.0750 5580 usbprint (a717c8721046828520c9edf31288fc00) I:\WINDOWS\system32\DRIVERS\usbprint.sys
12:06:22.0750 5580 usbprint - ok
12:06:22.0765 5580 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) I:\WINDOWS\system32\DRIVERS\usbscan.sys
12:06:22.0765 5580 usbscan - ok
12:06:22.0796 5580 usbstor (a32426d9b14a089eaa1d922e0c5801a9) I:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:06:22.0796 5580 usbstor - ok
12:06:22.0796 5580 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) I:\WINDOWS\System32\drivers\vga.sys
12:06:22.0796 5580 VgaSave - ok
12:06:22.0812 5580 ViaIde - ok
12:06:22.0812 5580 VolSnap (4c8fcb5cc53aab716d810740fe59d025) I:\WINDOWS\system32\drivers\VolSnap.sys
12:06:22.0812 5580 VolSnap - ok
12:06:22.0843 5580 Wanarp (e20b95baedb550f32dd489265c1da1f6) I:\WINDOWS\system32\DRIVERS\wanarp.sys
12:06:22.0843 5580 Wanarp - ok
12:06:22.0859 5580 WDICA - ok
12:06:22.0875 5580 wdmaud (6768acf64b18196494413695f0c3a00f) I:\WINDOWS\system32\drivers\wdmaud.sys
12:06:22.0875 5580 wdmaud - ok
12:06:22.0937 5580 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) I:\WINDOWS\System32\drivers\ws2ifsl.sys
12:06:22.0953 5580 WS2IFSL - ok
12:06:22.0984 5580 WudfPf (f15feafffbb3644ccc80c5da584e6311) I:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:06:22.0984 5580 WudfPf - ok
12:06:23.0000 5580 WudfRd (28b524262bce6de1f7ef9f510ba3985b) I:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:06:23.0000 5580 WudfRd - ok
12:06:23.0015 5580 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
12:06:23.0109 5580 \Device\Harddisk0\DR0 - ok
12:06:23.0109 5580 Boot (0x1200) (86a6456f5acb7fdb1a7476d87c4fc5f2) \Device\Harddisk0\DR0\Partition0
12:06:23.0109 5580 \Device\Harddisk0\DR0\Partition0 - ok
12:06:23.0109 5580 ============================================================
12:06:23.0109 5580 Scan finished
12:06:23.0109 5580 ============================================================
12:06:23.0125 5572 Detected object count: 0
12:06:23.0125 5572 Actual detected object count: 0


*****OTL**********
OTL logfile created on: 10/6/2011 12:24:44 PM - Run 2
OTL by OldTimer - Version 3.2.29.1 Folder = I:\Documents and Settings\TK\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.39 Gb Available Physical Memory | 73.58% Memory free
5.09 Gb Paging File | 4.13 Gb Available in Paging File | 81.18% Paging File free
Paging file location(s): I:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = I: | %SystemRoot% = I:\WINDOWS | %ProgramFiles% = I:\Program Files
Unable to calculate disk information.
Drive I: | 698.63 Gb Total Space | 634.64 Gb Free Space | 90.84% Space Free | Partition Type: NTFS

Computer Name: KETCH | User Name: TK | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/05 11:12:10 | 000,582,656 | ---- | M] (OldTimer Tools) -- I:\Documents and Settings\TK\Desktop\OTL.exe
PRC - [2011/03/03 20:52:00 | 003,410,576 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) -- I:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
PRC - [2011/03/03 20:52:00 | 000,948,880 | R--- | M] (Carbonite, Inc.) -- I:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
PRC - [2010/12/01 08:52:02 | 002,480,048 | ---- | M] (Acronis) -- I:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2010/03/27 17:07:26 | 000,362,232 | ---- | M] (Acronis) -- I:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2010/03/27 17:07:20 | 000,751,464 | ---- | M] (Acronis) -- I:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2010/03/27 17:06:16 | 005,107,232 | ---- | M] (Acronis) -- I:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2010/03/04 11:52:22 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- I:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2010/02/02 01:10:14 | 007,418,368 | ---- | M] (OpenOffice.org) -- I:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/02/02 01:10:10 | 007,424,000 | ---- | M] (OpenOffice.org) -- I:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2010/01/22 10:58:18 | 000,210,944 | ---- | M] (Visioneer Inc.) -- I:\Program Files\Visioneer\OneTouch 4.0\OtService.exe
PRC - [2010/01/11 16:21:52 | 000,490,216 | ---- | M] (Sun Microsystems, Inc.) -- I:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- I:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2008/11/27 19:28:34 | 000,446,571 | ---- | M] (IDT, Inc.) -- I:\Program Files\IDT\WDM\sttray.exe
PRC - [2008/11/27 19:28:34 | 000,237,665 | ---- | M] (IDT, Inc.) -- i:\Program Files\IDT\5902XP_6033V_012208\WDM\stacsv.exe
PRC - [2008/04/14 06:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\explorer.exe
PRC - [2007/04/16 09:18:04 | 000,099,840 | ---- | M] (a la mode, inc.) -- I:\Program Files\a la mode\Sched\eSched.exe
PRC - [2006/10/23 00:24:02 | 000,620,152 | ---- | M] (Adobe Systems Inc.) -- I:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/11 10:47:48 | 000,212,992 | ---- | M] () -- I:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\70a1400affdc775d7c7398e036359286\System.ServiceProcess.ni.dll
MOD - [2011/08/11 10:47:42 | 011,800,576 | ---- | M] () -- I:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\40893760431f8f0dcce3e18630e45b23\System.Web.ni.dll
MOD - [2011/08/11 10:47:35 | 000,771,584 | ---- | M] () -- I:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b7e0214a811f81e09041864081139641\System.Runtime.Remoting.ni.dll
MOD - [2011/08/11 10:47:28 | 000,971,264 | ---- | M] () -- I:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\77df2cd21a5b85a1605b335aa9ad9d44\System.Configuration.ni.dll
MOD - [2011/08/11 08:07:31 | 005,450,752 | ---- | M] () -- I:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\10154dcad2d62f226af2fd4211460a4b\System.Xml.ni.dll
MOD - [2011/08/11 08:07:27 | 012,430,848 | ---- | M] () -- I:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d00cc387e462e4c3cdcd112b137cac87\System.Windows.Forms.ni.dll
MOD - [2011/08/11 08:07:15 | 001,587,200 | ---- | M] () -- I:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7ed09623172a292eaee51e2e3bcaf784\System.Drawing.ni.dll
MOD - [2011/08/11 08:05:56 | 007,950,848 | ---- | M] () -- I:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e6c79e1d71b0c9000afd7e5e439b5c54\System.ni.dll
MOD - [2011/08/11 01:57:14 | 002,933,248 | ---- | M] () -- I:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2011/08/11 01:57:14 | 000,114,688 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
MOD - [2011/08/11 01:57:13 | 002,048,000 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2011/08/11 01:57:12 | 000,626,688 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2011/08/11 01:57:09 | 003,182,592 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2011/08/11 01:57:03 | 000,258,048 | ---- | M] () -- I:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
MOD - [2011/08/11 01:57:01 | 000,303,104 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2011/08/11 01:57:00 | 000,261,632 | ---- | M] () -- I:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2011/08/11 01:56:59 | 000,425,984 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2011/08/11 01:56:57 | 005,025,792 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2011/08/11 01:53:01 | 000,025,600 | ---- | M] () -- I:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\d9228d58804dfd75fd92a4d12ffac8af\Accessibility.ni.dll
MOD - [2011/08/11 01:50:04 | 011,490,816 | ---- | M] () -- I:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2010/10/09 00:31:48 | 003,391,488 | ---- | M] () -- i:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_4940645d\mscorlib.dll
MOD - [2010/10/09 00:31:46 | 000,835,584 | ---- | M] () -- i:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_392d914d\system.drawing.dll
MOD - [2010/10/09 00:31:42 | 002,088,960 | ---- | M] () -- i:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_15798048\system.xml.dll
MOD - [2010/10/09 00:31:40 | 003,018,752 | ---- | M] () -- i:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_e893f614\system.windows.forms.dll
MOD - [2010/10/09 00:31:31 | 001,966,080 | ---- | M] () -- i:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_1f8a02dc\system.dll
MOD - [2010/10/09 00:31:25 | 001,232,896 | ---- | M] () -- i:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2010/04/05 13:28:33 | 000,854,016 | ---- | M] () -- I:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
MOD - [2010/04/05 13:28:32 | 000,403,456 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
MOD - [2010/04/05 13:28:32 | 000,270,336 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\log4net\1.2.10.0__1b44e1d426115821\log4net.dll
MOD - [2010/04/05 13:28:31 | 000,471,040 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
MOD - [2010/04/05 13:28:29 | 000,046,880 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
MOD - [2010/04/05 13:28:28 | 000,419,616 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
MOD - [2010/04/05 13:28:28 | 000,270,112 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\2.0.445.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll
MOD - [2010/04/05 13:28:28 | 000,120,096 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
MOD - [2010/04/05 13:28:28 | 000,070,432 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
MOD - [2010/04/05 13:28:28 | 000,023,840 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll
MOD - [2010/04/05 13:28:28 | 000,018,720 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
MOD - [2010/04/05 13:28:28 | 000,012,064 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll
MOD - [2010/04/05 13:28:27 | 000,121,632 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
MOD - [2010/03/27 17:30:50 | 000,279,904 | ---- | M] () -- I:\Program Files\Acronis\TrueImageHome\Common\resource.dll
MOD - [2010/03/27 16:14:56 | 000,028,512 | ---- | M] () -- I:\Program Files\Acronis\TrueImageHome\Common\rpc_client.dll
MOD - [2010/03/27 16:13:36 | 000,019,808 | ---- | M] () -- I:\Program Files\Acronis\TrueImageHome\Common\thread_pool.dll
MOD - [2010/03/12 11:49:55 | 001,339,392 | ---- | M] () -- i:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2010/03/12 11:49:54 | 000,466,944 | ---- | M] () -- i:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2010/03/12 11:49:54 | 000,323,584 | ---- | M] () -- i:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll
MOD - [2010/03/12 11:49:53 | 002,052,096 | ---- | M] () -- i:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2010/03/12 11:49:52 | 000,299,008 | ---- | M] () -- i:\windows\assembly\gac\microsoft.visualbasic\7.0.5000.0__b03f5f7f11d50a3a\microsoft.visualbasic.dll
MOD - [2010/03/04 11:28:59 | 000,970,752 | ---- | M] () -- I:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2010/03/03 21:56:36 | 000,307,200 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HydraVision.Wizard\2.0.3300.40238__90ba9c70f846762e\CLI.Aspect.HydraVision.Wizard.dll
MOD - [2010/03/03 21:56:36 | 000,011,776 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Runtime\2.0.3300.40230__90ba9c70f846762e\CLI.Caste.HydraVision.Runtime.dll
MOD - [2010/03/03 21:56:36 | 000,008,704 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Shared\2.0.3300.40229__90ba9c70f846762e\CLI.Caste.HydraVision.Shared.dll
MOD - [2010/03/03 21:56:36 | 000,007,680 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Wizard\2.0.3300.40235__90ba9c70f846762e\CLI.Caste.HydraVision.Wizard.dll
MOD - [2010/03/03 21:56:35 | 001,691,648 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3300.40123__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2010/03/03 21:56:35 | 000,692,224 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.3300.40178__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.dll
MOD - [2010/03/03 21:56:35 | 000,466,944 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3300.40212__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2010/03/03 21:56:35 | 000,376,832 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3300.40172__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2010/03/03 21:56:35 | 000,364,544 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.3300.40193__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll
MOD - [2010/03/03 21:56:35 | 000,286,720 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3300.40106__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2010/03/03 21:56:35 | 000,204,800 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3300.40125__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2010/03/03 21:56:35 | 000,139,264 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3300.40213__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2010/03/03 21:56:35 | 000,106,496 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.3300.40124__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll
MOD - [2010/03/03 21:56:35 | 000,094,208 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3300.40173__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2010/03/03 21:56:35 | 000,077,824 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3300.40188__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2010/03/03 21:56:35 | 000,073,728 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3300.40113__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2010/03/03 21:56:35 | 000,069,632 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3300.40166__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2010/03/03 21:56:35 | 000,061,440 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3300.40171__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2010/03/03 21:56:35 | 000,040,960 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3300.40120__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2010/03/03 21:56:35 | 000,036,864 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3300.40150__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2010/03/03 21:56:35 | 000,028,672 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.3300.40123__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll
MOD - [2010/03/03 21:56:35 | 000,020,480 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3300.40114__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2010/03/03 21:56:35 | 000,007,680 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Dashboard\2.0.3300.40230__90ba9c70f846762e\CLI.Caste.HydraVision.Dashboard.dll
MOD - [2010/03/03 21:56:34 | 000,811,008 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3300.40153__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2010/03/03 21:56:34 | 000,798,720 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.3300.40189__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll
MOD - [2010/03/03 21:56:34 | 000,712,704 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3300.40115__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2010/03/03 21:56:34 | 000,671,744 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.3300.40228__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll
MOD - [2010/03/03 21:56:34 | 000,589,824 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3300.40126__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2010/03/03 21:56:34 | 000,405,504 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3300.40182__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2010/03/03 21:56:34 | 000,225,280 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3300.40125__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2010/03/03 21:56:34 | 000,126,976 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3300.40163__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2010/03/03 21:56:34 | 000,081,920 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3300.40152__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2010/03/03 21:56:34 | 000,077,824 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3300.40228__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll
MOD - [2010/03/03 21:56:34 | 000,040,960 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3300.40129__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2010/03/03 21:56:34 | 000,036,864 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3300.40162__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2010/03/03 21:56:33 | 000,675,840 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.3300.40167__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.dll
MOD - [2010/03/03 21:56:33 | 000,450,560 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3300.40146__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2010/03/03 21:56:33 | 000,438,272 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3300.40151__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2010/03/03 21:56:33 | 000,061,440 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3300.40150__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2010/03/03 21:56:33 | 000,040,960 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3300.40151__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2010/03/03 21:56:33 | 000,032,768 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3246.34138__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2010/03/03 21:56:33 | 000,032,768 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3300.40164__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2010/03/03 21:56:33 | 000,028,672 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3246.34145__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2010/03/03 21:56:33 | 000,020,480 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3246.34297__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2010/03/03 21:56:33 | 000,020,480 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll
MOD - [2010/03/03 21:56:33 | 000,020,480 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3246.34233__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2010/03/03 21:56:33 | 000,020,480 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3246.34194__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2010/03/03 21:56:33 | 000,016,384 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3246.34264__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2010/03/03 21:56:33 | 000,016,384 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.3246.34295__90ba9c70f846762e\DEM.OS.dll
MOD - [2010/03/03 21:56:33 | 000,016,384 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2010/03/03 21:56:33 | 000,016,384 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3246.34290__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2010/03/03 21:56:33 | 000,016,384 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3246.34445__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2010/03/03 21:56:33 | 000,016,384 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3246.34278__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2010/03/03 21:56:33 | 000,016,384 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3246.34443__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2010/03/03 21:56:33 | 000,006,656 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2010/03/03 21:56:32 | 000,073,728 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3246.34155__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2010/03/03 21:56:32 | 000,065,536 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3246.34350__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2010/03/03 21:56:32 | 000,061,440 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3246.34242__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2010/03/03 21:56:32 | 000,061,440 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3246.34459__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll
MOD - [2010/03/03 21:56:32 | 000,053,248 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3246.34337__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2010/03/03 21:56:32 | 000,053,248 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3246.34335__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2010/03/03 21:56:32 | 000,049,152 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3246.34346__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2010/03/03 21:56:32 | 000,049,152 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3246.34333__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2010/03/03 21:56:32 | 000,045,056 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2010/03/03 21:56:32 | 000,040,960 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3246.34407__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2010/03/03 21:56:32 | 000,040,960 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3246.34345__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2010/03/03 21:56:32 | 000,032,768 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3246.34279__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2010/03/03 21:56:32 | 000,028,672 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3246.34574__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2010/03/03 21:56:32 | 000,028,672 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3246.34319__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2010/03/03 21:56:32 | 000,028,672 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3246.34305__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2010/03/03 21:56:32 | 000,028,672 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3246.34282__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2010/03/03 21:56:32 | 000,024,576 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3246.34340__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2010/03/03 21:56:32 | 000,020,480 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3246.34251__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2010/03/03 21:56:32 | 000,020,480 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3246.34236__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2010/03/03 21:56:32 | 000,020,480 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3246.34198__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2010/03/03 21:56:32 | 000,020,480 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.3246.34318__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll
MOD - [2010/03/03 21:56:32 | 000,020,480 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3246.34307__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2010/03/03 21:56:32 | 000,020,480 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.3246.34274__90ba9c70f846762e\APM.Foundation.dll
MOD - [2010/03/03 21:56:32 | 000,016,384 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.3246.34300__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2010/03/03 21:56:32 | 000,016,384 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2010/03/03 21:56:32 | 000,016,384 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3246.34229__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2010/03/03 21:56:32 | 000,016,384 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3246.34316__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2010/03/03 21:56:32 | 000,016,384 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3246.34304__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2010/03/03 21:56:31 | 000,540,672 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3300.40197__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2010/03/03 21:56:31 | 000,405,504 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3300.40119__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2010/03/03 21:56:31 | 000,106,496 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3300.40205__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2010/03/03 21:56:31 | 000,077,824 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3300.40103__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2010/03/03 21:56:31 | 000,061,440 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3300.40203__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2010/03/03 21:56:31 | 000,057,344 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3300.40105__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2010/03/03 21:56:31 | 000,045,056 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3246.34261__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2010/03/03 21:56:31 | 000,045,056 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3300.40222__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2010/03/03 21:56:31 | 000,040,960 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3246.34183__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2010/03/03 21:56:31 | 000,032,768 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3246.34205__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2010/03/03 21:56:31 | 000,024,576 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3246.34258__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2010/03/03 21:56:31 | 000,024,576 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2010/03/03 21:56:31 | 000,020,480 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3246.34292__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2010/03/03 21:56:31 | 000,020,480 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3246.34289__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2010/03/03 21:56:31 | 000,016,384 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.3246.34174__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll
MOD - [2010/03/03 21:56:31 | 000,016,384 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3246.34235__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2010/03/03 21:56:31 | 000,014,848 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
MOD - [2010/03/03 21:56:31 | 000,013,312 | ---- | M] () -- I:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll
MOD - [2010/03/03 21:56:31 | 000,011,264 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3300.40231__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll
MOD - [2010/03/03 21:56:31 | 000,007,168 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3300.40101__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2010/03/03 21:56:30 | 001,077,248 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3300.40110__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2010/03/03 21:56:30 | 000,081,920 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.3300.40104__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2010/03/03 21:56:30 | 000,061,440 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3300.40103__90ba9c70f846762e\APM.Server.dll
MOD - [2010/03/03 21:56:30 | 000,045,056 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3300.40102__90ba9c70f846762e\AEM.Server.dll
MOD - [2010/03/03 21:56:30 | 000,040,960 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3246.34227__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2010/03/03 21:56:30 | 000,032,768 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2010/03/03 21:56:30 | 000,028,672 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3300.40205__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2010/03/03 21:56:30 | 000,020,480 | ---- | M] () -- I:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3246.34356__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2009/08/17 22:54:46 | 000,136,520 | ---- | M] () -- I:\Program Files\Microsoft Office\Office12\OUTLCTL.DLL
MOD - [2009/02/25 10:44:06 | 007,331,840 | ---- | M] () -- I:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2009/02/25 10:44:06 | 002,023,424 | ---- | M] () -- I:\Program Files\Common Files\LightScribe\QtCore4.dll
MOD - [2009/02/25 10:43:54 | 000,135,168 | ---- | M] () -- I:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2009/02/14 06:04:38 | 000,756,040 | ---- | M] () -- I:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
MOD - [2008/10/30 15:39:12 | 000,016,384 | R--- | M] () -- I:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2008/10/26 06:42:14 | 000,065,376 | ---- | M] () -- I:\Program Files\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
MOD - [2006/11/17 19:18:50 | 000,122,880 | ---- | M] () -- I:\WINDOWS\system32\ala32.dll
MOD - [2006/10/27 16:35:18 | 000,436,512 | ---- | M] () -- I:\Program Files\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (wuauserv)
SRV - File not found [Auto | Stopped] -- -- (MsMpSvc)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/03/03 20:52:00 | 003,410,576 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- I:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe -- (CarboniteService)
SRV - [2010/12/01 08:52:02 | 002,480,048 | ---- | M] (Acronis) [Auto | Running] -- I:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2010/03/27 17:07:20 | 000,751,464 | ---- | M] (Acronis) [Auto | Running] -- I:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2010/03/04 11:52:22 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- I:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/01/22 10:58:18 | 000,210,944 | ---- | M] (Visioneer Inc.) [Auto | Running] -- I:\Program Files\Visioneer\OneTouch 4.0\OtService.exe -- (OneTouch 4.0 Monitor)
SRV - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- I:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/11/27 19:28:34 | 000,237,665 | ---- | M] (IDT, Inc.) [Auto | Running] -- i:\Program Files\IDT\5902XP_6033V_012208\WDM\stacsv.exe -- (STacSV)


========== Driver Services (SafeList) ==========

DRV - [2010/12/01 08:52:05 | 000,160,704 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- I:\WINDOWS\system32\drivers\afcdp.sys -- (afcdp)
DRV - [2010/12/01 08:52:00 | 000,911,680 | ---- | M] (Acronis) [Kernel | Boot | Running] -- I:\WINDOWS\system32\DRIVERS\tdrpm258.sys -- (tdrpman258) Acronis Try&Decide and Restore Points filter (build 258)
DRV - [2010/12/01 08:51:58 | 000,581,984 | ---- | M] (Acronis) [Kernel | Boot | Running] -- I:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2010/12/01 08:51:51 | 000,166,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- I:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2010/07/06 04:13:10 | 000,234,392 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/07/01 12:26:08 | 000,016,640 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- I:\WINDOWS\system32\drivers\plturbo.sys -- (PLTurbo)
DRV - [2009/07/01 12:26:04 | 000,016,384 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- I:\WINDOWS\system32\drivers\plturbh.sys -- (PLTurbh)
DRV - [2009/03/30 03:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- I:\WINDOWS\system32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2009/01/14 01:14:00 | 003,455,488 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/11/27 19:28:34 | 001,392,498 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2008/10/31 12:52:16 | 000,093,184 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2008/04/14 06:00:00 | 000,064,512 | ---- | M] () [Kernel | System | Running] -- I:\WINDOWS\system32\drivers\serial.sys -- (Serial)
DRV - [2007/10/11 19:40:12 | 000,009,096 | R--- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- I:\WINDOWS\system32\DRIVERS\amdide.sys -- (amdide)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-329068152-412668190-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-329068152-412668190-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: I:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: I:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: i:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: I:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: I:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: I:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: i:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: I:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: I:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\msntoolbar@msn.com: I:\Program Files\MSN Toolbar\Platform\5.0.1423.0\Firefox [2010/04/12 09:11:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{27182e60-b5f3-411c-b545-b44205977502}: I:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/06/14 03:08:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: I:\Program Files\Mozilla Firefox\components [2010/03/21 16:28:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: I:\Program Files\Mozilla Firefox\plugins [2010/03/21 16:28:33 | 000,000,000 | ---D | M]

[2010/03/08 14:43:50 | 000,000,000 | ---D | M] (No name found) -- I:\Documents and Settings\TK\Application Data\Mozilla\Extensions
[2010/04/14 07:43:59 | 000,000,000 | ---D | M] (No name found) -- I:\Documents and Settings\TK\Application Data\Mozilla\Firefox\Profiles\dtr2auh1.default\extensions
[2010/03/11 22:16:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- I:\Documents and Settings\TK\Application Data\Mozilla\Firefox\Profiles\dtr2auh1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/14 07:43:59 | 000,000,000 | ---D | M] (Microsoft Default Manager) -- I:\Documents and Settings\TK\Application Data\Mozilla\Firefox\Profiles\dtr2auh1.default\extensions\DefaultManager@Microsoft
[2010/03/08 14:43:27 | 000,000,000 | ---D | M] (No name found) -- I:\Program Files\Mozilla Firefox\extensions
[2010/03/04 11:28:20 | 000,000,000 | ---D | M] (Java Quick Starter) -- I:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

========== Chrome ==========

CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}

O1 HOSTS File: ([2011/10/05 08:33:31 | 000,000,027 | ---- | M]) - I:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - I:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - I:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - I:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-329068152-412668190-682003330-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - I:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] I:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] I:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [Carbonite Backup] I:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [StartCCC] I:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SysTrayApp] I:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [The Assistant] I:\Program Files\a la mode\Sched\eSched.exe (a la mode, inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] I:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - Startup: I:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = I:\WINDOWS\Installer\{AC76BA86-1033-0000-BA7E-000000000003}\_SC_Acrobat.exe ()
O4 - Startup: I:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk = I:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe ()
O4 - Startup: I:\Documents and Settings\TK\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = I:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-329068152-412668190-682003330-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-329068152-412668190-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-329068152-412668190-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-329068152-412668190-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append to existing PDF - I:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - I:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - I:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - I:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - I:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - I:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - I:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - I:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - I:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKU\S-1-5-21-329068152-412668190-682003330-1003\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-329068152-412668190-682003330-1003\..Trusted Domains: localhost ([]* in Local intranet)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.sitecheck.com/upload/ImageUploader5.cab (Image Uploader Control)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {A7DB6550-3269-11D4-8C30-0001023CA9DC} https://vault.alamode.com/cab/vfd.cab (Vault Files Downloader)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CD27EEF6-55B8-4F24-99C5-E1191D814445} file:///I:/a%20la%20mode/WinTOTAL/Content/cabs/alaWeb5.CAB (alaWeb5.cUtil)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.85.102 68.87.69.150
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{292C0DC0-0F05-4161-8E7C-537F0F07C632}: DhcpNameServer = 68.87.85.102 68.87.69.150
O20 - HKLM Winlogon: Shell - (Explorer.exe) -I:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (I:\WINDOWS\system32\userinit.exe) -I:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - I:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: I:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: I:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - I:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/06 12:04:10 | 001,548,592 | ---- | C] (Kaspersky Lab ZAO) -- I:\Documents and Settings\TK\Desktop\tdsskiller.exe
[2011/10/05 13:46:08 | 000,000,000 | ---D | C] -- I:\_OTL
[2011/10/05 11:12:07 | 000,582,656 | ---- | C] (OldTimer Tools) -- I:\Documents and Settings\TK\Desktop\OTL.exe
[2011/10/05 09:34:00 | 000,000,000 | -HSD | C] -- I:\RECYCLER
[2011/10/05 08:23:58 | 000,000,000 | RHSD | C] -- I:\cmdcons
[2011/09/28 20:32:11 | 000,000,000 | ---D | C] -- I:\Documents and Settings\TK\Desktop\gmer
[2011/09/28 20:24:14 | 000,607,260 | ---- | C] (Swearware) -- I:\Documents and Settings\TK\Desktop\dds.scr
[2011/09/26 23:49:53 | 000,000,000 | ---D | C] -- I:\Documents and Settings\TK\Application Data\f-secure
[2011/09/26 23:49:34 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Application Data\F-Secure
[2011/09/26 20:53:54 | 000,518,144 | ---- | C] (SteelWerX) -- I:\WINDOWS\SWREG.exe
[2011/09/26 20:53:54 | 000,406,528 | ---- | C] (SteelWerX) -- I:\WINDOWS\SWSC.exe
[2011/09/26 20:53:54 | 000,212,480 | ---- | C] (SteelWerX) -- I:\WINDOWS\SWXCACLS.exe
[2011/09/26 20:53:54 | 000,060,416 | ---- | C] (NirSoft) -- I:\WINDOWS\NIRCMD.exe
[2011/09/26 20:53:47 | 000,000,000 | ---D | C] -- I:\WINDOWS\ERDNT
[2011/09/26 20:39:59 | 000,000,000 | ---D | C] -- I:\Qoobox
[2011/09/26 20:31:35 | 004,243,642 | R--- | C] (Swearware) -- I:\Documents and Settings\TK\Desktop\ComboFix.exe
[2011/09/26 08:51:19 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/09/26 08:51:16 | 000,000,000 | ---D | C] -- I:\Program Files\Spybot - Search & Destroy
[2011/09/26 08:51:16 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/09/26 07:57:12 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Application Data\TEMP
[2011/09/26 07:55:49 | 034,061,558 | ---- | C] (PC Tools ) -- I:\7.0.0.538f-sdasetup-regnow201-AVP.exe
[2011/09/22 15:31:17 | 000,000,000 | ---D | C] -- I:\Documents and Settings\TK\Application Data\AVG2012
[2011/09/22 15:29:42 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Start Menu\Programs\AVG 2012
[2011/09/22 15:29:14 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Application Data\AVG2012
[2011/09/22 15:29:14 | 000,000,000 | ---D | C] -- I:\WINDOWS\System32\drivers\AVG
[2011/09/22 15:28:56 | 000,000,000 | ---D | C] -- I:\Program Files\AVG
[2011/09/22 13:36:11 | 000,000,000 | -H-D | C] -- I:\Documents and Settings\All Users\Application Data\Common Files
[2011/09/22 13:32:08 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Application Data\MFAData
[2011/09/21 16:19:08 | 000,000,000 | ---D | C] -- I:\Documents and Settings\NetworkService\Application Data\FileOpen
[2011/09/21 16:19:01 | 000,000,000 | ---D | C] -- I:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/09/21 14:38:16 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/21 14:38:12 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- I:\WINDOWS\System32\drivers\mbam.sys
[2011/09/21 14:38:12 | 000,000,000 | ---D | C] -- I:\Malwarebytes' Anti-Malware
[2011/09/20 23:23:10 | 009,851,496 | ---- | C] (Malwarebytes Corporation ) -- I:\Documents and Settings\TK\Desktop\MB--setup.exe
[2011/09/20 22:47:00 | 000,205,072 | ---- | C] (Trend Micro Inc.) -- I:\WINDOWS\System32\drivers\tmcomm.sys
[2011/09/20 22:46:19 | 000,000,000 | ---D | C] -- I:\Documents and Settings\TK\Desktop\RootkitBuster_5.00.1041
[2011/09/20 22:41:45 | 000,000,000 | ---D | C] -- I:\Documents and Settings\NetworkService\Application Data\Sun
[2011/09/20 12:03:26 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- I:\WINDOWS\System32\drivers\pavboot.sys
[2011/09/20 12:03:17 | 000,000,000 | ---D | C] -- I:\Program Files\Panda Security
[2011/09/20 08:59:31 | 000,000,000 | ---D | C] -- I:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/09/20 08:58:28 | 000,000,000 | ---D | C] -- I:\Documents and Settings\NetworkService\Application Data\Adobe
[2009/02/02 14:12:40 | 000,122,880 | ---- | C] ( ) -- I:\WINDOWS\System32\alauploader.exe
[2004/07/28 11:46:06 | 000,098,304 | ---- | C] ( ) -- I:\WINDOWS\System32\AutoLicense.dll
[2002/07/16 18:12:58 | 000,045,056 | ---- | C] ( ) -- I:\WINDOWS\System32\AutoPAX.dll
[3 I:\WINDOWS\*.tmp files -> I:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/06 12:04:18 | 001,548,592 | ---- | M] (Kaspersky Lab ZAO) -- I:\Documents and Settings\TK\Desktop\tdsskiller.exe
[2011/10/06 12:02:58 | 000,002,521 | ---- | M] () -- I:\Documents and Settings\TK\Desktop\Microsoft Office Outlook 2007.lnk
[2011/10/06 12:02:09 | 000,052,503 | ---- | M] () -- I:\WINDOWS\alaredun.ini
[2011/10/06 12:02:08 | 000,000,416 | -H-- | M] () -- I:\WINDOWS\tasks\User_Feed_Synchronization-{B44547AC-B04C-42EE-AB19-1318D412F1D1}.job
[2011/10/06 12:01:24 | 000,003,253 | ---- | M] () -- I:\WINDOWS\alamode.ini
[2011/10/06 12:01:04 | 000,002,337 | ---- | M] () -- I:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2011/10/06 12:00:58 | 000,054,156 | -H-- | M] () -- I:\WINDOWS\QTFont.qfn
[2011/10/06 12:00:51 | 000,013,746 | ---- | M] () -- I:\WINDOWS\System32\wpa.dbl
[2011/10/06 12:00:50 | 000,000,874 | ---- | M] () -- I:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/06 11:56:00 | 000,000,878 | ---- | M] () -- I:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/06 09:01:02 | 000,002,048 | --S- | M] () -- I:\WINDOWS\bootstat.dat
[2011/10/05 17:19:44 | 000,001,409 | ---- | M] () -- I:\WINDOWS\QTFont.for
[2011/10/05 11:12:10 | 000,582,656 | ---- | M] (OldTimer Tools) -- I:\Documents and Settings\TK\Desktop\OTL.exe
[2011/10/05 08:33:31 | 000,000,027 | ---- | M] () -- I:\WINDOWS\System32\drivers\etc\hosts
[2011/10/05 08:24:03 | 000,000,327 | RHS- | M] () -- I:\boot.ini
[2011/10/05 06:09:19 | 000,000,327 | ---- | M] () -- I:\Boot.bak
[2011/10/05 06:06:17 | 004,243,642 | R--- | M] (Swearware) -- I:\Documents and Settings\TK\Desktop\ComboFix.exe
[2011/09/28 20:29:52 | 000,294,216 | ---- | M] () -- I:\Documents and Settings\TK\Desktop\gmer.zip
[2011/09/28 20:24:14 | 000,607,260 | ---- | M] (Swearware) -- I:\Documents and Settings\TK\Desktop\dds.scr
[2011/09/28 19:50:34 | 000,050,477 | ---- | M] () -- I:\Documents and Settings\TK\Desktop\Defogger.exe
[2011/09/26 08:54:39 | 000,437,753 | R--- | M] () -- I:\WINDOWS\System32\drivers\etc\hosts.20110926-085837.backup
[2011/09/26 07:56:53 | 034,061,558 | ---- | M] (PC Tools ) -- I:\7.0.0.538f-sdasetup-regnow201-AVP.exe
[2011/09/22 15:29:42 | 000,000,735 | ---- | M] () -- I:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2011/09/22 15:29:28 | 000,413,380 | ---- | M] () -- I:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/09/22 13:46:24 | 000,001,945 | ---- | M] () -- I:\WINDOWS\epplauncher.mif
[2011/09/21 14:46:20 | 000,000,669 | ---- | M] () -- I:\Documents and Settings\TK\Desktop\Shortcut to TK_BAm.exe.lnk
[2011/09/20 23:26:48 | 001,008,092 | ---- | M] () -- I:\Documents and Settings\TK\Desktop\arekle.exe
[2011/09/20 23:26:48 | 001,008,092 | ---- | M] () -- I:\arekle.exe
[2011/09/20 23:23:10 | 009,851,496 | ---- | M] (Malwarebytes Corporation ) -- I:\Documents and Settings\TK\Desktop\MB--setup.exe
[2011/09/20 22:46:59 | 000,205,072 | ---- | M] (Trend Micro Inc.) -- I:\WINDOWS\System32\drivers\tmcomm.sys
[2011/09/20 22:45:01 | 004,104,900 | ---- | M] () -- I:\Documents and Settings\TK\Desktop\RootkitBuster_5.00.1041.zip
[2011/09/17 10:03:43 | 002,121,146 | ---- | M] () -- I:\Documents and Settings\TK\My Documents\ZN_Ticks.csv
[2011/09/17 09:56:32 | 000,105,491 | ---- | M] () -- I:\Documents and Settings\TK\My Documents\ZN60.csv
[2011/09/17 09:56:10 | 000,225,242 | ---- | M] () -- I:\Documents and Settings\TK\My Documents\ZN10.csv
[2011/09/17 09:55:46 | 000,182,487 | ---- | M] () -- I:\Documents and Settings\TK\My Documents\ZN01.csv
[2011/09/17 09:45:46 | 000,001,354 | ---- | M] () -- I:\Documents and Settings\TK\Desktop\acad.err
[2011/09/17 09:45:40 | 000,009,236 | ---- | M] () -- I:\Documents and Settings\TK\Desktop\acadstk.dmp
[2011/09/17 09:42:12 | 000,025,600 | ---- | M] () -- I:\Documents and Settings\TK\Desktop\mtalctrl.exe
[2011/09/15 17:31:26 | 000,681,805 | ---- | M] () -- I:\Documents and Settings\TK\Desktop\test1.dwg
[2011/09/15 01:33:30 | 000,001,374 | ---- | M] () -- I:\WINDOWS\imsins.BAK
[2011/09/14 10:41:42 | 000,035,000 | ---- | M] () -- I:\Documents and Settings\TK\My Documents\BillPresentment.pdf
[2011/09/14 00:20:19 | 000,000,882 | RH-- | M] () -- I:\WINDOWS\System32\drivers\etc\hosts.20110926-085439.backup
[2011/09/09 03:12:13 | 000,599,040 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\crypt32.dll
[3 I:\WINDOWS\*.tmp files -> I:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/29 05:08:43 | 000,052,503 | ---- | C] () -- I:\WINDOWS\alaredun.ini
[2011/09/28 20:29:49 | 000,294,216 | ---- | C] () -- I:\Documents and Settings\TK\Desktop\gmer.zip
[2011/09/28 19:54:58 | 000,050,477 | ---- | C] () -- I:\Documents and Settings\TK\Desktop\Defogger.exe
[2011/09/26 22:28:29 | 000,001,409 | ---- | C] () -- I:\WINDOWS\QTFont.for
[2011/09/26 22:28:28 | 000,054,156 | -H-- | C] () -- I:\WINDOWS\QTFont.qfn
[2011/09/26 20:57:33 | 000,000,327 | ---- | C] () -- I:\Boot.bak
[2011/09/26 20:57:31 | 000,260,272 | RHS- | C] () -- I:\cmldr
[2011/09/26 20:53:54 | 000,256,000 | ---- | C] () -- I:\WINDOWS\PEV.exe
[2011/09/26 20:53:54 | 000,208,896 | ---- | C] () -- I:\WINDOWS\MBR.exe
[2011/09/26 20:53:54 | 000,098,816 | ---- | C] () -- I:\WINDOWS\sed.exe
[2011/09/26 20:53:54 | 000,080,412 | ---- | C] () -- I:\WINDOWS\grep.exe
[2011/09/26 20:53:54 | 000,068,096 | ---- | C] () -- I:\WINDOWS\zip.exe
[2011/09/22 15:29:42 | 000,000,735 | ---- | C] () -- I:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2011/09/21 14:46:20 | 000,000,669 | ---- | C] () -- I:\Documents and Settings\TK\Desktop\Shortcut to TK_BAm.exe.lnk
[2011/09/21 00:22:42 | 001,008,092 | ---- | C] () -- I:\arekle.exe
[2011/09/20 23:26:43 | 001,008,092 | ---- | C] () -- I:\Documents and Settings\TK\Desktop\arekle.exe
[2011/09/20 22:45:00 | 004,104,900 | ---- | C] () -- I:\Documents and Settings\TK\Desktop\RootkitBuster_5.00.1041.zip
[2011/09/18 08:57:24 | 000,413,380 | ---- | C] () -- I:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/09/17 09:31:59 | 000,025,600 | ---- | C] () -- I:\Documents and Settings\TK\Desktop\mtalctrl.exe
[2011/09/17 09:00:09 | 000,001,354 | ---- | C] () -- I:\Documents and Settings\TK\Desktop\acad.err
[2011/09/17 08:59:59 | 000,009,236 | ---- | C] () -- I:\Documents and Settings\TK\Desktop\acadstk.dmp
[2011/09/15 17:41:34 | 000,681,805 | ---- | C] () -- I:\Documents and Settings\TK\Desktop\test1.dwg
[2011/09/14 10:41:42 | 000,035,000 | ---- | C] () -- I:\Documents and Settings\TK\My Documents\BillPresentment.pdf
[2010/12/10 00:22:27 | 000,000,000 | ---- | C] () -- I:\WINDOWS\Irremote.ini
[2010/12/03 08:47:35 | 000,065,536 | ---- | C] () -- I:\WINDOWS\System32\DM510.dll
[2010/12/02 19:07:25 | 000,098,304 | ---- | C] () -- I:\WINDOWS\System32\apshext.dll
[2010/12/02 10:42:14 | 000,000,125 | ---- | C] () -- I:\Documents and Settings\TK\Local Settings\Application Data\fusioncache.dat
[2010/12/01 13:10:54 | 000,000,000 | ---- | C] () -- I:\WINDOWS\Mercury.ini
[2010/12/01 13:10:53 | 000,000,188 | ---- | C] () -- I:\WINDOWS\MercuryWT.ini
[2010/12/01 13:09:04 | 000,003,253 | ---- | C] () -- I:\WINDOWS\alamode.ini
[2010/10/12 01:20:55 | 000,701,368 | ---- | C] () -- I:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/08/09 02:10:42 | 001,714,036 | ---- | C] () -- I:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-329068152-412668190-682003330-1003-0.dat
[2010/08/09 02:10:40 | 000,365,894 | ---- | C] () -- I:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2010/06/05 08:00:55 | 000,000,074 | ---- | C] () -- I:\Documents and Settings\TK\Application Data\default.pls
[2010/06/04 23:53:45 | 000,000,069 | ---- | C] () -- I:\WINDOWS\NeroDigital.ini
[2010/05/01 15:23:32 | 000,000,288 | ---- | C] () -- I:\WINDOWS\ODBC.INI
[2010/03/17 08:24:24 | 000,042,496 | ---- | C] () -- I:\WINDOWS\System32\MTSTACK.EXE
[2010/03/17 08:24:24 | 000,000,000 | ---- | C] () -- I:\WINDOWS\MTSTACK.INI
[2010/03/12 01:26:56 | 000,000,165 | ---- | C] () -- I:\WINDOWS\QUICKEN.INI
[2010/03/12 01:14:26 | 000,003,584 | ---- | C] () -- I:\Documents and Settings\TK\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/08 14:43:34 | 000,000,000 | ---- | C] () -- I:\WINDOWS\nsreg.dat
[2010/03/04 10:31:45 | 000,000,000 | ---- | C] () -- I:\WINDOWS\ativpsrm.bin
[2010/03/03 21:53:11 | 000,593,920 | ---- | C] () -- I:\WINDOWS\System32\ati2sgag.exe
[2010/03/03 21:53:04 | 000,887,724 | R--- | C] () -- I:\WINDOWS\System32\ativva6x.dat
[2010/03/03 21:53:03 | 003,107,788 | R--- | C] () -- I:\WINDOWS\System32\ativva5x.dat
[2010/03/03 21:53:02 | 003,107,788 | R--- | C] () -- I:\WINDOWS\System32\ativvaxx.dat
[2010/03/03 21:53:02 | 000,180,720 | R--- | C] () -- I:\WINDOWS\System32\atiicdxx.dat
[2010/03/03 21:26:08 | 000,080,416 | ---- | C] () -- I:\WINDOWS\System32\RtNicProp32.dll
[2010/03/03 21:11:42 | 000,002,048 | --S- | C] () -- I:\WINDOWS\bootstat.dat
[2010/03/03 21:07:04 | 000,021,640 | ---- | C] () -- I:\WINDOWS\System32\emptyregdb.dat
[2010/03/03 13:52:14 | 000,004,161 | ---- | C] () -- I:\WINDOWS\ODBCINST.INI
[2010/03/03 13:51:10 | 000,380,832 | ---- | C] () -- I:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- I:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- I:\WINDOWS\System32\OGAEXEC.exe
[2009/02/02 14:12:42 | 000,495,616 | ---- | C] () -- I:\WINDOWS\System32\TX32.dll
[2009/02/02 14:12:42 | 000,327,680 | ---- | C] () -- I:\WINDOWS\System32\SmaRTEng.dll
[2009/02/02 14:12:42 | 000,053,248 | ---- | C] () -- I:\WINDOWS\System32\P2kDesk.dll
[2009/02/02 14:12:42 | 000,034,304 | ---- | C] () -- I:\WINDOWS\System32\UnlockFile.exe
[2009/02/02 14:12:42 | 000,000,530 | ---- | C] () -- I:\WINDOWS\System32\tx14_ic.ini
[2009/02/02 14:12:41 | 000,338,944 | ---- | C] () -- I:\WINDOWS\System32\LFfpx7.dll
[2009/02/02 14:12:41 | 000,118,784 | ---- | C] () -- I:\WINDOWS\System32\LFKodak.dll
[2009/02/02 14:12:41 | 000,040,960 | ---- | C] () -- I:\WINDOWS\System32\DeskSkt.dll
[2009/02/02 14:12:41 | 000,036,864 | ---- | C] () -- I:\WINDOWS\System32\DP2kFrms.dll
[2009/02/02 14:12:41 | 000,024,576 | ---- | C] () -- I:\WINDOWS\System32\fmt_jb2.dll
[2009/02/02 14:12:41 | 000,018,944 | ---- | C] () -- I:\WINDOWS\System32\fmt_xcx.dll
[2009/02/02 14:12:41 | 000,011,264 | ---- | C] () -- I:\WINDOWS\System32\fmt_xmf.dll
[2009/02/02 14:12:41 | 000,000,313 | ---- | C] () -- I:\WINDOWS\System32\ic32.ini
[2009/02/02 14:12:40 | 001,159,168 | ---- | C] () -- I:\WINDOWS\System32\alaMFC2.dll
[2009/02/02 14:12:40 | 000,220,160 | ---- | C] () -- I:\WINDOWS\System32\Carcla30.dll
[2009/02/02 14:12:40 | 000,204,864 | ---- | C] () -- I:\WINDOWS\System32\AtxWrap.dll
[2009/02/02 14:12:40 | 000,151,552 | ---- | C] () -- I:\WINDOWS\System32\alaMapi.dll
[2009/02/02 14:12:40 | 000,122,880 | ---- | C] () -- I:\WINDOWS\System32\ala32.dll
[2009/02/02 14:12:40 | 000,086,016 | ---- | C] () -- I:\WINDOWS\System32\alaLaunch2.dll
[2009/02/02 14:12:40 | 000,073,728 | ---- | C] () -- I:\WINDOWS\System32\alaLaunch.dll
[2009/02/02 14:12:40 | 000,018,432 | ---- | C] () -- I:\WINDOWS\System32\alavistautils.dll
[2009/02/02 14:12:40 | 000,001,597 | ---- | C] () -- I:\WINDOWS\System32\alaUploader.exe.config
[2009/01/05 16:44:10 | 000,053,248 | ---- | C] () -- I:\WINDOWS\bdoscandel.exe
[2009/01/05 16:44:10 | 000,000,453 | ---- | C] () -- I:\WINDOWS\bdoscandellang.ini
[2008/10/21 11:40:00 | 000,081,920 | ---- | C] () -- I:\WINDOWS\System32\ATIODE.exe
[2008/10/21 11:40:00 | 000,045,056 | ---- | C] () -- I:\WINDOWS\System32\ATIODCLI.exe
[2008/05/26 22:59:42 | 000,018,904 | ---- | C] () -- I:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 22:59:40 | 000,106,605 | ---- | C] () -- I:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/14 06:00:00 | 013,107,200 | ---- | C] () -- I:\WINDOWS\System32\oembios.bin
[2008/04/14 06:00:00 | 000,673,088 | ---- | C] () -- I:\WINDOWS\System32\mlang.dat
[2008/04/14 06:00:00 | 000,610,472 | ---- | C] () -- I:\WINDOWS\System32\perfh009.dat
[2008/04/14 06:00:00 | 000,272,128 | ---- | C] () -- I:\WINDOWS\System32\perfi009.dat
[2008/04/14 06:00:00 | 000,218,003 | ---- | C] () -- I:\WINDOWS\System32\dssec.dat
[2008/04/14 06:00:00 | 000,129,068 | ---- | C] () -- I:\WINDOWS\System32\perfc009.dat
[2008/04/14 06:00:00 | 000,064,512 | ---- | C] () -- I:\WINDOWS\System32\drivers\serial.sys
[2008/04/14 06:00:00 | 000,046,258 | ---- | C] () -- I:\WINDOWS\System32\mib.bin
[2008/04/14 06:00:00 | 000,028,626 | ---- | C] () -- I:\WINDOWS\System32\perfd009.dat
[2008/04/14 06:00:00 | 000,004,569 | ---- | C] () -- I:\WINDOWS\System32\secupd.dat
[2008/04/14 06:00:00 | 000,004,461 | ---- | C] () -- I:\WINDOWS\System32\oembios.dat
[2008/04/14 06:00:00 | 000,001,804 | ---- | C] () -- I:\WINDOWS\System32\Dcache.bin
[2008/04/14 06:00:00 | 000,000,741 | ---- | C] () -- I:\WINDOWS\System32\noise.dat
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- I:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- I:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- I:\WINDOWS\System32\gthrctr.ini
[2007/04/09 21:49:10 | 000,008,704 | ---- | C] () -- I:\WINDOWS\System32\VFDINI.exe
[2003/12/11 18:05:40 | 000,401,408 | ---- | C] () -- I:\WINDOWS\System32\AXF_AXS.dll
[2002/07/16 18:15:02 | 000,577,536 | ---- | C] () -- I:\WINDOWS\System32\PAXMeta.dll
[1998/06/10 00:00:00 | 000,015,120 | ---- | C] () -- I:\WINDOWS\System32\REPUTIL.DLL




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users