Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TDL Rootkit Virus - redirects then black screen


  • This topic is locked This topic is locked
28 replies to this topic

#1 jbjax99

jbjax99

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:11:00 PM

Posted 25 January 2012 - 02:05 PM

A little while back, I received popups saying something about system memory errors (I can't remember exactly, it's been a couple months). The screen went black, and I couldn't access anything. I did a system restore, ran an Avast scan, ran a Malwarebytes scan, caught a few viruses and everything seemed to be working fine after that. Then the other day I noticed that I was getting search engine redirects. I ran scans again, but didn't catch anything. I decided to post on here, tried running DDS, but it froze up each of three tries before posting a log (actually froze everything, had to restart each time). In the process, as I was trying to use the internet, Firefox starting shutting down on me. Then, Firefox wouldn't even open (neither would IE when I tried it instead). I did a system restore, and ended up with nothing but a black screen and mouse pointer. Tried system restore again to an earlier date, same thing. I was finally able to get the black screen to go away.

Here is a link to the original topic: http://www.bleepingcomputer.com/forums/topic439590.html/

DDS freezes before completing a log.
GMER gave the following error: Loaddriver Error 0xC000010E - Cannot create a stable subkey under a volatile parent key. It loaded with only four boxes checked, Services, Registry, Files, and ADS. I was unable to click on any of the other boxes. I went ahead and ran the scan with just those boxes checked, it said nothing was found. Tried saving the log anyway as ark.txt, but when I opened it, it's blank. The original topic has logs posted, but not sure what to try posting here since neither one of these worked.

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:00 AM

Posted 29 January 2012 - 02:53 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


The first thing I would like you to do is run this for me - http://download.bleepingcomputer.com/grinler/unhide.exe after it is complete restart the computer and continue with these steps


Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in

    %TEMP%\smtmp\*.* /s

  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTListIt.txt in your next reply.


information and logs:

  • In your next post I need the following

  • .logs from OTL
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 jbjax99

jbjax99
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:11:00 PM

Posted 30 January 2012 - 03:03 PM

Hi Gringo, thanks so much for your help!

No problems this time around. Below is the OTL log:


OTL logfile created on: 1/30/2012 2:54:01 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Jason\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

637.98 Mb Total Physical Memory | 225.39 Mb Available Physical Memory | 35.33% Memory free
988.25 Mb Paging File | 642.60 Mb Available in Paging File | 65.02% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.73 Gb Total Space | 88.50 Gb Free Space | 79.21% Space Free | Partition Type: NTFS

Computer Name: JASON1 | User Name: Jason | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Jason\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Search Settings\SearchSettings.exe (Spigot, Inc.)
PRC - C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\WINDOWS\SYSTEM32\hphmon04.exe (Hewlett-Packard)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Alwil Software\Avast5\defs\12013000\algo.dll ()
MOD - C:\WINDOWS\SYSTEM32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\7-Zip\7-zip.dll ()


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (AOLService) -- File not found
SRV - (AOL ACS) -- File not found
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (Application Updater) -- C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (NetSvc) -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe (Intel® Corporation)
SRV - (Pml Driver HPH11) -- C:\WINDOWS\SYSTEM32\hphipm11.exe (HP)


========== Driver Services (SafeList) ==========

DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\SYSTEM32\DRIVERS\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (iAimFP4) -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys (Intel® Corporation)
DRV - (iAimFP3) -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys (Intel® Corporation)
DRV - (iAimTV4) -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys (Intel® Corporation)
DRV - (iAimTV3) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys (Intel® Corporation)
DRV - (iAimTV1) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys (Intel® Corporation)
DRV - (iAimTV0) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys (Intel® Corporation)
DRV - (iAimFP0) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys (Intel® Corporation)
DRV - (iAimFP1) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys (Intel® Corporation)
DRV - (iAimFP2) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys (Intel® Corporation)
DRV - (i81x) -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys (Intel® Corporation)
DRV - (IntelC52) -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys (Intel Corporation)
DRV - (IntelC51) -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys (Intel Corporation)
DRV - (IntelC53) -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys (Intel Corporation)
DRV - (mohfilt) -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys (Intel Corporation)
DRV - (omci) -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys (Dell Computer Corporation)
DRV - (AN983) -- C:\WINDOWS\SYSTEM32\DRIVERS\an983.sys (ADMtek Incorporated.)
DRV - (Dot4 HPH11) -- C:\WINDOWS\SYSTEM32\DRIVERS\hphid411.sys (HP)
DRV - (Dot4Storage HPH11) Storage Class Driver for IEEE-1284.4 (HPH11) -- C:\WINDOWS\SYSTEM32\DRIVERS\hphs2k11.sys (Hewlett-Packard)
DRV - (Dot4Usb HPH11) -- C:\WINDOWS\SYSTEM32\DRIVERS\hphius11.sys (HP)
DRV - (Dot4Print HPH11) -- C:\WINDOWS\SYSTEM32\DRIVERS\hphipr11.sys (HP)
DRV - (LNE100) Linksys LNE100TX(v5) -- C:\WINDOWS\SYSTEM32\DRIVERS\lne100v5.sys (LinkSys Group Inc.)
DRV - (SbcpHid) -- C:\WINDOWS\SYSTEM32\DRIVERS\SbcpHid.sys ()
DRV - (EL90XBC) -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS (3Com Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = actsvr.comcastonline.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = actsvr.comcastonline.com:8100

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = actsvr.comcastonline.com
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = actsvr.comcastonline.com:8100

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2234082329-1522808065-2577434867-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/
IE - HKU\S-1-5-21-2234082329-1522808065-2577434867-1007\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKU\S-1-5-21-2234082329-1522808065-2577434867-1007\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\SearchSettings.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-2234082329-1522808065-2577434867-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2234082329-1522808065-2577434867-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..network.proxy.ftp: "sas.se1.attbb.net"
FF - prefs.js..network.proxy.ftp_port: 8000
FF - prefs.js..network.proxy.gopher: "sas.se1.attbb.net"
FF - prefs.js..network.proxy.gopher_port: 8000
FF - prefs.js..network.proxy.http: "sas.se1.attbb.net"
FF - prefs.js..network.proxy.http_port: 8000
FF - prefs.js..network.proxy.no_proxies_on: "*.se1.attbb.net,localhost,127.0.0.1"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "sas.se1.attbb.net"
FF - prefs.js..network.proxy.socks_port: 8000
FF - prefs.js..network.proxy.ssl: "sas.se1.attbb.net"
FF - prefs.js..network.proxy.ssl_port: 8000

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Jason\Application Data\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2088: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2146: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1069: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Jason\Application Data\Move Networks\plugins\npqmp071701000002.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/24 22:54:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/23 16:04:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Documents and Settings\Jason\Application Data\Move Networks [2012/01/27 10:54:11 | 000,000,000 | ---D | M]

[2009/07/11 20:01:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jason\Application Data\Mozilla\Extensions
[2009/07/11 20:01:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jason\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/11/24 22:50:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\1pum1tez.default\extensions
[2010/07/01 07:47:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\1pum1tez.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/11/24 22:51:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\lfpwaqwq.Default User\extensions
[2011/11/24 22:51:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\lfpwaqwq.Default User\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/01/24 16:34:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/26 14:36:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/11/20 23:04:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/11/20 20:04:05 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/20 20:04:05 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/07/25 15:46:37 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (SearchSettings Class) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\SearchSettings.dll (Spigot, Inc.)
O3 - HKU\S-1-5-21-2234082329-1522808065-2577434867-1007\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O3 - HKU\S-1-5-21-2234082329-1522808065-2577434867-1007\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpztsb05.exe (HP)
O4 - HKLM..\Run: [HPHmon04] C:\WINDOWS\SYSTEM32\hphmon04.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-2234082329-1522808065-2577434867-1007..\Run: [SoniqueQuickStart] C:\Program Files\Sonique\sqstart.exe ()
O4 - Startup: C:\Documents and Settings\Jason\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe (Leader Technologies)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2234082329-1522808065-2577434867-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2234082329-1522808065-2577434867-1007\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-2234082329-1522808065-2577434867-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2234082329-1522808065-2577434867-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: SpecifyDefaultButtons = 0
O7 - HKU\S-1-5-21-2234082329-1522808065-2577434867-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Search = 0
O7 - HKU\S-1-5-21-2234082329-1522808065-2577434867-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKU\S-1-5-21-2234082329-1522808065-2577434867-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 255
O7 - HKU\S-1-5-21-2234082329-1522808065-2577434867-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-2234082329-1522808065-2577434867-1007\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} http://zone.msn.com/bingame/trix/default/TriJinx.1.0.0.87.cab (CPlayFirstTriJinxControl Object)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229563346562 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://zone.msn.com/bingame/amun/default/mjolauncher.cab (MJLauncherCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} http://zone.msn.com/bingame/burg/default/GoBitGamesPlayer_v6.cab (GoBit Games Player)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/bingame/popcaploader_v10.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} http://zone.msn.com/bingame/swet/default/Sweetopia.1.0.0.46.cab (CPlayFirstSweetopiaControl Object)
O16 - DPF: Web-Based Email Tools http://email02.secureserver.net/Download.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1502ED11-0131-4EF1-ADDA-9D7C7E372B04}: DhcpNameServer = 75.75.75.75 75.75.76.76
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.dll) - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 09:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{2eb1f821-cd2a-11dd-a56b-000c41eea49b}\Shell - "" = AutoRun
O33 - MountPoints2\{2eb1f821-cd2a-11dd-a56b-000c41eea49b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2eb1f821-cd2a-11dd-a56b-000c41eea49b}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: DRWALPR - (C:\WINDOWS\system32\faxpstsc.dll) - File not found
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/30 14:52:09 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jason\Desktop\OTL.exe
[2012/01/30 14:46:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Snatch And Run
[2012/01/30 14:46:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ShopperReports
[2012/01/30 14:46:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PokerStars.NET
[2012/01/30 14:46:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PokerStars
[2012/01/30 14:46:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\OpenOffice.org 3.2
[2012/01/30 14:46:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox
[2012/01/30 14:46:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Full Tilt Poker
[2012/01/25 13:50:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jason\Desktop\gmer
[2012/01/24 16:42:11 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Jason\Desktop\aswMBR.exe
[2012/01/23 16:04:18 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Jason\Start Menu\Programs\Administrative Tools
[2012/01/23 16:03:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jason\Local Settings\Application Data\PCHealth
[2012/01/19 11:56:40 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Jason\Desktop\dds(1).scr
[2009/02/10 16:33:39 | 000,090,112 | R--- | C] ( ) -- C:\WINDOWS\System32\SCCD3X02.DLL
[2007/12/30 06:36:15 | 000,524,288 | ---- | C] (astrolog.org) -- C:\Program Files\daedalus.exe
[2007/09/30 15:35:46 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\IMPLODE.DLL
[2006/01/25 21:14:27 | 014,795,136 | ---- | C] (DivX, Inc.) -- C:\Program Files\DivXPlay.exe
[2006/01/08 22:03:09 | 036,465,208 | ---- | C] (Apple Computer, Inc. ) -- C:\Program Files\iTunesSetup.exe
[2006/01/02 20:36:23 | 001,591,163 | ---- | C] (Eden Kirin ) -- C:\Program Files\ConTEXTsetup.exe
[2005/10/23 16:25:07 | 004,878,136 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 1.0.7.exe
[2005/10/23 16:16:24 | 002,560,240 | ---- | C] (Javacool Software LLC ) -- C:\Program Files\spywareblastersetup34.exe
[2005/10/03 11:56:05 | 000,323,584 | ---- | C] (Steven R. Gould) -- C:\Program Files\cleanup.exe
[2004/10/27 20:20:13 | 000,116,384 | ---- | C] (Digital River) -- C:\Program Files\Download Paint Shop Pro 9 now.exe
[2004/09/09 22:25:16 | 012,652,784 | ---- | C] (Microsoft Corporation) -- C:\Program Files\mp10setup.exe
[2004/07/24 19:18:44 | 010,135,688 | ---- | C] (Microsoft Corporation) -- C:\Program Files\MPSetupXP.exe
[2004/04/06 18:27:44 | 009,143,000 | ---- | C] (Netopsystems AG) -- C:\Program Files\AdbeRdr60_enu.exe
[2004/03/27 11:39:26 | 000,770,048 | ---- | C] (Frontcode Technologies) -- C:\Program Files\winmx331.exe
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Jason\My Documents\*.tmp files -> C:\Documents and Settings\Jason\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/30 14:52:14 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jason\Desktop\OTL.exe
[2012/01/30 14:51:04 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2012/01/30 14:50:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2012/01/30 14:50:26 | 669,044,736 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/30 14:38:24 | 000,684,297 | ---- | M] () -- C:\Documents and Settings\Jason\Desktop\unhide.exe
[2012/01/25 13:49:04 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\Jason\Desktop\gmer.zip
[2012/01/24 17:53:30 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Jason\defogger_reenable
[2012/01/24 17:52:50 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Jason\Desktop\Defogger.exe
[2012/01/24 17:09:01 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Jason\Desktop\MBR.dat
[2012/01/24 16:42:31 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Jason\Desktop\aswMBR.exe
[2012/01/24 16:17:00 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/24 16:07:44 | 000,396,263 | ---- | M] () -- C:\Documents and Settings\Jason\Desktop\MiniToolBox.exe
[2012/01/24 16:04:34 | 000,334,429 | ---- | M] () -- C:\Documents and Settings\Jason\Desktop\FSS.exe
[2012/01/24 15:55:11 | 000,869,194 | ---- | M] () -- C:\Documents and Settings\Jason\Desktop\SecurityCheck.exe
[2012/01/23 19:02:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012/01/23 15:54:22 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/01/19 12:04:52 | 000,441,546 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2012/01/19 12:04:51 | 000,071,482 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2012/01/19 11:57:01 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Jason\Desktop\dds(1).scr
[2012/01/17 16:29:23 | 000,059,521 | ---- | M] () -- C:\Documents and Settings\Jason\Desktop\SUNRISELOGO1.pspimage
[2012/01/13 14:15:14 | 000,019,225 | ---- | M] () -- C:\Documents and Settings\Jason\Desktop\site_logo5.gif
[2012/01/13 14:07:40 | 000,019,178 | ---- | M] () -- C:\Documents and Settings\Jason\Desktop\site_logo4.gif
[2012/01/13 14:06:48 | 000,032,015 | ---- | M] () -- C:\Documents and Settings\Jason\Desktop\Image4.pspimage
[2012/01/13 13:52:19 | 000,011,480 | ---- | M] () -- C:\Documents and Settings\Jason\Desktop\logoback3.jpg
[2012/01/13 13:51:07 | 000,030,558 | ---- | M] () -- C:\Documents and Settings\Jason\Desktop\logoback3.pspimage
[2012/01/11 13:43:34 | 000,036,471 | ---- | M] () -- C:\Documents and Settings\Jason\Desktop\logoback2.pspimage
[2012/01/11 13:26:44 | 000,005,334 | ---- | M] () -- C:\Documents and Settings\Jason\Desktop\logoback1.pspimage
[2012/01/11 13:15:30 | 000,001,019 | ---- | M] () -- C:\Documents and Settings\Jason\Desktop\bg_header2.gif
[2012/01/11 13:13:52 | 000,000,405 | ---- | M] () -- C:\Documents and Settings\Jason\Desktop\bg_header.gif
[2012/01/11 12:51:35 | 000,007,224 | ---- | M] () -- C:\Documents and Settings\Jason\Desktop\testlogo1.gif
[2012/01/11 10:35:29 | 000,030,433 | ---- | M] () -- C:\Documents and Settings\Jason\Desktop\Image6.pspimage
[2012/01/11 10:35:25 | 000,025,216 | ---- | M] () -- C:\Documents and Settings\Jason\Desktop\Image5.pspimage
[2012/01/11 10:10:42 | 000,003,304 | ---- | M] () -- C:\Documents and Settings\Jason\Desktop\border_top_right.gif
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Jason\My Documents\*.tmp files -> C:\Documents and Settings\Jason\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/30 14:47:10 | 000,000,905 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.2.lnk
[2012/01/30 14:47:10 | 000,000,778 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Full Tilt Poker.lnk
[2012/01/30 14:47:10 | 000,000,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PokerStars.lnk
[2012/01/30 14:47:10 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2012/01/30 14:47:06 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Jason\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/01/30 14:46:52 | 000,001,681 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Dell Media Experience.lnk
[2012/01/30 14:38:19 | 000,684,297 | ---- | C] () -- C:\Documents and Settings\Jason\Desktop\unhide.exe
[2012/01/25 13:48:32 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\Jason\Desktop\gmer.zip
[2012/01/24 17:53:30 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Jason\defogger_reenable
[2012/01/24 17:52:49 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Jason\Desktop\Defogger.exe
[2012/01/24 17:09:01 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Jason\Desktop\MBR.dat
[2012/01/24 16:17:00 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/24 16:07:43 | 000,396,263 | ---- | C] () -- C:\Documents and Settings\Jason\Desktop\MiniToolBox.exe
[2012/01/24 16:04:34 | 000,334,429 | ---- | C] () -- C:\Documents and Settings\Jason\Desktop\FSS.exe
[2012/01/24 15:55:07 | 000,869,194 | ---- | C] () -- C:\Documents and Settings\Jason\Desktop\SecurityCheck.exe
[2012/01/23 15:43:09 | 669,044,736 | -HS- | C] () -- C:\hiberfil.sys
[2012/01/18 18:11:28 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2012/01/18 18:11:28 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2012/01/16 16:48:44 | 000,059,521 | ---- | C] () -- C:\Documents and Settings\Jason\Desktop\SUNRISELOGO1.pspimage
[2012/01/13 14:15:14 | 000,019,225 | ---- | C] () -- C:\Documents and Settings\Jason\Desktop\site_logo5.gif
[2012/01/13 14:07:40 | 000,019,178 | ---- | C] () -- C:\Documents and Settings\Jason\Desktop\site_logo4.gif
[2012/01/13 14:04:09 | 000,032,015 | ---- | C] () -- C:\Documents and Settings\Jason\Desktop\Image4.pspimage
[2012/01/13 13:51:19 | 000,011,480 | ---- | C] () -- C:\Documents and Settings\Jason\Desktop\logoback3.jpg
[2012/01/13 13:51:06 | 000,030,558 | ---- | C] () -- C:\Documents and Settings\Jason\Desktop\logoback3.pspimage
[2012/01/11 13:43:33 | 000,036,471 | ---- | C] () -- C:\Documents and Settings\Jason\Desktop\logoback2.pspimage
[2012/01/11 13:26:43 | 000,005,334 | ---- | C] () -- C:\Documents and Settings\Jason\Desktop\logoback1.pspimage
[2012/01/11 13:15:30 | 000,001,019 | ---- | C] () -- C:\Documents and Settings\Jason\Desktop\bg_header2.gif
[2012/01/11 13:13:52 | 000,000,405 | ---- | C] () -- C:\Documents and Settings\Jason\Desktop\bg_header.gif
[2012/01/11 12:51:35 | 000,007,224 | ---- | C] () -- C:\Documents and Settings\Jason\Desktop\testlogo1.gif
[2012/01/11 10:35:29 | 000,030,433 | ---- | C] () -- C:\Documents and Settings\Jason\Desktop\Image6.pspimage
[2012/01/11 10:35:24 | 000,025,216 | ---- | C] () -- C:\Documents and Settings\Jason\Desktop\Image5.pspimage
[2012/01/11 10:11:22 | 000,003,304 | ---- | C] () -- C:\Documents and Settings\Jason\Desktop\border_top_right.gif
[2011/11/30 15:00:50 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/24 21:35:24 | 000,000,432 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\06dd7gELX7bWQ3
[2011/01/07 21:28:00 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/01/07 21:28:00 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/07/01 20:53:55 | 000,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2010/02/02 08:10:20 | 000,453,024 | ---- | C] () -- C:\Program Files\setup.exe
[2010/02/02 08:09:26 | 135,558,563 | ---- | C] () -- C:\Program Files\openofficeorg1.cab
[2010/02/02 08:09:06 | 010,177,536 | ---- | C] () -- C:\Program Files\openofficeorg32.msi
[2010/02/01 18:27:28 | 000,000,290 | ---- | C] () -- C:\Program Files\setup.ini
[2009/11/25 17:14:39 | 000,053,808 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/08/18 20:33:57 | 000,000,341 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2009/07/24 14:14:05 | 000,219,648 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/07/24 14:14:05 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/07/24 14:14:05 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/07/24 14:14:05 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/02/14 12:12:01 | 000,001,304 | ---- | C] () -- C:\WINDOWS\checkip.dat
[2009/02/10 16:33:39 | 000,131,072 | R--- | C] () -- C:\WINDOWS\System32\SCCD3X01.DLL
[2008/03/22 17:12:01 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2008/03/22 17:12:01 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2008/03/22 17:12:01 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2008/02/21 15:43:19 | 000,001,962 | ---- | C] () -- C:\Program Files\Dell Support Center.lnk
[2008/01/29 18:35:18 | 032,981,120 | ---- | C] () -- C:\Program Files\avg75free_516a1225.exe
[2007/12/30 06:40:41 | 000,017,513 | ---- | C] () -- C:\Program Files\castle.d3
[2007/12/30 06:40:41 | 000,003,556 | ---- | C] () -- C:\Program Files\escher.d3
[2007/12/30 06:40:35 | 000,165,651 | ---- | C] () -- C:\Program Files\solids.dp
[2007/12/30 06:40:12 | 000,000,241 | ---- | C] () -- C:\Program Files\daedalus.url
[2007/12/30 06:37:51 | 000,037,875 | ---- | C] () -- C:\Program Files\dragon.ds
[2007/12/30 06:37:51 | 000,030,145 | ---- | C] () -- C:\Program Files\glacier.ds
[2007/12/30 06:37:51 | 000,021,463 | ---- | C] () -- C:\Program Files\survmaz3.ds
[2007/12/30 06:37:51 | 000,019,990 | ---- | C] () -- C:\Program Files\sokoban.ds
[2007/12/30 06:37:51 | 000,019,287 | ---- | C] () -- C:\Program Files\safari.ds
[2007/12/30 06:37:51 | 000,014,901 | ---- | C] () -- C:\Program Files\survmaz7.ds
[2007/12/30 06:37:51 | 000,014,526 | ---- | C] () -- C:\Program Files\stocker.ds
[2007/12/30 06:37:51 | 000,014,253 | ---- | C] () -- C:\Program Files\demos.ds
[2007/12/30 06:37:51 | 000,013,321 | ---- | C] () -- C:\Program Files\survmaz6.ds
[2007/12/30 06:37:51 | 000,011,384 | ---- | C] () -- C:\Program Files\survmaz5.ds
[2007/12/30 06:37:51 | 000,009,450 | ---- | C] () -- C:\Program Files\survmaz2.ds
[2007/12/30 06:37:51 | 000,008,180 | ---- | C] () -- C:\Program Files\pacman.ds
[2007/12/30 06:37:51 | 000,007,795 | ---- | C] () -- C:\Program Files\survmaz4.ds
[2007/12/30 06:37:51 | 000,007,028 | ---- | C] () -- C:\Program Files\maze5d.ds
[2007/12/30 06:37:51 | 000,007,022 | ---- | C] () -- C:\Program Files\survmaz1.ds
[2007/12/30 06:37:51 | 000,006,396 | ---- | C] () -- C:\Program Files\squared.ds
[2007/12/30 06:37:51 | 000,005,658 | ---- | C] () -- C:\Program Files\gigamaze.ds
[2007/12/30 06:37:51 | 000,005,623 | ---- | C] () -- C:\Program Files\mandy.ds
[2007/12/30 06:37:51 | 000,003,996 | ---- | C] () -- C:\Program Files\maze4d.ds
[2007/12/30 06:37:51 | 000,003,475 | ---- | C] () -- C:\Program Files\wordmaze.ds
[2007/12/18 20:07:18 | 000,000,119 | ---- | C] () -- C:\Program Files\Comcast Webmail.url
[2007/12/18 20:07:09 | 000,001,960 | ---- | C] () -- C:\Program Files\Comcast Desktop Doctor.lnk
[2007/11/14 12:22:06 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/10/28 17:04:03 | 000,000,671 | ---- | C] () -- C:\Program Files\McAfee Security Center.lnk
[2007/09/30 15:36:01 | 000,030,720 | ---- | C] () -- C:\WINDOWS\System32\REGTLIB.EXE
[2007/09/30 15:35:56 | 000,446,464 | ---- | C] () -- C:\WINDOWS\System32\tx32.dll
[2007/09/30 15:35:56 | 000,000,231 | ---- | C] () -- C:\WINDOWS\System32\IC32.INI
[2007/09/30 15:35:49 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\U25STORE.DLL
[2007/09/30 15:35:49 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\U25TOTAL.DLL
[2007/09/30 15:35:49 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\U25DTS.DLL
[2007/09/30 15:35:49 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\U2LBAR.DLL
[2007/09/30 15:35:49 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\U2LDTS.DLL
[2007/09/30 15:35:49 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\U2LEXCH.DLL
[2007/09/30 15:35:49 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\U2LSAMP1.DLL
[2007/09/30 15:35:49 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\U2LFINRA.DLL
[2007/09/30 15:35:47 | 000,306,176 | ---- | C] () -- C:\WINDOWS\System32\p2smcube.dll
[2007/09/30 15:35:47 | 000,300,544 | ---- | C] () -- C:\WINDOWS\System32\p2molap.dll
[2007/09/30 15:35:47 | 000,239,616 | ---- | C] () -- C:\WINDOWS\System32\p2solap.dll
[2007/01/03 19:39:17 | 000,000,034 | ---- | C] () -- C:\WINDOWS\hpfsched.ini
[2006/01/08 22:10:00 | 000,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/01/02 20:37:33 | 000,000,666 | ---- | C] () -- C:\Program Files\ConTEXT.lnk
[2005/11/07 23:41:41 | 008,715,352 | ---- | C] () -- C:\Program Files\Install_AIM.exe
[2005/10/23 16:26:05 | 000,099,965 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2005/10/23 16:25:47 | 000,003,287 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2005/10/20 20:23:40 | 000,072,418 | ---- | C] () -- C:\Program Files\VundoFix.exe
[2005/07/04 23:30:11 | 000,000,067 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/06/29 19:01:58 | 001,071,555 | ---- | C] () -- C:\Program Files\7z423.exe
[2005/02/21 00:10:51 | 000,487,536 | ---- | C] () -- C:\Program Files\msgr6suite.exe
[2004/12/04 19:00:39 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Jason\Local Settings\Application Data\fusioncache.dat
[2004/09/28 23:56:45 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/06/18 23:32:00 | 000,000,554 | ---- | C] () -- C:\WINDOWS\System32\surf.dat
[2004/05/29 13:28:42 | 000,000,014 | ---- | C] () -- C:\WINDOWS\help32.ini
[2004/05/29 13:28:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\image.dll
[2004/05/23 11:09:24 | 000,000,024 | ---- | C] () -- C:\WINDOWS\atid.ini
[2004/05/23 11:09:23 | 000,019,584 | ---- | C] () -- C:\Program Files\location.ini
[2004/05/23 10:28:43 | 000,056,296 | ---- | C] () -- C:\Program Files\isearchuninstall.exe
[2004/04/06 18:27:44 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Jason\Application Data\dm.ini
[2004/03/27 15:37:22 | 000,077,312 | ---- | C] () -- C:\Documents and Settings\Jason\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/03/27 11:45:04 | 002,761,301 | ---- | C] () -- C:\Program Files\sonique196.exe
[2004/03/27 11:36:16 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/03/27 10:52:05 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\Jason\Application Data\mpauth.dat
[2004/03/22 21:55:26 | 000,044,662 | ---- | C] () -- C:\Documents and Settings\Jason\Application Data\wklnhst.dat
[2004/03/18 10:19:09 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/03/18 10:15:37 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2004/03/18 10:11:51 | 000,000,636 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/03/18 10:08:33 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2004/03/18 10:07:52 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/03/18 10:04:36 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/03/18 09:51:22 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2004/03/18 09:49:20 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/03/18 09:49:12 | 000,441,546 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2004/03/18 09:49:12 | 000,071,482 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2004/03/18 09:32:22 | 000,000,549 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003/08/13 23:54:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2002/09/03 10:05:08 | 000,289,296 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2002/09/03 09:59:14 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/09/03 09:56:30 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002/09/03 09:31:46 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2002/09/03 09:31:44 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[2002/08/29 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT
[2002/08/29 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
[2002/08/29 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
[2002/08/29 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN
[2002/08/29 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
[2002/08/29 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/08/29 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2002/04/04 15:02:54 | 000,036,864 | ---- | C] () -- C:\WINDOWS\hpfsched.exe
[2002/04/04 15:01:42 | 000,004,229 | ---- | C] () -- C:\WINDOWS\hphmdl11.dat
[2001/08/23 14:00:00 | 000,022,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\SbcpHid.sys
[1980/01/01 01:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== Custom Scans ==========


< %TEMP%\smtmp\*.* /s >
[2008/09/25 10:57:46 | 000,000,272 | -HS- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\DESKTOP.INI
[2005/11/07 23:43:01 | 000,001,519 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Free AOL & Unlimited Internet.lnk
[2008/12/17 20:22:34 | 000,001,566 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Microsoft Update.lnk
[2008/09/09 16:26:10 | 000,002,505 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\New Office Document.lnk
[2008/09/09 16:26:10 | 000,002,515 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Open Office Document.lnk
[2010/04/02 12:24:52 | 000,000,736 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\PokerStars.lnk
[2010/02/16 17:43:50 | 000,000,768 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\PokerStars.net.lnk
[2008/09/25 10:57:46 | 000,001,563 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Set Program Access and Defaults.lnk
[2002/09/03 10:00:00 | 000,000,398 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Windows Catalog.lnk
[2009/07/30 20:02:02 | 000,001,507 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Windows Update.lnk
[2009/11/15 21:59:09 | 000,000,740 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Acrobat.com.lnk
[2011/10/18 08:33:57 | 000,002,347 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Adobe Reader 9.lnk
[2010/05/20 17:43:56 | 000,001,830 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Apple Software Update.lnk
[2004/03/18 10:08:27 | 000,001,681 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Dell Media Experience.lnk
[2004/03/18 10:07:19 | 000,001,744 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Dell Networking Guide.lnk
[2002/09/03 09:50:46 | 000,000,062 | -HS- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\DESKTOP.INI
[2009/04/13 16:09:01 | 000,002,463 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Access.lnk
[2011/08/07 15:52:16 | 000,002,487 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Excel.lnk
[2008/09/09 16:26:10 | 000,002,517 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Microsoft FrontPage.lnk
[2004/03/18 10:13:04 | 000,001,603 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Picture It! Photo Premium 9.lnk
[2009/08/21 22:30:44 | 000,002,489 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Word.lnk
[2004/03/18 10:11:02 | 000,001,605 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works Task Launcher.lnk
[2002/09/03 09:55:36 | 000,001,750 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\MSN Explorer.lnk
[2005/06/05 20:00:31 | 000,000,721 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\RealPlayer.lnk
[2004/03/18 10:03:32 | 000,001,687 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Solution Center.lnk
[2002/09/03 09:55:38 | 000,000,733 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Windows Messenger.lnk
[2005/12/31 00:17:09 | 000,000,645 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\7-Zip\7-Zip File Manager.lnk
[2005/12/31 00:17:09 | 000,000,650 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\7-Zip\7-Zip Help.lnk
[2004/04/07 23:55:33 | 000,001,498 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Calculator.lnk
[2010/03/05 22:27:42 | 000,000,320 | -HS- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Accessories\DESKTOP.INI
[2007/02/01 21:24:22 | 000,001,515 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Paint.lnk
[2008/09/25 10:57:31 | 000,001,585 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Remote Desktop Connection.lnk
[2010/03/05 22:27:42 | 000,000,710 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Scanner and Camera Wizard.lnk
[2002/09/03 09:57:40 | 000,000,694 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Windows Movie Maker.lnk
[2002/09/03 09:55:38 | 000,000,783 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Accessories\WordPad.lnk
[2002/09/03 09:55:38 | 000,001,424 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Accessibility\Accessibility Wizard.lnk
[2002/09/03 09:55:38 | 000,000,090 | -HS- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Accessibility\DESKTOP.INI
[2008/09/25 11:00:21 | 000,000,516 | -HS- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\DESKTOP.INI
[2002/09/03 09:55:38 | 000,000,690 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\HyperTerminal.lnk
[2002/09/03 09:54:34 | 000,001,661 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Network Connections.lnk
[2002/09/03 09:57:32 | 000,001,544 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Network Setup Wizard.lnk
[2002/09/03 09:54:34 | 000,001,550 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\New Connection Wizard.lnk
[2008/09/25 11:00:21 | 000,001,656 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Wireless Network Setup Wizard.lnk
[2002/09/03 09:55:38 | 000,000,146 | -HS- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Entertainment\DESKTOP.INI
[2002/09/03 09:55:38 | 000,001,432 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Entertainment\Sound Recorder.lnk
[2002/09/03 09:55:38 | 000,001,432 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Entertainment\Volume Control.lnk
[2004/03/18 10:05:40 | 000,000,803 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Microsoft Interactive Training\Microsoft Interactive Training Help.lnk
[2004/03/18 10:05:40 | 000,000,896 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Microsoft Interactive Training\Microsoft Interactive Training.lnk
[2002/09/03 09:55:38 | 000,001,425 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Character Map.lnk
[2004/10/03 17:18:53 | 000,000,703 | -HS- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\DESKTOP.INI
[2002/09/03 09:57:38 | 000,001,436 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Disk Cleanup.lnk
[2002/09/03 09:57:36 | 000,001,476 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Disk Defragmenter.lnk
[2002/09/03 10:00:00 | 000,001,495 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Files and Settings Transfer Wizard.lnk
[2002/09/03 09:57:38 | 000,001,657 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Scheduled Tasks.lnk
[2002/09/03 09:57:36 | 000,000,974 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\System Information.lnk
[2010/05/25 06:50:14 | 000,001,616 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\System Restore.lnk
[2002/09/03 09:56:16 | 000,001,486 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Component Services.lnk
[2002/09/03 10:00:00 | 000,001,506 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Computer Management.lnk
[2002/09/03 10:00:00 | 000,001,500 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Data Sources (ODBC).lnk
[2002/09/03 10:00:00 | 000,000,476 | -HS- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\DESKTOP.INI
[2002/09/03 10:00:00 | 000,001,496 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Event Viewer.lnk
[2004/03/18 10:04:14 | 000,001,107 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Microsoft .NET Framework 1.1 Configuration.lnk
[2004/03/18 10:04:14 | 000,001,158 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Microsoft .NET Framework 1.1 Wizards.lnk
[2002/09/03 10:00:00 | 000,001,495 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Performance.lnk
[2002/09/03 10:00:00 | 000,001,506 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Services.lnk
[2004/04/06 18:27:44 | 000,001,858 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Adobe\Adobe Download Manager\Adobe Download Manager.lnk
[2009/06/12 23:03:06 | 000,000,890 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Amazon\Amazon MP3 Downloader\Amazon MP3 Downloader.lnk
[2009/06/12 23:03:06 | 000,000,840 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Amazon\Amazon MP3 Downloader\Uninstall Amazon MP3 Downloader.lnk
[2010/11/23 13:10:12 | 000,001,712 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\avast! Free Antivirus\avast! Free Antivirus.lnk
[2006/01/02 20:37:33 | 000,000,678 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\ConTEXT\ConTEXT.lnk
[2006/01/02 20:37:33 | 000,000,673 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\ConTEXT\ReadMe First.lnk
[2006/01/02 20:37:33 | 000,000,635 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\ConTEXT\Uninstall ConTEXT.lnk
[2006/01/02 20:37:33 | 000,000,678 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\ConTEXT\Version History.lnk
[2005/07/19 20:54:40 | 000,000,052 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\ConTEXT\Visit ConTEXT Forum.url
[2004/11/09 00:02:10 | 000,000,050 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\ConTEXT\Visit ConTEXT Support Pages.url
[2009/11/17 22:21:52 | 000,000,419 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Daedalus\4D Mazes.lnk
[2009/11/17 22:21:52 | 000,000,419 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Daedalus\5D Mazes.lnk
[2009/11/17 22:21:52 | 000,000,438 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Daedalus\Daedalus 2.2.lnk
[2009/11/17 22:21:52 | 000,000,414 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Daedalus\Daedalus demos.lnk
[2009/11/17 22:21:52 | 000,000,438 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Daedalus\Daedalus documentation.lnk
[2009/11/17 22:21:52 | 000,000,438 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Daedalus\Daedalus homepage.lnk
[2009/11/17 22:21:52 | 000,000,426 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Daedalus\Daedalus scripting.lnk
[2009/11/17 22:21:52 | 000,000,419 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Daedalus\Dragonslayer.lnk
[2009/11/17 22:21:52 | 000,000,426 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Daedalus\Glacier Maze game.lnk
[2009/11/17 22:21:52 | 000,000,431 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Daedalus\Latest changes.lnk
[2009/11/17 22:21:52 | 000,000,419 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Daedalus\Pac-Man game.lnk
[2009/11/17 22:21:52 | 000,000,419 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Daedalus\Safari Maze game.lnk
[2009/11/17 22:21:52 | 000,000,426 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Daedalus\Sokoban game.lnk
[2009/11/17 22:21:52 | 000,000,431 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Daedalus\Survivor Maze game #7.lnk
[2009/11/17 22:21:52 | 000,000,431 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Daedalus\Word Mazes.lnk
[2009/11/17 22:21:52 | 000,000,431 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Daedalus\World's largest Maze.lnk
[2003/03/21 15:33:08 | 000,001,539 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Dell Accessories\Get High Speed Internet!.lnk
[2004/05/08 17:57:17 | 000,001,880 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Dell Picture Studio v2.0\Dell Picture Studio Home.lnk
[2004/05/08 17:57:17 | 000,001,096 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Dell Picture Studio v2.0\Dell.Shutterfly.com - Online Print Service.lnk
[2004/03/18 10:16:50 | 000,000,856 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Dell Picture Studio v2.0\Paint Shop Photo Album 4\On-line Help.lnk
[2004/09/28 18:19:47 | 000,002,395 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Dell Picture Studio v2.0\Paint Shop Photo Album 4\Paint Shop Photo Album.lnk
[2004/03/18 10:16:50 | 000,001,943 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Dell Picture Studio v2.0\Paint Shop Photo Album 4\Product Tour.lnk
[2004/03/18 10:16:50 | 000,001,519 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Dell Picture Studio v2.0\Paint Shop Photo Album 4\Uninstall Paint Shop Photo Album.lnk
[2004/03/18 10:05:57 | 000,000,501 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Dell\Service Agreement\Qualxserve Service Agreement.lnk
[2007/05/13 20:06:30 | 000,000,673 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\DivX\Remove the DivX Bundle.lnk
[2010/07/01 20:54:02 | 000,000,930 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Free Audio Pack\Easy Audio Cutter.lnk
[2010/07/01 20:54:02 | 000,000,914 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Free Audio Pack\Free CD Ripper.lnk
[2010/07/01 20:54:02 | 000,000,912 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Free Audio Pack\Free Mp3 Wma Converter.lnk
[2010/07/01 20:54:02 | 000,000,743 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Free Audio Pack\Uninstall Free Mp3 Wma Converter.lnk
[2010/08/09 19:21:04 | 000,000,846 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Full Tilt Poker\Full Tilt Poker.lnk
[2010/08/09 19:21:04 | 000,000,826 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Full Tilt Poker\Uninstall Full Tilt Poker.lnk
[2010/06/28 17:50:45 | 000,000,137 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\GameHouse\Visit GameHouse.url
[2004/10/03 17:22:07 | 000,000,798 | -HS- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Games\DESKTOP.INI
[2007/12/01 19:55:03 | 000,001,522 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Games\Freecell.lnk
[2007/10/09 21:27:44 | 000,001,520 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Games\Hearts.lnk
[2004/10/03 17:22:07 | 000,000,913 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Backgammon.lnk
[2004/10/03 17:22:07 | 000,000,913 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Checkers.lnk
[2004/10/03 17:22:07 | 000,000,913 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Hearts.lnk
[2004/10/03 17:22:07 | 000,000,913 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Reversi.lnk
[2004/10/03 17:22:07 | 000,000,913 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Spades.lnk
[2002/09/03 09:55:38 | 000,001,419 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Games\Minesweeper.lnk
[2002/09/03 09:55:38 | 000,000,789 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Games\Pinball.lnk
[2002/09/03 09:55:38 | 000,001,395 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Games\Solitaire.lnk
[2008/12/09 19:53:25 | 000,001,502 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Games\Spider Solitaire.lnk
[2009/07/08 21:14:07 | 000,001,746 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\HijackThis\HijackThis.lnk
[2004/03/18 10:06:04 | 000,001,856 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Intel Network Adapters\Intel® PROSet.lnk
[2010/05/20 17:53:02 | 000,001,814 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\iTunes\About iTunes.lnk
[2010/05/20 17:53:02 | 000,001,804 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\iTunes\iTunes.lnk
[2006/02/02 21:16:18 | 000,002,459 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Jasc Software\Animation Shop 3.lnk
[2004/10/27 21:19:03 | 000,000,687 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Jasc Software\Uninstall Animation Shop 3.lnk
[2006/11/22 17:02:57 | 000,001,818 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Macromedia\Macromedia Extension Manager.lnk
[2006/11/22 17:02:57 | 000,001,806 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Macromedia\Readme Files\Macromedia Extension Manager Readme.lnk
[2009/07/26 16:43:58 | 000,000,708 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware Help.lnk
[2009/07/26 16:43:58 | 000,000,708 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware.lnk
[2009/07/26 16:43:58 | 000,000,732 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Malwarebytes' Anti-Malware\Uninstall Malwarebytes' Anti-Malware.lnk
[2008/09/09 16:26:10 | 000,002,359 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office Tools\Activate Product.lnk
[2009/04/13 16:08:30 | 000,002,483 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office Tools\Microsoft Access Snapshot Viewer.lnk
[2008/09/09 16:26:09 | 000,002,527 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office Tools\Microsoft Clip Organizer.lnk
[2009/04/12 20:05:18 | 000,002,423 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office Tools\Microsoft Office Application Recovery.lnk
[2008/09/09 16:26:10 | 000,002,683 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office Tools\Microsoft Office Document Imaging.lnk
[2008/09/09 16:26:10 | 000,002,635 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office Tools\Microsoft Office Document Scanning.lnk
[2008/09/09 16:26:10 | 000,002,427 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office Tools\Microsoft Office XP Language Settings.lnk
[2008/09/09 16:26:10 | 000,002,447 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office Tools\Save My Settings Wizard.lnk
[2004/03/18 10:11:02 | 000,001,535 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works\Getting Started.lnk
[2004/03/18 10:11:02 | 000,001,861 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Calendar.lnk
[2004/03/18 10:11:02 | 000,001,976 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Database.lnk
[2004/03/18 10:11:02 | 000,001,593 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Portfolio.lnk
[2004/03/18 10:11:02 | 000,001,597 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Spreadsheet.lnk
[2004/03/18 10:11:02 | 000,001,611 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Task Launcher.lnk
[2004/03/18 10:11:02 | 000,000,688 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works\Windows Address Book.lnk
[2004/03/18 10:07:27 | 000,001,421 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Modem Helper\Modem Helper.lnk
[2004/03/18 10:07:40 | 000,000,463 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Modem On Hold\Modem on Hold Help.lnk
[2004/03/18 10:07:40 | 000,000,463 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Modem On Hold\Modem On Hold.lnk
[2010/04/02 00:16:34 | 000,001,636 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Mozilla Firefox\Mozilla Firefox (Safe Mode).lnk
[2010/04/02 00:16:34 | 000,001,614 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Mozilla Firefox\Mozilla Firefox.lnk
[2010/05/20 17:15:14 | 000,000,114 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\OpenOffice.org 3.2\Desktop.ini
[2010/05/20 17:13:48 | 000,000,865 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\OpenOffice.org 3.2\OpenOffice.org Writer.lnk
[2010/05/20 17:13:48 | 000,000,917 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\OpenOffice.org 3.2\OpenOffice.org.lnk
[2010/02/16 17:43:49 | 000,000,728 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\PokerStars.NET\Network Status.lnk
[2010/02/16 17:43:49 | 000,000,780 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\PokerStars.NET\PokerStars.net.lnk
[2010/02/16 17:43:50 | 000,000,831 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\PokerStars.NET\Uninstall PokerStars.net.lnk
[2010/04/02 12:24:52 | 000,000,696 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\PokerStars\Network Status.lnk
[2010/04/02 12:24:52 | 000,000,748 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\PokerStars\PokerStars.lnk
[2010/04/02 12:24:52 | 000,000,791 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\PokerStars\Uninstall PokerStars.lnk
[2010/05/20 17:46:50 | 000,001,802 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\About QuickTime.lnk
[2010/05/20 17:46:50 | 000,001,812 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\PictureViewer.lnk
[2010/05/20 17:46:50 | 000,001,802 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\QuickTime Player.lnk
[2010/05/20 17:46:50 | 000,001,639 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\Uninstall QuickTime.lnk
[2005/06/05 20:00:31 | 000,000,695 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Real\RealPlayer\Check for RealPlayer Update.lnk
[2005/06/05 20:00:31 | 000,000,763 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Real\RealPlayer\RealPlayer Help.lnk
[2005/06/05 20:00:31 | 000,000,862 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Real\RealPlayer\RealPlayer License Agreement.lnk
[2005/06/05 20:00:31 | 000,000,832 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Real\RealPlayer\RealPlayer ReadMe.lnk
[2005/06/05 20:00:31 | 000,000,851 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Real\RealPlayer\RealPlayer Subscription.lnk
[2005/06/05 20:00:31 | 000,000,733 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Real\RealPlayer\RealPlayer.lnk
[2005/06/05 20:00:31 | 000,000,940 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Real\RealPlayer\Uninstall RealPlayer.lnk
[2011/02/21 13:22:03 | 000,001,246 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\ShopperReports\About Us.lnk
[2011/02/21 13:22:03 | 000,001,304 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\ShopperReports\Customer Support.lnk
[2011/02/21 13:22:03 | 000,001,300 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\ShopperReports\ShopperReports Uninstall Instructions.lnk
[2009/08/18 20:39:50 | 000,000,828 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Snatch And Run\Snatch And Run.lnk
[2009/08/18 20:39:50 | 000,001,729 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Snatch And Run\TameStorm games.lnk
[2009/08/18 20:39:50 | 000,000,768 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Snatch And Run\Uninstall Snatch And Run.lnk
[2004/03/18 10:07:47 | 000,001,797 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Sonic\Express Labeler.lnk
[2004/03/18 10:07:47 | 000,001,671 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Sonic\RecordNow!\RecordNow!.lnk
[2009/07/08 17:08:01 | 000,000,834 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Spybot - Search & Destroy\File Shredder.lnk
[2009/07/08 17:08:01 | 000,000,945 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Spybot - Search & Destroy\Spybot - Search & Destroy.lnk
[2009/07/08 17:08:01 | 000,000,951 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Spybot - Search & Destroy\Tutorial.lnk
[2008/01/27 20:18:11 | 000,000,961 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Spybot - Search & Destroy\Uninstall Spybot - Search & Destroy.lnk
[2009/07/08 17:08:01 | 000,000,961 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Spybot - Search & Destroy\Uninstall Spybot-S&D.lnk
[2009/07/08 17:08:01 | 000,000,875 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Spybot - Search & Destroy\Update Spybot-S&D.lnk
[2005/10/23 16:16:55 | 000,000,708 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\SpywareBlaster\SpywareBlaster AutoUpdate Configuration.lnk
[2005/10/23 16:16:55 | 000,000,660 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\SpywareBlaster\SpywareBlaster Help.lnk
[2005/10/23 16:16:55 | 000,000,702 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\SpywareBlaster\SpywareBlaster.lnk
[2002/09/03 10:00:00 | 000,000,084 | -HS- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Startup\DESKTOP.INI
[2008/09/09 16:26:11 | 000,001,730 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Startup\Microsoft Office.lnk
[2009/07/08 21:31:06 | 000,000,770 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\SUPERAntiSpyware\BootSafe.lnk
[2009/07/08 21:31:06 | 000,000,806 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\SUPERAntiSpyware\SUPERAntiSpyware Alternate Start.lnk
[2009/07/08 21:31:06 | 000,001,736 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\SUPERAntiSpyware\SUPERAntiSpyware Free Edition.lnk
[2009/07/08 21:31:06 | 000,000,836 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\SUPERAntiSpyware\SUPERAntiSpyware Help.lnk
[2009/07/08 21:31:05 | 000,001,882 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\SUPERAntiSpyware\SUPERAntiSpyware Repair.lnk
[2011/02/21 13:23:14 | 000,001,389 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Xvid\Configure Decoder.lnk
[2011/02/21 13:23:14 | 000,001,399 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Xvid\Configure Encoder.lnk
[2011/02/21 13:23:14 | 000,000,684 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Xvid\INet-Doom9's Xvid Forum.lnk
[2011/02/21 13:23:14 | 000,000,758 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Xvid\INet-Koepi's Homepage (Updates).lnk
[2011/02/21 13:23:14 | 000,000,688 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Xvid\INet-Xvid Homepage.lnk
[2011/02/21 13:23:14 | 000,000,717 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Xvid\Koepi's OGMCalc.lnk
[2011/02/21 13:23:14 | 000,000,668 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Xvid\Nic's FourCC changer.lnk
[2011/02/21 13:23:14 | 000,000,672 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Xvid\Nic's MiniCalc.lnk
[2011/02/21 13:23:14 | 000,000,726 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Xvid\Release Notes.lnk
[2011/02/21 13:23:14 | 000,000,749 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Xvid\Some quantization matrices.lnk
[2011/02/21 13:23:14 | 000,000,705 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Xvid\StatsReader 2.1.lnk
[2011/02/21 13:23:14 | 000,000,703 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Xvid\StatsReader Notes.lnk
[2011/02/21 13:23:14 | 000,001,522 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Xvid\Uninstall Xvid.lnk
[2011/02/21 13:23:14 | 000,001,623 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Xvid\Vidc.Cleaner.lnk
[2004/04/07 19:48:41 | 000,000,397 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\2\CYNJAX.lnk
[2004/10/03 17:22:36 | 000,000,177 | -HS- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\2\DESKTOP.INI
[2011/10/18 13:39:48 | 000,002,637 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\2\Jasc Paint Shop Pro 9.lnk
[2009/05/31 00:51:17 | 000,000,815 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\2\Launch Internet Explorer Browser.lnk
[2011/11/24 21:18:55 | 000,002,499 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\2\Microsoft Excel.lnk
[2011/01/20 14:40:41 | 000,002,477 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\2\Microsoft FrontPage.lnk
[2010/04/02 00:16:34 | 000,001,620 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\2\Mozilla Firefox.lnk
[2010/06/07 21:02:04 | 000,001,218 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\2\Shortcut to CYN.lnk
[2006/02/09 20:26:09 | 000,000,424 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\2\Shortcut to My Music.lnk
[2004/10/03 17:22:36 | 000,000,079 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\2\Show Desktop.scf
[2004/03/27 11:46:07 | 000,000,660 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\2\Start Sonique.lnk
[2008/04/06 21:39:56 | 000,000,800 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\2\Windows Media Player.lnk
[2010/07/18 18:50:33 | 000,002,501 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\2\Word.lnk
[2009/11/15 21:59:09 | 000,000,734 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\4\Acrobat.com.lnk
[2011/10/18 08:33:57 | 000,001,729 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\4\Adobe Reader 9.lnk
[2010/11/23 13:10:12 | 000,001,700 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\4\avast! Free Antivirus.lnk
[2010/08/09 19:21:04 | 000,000,778 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\4\Full Tilt Poker.lnk
[2010/08/10 21:22:26 | 000,002,137 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\4\iTunes.lnk
[2009/02/09 12:56:55 | 000,000,696 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\4\Malwarebytes' Anti-Malware.lnk
[2010/05/20 17:13:48 | 000,000,905 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\4\OpenOffice.org 3.2.lnk
[2010/04/02 12:24:52 | 000,000,736 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\4\PokerStars.lnk
[2010/05/20 17:46:50 | 000,001,604 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\4\QuickTime Player.lnk
[2009/07/08 21:31:06 | 000,000,780 | ---- | M] () -- C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\4\SUPERAntiSpyware Free Edition.lnk

========== Alternate Data Streams ==========

@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:24051EFF
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:00 AM

Posted 30 January 2012 - 04:02 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :files
    xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
    xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
    xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
    xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 jbjax99

jbjax99
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:11:00 PM

Posted 31 January 2012 - 10:23 AM

Gringo,

No problems this time around either to speak of. Here's the log report:

========== FILES ==========
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\DESKTOP.INI
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Free AOL & Unlimited Internet.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Microsoft Update.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\New Office Document.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Open Office Document.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\PokerStars.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\PokerStars.net.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Set Program Access and Defaults.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Windows Catalog.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Windows Update.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Acrobat.com.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Adobe Reader 9.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Apple Software Update.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Dell Media Experience.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Dell Networking Guide.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\DESKTOP.INI
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Access.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Excel.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Microsoft FrontPage.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Picture It! Photo Premium 9.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Word.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works Task Launcher.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\MSN Explorer.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\RealPlayer.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Solution Center.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Windows Messenger.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\7-Zip\7-Zip File Manager.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\7-Zip\7-Zip Help.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Calculator.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Accessories\DESKTOP.INI
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Paint.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Remote Desktop Connection.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Scanner and Camera Wizard.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Windows Movie Maker.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Accessories\WordPad.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Accessibility\Accessibility Wizard.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Accessibility\DESKTOP.INI
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\DESKTOP.INI
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\HyperTerminal.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Network Connections.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Network Setup Wizard.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\New Connection Wizard.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Wireless Network Setup Wizard.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Entertainment\DESKTOP.INI
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Entertainment\Sound Recorder.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Entertainment\Volume Control.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Microsoft Interactive Training\Microsoft Interactive Training Help.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Microsoft Interactive Training\Microsoft Interactive Training.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Character Map.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\DESKTOP.INI
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Disk Cleanup.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Disk Defragmenter.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Files and Settings Transfer Wizard.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Scheduled Tasks.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\System Information.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\System Restore.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Component Services.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Computer Management.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Data Sources (ODBC).lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\DESKTOP.INI
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Event Viewer.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Microsoft .NET Framework 1.1 Configuration.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Microsoft .NET Framework 1.1 Wizards.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Performance.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Services.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Adobe\Adobe Download Manager\Adobe Download Manager.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Amazon\Amazon MP3 Downloader\Amazon MP3 Downloader.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Amazon\Amazon MP3 Downloader\Uninstall Amazon MP3 Downloader.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\avast! Free Antivirus\avast! Free Antivirus.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\ConTEXT\ConTEXT.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\ConTEXT\ReadMe First.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\ConTEXT\Uninstall ConTEXT.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\ConTEXT\Version History.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\ConTEXT\Visit ConTEXT Forum.url
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\ConTEXT\Visit ConTEXT Support Pages.url
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Daedalus\4D Mazes.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Daedalus\5D Mazes.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Daedalus\Daedalus 2.2.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Daedalus\Daedalus demos.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Daedalus\Daedalus documentation.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Daedalus\Daedalus homepage.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Daedalus\Daedalus scripting.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Daedalus\Dragonslayer.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Daedalus\Glacier Maze game.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Daedalus\Latest changes.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Daedalus\Pac-Man game.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Daedalus\Safari Maze game.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Daedalus\Sokoban game.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Daedalus\Survivor Maze game #7.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Daedalus\Word Mazes.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Daedalus\World's largest Maze.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Dell\Service Agreement\Qualxserve Service Agreement.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Dell Accessories\Get High Speed Internet!.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Dell Picture Studio v2.0\Dell Picture Studio Home.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Dell Picture Studio v2.0\Dell.Shutterfly.com - Online Print Service.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Dell Picture Studio v2.0\Paint Shop Photo Album 4\On-line Help.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Dell Picture Studio v2.0\Paint Shop Photo Album 4\Paint Shop Photo Album.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Dell Picture Studio v2.0\Paint Shop Photo Album 4\Product Tour.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Dell Picture Studio v2.0\Paint Shop Photo Album 4\Uninstall Paint Shop Photo Album.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\DivX\Remove the DivX Bundle.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Free Audio Pack\Easy Audio Cutter.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Free Audio Pack\Free CD Ripper.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Free Audio Pack\Free Mp3 Wma Converter.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Free Audio Pack\Uninstall Free Mp3 Wma Converter.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Full Tilt Poker\Full Tilt Poker.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Full Tilt Poker\Uninstall Full Tilt Poker.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\GameHouse\Visit GameHouse.url
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Games\DESKTOP.INI
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Games\Freecell.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Games\Hearts.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Backgammon.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Checkers.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Hearts.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Reversi.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Spades.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Games\Minesweeper.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Games\Pinball.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Games\Solitaire.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Games\Spider Solitaire.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\HijackThis\HijackThis.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Intel Network Adapters\Intel® PROSet.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\iTunes\About iTunes.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\iTunes\iTunes.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Jasc Software\Animation Shop 3.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Jasc Software\Uninstall Animation Shop 3.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Macromedia\Macromedia Extension Manager.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Macromedia\Readme Files\Macromedia Extension Manager Readme.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware Help.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Malwarebytes' Anti-Malware\Uninstall Malwarebytes' Anti-Malware.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office Tools\Activate Product.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office Tools\Microsoft Access Snapshot Viewer.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office Tools\Microsoft Clip Organizer.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office Tools\Microsoft Office Application Recovery.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office Tools\Microsoft Office Document Imaging.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office Tools\Microsoft Office Document Scanning.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office Tools\Microsoft Office XP Language Settings.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office Tools\Save My Settings Wizard.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works\Getting Started.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Calendar.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Database.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Portfolio.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Spreadsheet.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Task Launcher.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works\Windows Address Book.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Modem Helper\Modem Helper.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Modem On Hold\Modem on Hold Help.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Modem On Hold\Modem On Hold.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Mozilla Firefox\Mozilla Firefox (Safe Mode).lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Mozilla Firefox\Mozilla Firefox.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\OpenOffice.org 3.2\Desktop.ini
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\OpenOffice.org 3.2\OpenOffice.org Writer.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\OpenOffice.org 3.2\OpenOffice.org.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\PokerStars\Network Status.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\PokerStars\PokerStars.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\PokerStars\Uninstall PokerStars.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\PokerStars.NET\Network Status.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\PokerStars.NET\PokerStars.net.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\PokerStars.NET\Uninstall PokerStars.net.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\About QuickTime.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\PictureViewer.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\QuickTime Player.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\Uninstall QuickTime.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Real\RealPlayer\Check for RealPlayer Update.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Real\RealPlayer\RealPlayer Help.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Real\RealPlayer\RealPlayer License Agreement.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Real\RealPlayer\RealPlayer ReadMe.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Real\RealPlayer\RealPlayer Subscription.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Real\RealPlayer\RealPlayer.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Real\RealPlayer\Uninstall RealPlayer.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\ShopperReports\About Us.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\ShopperReports\Customer Support.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\ShopperReports\ShopperReports Uninstall Instructions.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Snatch And Run\Snatch And Run.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Snatch And Run\TameStorm games.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Snatch And Run\Uninstall Snatch And Run.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Sonic\Express Labeler.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Sonic\RecordNow!\RecordNow!.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Spybot - Search & Destroy\File Shredder.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Spybot - Search & Destroy\Spybot - Search & Destroy.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Spybot - Search & Destroy\Tutorial.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Spybot - Search & Destroy\Uninstall Spybot - Search & Destroy.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Spybot - Search & Destroy\Uninstall Spybot-S&D.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Spybot - Search & Destroy\Update Spybot-S&D.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\SpywareBlaster\SpywareBlaster AutoUpdate Configuration.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\SpywareBlaster\SpywareBlaster Help.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\SpywareBlaster\SpywareBlaster.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Startup\DESKTOP.INI
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Startup\Microsoft Office.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\SUPERAntiSpyware\BootSafe.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\SUPERAntiSpyware\SUPERAntiSpyware Alternate Start.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\SUPERAntiSpyware\SUPERAntiSpyware Free Edition.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\SUPERAntiSpyware\SUPERAntiSpyware Help.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\SUPERAntiSpyware\SUPERAntiSpyware Repair.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Xvid\Configure Decoder.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Xvid\Configure Encoder.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Xvid\INet-Doom9's Xvid Forum.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Xvid\INet-Koepi's Homepage (Updates).lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Xvid\INet-Xvid Homepage.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Xvid\Koepi's OGMCalc.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Xvid\Nic's FourCC changer.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Xvid\Nic's MiniCalc.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Xvid\Release Notes.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Xvid\Some quantization matrices.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Xvid\StatsReader 2.1.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Xvid\StatsReader Notes.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Xvid\Uninstall Xvid.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\1\Programs\Xvid\Vidc.Cleaner.lnk
208 File(s) copied
C:\Documents and Settings\Jason\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Jason\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\2\CYNJAX.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\2\DESKTOP.INI
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\2\Jasc Paint Shop Pro 9.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\2\Launch Internet Explorer Browser.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\2\Microsoft Excel.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\2\Microsoft FrontPage.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\2\Mozilla Firefox.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\2\Shortcut to CYN.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\2\Shortcut to My Music.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\2\Show Desktop.scf
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\2\Start Sonique.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\2\Windows Media Player.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\2\Word.lnk
13 File(s) copied
C:\Documents and Settings\Jason\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Jason\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Jason\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Jason\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\4\Acrobat.com.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\4\Adobe Reader 9.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\4\avast! Free Antivirus.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\4\Full Tilt Poker.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\4\iTunes.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\4\Malwarebytes' Anti-Malware.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\4\OpenOffice.org 3.2.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\4\PokerStars.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\4\QuickTime Player.lnk
C:\DOCUME~1\Jason\LOCALS~1\Temp\smtmp\4\SUPERAntiSpyware Free Edition.lnk
10 File(s) copied
C:\Documents and Settings\Jason\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Jason\Desktop\cmd.txt deleted successfully.

OTL by OldTimer - Version 3.2.31.0 log created on 01312012_101945

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:00 AM

Posted 31 January 2012 - 04:30 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 jbjax99

jbjax99
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:11:00 PM

Posted 01 February 2012 - 05:13 PM

I'm having problems running combofix.

The first time, right after it started the scan process (on the autoscan blue box), everything froze after the message - grep: memory exaustion.
I manually restarted the computer and tried again, everything froze again, same place in the process. Tried a third time, same thing.

I made sure avast was disabled permanently each time, and made sure not to click anything with the mouse each time.

I'm not sure what to do next...?

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:00 AM

Posted 01 February 2012 - 05:23 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 jbjax99

jbjax99
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:11:00 PM

Posted 02 February 2012 - 03:29 PM

Ok, this one was able to run properly without freezing, here's the log:


15:25:54.0000 3556 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49
15:25:54.0671 3556 ============================================================
15:25:54.0671 3556 Current date / time: 2012/02/02 15:25:54.0671
15:25:54.0671 3556 SystemInfo:
15:25:54.0671 3556
15:25:54.0671 3556 OS Version: 5.1.2600 ServicePack: 3.0
15:25:54.0671 3556 Product type: Workstation
15:25:54.0671 3556 ComputerName: JASON1
15:25:54.0671 3556 UserName: Jason
15:25:54.0671 3556 Windows directory: C:\WINDOWS
15:25:54.0671 3556 System windows directory: C:\WINDOWS
15:25:54.0671 3556 Processor architecture: Intel x86
15:25:54.0671 3556 Number of processors: 1
15:25:54.0671 3556 Page size: 0x1000
15:25:54.0671 3556 Boot type: Normal boot
15:25:54.0671 3556 ============================================================
15:25:57.0953 3556 Drive \Device\Harddisk0\DR0 - Size: 0x1BF08EB000 (111.76 Gb), SectorSize: 0x200, Cylinders: 0x38FD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
15:25:58.0062 3556 \Device\Harddisk0\DR0:
15:25:58.0062 3556 MBR used
15:25:58.0062 3556 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xFB04, BlocksNum 0xDF741B9
15:25:58.0250 3556 Initialize success
15:25:58.0250 3556 ============================================================
15:26:01.0562 3828 ============================================================
15:26:01.0562 3828 Scan started
15:26:01.0562 3828 Mode: Manual;
15:26:01.0562 3828 ============================================================
15:26:03.0000 3828 Aavmker4 (b6de0336f9f4b687b4ff57939f7b657a) C:\WINDOWS\system32\drivers\Aavmker4.sys
15:26:03.0000 3828 Aavmker4 - ok
15:26:03.0140 3828 Abiosdsk - ok
15:26:03.0421 3828 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
15:26:03.0437 3828 abp480n5 - ok
15:26:03.0609 3828 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:26:03.0640 3828 ACPI - ok
15:26:03.0796 3828 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
15:26:03.0859 3828 ACPIEC - ok
15:26:04.0234 3828 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys
15:26:04.0312 3828 adpu160m - ok
15:26:04.0687 3828 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
15:26:04.0734 3828 aeaudio - ok
15:26:05.0328 3828 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
15:26:05.0390 3828 aec - ok
15:26:05.0765 3828 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
15:26:05.0781 3828 AFD - ok
15:26:06.0046 3828 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\System32\DRIVERS\agp440.sys
15:26:06.0046 3828 agp440 - ok
15:26:06.0203 3828 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
15:26:06.0203 3828 agpCPQ - ok
15:26:06.0468 3828 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys
15:26:06.0484 3828 Aha154x - ok
15:26:06.0734 3828 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys
15:26:06.0750 3828 aic78u2 - ok
15:26:06.0953 3828 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys
15:26:06.0968 3828 aic78xx - ok
15:26:07.0156 3828 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys
15:26:07.0171 3828 AliIde - ok
15:26:07.0296 3828 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\System32\DRIVERS\alim1541.sys
15:26:07.0296 3828 alim1541 - ok
15:26:07.0390 3828 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\System32\DRIVERS\amdagp.sys
15:26:07.0406 3828 amdagp - ok
15:26:07.0640 3828 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys
15:26:07.0640 3828 amsint - ok
15:26:07.0781 3828 AN983 (116bff96077a4a724e0aab800525ceb5) C:\WINDOWS\system32\DRIVERS\AN983.sys
15:26:07.0796 3828 AN983 - ok
15:26:08.0000 3828 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys
15:26:08.0015 3828 asc - ok
15:26:08.0203 3828 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys
15:26:08.0203 3828 asc3350p - ok
15:26:08.0359 3828 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys
15:26:08.0375 3828 asc3550 - ok
15:26:08.0578 3828 aswFsBlk (054df24c92b55427e0757cfff160e4f2) C:\WINDOWS\system32\drivers\aswFsBlk.sys
15:26:08.0593 3828 aswFsBlk - ok
15:26:08.0796 3828 aswMon2 (ef0e9ad83380724bd6fbbb51d2d0f5b8) C:\WINDOWS\system32\drivers\aswMon2.sys
15:26:08.0796 3828 aswMon2 - ok
15:26:09.0031 3828 aswRdr (352d5a48ebab35a7693b048679304831) C:\WINDOWS\system32\drivers\aswRdr.sys
15:26:09.0031 3828 aswRdr - ok
15:26:09.0265 3828 aswSnx (8d34d2b24297e27d93e847319abfdec4) C:\WINDOWS\system32\drivers\aswSnx.sys
15:26:09.0390 3828 aswSnx - ok
15:26:09.0625 3828 aswSP (010012597333da1f46c3243f33f8409e) C:\WINDOWS\system32\drivers\aswSP.sys
15:26:09.0703 3828 aswSP - ok
15:26:09.0875 3828 aswTdi (f9f84364416658e9786235904d448d37) C:\WINDOWS\system32\drivers\aswTdi.sys
15:26:09.0875 3828 aswTdi - ok
15:26:10.0156 3828 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:26:10.0171 3828 AsyncMac - ok
15:26:10.0312 3828 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
15:26:10.0328 3828 atapi - ok
15:26:10.0406 3828 Atdisk - ok
15:26:10.0468 3828 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:26:10.0484 3828 Atmarpc - ok
15:26:10.0812 3828 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
15:26:10.0812 3828 audstub - ok
15:26:11.0015 3828 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
15:26:11.0015 3828 Beep - ok
15:26:11.0187 3828 bvrp_pci - ok
15:26:11.0421 3828 catchme - ok
15:26:11.0671 3828 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
15:26:11.0687 3828 cbidf - ok
15:26:11.0890 3828 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
15:26:11.0890 3828 cbidf2k - ok
15:26:12.0109 3828 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
15:26:12.0109 3828 cd20xrnt - ok
15:26:12.0234 3828 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
15:26:12.0234 3828 Cdaudio - ok
15:26:12.0484 3828 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
15:26:12.0500 3828 Cdfs - ok
15:26:12.0687 3828 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:26:12.0703 3828 Cdrom - ok
15:26:12.0859 3828 Changer - ok
15:26:13.0140 3828 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys
15:26:13.0140 3828 CmdIde - ok
15:26:13.0203 3828 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys
15:26:13.0218 3828 Cpqarray - ok
15:26:13.0281 3828 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
15:26:13.0281 3828 dac2w2k - ok
15:26:13.0328 3828 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys
15:26:13.0343 3828 dac960nt - ok
15:26:13.0437 3828 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
15:26:13.0437 3828 Disk - ok
15:26:13.0531 3828 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
15:26:13.0562 3828 dmboot - ok
15:26:13.0640 3828 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
15:26:13.0640 3828 dmio - ok
15:26:13.0687 3828 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
15:26:13.0703 3828 dmload - ok
15:26:13.0750 3828 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
15:26:13.0750 3828 DMusic - ok
15:26:13.0843 3828 Dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
15:26:13.0859 3828 Dot4 - ok
15:26:13.0953 3828 Dot4 HPH11 (8685290bf149e784a5a249d08db68ca4) C:\WINDOWS\system32\DRIVERS\hphid411.sys
15:26:13.0968 3828 Dot4 HPH11 - ok
15:26:14.0046 3828 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
15:26:14.0062 3828 Dot4Print - ok
15:26:14.0140 3828 Dot4Print HPH11 (6fd0c47a4660ac84d291b093aa87343e) C:\WINDOWS\system32\DRIVERS\hphipr11.sys
15:26:14.0156 3828 Dot4Print HPH11 - ok
15:26:14.0203 3828 Dot4Scan (bd05306428da63369692477ddc0f6f5f) C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys
15:26:14.0203 3828 Dot4Scan - ok
15:26:14.0250 3828 Dot4Storage HPH11 (c8d008d51c3b70f826338c4e0ed41561) C:\WINDOWS\system32\Drivers\hphs2k11.sys
15:26:14.0250 3828 Dot4Storage HPH11 - ok
15:26:14.0296 3828 Dot4Usb HPH11 (8238cdd9239b6c7a1a2483b6227a4c1b) C:\WINDOWS\system32\drivers\hphius11.sys
15:26:14.0312 3828 Dot4Usb HPH11 - ok
15:26:14.0375 3828 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys
15:26:14.0375 3828 dpti2o - ok
15:26:14.0453 3828 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
15:26:14.0468 3828 drmkaud - ok
15:26:14.0531 3828 drvmcdb (7f056a52bcba3102d2d37a4a2646c807) C:\WINDOWS\system32\drivers\drvmcdb.sys
15:26:14.0546 3828 drvmcdb - ok
15:26:14.0609 3828 drvnddm (d3c1e501ed42e77574b3095309dd4075) C:\WINDOWS\system32\drivers\drvnddm.sys
15:26:14.0609 3828 drvnddm - ok
15:26:14.0671 3828 E100B (98b46b331404a951cabad8b4877e1276) C:\WINDOWS\system32\DRIVERS\e100b325.sys
15:26:14.0687 3828 E100B - ok
15:26:14.0750 3828 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
15:26:14.0750 3828 EL90XBC - ok
15:26:14.0843 3828 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
15:26:14.0843 3828 Fastfat - ok
15:26:14.0906 3828 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
15:26:14.0906 3828 Fdc - ok
15:26:14.0953 3828 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
15:26:14.0953 3828 Fips - ok
15:26:15.0000 3828 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
15:26:15.0000 3828 Flpydisk - ok
15:26:15.0093 3828 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
15:26:15.0093 3828 FltMgr - ok
15:26:15.0156 3828 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:26:15.0171 3828 Fs_Rec - ok
15:26:15.0234 3828 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:26:15.0250 3828 Ftdisk - ok
15:26:15.0312 3828 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:26:15.0312 3828 Gpc - ok
15:26:15.0375 3828 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:26:15.0375 3828 HidUsb - ok
15:26:15.0468 3828 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys
15:26:15.0468 3828 hpn - ok
15:26:15.0546 3828 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
15:26:15.0546 3828 HTTP - ok
15:26:15.0593 3828 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
15:26:15.0609 3828 i2omgmt - ok
15:26:15.0656 3828 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\System32\DRIVERS\i2omp.sys
15:26:15.0656 3828 i2omp - ok
15:26:15.0718 3828 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:26:15.0718 3828 i8042prt - ok
15:26:15.0796 3828 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
15:26:15.0812 3828 i81x - ok
15:26:15.0875 3828 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
15:26:15.0875 3828 iAimFP0 - ok
15:26:15.0921 3828 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
15:26:15.0937 3828 iAimFP1 - ok
15:26:15.0984 3828 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
15:26:15.0984 3828 iAimFP2 - ok
15:26:16.0046 3828 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
15:26:16.0046 3828 iAimFP3 - ok
15:26:16.0109 3828 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
15:26:16.0125 3828 iAimFP4 - ok
15:26:16.0171 3828 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
15:26:16.0171 3828 iAimTV0 - ok
15:26:16.0218 3828 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
15:26:16.0218 3828 iAimTV1 - ok
15:26:16.0265 3828 iAimTV2 - ok
15:26:16.0312 3828 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
15:26:16.0312 3828 iAimTV3 - ok
15:26:16.0359 3828 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
15:26:16.0359 3828 iAimTV4 - ok
15:26:16.0468 3828 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
15:26:16.0515 3828 ialm - ok
15:26:16.0578 3828 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
15:26:16.0578 3828 Imapi - ok
15:26:16.0656 3828 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys
15:26:16.0656 3828 ini910u - ok
15:26:16.0750 3828 IntelC51 (8e51bf1696821a72656444e0fd5081a3) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
15:26:16.0796 3828 IntelC51 - ok
15:26:16.0906 3828 IntelC52 (331ce31882754000ca2afbf7bd480513) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
15:26:16.0921 3828 IntelC52 - ok
15:26:16.0984 3828 IntelC53 (8001fac548eb0285d0085f4eb53c1e3f) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
15:26:16.0984 3828 IntelC53 - ok
15:26:17.0046 3828 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys
15:26:17.0046 3828 IntelIde - ok
15:26:17.0125 3828 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:26:17.0140 3828 intelppm - ok
15:26:17.0187 3828 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
15:26:17.0187 3828 ip6fw - ok
15:26:17.0250 3828 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:26:17.0250 3828 IpFilterDriver - ok
15:26:17.0296 3828 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:26:17.0312 3828 IpInIp - ok
15:26:17.0359 3828 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:26:17.0375 3828 IpNat - ok
15:26:17.0437 3828 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:26:17.0437 3828 IPSec - ok
15:26:17.0484 3828 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
15:26:17.0484 3828 IRENUM - ok
15:26:17.0531 3828 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:26:17.0531 3828 isapnp - ok
15:26:17.0593 3828 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:26:17.0609 3828 Kbdclass - ok
15:26:17.0656 3828 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
15:26:17.0671 3828 kmixer - ok
15:26:17.0718 3828 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
15:26:17.0718 3828 KSecDD - ok
15:26:17.0781 3828 lbrtfdc - ok
15:26:17.0875 3828 LNE100 (e7a30b307ac29afbb993049df04bb91b) C:\WINDOWS\system32\DRIVERS\LNE100V5.sys
15:26:17.0890 3828 LNE100 - ok
15:26:17.0968 3828 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
15:26:17.0968 3828 mnmdd - ok
15:26:18.0015 3828 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
15:26:18.0015 3828 Modem - ok
15:26:18.0078 3828 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
15:26:18.0078 3828 MODEMCSA - ok
15:26:18.0125 3828 mohfilt (bdd406003c0c340cf6c5501165e83dcd) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
15:26:18.0125 3828 mohfilt - ok
15:26:18.0171 3828 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:26:18.0171 3828 Mouclass - ok
15:26:18.0250 3828 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:26:18.0250 3828 mouhid - ok
15:26:18.0296 3828 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
15:26:18.0296 3828 MountMgr - ok
15:26:18.0359 3828 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys
15:26:18.0359 3828 mraid35x - ok
15:26:18.0421 3828 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:26:18.0421 3828 MRxDAV - ok
15:26:18.0500 3828 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
15:26:18.0500 3828 Msfs - ok
15:26:18.0546 3828 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:26:18.0562 3828 MSKSSRV - ok
15:26:18.0609 3828 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:26:18.0609 3828 MSPCLOCK - ok
15:26:18.0656 3828 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
15:26:18.0656 3828 MSPQM - ok
15:26:18.0734 3828 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:26:18.0734 3828 mssmbios - ok
15:26:18.0796 3828 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
15:26:18.0796 3828 Mup - ok
15:26:18.0875 3828 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
15:26:18.0875 3828 NDIS - ok
15:26:18.0968 3828 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:26:18.0968 3828 NdisTapi - ok
15:26:19.0046 3828 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:26:19.0046 3828 Ndisuio - ok
15:26:19.0093 3828 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:26:19.0109 3828 NdisWan - ok
15:26:19.0156 3828 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
15:26:19.0171 3828 NDProxy - ok
15:26:19.0218 3828 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
15:26:19.0234 3828 NetBT - ok
15:26:19.0312 3828 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
15:26:19.0328 3828 Npfs - ok
15:26:19.0390 3828 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
15:26:19.0421 3828 Ntfs - ok
15:26:19.0546 3828 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
15:26:19.0546 3828 Null - ok
15:26:19.0671 3828 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
15:26:19.0734 3828 nv - ok
15:26:19.0828 3828 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:26:19.0828 3828 NwlnkFlt - ok
15:26:19.0890 3828 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:26:19.0890 3828 NwlnkFwd - ok
15:26:19.0968 3828 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys
15:26:19.0968 3828 omci - ok
15:26:20.0062 3828 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
15:26:20.0062 3828 P3 - ok
15:26:20.0125 3828 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
15:26:20.0125 3828 Parport - ok
15:26:20.0187 3828 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
15:26:20.0187 3828 PartMgr - ok
15:26:20.0234 3828 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
15:26:20.0234 3828 ParVdm - ok
15:26:20.0281 3828 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
15:26:20.0296 3828 PCI - ok
15:26:20.0328 3828 PCIDump - ok
15:26:20.0390 3828 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
15:26:20.0390 3828 PCIIde - ok
15:26:20.0468 3828 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
15:26:20.0468 3828 Pcmcia - ok
15:26:20.0531 3828 PDCOMP - ok
15:26:20.0578 3828 PDFRAME - ok
15:26:20.0640 3828 PDRELI - ok
15:26:20.0671 3828 PDRFRAME - ok
15:26:20.0734 3828 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys
15:26:20.0734 3828 perc2 - ok
15:26:20.0796 3828 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys
15:26:20.0796 3828 perc2hib - ok
15:26:20.0906 3828 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:26:20.0906 3828 PptpMiniport - ok
15:26:20.0953 3828 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
15:26:20.0968 3828 Processor - ok
15:26:21.0015 3828 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
15:26:21.0031 3828 PSched - ok
15:26:21.0093 3828 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:26:21.0093 3828 Ptilink - ok
15:26:21.0140 3828 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
15:26:21.0156 3828 PxHelp20 - ok
15:26:21.0234 3828 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys
15:26:21.0234 3828 ql1080 - ok
15:26:21.0296 3828 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
15:26:21.0296 3828 Ql10wnt - ok
15:26:21.0359 3828 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys
15:26:21.0375 3828 ql12160 - ok
15:26:21.0421 3828 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys
15:26:21.0437 3828 ql1240 - ok
15:26:21.0500 3828 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys
15:26:21.0500 3828 ql1280 - ok
15:26:21.0562 3828 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:26:21.0562 3828 RasAcd - ok
15:26:21.0640 3828 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:26:21.0640 3828 Rasl2tp - ok
15:26:21.0718 3828 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:26:21.0734 3828 RasPppoe - ok
15:26:21.0781 3828 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
15:26:21.0781 3828 Raspti - ok
15:26:21.0828 3828 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:26:21.0843 3828 RDPCDD - ok
15:26:21.0921 3828 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:26:21.0921 3828 rdpdr - ok
15:26:22.0015 3828 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
15:26:22.0015 3828 RDPWD - ok
15:26:22.0109 3828 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
15:26:22.0109 3828 redbook - ok
15:26:22.0250 3828 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
15:26:22.0250 3828 rtl8139 - ok
15:26:22.0343 3828 SASDIFSV (5bf35c4ea3f00fa8d3f1e5bf03d24584) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
15:26:22.0343 3828 SASDIFSV - ok
15:26:22.0375 3828 SASENUM (a22f08c98ac2f44587bf3a1fb52bf8cd) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
15:26:22.0375 3828 SASENUM - ok
15:26:22.0390 3828 SASKUTIL (81c02ea5f88ca4125e579384dfd75e3a) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
15:26:22.0390 3828 SASKUTIL - ok
15:26:22.0468 3828 SbcpHid (30d94039a729571146eb9d736ec1aadd) C:\WINDOWS\system32\Drivers\SbcpHid.sys
15:26:22.0468 3828 SbcpHid - ok
15:26:22.0562 3828 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:26:22.0562 3828 Secdrv - ok
15:26:22.0640 3828 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
15:26:22.0640 3828 serenum - ok
15:26:22.0703 3828 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
15:26:22.0703 3828 Serial - ok
15:26:22.0781 3828 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
15:26:22.0781 3828 Sfloppy - ok
15:26:22.0843 3828 Simbad - ok
15:26:22.0921 3828 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\System32\DRIVERS\sisagp.sys
15:26:22.0921 3828 sisagp - ok
15:26:23.0031 3828 smwdm (5018a9db5eb62e3edb3110f82f556285) C:\WINDOWS\system32\drivers\smwdm.sys
15:26:23.0078 3828 smwdm - ok
15:26:23.0140 3828 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
15:26:23.0156 3828 SONYPVU1 - ok
15:26:23.0234 3828 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys
15:26:23.0234 3828 Sparrow - ok
15:26:23.0312 3828 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
15:26:23.0312 3828 splitter - ok
15:26:23.0375 3828 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
15:26:23.0375 3828 sr - ok
15:26:23.0468 3828 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
15:26:23.0484 3828 Srv - ok
15:26:23.0546 3828 sscdbhk5 (328e8bb94ec58480f60458fb4b8437a7) C:\WINDOWS\system32\drivers\sscdbhk5.sys
15:26:23.0546 3828 sscdbhk5 - ok
15:26:23.0609 3828 ssrtln (7ec8b427cee5c0cdac066320b93f1355) C:\WINDOWS\system32\drivers\ssrtln.sys
15:26:23.0625 3828 ssrtln - ok
15:26:23.0671 3828 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
15:26:23.0671 3828 swenum - ok
15:26:23.0734 3828 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
15:26:23.0734 3828 swmidi - ok
15:26:23.0812 3828 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys
15:26:23.0812 3828 symc810 - ok
15:26:23.0875 3828 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys
15:26:23.0875 3828 symc8xx - ok
15:26:23.0921 3828 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys
15:26:23.0937 3828 sym_hi - ok
15:26:23.0984 3828 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys
15:26:23.0984 3828 sym_u3 - ok
15:26:24.0062 3828 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
15:26:24.0062 3828 sysaudio - ok
15:26:24.0156 3828 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:26:24.0187 3828 Tcpip - ok
15:26:24.0234 3828 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
15:26:24.0250 3828 TDPIPE - ok
15:26:24.0312 3828 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
15:26:24.0312 3828 TDTCP - ok
15:26:24.0375 3828 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
15:26:24.0375 3828 TermDD - ok
15:26:24.0453 3828 tfsnboio (c229bf90443be8d3bd2b65d7f3ac0f35) C:\WINDOWS\system32\dla\tfsnboio.sys
15:26:24.0453 3828 tfsnboio - ok
15:26:24.0500 3828 tfsncofs (79ee9fcd7728e54ab8fbc30962f0416f) C:\WINDOWS\system32\dla\tfsncofs.sys
15:26:24.0515 3828 tfsncofs - ok
15:26:24.0562 3828 tfsndrct (9efb37e7de17d783a059b653f7e8afad) C:\WINDOWS\system32\dla\tfsndrct.sys
15:26:24.0562 3828 tfsndrct - ok
15:26:24.0625 3828 tfsndres (130254995ebedcb34d62e8d78ec9dbd0) C:\WINDOWS\system32\dla\tfsndres.sys
15:26:24.0625 3828 tfsndres - ok
15:26:24.0671 3828 tfsnifs (9b40e1e4aeed849812a2e43a388a7e77) C:\WINDOWS\system32\dla\tfsnifs.sys
15:26:24.0671 3828 tfsnifs - ok
15:26:24.0734 3828 tfsnopio (818047ad850b312705aa17ca96b9427d) C:\WINDOWS\system32\dla\tfsnopio.sys
15:26:24.0734 3828 tfsnopio - ok
15:26:24.0781 3828 tfsnpool (4603e813bcc6dd465cd8d2afd37fa90d) C:\WINDOWS\system32\dla\tfsnpool.sys
15:26:24.0781 3828 tfsnpool - ok
15:26:24.0843 3828 tfsnudf (6fc2cd904a9a55acfdfc780a611a75ed) C:\WINDOWS\system32\dla\tfsnudf.sys
15:26:24.0843 3828 tfsnudf - ok
15:26:24.0921 3828 tfsnudfa (d4afa4d00f8db3fd1c15b3fe49c3a96c) C:\WINDOWS\system32\dla\tfsnudfa.sys
15:26:24.0937 3828 tfsnudfa - ok
15:26:25.0000 3828 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys
15:26:25.0000 3828 TosIde - ok
15:26:25.0093 3828 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
15:26:25.0093 3828 Udfs - ok
15:26:25.0156 3828 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys
15:26:25.0171 3828 ultra - ok
15:26:25.0250 3828 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
15:26:25.0281 3828 Update - ok
15:26:25.0328 3828 USBAAPL - ok
15:26:25.0421 3828 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:26:25.0437 3828 usbccgp - ok
15:26:25.0515 3828 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:26:25.0515 3828 usbehci - ok
15:26:25.0609 3828 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:26:25.0609 3828 usbhub - ok
15:26:25.0687 3828 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:26:25.0687 3828 usbprint - ok
15:26:25.0765 3828 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:26:25.0765 3828 usbscan - ok
15:26:25.0843 3828 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:26:25.0859 3828 USBSTOR - ok
15:26:25.0906 3828 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:26:25.0906 3828 usbuhci - ok
15:26:25.0968 3828 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
15:26:25.0968 3828 VgaSave - ok
15:26:26.0046 3828 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\System32\DRIVERS\viaagp.sys
15:26:26.0062 3828 viaagp - ok
15:26:26.0125 3828 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
15:26:26.0140 3828 ViaIde - ok
15:26:26.0203 3828 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
15:26:26.0203 3828 VolSnap - ok
15:26:26.0296 3828 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:26:26.0296 3828 Wanarp - ok
15:26:26.0343 3828 wanatw - ok
15:26:26.0390 3828 WDICA - ok
15:26:26.0437 3828 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
15:26:26.0437 3828 wdmaud - ok
15:26:26.0578 3828 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
15:26:26.0578 3828 WS2IFSL - ok
15:26:26.0671 3828 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:26:26.0671 3828 WudfPf - ok
15:26:26.0750 3828 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:26:26.0765 3828 WudfRd - ok
15:26:26.0859 3828 {6080A529-897E-4629-A488-ABA0C29B635E} (fd1f4e9cf06c71c8d73a24acf18d8296) C:\WINDOWS\system32\drivers\ialmsbw.sys
15:26:26.0875 3828 {6080A529-897E-4629-A488-ABA0C29B635E} - ok
15:26:26.0953 3828 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (d4d7331d33d1fa73e588e5ce0d90a4c1) C:\WINDOWS\system32\drivers\ialmkchw.sys
15:26:26.0953 3828 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
15:26:26.0968 3828 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
15:26:27.0000 3828 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
15:26:27.0000 3828 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
15:26:27.0031 3828 Boot (0x1200) (c0f1c6a956140705a1c5acdc315bcf5c) \Device\Harddisk0\DR0\Partition0
15:26:27.0031 3828 \Device\Harddisk0\DR0\Partition0 - ok
15:26:27.0031 3828 ============================================================
15:26:27.0031 3828 Scan finished
15:26:27.0031 3828 ============================================================
15:26:27.0062 1580 Detected object count: 1
15:26:27.0062 1580 Actual detected object count: 1
15:26:45.0531 1580 \Device\Harddisk0\DR0\# - copied to quarantine
15:26:45.0531 1580 \Device\Harddisk0\DR0 - copied to quarantine
15:26:45.0593 1580 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
15:26:45.0609 1580 \Device\Harddisk0\DR0\TDLFS\vbr - copied to quarantine
15:26:45.0609 1580 \Device\Harddisk0\DR0\TDLFS\bid - copied to quarantine
15:26:45.0609 1580 \Device\Harddisk0\DR0\TDLFS\affid - copied to quarantine
15:26:45.0609 1580 \Device\Harddisk0\DR0\TDLFS\boot - copied to quarantine
15:26:45.0609 1580 \Device\Harddisk0\DR0\TDLFS\cmd32 - copied to quarantine
15:26:45.0656 1580 \Device\Harddisk0\DR0\TDLFS\cmd64 - copied to quarantine
15:26:45.0656 1580 \Device\Harddisk0\DR0\TDLFS\dbg32 - copied to quarantine
15:26:45.0656 1580 \Device\Harddisk0\DR0\TDLFS\dbg64 - copied to quarantine
15:26:45.0671 1580 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
15:26:45.0687 1580 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
15:26:45.0703 1580 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
15:26:45.0703 1580 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
15:26:45.0703 1580 \Device\Harddisk0\DR0\TDLFS\subid - copied to quarantine
15:26:45.0703 1580 \Device\Harddisk0\DR0\TDLFS\info - copied to quarantine
15:26:45.0750 1580 \Device\Harddisk0\DR0\TDLFS\main - copied to quarantine
15:26:45.0750 1580 \Device\Harddisk0\DR0\TDLFS\mainfb.script - copied to quarantine
15:26:45.0796 1580 \Device\Harddisk0\DR0\TDLFS\com32 - copied to quarantine
15:26:45.0796 1580 \Device\Harddisk0\DR0\TDLFS\serf_conf - copied to quarantine
15:26:45.0843 1580 \Device\Harddisk0\DR0\TDLFS\bbr232 - copied to quarantine
15:26:45.0890 1580 \Device\Harddisk0\DR0\TDLFS\serf332 - copied to quarantine
15:26:45.0937 1580 \Device\Harddisk0\DR0\TDLFS\bbr_conf - copied to quarantine
15:26:45.0984 1580 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot
15:26:45.0984 1580 \Device\Harddisk0\DR0 - ok
15:26:45.0984 1580 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure
15:26:48.0968 3616 Deinitialize success

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:00 AM

Posted 03 February 2012 - 01:09 AM

I would like you to download an updated version of combofix.

update combofix

Delete the version of combofix you have now on your desktop and download a new one from here

Link 1
Link 2
Link 3
**Note: It is important that it is saved directly to your desktop**

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note:Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer
[/list]
"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 jbjax99

jbjax99
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:11:00 PM

Posted 03 February 2012 - 01:29 PM

Ok, it worked that time. There weren't any problems that I could tell. I tried pasting the log, but when I hit reply, bleepingcomputer said my post was too long and to shorten. So I'm splitting into multiple replies to fit everything.

Here's the first part of the log:

ComboFix 12-02-03.02 - Jason 02/03/2012 13:01:48.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.638.304 [GMT -5:00]
Running from: c:\documents and settings\Jason\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\Jason\MYDOCU~1\DXPTpo~1.exe
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Start Menu\Programs\ShopperReports
c:\documents and settings\All Users\Start Menu\Programs\ShopperReports\About Us.lnk
c:\documents and settings\All Users\Start Menu\Programs\ShopperReports\Customer Support.lnk
c:\documents and settings\All Users\Start Menu\Programs\ShopperReports\ShopperReports Uninstall Instructions.lnk
c:\documents and settings\Jason\My Documents\~WRL2789.tmp
c:\documents and settings\Jason\System
c:\documents and settings\Jason\System\win_qs8.jqx
c:\documents and settings\Jason\WINDOWS
c:\program files\avg75free_516a1225.exe
c:\program files\Search Settings
c:\program files\Search Settings\FF\chrome.manifest
c:\program files\Search Settings\FF\chrome\content\plugin.js
c:\program files\Search Settings\FF\chrome\content\plugin.xul
c:\program files\Search Settings\FF\chrome\content\protection.js
c:\program files\Search Settings\FF\chrome\content\utils.js
c:\program files\Search Settings\FF\chrome\locale\en-US\searchsettingsplugin.dtd
c:\program files\Search Settings\FF\chrome\locale\en-US\searchsettingsplugin.properties
c:\program files\Search Settings\FF\components\IFBHOSearch.xpt
c:\program files\Search Settings\FF\components\IFBHOSearchHelperEngine.xpt
c:\program files\Search Settings\FF\components\IFHelperPreferences.xpt
c:\program files\Search Settings\FF\install.rdf
c:\program files\Search Settings\SeARchsettings.dll
c:\program files\Search Settings\SearchSettings.exe
c:\program files\Search Settings\SearchSettingsRes409.dll
c:\windows\system32\SET10A.tmp
c:\windows\system32\SET1FB.tmp
c:\windows\system32\SET33.tmp
c:\windows\system32\SET37.tmp
c:\windows\system32\SET3A0.tmp
c:\windows\system32\SET3A5.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-01-03 to 2012-02-03 )))))))))))))))))))))))))))))))
.
.
2012-02-03 17:46 . 2012-02-03 17:46 -------- d-----w- c:\windows\LastGood
2012-02-02 20:26 . 2012-02-02 20:26 -------- d-----w- C:\TDSSKiller_Quarantine
2012-01-31 15:19 . 2012-01-31 15:19 -------- d-----w- C:\_OTL
2012-01-23 21:03 . 2012-01-23 21:03 -------- d-----w- c:\documents and settings\Jason\Local Settings\Application Data\PCHealth
2012-01-20 14:29 . 2012-01-20 14:29 -------- d-----w- c:\windows\system32\wbem\Repository
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-12 14:27 . 2011-12-12 14:27 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-28 18:01 . 2010-11-23 18:09 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 18:01 . 2009-07-23 21:11 199816 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-28 17:53 . 2011-11-25 03:52 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2009-07-23 21:11 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:52 . 2009-07-23 21:11 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2009-07-23 21:11 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2009-07-23 21:11 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-11-28 17:51 . 2009-07-23 21:11 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-11-28 17:51 . 2009-07-23 21:11 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-28 17:48 . 2009-07-23 21:11 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-11-25 21:57 . 2002-08-29 11:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2002-08-29 11:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2002-08-29 11:00 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2004-07-18 05:52 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2002-08-29 11:00 152064 ----a-w- c:\windows\system32\schannel.dll
2010-02-02 13:10 . 2010-02-02 13:10 453024 ----a-w- c:\program files\setup.exe
2010-02-02 13:09 . 2010-02-02 13:09 10177536 ----a-w- c:\program files\openofficeorg32.msi
2007-12-31 12:02 . 2007-12-30 11:36 524288 ----a-w- c:\program files\daedalus.exe
2006-05-05 01:05 . 2006-01-09 03:03 36465208 ----a-w- c:\program files\iTunesSetup.exe
2006-01-26 02:14 . 2006-01-26 02:14 14795136 ----a-w- c:\program files\DivXPlay.exe
2006-01-03 01:36 . 2006-01-03 01:36 1591163 ----a-w- c:\program files\ConTEXTsetup.exe
2005-11-08 04:41 . 2005-11-08 04:41 8715352 ----a-w- c:\program files\Install_AIM.exe
2005-10-23 21:25 . 2005-10-23 21:25 4878136 ----a-w- c:\program files\Firefox Setup 1.0.7.exe
2005-10-23 21:16 . 2005-10-23 21:16 2560240 ----a-w- c:\program files\spywareblastersetup34.exe
2005-10-21 01:23 . 2005-10-21 01:23 72418 ----a-w- c:\program files\VundoFix.exe
2005-10-03 16:56 . 2005-10-03 16:56 323584 ----a-w- c:\program files\cleanup.exe
2005-06-30 00:02 . 2005-06-30 00:01 1071555 ----a-w- c:\program files\7z423.exe
2005-02-21 05:11 . 2005-02-21 05:10 487536 ----a-w- c:\program files\msgr6suite.exe
2004-10-28 01:20 . 2004-10-28 01:20 116384 ----a-w- c:\program files\Download Paint Shop Pro 9 now.exe
2004-09-10 03:25 . 2004-09-10 03:25 12652784 ----a-w- c:\program files\mp10setup.exe
2004-07-25 00:18 . 2004-07-25 00:18 10135688 ----a-w- c:\program files\MPSetupXP.exe
2004-05-23 15:28 . 2004-05-23 15:28 56296 ----a-w- c:\program files\isearchuninstall.exe
2004-04-06 23:28 . 2004-04-06 23:27 9143000 ----a-w- c:\program files\AdbeRdr60_enu.exe
2004-03-27 16:45 . 2004-03-27 16:45 2761301 ----a-w- c:\program files\sonique196.exe
2004-03-27 16:39 . 2004-03-27 16:39 770048 ----a-w- c:\program files\winmx331.exe
2011-11-21 04:04 . 2011-11-25 03:54 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.

#12 jbjax99

jbjax99
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:11:00 PM

Posted 03 February 2012 - 01:33 PM

Apparently, the snapshot is way too long, so I didn't include it. Here's the end of the log. Just let me know if you need the snapshot as well. It'll probably take a few replies for that.

.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoniqueQuickStart"="c:\program files\Sonique\sqstart.exe" [2004-03-27 44832]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-12-06 50688]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-06-06 180269]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-04-04 188416]
"HPHmon04"="c:\windows\system32\hphmon04.exe" [2002-04-04 335872]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
c:\documents and settings\Jason\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2004-9-21 225280]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"SpecifyDefaultButtons"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 17:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Sonique\\Sonique.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R1 aswSnx;aswSnx;c:\windows\SYSTEM32\DRIVERS\aswSnx.sys [11/24/2011 10:52 PM 435032]
R1 aswSP;aswSP;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [7/23/2009 4:11 PM 314456]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [6/23/2009 11:01 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [6/23/2009 11:01 AM 72944]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [1/8/2010 12:51 AM 380928]
R2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [7/23/2009 4:11 PM 20568]
S3 LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter;c:\windows\SYSTEM32\DRIVERS\lne100v5.sys [9/3/2004 1:40 PM 36224]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [6/23/2009 11:01 AM 7408]
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]
.
2004-03-23 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\System32\OOBE\OOBEBALN.EXE [2002-08-29 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.gmail.com/
mStart Page = hxxp://www.comcast.net/
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Connection Wizard,ShellNext = iexplore
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
DPF: Web-Based Email Tools - hxxp://email02.secureserver.net/Download.CAB
FF - ProfilePath - c:\documents and settings\Jason\Application Data\Mozilla\Firefox\Profiles\1pum1tez.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SearchSettings - c:\program files\Search Settings\SearchSettings.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-03 13:17
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(540)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\igfxdev.dll
.
Completion time: 2012-02-03 13:22:54
ComboFix-quarantined-files.txt 2012-02-03 18:22
ComboFix2.txt 2009-07-29 20:41
ComboFix3.txt 2009-07-25 20:55
ComboFix4.txt 2009-07-24 19:28
.
Pre-Run: 94,665,646,080 bytes free
Post-Run: 95,439,978,496 bytes free
.
- - End Of File - - 5CE7623513828A4E3D30EB7192A50D92

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:00 AM

Posted 03 February 2012 - 03:17 PM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:00 AM

Posted 05 February 2012 - 11:17 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 jbjax99

jbjax99
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:11:00 PM

Posted 06 February 2012 - 02:14 PM

Hi Gringo,

I'm here, just away from the computer all weekend. Here's the new combofix log:

ComboFix 12-02-03.02 - Jason 02/06/2012 13:56:43.5.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.638.335 [GMT -5:00]
Running from: c:\documents and settings\Jason\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Jason\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-01-06 to 2012-02-06 )))))))))))))))))))))))))))))))
.
.
2012-02-02 20:26 . 2012-02-02 20:26 -------- d-----w- C:\TDSSKiller_Quarantine
2012-01-31 15:19 . 2012-01-31 15:19 -------- d-----w- C:\_OTL
2012-01-23 21:03 . 2012-01-23 21:03 -------- d-----w- c:\documents and settings\Jason\Local Settings\Application Data\PCHealth
2012-01-20 14:29 . 2012-01-20 14:29 -------- d-----w- c:\windows\system32\wbem\Repository
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-12 14:27 . 2011-12-12 14:27 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-28 18:01 . 2010-11-23 18:09 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 18:01 . 2009-07-23 21:11 199816 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-28 17:53 . 2011-11-25 03:52 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2009-07-23 21:11 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:52 . 2009-07-23 21:11 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2009-07-23 21:11 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2009-07-23 21:11 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-11-28 17:51 . 2009-07-23 21:11 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-11-28 17:51 . 2009-07-23 21:11 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-28 17:48 . 2009-07-23 21:11 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-11-25 21:57 . 2002-08-29 11:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2002-08-29 11:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2002-08-29 11:00 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2004-07-18 05:52 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2002-08-29 11:00 152064 ----a-w- c:\windows\system32\schannel.dll
2010-02-02 13:10 . 2010-02-02 13:10 453024 ----a-w- c:\program files\setup.exe
2010-02-02 13:09 . 2010-02-02 13:09 10177536 ----a-w- c:\program files\openofficeorg32.msi
2007-12-31 12:02 . 2007-12-30 11:36 524288 ----a-w- c:\program files\daedalus.exe
2006-05-05 01:05 . 2006-01-09 03:03 36465208 ----a-w- c:\program files\iTunesSetup.exe
2006-01-26 02:14 . 2006-01-26 02:14 14795136 ----a-w- c:\program files\DivXPlay.exe
2006-01-03 01:36 . 2006-01-03 01:36 1591163 ----a-w- c:\program files\ConTEXTsetup.exe
2005-11-08 04:41 . 2005-11-08 04:41 8715352 ----a-w- c:\program files\Install_AIM.exe
2005-10-23 21:25 . 2005-10-23 21:25 4878136 ----a-w- c:\program files\Firefox Setup 1.0.7.exe
2005-10-23 21:16 . 2005-10-23 21:16 2560240 ----a-w- c:\program files\spywareblastersetup34.exe
2005-10-21 01:23 . 2005-10-21 01:23 72418 ----a-w- c:\program files\VundoFix.exe
2005-10-03 16:56 . 2005-10-03 16:56 323584 ----a-w- c:\program files\cleanup.exe
2005-06-30 00:02 . 2005-06-30 00:01 1071555 ----a-w- c:\program files\7z423.exe
2005-02-21 05:11 . 2005-02-21 05:10 487536 ----a-w- c:\program files\msgr6suite.exe
2004-10-28 01:20 . 2004-10-28 01:20 116384 ----a-w- c:\program files\Download Paint Shop Pro 9 now.exe
2004-09-10 03:25 . 2004-09-10 03:25 12652784 ----a-w- c:\program files\mp10setup.exe
2004-07-25 00:18 . 2004-07-25 00:18 10135688 ----a-w- c:\program files\MPSetupXP.exe
2004-05-23 15:28 . 2004-05-23 15:28 56296 ----a-w- c:\program files\isearchuninstall.exe
2004-04-06 23:28 . 2004-04-06 23:27 9143000 ----a-w- c:\program files\AdbeRdr60_enu.exe
2004-03-27 16:45 . 2004-03-27 16:45 2761301 ----a-w- c:\program files\sonique196.exe
2004-03-27 16:39 . 2004-03-27 16:39 770048 ----a-w- c:\program files\winmx331.exe
2011-11-21 04:04 . 2011-11-25 03:54 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-02-03_18.17.55 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-03 18:38 . 2012-02-03 18:38 16384 c:\windows\Temp\Perflib_Perfdata_3d0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoniqueQuickStart"="c:\program files\Sonique\sqstart.exe" [2004-03-27 44832]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-12-06 50688]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-06-06 180269]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-04-04 188416]
"HPHmon04"="c:\windows\system32\hphmon04.exe" [2002-04-04 335872]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
c:\documents and settings\Jason\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2004-9-21 225280]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"SpecifyDefaultButtons"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 17:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Sonique\\Sonique.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R1 aswSnx;aswSnx;c:\windows\SYSTEM32\DRIVERS\aswSnx.sys [11/24/2011 10:52 PM 435032]
R1 aswSP;aswSP;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [7/23/2009 4:11 PM 314456]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [6/23/2009 11:01 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [6/23/2009 11:01 AM 72944]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [1/8/2010 12:51 AM 380928]
R2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [7/23/2009 4:11 PM 20568]
S3 LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter;c:\windows\SYSTEM32\DRIVERS\lne100v5.sys [9/3/2004 1:40 PM 36224]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [6/23/2009 11:01 AM 7408]
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]
.
2004-03-23 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\System32\OOBE\OOBEBALN.EXE [2002-08-29 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.gmail.com/
mStart Page = hxxp://www.comcast.net/
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Connection Wizard,ShellNext = iexplore
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
DPF: Web-Based Email Tools - hxxp://email02.secureserver.net/Download.CAB
FF - ProfilePath - c:\documents and settings\Jason\Application Data\Mozilla\Firefox\Profiles\1pum1tez.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-06 14:09
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(540)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\igfxdev.dll
.
- - - - - - - > 'explorer.exe'(3712)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-02-06 14:14:45
ComboFix-quarantined-files.txt 2012-02-06 19:14
ComboFix2.txt 2012-02-03 18:22
ComboFix3.txt 2009-07-29 20:41
ComboFix4.txt 2009-07-25 20:55
ComboFix5.txt 2012-02-06 18:54
.
Pre-Run: 95,347,929,088 bytes free
Post-Run: 95,346,122,752 bytes free
.
- - End Of File - - B072DB84D26379D9A4499777A6304F73




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users