Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ping.exe infection???


  • This topic is locked This topic is locked
40 replies to this topic

#1 drkfluff

drkfluff

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:02:09 PM

Posted 30 December 2011 - 12:23 AM

started with this topic: http://www.bleepingcomputer.com/forums/topic435288.html

could not get DDS to work, so had to use OTL

here is OTL.txt

OTL logfile created on: 12/29/2011 11:33:52 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Michael\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.98 Gb Available Physical Memory | 48.92% Memory free
3.85 Gb Paging File | 2.94 Gb Available in Paging File | 76.33% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 233.75 Gb Total Space | 128.96 Gb Free Space | 55.17% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: ME-2TAEVE0NL50M | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Program Files\Safari\Safari.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe (Apple Inc.)
PRC - C:\Documents and Settings\Michael\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files\McAfee\Common Framework\naPrdMgr.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\McTray.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\scan32.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\mcconsol.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe (McAfee, Inc.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\WINDOWS\system32\ping.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Octoshape Streaming Services\Michael\OctoshapeClient.exe ()
PRC - C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
PRC - C:\WINDOWS\system32\nvraidservice.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe (NVIDIA Corporation)
PRC - C:\Program Files\Ahead\InCD\InCDsrv.exe (Ahead Software AG)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\McAfee\Common Framework\boost_thread-vc80-mt-1_32.dll ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - \\?\globalroot\systemroot\system32\mswsock.dll ()
MOD - \\.\globalroot\systemroot\system32\mswsock.dll ()
MOD - C:\WINDOWS\system32\mpg2splt.ax ()
MOD - C:\WINDOWS\system32\qdvd.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\dxmasf.dll ()
MOD - C:\Program Files\McAfee\Common Framework\ccme_base.dll ()
MOD - C:\Program Files\McAfee\Common Framework\cryptocme2.dll ()
MOD - C:\Program Files\Adobe\Reader 8.0\Reader\ccme_base.dll ()
MOD - C:\Program Files\Adobe\Reader 8.0\Reader\cryptocme2.dll ()
MOD - C:\Program Files\Octoshape Streaming Services\Michael\OctoshapeClient.exe ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()


========== Win32 Services (SafeList) ==========

SRV - (mfevtp) -- C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (McAfeeFramework) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
SRV - (McTaskManager) -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe (McAfee, Inc.)
SRV - (NAUpdate) -- C:\Program Files\Nero\Update\NASvc.exe (Nero AG)
SRV - (vseqrts) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe (Authentium, Inc)
SRV - (vsedsps) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe (Authentium, Inc)
SRV - (vseamps) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe (Authentium, Inc)
SRV - (ServicepointService) -- C:\Program Files\Verizon\VSP\ServicepointService.exe (Radialpoint Inc.)
SRV - (MotoConnect Service) -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe ()
SRV - (Amazon Download Agent) -- C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe (Amazon.com)
SRV - (getPlusHelper) getPlus® -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (InCDsrv) -- C:\Program Files\Ahead\InCD\InCDsrv.exe (Ahead Software AG)


========== Driver Services (SafeList) ==========

DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfetdi2k) -- C:\WINDOWS\system32\drivers\mfetdi2k.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (motmodem) -- C:\WINDOWS\system32\drivers\motmodem.sys (Motorola)
DRV - (NetBT) -- C:\WINDOWS\system32\drivers\netbt.sys ()
DRV - (usbsermpt) -- C:\WINDOWS\system32\drivers\usbsermpt.sys (Microsoft Corporation)
DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (nvatabus) -- C:\WINDOWS\system32\drivers\nvatabus.sys (NVIDIA Corporation)
DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (nvnforce) Service for NVIDIA® nForce™ -- C:\WINDOWS\system32\drivers\nvapu.sys (NVIDIA Corporation)
DRV - (nvax) Service for NVIDIA® nForce™ -- C:\WINDOWS\system32\drivers\nvax.sys (NVIDIA Corporation)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs LLC)
DRV - (InCDPass) -- C:\WINDOWS\system32\drivers\InCDpass.sys (Ahead Software AG)
DRV - (InCDfs) -- C:\WINDOWS\System32\drivers\InCDfs.sys (Ahead Software AG)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (nv_agp) -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys (NVIDIA Corporation)
DRV - (IPFilter) -- C:\WINDOWS\system32\drivers\ipfilter.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2052111302-1958367476-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://ima.mgh.harvard.edu/rxrequest/front_page.asp?msg=2&refUrl=/rxrequest/asp/home.asp
IE - HKU\S-1-5-21-2052111302-1958367476-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2052111302-1958367476-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local

IE - HKU\S-1-5-21-2052111302-1958367476-839522115-1010\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0unattached&bm=ho_central"
FF - prefs.js..extensions.enabledItems: {0C7E3F01-99E9-4095-9BDC-F84724960B57}:5.0.0.4
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth Plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Michael\Application Data\Move Networks\plugins\npqmp071706000001.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files\Verizon\VSP\nprpspa.dll (Verizon)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2240: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1348: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=7: C:\Program Files\Google\Update\1.2.141.5\npGoogleOneClick7.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: File not found
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Michael\Application Data\Move Networks\plugins\npqmp071706000001.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Program Files\Octoshape Streaming Services\Michael\octoprogram-L03-NMS1101262_SUA_000\npoctoshape.dll (Octoshape ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/11/24 11:15:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/09 18:42:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/29 20:14:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Documents and Settings\Michael\Application Data\Move Networks [2010/01/14 20:36:36 | 000,000,000 | ---D | M]

[2008/12/24 22:17:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michael\Application Data\Mozilla\Extensions
[2011/05/09 09:39:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\hngeg3gg.default\extensions
[2008/12/30 18:31:25 | 000,000,000 | ---D | M] (Coupon Manager) -- C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\hngeg3gg.default\extensions\{0C7E3F01-99E9-4095-9BDC-F84724960B57}
[2010/04/27 04:24:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\hngeg3gg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/09 09:39:26 | 000,000,000 | ---D | M] (Microsoft Choice Guard) -- C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\hngeg3gg.default\extensions\ChoiceGuard@Microsoft
[2011/11/09 18:43:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/09 18:42:42 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/09/29 05:12:39 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/09 18:42:43 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

Hosts file not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110917210325.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKU\S-1-5-21-2052111302-1958367476-839522115-1003\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVMixerTray] C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
O4 - HKU\S-1-5-21-2052111302-1958367476-839522115-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe (Cisco Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - mswsock.dll File not found
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab (Support.com Configuration Class)
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} http://www.creative.com/su/ocx/15026/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {4B48D5DF-9021-45F7-A240-60304302A215} http://download.microsoft.com/download/b/d/b/bdb4e4ee-63b2-45ff-9d84-33205bf43143/WebCleaner.cab (Malicious Software Removal Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125548086425 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125548858983 (MUWebControl Class)
O16 - DPF: {712362BF-E411-4F43-99D2-EB15F80AF1DB} http://entimg.msn.com/client/msnediag3718.cab (MsneDiag Class)
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} http://mediaplayer.walmart.com/installer/install.cab (Reg Error: Key error.)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} https://rtc1.webresponse.one.microsoft.com/media/xp/TLIEFlash.CAB (TLIEFlashObj Class)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} http://download.abacast.com/download/files/abasetup160.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://www.creative.com/su/ocx/15028/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ED944448-DC96-4129-92AA-25FA454A359A}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\x-excid {9D6CC632-1337-4a33-9214-2DA092E776F4} - c:\WINDOWS\Downloaded Program Files\mimectl.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Michael\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Michael\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/09/01 09:45:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/29 23:32:04 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Michael\Desktop\OTL.exe
[2011/12/29 23:12:11 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Michael\Desktop\dds.scr.scr
[2011/12/29 23:05:48 | 000,607,260 | ---- | C] (Swearware) -- C:\Documents and Settings\Michael\My Documents\dds.scr
[2011/12/28 12:04:14 | 074,823,360 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Michael\Desktop\msert.exe
[2011/12/26 06:30:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2011/12/25 20:23:14 | 003,562,624 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Michael\Desktop\ccsetup314.exe
[2011/12/21 20:45:00 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/12/19 22:26:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/18 11:36:55 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2011/12/18 11:18:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/12/17 07:52:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Application Data\Malwarebytes
[2011/12/17 07:51:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/12/17 07:51:45 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/12/17 07:51:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/16 04:04:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/12/16 03:11:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/12/16 03:11:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[48 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
[23 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1927 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[12 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/29 23:45:33 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
[2011/12/29 23:01:38 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Michael\defogger_reenable
[2011/12/29 19:40:50 | 000,033,370 | ---- | M] () -- C:\Documents and Settings\Michael\My Documents\cc_20111229_194042.reg
[2011/12/29 18:04:06 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/29 17:21:54 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/12/29 01:52:26 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/29 01:51:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/28 11:14:25 | 074,823,360 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Michael\Desktop\msert.exe
[2011/12/27 23:06:51 | 000,213,504 | ---- | M] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/26 00:01:43 | 000,217,924 | ---- | M] () -- C:\Documents and Settings\Michael\My Documents\cc_20111226_000000.reg
[2011/12/25 20:31:25 | 003,562,624 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Michael\Desktop\ccsetup314.exe
[2011/12/24 20:23:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/12/18 17:04:39 | 000,003,304 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2011/12/18 11:18:05 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/12/18 11:18:05 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\Spybot - Search & Destroy.lnk
[2011/12/17 07:51:54 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/17 07:45:16 | 000,000,354 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\fix.reg
[2011/12/16 18:08:17 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ck6RFg.dat
[2011/12/16 06:09:56 | 000,259,590 | ---- | M] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\census.cache
[2011/12/16 06:09:32 | 000,246,869 | ---- | M] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\ars.cache
[2011/12/16 05:52:17 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\housecall.guid.cache
[2011/12/16 05:01:23 | 000,012,296 | -HS- | M] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\epdvhb5d8adb2sbk7lks4w824h5w
[2011/12/16 05:01:23 | 000,012,296 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\epdvhb5d8adb2sbk7lks4w824h5w
[2011/12/15 07:42:25 | 000,393,568 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/04 04:31:28 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2011/12/04 04:31:28 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[23 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1927 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[12 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/29 23:01:38 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michael\defogger_reenable
[2011/12/29 22:59:22 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\Defogger.exe
[2011/12/29 19:40:45 | 000,033,370 | ---- | C] () -- C:\Documents and Settings\Michael\My Documents\cc_20111229_194042.reg
[2011/12/26 00:00:04 | 000,217,924 | ---- | C] () -- C:\Documents and Settings\Michael\My Documents\cc_20111226_000000.reg
[2011/12/18 11:18:05 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/12/18 11:18:05 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\Spybot - Search & Destroy.lnk
[2011/12/17 07:51:54 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/17 07:45:16 | 000,000,354 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\fix.reg
[2011/12/16 18:08:17 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ck6RFg.dat
[2011/12/16 06:09:56 | 000,259,590 | ---- | C] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\census.cache
[2011/12/16 06:09:32 | 000,246,869 | ---- | C] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\ars.cache
[2011/12/16 05:52:17 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\housecall.guid.cache
[2011/12/16 02:59:41 | 000,012,296 | -HS- | C] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\epdvhb5d8adb2sbk7lks4w824h5w
[2011/12/16 02:59:41 | 000,012,296 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\epdvhb5d8adb2sbk7lks4w824h5w
[2011/10/16 19:42:38 | 000,213,187 | ---- | C] () -- C:\Documents and Settings\Michael\Application Data\MMUpgrade.jpg
[2011/05/21 05:01:00 | 002,123,582 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/03/07 18:35:05 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/02/07 13:59:55 | 000,000,056 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsidmv.dat
[2010/11/07 00:07:02 | 000,273,344 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/11/07 00:06:59 | 000,273,344 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/11/07 00:06:59 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/03/17 20:40:51 | 000,162,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\netbt.sys
[2009/03/12 17:59:13 | 000,037,232 | ---- | C] () -- C:\WINDOWS\ASScrProlog.exe
[2009/03/12 17:59:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2009/03/12 17:58:55 | 007,013,905 | ---- | C] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\Install.exe
[2009/03/12 17:57:32 | 000,001,494 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009/03/12 17:57:28 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008/12/16 19:36:22 | 000,084,216 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/10/22 11:56:12 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/10/22 11:55:27 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2008/05/26 20:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 20:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/12/19 05:42:40 | 000,000,074 | ---- | C] () -- C:\WINDOWS\pccillin.ini
[2007/09/27 09:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/09/13 21:46:36 | 000,055,601 | ---- | C] () -- C:\WINDOWS\War3Unin.dat
[2007/06/07 21:23:12 | 000,003,304 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2007/03/15 17:10:06 | 000,000,142 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2007/03/15 17:09:56 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2007/01/23 20:38:44 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2007/01/23 20:38:44 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/08/26 18:41:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ka.ini
[2006/08/26 15:19:38 | 000,000,302 | ---- | C] () -- C:\WINDOWS\EReg515.dat
[2006/08/26 15:17:56 | 000,000,825 | ---- | C] () -- C:\WINDOWS\disney.ini
[2006/08/13 15:26:47 | 000,197,672 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2006/08/06 14:50:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\smartdrv.exe
[2006/05/12 17:58:49 | 000,001,747 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/05/02 17:30:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\winsrv32.exe
[2006/05/02 17:30:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\reger.exe
[2006/04/29 10:26:34 | 000,118,784 | R--- | C] () -- C:\WINDOWS\bwUnin-7.2.0.157-8876480SL.exe
[2006/03/22 20:27:33 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/03/22 20:27:33 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/01/30 18:29:08 | 000,081,920 | R--- | C] () -- C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe
[2005/12/13 12:33:16 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\fusioncache.dat
[2005/12/13 12:25:07 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2005/10/22 14:25:28 | 000,249,344 | ---- | C] () -- C:\WINDOWS\System32\NvRaidMan.exe
[2005/10/22 14:25:28 | 000,223,232 | ---- | C] () -- C:\WINDOWS\System32\nvsataconnection.exe
[2005/09/11 14:06:31 | 000,189,480 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2005/09/06 17:39:39 | 000,213,504 | ---- | C] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/09/01 20:30:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2005/09/01 20:15:38 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS78.DLL
[2005/09/01 12:53:23 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS3e.DLL
[2005/09/01 11:07:50 | 000,000,017 | ---- | C] () -- C:\WINDOWS\System32\auto.ini
[2005/09/01 10:55:26 | 000,000,102 | ---- | C] () -- C:\WINDOWS\VSWizard.ini
[2005/09/01 10:47:20 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/09/01 10:47:03 | 000,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe
[2005/09/01 09:46:38 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/09/01 09:42:36 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/09/01 09:14:24 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/09/01 07:22:17 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\fusioncache.dat
[2005/09/01 05:37:41 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/09/01 05:36:52 | 000,393,568 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/09/01 00:15:04 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/08/31 23:34:26 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/05/24 17:11:28 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\zip.exe
[2004/05/24 17:04:56 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\lttls13n.dll
[2004/05/24 17:03:20 | 000,708,608 | ---- | C] () -- C:\WINDOWS\System32\ltcry13n.dll
[2004/05/24 17:01:02 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2004/05/24 17:00:48 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2003/05/30 08:00:02 | 001,287,680 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/04/11 13:47:52 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\msmscoin.dll
[2001/08/23 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 07:00:00 | 000,507,262 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 07:00:00 | 000,249,270 | ---- | C] () -- C:\WINDOWS\System32\_007104_.tmp.dll
[2001/08/23 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 07:00:00 | 000,088,524 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 07:00:00 | 000,022,040 | ---- | C] () -- C:\WINDOWS\System32\_007072_.tmp.dll
[2001/08/23 07:00:00 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\tftp.exe
[2001/08/23 07:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2001/08/23 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Michael\Desktop\ccsetup314.exe:SummaryInformation

< End of report >



here is extras.txt

OTL Extras logfile created on: 12/29/2011 11:33:52 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Michael\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.98 Gb Available Physical Memory | 48.92% Memory free
3.85 Gb Paging File | 2.94 Gb Available in Paging File | 76.33% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 233.75 Gb Total Space | 128.96 Gb Free Space | 55.17% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: ME-2TAEVE0NL50M | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = SafariHTML] -- C:\Program Files\Safari\Safari.exe (Apple Inc.)

[HKEY_USERS\S-1-5-21-2052111302-1958367476-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = SafariHTML] -- C:\Program Files\Safari\Safari.exe (Apple Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Safari\Safari.exe" -url "%1" (Apple Inc.)
https [open] -- "C:\Program Files\Safari\Safari.exe" -url "%1" (Apple Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"9051:UDP" = 9051:UDP:LocalSubNet:Enabled:Verizon Tech Wizard
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\Common Files\AOL\1125679140\ee\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1125679140\ee\AOLServiceHost.exe:*:Enabled:AOL Services
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\Common Files\AOL\1125679140\ee\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1125679140\ee\AOLServiceHost.exe:*:Enabled:AOL Services
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
"C:\Program Files\Octoshape Streaming Services\Michael\OctoshapeClient.exe" = C:\Program Files\Octoshape Streaming Services\Michael\OctoshapeClient.exe:*:Enabled:OctoshapeClient -- ()
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
"C:\Program Files\Verizon\VSP\ServicepointService.exe" = C:\Program Files\Verizon\VSP\ServicepointService.exe:*:Enabled:Servicepoint Service -- (Radialpoint Inc.)
"C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)
"C:\Program Files\Verizon\Verizon Media Manager\Release\Verizon Media Manager.exe" = C:\Program Files\Verizon\Verizon Media Manager\Release\Verizon Media Manager.exe:*:Enabled:Verizon Media Manager -- ()
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{040992D7-097E-4C94-BC57-CF67BE2AF28A}" = MediaFACE 4.01 Image Library
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{0F052922-4BCE-4763-A540-00857554336D}" = Redist
"{10964A8F-21C1-45EA-BC2D-F84B505C3848}" = H&R Block Deluxe + Efile + State 2010
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = LifeFrame2
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Multimedia Launcher
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{243E9065-1DA0-4786-B3BD-B8030277F214}" = Logitech Harmony Remote Software 7
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 14
"{2AAB21C2-4CDA-4189-A0EC-5ED666113F84}" = McAfee Agent
"{30DBAD4A-BA6D-4F9D-8AB0-2F6C7B0612A4}" = AVSDK5
"{3127F76D-5335-4AC7-BD1E-2F5247A23C24}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0150030}" = J2SE Runtime Environment 5.0 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41979C2F-34B8-4F92-8111-B13C5864682D}" = MediaFACE 4.01
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4732D4A0-5A47-44D8-9B84-B3BD4906D30D}" = TaxCut Premium 2007
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{4CD591C4-ED75-4320-B2D9-93E2A28F915E}" = H&R Block Massachusetts 2009
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{53A19323-917A-4822-B27E-A57D1EF6E9FC}" = H&R Block Deluxe + Efile + State 2009
"{548EAC70-EE00-11DD-908C-005056806466}" = Google Earth
"{5624C000-B109-11D4-9DB4-00E0290FCAC5}" = VPN Client
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}" = Logitech Harmony Remote Software
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C117F31-28A8-4477-BE91-64AC0A2204AD}" = Microsoft IntelliPoint 6.01
"{6CF08AD2-00C5-4A63-B74B-2EFFFAFEBE1A}" = Microsoft Outlook Web Access S/MIME
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{77D7B871-D25E-4EFF-8BE6-FBB11D47AF6E}" = TaxCut Massachusetts 2008
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79207BEE-6CD3-483C-824C-944663BACAC4}" = TaxCut Premium + Efile 2008
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7DDB3F86-E1E5-11D7-A04D-0050FCB66B41}" = Soltek Hardware Monitor
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{816EA7C2-9B8D-48CA-A424-3DE3C80A5033}" = Motorola Driver Installation 4.2.0
"{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}" = Nero BurnLite 10
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A5EBB62-ADE7-41E2-8884-1517DE3505D1}" = DeductionPro 2007
"{8AB8D458-939E-403F-0097-9BA1C1F013D5}" = The Sims 2
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}" = Nero BurnLite 10
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.85
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4FEA924-630D-11D4-B78E-005004566E4D}" = ViewSonic Monitor Drivers
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B93677FD-F4C4-4CF9-9D44-B4F2F585D835}" = H&R Block Massachusetts 2010
"{B97CF5C3-0487-11D8-A36E-0050BAE317E1}" = DVD Solution
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}" = Canon PhotoRecord
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{C9618743-1A5C-461E-91C4-E013A3D70F3C}" = Adobe® Photoshop® Album Starter Edition 3.0.1
"{C98F2FE6-5AF5-11D6-8209-00D0B701C7B5}" = Terayon DOCSIS Modem
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE15D1B6-19B6-4D4D-8F43-CF5D2C3356FF}" = McAfee VirusScan Enterprise
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{D75915D3-6CFF-445F-A346-18ED6EF2F618}" = Microsoft IntelliType Pro 6.01
"{D7A6C517-11F2-419F-B5BB-27772B939698}" = NvMixer
"{D8F0F3F4-D55C-4FBD-A590-B984615D7A6A}" = Vz In Home Agent
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{EDF1085A-73FF-4B3B-8726-2A403D400E48}" = DesignPro 5.0 Media Edition
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{F43C7DE1-CB20-11DD-8D77-005056806466}" = Google Earth Plugin
"{FA237125-51FF-408C-8BB8-30C2B3DFFF9C}" = Windows Resource Kit Tools
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Abacast Client" = Abacast Client
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"AIM_6.0" = AIM 6.0
"Amazon Games & Software Downloader_is1" = Amazon Games & Software Downloader
"Amazon Kindle For PC" = Amazon Kindle For PC v1.1
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.3
"AOL Instant Messenger" = AOL Instant Messenger
"Asus_LCD_ScreenSaver" = Asus_LCD_ScreenSaver
"Canon Setup Utility 2.0" = Canon Setup Utility 2.0
"CANONBJ_Deinstall_CNMCP78.DLL" = Canon iP4200
"CCleaner" = CCleaner
"DeductionPro 2005-06" = DeductionPro 2005-06
"DeductionPro 2006" = DeductionPro 2006
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX Setup
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-WebPrint" = Easy-WebPrint
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InCD!UninstallKey" = InCD
"InstallShield_{040992D7-097E-4C94-BC57-CF67BE2AF28A}" = MediaFACE 4.01 Image Library
"InstallShield_{41979C2F-34B8-4F92-8111-B13C5864682D}" = MediaFACE 4.01
"InstallShield_{EDF1085A-73FF-4B3B-8726-2A403D400E48}" = DesignPro 5.0 Media Edition
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Entertainment Download Troubleshooter" = MSN Entertainment Download Troubleshooter
"MSN Music Assistant" = MSN Music Assistant
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Pdf995" = Pdf995 (installed by TaxCut)
"PdfEdit995" = PdfEdit995 (installed by TaxCut)
"RadialpointClientGateway_is1" = Verizon Servicepoint 3.5.10
"RealAlt_is1" = Real Alternative 1.45
"TaxCut 2004" = TaxCut 2004
"TaxCut Deluxe 2005" = TaxCut Deluxe 2005
"TaxCut Premium 2006" = TaxCut Premium 2006
"Verizon Help and Support" = Verizon Help and Support Tool
"Verizon Media Manager" = Verizon Media Manager
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VideoLAN VLC media player 0.8.6h
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinPatrol" = WinPatrol
"WinRAR archiver" = WinRAR archiver
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XviD_is1" = XviD 1.1 final uninstall
"Yahtzee_is1" = Yahtzee 1.1.6

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2052111302-1958367476-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
"Octoshape Streaming Services" = Octoshape Streaming Services
"uTorrent" = µTorrent
"Warcraft III" = Warcraft III: All Products

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/25/2011 3:32:56 AM | Computer Name = ME-2TAEVE0NL50M | Source = Application Error | ID = 1000
Description = Faulting application safari.exe, version 5.34.52.7, faulting module
quicktimestreaming.qtx, version 7.71.80.42, fault address 0x000921d1.

Error - 12/25/2011 3:33:30 AM | Computer Name = ME-2TAEVE0NL50M | Source = Application Error | ID = 1001
Description = Fault bucket -1568844241.

Error - 12/25/2011 7:53:51 PM | Computer Name = ME-2TAEVE0NL50M | Source = Application Error | ID = 1000
Description = Faulting application safari.exe, version 5.34.52.7, faulting module
, version 0.0.0.0, fault address 0x00000000.

Error - 12/26/2011 11:53:10 AM | Computer Name = ME-2TAEVE0NL50M | Source = Application Error | ID = 1000
Description = Faulting application divx plus player.exe, version 10.2.1.23, faulting
module unknown, version 0.0.0.0, fault address 0xa00008af.

Error - 12/28/2011 3:16:27 AM | Computer Name = ME-2TAEVE0NL50M | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 2180 (0x884) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.3.0.464
/ 5400.1158 Object being scanned = \Device\HarddiskVolume2\Program Files\Java\jre6\bin\jkernel.dll

by C:\WINDOWS\System32\ping.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0)

7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 12/28/2011 5:57:25 AM | Computer Name = ME-2TAEVE0NL50M | Source = Application Error | ID = 1000
Description = Faulting application ping.exe, version 5.1.2600.5512, faulting module
mshtml.dll, version 8.0.6001.19170, fault address 0x00067978.

Error - 12/29/2011 2:52:17 AM | Computer Name = ME-2TAEVE0NL50M | Source = McLogEvent | ID = 5022
Description = MCSCAN32 Engine Initialisation failed. Engine returned error : 8

Error - 12/29/2011 8:37:21 AM | Computer Name = ME-2TAEVE0NL50M | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 172 (0xac) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.3.0.464
/ 5400.1158 Object being scanned = \Device\HarddiskVolume2\Program Files\Java\jre6\bin\jkernel.dll

by C:\WINDOWS\System32\ping.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0)

7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 12/29/2011 3:18:20 PM | Computer Name = ME-2TAEVE0NL50M | Source = Application Hang | ID = 1002
Description = Hanging application wmplayer.exe, version 11.0.5721.5145, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/29/2011 3:18:28 PM | Computer Name = ME-2TAEVE0NL50M | Source = Application Hang | ID = 1001
Description = Fault bucket 337816799.

[ System Events ]
Error - 12/29/2011 6:29:37 PM | Computer Name = ME-2TAEVE0NL50M | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 12/29/2011 6:31:38 PM | Computer Name = ME-2TAEVE0NL50M | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 12/29/2011 6:34:16 PM | Computer Name = ME-2TAEVE0NL50M | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 12/29/2011 6:37:41 PM | Computer Name = ME-2TAEVE0NL50M | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 12/29/2011 6:38:23 PM | Computer Name = ME-2TAEVE0NL50M | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 12/29/2011 6:40:08 PM | Computer Name = ME-2TAEVE0NL50M | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 12/29/2011 6:41:17 PM | Computer Name = ME-2TAEVE0NL50M | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 12/30/2011 12:28:13 AM | Computer Name = ME-2TAEVE0NL50M | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 12/30/2011 12:30:14 AM | Computer Name = ME-2TAEVE0NL50M | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 12/30/2011 12:41:51 AM | Computer Name = ME-2TAEVE0NL50M | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127


< End of report >


and finally from GMER (couldn't check or uncheck upper half of options)

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-30 00:14:04
Windows 5.1.2600 Service Pack 3
Running: gmer.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2C12BAA2ADC498140ACEE56D6611F348\Usage@Main 1067271440

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\$NtUninstallKB58460$\4054674337 0 bytes
File C:\WINDOWS\$NtUninstallKB58460$\71295075 0 bytes
File C:\WINDOWS\$NtUninstallKB58460$\71295075\@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB58460$\71295075\bckfg.tmp 849 bytes
File C:\WINDOWS\$NtUninstallKB58460$\71295075\cfg.ini 208 bytes
File C:\WINDOWS\$NtUninstallKB58460$\71295075\Desktop.ini 4608 bytes
File C:\WINDOWS\$NtUninstallKB58460$\71295075\keywords 81 bytes
File C:\WINDOWS\$NtUninstallKB58460$\71295075\kwrd.dll 223744 bytes
File C:\WINDOWS\$NtUninstallKB58460$\71295075\L 0 bytes
File C:\WINDOWS\$NtUninstallKB58460$\71295075\L\akygdmgo 162816 bytes
File C:\WINDOWS\$NtUninstallKB58460$\71295075\lsflt7.ver 5176 bytes
File C:\WINDOWS\$NtUninstallKB58460$\71295075\U 0 bytes
File C:\WINDOWS\$NtUninstallKB58460$\71295075\U\00000001.@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB58460$\71295075\U\00000002.@ 224768 bytes
File C:\WINDOWS\$NtUninstallKB58460$\71295075\U\00000004.@ 1024 bytes
File C:\WINDOWS\$NtUninstallKB58460$\71295075\U\80000000.@ 11264 bytes
File C:\WINDOWS\$NtUninstallKB58460$\71295075\U\80000004.@ 12800 bytes
File C:\WINDOWS\$NtUninstallKB58460$\71295075\U\80000032.@ 77312 bytes
File C:\Documents and Settings\Michael\Local Settings\Application Data\Apple Computer\Safari\History\_1n.cfs 0 bytes

---- EOF - GMER 1.0.15 ----

Edited by drkfluff, 30 December 2011 - 07:01 AM.


BC AdBot (Login to Remove)

 


#2 drkfluff

drkfluff
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:02:09 PM

Posted 03 January 2012 - 08:22 PM

Don't worry, I understand about the backlog. I just want to make sure that there is no question that I still really need help with this issue. Any help would be much appreciated.

Thank you

#3 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:02:09 PM

Posted 04 January 2012 - 02:05 AM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me Agent ST for short), it's a pleasure to meet you. :)

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

Running TDSSKiller

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure SKIP is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: Do not choose Cure or Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


NEXT:



OTL Custom Scan

We need to run an OTL Custom Scan
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.


    netsvcs
    drivers32
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Push the Quick Scan button.
  • A report will open. Copy and Paste that report in your next reply.

Edited by SweetTech, 04 January 2012 - 02:06 AM.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#4 drkfluff

drkfluff
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:02:09 PM

Posted 04 January 2012 - 06:00 AM

Very glad to make your acquaintance SweetTech, thank you for your help!

Ran TDSS and this is that log(it said that engine couldn't load, but I proceeded anyway):


05:36:30.0625 1516 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
05:36:30.0937 1516 ============================================================
05:36:30.0937 1516 Current date / time: 2012/01/04 05:36:30.0937
05:36:30.0937 1516 SystemInfo:
05:36:30.0937 1516
05:36:30.0937 1516 OS Version: 5.1.2600 ServicePack: 3.0
05:36:30.0937 1516 Product type: Workstation
05:36:30.0937 1516 ComputerName: ME-2TAEVE0NL50M
05:36:30.0937 1516 UserName: Michael
05:36:30.0937 1516 Windows directory: C:\WINDOWS
05:36:30.0937 1516 System windows directory: C:\WINDOWS
05:36:30.0937 1516 Processor architecture: Intel x86
05:36:30.0937 1516 Number of processors: 1
05:36:30.0937 1516 Page size: 0x1000
05:36:30.0937 1516 Boot type: Normal boot
05:36:30.0937 1516 ============================================================
05:36:48.0703 1516 !crdlk
05:36:48.0781 1516 Initialize success
05:38:05.0125 3020 ============================================================
05:38:05.0125 3020 Scan started
05:38:05.0125 3020 Mode: Manual; SigCheck; TDLFS;
05:38:05.0125 3020 ============================================================
05:38:05.0578 3020 Abiosdsk - ok
05:38:05.0640 3020 abp480n5 - ok
05:38:05.0812 3020 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
05:38:08.0312 3020 ACPI - ok
05:38:08.0468 3020 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
05:38:08.0656 3020 ACPIEC - ok
05:38:08.0750 3020 adpu160m - ok
05:38:08.0890 3020 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
05:38:09.0046 3020 aec - ok
05:38:09.0218 3020 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
05:38:09.0375 3020 AFD - ok
05:38:09.0484 3020 Aha154x - ok
05:38:09.0562 3020 aic78u2 - ok
05:38:09.0640 3020 aic78xx - ok
05:38:09.0750 3020 AliIde - ok
05:38:09.0968 3020 AmdK8 (e6a2299284013ec4de3419481a62069f) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
05:38:10.0171 3020 AmdK8 - ok
05:38:10.0312 3020 amsint - ok
05:38:10.0437 3020 asc - ok
05:38:10.0515 3020 asc3350p - ok
05:38:10.0578 3020 asc3550 - ok
05:38:10.0781 3020 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
05:38:10.0937 3020 AsyncMac - ok
05:38:11.0062 3020 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\drivers\atapi.sys
05:38:11.0234 3020 atapi - ok
05:38:11.0328 3020 Atdisk - ok
05:38:11.0437 3020 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
05:38:11.0609 3020 Atmarpc - ok
05:38:11.0812 3020 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
05:38:11.0953 3020 audstub - ok
05:38:12.0046 3020 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
05:38:12.0187 3020 Beep - ok
05:38:12.0421 3020 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
05:38:12.0593 3020 cbidf2k - ok
05:38:12.0734 3020 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
05:38:12.0906 3020 CCDECODE - ok
05:38:13.0046 3020 cd20xrnt - ok
05:38:13.0125 3020 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
05:38:13.0281 3020 Cdaudio - ok
05:38:13.0390 3020 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
05:38:13.0546 3020 Cdfs - ok
05:38:13.0703 3020 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
05:38:13.0875 3020 Cdrom - ok
05:38:13.0953 3020 Changer - ok
05:38:14.0109 3020 CmdIde - ok
05:38:14.0203 3020 Cpqarray - ok
05:38:14.0312 3020 CVirtA (5c706c06c1279952d2cc1a609ca948bf) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
05:38:14.0453 3020 CVirtA - ok
05:38:14.0593 3020 dac2w2k - ok
05:38:14.0671 3020 dac960nt - ok
05:38:14.0843 3020 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
05:38:15.0000 3020 Disk - ok
05:38:15.0140 3020 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
05:38:15.0375 3020 dmboot - ok
05:38:15.0546 3020 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
05:38:15.0718 3020 dmio - ok
05:38:15.0796 3020 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
05:38:15.0953 3020 dmload - ok
05:38:16.0125 3020 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
05:38:16.0281 3020 DMusic - ok
05:38:16.0390 3020 DNE (2eddbb3ef1dd5a28cb07c149d36e7286) C:\WINDOWS\system32\DRIVERS\dne2000.sys
05:38:16.0500 3020 DNE - ok
05:38:16.0718 3020 dpti2o - ok
05:38:16.0828 3020 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
05:38:17.0015 3020 drmkaud - ok
05:38:17.0187 3020 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
05:38:17.0343 3020 Fastfat - ok
05:38:17.0453 3020 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
05:38:17.0609 3020 Fdc - ok
05:38:17.0796 3020 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
05:38:17.0953 3020 Fips - ok
05:38:18.0062 3020 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
05:38:18.0203 3020 Flpydisk - ok
05:38:18.0343 3020 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
05:38:18.0500 3020 FltMgr - ok
05:38:18.0625 3020 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
05:38:18.0781 3020 Fs_Rec - ok
05:38:18.0875 3020 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
05:38:19.0031 3020 Ftdisk - ok
05:38:19.0140 3020 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
05:38:19.0218 3020 GEARAspiWDM - ok
05:38:19.0359 3020 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
05:38:19.0515 3020 Gpc - ok
05:38:19.0750 3020 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
05:38:19.0906 3020 HidUsb - ok
05:38:19.0984 3020 hpn - ok
05:38:20.0062 3020 hpt3xx - ok
05:38:20.0171 3020 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
05:38:20.0281 3020 HTTP - ok
05:38:20.0406 3020 i2omgmt - ok
05:38:20.0484 3020 i2omp - ok
05:38:20.0562 3020 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
05:38:20.0718 3020 i8042prt - ok
05:38:20.0921 3020 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\drivers\Imapi.sys
05:38:21.0093 3020 Imapi - ok
05:38:21.0234 3020 InCDfs (ae40e010d145aa371fe3a551c44f74f4) C:\WINDOWS\system32\drivers\InCDfs.sys
05:38:21.0312 3020 InCDfs ( UnsignedFile.Multi.Generic ) - warning
05:38:21.0312 3020 InCDfs - detected UnsignedFile.Multi.Generic (1)
05:38:21.0437 3020 InCDPass (efc1883a3cfcdd72222c428ef0a38695) C:\WINDOWS\system32\DRIVERS\InCDPass.sys
05:38:21.0531 3020 InCDPass ( UnsignedFile.Multi.Generic ) - warning
05:38:21.0531 3020 InCDPass - detected UnsignedFile.Multi.Generic (1)
05:38:21.0609 3020 InCDrec (8413063a0e2b4da05d5d87075021fb75) C:\WINDOWS\system32\drivers\InCDrec.sys
05:38:21.0687 3020 InCDrec ( UnsignedFile.Multi.Generic ) - warning
05:38:21.0687 3020 InCDrec - detected UnsignedFile.Multi.Generic (1)
05:38:21.0796 3020 ini910u - ok
05:38:21.0875 3020 IntelIde - ok
05:38:22.0062 3020 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
05:38:22.0234 3020 ip6fw - ok
05:38:22.0437 3020 IPFilter (9ea02e03ed52d25551a6e46cf3b94b01) C:\WINDOWS\system32\DRIVERS\IPFilter.sys
05:38:22.0531 3020 IPFilter ( UnsignedFile.Multi.Generic ) - warning
05:38:22.0531 3020 IPFilter - detected UnsignedFile.Multi.Generic (1)
05:38:22.0640 3020 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
05:38:22.0812 3020 IpFilterDriver - ok
05:38:23.0062 3020 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
05:38:23.0203 3020 IpInIp - ok
05:38:23.0296 3020 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
05:38:23.0453 3020 IpNat - ok
05:38:23.0656 3020 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
05:38:23.0843 3020 IPSec - ok
05:38:24.0015 3020 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
05:38:24.0078 3020 IRENUM - ok
05:38:24.0187 3020 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
05:38:24.0312 3020 isapnp - ok
05:38:24.0500 3020 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
05:38:24.0656 3020 Kbdclass - ok
05:38:24.0796 3020 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
05:38:24.0937 3020 kbdhid - ok
05:38:25.0125 3020 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
05:38:25.0265 3020 kmixer - ok
05:38:25.0375 3020 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
05:38:25.0531 3020 KSecDD - ok
05:38:25.0625 3020 lbrtfdc - ok
05:38:25.0968 3020 mfeapfk (c0d975d64c1af8057f2d75b1297a6979) C:\WINDOWS\system32\drivers\mfeapfk.sys
05:38:26.0265 3020 mfeapfk - ok
05:38:26.0421 3020 mfeavfk (c169326049a8a03d5f905b34f5a65f8c) C:\WINDOWS\system32\drivers\mfeavfk.sys
05:38:26.0531 3020 mfeavfk - ok
05:38:26.0640 3020 mfeavfk01 - ok
05:38:26.0828 3020 mfebopk (50b0253b2484a306a20d8695c5ae5858) C:\WINDOWS\system32\drivers\mfebopk.sys
05:38:26.0921 3020 mfebopk - ok
05:38:27.0031 3020 mfehidk (188b40866db2ab8ef262febc65291687) C:\WINDOWS\system32\drivers\mfehidk.sys
05:38:27.0234 3020 mfehidk - ok
05:38:27.0390 3020 mferkdet (c1b30af2e18e69bf8ceb39b33f32d3c1) C:\WINDOWS\system32\drivers\mferkdet.sys
05:38:27.0484 3020 mferkdet - ok
05:38:27.0640 3020 mfetdi2k (97ef4ca122ddda4781ff557e65dfb262) C:\WINDOWS\system32\drivers\mfetdi2k.sys
05:38:27.0734 3020 mfetdi2k - ok
05:38:27.0906 3020 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
05:38:28.0062 3020 mnmdd - ok
05:38:28.0250 3020 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
05:38:28.0406 3020 Modem - ok
05:38:28.0531 3020 motmodem (54fee02961c70fd9d4d7e2f87afa23fa) C:\WINDOWS\system32\DRIVERS\motmodem.sys
05:38:28.0859 3020 motmodem - ok
05:38:29.0062 3020 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
05:38:29.0203 3020 Mouclass - ok
05:38:29.0312 3020 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
05:38:29.0468 3020 mouhid - ok
05:38:29.0625 3020 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
05:38:29.0781 3020 MountMgr - ok
05:38:29.0859 3020 mraid35x - ok
05:38:30.0046 3020 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
05:38:30.0125 3020 MREMP50 ( UnsignedFile.Multi.Generic ) - warning
05:38:30.0125 3020 MREMP50 - detected UnsignedFile.Multi.Generic (1)
05:38:30.0140 3020 MREMPR5 - ok
05:38:30.0156 3020 MRENDIS5 - ok
05:38:30.0187 3020 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
05:38:30.0296 3020 MRESP50 ( UnsignedFile.Multi.Generic ) - warning
05:38:30.0296 3020 MRESP50 - detected UnsignedFile.Multi.Generic (1)
05:38:30.0406 3020 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
05:38:30.0562 3020 MRxDAV - ok
05:38:30.0750 3020 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
05:38:31.0062 3020 MRxSmb - ok
05:38:31.0187 3020 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
05:38:31.0328 3020 Msfs - ok
05:38:31.0453 3020 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
05:38:31.0640 3020 MSKSSRV - ok
05:38:31.0812 3020 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
05:38:31.0984 3020 MSPCLOCK - ok
05:38:32.0093 3020 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
05:38:32.0250 3020 MSPQM - ok
05:38:32.0468 3020 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
05:38:32.0609 3020 mssmbios - ok
05:38:32.0750 3020 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
05:38:32.0937 3020 MSTEE - ok
05:38:33.0109 3020 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
05:38:33.0250 3020 Mup - ok
05:38:33.0406 3020 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
05:38:33.0562 3020 NABTSFEC - ok
05:38:33.0765 3020 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
05:38:33.0953 3020 NDIS - ok
05:38:34.0078 3020 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
05:38:34.0203 3020 NdisIP - ok
05:38:34.0359 3020 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
05:38:34.0468 3020 NdisTapi - ok
05:38:34.0578 3020 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
05:38:34.0734 3020 Ndisuio - ok
05:38:34.0828 3020 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
05:38:35.0046 3020 NdisWan - ok
05:38:35.0156 3020 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
05:38:35.0328 3020 NDProxy - ok
05:38:35.0468 3020 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
05:38:35.0625 3020 NetBIOS - ok
05:38:35.0781 3020 NetBT (e83b450a3adae2d9ef4170474d94ddcc) C:\WINDOWS\system32\DRIVERS\netbt.sys
05:38:35.0937 3020 NetBT ( UnsignedFile.Multi.Generic ) - warning
05:38:35.0937 3020 NetBT - detected UnsignedFile.Multi.Generic (1)
05:38:36.0187 3020 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
05:38:36.0343 3020 Npfs - ok
05:38:36.0453 3020 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
05:38:36.0703 3020 Ntfs - ok
05:38:36.0921 3020 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
05:38:37.0062 3020 Null - ok
05:38:37.0578 3020 nv (8b2c874897ea498da012284e12f9db2b) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
05:38:38.0500 3020 nv - ok
05:38:38.0671 3020 nvatabus (dce353985c988bfb7e84fd942068151f) C:\WINDOWS\system32\drivers\nvatabus.sys
05:38:38.0734 3020 nvatabus ( UnsignedFile.Multi.Generic ) - warning
05:38:38.0734 3020 nvatabus - detected UnsignedFile.Multi.Generic (1)
05:38:38.0843 3020 nvax (fb8595ef3ceb81f0da3f6f211b2df932) C:\WINDOWS\system32\drivers\nvax.sys
05:38:39.0000 3020 nvax - ok
05:38:39.0093 3020 NVENETFD (720cc533eecb65553bd86b139ca04433) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
05:38:39.0203 3020 NVENETFD - ok
05:38:39.0296 3020 nvnetbus (5f9f545cc5904dd8765f84ee1d056406) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
05:38:39.0390 3020 nvnetbus - ok
05:38:39.0531 3020 nvnforce (d2315cd3053fc3b4250dc2dbd0ac49e4) C:\WINDOWS\system32\drivers\nvapu.sys
05:38:39.0546 3020 nvnforce - ok
05:38:39.0718 3020 nvraid (a5c77d944410fadee380fb20b432760d) C:\WINDOWS\system32\DRIVERS\nvraid.sys
05:38:39.0843 3020 nvraid - ok
05:38:39.0968 3020 nv_agp (c0fcd544a1c4eea6d11a0ae6a07dac9d) C:\WINDOWS\system32\DRIVERS\nv_agp.sys
05:38:40.0078 3020 nv_agp - ok
05:38:40.0203 3020 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
05:38:40.0343 3020 NwlnkFlt - ok
05:38:40.0453 3020 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
05:38:40.0625 3020 NwlnkFwd - ok
05:38:40.0812 3020 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
05:38:40.0953 3020 Parport - ok
05:38:41.0093 3020 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
05:38:41.0234 3020 PartMgr - ok
05:38:41.0328 3020 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
05:38:41.0468 3020 ParVdm - ok
05:38:41.0609 3020 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
05:38:41.0781 3020 PCI - ok
05:38:41.0859 3020 PCIDump - ok
05:38:41.0953 3020 PCIIde - ok
05:38:42.0062 3020 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
05:38:42.0187 3020 Pcmcia - ok
05:38:42.0281 3020 PDCOMP - ok
05:38:42.0468 3020 PDFRAME - ok
05:38:42.0531 3020 PDRELI - ok
05:38:42.0593 3020 PDRFRAME - ok
05:38:42.0703 3020 perc2 - ok
05:38:42.0765 3020 perc2hib - ok
05:38:42.0921 3020 pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
05:38:43.0000 3020 pfc ( UnsignedFile.Multi.Generic ) - warning
05:38:43.0000 3020 pfc - detected UnsignedFile.Multi.Generic (1)
05:38:43.0187 3020 Point32 (5c71f7cdd1b4ba5f00b87ca05e414aea) C:\WINDOWS\system32\DRIVERS\point32.sys
05:38:43.0328 3020 Point32 - ok
05:38:43.0468 3020 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
05:38:43.0640 3020 PptpMiniport - ok
05:38:43.0781 3020 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
05:38:43.0906 3020 Processor - ok
05:38:44.0093 3020 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
05:38:44.0218 3020 PSched - ok
05:38:44.0281 3020 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
05:38:44.0421 3020 Ptilink - ok
05:38:44.0593 3020 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
05:38:44.0687 3020 PxHelp20 - ok
05:38:44.0765 3020 ql1080 - ok
05:38:44.0828 3020 Ql10wnt - ok
05:38:44.0906 3020 ql12160 - ok
05:38:44.0968 3020 ql1240 - ok
05:38:45.0046 3020 ql1280 - ok
05:38:45.0125 3020 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
05:38:45.0265 3020 RasAcd - ok
05:38:45.0437 3020 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
05:38:45.0562 3020 Rasl2tp - ok
05:38:45.0640 3020 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
05:38:45.0796 3020 RasPppoe - ok
05:38:46.0031 3020 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
05:38:46.0171 3020 Raspti - ok
05:38:46.0312 3020 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
05:38:46.0453 3020 Rdbss - ok
05:38:46.0562 3020 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
05:38:46.0718 3020 RDPCDD - ok
05:38:47.0140 3020 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
05:38:47.0375 3020 rdpdr - ok
05:38:47.0500 3020 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
05:38:47.0750 3020 RDPWD - ok
05:38:48.0031 3020 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
05:38:48.0187 3020 redbook - ok
05:38:48.0328 3020 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
05:38:48.0453 3020 ROOTMODEM - ok
05:38:48.0750 3020 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
05:38:48.0843 3020 Secdrv - ok
05:38:49.0062 3020 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
05:38:49.0203 3020 serenum - ok
05:38:49.0296 3020 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
05:38:49.0421 3020 Serial - ok
05:38:49.0640 3020 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
05:38:49.0796 3020 Sfloppy - ok
05:38:49.0984 3020 Simbad - ok
05:38:50.0125 3020 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
05:38:50.0281 3020 SLIP - ok
05:38:50.0453 3020 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
05:38:50.0609 3020 SONYPVU1 - ok
05:38:50.0781 3020 Sparrow - ok
05:38:50.0875 3020 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
05:38:51.0000 3020 splitter - ok
05:38:51.0187 3020 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
05:38:51.0265 3020 sr - ok
05:38:51.0390 3020 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
05:38:51.0609 3020 Srv - ok
05:38:51.0812 3020 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
05:38:51.0953 3020 streamip - ok
05:38:52.0093 3020 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
05:38:52.0218 3020 swenum - ok
05:38:52.0406 3020 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
05:38:52.0546 3020 swmidi - ok
05:38:52.0734 3020 symc810 - ok
05:38:52.0812 3020 symc8xx - ok
05:38:52.0890 3020 sym_hi - ok
05:38:52.0968 3020 sym_u3 - ok
05:38:53.0078 3020 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
05:38:53.0218 3020 sysaudio - ok
05:38:53.0390 3020 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
05:38:53.0546 3020 Tcpip - ok
05:38:53.0671 3020 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
05:38:53.0859 3020 TDPIPE - ok
05:38:53.0968 3020 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
05:38:54.0109 3020 TDTCP - ok
05:38:54.0203 3020 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
05:38:54.0328 3020 TermDD - ok
05:38:54.0484 3020 TosIde - ok
05:38:54.0609 3020 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
05:38:54.0765 3020 Udfs - ok
05:38:54.0875 3020 ultra - ok
05:38:54.0984 3020 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
05:38:55.0156 3020 Update - ok
05:38:55.0312 3020 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
05:38:55.0484 3020 USBAAPL - ok
05:38:55.0656 3020 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
05:38:55.0812 3020 usbaudio - ok
05:38:56.0062 3020 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
05:38:56.0187 3020 usbccgp - ok
05:38:56.0265 3020 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
05:38:56.0406 3020 usbehci - ok
05:38:56.0562 3020 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
05:38:56.0687 3020 usbhub - ok
05:38:56.0765 3020 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
05:38:56.0906 3020 usbohci - ok
05:38:57.0046 3020 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
05:38:57.0171 3020 usbprint - ok
05:38:57.0312 3020 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
05:38:57.0453 3020 usbscan - ok
05:38:57.0609 3020 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys
05:38:57.0765 3020 usbser - ok
05:38:57.0890 3020 usbsermpt (caad3467fbfae8a380f67e9c7150a85e) C:\WINDOWS\system32\DRIVERS\usbsermpt.sys
05:38:57.0921 3020 usbsermpt ( UnsignedFile.Multi.Generic ) - warning
05:38:57.0921 3020 usbsermpt - detected UnsignedFile.Multi.Generic (1)
05:38:58.0015 3020 usbsermptxp (af4b8cc5ea40c57208796920068ddcd5) C:\WINDOWS\system32\DRIVERS\usbsermptxp.sys
05:38:58.0109 3020 usbsermptxp ( UnsignedFile.Multi.Generic ) - warning
05:38:58.0109 3020 usbsermptxp - detected UnsignedFile.Multi.Generic (1)
05:38:58.0203 3020 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
05:38:58.0359 3020 USBSTOR - ok
05:38:58.0546 3020 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
05:38:58.0687 3020 usbvideo - ok
05:38:58.0812 3020 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
05:38:58.0937 3020 VgaSave - ok
05:38:59.0031 3020 ViaIde - ok
05:38:59.0140 3020 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
05:38:59.0281 3020 VolSnap - ok
05:38:59.0421 3020 vsdatant (27b3dd12a19eec50220df15b64913dda) C:\WINDOWS\system32\vsdatant.sys
05:38:59.0609 3020 vsdatant - ok
05:38:59.0796 3020 VZTFVKGY - ok
05:39:00.0171 3020 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
05:39:00.0312 3020 Wanarp - ok
05:39:00.0484 3020 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
05:39:00.0718 3020 Wdf01000 - ok
05:39:00.0859 3020 WDICA - ok
05:39:01.0078 3020 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
05:39:01.0218 3020 wdmaud - ok
05:39:01.0468 3020 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
05:39:01.0562 3020 WpdUsb - ok
05:39:01.0765 3020 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
05:39:01.0921 3020 WSTCODEC - ok
05:39:02.0125 3020 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
05:39:02.0187 3020 WudfPf - ok
05:39:02.0328 3020 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
05:39:02.0343 3020 WudfRd - ok
05:39:02.0421 3020 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
05:39:05.0343 3020 \Device\Harddisk0\DR0 - ok
05:39:05.0375 3020 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
05:39:05.0546 3020 \Device\Harddisk1\DR1 - ok
05:39:05.0562 3020 Boot (0x1200) (83bed78ad88f974fba86f59546ad7aec) \Device\Harddisk0\DR0\Partition0
05:39:05.0562 3020 \Device\Harddisk0\DR0\Partition0 - ok
05:39:05.0562 3020 Boot (0x1200) (40d5726e434442fa766084825aa5566e) \Device\Harddisk1\DR1\Partition0
05:39:05.0562 3020 \Device\Harddisk1\DR1\Partition0 - ok
05:39:05.0578 3020 ============================================================
05:39:05.0578 3020 Scan finished
05:39:05.0578 3020 ============================================================
05:39:05.0687 4072 Detected object count: 11
05:39:05.0687 4072 Actual detected object count: 11
05:41:10.0406 4072 InCDfs ( UnsignedFile.Multi.Generic ) - skipped by user
05:41:10.0406 4072 InCDfs ( UnsignedFile.Multi.Generic ) - User select action: Skip
05:41:10.0406 4072 InCDPass ( UnsignedFile.Multi.Generic ) - skipped by user
05:41:10.0406 4072 InCDPass ( UnsignedFile.Multi.Generic ) - User select action: Skip
05:41:10.0406 4072 InCDrec ( UnsignedFile.Multi.Generic ) - skipped by user
05:41:10.0406 4072 InCDrec ( UnsignedFile.Multi.Generic ) - User select action: Skip
05:41:10.0406 4072 IPFilter ( UnsignedFile.Multi.Generic ) - skipped by user
05:41:10.0406 4072 IPFilter ( UnsignedFile.Multi.Generic ) - User select action: Skip
05:41:10.0421 4072 MREMP50 ( UnsignedFile.Multi.Generic ) - skipped by user
05:41:10.0421 4072 MREMP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
05:41:10.0421 4072 MRESP50 ( UnsignedFile.Multi.Generic ) - skipped by user
05:41:10.0421 4072 MRESP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
05:41:10.0421 4072 NetBT ( UnsignedFile.Multi.Generic ) - skipped by user
05:41:10.0421 4072 NetBT ( UnsignedFile.Multi.Generic ) - User select action: Skip
05:41:10.0421 4072 nvatabus ( UnsignedFile.Multi.Generic ) - skipped by user
05:41:10.0421 4072 nvatabus ( UnsignedFile.Multi.Generic ) - User select action: Skip
05:41:10.0421 4072 pfc ( UnsignedFile.Multi.Generic ) - skipped by user
05:41:10.0421 4072 pfc ( UnsignedFile.Multi.Generic ) - User select action: Skip
05:41:10.0421 4072 usbsermpt ( UnsignedFile.Multi.Generic ) - skipped by user
05:41:10.0421 4072 usbsermpt ( UnsignedFile.Multi.Generic ) - User select action: Skip
05:41:10.0421 4072 usbsermptxp ( UnsignedFile.Multi.Generic ) - skipped by user
05:41:10.0421 4072 usbsermptxp ( UnsignedFile.Multi.Generic ) - User select action: Skip

and here is the OTL log:

OTL logfile created on: 1/4/2012 5:47:08 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Michael\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.26 Gb Available Physical Memory | 62.84% Memory free
3.85 Gb Paging File | 3.10 Gb Available in Paging File | 80.57% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 233.75 Gb Total Space | 128.56 Gb Free Space | 55.00% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: ME-2TAEVE0NL50M | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Program Files\Safari\Safari.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe (Apple Inc.)
PRC - C:\Documents and Settings\Michael\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files\McAfee\Common Framework\naPrdMgr.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\McTray.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\mcconsol.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe (McAfee, Inc.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\WINDOWS\system32\ping.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
PRC - C:\WINDOWS\system32\nvraidservice.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe (NVIDIA Corporation)
PRC - C:\Program Files\Ahead\InCD\InCDsrv.exe (Ahead Software AG)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\McAfee\Common Framework\boost_thread-vc80-mt-1_32.dll ()
MOD - \\?\globalroot\systemroot\system32\mswsock.dll ()
MOD - \\.\globalroot\systemroot\system32\mswsock.dll ()
MOD - C:\Program Files\McAfee\Common Framework\ccme_base.dll ()
MOD - C:\Program Files\McAfee\Common Framework\cryptocme2.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()


========== Win32 Services (SafeList) ==========

SRV - (mfevtp) -- C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (McAfeeFramework) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
SRV - (McTaskManager) -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe (McAfee, Inc.)
SRV - (NAUpdate) -- C:\Program Files\Nero\Update\NASvc.exe (Nero AG)
SRV - (vseqrts) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe (Authentium, Inc)
SRV - (vsedsps) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe (Authentium, Inc)
SRV - (vseamps) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe (Authentium, Inc)
SRV - (ServicepointService) -- C:\Program Files\Verizon\VSP\ServicepointService.exe (Radialpoint Inc.)
SRV - (MotoConnect Service) -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe ()
SRV - (Amazon Download Agent) -- C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe (Amazon.com)
SRV - (getPlusHelper) getPlus® -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (InCDsrv) -- C:\Program Files\Ahead\InCD\InCDsrv.exe (Ahead Software AG)


========== Driver Services (SafeList) ==========

DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfetdi2k) -- C:\WINDOWS\system32\drivers\mfetdi2k.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (motmodem) -- C:\WINDOWS\system32\drivers\motmodem.sys (Motorola)
DRV - (NetBT) -- C:\WINDOWS\system32\drivers\netbt.sys ()
DRV - (usbsermpt) -- C:\WINDOWS\system32\drivers\usbsermpt.sys (Microsoft Corporation)
DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (nvatabus) -- C:\WINDOWS\system32\drivers\nvatabus.sys (NVIDIA Corporation)
DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (nvnforce) Service for NVIDIA® nForce™ -- C:\WINDOWS\system32\drivers\nvapu.sys (NVIDIA Corporation)
DRV - (nvax) Service for NVIDIA® nForce™ -- C:\WINDOWS\system32\drivers\nvax.sys (NVIDIA Corporation)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs LLC)
DRV - (InCDPass) -- C:\WINDOWS\system32\drivers\InCDpass.sys (Ahead Software AG)
DRV - (InCDfs) -- C:\WINDOWS\System32\drivers\InCDfs.sys (Ahead Software AG)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (nv_agp) -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys (NVIDIA Corporation)
DRV - (IPFilter) -- C:\WINDOWS\system32\drivers\ipfilter.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://ima.mgh.harvard.edu/rxrequest/front_page.asp?msg=2&refUrl=/rxrequest/asp/home.asp
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0unattached&bm=ho_central"
FF - prefs.js..extensions.enabledItems: {0C7E3F01-99E9-4095-9BDC-F84724960B57}:5.0.0.4
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth Plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Michael\Application Data\Move Networks\plugins\npqmp071706000001.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files\Verizon\VSP\nprpspa.dll (Verizon)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2240: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1348: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=7: C:\Program Files\Google\Update\1.2.141.5\npGoogleOneClick7.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: File not found
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Michael\Application Data\Move Networks\plugins\npqmp071706000001.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Program Files\Octoshape Streaming Services\Michael\octoprogram-L03-NMS1101262_SUA_000\npoctoshape.dll (Octoshape ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/11/24 11:15:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/09 18:42:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/29 20:14:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Documents and Settings\Michael\Application Data\Move Networks [2010/01/14 20:36:36 | 000,000,000 | ---D | M]

[2008/12/24 22:17:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michael\Application Data\Mozilla\Extensions
[2011/05/09 09:39:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\hngeg3gg.default\extensions
[2008/12/30 18:31:25 | 000,000,000 | ---D | M] (Coupon Manager) -- C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\hngeg3gg.default\extensions\{0C7E3F01-99E9-4095-9BDC-F84724960B57}
[2010/04/27 04:24:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\hngeg3gg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/09 09:39:26 | 000,000,000 | ---D | M] (Microsoft Choice Guard) -- C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\hngeg3gg.default\extensions\ChoiceGuard@Microsoft
[2011/11/09 18:43:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/09 18:42:42 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/09/29 05:12:39 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/09 18:42:43 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

Hosts file not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110917210325.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVMixerTray] C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe (Cisco Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - mswsock.dll File not found
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab (Support.com Configuration Class)
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} http://www.creative.com/su/ocx/15026/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {4B48D5DF-9021-45F7-A240-60304302A215} http://download.microsoft.com/download/b/d/b/bdb4e4ee-63b2-45ff-9d84-33205bf43143/WebCleaner.cab (Malicious Software Removal Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125548086425 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125548858983 (MUWebControl Class)
O16 - DPF: {712362BF-E411-4F43-99D2-EB15F80AF1DB} http://entimg.msn.com/client/msnediag3718.cab (MsneDiag Class)
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} http://mediaplayer.walmart.com/installer/install.cab (Reg Error: Key error.)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} https://rtc1.webresponse.one.microsoft.com/media/xp/TLIEFlash.CAB (TLIEFlashObj Class)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} http://download.abacast.com/download/files/abasetup160.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://www.creative.com/su/ocx/15028/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ED944448-DC96-4129-92AA-25FA454A359A}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\x-excid {9D6CC632-1337-4a33-9214-2DA092E776F4} - c:\WINDOWS\Downloaded Program Files\mimectl.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Michael\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Michael\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/09/01 09:45:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

========== Files/Folders - Created Within 30 Days ==========

[2012/01/04 05:33:31 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Michael\Desktop\tdsskiller.exe
[2011/12/29 23:52:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Desktop\gmer
[2011/12/29 23:32:04 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Michael\Desktop\OTL.exe
[2011/12/29 23:12:11 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Michael\Desktop\dds.scr.scr
[2011/12/29 23:05:48 | 000,607,260 | ---- | C] (Swearware) -- C:\Documents and Settings\Michael\My Documents\dds.scr
[2011/12/26 06:30:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2011/12/25 20:23:14 | 003,562,624 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Michael\Desktop\ccsetup314.exe
[2011/12/21 20:45:00 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/12/19 22:26:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/18 11:36:55 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2011/12/18 11:18:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/12/17 07:52:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Application Data\Malwarebytes
[2011/12/17 07:51:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/12/17 07:51:45 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/12/17 07:51:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/16 04:04:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/12/16 03:11:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/12/16 03:11:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[48 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
[23 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1927 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[12 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/04 01:31:59 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/04 00:00:14 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
[2012/01/03 20:15:25 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/03 20:14:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/02 16:20:42 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/12/31 20:23:26 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/12/29 23:55:25 | 000,000,363 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\Shortcut to gmer.lnk
[2011/12/29 23:01:38 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Michael\defogger_reenable
[2011/12/29 19:40:50 | 000,033,370 | ---- | M] () -- C:\Documents and Settings\Michael\My Documents\cc_20111229_194042.reg
[2011/12/27 23:06:51 | 000,213,504 | ---- | M] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/26 00:01:43 | 000,217,924 | ---- | M] () -- C:\Documents and Settings\Michael\My Documents\cc_20111226_000000.reg
[2011/12/25 20:31:25 | 003,562,624 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Michael\Desktop\ccsetup314.exe
[2011/12/23 07:01:10 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Michael\Desktop\tdsskiller.exe
[2011/12/18 17:04:39 | 000,003,304 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2011/12/18 11:18:05 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/12/18 11:18:05 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\Spybot - Search & Destroy.lnk
[2011/12/17 07:45:16 | 000,000,354 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\fix.reg
[2011/12/16 18:08:17 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ck6RFg.dat
[2011/12/16 06:09:56 | 000,259,590 | ---- | M] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\census.cache
[2011/12/16 06:09:32 | 000,246,869 | ---- | M] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\ars.cache
[2011/12/16 05:52:17 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\housecall.guid.cache
[2011/12/16 05:01:23 | 000,012,296 | -HS- | M] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\epdvhb5d8adb2sbk7lks4w824h5w
[2011/12/16 05:01:23 | 000,012,296 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\epdvhb5d8adb2sbk7lks4w824h5w
[2011/12/15 07:42:25 | 000,393,568 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[23 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1927 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[12 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/29 23:55:25 | 000,000,363 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\Shortcut to gmer.lnk
[2011/12/29 23:01:38 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michael\defogger_reenable
[2011/12/29 22:59:22 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\Defogger.exe
[2011/12/29 19:40:45 | 000,033,370 | ---- | C] () -- C:\Documents and Settings\Michael\My Documents\cc_20111229_194042.reg
[2011/12/26 00:00:04 | 000,217,924 | ---- | C] () -- C:\Documents and Settings\Michael\My Documents\cc_20111226_000000.reg
[2011/12/18 11:18:05 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/12/18 11:18:05 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\Spybot - Search & Destroy.lnk
[2011/12/17 07:45:16 | 000,000,354 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\fix.reg
[2011/12/16 18:08:17 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ck6RFg.dat
[2011/12/16 06:09:56 | 000,259,590 | ---- | C] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\census.cache
[2011/12/16 06:09:32 | 000,246,869 | ---- | C] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\ars.cache
[2011/12/16 05:52:17 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\housecall.guid.cache
[2011/12/16 02:59:41 | 000,012,296 | -HS- | C] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\epdvhb5d8adb2sbk7lks4w824h5w
[2011/12/16 02:59:41 | 000,012,296 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\epdvhb5d8adb2sbk7lks4w824h5w
[2011/10/16 19:42:38 | 000,213,187 | ---- | C] () -- C:\Documents and Settings\Michael\Application Data\MMUpgrade.jpg
[2011/05/21 05:01:00 | 002,123,582 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/03/07 18:35:05 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/02/07 13:59:55 | 000,000,056 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsidmv.dat
[2010/11/07 00:07:02 | 000,273,344 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/11/07 00:06:59 | 000,273,344 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/11/07 00:06:59 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/03/17 20:40:51 | 000,162,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\netbt.sys
[2009/03/12 17:59:13 | 000,037,232 | ---- | C] () -- C:\WINDOWS\ASScrProlog.exe
[2009/03/12 17:59:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2009/03/12 17:58:55 | 007,013,905 | ---- | C] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\Install.exe
[2009/03/12 17:57:32 | 000,001,494 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009/03/12 17:57:28 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008/12/16 19:36:22 | 000,084,216 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/10/22 11:56:12 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/10/22 11:55:27 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2008/05/26 20:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 20:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/12/19 05:42:40 | 000,000,074 | ---- | C] () -- C:\WINDOWS\pccillin.ini
[2007/09/27 09:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/09/13 21:46:36 | 000,055,601 | ---- | C] () -- C:\WINDOWS\War3Unin.dat
[2007/06/07 21:23:12 | 000,003,304 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2007/03/15 17:10:06 | 000,000,142 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2007/03/15 17:09:56 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2007/01/23 20:38:44 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2007/01/23 20:38:44 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/08/26 18:41:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ka.ini
[2006/08/26 15:19:38 | 000,000,302 | ---- | C] () -- C:\WINDOWS\EReg515.dat
[2006/08/26 15:17:56 | 000,000,825 | ---- | C] () -- C:\WINDOWS\disney.ini
[2006/08/13 15:26:47 | 000,197,672 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2006/08/06 14:50:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\smartdrv.exe
[2006/05/12 17:58:49 | 000,001,747 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/05/02 17:30:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\winsrv32.exe
[2006/05/02 17:30:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\reger.exe
[2006/04/29 10:26:34 | 000,118,784 | R--- | C] () -- C:\WINDOWS\bwUnin-7.2.0.157-8876480SL.exe
[2006/03/22 20:27:33 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/03/22 20:27:33 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/01/30 18:29:08 | 000,081,920 | R--- | C] () -- C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe
[2005/12/13 12:33:16 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\fusioncache.dat
[2005/12/13 12:25:07 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2005/10/22 14:25:28 | 000,249,344 | ---- | C] () -- C:\WINDOWS\System32\NvRaidMan.exe
[2005/10/22 14:25:28 | 000,223,232 | ---- | C] () -- C:\WINDOWS\System32\nvsataconnection.exe
[2005/09/11 14:06:31 | 000,189,480 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2005/09/06 17:39:39 | 000,213,504 | ---- | C] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/09/01 20:30:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2005/09/01 20:15:38 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS78.DLL
[2005/09/01 12:53:23 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS3e.DLL
[2005/09/01 11:07:50 | 000,000,017 | ---- | C] () -- C:\WINDOWS\System32\auto.ini
[2005/09/01 10:55:26 | 000,000,102 | ---- | C] () -- C:\WINDOWS\VSWizard.ini
[2005/09/01 10:47:20 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/09/01 10:47:03 | 000,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe
[2005/09/01 09:46:38 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/09/01 09:42:36 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/09/01 09:14:24 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/09/01 07:22:17 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\fusioncache.dat
[2005/09/01 05:37:41 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/09/01 05:36:52 | 000,393,568 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/09/01 00:15:04 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/08/31 23:34:26 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/05/24 17:11:28 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\zip.exe
[2004/05/24 17:04:56 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\lttls13n.dll
[2004/05/24 17:03:20 | 000,708,608 | ---- | C] () -- C:\WINDOWS\System32\ltcry13n.dll
[2004/05/24 17:01:02 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2004/05/24 17:00:48 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2003/05/30 08:00:02 | 001,287,680 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/04/11 13:47:52 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\msmscoin.dll
[2001/08/23 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 07:00:00 | 000,507,262 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 07:00:00 | 000,249,270 | ---- | C] () -- C:\WINDOWS\System32\_007104_.tmp.dll
[2001/08/23 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 07:00:00 | 000,088,524 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 07:00:00 | 000,022,040 | ---- | C] () -- C:\WINDOWS\System32\_007072_.tmp.dll
[2001/08/23 07:00:00 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\tftp.exe
[2001/08/23 07:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2001/08/23 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2010/03/28 14:48:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Amazon
[2006/02/07 23:31:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avery
[2011/06/22 15:33:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2005/09/01 20:15:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/01/15 05:46:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\com.comcast.access
[2006/01/05 19:06:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fellowes
[2011/06/22 15:17:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2007/03/15 17:10:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2010/05/08 13:59:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Radialpoint
[2011/03/12 16:32:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2008/10/22 11:59:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/08/26 18:42:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vivendi Universal Games
[2010/04/11 13:28:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/13 14:41:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/05/01 17:30:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/02/17 12:15:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\acccore
[2005/09/02 11:39:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Aim
[2010/11/04 23:59:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Amazon
[2007/08/06 21:16:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\BitTorrent
[2010/01/14 20:37:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\com.comcast.access.13A1FA90F0FC9DC009FB0956ADD0F13F8608561B.1
[2011/11/24 11:16:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\DDMSettings
[2011/06/22 09:44:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\ElevatedDiagnostics
[2005/09/01 10:56:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Leadertech
[2011/06/25 13:00:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Sammsoft
[2011/03/12 16:39:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\TaxCut
[2010/05/08 13:47:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\TechWizard
[2011/06/20 19:29:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\uTorrent
[2009/03/29 21:51:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Windows Desktop Search
[2009/05/18 08:18:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Windows Search
[2006/06/11 00:15:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\WinPatrol

========== Purity Check ==========



========== Custom Scans ==========


< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/11/09 18:42:21 | 000,713,560 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/11/09 18:42:21 | 000,713,560 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/11/09 18:42:21 | 000,713,560 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/11/09 18:42:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: firefox.exe -safe-mode
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/11/04 06:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/11/04 06:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/11/04 06:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command\\: "C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE" [2001/08/23 07:00:00 | 000,090,112 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2011/11/10 17:19:40 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2011/11/10 17:19:40 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2011/11/10 17:19:40 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2011/11/10 17:19:40 | 002,388,848 | ---- | M] (Apple Inc.)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/11/09 18:42:21 | 000,713,560 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/11/09 18:42:21 | 000,713,560 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/11/09 18:42:21 | 000,713,560 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/11/09 18:42:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: firefox.exe -safe-mode
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/11/04 06:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/11/04 06:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/11/04 06:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command\\: "C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE" [2001/08/23 07:00:00 | 000,090,112 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2011/11/10 17:19:40 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2011/11/10 17:19:40 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2011/11/10 17:19:40 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2011/11/10 17:19:40 | 002,388,848 | ---- | M] (Apple Inc.)

< %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-12-15 12:31:02

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Michael\Desktop\ccsetup314.exe:SummaryInformation

< End of report >


Once again thank you

#5 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:02:09 PM

Posted 05 January 2012 - 01:02 AM

Hi drkfluff!

thank you for your help!

Not a problem! Glad to be able to help you! :)

It looks like you're infected with ZeroAccess (ZAccess).

ZeroAccess (Max++) Rootkit (aka: Sirefef) is a sophisticated rootkit that uses advanced technology to hide its presence in a system and can infect both x86 and x64 platforms. ZeroAccess is similar to the TDSS rootkit but has more self-protection mechanisms that can be used to disable anti-virus software resulting in "Access Denied" messages whenever you run a security application. For more specific information about this infection, please refer to:
Special thanks to quietman7 for providing the above information.


NEXT:



Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:



Running ComboFix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon.
They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks
    Posted Image
    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#6 drkfluff

drkfluff
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:02:09 PM

Posted 05 January 2012 - 04:43 AM

I can't seem to completely turn McAfee Enterprise off and can't find how

#7 drkfluff

drkfluff
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:02:09 PM

Posted 05 January 2012 - 04:43 AM

I can't seem to completely turn McAfee Enterprise off and can't find how

#8 drkfluff

drkfluff
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:02:09 PM

Posted 05 January 2012 - 04:54 AM

I can't seem to completely turn McAfee Enterprise off and can't find how; Thought I had it turned off but Combofix says it is running and to turn it off before proceeding

Edited by drkfluff, 05 January 2012 - 04:55 AM.


#9 drkfluff

drkfluff
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:02:09 PM

Posted 05 January 2012 - 06:38 AM

I hate McAfee! it deleted ComboFix on reboot but here is the log:


ComboFix 12-01-05.01 - Michael 01/05/2012 5:48.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1476 [GMT -5:00]
Running from: c:\documents and settings\Michael\Desktop\ComboFix.exe
AV: McAfee VirusScan Enterprise+AntiSpyware Enterprise *Enabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Michael\Desktop\Search.lnk
c:\documents and settings\Michael\WINDOWS
C:\install.exe
c:\windows\$NtUninstallKB58460$\4054674337
c:\windows\$NtUninstallKB58460$\71295075\@
c:\windows\$NtUninstallKB58460$\71295075\bckfg.tmp
c:\windows\$NtUninstallKB58460$\71295075\cfg.ini
c:\windows\$NtUninstallKB58460$\71295075\Desktop.ini
c:\windows\$NtUninstallKB58460$\71295075\keywords
c:\windows\$NtUninstallKB58460$\71295075\kwrd.dll
c:\windows\$NtUninstallKB58460$\71295075\L\akygdmgo
c:\windows\$NtUninstallKB58460$\71295075\lsflt7.ver
c:\windows\$NtUninstallKB58460$\71295075\U\00000001.@
c:\windows\$NtUninstallKB58460$\71295075\U\00000002.@
c:\windows\$NtUninstallKB58460$\71295075\U\00000004.@
c:\windows\$NtUninstallKB58460$\71295075\U\80000000.@
c:\windows\$NtUninstallKB58460$\71295075\U\80000004.@
c:\windows\$NtUninstallKB58460$\71295075\U\80000032.@
c:\windows\bwUnin-6.1.4.68-8876480L.exe
c:\windows\bwUnin-7.2.0.157-8876480SL.exe
c:\windows\bwUnin-8.1.1.50-8876480SL.exe
c:\windows\SET42F.tmp
c:\windows\SET506.tmp
c:\windows\SET5E9.tmp
c:\windows\SET6D2.tmp
c:\windows\SET7B8.tmp
c:\windows\SET8AD.tmp
c:\windows\SET98F.tmp
c:\windows\SETA7E.tmp
c:\windows\system32\_004629_.tmp.dll
c:\windows\system32\_004630_.tmp.dll
c:\windows\system32\_004631_.tmp.dll
c:\windows\system32\_004632_.tmp.dll
c:\windows\system32\_004639_.tmp.dll
c:\windows\system32\_004640_.tmp.dll
c:\windows\system32\_004641_.tmp.dll
c:\windows\system32\_004642_.tmp.dll
c:\windows\system32\_004643_.tmp.dll
c:\windows\system32\_004644_.tmp.dll
c:\windows\system32\_004645_.tmp.dll
c:\windows\system32\_004646_.tmp.dll
c:\windows\system32\_004647_.tmp.dll
c:\windows\system32\_004648_.tmp.dll
c:\windows\system32\_004649_.tmp.dll
c:\windows\system32\_004650_.tmp.dll
c:\windows\system32\_004651_.tmp.dll
c:\windows\system32\_004652_.tmp.dll
c:\windows\system32\_004653_.tmp.dll
c:\windows\system32\_004654_.tmp.dll
c:\windows\system32\_004655_.tmp.dll
c:\windows\system32\_004656_.tmp.dll
c:\windows\system32\_004657_.tmp.dll
c:\windows\system32\_004658_.tmp.dll
c:\windows\system32\_004659_.tmp.dll
c:\windows\system32\_004661_.tmp.dll
c:\windows\system32\_004662_.tmp.dll
c:\windows\system32\_004663_.tmp.dll
c:\windows\system32\_004664_.tmp.dll
c:\windows\system32\_004665_.tmp.dll
c:\windows\system32\_004666_.tmp.dll
c:\windows\system32\_004667_.tmp.dll
c:\windows\system32\_004668_.tmp.dll
c:\windows\system32\_004669_.tmp.dll
c:\windows\system32\_004670_.tmp.dll
c:\windows\system32\_004671_.tmp.dll
c:\windows\system32\_004672_.tmp.dll
c:\windows\system32\_004673_.tmp.dll
c:\windows\system32\_004674_.tmp.dll
c:\windows\system32\_004675_.tmp.dll
c:\windows\system32\_004676_.tmp.dll
c:\windows\system32\_004677_.tmp.dll
c:\windows\system32\_004678_.tmp.dll
c:\windows\system32\_004679_.tmp.dll
c:\windows\system32\_004680_.tmp.dll
c:\windows\system32\_004681_.tmp.dll
c:\windows\system32\_004682_.tmp.dll
c:\windows\system32\_004683_.tmp.dll
c:\windows\system32\_004684_.tmp.dll
c:\windows\system32\_004685_.tmp.dll
c:\windows\system32\_004686_.tmp.dll
c:\windows\system32\_004687_.tmp.dll
c:\windows\system32\_004688_.tmp.dll
c:\windows\system32\_004689_.tmp.dll
c:\windows\system32\_004690_.tmp.dll
c:\windows\system32\_004691_.tmp.dll
c:\windows\system32\_004692_.tmp.dll
c:\windows\system32\_004693_.tmp.dll
c:\windows\system32\_004694_.tmp.dll
c:\windows\system32\_004695_.tmp.dll
c:\windows\system32\_004696_.tmp.dll
c:\windows\system32\_004697_.tmp.dll
c:\windows\system32\_004698_.tmp.dll
c:\windows\system32\_004699_.tmp.dll
c:\windows\system32\_004700_.tmp.dll
c:\windows\system32\_004701_.tmp.dll
c:\windows\system32\_004702_.tmp.dll
c:\windows\system32\_004703_.tmp.dll
c:\windows\system32\_004704_.tmp.dll
c:\windows\system32\_004705_.tmp.dll
c:\windows\system32\_004706_.tmp.dll
c:\windows\system32\_004707_.tmp.dll
c:\windows\system32\_004708_.tmp.dll
c:\windows\system32\_004709_.tmp.dll
c:\windows\system32\_004710_.tmp.dll
c:\windows\system32\_004711_.tmp.dll
c:\windows\system32\_004712_.tmp.dll
c:\windows\system32\_004713_.tmp.dll
c:\windows\system32\_004714_.tmp.dll
c:\windows\system32\_004715_.tmp.dll
c:\windows\system32\_004716_.tmp.dll
c:\windows\system32\_004717_.tmp.dll
c:\windows\system32\_004718_.tmp.dll
c:\windows\system32\_004719_.tmp.dll
c:\windows\system32\_004720_.tmp.dll
c:\windows\system32\_004721_.tmp.dll
c:\windows\system32\_004722_.tmp.dll
c:\windows\system32\_004723_.tmp.dll
c:\windows\system32\_004724_.tmp.dll
c:\windows\system32\_004725_.tmp.dll
c:\windows\system32\_004726_.tmp.dll
c:\windows\system32\_004727_.tmp.dll
c:\windows\system32\_004728_.tmp.dll
c:\windows\system32\_004729_.tmp.dll
c:\windows\system32\_004730_.tmp.dll
c:\windows\system32\_004731_.tmp.dll
c:\windows\system32\_004732_.tmp.dll
c:\windows\system32\_004733_.tmp.dll
c:\windows\system32\_004734_.tmp.dll
c:\windows\system32\_004735_.tmp.dll
c:\windows\system32\_004736_.tmp.dll
c:\windows\system32\_004737_.tmp.dll
c:\windows\system32\_004738_.tmp.dll
c:\windows\system32\_004739_.tmp.dll
c:\windows\system32\_004740_.tmp.dll
c:\windows\system32\_004741_.tmp.dll
c:\windows\system32\_004742_.tmp.dll
c:\windows\system32\_004743_.tmp.dll
c:\windows\system32\_004744_.tmp.dll
c:\windows\system32\_004745_.tmp.dll
c:\windows\system32\_004746_.tmp.dll
c:\windows\system32\_004747_.tmp.dll
c:\windows\system32\_004748_.tmp.dll
c:\windows\system32\_004749_.tmp.dll
c:\windows\system32\_004750_.tmp.dll
c:\windows\system32\_004751_.tmp.dll
c:\windows\system32\_004752_.tmp.dll
c:\windows\system32\_004753_.tmp.dll
c:\windows\system32\_004754_.tmp.dll
c:\windows\system32\_004755_.tmp.dll
c:\windows\system32\_004756_.tmp.dll
c:\windows\system32\_004757_.tmp.dll
c:\windows\system32\_004758_.tmp.dll
c:\windows\system32\_004759_.tmp.dll
c:\windows\system32\_004760_.tmp.dll
c:\windows\system32\_004761_.tmp.dll
c:\windows\system32\_004762_.tmp.dll
c:\windows\system32\_004763_.tmp.dll
c:\windows\system32\_004764_.tmp.dll
c:\windows\system32\_004765_.tmp.dll
c:\windows\system32\_004766_.tmp.dll
c:\windows\system32\_004767_.tmp.dll
c:\windows\system32\_004768_.tmp.dll
c:\windows\system32\_004769_.tmp.dll
c:\windows\system32\_004770_.tmp.dll
c:\windows\system32\_004771_.tmp.dll
c:\windows\system32\_004773_.tmp.dll
c:\windows\system32\_004774_.tmp.dll
c:\windows\system32\_004775_.tmp.dll
c:\windows\system32\_004776_.tmp.dll
c:\windows\system32\_004777_.tmp.dll
c:\windows\system32\_004778_.tmp.dll
c:\windows\system32\_004779_.tmp.dll
c:\windows\system32\_004781_.tmp.dll
c:\windows\system32\_004782_.tmp.dll
c:\windows\system32\_004783_.tmp.dll
c:\windows\system32\_004784_.tmp.dll
c:\windows\system32\_004785_.tmp.dll
c:\windows\system32\_004786_.tmp.dll
c:\windows\system32\_004787_.tmp.dll
c:\windows\system32\_004788_.tmp.dll
c:\windows\system32\_004789_.tmp.dll
c:\windows\system32\_004790_.tmp.dll
c:\windows\system32\_004791_.tmp.dll
c:\windows\system32\_004792_.tmp.dll
c:\windows\system32\_004793_.tmp.dll
c:\windows\system32\_004794_.tmp.dll
c:\windows\system32\_004795_.tmp.dll
c:\windows\system32\_004796_.tmp.dll
c:\windows\system32\_004797_.tmp.dll
c:\windows\system32\_004799_.tmp.dll
c:\windows\system32\_004800_.tmp.dll
c:\windows\system32\_004801_.tmp.dll
c:\windows\system32\_004802_.tmp.dll
c:\windows\system32\_004804_.tmp.dll
c:\windows\system32\_004806_.tmp.dll
c:\windows\system32\_004807_.tmp.dll
c:\windows\system32\_004808_.tmp.dll
c:\windows\system32\_004809_.tmp.dll
c:\windows\system32\_004810_.tmp.dll
c:\windows\system32\_004811_.tmp.dll
c:\windows\system32\_004812_.tmp.dll
c:\windows\system32\_004814_.tmp.dll
c:\windows\system32\_004815_.tmp.dll
c:\windows\system32\_004816_.tmp.dll
c:\windows\system32\_004817_.tmp.dll
c:\windows\system32\_004818_.tmp.dll
c:\windows\system32\_004819_.tmp.dll
c:\windows\system32\_004820_.tmp.dll
c:\windows\system32\_004821_.tmp.dll
c:\windows\system32\_004822_.tmp.dll
c:\windows\system32\_004823_.tmp.dll
c:\windows\system32\_004824_.tmp.dll
c:\windows\system32\_004825_.tmp.dll
c:\windows\system32\_004826_.tmp.dll
c:\windows\system32\_004827_.tmp.dll
c:\windows\system32\_004828_.tmp.dll
c:\windows\system32\_004829_.tmp.dll
c:\windows\system32\_004830_.tmp.dll
c:\windows\system32\_004832_.tmp.dll
c:\windows\system32\_004833_.tmp.dll
c:\windows\system32\_004834_.tmp.dll
c:\windows\system32\_004835_.tmp.dll
c:\windows\system32\_004837_.tmp.dll
c:\windows\system32\_004839_.tmp.dll
c:\windows\system32\_004840_.tmp.dll
c:\windows\system32\_004841_.tmp.dll
c:\windows\system32\_004842_.tmp.dll
c:\windows\system32\_004843_.tmp.dll
c:\windows\system32\_004844_.tmp.dll
c:\windows\system32\_004845_.tmp.dll
c:\windows\system32\_004847_.tmp.dll
c:\windows\system32\_004848_.tmp.dll
c:\windows\system32\_004849_.tmp.dll
c:\windows\system32\_004850_.tmp.dll
c:\windows\system32\_004851_.tmp.dll
c:\windows\system32\_004852_.tmp.dll
c:\windows\system32\_004853_.tmp.dll
c:\windows\system32\_004854_.tmp.dll
c:\windows\system32\_004856_.tmp.dll
c:\windows\system32\_004857_.tmp.dll
c:\windows\system32\_004859_.tmp.dll
c:\windows\system32\_004860_.tmp.dll
c:\windows\system32\_004862_.tmp.dll
c:\windows\system32\_004863_.tmp.dll
c:\windows\system32\_004867_.tmp.dll
c:\windows\system32\_004868_.tmp.dll
c:\windows\system32\_004870_.tmp.dll
c:\windows\system32\_004873_.tmp.dll
c:\windows\system32\_004875_.tmp.dll
c:\windows\system32\_004876_.tmp.dll
c:\windows\system32\_004877_.tmp.dll
c:\windows\system32\_004878_.tmp.dll
c:\windows\system32\_004881_.tmp.dll
c:\windows\system32\_004882_.tmp.dll
c:\windows\system32\_004883_.tmp.dll
c:\windows\system32\_004884_.tmp.dll
c:\windows\system32\_004885_.tmp.dll
c:\windows\system32\_004890_.tmp.dll
c:\windows\system32\_004892_.tmp.dll
c:\windows\system32\_004893_.tmp.dll
c:\windows\system32\_007061_.tmp.dll
c:\windows\system32\_007062_.tmp.dll
c:\windows\system32\_007063_.tmp.dll
c:\windows\system32\_007064_.tmp.dll
c:\windows\system32\_007071_.tmp.dll
c:\windows\system32\_007072_.tmp.dll
c:\windows\system32\_007073_.tmp.dll
c:\windows\system32\_007074_.tmp.dll
c:\windows\system32\_007076_.tmp.dll
c:\windows\system32\_007077_.tmp.dll
c:\windows\system32\_007080_.tmp.dll
c:\windows\system32\_007081_.tmp.dll
c:\windows\system32\_007083_.tmp.dll
c:\windows\system32\_007084_.tmp.dll
c:\windows\system32\_007085_.tmp.dll
c:\windows\system32\_007087_.tmp.dll
c:\windows\system32\_007090_.tmp.dll
c:\windows\system32\_007091_.tmp.dll
c:\windows\system32\_007095_.tmp.dll
c:\windows\system32\_007096_.tmp.dll
c:\windows\system32\_007098_.tmp.dll
c:\windows\system32\_007101_.tmp.dll
c:\windows\system32\_007103_.tmp.dll
c:\windows\system32\_007104_.tmp.dll
c:\windows\system32\_007105_.tmp.dll
c:\windows\system32\_007106_.tmp.dll
c:\windows\system32\_007107_.tmp.dll
c:\windows\system32\_007110_.tmp.dll
c:\windows\system32\_007111_.tmp.dll
c:\windows\system32\_007112_.tmp.dll
c:\windows\system32\_007113_.tmp.dll
c:\windows\system32\_007114_.tmp.dll
c:\windows\system32\_007119_.tmp.dll
c:\windows\system32\_007121_.tmp.dll
c:\windows\system32\_007122_.tmp.dll
c:\windows\system32\linkinfo(2).dll
c:\windows\system32\service
c:\windows\system32\service\01072009_TIS17_SfFniAU.log
c:\windows\system32\service\02072009_TIS17_SfFniAU.log
c:\windows\system32\service\05042010_TIS17_SfFniAU.log
c:\windows\system32\service\08022009_TIS17_SfFniAU.log
c:\windows\system32\service\10042009_TIS17_SfFniAU.log
c:\windows\system32\service\12062009_TIS17_SfFniAU.log
c:\windows\system32\service\13042010_TIS17_SfFniAU.log
c:\windows\system32\service\21072009_TIS17_SfFniAU.log
c:\windows\system32\service\22032009_TIS17_SfFniAU.log
c:\windows\system32\service\23022009_TIS17_SfFniAU.log
c:\windows\system32\service\26032009_TIS17_SfFniAU.log
c:\windows\system32\service\28052009_TIS17_SfFniAU.log
c:\windows\system32\service\29032009_TIS17_SfFniAU.log
c:\windows\system32\service\29122008_TIS17_SfFniAU.log
c:\windows\system32\service\30032010_TIS17_SfFniAU.log
c:\windows\system32\service\30072009_TIS17_SfFniAU.log
c:\windows\system32\SET1062.tmp
c:\windows\system32\SET1063.tmp
c:\windows\system32\SET1066.tmp
c:\windows\system32\SET106B.tmp
c:\windows\system32\SET109D.tmp
c:\windows\system32\SET10E1.tmp
c:\windows\system32\SET114.tmp
c:\windows\system32\SET1145.tmp
c:\windows\system32\SET1146.tmp
c:\windows\system32\SET1149.tmp
c:\windows\system32\SET114A.tmp
c:\windows\system32\SET114E.tmp
c:\windows\system32\SET115.tmp
c:\windows\system32\SET116.tmp
c:\windows\system32\SET117.tmp
c:\windows\system32\SET118.tmp
c:\windows\system32\SET1180.tmp
c:\windows\system32\SET11A.tmp
c:\windows\system32\SET11B.tmp
c:\windows\system32\SET11C.tmp
c:\windows\system32\SET11E.tmp
c:\windows\system32\SET11F.tmp
c:\windows\system32\SET120.tmp
c:\windows\system32\SET122.tmp
c:\windows\system32\SET122F.tmp
c:\windows\system32\SET123.tmp
c:\windows\system32\SET1232.tmp
c:\windows\system32\SET1233.tmp
c:\windows\system32\SET1237.tmp
c:\windows\system32\SET124.tmp
c:\windows\system32\SET126.tmp
c:\windows\system32\SET1269.tmp
c:\windows\system32\SET128.tmp
c:\windows\system32\SET129.tmp
c:\windows\system32\SET12A.tmp
c:\windows\system32\SET12B.tmp
c:\windows\system32\SET12C.tmp
c:\windows\system32\SET12D.tmp
c:\windows\system32\SET12E.tmp
c:\windows\system32\SET12F.tmp
c:\windows\system32\SET130.tmp
c:\windows\system32\SET131.tmp
c:\windows\system32\SET1314.tmp
c:\windows\system32\SET1315.tmp
c:\windows\system32\SET1318.tmp
c:\windows\system32\SET131D.tmp
c:\windows\system32\SET132.tmp
c:\windows\system32\SET133.tmp
c:\windows\system32\SET134.tmp
c:\windows\system32\SET134F.tmp
c:\windows\system32\SET135.tmp
c:\windows\system32\SET136.tmp
c:\windows\system32\SET137.tmp
c:\windows\system32\SET138.tmp
c:\windows\system32\SET139.tmp
c:\windows\system32\SET13A.tmp
c:\windows\system32\SET13B.tmp
c:\windows\system32\SET13C.tmp
c:\windows\system32\SET13D.tmp
c:\windows\system32\SET13E.tmp
c:\windows\system32\SET13F.tmp
c:\windows\system32\SET140.tmp
c:\windows\system32\SET1409.tmp
c:\windows\system32\SET140C.tmp
c:\windows\system32\SET141.tmp
c:\windows\system32\SET1411.tmp
c:\windows\system32\SET142.tmp
c:\windows\system32\SET143.tmp
c:\windows\system32\SET144.tmp
c:\windows\system32\SET1443.tmp
c:\windows\system32\SET145.tmp
c:\windows\system32\SET146.tmp
c:\windows\system32\SET147.tmp
c:\windows\system32\SET148.tmp
c:\windows\system32\SET149.tmp
c:\windows\system32\SET14A.tmp
c:\windows\system32\SET14B.tmp
c:\windows\system32\SET14C.tmp
c:\windows\system32\SET14D.tmp
c:\windows\system32\SET14E.tmp
c:\windows\system32\SET14EA.tmp
c:\windows\system32\SET14EB.tmp
c:\windows\system32\SET14EE.tmp
c:\windows\system32\SET14F.tmp
c:\windows\system32\SET14F3.tmp
c:\windows\system32\SET150.tmp
c:\windows\system32\SET151.tmp
c:\windows\system32\SET152.tmp
c:\windows\system32\SET1525.tmp
c:\windows\system32\SET153.tmp
c:\windows\system32\SET154.tmp
c:\windows\system32\SET155.tmp
c:\windows\system32\SET156.tmp
c:\windows\system32\SET157.tmp
c:\windows\system32\SET158.tmp
c:\windows\system32\SET159.tmp
c:\windows\system32\SET15A.tmp
c:\windows\system32\SET15B.tmp
c:\windows\system32\SET15C.tmp
c:\windows\system32\SET15D.tmp
c:\windows\system32\SET15DA.tmp
c:\windows\system32\SET15DD.tmp
c:\windows\system32\SET15DE.tmp
c:\windows\system32\SET15E.tmp
c:\windows\system32\SET15E2.tmp
c:\windows\system32\SET15F.tmp
c:\windows\system32\SET160.tmp
c:\windows\system32\SET161.tmp
c:\windows\system32\SET1614.tmp
c:\windows\system32\SET162.tmp
c:\windows\system32\SET163.tmp
c:\windows\system32\SET164.tmp
c:\windows\system32\SET165.tmp
c:\windows\system32\SET166.tmp
c:\windows\system32\SET167.tmp
c:\windows\system32\SET168.tmp
c:\windows\system32\SET169.tmp
c:\windows\system32\SET16A.tmp
c:\windows\system32\SET16B.tmp
c:\windows\system32\SET16C.tmp
c:\windows\system32\SET16D.tmp
c:\windows\system32\SET16E.tmp
c:\windows\system32\SET16F.tmp
c:\windows\system32\SET170.tmp
c:\windows\system32\SET171.tmp
c:\windows\system32\SET172.tmp
c:\windows\system32\SET173.tmp
c:\windows\system32\SET174.tmp
c:\windows\system32\SET175.tmp
c:\windows\system32\SET176.tmp
c:\windows\system32\SET177.tmp
c:\windows\system32\SET178.tmp
c:\windows\system32\SET179.tmp
c:\windows\system32\SET17A.tmp
c:\windows\system32\SET17B.tmp
c:\windows\system32\SET17C.tmp
c:\windows\system32\SET17D.tmp
c:\windows\system32\SET17E.tmp
c:\windows\system32\SET17F.tmp
c:\windows\system32\SET180.tmp
c:\windows\system32\SET181.tmp
c:\windows\system32\SET182.tmp
c:\windows\system32\SET183.tmp
c:\windows\system32\SET184.tmp
c:\windows\system32\SET185.tmp
c:\windows\system32\SET186.tmp
c:\windows\system32\SET187.tmp
c:\windows\system32\SET188.tmp
c:\windows\system32\SET189.tmp
c:\windows\system32\SET18A.tmp
c:\windows\system32\SET18B.tmp
c:\windows\system32\SET18C.tmp
c:\windows\system32\SET18D.tmp
c:\windows\system32\SET18E.tmp
c:\windows\system32\SET18F.tmp
c:\windows\system32\SET190.tmp
c:\windows\system32\SET191.tmp
c:\windows\system32\SET192.tmp
c:\windows\system32\SET193.tmp
c:\windows\system32\SET194.tmp
c:\windows\system32\SET195.tmp
c:\windows\system32\SET196.tmp
c:\windows\system32\SET197.tmp
c:\windows\system32\SET198.tmp
c:\windows\system32\SET199.tmp
c:\windows\system32\SET19A.tmp
c:\windows\system32\SET19B.tmp
c:\windows\system32\SET19C.tmp
c:\windows\system32\SET19D.tmp
c:\windows\system32\SET19E.tmp
c:\windows\system32\SET19F.tmp
c:\windows\system32\SET1A0.tmp
c:\windows\system32\SET1A1.tmp
c:\windows\system32\SET1A2.tmp
c:\windows\system32\SET1A3.tmp
c:\windows\system32\SET1A4.tmp
c:\windows\system32\SET1A5.tmp
c:\windows\system32\SET1A6.tmp
c:\windows\system32\SET1A7.tmp
c:\windows\system32\SET1A8.tmp
c:\windows\system32\SET1A9.tmp
c:\windows\system32\SET1AA.tmp
c:\windows\system32\SET1AB.tmp
c:\windows\system32\SET1AC.tmp
c:\windows\system32\SET1AD.tmp
c:\windows\system32\SET1AE.tmp
c:\windows\system32\SET1AF.tmp
c:\windows\system32\SET1B0.tmp
c:\windows\system32\SET1B1.tmp
c:\windows\system32\SET1B2.tmp
c:\windows\system32\SET1B3.tmp
c:\windows\system32\SET1B4.tmp
c:\windows\system32\SET1B5.tmp
c:\windows\system32\SET1B6.tmp
c:\windows\system32\SET1B7.tmp
c:\windows\system32\SET1B8.tmp
c:\windows\system32\SET1B9.tmp
c:\windows\system32\SET1BA.tmp
c:\windows\system32\SET1BB.tmp
c:\windows\system32\SET1BD.tmp
c:\windows\system32\SET1BE.tmp
c:\windows\system32\SET1BF.tmp
c:\windows\system32\SET1C0.tmp
c:\windows\system32\SET1C1.tmp
c:\windows\system32\SET1C2.tmp
c:\windows\system32\SET1C3.tmp
c:\windows\system32\SET1C4.tmp
c:\windows\system32\SET1C5.tmp
c:\windows\system32\SET1C6.tmp
c:\windows\system32\SET1C7.tmp
c:\windows\system32\SET1C8.tmp
c:\windows\system32\SET1C9.tmp
c:\windows\system32\SET1CA.tmp
c:\windows\system32\SET1CB.tmp
c:\windows\system32\SET1CC.tmp
c:\windows\system32\SET1CD.tmp
c:\windows\system32\SET1CE.tmp
c:\windows\system32\SET1CF.tmp
c:\windows\system32\SET1D0.tmp
c:\windows\system32\SET1D1.tmp
c:\windows\system32\SET1D2.tmp
c:\windows\system32\SET1D3.tmp
c:\windows\system32\SET1D4.tmp
c:\windows\system32\SET1D5.tmp
c:\windows\system32\SET1D6.tmp
c:\windows\system32\SET1D7.tmp
c:\windows\system32\SET1D8.tmp
c:\windows\system32\SET1D9.tmp
c:\windows\system32\SET1DA.tmp
c:\windows\system32\SET1DB.tmp
c:\windows\system32\SET1DC.tmp
c:\windows\system32\SET1DD.tmp
c:\windows\system32\SET1DE.tmp
c:\windows\system32\SET1DF.tmp
c:\windows\system32\SET1E0.tmp
c:\windows\system32\SET1E1.tmp
c:\windows\system32\SET1E2.tmp
c:\windows\system32\SET1E3.tmp
c:\windows\system32\SET1E4.tmp
c:\windows\system32\SET1E5.tmp
c:\windows\system32\SET1E6.tmp
c:\windows\system32\SET1E7.tmp
c:\windows\system32\SET1E8.tmp
c:\windows\system32\SET1E9.tmp
c:\windows\system32\SET1EA.tmp
c:\windows\system32\SET1EB.tmp
c:\windows\system32\SET1EC.tmp
c:\windows\system32\SET1ED.tmp
c:\windows\system32\SET1EE.tmp
c:\windows\system32\SET1EF.tmp
c:\windows\system32\SET1F0.tmp
c:\windows\system32\SET1F1.tmp
c:\windows\system32\SET1F3.tmp
c:\windows\system32\SET1F4.tmp
c:\windows\system32\SET1F5.tmp
c:\windows\system32\SET1F6.tmp
c:\windows\system32\SET1F7.tmp
c:\windows\system32\SET1F8.tmp
c:\windows\system32\SET1F9.tmp
c:\windows\system32\SET1FA.tmp
c:\windows\system32\SET1FB.tmp
c:\windows\system32\SET1FC.tmp
c:\windows\system32\SET1FD.tmp
c:\windows\system32\SET1FE.tmp
c:\windows\system32\SET1FF.tmp
c:\windows\system32\SET200.tmp
c:\windows\system32\SET201.tmp
c:\windows\system32\SET202.tmp
c:\windows\system32\SET203.tmp
c:\windows\system32\SET204.tmp
c:\windows\system32\SET205.tmp
c:\windows\system32\SET206.tmp
c:\windows\system32\SET207.tmp
c:\windows\system32\SET208.tmp
c:\windows\system32\SET209.tmp
c:\windows\system32\SET20A.tmp
c:\windows\system32\SET20B.tmp
c:\windows\system32\SET20C.tmp
c:\windows\system32\SET20D.tmp
c:\windows\system32\SET20E.tmp
c:\windows\system32\SET20F.tmp
c:\windows\system32\SET210.tmp
c:\windows\system32\SET211.tmp
c:\windows\system32\SET212.tmp
c:\windows\system32\SET213.tmp
c:\windows\system32\SET214.tmp
c:\windows\system32\SET215.tmp
c:\windows\system32\SET216.tmp
c:\windows\system32\SET217.tmp
c:\windows\system32\SET218.tmp
c:\windows\system32\SET219.tmp
c:\windows\system32\SET21A.tmp
c:\windows\system32\SET21B.tmp
c:\windows\system32\SET21C.tmp
c:\windows\system32\SET21D.tmp
c:\windows\system32\SET21E.tmp
c:\windows\system32\SET21F.tmp
c:\windows\system32\SET220.tmp
c:\windows\system32\SET221.tmp
c:\windows\system32\SET222.tmp
c:\windows\system32\SET223.tmp
c:\windows\system32\SET224.tmp
c:\windows\system32\SET225.tmp
c:\windows\system32\SET226.tmp
c:\windows\system32\SET228.tmp
c:\windows\system32\SET229.tmp
c:\windows\system32\SET22A.tmp
c:\windows\system32\SET22B.tmp
c:\windows\system32\SET22C.tmp
c:\windows\system32\SET22D.tmp
c:\windows\system32\SET22E.tmp
c:\windows\system32\SET22F.tmp
c:\windows\system32\SET230.tmp
c:\windows\system32\SET231.tmp
c:\windows\system32\SET232.tmp
c:\windows\system32\SET233.tmp
c:\windows\system32\SET234.tmp
c:\windows\system32\SET235.tmp
c:\windows\system32\SET236.tmp
c:\windows\system32\SET237.tmp
c:\windows\system32\SET238.tmp
c:\windows\system32\SET239.tmp
c:\windows\system32\SET23A.tmp
c:\windows\system32\SET23B.tmp
c:\windows\system32\SET23C.tmp
c:\windows\system32\SET23D.tmp
c:\windows\system32\SET23E.tmp
c:\windows\system32\SET23F.tmp
c:\windows\system32\SET240.tmp
c:\windows\system32\SET241.tmp
c:\windows\system32\SET242.tmp
c:\windows\system32\SET243.tmp
c:\windows\system32\SET244.tmp
c:\windows\system32\SET245.tmp
c:\windows\system32\SET246.tmp
c:\windows\system32\SET247.tmp
c:\windows\system32\SET248.tmp
c:\windows\system32\SET249.tmp
c:\windows\system32\SET24A.tmp
c:\windows\system32\SET24B.tmp
c:\windows\system32\SET24C.tmp
c:\windows\system32\SET24D.tmp
c:\windows\system32\SET24E.tmp
c:\windows\system32\SET24F.tmp
c:\windows\system32\SET250.tmp
c:\windows\system32\SET251.tmp
c:\windows\system32\SET252.tmp
c:\windows\system32\SET253.tmp
c:\windows\system32\SET254.tmp
c:\windows\system32\SET255.tmp
c:\windows\system32\SET256.tmp
c:\windows\system32\SET257.tmp
c:\windows\system32\SET258.tmp
c:\windows\system32\SET259.tmp
c:\windows\system32\SET25A.tmp
c:\windows\system32\SET25B.tmp
c:\windows\system32\SET25D.tmp
c:\windows\system32\SET25E.tmp
c:\windows\system32\SET260.tmp
c:\windows\system32\SET261.tmp
c:\windows\system32\SET262.tmp
c:\windows\system32\SET263.tmp
c:\windows\system32\SET264.tmp
c:\windows\system32\SET265.tmp
c:\windows\system32\SET266.tmp
c:\windows\system32\SET267.tmp
c:\windows\system32\SET268.tmp
c:\windows\system32\SET269.tmp
c:\windows\system32\SET26A.tmp
c:\windows\system32\SET26B.tmp
c:\windows\system32\SET26C.tmp
c:\windows\system32\SET26D.tmp
c:\windows\system32\SET26E.tmp
c:\windows\system32\SET26F.tmp
c:\windows\system32\SET270.tmp
c:\windows\system32\SET271.tmp
c:\windows\system32\SET272.tmp
c:\windows\system32\SET273.tmp
c:\windows\system32\SET274.tmp
c:\windows\system32\SET275.tmp
c:\windows\system32\SET276.tmp
c:\windows\system32\SET277.tmp
c:\windows\system32\SET278.tmp
c:\windows\system32\SET279.tmp
c:\windows\system32\SET27A.tmp
c:\windows\system32\SET27B.tmp
c:\windows\system32\SET27D.tmp
c:\windows\system32\SET27E.tmp
c:\windows\system32\SET27F.tmp
c:\windows\system32\SET280.tmp
c:\windows\system32\SET281.tmp
c:\windows\system32\SET282.tmp
c:\windows\system32\SET284.tmp
c:\windows\system32\SET285.tmp
c:\windows\system32\SET286.tmp
c:\windows\system32\SET287.tmp
c:\windows\system32\SET288.tmp
c:\windows\system32\SET289.tmp
c:\windows\system32\SET28A.tmp
c:\windows\system32\SET28B.tmp
c:\windows\system32\SET28C.tmp
c:\windows\system32\SET28D.tmp
c:\windows\system32\SET28E.tmp
c:\windows\system32\SET28F.tmp
c:\windows\system32\SET290.tmp
c:\windows\system32\SET291.tmp
c:\windows\system32\SET292.tmp
c:\windows\system32\SET293.tmp
c:\windows\system32\SET294.tmp
c:\windows\system32\SET295.tmp
c:\windows\system32\SET296.tmp
c:\windows\system32\SET297.tmp
c:\windows\system32\SET298.tmp
c:\windows\system32\SET299.tmp
c:\windows\system32\SET29A.tmp
c:\windows\system32\SET29B.tmp
c:\windows\system32\SET29C.tmp
c:\windows\system32\SET29D.tmp
c:\windows\system32\SET29E.tmp
c:\windows\system32\SET29F.tmp
c:\windows\system32\SET2A0.tmp
c:\windows\system32\SET2A1.tmp
c:\windows\system32\SET2A2.tmp
c:\windows\system32\SET2A3.tmp
c:\windows\system32\SET2A4.tmp
c:\windows\system32\SET2A5.tmp
c:\windows\system32\SET2A6.tmp
c:\windows\system32\SET2A7.tmp
c:\windows\system32\SET2A8.tmp
c:\windows\system32\SET2A9.tmp
c:\windows\system32\SET2AA.tmp
c:\windows\system32\SET2AB.tmp
c:\windows\system32\SET2AC.tmp
c:\windows\system32\SET2AD.tmp
c:\windows\system32\SET2AE.tmp
c:\windows\system32\SET2AF.tmp
c:\windows\system32\SET2B0.tmp
c:\windows\system32\SET2B1.tmp
c:\windows\system32\SET2B2.tmp
c:\windows\system32\SET2B3.tmp
c:\windows\system32\SET2B4.tmp
c:\windows\system32\SET2B5.tmp
c:\windows\system32\SET2B6.tmp
c:\windows\system32\SET2B7.tmp
c:\windows\system32\SET2B8.tmp
c:\windows\system32\SET2B9.tmp
c:\windows\system32\SET2BA.tmp
c:\windows\system32\SET2BB.tmp
c:\windows\system32\SET2BC.tmp
c:\windows\system32\SET2BD.tmp
c:\windows\system32\SET2BE.tmp
c:\windows\system32\SET2BF.tmp
c:\windows\system32\SET2C0.tmp
c:\windows\system32\SET2C1.tmp
c:\windows\system32\SET2C2.tmp
c:\windows\system32\SET2C3.tmp
c:\windows\system32\SET2C4.tmp
c:\windows\system32\SET2C5.tmp
c:\windows\system32\SET2C6.tmp
c:\windows\system32\SET2C7.tmp
c:\windows\system32\SET2C8.tmp
c:\windows\system32\SET2C9.tmp
c:\windows\system32\SET2CA.tmp
c:\windows\system32\SET2CB.tmp
c:\windows\system32\SET2CC.tmp
c:\windows\system32\SET2CD.tmp
c:\windows\system32\SET2CE.tmp
c:\windows\system32\SET2CF.tmp
c:\windows\system32\SET2D0.tmp
c:\windows\system32\SET2D1.tmp
c:\windows\system32\SET2D2.tmp
c:\windows\system32\SET2D3.tmp
c:\windows\system32\SET2D4.tmp
c:\windows\system32\SET2D5.tmp
c:\windows\system32\SET2D6.tmp
c:\windows\system32\SET2D7.tmp
c:\windows\system32\SET2D8.tmp
c:\windows\system32\SET2D9.tmp
c:\windows\system32\SET2DA.tmp
c:\windows\system32\SET2DB.tmp
c:\windows\system32\SET2DC.tmp
c:\windows\system32\SET2DD.tmp
c:\windows\system32\SET2DE.tmp
c:\windows\system32\SET2DF.tmp
c:\windows\system32\SET2E0.tmp
c:\windows\system32\SET2E1.tmp
c:\windows\system32\SET2E2.tmp
c:\windows\system32\SET2E3.tmp
c:\windows\system32\SET2E4.tmp
c:\windows\system32\SET2E5.tmp
c:\windows\system32\SET2E6.tmp
c:\windows\system32\SET2E7.tmp
c:\windows\system32\SET2E8.tmp
c:\windows\system32\SET2E9.tmp
c:\windows\system32\SET2EA.tmp
c:\windows\system32\SET2EB.tmp
c:\windows\system32\SET2EC.tmp
c:\windows\system32\SET2ED.tmp
c:\windows\system32\SET2EF.tmp
c:\windows\system32\SET2F0.tmp
c:\windows\system32\SET2F1.tmp
c:\windows\system32\SET2F2.tmp
c:\windows\system32\SET2F3.tmp
c:\windows\system32\SET2F4.tmp
c:\windows\system32\SET2F5.tmp
c:\windows\system32\SET2F6.tmp
c:\windows\system32\SET2F7.tmp
c:\windows\system32\SET2F8.tmp
c:\windows\system32\SET2F9.tmp
c:\windows\system32\SET2FA.tmp
c:\windows\system32\SET2FB.tmp
c:\windows\system32\SET2FC.tmp
c:\windows\system32\SET2FD.tmp
c:\windows\system32\SET2FE.tmp
c:\windows\system32\SET2FF.tmp
c:\windows\system32\SET300.tmp
c:\windows\system32\SET301.tmp
c:\windows\system32\SET302.tmp
c:\windows\system32\SET303.tmp
c:\windows\system32\SET304.tmp
c:\windows\system32\SET305.tmp
c:\windows\system32\SET306.tmp
c:\windows\system32\SET307.tmp
c:\windows\system32\SET308.tmp
c:\windows\system32\SET309.tmp
c:\windows\system32\SET30A.tmp
c:\windows\system32\SET30B.tmp
c:\windows\system32\SET30C.tmp
c:\windows\system32\SET30D.tmp
c:\windows\system32\SET30E.tmp
c:\windows\system32\SET30F.tmp
c:\windows\system32\SET310.tmp
c:\windows\system32\SET311.tmp
c:\windows\system32\SET312.tmp
c:\windows\system32\SET313.tmp
c:\windows\system32\SET314.tmp
c:\windows\system32\SET315.tmp
c:\windows\system32\SET316.tmp
c:\windows\system32\SET317.tmp
c:\windows\system32\SET318.tmp
c:\windows\system32\SET319.tmp
c:\windows\system32\SET31A.tmp
c:\windows\system32\SET31C.tmp
c:\windows\system32\SET31D.tmp
c:\windows\system32\SET31E.tmp
c:\windows\system32\SET31F.tmp
c:\windows\system32\SET320.tmp
c:\windows\system32\SET321.tmp
c:\windows\system32\SET322.tmp
c:\windows\system32\SET323.tmp
c:\windows\system32\SET324.tmp
c:\windows\system32\SET325.tmp
c:\windows\system32\SET326.tmp
c:\windows\system32\SET327.tmp
c:\windows\system32\SET328.tmp
c:\windows\system32\SET329.tmp
c:\windows\system32\SET32A.tmp
c:\windows\system32\SET32B.tmp
c:\windows\system32\SET32C.tmp
c:\windows\system32\SET32D.tmp
c:\windows\system32\SET32E.tmp
c:\windows\system32\SET32F.tmp
c:\windows\system32\SET330.tmp
c:\windows\system32\SET331.tmp
c:\windows\system32\SET332.tmp
c:\windows\system32\SET333.tmp
c:\windows\system32\SET334.tmp
c:\windows\system32\SET335.tmp
c:\windows\system32\SET336.tmp
c:\windows\system32\SET338.tmp
c:\windows\system32\SET339.tmp
c:\windows\system32\SET33A.tmp
c:\windows\system32\SET33B.tmp
c:\windows\system32\SET33C.tmp
c:\windows\system32\SET33D.tmp
c:\windows\system32\SET33E.tmp
c:\windows\system32\SET33F.tmp
c:\windows\system32\SET340.tmp
c:\windows\system32\SET341.tmp
c:\windows\system32\SET342.tmp
c:\windows\system32\SET343.tmp
c:\windows\system32\SET344.tmp
c:\windows\system32\SET345.tmp
c:\windows\system32\SET346.tmp
c:\windows\system32\SET347.tmp
c:\windows\system32\SET348.tmp
c:\windows\system32\SET349.tmp
c:\windows\system32\SET34A.tmp
c:\windows\system32\SET34B.tmp
c:\windows\system32\SET34C.tmp
c:\windows\system32\SET34D.tmp
c:\windows\system32\SET34E.tmp
c:\windows\system32\SET34F.tmp
c:\windows\system32\SET350.tmp
c:\windows\system32\SET351.tmp
c:\windows\system32\SET352.tmp
c:\windows\system32\SET353.tmp
c:\windows\system32\SET354.tmp
c:\windows\system32\SET355.tmp
c:\windows\system32\SET356.tmp
c:\windows\system32\SET357.tmp
c:\windows\system32\SET358.tmp
c:\windows\system32\SET359.tmp
c:\windows\system32\SET35A.tmp
c:\windows\system32\SET35B.tmp
c:\windows\system32\SET35C.tmp
c:\windows\system32\SET35D.tmp
c:\windows\system32\SET35E.tmp
c:\windows\system32\SET35F.tmp
c:\windows\system32\SET360.tmp
c:\windows\system32\SET361.tmp
c:\windows\system32\SET362.tmp
c:\windows\system32\SET363.tmp
c:\windows\system32\SET364.tmp
c:\windows\system32\SET365.tmp
c:\windows\system32\SET366.tmp
c:\windows\system32\SET367.tmp
c:\windows\system32\SET368.tmp
c:\windows\system32\SET369.tmp
c:\windows\system32\SET36A.tmp
c:\windows\system32\SET36B.tmp
c:\windows\system32\SET36C.tmp
c:\windows\system32\SET36D.tmp
c:\windows\system32\SET36E.tmp
c:\windows\system32\SET36F.tmp
c:\windows\system32\SET370.tmp
c:\windows\system32\SET371.tmp
c:\windows\system32\SET372.tmp
c:\windows\system32\SET373.tmp
c:\windows\system32\SET374.tmp
c:\windows\system32\SET375.tmp
c:\windows\system32\SET376.tmp
c:\windows\system32\SET377.tmp
c:\windows\system32\SET378.tmp
c:\windows\system32\SET379.tmp
c:\windows\system32\SET37A.tmp
c:\windows\system32\SET37B.tmp
c:\windows\system32\SET37C.tmp
c:\windows\system32\SET37D.tmp
c:\windows\system32\SET37E.tmp
c:\windows\system32\SET37F.tmp
c:\windows\system32\SET380.tmp
c:\windows\system32\SET381.tmp
c:\windows\system32\SET382.tmp
c:\windows\system32\SET383.tmp
c:\windows\system32\SET384.tmp
c:\windows\system32\SET385.tmp
c:\windows\system32\SET386.tmp
c:\windows\system32\SET387.tmp
c:\windows\system32\SET388.tmp
c:\windows\system32\SET389.tmp
c:\windows\system32\SET38B.tmp
c:\windows\system32\SET38C.tmp
c:\windows\system32\SET38D.tmp
c:\windows\system32\SET38E.tmp
c:\windows\system32\SET38F.tmp
c:\windows\system32\SET390.tmp
c:\windows\system32\SET391.tmp
c:\windows\system32\SET392.tmp
c:\windows\system32\SET393.tmp
c:\windows\system32\SET394.tmp
c:\windows\system32\SET395.tmp
c:\windows\system32\SET396.tmp
c:\windows\system32\SET397.tmp
c:\windows\system32\SET398.tmp
c:\windows\system32\SET399.tmp
c:\windows\system32\SET39A.tmp
c:\windows\system32\SET39B.tmp
c:\windows\system32\SET39C.tmp
c:\windows\system32\SET39D.tmp
c:\windows\system32\SET39E.tmp
c:\windows\system32\SET39F.tmp
c:\windows\system32\SET3A0.tmp
c:\windows\system32\SET3A1.tmp
c:\windows\system32\SET3A2.tmp
c:\windows\system32\SET3A3.tmp
c:\windows\system32\SET3A4.tmp
c:\windows\system32\SET3A5.tmp
c:\windows\system32\SET3A6.tmp
c:\windows\system32\SET3A7.tmp
c:\windows\system32\SET3A8.tmp
c:\windows\system32\SET3A9.tmp
c:\windows\system32\SET3AA.tmp
c:\windows\system32\SET3AB.tmp
c:\windows\system32\SET3AC.tmp
c:\windows\system32\SET3AD.tmp
c:\windows\system32\SET3AE.tmp
c:\windows\system32\SET3AF.tmp
c:\windows\system32\SET3B0.tmp
c:\windows\system32\SET3B1.tmp
c:\windows\system32\SET3B2.tmp
c:\windows\system32\SET3B3.tmp
c:\windows\system32\SET3B4.tmp
c:\windows\system32\SET3B5.tmp
c:\windows\system32\SET3B6.tmp
c:\windows\system32\SET3B7.tmp
c:\windows\system32\SET3B9.tmp
c:\windows\system32\SET3BA.tmp
c:\windows\system32\SET3BB.tmp
c:\windows\system32\SET3BC.tmp
c:\windows\system32\SET3BD.tmp
c:\windows\system32\SET3BE.tmp
c:\windows\system32\SET3BF.tmp
c:\windows\system32\SET3C0.tmp
c:\windows\system32\SET3C1.tmp
c:\windows\system32\SET3C2.tmp
c:\windows\system32\SET3C3.tmp
c:\windows\system32\SET3C4.tmp
c:\windows\system32\SET3C5.tmp
c:\windows\system32\SET3C6.tmp
c:\windows\system32\SET3C7.tmp
c:\windows\system32\SET3C8.tmp
c:\windows\system32\SET3C9.tmp
c:\windows\system32\SET3CA.tmp
c:\windows\system32\SET3CB.tmp
c:\windows\system32\SET3CC.tmp
c:\windows\system32\SET3CD.tmp
c:\windows\system32\SET3CE.tmp
c:\windows\system32\SET3CF.tmp
c:\windows\system32\SET3D0.tmp
c:\windows\system32\SET3D1.tmp
c:\windows\system32\SET3D2.tmp
c:\windows\system32\SET3D3.tmp
c:\windows\system32\SET3D4.tmp
c:\windows\system32\SET3D5.tmp
c:\windows\system32\SET3D6.tmp
c:\windows\system32\SET3D7.tmp
c:\windows\system32\SET3D8.tmp
c:\windows\system32\SET3D9.tmp
c:\windows\system32\SET3DA.tmp
c:\windows\system32\SET3DB.tmp
c:\windows\system32\SET3DC.tmp
c:\windows\system32\SET3DD.tmp
c:\windows\system32\SET3DE.tmp
c:\windows\system32\SET3DF.tmp
c:\windows\system32\SET3E0.tmp
c:\windows\system32\SET3E1.tmp
c:\windows\system32\SET3E2.tmp
c:\windows\system32\SET3E3.tmp
c:\windows\system32\SET3E4.tmp
c:\windows\system32\SET3E5.tmp
c:\windows\system32\SET3E6.tmp
c:\windows\system32\SET3E8.tmp
c:\windows\system32\SET3E9.tmp
c:\windows\system32\SET3EA.tmp
c:\windows\system32\SET3EB.tmp
c:\windows\system32\SET3EC.tmp
c:\windows\system32\SET3ED.tmp
c:\windows\system32\SET3EE.tmp
c:\windows\system32\SET3EF.tmp
c:\windows\system32\SET3F0.tmp
c:\windows\system32\SET3F1.tmp
c:\windows\system32\SET3F2.tmp
c:\windows\system32\SET3F3.tmp
c:\windows\system32\SET3F4.tmp
c:\windows\system32\SET3F5.tmp
c:\windows\system32\SET3F6.tmp
c:\windows\system32\SET3F7.tmp
c:\windows\system32\SET3F8.tmp
c:\windows\system32\SET3FB.tmp
c:\windows\system32\SET3FC.tmp
c:\windows\system32\SET3FD.tmp
c:\windows\system32\SET3FE.tmp
c:\windows\system32\SET3FF.tmp
c:\windows\system32\SET400.tmp
c:\windows\system32\SET401.tmp
c:\windows\system32\SET402.tmp
c:\windows\system32\SET403.tmp
c:\windows\system32\SET404.tmp
c:\windows\system32\SET405.tmp
c:\windows\system32\SET406.tmp
c:\windows\system32\SET407.tmp
c:\windows\system32\SET408.tmp
c:\windows\system32\SET409.tmp
c:\windows\system32\SET40A.tmp
c:\windows\system32\SET40B.tmp
c:\windows\system32\SET40C.tmp
c:\windows\system32\SET40D.tmp
c:\windows\system32\SET40E.tmp
c:\windows\system32\SET40F.tmp
c:\windows\system32\SET410.tmp
c:\windows\system32\SET411.tmp
c:\windows\system32\SET412.tmp
c:\windows\system32\SET413.tmp
c:\windows\system32\SET414.tmp
c:\windows\system32\SET415.tmp
c:\windows\system32\SET416.tmp
c:\windows\system32\SET417.tmp
c:\windows\system32\SET418.tmp
c:\windows\system32\SET419.tmp
c:\windows\system32\SET41A.tmp
c:\windows\system32\SET41B.tmp
c:\windows\system32\SET41C.tmp
c:\windows\system32\SET41D.tmp
c:\windows\system32\SET41E.tmp
c:\windows\system32\SET41F.tmp
c:\windows\system32\SET420.tmp
c:\windows\system32\SET421.tmp
c:\windows\system32\SET422.tmp
c:\windows\system32\SET423.tmp
c:\windows\system32\SET424.tmp
c:\windows\system32\SET425.tmp
c:\windows\system32\SET426.tmp
c:\windows\system32\SET427.tmp
c:\windows\system32\SET428.tmp
c:\windows\system32\SET429.tmp
c:\windows\system32\SET42A.tmp
c:\windows\system32\SET42B.tmp
c:\windows\system32\SET42C.tmp
c:\windows\system32\SET42D.tmp
c:\windows\system32\SET42E.tmp
c:\windows\system32\SET42F.tmp
c:\windows\system32\SET430.tmp
c:\windows\system32\SET431.tmp
c:\windows\system32\SET432.tmp
c:\windows\system32\SET433.tmp
c:\windows\system32\SET434.tmp
c:\windows\system32\SET435.tmp
c:\windows\system32\SET436.tmp
c:\windows\system32\SET437.tmp
c:\windows\system32\SET438.tmp
c:\windows\system32\SET439.tmp
c:\windows\system32\SET43A.tmp
c:\windows\system32\SET43B.tmp
c:\windows\system32\SET43C.tmp
c:\windows\system32\SET43D.tmp
c:\windows\system32\SET43F.tmp
c:\windows\system32\SET440.tmp
c:\windows\system32\SET441.tmp
c:\windows\system32\SET442.tmp
c:\windows\system32\SET443.tmp
c:\windows\system32\SET444.tmp
c:\windows\system32\SET445.tmp
c:\windows\system32\SET446.tmp
c:\windows\system32\SET447.tmp
c:\windows\system32\SET448.tmp
c:\windows\system32\SET449.tmp
c:\windows\system32\SET44A.tmp
c:\windows\system32\SET44B.tmp
c:\windows\system32\SET44C.tmp
c:\windows\system32\SET44D.tmp
c:\windows\system32\SET44E.tmp
c:\windows\system32\SET44F.tmp
c:\windows\system32\SET450.tmp
c:\windows\system32\SET451.tmp
c:\windows\system32\SET452.tmp
c:\windows\system32\SET453.tmp
c:\windows\system32\SET454.tmp
c:\windows\system32\SET455.tmp
c:\windows\system32\SET456.tmp
c:\windows\system32\SET457.tmp
c:\windows\system32\SET458.tmp
c:\windows\system32\SET459.tmp
c:\windows\system32\SET45A.tmp
c:\windows\system32\SET45B.tmp
c:\windows\system32\SET45C.tmp
c:\windows\system32\SET45D.tmp
c:\windows\system32\SET45E.tmp
c:\windows\system32\SET45F.tmp
c:\windows\system32\SET460.tmp
c:\windows\system32\SET461.tmp
c:\windows\system32\SET462.tmp
c:\windows\system32\SET463.tmp
c:\windows\system32\SET464.tmp
c:\windows\system32\SET465.tmp
c:\windows\system32\SET466.tmp
c:\windows\system32\SET467.tmp
c:\windows\system32\SET468.tmp
c:\windows\system32\SET469.tmp
c:\windows\system32\SET46A.tmp
c:\windows\system32\SET46B.tmp
c:\windows\system32\SET46C.tmp
c:\windows\system32\SET46D.tmp
c:\windows\system32\SET46F.tmp
c:\windows\system32\SET470.tmp
c:\windows\system32\SET471.tmp
c:\windows\system32\SET472.tmp
c:\windows\system32\SET473.tmp
c:\windows\system32\SET474.tmp
c:\windows\system32\SET475.tmp
c:\windows\system32\SET476.tmp
c:\windows\system32\SET477.tmp
c:\windows\system32\SET478.tmp
c:\windows\system32\SET479.tmp
c:\windows\system32\SET47A.tmp
c:\windows\system32\SET47B.tmp
c:\windows\system32\SET47C.tmp
c:\windows\system32\SET47D.tmp
c:\windows\system32\SET47E.tmp
c:\windows\system32\SET47F.tmp
c:\windows\system32\SET480.tmp
c:\windows\system32\SET482.tmp
c:\windows\system32\SET483.tmp
c:\windows\system32\SET484.tmp
c:\windows\system32\SET485.tmp
c:\windows\system32\SET486.tmp
c:\windows\system32\SET487.tmp
c:\windows\system32\SET488.tmp
c:\windows\system32\SET489.tmp
c:\windows\system32\SET48A.tmp
c:\windows\system32\SET48B.tmp
c:\windows\system32\SET48C.tmp
c:\windows\system32\SET48D.tmp
c:\windows\system32\SET48E.tmp
c:\windows\system32\SET48F.tmp
c:\windows\system32\SET490.tmp
c:\windows\system32\SET491.tmp
c:\windows\system32\SET492.tmp
c:\windows\system32\SET493.tmp
c:\windows\system32\SET494.tmp
c:\windows\system32\SET495.tmp
c:\windows\system32\SET496.tmp
c:\windows\system32\SET497.tmp
c:\windows\system32\SET498.tmp
c:\windows\system32\SET499.tmp
c:\windows\system32\SET49A.tmp
c:\windows\system32\SET49B.tmp
c:\windows\system32\SET49C.tmp
c:\windows\system32\SET49D.tmp
c:\windows\system32\SET49E.tmp
c:\windows\system32\SET49F.tmp
c:\windows\system32\SET4A.tmp
c:\windows\system32\SET4A0.tmp
c:\windows\system32\SET4A1.tmp
c:\windows\system32\SET4A2.tmp
c:\windows\system32\SET4A3.tmp
c:\windows\system32\SET4A4.tmp
c:\windows\system32\SET4A5.tmp
c:\windows\system32\SET4A6.tmp
c:\windows\system32\SET4A7.tmp
c:\windows\system32\SET4A8.tmp
c:\windows\system32\SET4A9.tmp
c:\windows\system32\SET4AA.tmp
c:\windows\system32\SET4AB.tmp
c:\windows\system32\SET4AC.tmp
c:\windows\system32\SET4AD.tmp
c:\windows\system32\SET4AE.tmp
c:\windows\system32\SET4AF.tmp
c:\windows\system32\SET4B0.tmp
c:\windows\system32\SET4B1.tmp
c:\windows\system32\SET4B2.tmp
c:\windows\system32\SET4B3.tmp
c:\windows\system32\SET4B4.tmp
c:\windows\system32\SET4B5.tmp
c:\windows\system32\SET4B6.tmp
c:\windows\system32\SET4B7.tmp
c:\windows\system32\SET4B9.tmp
c:\windows\system32\SET4BA.tmp
c:\windows\system32\SET4BB.tmp
c:\windows\system32\SET4BC.tmp
c:\windows\system32\SET4BD.tmp
c:\windows\system32\SET4BE.tmp
c:\windows\system32\SET4BF.tmp
c:\windows\system32\SET4C0.tmp
c:\windows\system32\SET4C1.tmp
c:\windows\system32\SET4C2.tmp
c:\windows\system32\SET4C4.tmp
c:\windows\system32\SET4C5.tmp
c:\windows\system32\SET4C6.tmp
c:\windows\system32\SET4C7.tmp
c:\windows\system32\SET4C8.tmp
c:\windows\system32\SET4C9.tmp
c:\windows\system32\SET4CA.tmp
c:\windows\system32\SET4CB.tmp
c:\windows\system32\SET4CC.tmp
c:\windows\system32\SET4CD.tmp
c:\windows\system32\SET4CE.tmp
c:\windows\system32\SET4CF.tmp
c:\windows\system32\SET4D0.tmp
c:\windows\system32\SET4D1.tmp
c:\windows\system32\SET4D2.tmp
c:\windows\system32\SET4D3.tmp
c:\windows\system32\SET4D4.tmp
c:\windows\system32\SET4D5.tmp
c:\windows\system32\SET4D6.tmp
c:\windows\system32\SET4D7.tmp
c:\windows\system32\SET4D8.tmp
c:\windows\system32\SET4D9.tmp
c:\windows\system32\SET4DA.tmp
c:\windows\system32\SET4DC.tmp
c:\windows\system32\SET4DD.tmp
c:\windows\system32\SET4DE.tmp
c:\windows\system32\SET4E0.tmp
c:\windows\system32\SET4E1.tmp
c:\windows\system32\SET4E2.tmp
c:\windows\system32\SET4E3.tmp
c:\windows\system32\SET4E4.tmp
c:\windows\system32\SET4E5.tmp
c:\windows\system32\SET4E6.tmp
c:\windows\system32\SET4E7.tmp
c:\windows\system32\SET4E8.tmp
c:\windows\system32\SET4E9.tmp
c:\windows\system32\SET4EA.tmp
c:\windows\system32\SET4EB.tmp
c:\windows\system32\SET4EC.tmp
c:\windows\system32\SET4ED.tmp
c:\windows\system32\SET4EE.tmp
c:\windows\system32\SET4EF.tmp
c:\windows\system32\SET4F0.tmp
c:\windows\system32\SET4F1.tmp
c:\windows\system32\SET4F2.tmp
c:\windows\system32\SET4F3.tmp
c:\windows\system32\SET4F4.tmp
c:\windows\system32\SET4F5.tmp
c:\windows\system32\SET4F6.tmp
c:\windows\system32\SET4F7.tmp
c:\windows\system32\SET4F8.tmp
c:\windows\system32\SET4FB.tmp
c:\windows\system32\SET4FC.tmp
c:\windows\system32\SET4FD.tmp
c:\windows\system32\SET4FE.tmp
c:\windows\system32\SET4FF.tmp
c:\windows\system32\SET500.tmp
c:\windows\system32\SET501.tmp
c:\windows\system32\SET502.tmp
c:\windows\system32\SET503.tmp
c:\windows\system32\SET504.tmp
c:\windows\system32\SET505.tmp
c:\windows\system32\SET506.tmp
c:\windows\system32\SET507.tmp
c:\windows\system32\SET509.tmp
c:\windows\system32\SET50A.tmp
c:\windows\system32\SET50B.tmp
c:\windows\system32\SET50C.tmp
c:\windows\system32\SET50D.tmp
c:\windows\system32\SET50E.tmp
c:\windows\system32\SET50F.tmp
c:\windows\system32\SET510.tmp
c:\windows\system32\SET511.tmp
c:\windows\system32\SET512.tmp
c:\windows\system32\SET513.tmp
c:\windows\system32\SET514.tmp
c:\windows\system32\SET515.tmp
c:\windows\system32\SET516.tmp
c:\windows\system32\SET517.tmp
c:\windows\system32\SET518.tmp
c:\windows\system32\SET519.tmp
c:\windows\system32\SET51A.tmp
c:\windows\system32\SET51B.tmp
c:\windows\system32\SET51C.tmp
c:\windows\system32\SET51D.tmp
c:\windows\system32\SET51E.tmp
c:\windows\system32\SET51F.tmp
c:\windows\system32\SET520.tmp
c:\windows\system32\SET521.tmp
c:\windows\system32\SET522.tmp
c:\windows\system32\SET523.tmp
c:\windows\system32\SET524.tmp
c:\windows\system32\SET526.tmp
c:\windows\system32\SET527.tmp
c:\windows\system32\SET529.tmp
c:\windows\system32\SET52A.tmp
c:\windows\system32\SET52B.tmp
c:\windows\system32\SET52C.tmp
c:\windows\system32\SET52D.tmp
c:\windows\system32\SET52F.tmp
c:\windows\system32\SET530.tmp
c:\windows\system32\SET531.tmp
c:\windows\system32\SET532.tmp
c:\windows\system32\SET533.tmp
c:\windows\system32\SET534.tmp
c:\windows\system32\SET535.tmp
c:\windows\system32\SET536.tmp
c:\windows\system32\SET537.tmp
c:\windows\system32\SET539.tmp
c:\windows\system32\SET53A.tmp
c:\windows\system32\SET53B.tmp
c:\windows\system32\SET53C.tmp
c:\windows\system32\SET53D.tmp
c:\windows\system32\SET53E.tmp
c:\windows\system32\SET53F.tmp
c:\windows\system32\SET540.tmp
c:\windows\system32\SET541.tmp
c:\windows\system32\SET542.tmp
c:\windows\system32\SET543.tmp
c:\windows\system32\SET544.tmp
c:\windows\system32\SET545.tmp
c:\windows\system32\SET546.tmp
c:\windows\system32\SET548.tmp
c:\windows\system32\SET54A.tmp
c:\windows\system32\SET54C.tmp
c:\windows\system32\SET54D.tmp
c:\windows\system32\SET54E.tmp
c:\windows\system32\SET54F.tmp
c:\windows\system32\SET552.tmp
c:\windows\system32\SET553.tmp
c:\windows\system32\SET555.tmp
c:\windows\system32\SET556.tmp
c:\windows\system32\SET557.tmp
c:\windows\system32\SET558.tmp
c:\windows\system32\SET559.tmp
c:\windows\system32\SET55A.tmp
c:\windows\system32\SET55B.tmp
c:\windows\system32\SET55C.tmp
c:\windows\system32\SET55D.tmp
c:\windows\system32\SET55E.tmp
c:\windows\system32\SET55F.tmp
c:\windows\system32\SET56.tmp
c:\windows\system32\SET560.tmp
c:\windows\system32\SET561.tmp
c:\windows\system32\SET562.tmp
c:\windows\system32\SET563.tmp
c:\windows\system32\SET564.tmp
c:\windows\system32\SET565.tmp
c:\windows\system32\SET566.tmp
c:\windows\system32\SET567.tmp
c:\windows\system32\SET568.tmp
c:\windows\system32\SET569.tmp
c:\windows\system32\SET56A.tmp
c:\windows\system32\SET56B.tmp
c:\windows\system32\SET56C.tmp
c:\windows\system32\SET56D.tmp
c:\windows\system32\SET56E.tmp
c:\windows\system32\SET56F.tmp
c:\windows\system32\SET570.tmp
c:\windows\system32\SET571.tmp
c:\windows\system32\SET572.tmp
c:\windows\system32\SET573.tmp
c:\windows\system32\SET574.tmp
c:\windows\system32\SET575.tmp
c:\windows\system32\SET576.tmp
c:\windows\system32\SET577.tmp
c:\windows\system32\SET578.tmp
c:\windows\system32\SET579.tmp
c:\windows\system32\SET57A.tmp
c:\windows\system32\SET57B.tmp
c:\windows\system32\SET57D.tmp
c:\windows\system32\SET57E.tmp
c:\windows\system32\SET57F.tmp
c:\windows\system32\SET580.tmp
c:\windows\system32\SET581.tmp
c:\windows\system32\SET582.tmp
c:\windows\system32\SET583.tmp
c:\windows\system32\SET584.tmp
c:\windows\system32\SET585.tmp
c:\windows\system32\SET586.tmp
c:\windows\system32\SET587.tmp
c:\windows\system32\SET588.tmp
c:\windows\system32\SET58A.tmp
c:\windows\system32\SET58B.tmp
c:\windows\system32\SET58C.tmp
c:\windows\system32\SET58D.tmp
c:\windows\system32\SET58E.tmp
c:\windows\system32\SET58F.tmp
c:\windows\system32\SET590.tmp
c:\windows\system32\SET591.tmp
c:\windows\system32\SET592.tmp
c:\windows\system32\SET593.tmp
c:\windows\system32\SET594.tmp
c:\windows\system32\SET595.tmp
c:\windows\system32\SET596.tmp
c:\windows\system32\SET597.tmp
c:\windows\system32\SET598.tmp
c:\windows\system32\SET599.tmp
c:\windows\system32\SET59A.tmp
c:\windows\system32\SET59B.tmp
c:\windows\system32\SET59C.tmp
c:\windows\system32\SET59D.tmp
c:\windows\system32\SET59E.tmp
c:\windows\system32\SET59F.tmp
c:\windows\system32\SET5A1.tmp
c:\windows\system32\SET5A4.tmp
c:\windows\system32\SET5A5.tmp
c:\windows\system32\SET5A6.tmp
c:\windows\system32\SET5A7.tmp
c:\windows\system32\SET5A8.tmp
c:\windows\system32\SET5AA.tmp
c:\windows\system32\SET5AB.tmp
c:\windows\system32\SET5AC.tmp
c:\windows\system32\SET5AE.tmp
c:\windows\system32\SET5AF.tmp
c:\windows\system32\SET5B0.tmp
c:\windows\system32\SET5B1.tmp
c:\windows\system32\SET5B2.tmp
c:\windows\system32\SET5B3.tmp
c:\windows\system32\SET5B4.tmp
c:\windows\system32\SET5B5.tmp
c:\windows\system32\SET5B6.tmp
c:\windows\system32\SET5B7.tmp
c:\windows\system32\SET5B8.tmp
c:\windows\system32\SET5B9.tmp
c:\windows\system32\SET5BA.tmp
c:\windows\system32\SET5BB.tmp
c:\windows\system32\SET5BC.tmp
c:\windows\system32\SET5BD.tmp
c:\windows\system32\SET5BE.tmp
c:\windows\system32\SET5BF.tmp
c:\windows\system32\SET5C0.tmp
c:\windows\system32\SET5C1.tmp
c:\windows\system32\SET5C2.tmp
c:\windows\system32\SET5C3.tmp
c:\windows\system32\SET5C4.tmp
c:\windows\system32\SET5C5.tmp
c:\windows\system32\SET5C6.tmp
c:\windows\system32\SET5C7.tmp
c:\windows\system32\SET5C8.tmp
c:\windows\system32\SET5C9.tmp
c:\windows\system32\SET5CA.tmp
c:\windows\system32\SET5CB.tmp
c:\windows\system32\SET5CC.tmp
c:\windows\system32\SET5CD.tmp
c:\windows\system32\SET5CE.tmp
c:\windows\system32\SET5CF.tmp
c:\windows\system32\SET5D0.tmp
c:\windows\system32\SET5D1.tmp
c:\windows\system32\SET5D2.tmp
c:\windows\system32\SET5D3.tmp
c:\windows\system32\SET5D4.tmp
c:\windows\system32\SET5D5.tmp
c:\windows\system32\SET5D6.tmp
c:\windows\system32\SET5D7.tmp
c:\windows\system32\SET5D8.tmp
c:\windows\system32\SET5D9.tmp
c:\windows\system32\SET5DA.tmp
c:\windows\system32\SET5DB.tmp
c:\windows\system32\SET5DC.tmp
c:\windows\system32\SET5DD.tmp
c:\windows\system32\SET5DE.tmp
c:\windows\system32\SET5DF.tmp
c:\windows\system32\SET5E0.tmp
c:\windows\system32\SET5E1.tmp
c:\windows\system32\SET5E2.tmp
c:\windows\system32\SET5E3.tmp
c:\windows\system32\SET5E4.tmp
c:\windows\system32\SET5E5.tmp
c:\windows\system32\SET5E6.tmp
c:\windows\system32\SET5E7.tmp
c:\windows\system32\SET5E8.tmp
c:\windows\system32\SET5E9.tmp
c:\windows\system32\SET5EB.tmp
c:\windows\system32\SET5EC.tmp
c:\windows\system32\SET5EE.tmp
c:\windows\system32\SET5EF.tmp
c:\windows\system32\SET5F2.tmp
c:\windows\system32\SET5F3.tmp
c:\windows\system32\SET5F4.tmp
c:\windows\system32\SET5F6.tmp
c:\windows\system32\SET5F7.tmp
c:\windows\system32\SET5F8.tmp
c:\windows\system32\SET5F9.tmp
c:\windows\system32\SET5FA.tmp
c:\windows\system32\SET5FB.tmp
c:\windows\system32\SET5FC.tmp
c:\windows\system32\SET5FE.tmp
c:\windows\system32\SET5FF.tmp
c:\windows\system32\SET601.tmp
c:\windows\system32\SET602.tmp
c:\windows\system32\SET603.tmp
c:\windows\system32\SET604.tmp
c:\windows\system32\SET605.tmp
c:\windows\system32\SET606.tmp
c:\windows\system32\SET607.tmp
c:\windows\system32\SET608.tmp
c:\windows\system32\SET609.tmp
c:\windows\system32\SET60B.tmp
c:\windows\system32\SET60C.tmp
c:\windows\system32\SET60D.tmp
c:\windows\system32\SET60E.tmp
c:\windows\system32\SET60F.tmp
c:\windows\system32\SET610.tmp
c:\windows\system32\SET612.tmp
c:\windows\system32\SET613.tmp
c:\windows\system32\SET614.tmp
c:\windows\system32\SET616.tmp
c:\windows\system32\SET618.tmp
c:\windows\system32\SET619.tmp
c:\windows\system32\SET61B.tmp
c:\windows\system32\SET61D.tmp
c:\windows\system32\SET61E.tmp
c:\windows\system32\SET61F.tmp
c:\windows\system32\SET620.tmp
c:\windows\system32\SET621.tmp
c:\windows\system32\SET622.tmp
c:\windows\system32\SET623.tmp
c:\windows\system32\SET624.tmp
c:\windows\system32\SET625.tmp
c:\windows\system32\SET626.tmp
c:\windows\system32\SET627.tmp
c:\windows\system32\SET628.tmp
c:\windows\system32\SET629.tmp
c:\windows\system32\SET62A.tmp
c:\windows\system32\SET62B.tmp
c:\windows\system32\SET62C.tmp
c:\windows\system32\SET62D.tmp
c:\windows\system32\SET62E.tmp
c:\windows\system32\SET62F.tmp
c:\windows\system32\SET63.tmp
c:\windows\system32\SET630.tmp
c:\windows\system32\SET631.tmp
c:\windows\system32\SET632.tmp
c:\windows\system32\SET633.tmp
c:\windows\system32\SET634.tmp
c:\windows\system32\SET635.tmp
c:\windows\system32\SET638.tmp
c:\windows\system32\SET639.tmp
c:\windows\system32\SET63A.tmp
c:\windows\system32\SET63D.tmp
c:\windows\system32\SET63F.tmp
c:\windows\system32\SET640.tmp
c:\windows\system32\SET641.tmp
c:\windows\system32\SET642.tmp
c:\windows\system32\SET643.tmp
c:\windows\system32\SET644.tmp
c:\windows\system32\SET645.tmp
c:\windows\system32\SET646.tmp
c:\windows\system32\SET648.tmp
c:\windows\system32\SET649.tmp
c:\windows\system32\SET64A.tmp
c:\windows\system32\SET64B.tmp
c:\windows\system32\SET64C.tmp
c:\windows\system32\SET64D.tmp
c:\windows\system32\SET64E.tmp
c:\windows\system32\SET64F.tmp
c:\windows\system32\SET650.tmp
c:\windows\system32\SET651.tmp
c:\windows\system32\SET652.tmp
c:\windows\system32\SET653.tmp
c:\windows\system32\SET655.tmp
c:\windows\system32\SET656.tmp
c:\windows\system32\SET657.tmp
c:\windows\system32\SET658.tmp
c:\windows\system32\SET659.tmp
c:\windows\system32\SET65B.tmp
c:\windows\system32\SET65C.tmp
c:\windows\system32\SET65D.tmp
c:\windows\system32\SET65E.tmp
c:\windows\system32\SET660.tmp
c:\windows\system32\SET661.tmp
c:\windows\system32\SET662.tmp
c:\windows\system32\SET663.tmp
c:\windows\system32\SET664.tmp
c:\windows\system32\SET665.tmp
c:\windows\system32\SET666.tmp
c:\windows\system32\SET667.tmp
c:\windows\system32\SET668.tmp
c:\windows\system32\SET669.tmp
c:\windows\system32\SET66A.tmp
c:\windows\system32\SET66B.tmp
c:\windows\system32\SET66C.tmp
c:\windows\system32\SET66D.tmp
c:\windows\system32\SET66E.tmp
c:\windows\system32\SET66F.tmp
c:\windows\system32\SET670.tmp
c:\windows\system32\SET671.tmp
c:\windows\system32\SET672.tmp
c:\windows\system32\SET673.tmp
c:\windows\system32\SET674.tmp
c:\windows\system32\SET675.tmp
c:\windows\system32\SET676.tmp
c:\windows\system32\SET677.tmp
c:\windows\system32\SET679.tmp
c:\windows\system32\SET67A.tmp
c:\windows\system32\SET67B.tmp
c:\windows\system32\SET67C.tmp
c:\windows\system32\SET67D.tmp
c:\windows\system32\SET67F.tmp
c:\windows\system32\SET680.tmp
c:\windows\system32\SET681.tmp
c:\windows\system32\SET682.tmp
c:\windows\system32\SET684.tmp
c:\windows\system32\SET685.tmp
c:\windows\system32\SET688.tmp
c:\windows\system32\SET689.tmp
c:\windows\system32\SET68A.tmp
c:\windows\system32\SET68B.tmp
c:\windows\system32\SET68D.tmp
c:\windows\system32\SET68F.tmp
c:\windows\system32\SET690.tmp
c:\windows\system32\SET691.tmp
c:\windows\system32\SET692.tmp
c:\windows\system32\SET693.tmp
c:\windows\system32\SET694.tmp
c:\windows\system32\SET695.tmp
c:\windows\system32\SET696.tmp
c:\windows\system32\SET698.tmp
c:\windows\system32\SET699.tmp
c:\windows\system32\SET69A.tmp
c:\windows\system32\SET69C.tmp
c:\windows\system32\SET69D.tmp
c:\windows\system32\SET69E.tmp
c:\windows\system32\SET69F.tmp
c:\windows\system32\SET6A0.tmp
c:\windows\system32\SET6A1.tmp
c:\windows\system32\SET6A2.tmp
c:\windows\system32\SET6A3.tmp
c:\windows\system32\SET6A4.tmp
c:\windows\system32\SET6A5.tmp
c:\windows\system32\SET6A6.tmp
c:\windows\system32\SET6A7.tmp
c:\windows\system32\SET6A8.tmp
c:\windows\system32\SET6A9.tmp
c:\windows\system32\SET6AA.tmp
c:\windows\system32\SET6AB.tmp
c:\windows\system32\SET6AC.tmp
c:\windows\system32\SET6AD.tmp
c:\windows\system32\SET6AE.tmp
c:\windows\system32\SET6B0.tmp
c:\windows\system32\SET6B1.tmp
c:\windows\system32\SET6B2.tmp
c:\windows\system32\SET6B3.tmp
c:\windows\system32\SET6B4.tmp
c:\windows\system32\SET6B5.tmp
c:\windows\system32\SET6B7.tmp
c:\windows\system32\SET6B8.tmp
c:\windows\system32\SET6B9.tmp
c:\windows\system32\SET6BB.tmp
c:\windows\system32\SET6BC.tmp
c:\windows\system32\SET6BE.tmp
c:\windows\system32\SET6BF.tmp
c:\windows\system32\SET6C0.tmp
c:\windows\system32\SET6C1.tmp
c:\windows\system32\SET6C2.tmp
c:\windows\system32\SET6C3.tmp
c:\windows\system32\SET6C4.tmp
c:\windows\system32\SET6C5.tmp
c:\windows\system32\SET6C6.tmp
c:\windows\system32\SET6C7.tmp
c:\windows\system32\SET6C8.tmp
c:\windows\system32\SET6C9.tmp
c:\windows\system32\SET6CA.tmp
c:\windows\system32\SET6CB.tmp
c:\windows\system32\SET6CC.tmp
c:\windows\system32\SET6CF.tmp
c:\windows\system32\SET6D1.tmp
c:\windows\system32\SET6D2.tmp
c:\windows\system32\SET6D5.tmp
c:\windows\system32\SET6D7.tmp
c:\windows\system32\SET6D8.tmp
c:\windows\system32\SET6D9.tmp
c:\windows\system32\SET6DA.tmp
c:\windows\system32\SET6DC.tmp
c:\windows\system32\SET6DD.tmp
c:\windows\system32\SET6DE.tmp
c:\windows\system32\SET6DF.tmp
c:\windows\system32\SET6E0.tmp
c:\windows\system32\SET6E1.tmp
c:\windows\system32\SET6E2.tmp
c:\windows\system32\SET6E3.tmp
c:\windows\system32\SET6E4.tmp
c:\windows\system32\SET6E5.tmp
c:\windows\system32\SET6E7.tmp
c:\windows\system32\SET6E8.tmp
c:\windows\system32\SET6EA.tmp
c:\windows\system32\SET6EB.tmp
c:\windows\system32\SET6ED.tmp
c:\windows\system32\SET6F0.tmp
c:\windows\system32\SET6F2.tmp
c:\windows\system32\SET6F3.tmp
c:\windows\system32\SET6F5.tmp
c:\windows\system32\SET6F6.tmp
c:\windows\system32\SET6F7.tmp
c:\windows\system32\SET6F8.tmp
c:\windows\system32\SET6F9.tmp
c:\windows\system32\SET6FA.tmp
c:\windows\system32\SET6FB.tmp
c:\windows\system32\SET6FD.tmp
c:\windows\system32\SET6FF.tmp
c:\windows\system32\SET700.tmp
c:\windows\system32\SET703.tmp
c:\windows\system32\SET704.tmp
c:\windows\system32\SET705.tmp
c:\windows\system32\SET707.tmp
c:\windows\system32\SET708.tmp
c:\windows\system32\SET709.tmp
c:\windows\system32\SET70A.tmp
c:\windows\system32\SET70C.tmp
c:\windows\system32\SET70D.tmp
c:\windows\system32\SET70E.tmp
c:\windows\system32\SET70F.tmp
c:\windows\system32\SET710.tmp
c:\windows\system32\SET711.tmp
c:\windows\system32\SET712.tmp
c:\windows\system32\SET713.tmp
c:\windows\system32\SET714.tmp
c:\windows\system32\SET715.tmp
c:\windows\system32\SET716.tmp
c:\windows\system32\SET717.tmp
c:\windows\system32\SET71A.tmp
c:\windows\system32\SET71B.tmp
c:\windows\system32\SET71C.tmp
c:\windows\system32\SET71D.tmp
c:\windows\system32\SET71E.tmp
c:\windows\system32\SET71F.tmp
c:\windows\system32\SET721.tmp
c:\windows\system32\SET722.tmp
c:\windows\system32\SET724.tmp
c:\windows\system32\SET726.tmp
c:\windows\system32\SET727.tmp
c:\windows\system32\SET728.tmp
c:\windows\system32\SET72A.tmp
c:\windows\system32\SET72B.tmp
c:\windows\system32\SET72D.tmp
c:\windows\system32\SET72E.tmp
c:\windows\system32\SET72F.tmp
c:\windows\system32\SET730.tmp
c:\windows\system32\SET731.tmp
c:\windows\system32\SET732.tmp
c:\windows\system32\SET733.tmp
c:\windows\system32\SET734.tmp
c:\windows\system32\SET735.tmp
c:\windows\system32\SET736.tmp
c:\windows\system32\SET738.tmp
c:\windows\system32\SET73A.tmp
c:\windows\system32\SET73B.tmp
c:\windows\system32\SET73D.tmp
c:\windows\system32\SET73E.tmp
c:\windows\system32\SET73F.tmp
c:\windows\system32\SET741.tmp
c:\windows\system32\SET742.tmp
c:\windows\system32\SET743.tmp
c:\windows\system32\SET744.tmp
c:\windows\system32\SET745.tmp
c:\windows\system32\SET746.tmp
c:\windows\system32\SET747.tmp
c:\windows\system32\SET748.tmp
c:\windows\system32\SET749.tmp
c:\windows\system32\SET74A.tmp
c:\windows\system32\SET74B.tmp
c:\windows\system32\SET74C.tmp
c:\windows\system32\SET74E.tmp
c:\windows\system32\SET74F.tmp
c:\windows\system32\SET750.tmp
c:\windows\system32\SET751.tmp
c:\windows\system32\SET752.tmp
c:\windows\system32\SET753.tmp
c:\windows\system32\SET754.tmp
c:\windows\system32\SET755.tmp
c:\windows\system32\SET756.tmp
c:\windows\system32\SET757.tmp
c:\windows\system32\SET758.tmp
c:\windows\system32\SET759.tmp
c:\windows\system32\SET75A.tmp
c:\windows\system32\SET75B.tmp
c:\windows\system32\SET75C.tmp
c:\windows\system32\SET75D.tmp
c:\windows\system32\SET75E.tmp
c:\windows\system32\SET75F.tmp
c:\windows\system32\SET760.tmp
c:\windows\system32\SET761.tmp
c:\windows\system32\SET762.tmp
c:\windows\system32\SET763.tmp
c:\windows\system32\SET765.tmp
c:\windows\system32\SET766.tmp
c:\windows\system32\SET767.tmp
c:\windows\system32\SET76A.tmp
c:\windows\system32\SET76B.tmp
c:\windows\system32\SET76C.tmp
c:\windows\system32\SET76D.tmp
c:\windows\system32\SET76E.tmp
c:\windows\system32\SET772.tmp
c:\windows\system32\SET773.tmp
c:\windows\system32\SET774.tmp
c:\windows\system32\SET775.tmp
c:\windows\system32\SET776.tmp
c:\windows\system32\SET777.tmp
c:\windows\system32\SET779.tmp
c:\windows\system32\SET77A.tmp
c:\windows\system32\SET77D.tmp
c:\windows\system32\SET77E.tmp
c:\windows\system32\SET77F.tmp
c:\windows\system32\SET780.tmp
c:\windows\system32\SET781.tmp
c:\windows\system32\SET783.tmp
c:\windows\system32\SET784.tmp
c:\windows\system32\SET785.tmp
c:\windows\system32\SET787.tmp
c:\windows\system32\SET788.tmp
c:\windows\system32\SET789.tmp
c:\windows\system32\SET78A.tmp
c:\windows\system32\SET78B.tmp
c:\windows\system32\SET78C.tmp
c:\windows\system32\SET78D.tmp
c:\windows\system32\SET78E.tmp
c:\windows\system32\SET78F.tmp
c:\windows\system32\SET790.tmp
c:\windows\system32\SET791.tmp
c:\windows\system32\SET792.tmp
c:\windows\system32\SET793.tmp
c:\windows\system32\SET794.tmp
c:\windows\system32\SET796.tmp
c:\windows\system32\SET797.tmp
c:\windows\system32\SET798.tmp
c:\windows\system32\SET799.tmp
c:\windows\system32\SET79A.tmp
c:\windows\system32\SET79C.tmp
c:\windows\system32\SET79D.tmp
c:\windows\system32\SET79E.tmp
c:\windows\system32\SET79F.tmp
c:\windows\system32\SET7A1.tmp
c:\windows\system32\SET7A3.tmp
c:\windows\system32\SET7A4.tmp
c:\windows\system32\SET7A6.tmp
c:\windows\system32\SET7A8.tmp
c:\windows\system32\SET7A9.tmp
c:\windows\system32\SET7AB.tmp
c:\windows\system32\SET7AF.tmp
c:\windows\system32\SET7B0.tmp
c:\windows\system32\SET7B4.tmp
c:\windows\system32\SET7B5.tmp
c:\windows\system32\SET7B6.tmp
c:\windows\system32\SET7B7.tmp
c:\windows\system32\SET7B8.tmp
c:\windows\system32\SET7B9.tmp
c:\windows\system32\SET7BA.tmp
c:\windows\system32\SET7BB.tmp
c:\windows\system32\SET7BE.tmp
c:\windows\system32\SET7BF.tmp
c:\windows\system32\SET7C0.tmp
c:\windows\system32\SET7C2.tmp
c:\windows\system32\SET7C3.tmp
c:\windows\system32\SET7C5.tmp
c:\windows\system32\SET7C7.tmp
c:\windows\system32\SET7C8.tmp
c:\windows\system32\SET7C9.tmp
c:\windows\system32\SET7CA.tmp
c:\windows\system32\SET7CB.tmp
c:\windows\system32\SET7CC.tmp
c:\windows\system32\SET7CE.tmp
c:\windows\system32\SET7CF.tmp
c:\windows\system32\SET7D0.tmp
c:\windows\system32\SET7D1.tmp
c:\windows\system32\SET7D2.tmp
c:\windows\system32\SET7D3.tmp
c:\windows\system32\SET7D4.tmp
c:\windows\system32\SET7D5.tmp
c:\windows\system32\SET7D6.tmp
c:\windows\system32\SET7D7.tmp
c:\windows\system32\SET7D8.tmp
c:\windows\system32\SET7D9.tmp
c:\windows\system32\SET7DA.tmp
c:\windows\system32\SET7DB.tmp
c:\windows\system32\SET7DD.tmp
c:\windows\system32\SET7DE.tmp
c:\windows\system32\SET7E0.tmp
c:\windows\system32\SET7E1.tmp
c:\windows\system32\SET7E4.tmp
c:\windows\system32\SET7E5.tmp
c:\windows\system32\SET7E6.tmp
c:\windows\system32\SET7EC.tmp
c:\windows\system32\SET7ED.tmp
c:\windows\system32\SET7F1.tmp
c:\windows\system32\SET7F2.tmp
c:\windows\system32\SET7F3.tmp
c:\windows\system32\SET7F4.tmp
c:\windows\system32\SET7F5.tmp
c:\windows\system32\SET7F6.tmp
c:\windows\system32\SET7F7.tmp
c:\windows\system32\SET7F9.tmp
c:\windows\system32\SET7FA.tmp
c:\windows\system32\SET7FC.tmp
c:\windows\system32\SET7FD.tmp
c:\windows\system32\SET7FE.tmp
c:\windows\system32\SET800.tmp
c:\windows\system32\SET801.tmp
c:\windows\system32\SET802.tmp
c:\windows\system32\SET803.tmp
c:\windows\system32\SET804.tmp
c:\windows\system32\SET807.tmp
c:\windows\system32\SET80A.tmp
c:\windows\system32\SET80D.tmp
c:\windows\system32\SET810.tmp
c:\windows\system32\SET811.tmp
c:\windows\system32\SET815.tmp
c:\windows\system32\SET818.tmp
c:\windows\system32\SET81A.tmp
c:\windows\system32\SET81D.tmp
c:\windows\system32\SET81E.tmp
c:\windows\system32\SET81F.tmp
c:\windows\system32\SET824.tmp
c:\windows\system32\SET826.tmp
c:\windows\system32\SET828.tmp
c:\windows\system32\SET829.tmp
c:\windows\system32\SET82A.tmp
c:\windows\system32\SET82B.tmp
c:\windows\system32\SET82C.tmp
c:\windows\system32\SET82F.tmp
c:\windows\system32\SET830.tmp
c:\windows\system32\SET831.tmp
c:\windows\system32\SET832.tmp
c:\windows\system32\SET833.tmp
c:\windows\system32\SET834.tmp
c:\windows\system32\SET835.tmp
c:\windows\system32\SET836.tmp
c:\windows\system32\SET837.tmp
c:\windows\system32\SET838.tmp
c:\windows\system32\SET839.tmp
c:\windows\system32\SET83A.tmp
c:\windows\system32\SET83B.tmp
c:\windows\system32\SET83C.tmp
c:\windows\system32\SET83D.tmp
c:\windows\system32\SET83E.tmp
c:\windows\system32\SET83F.tmp
c:\windows\system32\SET841.tmp
c:\windows\system32\SET842.tmp
c:\windows\system32\SET843.tmp
c:\windows\system32\SET844.tmp
c:\windows\system32\SET845.tmp
c:\windows\system32\SET846.tmp
c:\windows\system32\SET847.tmp
c:\windows\system32\SET848.tmp
c:\windows\system32\SET84A.tmp
c:\windows\system32\SET84B.tmp
c:\windows\system32\SET84C.tmp
c:\windows\system32\SET84D.tmp
c:\windows\system32\SET84E.tmp
c:\windows\system32\SET84F.tmp
c:\windows\system32\SET850.tmp
c:\windows\system32\SET852.tmp
c:\windows\system32\SET854.tmp
c:\windows\system32\SET856.tmp
c:\windows\system32\SET85B.tmp
c:\windows\system32\SET85C.tmp
c:\windows\system32\SET85D.tmp
c:\windows\system32\SET85E.tmp
c:\windows\system32\SET860.tmp
c:\windows\system32\SET862.tmp
c:\windows\system32\SET863.tmp
c:\windows\system32\SET866.tmp
c:\windows\system32\SET867.tmp
c:\windows\system32\SET868.tmp
c:\windows\system32\SET869.tmp
c:\windows\system32\SET86A.tmp
c:\windows\system32\SET86B.tmp
c:\windows\system32\SET86C.tmp
c:\windows\system32\SET86E.tmp
c:\windows\system32\SET86F.tmp
c:\windows\system32\SET870.tmp
c:\windows\system32\SET871.tmp
c:\windows\system32\SET874.tmp
c:\windows\system32\SET875.tmp
c:\windows\system32\SET876.tmp
c:\windows\system32\SET877.tmp
c:\windows\system32\SET878.tmp
c:\windows\system32\SET879.tmp
c:\windows\system32\SET87A.tmp
c:\windows\system32\SET87C.tmp
c:\windows\system32\SET87D.tmp
c:\windows\system32\SET87E.tmp
c:\windows\system32\SET87F.tmp
c:\windows\system32\SET880.tmp
c:\windows\system32\SET883.tmp
c:\windows\system32\SET884.tmp
c:\windows\system32\SET885.tmp
c:\windows\system32\SET888.tmp
c:\windows\system32\SET88B.tmp
c:\windows\system32\SET88C.tmp
c:\windows\system32\SET88D.tmp
c:\windows\system32\SET88E.tmp
c:\windows\system32\SET88F.tmp
c:\windows\system32\SET891.tmp
c:\windows\system32\SET892.tmp
c:\windows\system32\SET897.tmp
c:\windows\system32\SET898.tmp
c:\windows\system32\SET899.tmp
c:\windows\system32\SET89A.tmp
c:\windows\system32\SET89B.tmp
c:\windows\system32\SET89F.tmp
c:\windows\system32\SET8A1.tmp
c:\windows\system32\SET8A5.tmp
c:\windows\system32\SET8A6.tmp
c:\windows\system32\SET8A7.tmp
c:\windows\system32\SET8A8.tmp
c:\windows\system32\SET8AB.tmp
c:\windows\system32\SET8AC.tmp
c:\windows\system32\SET8AE.tmp
c:\windows\system32\SET8B3.tmp
c:\windows\system32\SET8B4.tmp
c:\windows\system32\SET8B5.tmp
c:\windows\system32\SET8B6.tmp
c:\windows\system32\SET8B7.tmp
c:\windows\system32\SET8B8.tmp
c:\windows\system32\SET8BA.tmp
c:\windows\system32\SET8BB.tmp
c:\windows\system32\SET8BF.tmp
c:\windows\system32\SET8C0.tmp
c:\windows\system32\SET8C2.tmp
c:\windows\system32\SET8C3.tmp
c:\windows\system32\SET8C5.tmp
c:\windows\system32\SET8C6.tmp
c:\windows\system32\SET8C7.tmp
c:\windows\system32\SET8C8.tmp
c:\windows\system32\SET8C9.tmp
c:\windows\system32\SET8CB.tmp
c:\windows\system32\SET8CD.tmp
c:\windows\system32\SET8CF.tmp
c:\windows\system32\SET8D1.tmp
c:\windows\system32\SET8DC.tmp
c:\windows\system32\SET8DE.tmp
c:\windows\system32\SET8DF.tmp
c:\windows\system32\SET8E0.tmp
c:\windows\system32\SET8E1.tmp
c:\windows\system32\SET8E2.tmp
c:\windows\system32\SET8E4.tmp
c:\windows\system32\SET8E5.tmp
c:\windows\system32\SET8E7.tmp
c:\windows\system32\SET8E8.tmp
c:\windows\system32\SET8EC.tmp
c:\windows\system32\SET8EE.tmp
c:\windows\system32\SET8EF.tmp
c:\windows\system32\SET8F5.tmp
c:\windows\system32\SET900.tmp
c:\windows\system32\SET901.tmp
c:\windows\system32\SET902.tmp
c:\windows\system32\SET905.tmp
c:\windows\system32\SET906.tmp
c:\windows\system32\SET908.tmp
c:\windows\system32\SET90A.tmp
c:\windows\system32\SET90B.tmp
c:\windows\system32\SET90D.tmp
c:\windows\system32\SET90E.tmp
c:\windows\system32\SET910.tmp
c:\windows\system32\SET915.tmp
c:\windows\system32\SET916.tmp
c:\windows\system32\SET917.tmp
c:\windows\system32\SET919.tmp
c:\windows\system32\SET91A.tmp
c:\windows\system32\SET91B.tmp
c:\windows\system32\SET91C.tmp
c:\windows\system32\SET91E.tmp
c:\windows\system32\SET91F.tmp
c:\windows\system32\SET920.tmp
c:\windows\system32\SET921.tmp
c:\windows\system32\SET923.tmp
c:\windows\system32\SET926.tmp
c:\windows\system32\SET928.tmp
c:\windows\system32\SET92B.tmp
c:\windows\system32\SET92D.tmp
c:\windows\system32\SET92E.tmp
c:\windows\system32\SET92F.tmp
c:\windows\system32\SET931.tmp
c:\windows\system32\SET935.tmp
c:\windows\system32\SET936.tmp
c:\windows\system32\SET939.tmp
c:\windows\system32\SET93B.tmp
c:\windows\system32\SET93D.tmp
c:\windows\system32\SET942.tmp
c:\windows\system32\SET945.tmp
c:\windows\system32\SET94E.tmp
c:\windows\system32\SET950.tmp
c:\windows\system32\SET951.tmp
c:\windows\system32\SET952.tmp
c:\windows\system32\SET955.tmp
c:\windows\system32\SET956.tmp
c:\windows\system32\SET957.tmp
c:\windows\system32\SET95B.tmp
c:\windows\system32\SET95C.tmp
c:\windows\system32\SET95D.tmp
c:\windows\system32\SET95F.tmp
c:\windows\system32\SET960.tmp
c:\windows\system32\SET961.tmp
c:\windows\system32\SET963.tmp
c:\windows\system32\SET966.tmp
c:\windows\system32\SET969.tmp
c:\windows\system32\SET96B.tmp
c:\windows\system32\SET96C.tmp
c:\windows\system32\SET96D.tmp
c:\windows\system32\SET96F.tmp
c:\windows\system32\SET971.tmp
c:\windows\system32\SET972.tmp
c:\windows\system32\SET980.tmp
c:\windows\system32\SET986.tmp
c:\windows\system32\SET988.tmp
c:\windows\system32\SET989.tmp
c:\windows\system32\SET98A.tmp
c:\windows\system32\SET990.tmp
c:\windows\system32\SET994.tmp
c:\windows\system32\SET99D.tmp
c:\windows\system32\SET9A2.tmp
c:\windows\system32\SET9A4.tmp
c:\windows\system32\SET9A5.tmp
c:\windows\system32\SET9A6.tmp
c:\windows\system32\SET9AE.tmp
c:\windows\system32\SET9B2.tmp
c:\windows\system32\SET9B7.tmp
c:\windows\system32\SET9BE.tmp
c:\windows\system32\SET9CE.tmp
c:\windows\system32\SET9CF.tmp
c:\windows\system32\SET9D4.tmp
c:\windows\system32\SET9F1.tmp
c:\windows\system32\SET9F4.tmp
c:\windows\system32\SET9FB.tmp
c:\windows\system32\SET9FE.tmp
c:\windows\system32\SETA03.tmp
c:\windows\system32\SETA04.tmp
c:\windows\system32\SETA05.tmp
c:\windows\system32\SETA06.tmp
c:\windows\system32\SETA08.tmp
c:\windows\system32\SETA09.tmp
c:\windows\system32\SETA0A.tmp
c:\windows\system32\SETA0B.tmp
c:\windows\system32\SETA0D.tmp
c:\windows\system32\SETA0F.tmp
c:\windows\system32\SETA10.tmp
c:\windows\system32\SETA12.tmp
c:\windows\system32\SETA15.tmp
c:\windows\system32\SETA17.tmp
c:\windows\system32\SETA1C.tmp
c:\windows\system32\SETA1D.tmp
c:\windows\system32\SETA25.tmp
c:\windows\system32\SETA2C.tmp
c:\windows\system32\SETA31.tmp
c:\windows\system32\SETA34.tmp
c:\windows\system32\SETA3D.tmp
c:\windows\system32\SETA3F.tmp
c:\windows\system32\SETA40.tmp
c:\windows\system32\SETA41.tmp
c:\windows\system32\SETA45.tmp
c:\windows\system32\SETA46.tmp
c:\windows\system32\SETA4A.tmp
c:\windows\system32\SETA4B.tmp
c:\windows\system32\SETA4E.tmp
c:\windows\system32\SETA50.tmp
c:\windows\system32\SETA55.tmp
c:\windows\system32\SETA58.tmp
c:\windows\system32\SETA5C.tmp
c:\windows\system32\SETA5E.tmp
c:\windows\system32\SETA60.tmp
c:\windows\system32\SETAE0.tmp
c:\windows\system32\SETAE6.tmp
c:\windows\system32\SETBCF.tmp
c:\windows\system32\SETBD5.tmp
c:\windows\system32\SETF8A.tmp
c:\windows\system32\SETF8B.tmp
c:\windows\system32\SETF8E.tmp
c:\windows\system32\SETF93.tmp
c:\windows\system32\SETFC5.tmp
c:\windows\system32\winsrv32.exe
c:\windows\$NtUninstallKB58460$ . . . . Failed to delete
.
.
((((((((((((((((((((((((( Files Created from 2011-12-05 to 2012-01-05 )))))))))))))))))))))))))))))))
.
.
2011-12-18 16:36 . 2011-12-20 06:26 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2011-12-17 12:52 . 2011-12-17 12:52 -------- d-----w- c:\documents and settings\Michael\Application Data\Malwarebytes
2011-12-17 12:51 . 2011-12-17 12:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-12-17 12:51 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-17 12:51 . 2011-12-30 19:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-23 13:25 . 2009-03-18 01:40 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-15 00:03 . 2011-05-19 22:36 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-04 19:20 . 2004-01-08 19:23 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2001-08-23 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2001-08-23 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2005-09-01 04:24 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2009-03-18 01:40 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:33 . 2009-03-18 01:40 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2009-03-18 01:40 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-24 18:29 . 2011-10-24 18:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 18:29 . 2011-10-24 18:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-20 23:26 . 2011-10-20 23:26 94208 ----a-w- c:\windows\system32\dpl100.dll
2011-10-18 11:13 . 2004-08-04 07:56 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2005-09-01 14:43 692736 ----a-w- c:\windows\system32\inetcomm.dll
2004-03-11 17:27 . 2005-09-01 15:47 40960 -c--a-w- c:\program files\Uninstall_CDS.exe
2011-11-09 23:42 . 2011-04-30 22:54 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 131072]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2005-01-17 84480]
"WinPatrol"="c:\progra~1\BILLPS~1\WINPAT~1\winpatrol.exe" [2005-12-13 222784]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-07-07 576320]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 600896]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-05-21 13895272]
"NvMediaCenter"="NvMCTray.dll" [2011-05-21 111208]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-05-05 1632360]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2011-01-12 161088]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2011-01-12 215360]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Cisco Systems VPN Client.lnk - c:\program files\Cisco Systems\VPN Client\vpngui.exe [2006-8-13 1524776]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
backup=c:\windows\pss\Windows Search.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-06-07 03:46 57344 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-08-31 01:57 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AmazonGSDownloaderTray]
2009-10-23 16:31 326144 ----a-w- c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-10-06 05:52 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Camera ScreenSaver]
2009-03-12 22:59 37232 ----a-w- c:\windows\ASScrProlog.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-11-13 05:24 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services]
2006-02-13 16:33 214648 ----a-w- c:\program files\Octoshape Streaming Services\Michael\OctoshapeClient.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerBar]
2004-04-21 14:26 86016 ----a-w- c:\program files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 18:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Octoshape Streaming Services\\Michael\\OctoshapeClient.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Program Files\\Verizon\\VSP\\ServicepointService.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Verizon\\Verizon Media Manager\\Release\\Verizon Media Manager.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [9/17/2011 8:03 PM 88544]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [9/17/2011 8:03 PM 145936]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [7/4/2011 2:29 PM 2214504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S2 VZTFVKGY;VZTFVKGY;\??\c:\windows\system32\vztfvkgy.ioo --> c:\windows\system32\vztfvkgy.ioo [?]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [9/17/2011 8:03 PM 85152]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/23/2001 7:00 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
S4 Amazon Download Agent;Amazon Download Agent;c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [3/28/2010 2:47 PM 401920]
S4 gupdate1c98a5a5ff1464;Google Update Service (gupdate1c98a5a5ff1464);c:\program files\Google\Update\GoogleUpdate.exe [2/8/2009 8:59 PM 133104]
S4 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [1/23/2010 9:32 PM 91392]
S4 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [5/4/2010 12:07 PM 503080]
S4 ServicepointService;ServicepointService;c:\program files\Verizon\VSP\ServicepointService.exe [5/8/2010 1:58 PM 668912]
S4 vseamps;vseamps;c:\program files\Common Files\Authentium\AntiVirus5\vseamps.exe [4/8/2010 3:46 PM 117288]
S4 vsedsps;vsedsps;c:\program files\Common Files\Authentium\AntiVirus5\vsedsps.exe [4/8/2010 3:46 PM 117288]
S4 vseqrts;vseqrts;c:\program files\Common Files\Authentium\AntiVirus5\vseqrts.exe [4/8/2010 3:46 PM 154152]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2012-01-05 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-09 01:59]
.
.
------- Supplementary Scan -------
.
uStart Page = https://ima.mgh.harvard.edu/rxrequest/front_page.asp?msg=2&refUrl=/rxrequest/asp/home.asp
mWindow Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet
uInternet Settings,ProxyOverride = localhost;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
TCP: DhcpNameServer = 192.168.1.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Michael\Application Data\Mozilla\Firefox\Profiles\hngeg3gg.default\
FF - prefs.js: browser.startup.homepage - hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0unattached&bm=ho_central
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
Notify-AtiExtEvent - (no file)
MSConfigStartUp-Messenger (Yahoo!) - c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-05 06:18
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\VZTFVKGY]
"ImagePath"="\??\c:\windows\system32\vztfvkgy.ioo"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1368)
c:\windows\system32\WININET.dll
c:\progra~1\BILLPS~1\WINPAT~1\PATROLPRO.DLL
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\program files\Common Files\Microsoft Shared\OFFICE11\MSOXEV.DLL
c:\windows\system32\msi.dll
c:\program files\McAfee\Common Framework\McTrayLegacySupportPlugin.dll
c:\program files\McAfee\Common Framework\McTrayInterfaceLib.dll
c:\program files\McAfee\Common Framework\McAfeeWin32GUISupportDLL.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Ahead\InCD\InCDsrv.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\vstskmgr.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\McAfee\VirusScan Enterprise\mfeann.exe
c:\windows\system32\nvsvc32.exe
c:\windows\System32\locator.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\RunDLL32.exe
c:\program files\McAfee\Common Framework\McTray.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2012-01-05 06:30:42 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-05 11:30
.
Pre-Run: 137,420,066,816 bytes free
Post-Run: 138,441,285,632 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 7339F35B87EE47776FE6B60B8684CB10

#10 drkfluff

drkfluff
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:02:09 PM

Posted 05 January 2012 - 07:00 AM

things are running much more smoothly and ping.exe is not popping up in task manager. I won't, however, disappear until you says things look good.

Thank you, you are a godsend

#11 drkfluff

drkfluff
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:02:09 PM

Posted 05 January 2012 - 07:22 AM

this just showed up on my McAfee On-Access Scan log:

1/5/2012 7:20:16 AM Blocked by Access Protection rule ME-2TAEVE0NL50M\Michael C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe C:\Documents and Settings\Michael\Local Settings\temp\Temporary Internet Files\Content.IE5\index.dat Anti-virus Maximum Protection:Protect cached files from password and email address stealers Action blocked : Read

#12 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:02:09 PM

Posted 05 January 2012 - 08:37 AM

Hi drkfluff!

McAfee can definitely be a bit of a pain when it comes to running specialized tools.

I'm not sure if we'll be able to completely disable McAfee without requiring some sort of administrative password which is something that the IT Department should know.

While we're on the topic of IT Department, I just want to ensure that if this is in fact a work computer, that we are not going to get in any sort of trouble by continuing to remove the malware from it. I know some companies have strict policies about how to handle an infected computer.

See if these instructions here: https://kc.mcafee.com/corporate/index?page=content&id=KB52204 will work for you and allow you to disable McAfee.

We still have some work to do. It looks like ComboFix was able to take a chunk of the infection out, but it appears you still have a file that is patched by malware.

Lets run this OTL Custom Scan below to search for the culprit.

OTL Custom Scan

We need to create a new OTL Report
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Click on the NONE button at the top.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    volsnap.sys
    atapi.sys
    explorer.exe
    winlogon.exe
    wininit.exe
    hlp.dat
    InCDfs.sys
    InCDPass.sys
    InCDrec.sys
    IPFilter.sys
    MREMP50.SYS
    MRESP50.SYS
    netbt.sys
    nvatabus.sys
    pfc.sys
    usbsermpt.sys
    usbsermptxp.sys
    /md5stop
    hklm\software\clients\startmenuinternet|command /rs
    %WinDir%\$NtUninstallKB*$. /90
    c:\windows\$NtUninstallKB58460$\*.* /s
    
  • Push the Posted Image button.
  • One report will open, copy and paste it in a reply here:
  • OTL.txt <-- Will be opened

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#13 drkfluff

drkfluff
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:02:09 PM

Posted 05 January 2012 - 09:30 AM

This is a home computer, so no toes being stepped on. Here is the latest OTL log:

OTL logfile created on: 1/5/2012 9:23:37 AM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Michael\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.04 Gb Available Physical Memory | 52.12% Memory free
3.85 Gb Paging File | 3.03 Gb Available in Paging File | 78.82% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 233.75 Gb Total Space | 128.94 Gb Free Space | 55.16% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: ME-2TAEVE0NL50M | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe - (Logitech Inc.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe - (Microsoft Corporation)
MsConfig - StartUpReg: Adobe Photo Downloader - hkey= - key= - C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AmazonGSDownloaderTray - hkey= - key= - C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe (Amazon.com)
MsConfig - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
MsConfig - StartUpReg: ASUS Camera ScreenSaver - hkey= - key= - C:\WINDOWS\ASScrProlog.exe ()
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: Octoshape Streaming Services - hkey= - key= - C:\Program Files\Octoshape Streaming Services\Michael\OctoshapeClient.exe ()
MsConfig - StartUpReg: PowerBar - hkey= - key= - C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe (Cyberlink, Corp.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {3e7bb08a-a7a3-4692-8eac-ac5e7895755b} - KB834707
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {b0f84fec-95ad-4f3e-8fc0-6bc1bbadbf0d} -
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {ECD292A0-0347-4244-8C24-5DBCE990FB40} - Hotfix for Microsoft .NET Framework 3.0 (KB932471)
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: {EFCE7BE0-510E-4932-9475-F44CD90DE16A} - Microsoft .NET Framework 1.1 Security Update (KB2572067)
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: ATAPI.SYS >
[2005/08/31 23:35:59 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/14 04:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2005/08/31 23:35:59 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/04/14 04:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/08/09 11:06:20 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sp3.cab:atapi.sys
[2008/04/13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys
[2008/04/13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2001/08/23 07:00:00 | 000,086,656 | ---- | M] (Microsoft Corporation) MD5=A64013E98426E1877CB653685C5C0009 -- C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\2cf41f1db14bc8f414e16e1555b77108\backup\atapi.sys
[2004/08/04 00:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EXPLORER.EXE >
[2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2007/06/13 06:26:03 | 001,033,216 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 05:23:07 | 001,033,216 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 02:56:49 | 001,032,192 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[2008/04/14 04:42:20 | 001,033,728 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/14 04:42:20 | 001,033,728 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\explorer.exe
[2001/08/23 07:00:00 | 001,000,960 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\2cf41f1db14bc8f414e16e1555b77108\backup\explorer.exe

< MD5 for: INCDFS.SYS >
[2004/09/07 15:27:22 | 000,091,136 | ---- | M] (Ahead Software AG) MD5=AE40E010D145AA371FE3A551C44F74F4 -- C:\WINDOWS\system32\drivers\InCDfs.sys

< MD5 for: INCDPASS.SYS >
[2004/09/07 15:27:38 | 000,028,544 | ---- | M] (Ahead Software AG) MD5=EFC1883A3CFCDD72222C428EF0A38695 -- C:\WINDOWS\system32\drivers\InCDpass.sys

< MD5 for: INCDREC.SYS >
[2004/09/07 15:29:08 | 000,005,760 | ---- | M] (Ahead Software AG) MD5=8413063A0E2B4DA05D5D87075021FB75 -- C:\WINDOWS\system32\drivers\InCDrec.sys

< MD5 for: IPFILTER.SYS >
[2002/04/11 13:47:52 | 000,011,136 | ---- | M] (Microsoft Corporation) MD5=9EA02E03ED52D25551A6E46CF3B94B01 -- C:\WINDOWS\system32\drivers\ipfilter.sys

< MD5 for: MREMP50.SYS >
[2010/03/17 15:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) MD5=9BD4DCB5412921864A7AACDEDFBD1923 -- C:\Program Files\Common Files\Motive\MREMP50.sys

< MD5 for: MRESP50.SYS >
[2010/03/17 15:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) MD5=07C02C892E8E1A72D6BF35004F0E9C5E -- C:\Program Files\Common Files\Motive\MRESP50.sys

< MD5 for: NETBT.SYS >
[2004/08/04 01:14:37 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=0C80E410CD2F47134407EE7DD19CC86B -- C:\WINDOWS\$NtServicePackUninstall$\netbt.sys
[2001/08/23 07:00:00 | 000,150,272 | ---- | M] (Microsoft Corporation) MD5=58A5116194BC0AD86A6BBDBDFA5E1240 -- C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\2cf41f1db14bc8f414e16e1555b77108\backup\netbt.sys
[2008/04/13 23:51:02 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\WINDOWS\ServicePackFiles\i386\netbt.sys
[2008/04/13 14:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netbt.sys
[2008/04/13 23:51:02 | 000,162,816 | ---- | M] () MD5=E83B450A3ADAE2D9EF4170474D94DDCC -- C:\WINDOWS\system32\drivers\netbt.sys

< MD5 for: NVATABUS.SYS >
[2004/06/03 05:40:46 | 000,079,360 | ---- | M] (NVIDIA Corporation) MD5=46DEED4C6C5FA765F9A2C723BE60348D -- C:\WINDOWS\OemDir\nvatabus.sys
[2004/06/02 21:40:46 | 000,079,360 | R--- | M] (NVIDIA Corporation) MD5=46DEED4C6C5FA765F9A2C723BE60348D -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\nvatabus.sys
[2004/06/02 21:40:46 | 000,079,360 | R--- | M] (NVIDIA Corporation) MD5=46DEED4C6C5FA765F9A2C723BE60348D -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\nvatabus.sys
[2004/06/02 21:40:46 | 000,079,360 | R--- | M] (NVIDIA Corporation) MD5=46DEED4C6C5FA765F9A2C723BE60348D -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\nvatabus.sys
[2004/06/02 21:40:46 | 000,079,360 | R--- | M] (NVIDIA Corporation) MD5=46DEED4C6C5FA765F9A2C723BE60348D -- C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\nvatabus.sys
[2005/05/17 16:45:08 | 000,092,800 | ---- | M] (NVIDIA Corporation) MD5=DCE353985C988BFB7E84FD942068151F -- C:\NVIDIA\nForceWin2KXP\6.66\IDE\Win2K\pataraid\nvatabus.sys
[2005/05/17 16:45:08 | 000,092,800 | ---- | M] (NVIDIA Corporation) MD5=DCE353985C988BFB7E84FD942068151F -- C:\NVIDIA\nForceWin2KXP\6.66\IDE\Win2K\sataraid\nvatabus.sys
[2005/05/17 16:45:08 | 000,092,800 | ---- | M] (NVIDIA Corporation) MD5=DCE353985C988BFB7E84FD942068151F -- C:\NVIDIA\nForceWin2KXP\6.66\IDE\WinXP\pataraid\nvatabus.sys
[2005/05/17 16:45:08 | 000,092,800 | ---- | M] (NVIDIA Corporation) MD5=DCE353985C988BFB7E84FD942068151F -- C:\NVIDIA\nForceWin2KXP\6.66\IDE\WinXP\sataraid\nvatabus.sys
[2005/05/17 16:45:08 | 000,092,800 | ---- | M] (NVIDIA Corporation) MD5=DCE353985C988BFB7E84FD942068151F -- C:\WINDOWS\system32\drivers\nvatabus.sys
[2005/05/17 16:45:08 | 000,092,800 | ---- | M] (NVIDIA Corporation) MD5=DCE353985C988BFB7E84FD942068151F -- C:\WINDOWS\system32\ReinstallBackups\0016\DriverFiles\nvatabus.sys

< MD5 for: PFC.SYS >
[2003/12/05 04:46:36 | 000,010,368 | ---- | M] (Padus, Inc.) MD5=444F122E68DB44C0589227781F3C8B3F -- C:\WINDOWS\system32\drivers\pfc.sys

< MD5 for: USBSERMPT.SYS >
[2009/02/18 20:18:03 | 000,022,768 | ---- | M] (Microsoft Corporation) MD5=CAAD3467FBFAE8A380F67E9C7150A85E -- C:\Documents and Settings\Michael\usbsermpt.sys
[2006/09/02 15:37:52 | 000,022,768 | ---- | M] (Microsoft Corporation) MD5=CAAD3467FBFAE8A380F67E9C7150A85E -- C:\WINDOWS\system32\drivers\usbsermpt.sys

< MD5 for: USBSERMPTXP.SYS >
[2009/02/18 20:18:03 | 000,025,600 | ---- | M] (Microsoft Corporation) MD5=49106EE29074E6A3D3AC9E24C6D791D8 -- C:\Documents and Settings\Michael\usbsermptxp.sys
[2006/03/01 22:36:34 | 000,024,192 | ---- | M] (Microsoft Corporation) MD5=AF4B8CC5EA40C57208796920068DDCD5 -- C:\WINDOWS\system32\drivers\usbsermptxp.sys

< MD5 for: VOLSNAP.SYS >
[2008/04/13 23:11:02 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\ServicePackFiles\i386\volsnap.sys
[2008/04/13 13:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\volsnap.sys
[2008/04/13 23:11:02 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\system32\drivers\volsnap.sys
[2001/08/23 07:00:00 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=6FDC9523EF81617CF5028F47FCAF0FBE -- C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\2cf41f1db14bc8f414e16e1555b77108\backup\volsnap.sys
[2004/08/04 01:00:16 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=EE4660083DEBA849FF6C485D944B379B -- C:\WINDOWS\$NtServicePackUninstall$\volsnap.sys

< MD5 for: WINLOGON.EXE >
[2008/04/14 04:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
[2004/08/04 02:56:57 | 000,502,272 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/14 04:42:40 | 000,507,904 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/14 04:42:40 | 000,507,904 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\winlogon.exe
[2001/08/23 07:00:00 | 000,430,080 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\2cf41f1db14bc8f414e16e1555b77108\backup\winlogon.exe

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/11/09 18:42:21 | 000,713,560 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/11/09 18:42:21 | 000,713,560 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/11/09 18:42:21 | 000,713,560 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/11/09 18:42:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: firefox.exe -safe-mode
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/11/04 06:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/11/04 06:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/11/04 06:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command\\: "C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE" [2001/08/23 07:00:00 | 000,090,112 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2011/11/10 17:19:40 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2011/11/10 17:19:40 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2011/11/10 17:19:40 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2011/11/10 17:19:40 | 002,388,848 | ---- | M] (Apple Inc.)

< %WinDir%\$NtUninstallKB*$. /90 >
[2011/12/17 13:26:33 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2141007$
[2011/11/08 20:06:13 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2544893-v2$
[2011/10/13 05:26:57 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2564958$
[2011/10/13 05:19:37 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2567053$
[2011/10/13 05:19:24 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2592799$
[2011/12/15 07:23:49 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2618451$
[2011/12/15 07:24:03 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2619339$
[2011/12/15 07:23:36 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2620712$
[2011/12/15 07:30:39 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2624667$
[2011/12/15 07:23:07 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2633171$
[2011/12/15 07:24:48 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2633952$
[2011/12/15 07:30:53 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2639417$
[2011/11/10 20:01:05 | 000,000,000 | -H-D | M] -- C:\WINDOWS\$NtUninstallKB2641690$
[2012/01/05 06:11:35 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB58460$

< c:\windows\$NtUninstallKB58460$\*.* /s >

< End of report >

#14 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:02:09 PM

Posted 06 January 2012 - 03:07 AM

Hi drkfluff!

This is a home computer, so no toes being stepped on. Here is the latest OTL log:

Okay, thanks for letting me know that.

ComboFix Script
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

KillAll::
FCopy::
C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netbt.sys | C:\WINDOWS\system32\drivers\netbt.sys
Folder::
C:\WINDOWS\$NtUninstallKB58460$

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. If ComboFix prompts you to update to the newest version, please allow it to do so. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#15 drkfluff

drkfluff
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:02:09 PM

Posted 06 January 2012 - 06:15 AM

I did as instructed and can't find a log file anywhere; McAfee was a pain again upon restart.

Unless this is all there is:

ComboFix 12-01-05.04 - Michael 01/06/2012 5:38:31.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1579 [GMT -5:00]
Running from: C:\Documents and Settings\Michael\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Michael\Desktop\CFScript.txt.txt
AV: McAfee VirusScan Enterprise+AntiSpyware Enterprise *Disabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
* Resident AV is active

Edited by drkfluff, 06 January 2012 - 06:19 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users